From 265cf8e312723e688f4dbc8e4d90e0eae5445c97 Mon Sep 17 00:00:00 2001 From: lloyd Date: Thu, 19 Jan 2012 18:14:20 +0000 Subject: Kinda maybe working TLS 1.2 for clients. Not well tested at all, but a basic connection with a GnuTLS server does work. Currently we don't respect the signature_algorithms extension at all, and using SHA-256 with a 12-byte finished value is hardcoded though the spec is that it can depend on the ciphersuite (likely relevant for GOST ciphersuites in particular). --- src/kdf/prf_tls/info.txt | 1 + 1 file changed, 1 insertion(+) (limited to 'src/kdf/prf_tls') diff --git a/src/kdf/prf_tls/info.txt b/src/kdf/prf_tls/info.txt index 9531a6a83..113c92251 100644 --- a/src/kdf/prf_tls/info.txt +++ b/src/kdf/prf_tls/info.txt @@ -1,4 +1,5 @@ define TLS_V10_PRF +define TLS_V12_PRF hmac -- cgit v1.2.3 From 64b89f78ef04d2a36d01c7f6b61fc9871396fb0b Mon Sep 17 00:00:00 2001 From: lloyd Date: Fri, 20 Jan 2012 21:57:01 +0000 Subject: Increase the max key length of HMAC to 512 bytes. Previously we would run into trouble in the TLS PRF with large pre-master secrets. This especially crops up in TLS 1.2 as there the entire pre master secret is fed to a single PRF (in earlier verions it is split in half). A limit of 512 bytes allows a DH group up to 4096 bits which seems good enough for now. Also catch Invalid_Key_Length in the TLS PRF and throw an exception that makes more sense - initially I was completely thrown off by the HMAC key length exception, and it took me a while to figure it out. Someone else looking at this the first time a server sends a 8192 bit DH group would be even more confused. --- src/kdf/prf_tls/prf_tls.cpp | 9 ++++++++- src/mac/hmac/hmac.h | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'src/kdf/prf_tls') diff --git a/src/kdf/prf_tls/prf_tls.cpp b/src/kdf/prf_tls/prf_tls.cpp index 2b57cdd25..55d72bea4 100644 --- a/src/kdf/prf_tls/prf_tls.cpp +++ b/src/kdf/prf_tls/prf_tls.cpp @@ -23,7 +23,14 @@ void P_hash(MemoryRegion& output, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) { - mac->set_key(secret, secret_len); + try + { + mac->set_key(secret, secret_len); + } + catch(Invalid_Key_Length) + { + throw Internal_Error("The premaster secret is too long for the PRF"); + } SecureVector A(seed, seed_len); diff --git a/src/mac/hmac/hmac.h b/src/mac/hmac/hmac.h index b76a058f4..9de1bc7b5 100644 --- a/src/mac/hmac/hmac.h +++ b/src/mac/hmac/hmac.h @@ -27,7 +27,7 @@ class BOTAN_DLL HMAC : public MessageAuthenticationCode Key_Length_Specification key_spec() const { - return Key_Length_Specification(0, 2*hash->hash_block_size()); + return Key_Length_Specification(0, 512); } /** -- cgit v1.2.3 From 5ccc1b53e9f20ba3d074e68844285d15b5a00912 Mon Sep 17 00:00:00 2001 From: lloyd Date: Fri, 20 Jan 2012 22:14:50 +0000 Subject: Report the length of the pre master secret. Who knows if when this happens it'll be reproductible, etc, might as well have the information immediately. --- src/kdf/prf_tls/prf_tls.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/kdf/prf_tls') diff --git a/src/kdf/prf_tls/prf_tls.cpp b/src/kdf/prf_tls/prf_tls.cpp index 55d72bea4..3790650b0 100644 --- a/src/kdf/prf_tls/prf_tls.cpp +++ b/src/kdf/prf_tls/prf_tls.cpp @@ -29,7 +29,8 @@ void P_hash(MemoryRegion& output, } catch(Invalid_Key_Length) { - throw Internal_Error("The premaster secret is too long for the PRF"); + throw Internal_Error("The premaster secret of " + to_string(secret_len) + + " bytes is too long for the PRF"); } SecureVector A(seed, seed_len); -- cgit v1.2.3 From 7fb2de6b49d8bf42ede7b4dfda7c358bb67e5c9f Mon Sep 17 00:00:00 2001 From: lloyd Date: Mon, 20 Feb 2012 18:33:49 +0000 Subject: Merge fixups. Add locking to default session manager. Use chrono lib and unique_ptr. --- src/asn1/ber_dec.cpp | 8 ++++---- src/benchmark/benchmark.cpp | 2 +- src/benchmark/benchmark.h | 4 +++- src/build-data/cc/gcc.txt | 2 +- src/kdf/prf_tls/prf_tls.cpp | 3 ++- src/tls/c_hello.cpp | 7 +++++-- src/tls/c_kex.cpp | 5 +++-- src/tls/finished.cpp | 2 +- src/tls/rec_read.cpp | 2 +- src/tls/rec_wri.cpp | 6 +++--- src/tls/s_kex.cpp | 6 +++--- src/tls/tls_alert.cpp | 4 ++-- src/tls/tls_channel.cpp | 8 ++++---- src/tls/tls_channel.h | 10 +++++----- src/tls/tls_ciphersuite.cpp | 2 +- src/tls/tls_client.cpp | 10 +++++----- src/tls/tls_client.h | 20 ++++++++++---------- src/tls/tls_extensions.cpp | 2 +- src/tls/tls_handshake_hash.cpp | 6 +++--- src/tls/tls_handshake_state.cpp | 6 +++--- src/tls/tls_handshake_state.h | 17 ++--------------- src/tls/tls_reader.h | 4 ++-- src/tls/tls_record.h | 2 +- src/tls/tls_server.cpp | 6 +++--- src/tls/tls_server.h | 18 +++++++++--------- src/tls/tls_session.cpp | 9 ++++++--- src/tls/tls_session.h | 8 +++++--- src/tls/tls_session_key.cpp | 2 +- src/tls/tls_session_manager.cpp | 24 +++++++++++++++++------- src/tls/tls_session_manager.h | 11 +++++++---- src/tls/tls_version.cpp | 4 ++-- src/utils/stl_util.h | 1 + 32 files changed, 117 insertions(+), 104 deletions(-) (limited to 'src/kdf/prf_tls') diff --git a/src/asn1/ber_dec.cpp b/src/asn1/ber_dec.cpp index 4d800d471..21a722551 100644 --- a/src/asn1/ber_dec.cpp +++ b/src/asn1/ber_dec.cpp @@ -142,10 +142,10 @@ void BER_Object::assert_is_a(ASN1_Tag type_tag, ASN1_Tag class_tag) { if(this->type_tag != type_tag || this->class_tag != class_tag) throw BER_Decoding_Error("Tag mismatch when decoding got " + - to_string(this->type_tag) + "/" + - to_string(this->class_tag) + " expected " + - to_string(type_tag) + "/" + - to_string(class_tag)); + std::to_string(this->type_tag) + "/" + + std::to_string(this->class_tag) + " expected " + + std::to_string(type_tag) + "/" + + std::to_string(class_tag)); } /* diff --git a/src/benchmark/benchmark.cpp b/src/benchmark/benchmark.cpp index cb5d8bb41..f44aabb1f 100644 --- a/src/benchmark/benchmark.cpp +++ b/src/benchmark/benchmark.cpp @@ -139,7 +139,7 @@ std::map algorithm_benchmark(const std::string& name, Algorithm_Factory& af, RandomNumberGenerator& rng, - u32bit milliseconds, + std::chrono::milliseconds milliseconds, size_t buf_size) { std::vector providers = af.providers_of(name); diff --git a/src/benchmark/benchmark.h b/src/benchmark/benchmark.h index f3e43bd06..17df85e4e 100644 --- a/src/benchmark/benchmark.h +++ b/src/benchmark/benchmark.h @@ -12,6 +12,8 @@ #include #include #include +#include + namespace Botan { /** @@ -27,7 +29,7 @@ std::map BOTAN_DLL algorithm_benchmark(const std::string& name, Algorithm_Factory& af, RandomNumberGenerator& rng, - u32bit milliseconds, + std::chrono::milliseconds milliseconds, size_t buf_size); } diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 4e7536e0f..0c1972bc1 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -8,7 +8,7 @@ add_include_dir_option -I add_lib_dir_option -L add_lib_option -l -lang_flags "-D_REENTRANT -std=c++0x" +lang_flags "-D_REENTRANT -std=c++11" warning_flags "-W -Wall" maintainer_warning_flags "-Werror -Weffc++ -Wall -Wextra -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wold-style-cast" diff --git a/src/kdf/prf_tls/prf_tls.cpp b/src/kdf/prf_tls/prf_tls.cpp index 3790650b0..1236e13c7 100644 --- a/src/kdf/prf_tls/prf_tls.cpp +++ b/src/kdf/prf_tls/prf_tls.cpp @@ -29,7 +29,8 @@ void P_hash(MemoryRegion& output, } catch(Invalid_Key_Length) { - throw Internal_Error("The premaster secret of " + to_string(secret_len) + + throw Internal_Error("The premaster secret of " + + std::to_string(secret_len) + " bytes is too long for the PRF"); } diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp index ecb6f43d6..6743254a5 100644 --- a/src/tls/c_hello.cpp +++ b/src/tls/c_hello.cpp @@ -11,7 +11,7 @@ #include #include #include -#include +#include namespace Botan { @@ -20,7 +20,10 @@ namespace TLS { MemoryVector make_hello_random(RandomNumberGenerator& rng) { MemoryVector buf(32); - const u32bit time32 = system_time(); + + const u32bit time32 = static_cast( + std::chrono::system_clock::to_time_t(std::chrono::system_clock::now())); + store_be(time32, buf); rng.randomize(&buf[4], buf.size() - 4); return buf; diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index 58e458e81..6728b4877 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -146,7 +146,8 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, const std::string name = Supported_Elliptic_Curves::curve_id_to_name(curve_id); if(name == "") - throw Decoding_Error("Server sent unknown named curve " + to_string(curve_id)); + throw Decoding_Error("Server sent unknown named curve " + + std::to_string(curve_id)); EC_Group group(name); @@ -186,7 +187,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, if(peer_certs.empty()) throw Internal_Error("No certificate and no server key exchange"); - std::auto_ptr pub_key(peer_certs[0].subject_public_key()); + std::unique_ptr pub_key(peer_certs[0].subject_public_key()); if(const RSA_PublicKey* rsa_pub = dynamic_cast(pub_key.get())) { diff --git a/src/tls/finished.cpp b/src/tls/finished.cpp index 18cc51b96..b4c9bdc3d 100644 --- a/src/tls/finished.cpp +++ b/src/tls/finished.cpp @@ -46,7 +46,7 @@ MemoryVector finished_compute_verify(Handshake_State* state, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64 }; - std::auto_ptr prf(state->protocol_specific_prf()); + std::unique_ptr prf(state->protocol_specific_prf()); MemoryVector input; if(side == CLIENT) diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp index d1fab4692..bd6ae5af9 100644 --- a/src/tls/rec_read.cpp +++ b/src/tls/rec_read.cpp @@ -219,7 +219,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, m_readbuf[0] != APPLICATION_DATA) { throw Unexpected_Message( - "Unknown record type " + to_string(m_readbuf[0]) + " from counterparty"); + "Unknown record type " + std::to_string(m_readbuf[0]) + " from counterparty"); } const size_t record_len = make_u16bit(m_readbuf[3], m_readbuf[4]); diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp index 602d25397..633b63720 100644 --- a/src/tls/rec_wri.cpp +++ b/src/tls/rec_wri.cpp @@ -21,7 +21,7 @@ namespace TLS { /* * Record_Writer Constructor */ -Record_Writer::Record_Writer(std::tr1::function out) : +Record_Writer::Record_Writer(std::function out) : m_output_fn(out), m_writebuf(TLS_HEADER_SIZE + MAX_CIPHERTEXT_SIZE) { m_mac = 0; @@ -286,8 +286,8 @@ void Record_Writer::send_record(byte type, const byte input[], size_t length) */ void Record_Writer::send_alert(const Alert& alert) { - const byte alert_bits[2] = { alert.is_fatal() ? 2 : 1, - alert.type() }; + const byte alert_bits[2] = { static_cast(alert.is_fatal() ? 2 : 1), + static_cast(alert.type()) }; send(ALERT, alert_bits, sizeof(alert_bits)); } diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp index 6a5cdfa33..945c574b9 100644 --- a/src/tls/s_kex.cpp +++ b/src/tls/s_kex.cpp @@ -46,7 +46,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, if(kex_algo == "DH" || kex_algo == "DHE_PSK") { - std::auto_ptr dh(new DH_PrivateKey(rng, policy.dh_group())); + std::unique_ptr dh(new DH_PrivateKey(rng, policy.dh_group())); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_p()), 2); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_g()), 2); @@ -69,7 +69,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, EC_Group ec_group(curve_name); - std::auto_ptr ecdh(new ECDH_PrivateKey(rng, ec_group)); + std::unique_ptr ecdh(new ECDH_PrivateKey(rng, ec_group)); const std::string ecdh_domain_oid = ecdh->domain().get_oid(); const std::string domain = OIDS::lookup(OID(ecdh_domain_oid)); @@ -159,7 +159,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion& buf, if(name == "") throw Decoding_Error("Server_Key_Exchange: Server sent unknown named curve " + - to_string(curve_id)); + std::to_string(curve_id)); m_params.push_back(curve_type); m_params.push_back(get_byte(0, curve_id)); diff --git a/src/tls/tls_alert.cpp b/src/tls/tls_alert.cpp index b526eeac3..30c51d4c8 100644 --- a/src/tls/tls_alert.cpp +++ b/src/tls/tls_alert.cpp @@ -15,7 +15,7 @@ namespace TLS { Alert::Alert(const MemoryRegion& buf) { if(buf.size() != 2) - throw Decoding_Error("Alert: Bad size " + to_string(buf.size()) + + throw Decoding_Error("Alert: Bad size " + std::to_string(buf.size()) + " for alert message"); if(buf[0] == 1) fatal = false; @@ -106,7 +106,7 @@ std::string Alert::type_string() const * compiler can warn us that it is not included in the switch * statement. */ - return "unrecognized_alert_" + to_string(type()); + return "unrecognized_alert_" + std::to_string(type()); } diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index d737ef237..fa240cc23 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -15,9 +15,9 @@ namespace Botan { namespace TLS { -Channel::Channel(std::tr1::function socket_output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_complete) : +Channel::Channel(std::function socket_output_fn, + std::function proc_fn, + std::function handshake_complete) : proc_fn(proc_fn), handshake_fn(handshake_complete), writer(socket_output_fn), @@ -106,7 +106,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) } else throw Unexpected_Message("Unknown TLS message type " + - to_string(rec_type) + " received"); + std::to_string(rec_type) + " received"); } return 0; // on a record boundary diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index aa171ca4b..c85b32ba0 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -62,9 +62,9 @@ class BOTAN_DLL Channel */ std::vector peer_cert_chain() const { return peer_certs; } - Channel(std::tr1::function socket_output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_complete); + Channel(std::function socket_output_fn, + std::function proc_fn, + std::function handshake_complete); virtual ~Channel(); protected: @@ -85,8 +85,8 @@ class BOTAN_DLL Channel virtual void alert_notify(const Alert& alert) = 0; - std::tr1::function proc_fn; - std::tr1::function handshake_fn; + std::function proc_fn; + std::function handshake_fn; Record_Writer writer; Record_Reader reader; diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp index 82e2cdd28..22815a048 100644 --- a/src/tls/tls_ciphersuite.cpp +++ b/src/tls/tls_ciphersuite.cpp @@ -310,7 +310,7 @@ std::string Ciphersuite::to_string() const if(cipher_algo() == "3DES") out << "3DES_EDE"; if(cipher_algo() == "Camellia") - out << "CAMELLIA_" << Botan::to_string(8*cipher_keylen()); + out << "CAMELLIA_" << std::to_string(8*cipher_keylen()); else out << replace_char(cipher_algo(), '-', '_'); diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index 8b5ea9347..2dd30819f 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -18,15 +18,15 @@ namespace TLS { /* * TLS Client Constructor */ -Client::Client(std::tr1::function output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_fn, +Client::Client(std::function output_fn, + std::function proc_fn, + std::function handshake_fn, Session_Manager& session_manager, Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng, const std::string& hostname, - std::tr1::function)> next_protocol) : + std::function)> next_protocol) : Channel(output_fn, proc_fn, handshake_fn), policy(policy), rng(rng), @@ -274,7 +274,7 @@ void Client::process_handshake_msg(Handshake_Type type, throw TLS_Exception(Alert::BAD_CERTIFICATE, e.what()); } - std::auto_ptr peer_key(peer_certs[0].subject_public_key()); + std::unique_ptr peer_key(peer_certs[0].subject_public_key()); if(peer_key->algo_name() != state->suite.sig_algo()) throw TLS_Exception(Alert::ILLEGAL_PARAMETER, diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h index f5528f4c1..cd972fa28 100644 --- a/src/tls/tls_client.h +++ b/src/tls/tls_client.h @@ -42,16 +42,16 @@ class BOTAN_DLL Client : public Channel * called with the list of protocols the server advertised; * the client should return the protocol it would like to use. */ - Client(std::tr1::function socket_output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_complete, - Session_Manager& session_manager, - Credentials_Manager& creds, - const Policy& policy, - RandomNumberGenerator& rng, - const std::string& servername = "", - std::tr1::function)> next_protocol = - std::tr1::function)>()); + Client(std::function socket_output_fn, + std::function proc_fn, + std::function handshake_complete, + Session_Manager& session_manager, + Credentials_Manager& creds, + const Policy& policy, + RandomNumberGenerator& rng, + const std::string& servername = "", + std::function)> next_protocol = + std::function)>()); void renegotiate(); private: diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp index 5d345cc9b..7162dcf40 100644 --- a/src/tls/tls_extensions.cpp +++ b/src/tls/tls_extensions.cpp @@ -239,7 +239,7 @@ Maximum_Fragment_Length::Maximum_Fragment_Length(size_t max_fragment) else if(max_fragment == 4096) val = 4; else - throw std::invalid_argument("Bad setting " + to_string(max_fragment) + + throw std::invalid_argument("Bad setting " + std::to_string(max_fragment) + " for maximum fragment size"); } diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp index 61295a95c..a9bd8dccf 100644 --- a/src/tls/tls_handshake_hash.cpp +++ b/src/tls/tls_handshake_hash.cpp @@ -35,7 +35,7 @@ SecureVector Handshake_Hash::final(Protocol_Version version, { Algorithm_Factory& af = global_state().algorithm_factory(); - std::auto_ptr hash; + std::unique_ptr hash; if(version == Protocol_Version::TLS_V10 || version == Protocol_Version::TLS_V11) { @@ -65,8 +65,8 @@ SecureVector Handshake_Hash::final_ssl3(const MemoryRegion& secret) Algorithm_Factory& af = global_state().algorithm_factory(); - std::auto_ptr md5(af.make_hash_function("MD5")); - std::auto_ptr sha1(af.make_hash_function("SHA-1")); + std::unique_ptr md5(af.make_hash_function("MD5")); + std::unique_ptr sha1(af.make_hash_function("SHA-1")); md5->update(data); sha1->update(data); diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index 9087031b6..86e6e0b55 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -65,7 +65,7 @@ u32bit bitmask_for_handshake_type(Handshake_Type type) return 0; default: - throw Internal_Error("Unknown handshake type " + to_string(type)); + throw Internal_Error("Unknown handshake type " + std::to_string(type)); } return 0; @@ -110,8 +110,8 @@ void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) if(!ok) throw Unexpected_Message("Unexpected state transition in handshake, got " + - to_string(handshake_msg) + " mask is " + - to_string(hand_expecting_mask)); + std::to_string(handshake_msg) + " mask is " + + std::to_string(hand_expecting_mask)); /* We don't know what to expect next, so force a call to set_expected_next; if it doesn't happen, the next transition diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h index 5be5c3620..4e1cb2f25 100644 --- a/src/tls/tls_handshake_state.h +++ b/src/tls/tls_handshake_state.h @@ -15,20 +15,7 @@ #include #include - -#if defined(BOTAN_USE_STD_TR1) - -#if defined(BOTAN_BUILD_COMPILER_IS_MSVC) - #include -#else - #include -#endif - -#elif defined(BOTAN_USE_BOOST_TR1) - #include -#else - #error "No TR1 library defined for use" -#endif +#include namespace Botan { @@ -99,7 +86,7 @@ class Handshake_State /** * Used by client using NPN */ - std::tr1::function)> client_npn_cb; + std::function)> client_npn_cb; private: u32bit hand_expecting_mask, hand_received_mask; diff --git a/src/tls/tls_reader.h b/src/tls/tls_reader.h index 162f691aa..8c2e9efe2 100644 --- a/src/tls/tls_reader.h +++ b/src/tls/tls_reader.h @@ -154,8 +154,8 @@ class TLS_Data_Reader { if(buf.size() - offset < n) { - throw Decoding_Error("TLS_Data_Reader: Expected " + to_string(n) + - " bytes remaining, only " + to_string(buf.size()-offset) + + throw Decoding_Error("TLS_Data_Reader: Expected " + std::to_string(n) + + " bytes remaining, only " + std::to_string(buf.size()-offset) + " left"); } } diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h index f91cb6fe2..6634810df 100644 --- a/src/tls/tls_record.h +++ b/src/tls/tls_record.h @@ -55,7 +55,7 @@ class BOTAN_DLL Record_Writer void send_record(byte type, const byte input[], size_t length); - std::tr1::function m_output_fn; + std::function m_output_fn; MemoryVector m_writebuf; diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index a7857edf3..129d5346d 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -87,9 +87,9 @@ get_server_certs(const std::string& hostname, /* * TLS Server Constructor */ -Server::Server(std::tr1::function output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_fn, +Server::Server(std::function output_fn, + std::function proc_fn, + std::function handshake_fn, Session_Manager& session_manager, Credentials_Manager& creds, const Policy& policy, diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h index bb385e420..a90982066 100644 --- a/src/tls/tls_server.h +++ b/src/tls/tls_server.h @@ -26,15 +26,15 @@ class BOTAN_DLL Server : public Channel /** * Server initialization */ - Server(std::tr1::function socket_output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_complete, - Session_Manager& session_manager, - Credentials_Manager& creds, - const Policy& policy, - RandomNumberGenerator& rng, - const std::vector& protocols = - std::vector()); + Server(std::function socket_output_fn, + std::function proc_fn, + std::function handshake_complete, + Session_Manager& session_manager, + Credentials_Manager& creds, + const Policy& policy, + RandomNumberGenerator& rng, + const std::vector& protocols = + std::vector()); void renegotiate(); diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp index 2e25a8ab3..6a485fd44 100644 --- a/src/tls/tls_session.cpp +++ b/src/tls/tls_session.cpp @@ -27,7 +27,7 @@ Session::Session(const MemoryRegion& session_identifier, const std::vector& certs, const std::string& sni_hostname, const std::string& srp_identifier) : - m_start_time(system_time()), + m_start_time(std::chrono::system_clock::now()), m_identifier(session_identifier), m_master_secret(master_secret), m_version(version), @@ -54,12 +54,14 @@ Session::Session(const byte ber[], size_t ber_len) MemoryVector peer_cert_bits; + size_t start_time = 0; + BER_Decoder(ber, ber_len) .start_cons(SEQUENCE) .decode_and_check(static_cast(TLS_SESSION_PARAM_STRUCT_VERSION), "Unknown version in session structure") .decode(m_identifier, OCTET_STRING) - .decode_integer_type(m_start_time) + .decode_integer_type(start_time) .decode_integer_type(major_version) .decode_integer_type(minor_version) .decode_integer_type(m_ciphersuite) @@ -75,6 +77,7 @@ Session::Session(const byte ber[], size_t ber_len) .verify_end(); m_version = Protocol_Version(major_version, minor_version); + m_start_time = std::chrono::system_clock::from_time_t(start_time); m_sni_hostname = sni_hostname_str.value(); m_srp_identifier = srp_identifier_str.value(); m_connection_side = static_cast(side_code); @@ -105,7 +108,7 @@ SecureVector Session::DER_encode() const .start_cons(SEQUENCE) .encode(static_cast(TLS_SESSION_PARAM_STRUCT_VERSION)) .encode(m_identifier, OCTET_STRING) - .encode(static_cast(m_start_time)) + .encode(static_cast(std::chrono::system_clock::to_time_t(m_start_time))) .encode(static_cast(m_version.major_version())) .encode(static_cast(m_version.minor_version())) .encode(static_cast(m_ciphersuite)) diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h index 96b6d6daf..82c202ebe 100644 --- a/src/tls/tls_session.h +++ b/src/tls/tls_session.h @@ -13,6 +13,7 @@ #include #include #include +#include namespace Botan { @@ -29,7 +30,7 @@ class BOTAN_DLL Session * Uninitialized session */ Session() : - m_start_time(0), + m_start_time(std::chrono::system_clock::time_point::min()), m_version(), m_ciphersuite(0), m_compression_method(0), @@ -144,12 +145,13 @@ class BOTAN_DLL Session /** * Get the time this session began (seconds since Epoch) */ - u64bit start_time() const { return m_start_time; } + std::chrono::system_clock::time_point start_time() const + { return m_start_time; } private: enum { TLS_SESSION_PARAM_STRUCT_VERSION = 1 }; - u64bit m_start_time; + std::chrono::system_clock::time_point m_start_time; MemoryVector m_identifier; SecureVector m_master_secret; diff --git a/src/tls/tls_session_key.cpp b/src/tls/tls_session_key.cpp index 83ac7540b..0f520d140 100644 --- a/src/tls/tls_session_key.cpp +++ b/src/tls/tls_session_key.cpp @@ -37,7 +37,7 @@ Session_Keys::Session_Keys(Handshake_State* state, const byte KEY_GEN_MAGIC[] = { 0x6B, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6E, 0x73, 0x69, 0x6F, 0x6E }; - std::auto_ptr prf(state->protocol_specific_prf()); + std::unique_ptr prf(state->protocol_specific_prf()); if(resuming) { diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp index 59fc75b9f..4c6bc1a47 100644 --- a/src/tls/tls_session_manager.cpp +++ b/src/tls/tls_session_manager.cpp @@ -7,7 +7,7 @@ #include #include -#include +#include namespace Botan { @@ -16,13 +16,16 @@ namespace TLS { bool Session_Manager_In_Memory::load_from_session_str( const std::string& session_str, Session& session) { - std::map::iterator i = sessions.find(session_str); + // assert(lock is held) + + auto i = sessions.find(session_str); if(i == sessions.end()) return false; - // session has expired, remove it - const u64bit now = system_time(); + // if session has expired, remove it + const auto now = std::chrono::system_clock::now(); + if(i->second.start_time() + session_lifetime < now) { sessions.erase(i); @@ -36,16 +39,20 @@ bool Session_Manager_In_Memory::load_from_session_str( bool Session_Manager_In_Memory::load_from_session_id( const MemoryRegion& session_id, Session& session) { + std::lock_guard lock(mutex); + return load_from_session_str(hex_encode(session_id), session); } bool Session_Manager_In_Memory::load_from_host_info( const std::string& hostname, u16bit port, Session& session) { + std::lock_guard lock(mutex); + std::map::iterator i; if(port > 0) - i = host_sessions.find(hostname + ":" + to_string(port)); + i = host_sessions.find(hostname + ":" + std::to_string(port)); else i = host_sessions.find(hostname); @@ -64,8 +71,9 @@ bool Session_Manager_In_Memory::load_from_host_info( void Session_Manager_In_Memory::remove_entry( const MemoryRegion& session_id) { - std::map::iterator i = - sessions.find(hex_encode(session_id)); + std::lock_guard lock(mutex); + + auto i = sessions.find(hex_encode(session_id)); if(i != sessions.end()) sessions.erase(i); @@ -73,6 +81,8 @@ void Session_Manager_In_Memory::remove_entry( void Session_Manager_In_Memory::save(const Session& session) { + std::lock_guard lock(mutex); + if(max_sessions != 0) { /* diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h index c25fecac4..4152f2392 100644 --- a/src/tls/tls_session_manager.h +++ b/src/tls/tls_session_manager.h @@ -9,6 +9,8 @@ #define TLS_SESSION_MANAGER_H__ #include +#include +#include #include namespace Botan { @@ -69,8 +71,6 @@ class BOTAN_DLL Session_Manager /** * A simple implementation of Session_Manager that just saves * values in memory, with no persistance abilities -* -* @todo add locking */ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager { @@ -82,7 +82,7 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager * seconds have elapsed from initial handshake. */ Session_Manager_In_Memory(size_t max_sessions = 1000, - size_t session_lifetime = 7200) : + std::chrono::seconds session_lifetime = std::chrono::seconds(7200)) : max_sessions(max_sessions), session_lifetime(session_lifetime) {} @@ -101,7 +101,10 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager bool load_from_session_str(const std::string& session_str, Session& session); - size_t max_sessions, session_lifetime; + std::mutex mutex; + + size_t max_sessions; + std::chrono::seconds session_lifetime; std::map sessions; // hex(session_id) -> session std::map host_sessions; diff --git a/src/tls/tls_version.cpp b/src/tls/tls_version.cpp index 4445998eb..82dce0be9 100644 --- a/src/tls/tls_version.cpp +++ b/src/tls/tls_version.cpp @@ -19,13 +19,13 @@ std::string Protocol_Version::to_string() const // Some very new or very old protocol? if(maj != 3) - return "Protocol " + Botan::to_string(maj) + "." + Botan::to_string(min); + return "Protocol " + std::to_string(maj) + "." + std::to_string(min); if(maj == 3 && min == 0) return "SSL v3"; // The TLS v1.[0123...] case - return "TLS v1." + Botan::to_string(min-1); + return "TLS v1." + std::to_string(min-1); } } diff --git a/src/utils/stl_util.h b/src/utils/stl_util.h index c681ef8c9..1a62e8fe7 100644 --- a/src/utils/stl_util.h +++ b/src/utils/stl_util.h @@ -8,6 +8,7 @@ #ifndef BOTAN_STL_UTIL_H__ #define BOTAN_STL_UTIL_H__ +#include #include namespace Botan { -- cgit v1.2.3 From c691561f3198f481c13457433efbccc1c9fcd898 Mon Sep 17 00:00:00 2001 From: lloyd Date: Fri, 18 May 2012 20:32:36 +0000 Subject: Fairly huge update that replaces the old secmem types with std::vector using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed. --- checks/common.h | 4 +- checks/cvc_tests.cpp | 30 +- checks/dolook.cpp | 10 +- checks/ec_tests.cpp | 118 +++---- checks/ecdh.cpp | 4 +- checks/ecdsa.cpp | 36 +-- checks/pk.cpp | 58 ++-- checks/pk_bench.cpp | 8 +- checks/validate.cpp | 8 +- checks/x509.cpp | 2 +- doc/examples/GNUmakefile | 4 +- doc/examples/asn1.cpp | 10 +- doc/examples/bzip.cpp | 15 +- doc/examples/credentials.h | 2 +- doc/examples/decrypt.cpp | 6 +- doc/examples/dh.cpp | 4 +- doc/examples/dsa_ver.cpp | 4 +- doc/examples/ecdsa.cpp | 2 +- doc/examples/encrypt.cpp | 6 +- doc/examples/encrypt2.cpp | 10 +- doc/examples/fpe.cpp | 6 +- doc/examples/keywrap.cpp | 4 +- doc/examples/new_engine.cpp | 2 +- doc/examples/pqg_gen.cpp | 6 +- doc/examples/read_ssh.cpp | 2 +- doc/examples/rng_test.cpp | 8 +- doc/examples/row_encryptor.cpp | 20 +- doc/examples/rsa_dec.cpp | 8 +- doc/examples/rsa_enc.cpp | 14 +- doc/examples/tls_client.cpp | 2 +- doc/examples/tss.cpp | 2 +- src/algo_base/buf_comp.h | 31 +- src/algo_base/symkey.cpp | 11 +- src/algo_base/symkey.h | 14 +- src/alloc/alloc_mmap/info.txt | 28 -- src/alloc/alloc_mmap/mmap_mem.cpp | 145 --------- src/alloc/alloc_mmap/mmap_mem.h | 32 -- src/alloc/allocate.h | 65 ---- src/alloc/info.txt | 1 - src/alloc/mem_pool/info.txt | 8 - src/alloc/mem_pool/mem_pool.cpp | 251 --------------- src/alloc/mem_pool/mem_pool.h | 74 ----- src/alloc/secmem.h | 411 ++++-------------------- src/alloc/system_alloc/defalloc.cpp | 103 ------ src/alloc/system_alloc/defalloc.h | 41 --- src/alloc/system_alloc/info.txt | 13 - src/asn1/alg_id.cpp | 4 +- src/asn1/alg_id.h | 6 +- src/asn1/asn1_att.cpp | 4 +- src/asn1/asn1_int.cpp | 4 +- src/asn1/asn1_int.h | 4 +- src/asn1/asn1_obj.h | 6 +- src/asn1/asn1_oid.cpp | 2 +- src/asn1/ber_dec.cpp | 85 ++++- src/asn1/ber_dec.h | 26 +- src/asn1/der_enc.cpp | 69 ++-- src/asn1/der_enc.h | 37 ++- src/asn1/x509_dn.cpp | 4 +- src/asn1/x509_dn.h | 4 +- src/block/aes/aes.cpp | 18 +- src/block/aes/aes.h | 12 +- src/block/aes_ni/aes_ni.h | 6 +- src/block/aes_ssse3/aes_ssse3.h | 6 +- src/block/block_cipher.h | 44 +++ src/block/blowfish/blowfish.cpp | 2 +- src/block/blowfish/blowfish.h | 6 +- src/block/camellia/camellia.cpp | 6 +- src/block/camellia/camellia.h | 6 +- src/block/cast/cast128.cpp | 8 +- src/block/cast/cast128.h | 6 +- src/block/cast/cast256.cpp | 2 +- src/block/cast/cast256.h | 4 +- src/block/des/des.h | 4 +- src/block/des/desx.h | 2 +- src/block/gost_28147/gost_28147.h | 6 +- src/block/idea/idea.h | 6 +- src/block/kasumi/kasumi.cpp | 2 +- src/block/kasumi/kasumi.h | 2 +- src/block/lion/lion.cpp | 4 +- src/block/lion/lion.h | 2 +- src/block/lubyrack/lubyrack.cpp | 4 +- src/block/lubyrack/lubyrack.h | 2 +- src/block/mars/mars.cpp | 2 +- src/block/mars/mars.h | 2 +- src/block/misty1/misty1.cpp | 2 +- src/block/misty1/misty1.h | 2 +- src/block/noekeon/noekeon.h | 6 +- src/block/noekeon_simd/noekeon_simd.cpp | 4 +- src/block/rc2/rc2.cpp | 2 +- src/block/rc2/rc2.h | 2 +- src/block/rc5/rc5.cpp | 2 +- src/block/rc5/rc5.h | 2 +- src/block/rc6/rc6.cpp | 2 +- src/block/rc6/rc6.h | 2 +- src/block/safer/safer_sk.cpp | 2 +- src/block/safer/safer_sk.h | 2 +- src/block/seed/seed.cpp | 2 +- src/block/seed/seed.h | 2 +- src/block/serpent/serpent.cpp | 2 +- src/block/serpent/serpent.h | 4 +- src/block/serpent_x86_32/serp_x86_32.cpp | 2 +- src/block/skipjack/skipjack.h | 2 +- src/block/square/square.cpp | 2 +- src/block/square/square.h | 4 +- src/block/tea/tea.h | 2 +- src/block/twofish/twofish.cpp | 2 +- src/block/twofish/twofish.h | 2 +- src/block/xtea/xtea.cpp | 2 +- src/block/xtea/xtea.h | 4 +- src/build-data/cc/gcc.txt | 2 +- src/cert/certstore/certstor.cpp | 8 +- src/cert/certstore/certstor.h | 8 +- src/cert/cvc/asn1_eac_tm.cpp | 8 +- src/cert/cvc/cvc_ado.cpp | 22 +- src/cert/cvc/cvc_ado.h | 8 +- src/cert/cvc/cvc_cert.cpp | 16 +- src/cert/cvc/cvc_cert.h | 4 +- src/cert/cvc/cvc_gen_cert.h | 28 +- src/cert/cvc/cvc_req.cpp | 2 +- src/cert/cvc/cvc_self.cpp | 20 +- src/cert/cvc/eac_asn_obj.h | 2 +- src/cert/cvc/eac_obj.h | 2 +- src/cert/cvc/ecdsa_sig.cpp | 14 +- src/cert/cvc/ecdsa_sig.h | 8 +- src/cert/cvc/signed_obj.cpp | 6 +- src/cert/cvc/signed_obj.h | 10 +- src/cert/pkcs10/pkcs10.cpp | 15 +- src/cert/pkcs10/pkcs10.h | 8 +- src/cert/x509ca/x509_ca.cpp | 92 +++--- src/cert/x509ca/x509_ca.h | 2 +- src/cert/x509cert/x509_ext.cpp | 60 ++-- src/cert/x509cert/x509_ext.h | 52 +-- src/cert/x509cert/x509_obj.cpp | 25 +- src/cert/x509cert/x509_obj.h | 18 +- src/cert/x509cert/x509cert.cpp | 20 +- src/cert/x509cert/x509cert.h | 9 +- src/cert/x509crl/crl_ent.h | 4 +- src/cert/x509crl/x509_crl.cpp | 8 +- src/cert/x509crl/x509_crl.h | 12 +- src/cert/x509self/x509self.cpp | 19 +- src/cert/x509store/x509stor.cpp | 16 +- src/cert/x509store/x509stor.h | 4 +- src/cms/cms_algo.cpp | 14 +- src/cms/cms_comp.cpp | 4 +- src/cms/cms_dalg.cpp | 10 +- src/cms/cms_dec.h | 2 +- src/cms/cms_ealg.cpp | 14 +- src/cms/cms_enc.cpp | 4 +- src/cms/cms_enc.h | 12 +- src/codec/base64/base64.cpp | 11 +- src/codec/base64/base64.h | 10 +- src/codec/hex/hex.cpp | 12 +- src/codec/hex/hex.h | 14 +- src/codec/openpgp/openpgp.cpp | 4 +- src/codec/openpgp/openpgp.h | 4 +- src/codec/pem/pem.cpp | 21 +- src/codec/pem/pem.h | 31 +- src/constructs/aont/package.cpp | 16 +- src/constructs/cryptobox/cryptobox.cpp | 12 +- src/constructs/fpe_fe1/fpe_fe1.cpp | 18 +- src/constructs/fpe_fe1/fpe_fe1.h | 4 +- src/constructs/rfc3394/rfc3394.cpp | 20 +- src/constructs/rfc3394/rfc3394.h | 4 +- src/constructs/srp6/srp6.cpp | 10 +- src/constructs/srp6/srp6.h | 4 +- src/constructs/srp6/srp6_files.cpp | 4 +- src/constructs/srp6/srp6_files.h | 6 +- src/constructs/tss/tss.cpp | 10 +- src/constructs/tss/tss.h | 4 +- src/credentials/credentials_manager.cpp | 2 +- src/credentials/credentials_manager.h | 2 +- src/engine/gnump/gmp_wrap.h | 2 +- src/engine/gnump/gnump_pk.cpp | 16 +- src/engine/openssl/bn_wrap.cpp | 4 +- src/engine/openssl/bn_wrap.h | 2 +- src/engine/openssl/ossl_bc.cpp | 2 +- src/engine/openssl/ossl_pk.cpp | 16 +- src/entropy/cryptoapi_rng/es_capi.cpp | 2 +- src/entropy/dev_random/dev_random.cpp | 2 +- src/entropy/egd/es_egd.cpp | 2 +- src/entropy/entropy_src.h | 4 +- src/entropy/proc_walk/es_ftw.cpp | 2 +- src/entropy/unix_procs/es_unix.cpp | 2 +- src/filters/algo_filt.cpp | 4 +- src/filters/buf_filt.h | 8 +- src/filters/bzip2/bzip2.h | 4 +- src/filters/codec_filt/b64_filt.h | 4 +- src/filters/codec_filt/hex_filt.h | 4 +- src/filters/data_src.cpp | 24 +- src/filters/data_src.h | 17 +- src/filters/fd_unix/fd_unix.cpp | 4 +- src/filters/filter.h | 20 +- src/filters/filters.h | 2 +- src/filters/modes/cbc/cbc.cpp | 18 +- src/filters/modes/cbc/cbc.h | 4 +- src/filters/modes/cfb/cfb.cpp | 2 +- src/filters/modes/cfb/cfb.h | 4 +- src/filters/modes/cts/cts.cpp | 16 +- src/filters/modes/cts/cts.h | 4 +- src/filters/modes/eax/eax.cpp | 4 +- src/filters/modes/eax/eax.h | 8 +- src/filters/modes/eax/eax_dec.cpp | 4 +- src/filters/modes/ecb/ecb.cpp | 8 +- src/filters/modes/ecb/ecb.h | 4 +- src/filters/modes/xts/xts.cpp | 10 +- src/filters/modes/xts/xts.h | 4 +- src/filters/pipe.cpp | 7 +- src/filters/pipe.h | 26 +- src/filters/pipe_io.cpp | 4 +- src/filters/pipe_rw.cpp | 16 +- src/filters/pk_filts/pk_filts.cpp | 9 +- src/filters/pk_filts/pk_filts.h | 10 +- src/filters/secqueue.cpp | 2 +- src/filters/zlib/zlib.h | 4 +- src/hash/bmw_512/bmw_512.h | 2 +- src/hash/comb4p/comb4p.cpp | 10 +- src/hash/gost_3411/gost_3411.cpp | 4 +- src/hash/gost_3411/gost_3411.h | 2 +- src/hash/has160/has160.h | 2 +- src/hash/keccak/keccak.cpp | 4 +- src/hash/keccak/keccak.h | 2 +- src/hash/md2/md2.h | 2 +- src/hash/md4/md4.h | 4 +- src/hash/md5/md5.h | 4 +- src/hash/mdx_hash/mdx_hash.h | 2 +- src/hash/rmd128/rmd128.h | 2 +- src/hash/rmd160/rmd160.h | 2 +- src/hash/sha1/sha160.h | 4 +- src/hash/sha2_32/sha2_32.cpp | 2 +- src/hash/sha2_32/sha2_32.h | 4 +- src/hash/sha2_64/sha2_64.cpp | 2 +- src/hash/sha2_64/sha2_64.h | 4 +- src/hash/skein/skein_512.cpp | 12 +- src/hash/skein/skein_512.h | 6 +- src/hash/tiger/tiger.cpp | 4 +- src/hash/tiger/tiger.h | 4 +- src/hash/whirlpool/whrlpool.h | 2 +- src/kdf/kdf.cpp | 23 +- src/kdf/kdf.h | 26 +- src/kdf/kdf1/kdf1.cpp | 2 +- src/kdf/kdf1/kdf1.h | 2 +- src/kdf/kdf2/kdf2.cpp | 6 +- src/kdf/kdf2/kdf2.h | 2 +- src/kdf/mgf1/mgf1.cpp | 2 +- src/kdf/prf_ssl3/prf_ssl3.cpp | 6 +- src/kdf/prf_ssl3/prf_ssl3.h | 2 +- src/kdf/prf_tls/prf_tls.cpp | 14 +- src/kdf/prf_tls/prf_tls.h | 4 +- src/kdf/prf_x942/prf_x942.cpp | 10 +- src/kdf/prf_x942/prf_x942.h | 2 +- src/libstate/info.txt | 1 - src/libstate/libstate.cpp | 72 ----- src/libstate/libstate.h | 19 -- src/mac/cbc_mac/cbc_mac.h | 2 +- src/mac/cmac/cmac.cpp | 4 +- src/mac/cmac/cmac.h | 4 +- src/mac/hmac/hmac.cpp | 2 +- src/mac/hmac/hmac.h | 2 +- src/mac/mac.cpp | 2 +- src/mac/ssl3mac/ssl3_mac.h | 2 +- src/mac/x919_mac/x919_mac.cpp | 2 +- src/mac/x919_mac/x919_mac.h | 2 +- src/math/bigint/big_code.cpp | 34 +- src/math/bigint/big_io.cpp | 2 +- src/math/bigint/big_ops2.cpp | 40 +-- src/math/bigint/big_ops3.cpp | 28 +- src/math/bigint/big_rand.cpp | 2 +- src/math/bigint/bigint.cpp | 8 - src/math/bigint/bigint.h | 64 +++- src/math/ec_gfp/point_gfp.cpp | 18 +- src/math/ec_gfp/point_gfp.h | 7 +- src/math/numbertheory/dsa_gen.cpp | 21 +- src/math/numbertheory/make_prm.cpp | 2 +- src/math/numbertheory/mp_numth.cpp | 10 +- src/math/numbertheory/numthry.h | 4 +- src/math/numbertheory/powm_mnt.cpp | 8 +- src/passhash/bcrypt/bcrypt.cpp | 14 +- src/passhash/passhash9/passhash9.cpp | 8 +- src/pbe/pbe.h | 2 +- src/pbe/pbes1/pbes1.cpp | 8 +- src/pbe/pbes1/pbes1.h | 4 +- src/pbe/pbes2/pbes2.cpp | 10 +- src/pbe/pbes2/pbes2.h | 4 +- src/pbkdf/pbkdf1/pbkdf1.cpp | 2 +- src/pbkdf/pbkdf2/pbkdf2.cpp | 8 +- src/pbkdf/pgps2k/pgp_s2k.cpp | 2 +- src/pk_pad/eme.cpp | 8 +- src/pk_pad/eme.h | 12 +- src/pk_pad/eme1/eme1.cpp | 11 +- src/pk_pad/eme1/eme1.h | 6 +- src/pk_pad/eme_pkcs/eme_pkcs.cpp | 8 +- src/pk_pad/eme_pkcs/eme_pkcs.h | 4 +- src/pk_pad/emsa.h | 8 +- src/pk_pad/emsa1/emsa1.cpp | 14 +- src/pk_pad/emsa1/emsa1.h | 6 +- src/pk_pad/emsa1_bsi/emsa1_bsi.cpp | 2 +- src/pk_pad/emsa1_bsi/emsa1_bsi.h | 2 +- src/pk_pad/emsa2/emsa2.cpp | 14 +- src/pk_pad/emsa2/emsa2.h | 8 +- src/pk_pad/emsa3/emsa3.cpp | 22 +- src/pk_pad/emsa3/emsa3.h | 16 +- src/pk_pad/emsa4/emsa4.cpp | 41 +-- src/pk_pad/emsa4/emsa4.h | 6 +- src/pk_pad/emsa_raw/emsa_raw.cpp | 10 +- src/pk_pad/emsa_raw/emsa_raw.h | 8 +- src/pk_pad/hash_id/hash_id.cpp | 43 ++- src/pk_pad/hash_id/hash_id.h | 2 +- src/pubkey/dh/dh.cpp | 10 +- src/pubkey/dh/dh.h | 10 +- src/pubkey/dl_algo/dl_algo.cpp | 10 +- src/pubkey/dl_algo/dl_algo.h | 8 +- src/pubkey/dl_group/dl_group.cpp | 14 +- src/pubkey/dl_group/dl_group.h | 5 +- src/pubkey/dlies/dlies.cpp | 27 +- src/pubkey/dlies/dlies.h | 13 +- src/pubkey/dsa/dsa.cpp | 6 +- src/pubkey/dsa/dsa.h | 6 +- src/pubkey/ec_group/ec_group.cpp | 18 +- src/pubkey/ec_group/ec_group.h | 4 +- src/pubkey/ecc_key/ecc_key.cpp | 10 +- src/pubkey/ecc_key/ecc_key.h | 10 +- src/pubkey/ecdh/ecdh.cpp | 2 +- src/pubkey/ecdh/ecdh.h | 12 +- src/pubkey/ecdsa/ecdsa.cpp | 4 +- src/pubkey/ecdsa/ecdsa.h | 6 +- src/pubkey/elgamal/elgamal.cpp | 10 +- src/pubkey/elgamal/elgamal.h | 8 +- src/pubkey/gost_3410/gost_3410.cpp | 20 +- src/pubkey/gost_3410/gost_3410.h | 8 +- src/pubkey/if_algo/if_algo.cpp | 10 +- src/pubkey/if_algo/if_algo.h | 8 +- src/pubkey/keypair/keypair.cpp | 12 +- src/pubkey/nr/nr.cpp | 12 +- src/pubkey/nr/nr.h | 8 +- src/pubkey/pk_algs.cpp | 4 +- src/pubkey/pk_algs.h | 4 +- src/pubkey/pk_keys.h | 6 +- src/pubkey/pk_ops.h | 10 +- src/pubkey/pkcs8.cpp | 18 +- src/pubkey/pkcs8.h | 4 +- src/pubkey/pubkey.cpp | 46 +-- src/pubkey/pubkey.h | 54 ++-- src/pubkey/rsa/rsa.cpp | 6 +- src/pubkey/rsa/rsa.h | 14 +- src/pubkey/rw/rw.cpp | 12 +- src/pubkey/rw/rw.h | 8 +- src/pubkey/x509_key.cpp | 8 +- src/pubkey/x509_key.h | 4 +- src/rng/hmac_rng/hmac_rng.cpp | 4 +- src/rng/hmac_rng/hmac_rng.h | 2 +- src/rng/randpool/randpool.cpp | 6 +- src/rng/randpool/randpool.h | 2 +- src/rng/rng.h | 4 +- src/rng/x931_rng/x931_rng.cpp | 2 +- src/rng/x931_rng/x931_rng.h | 2 +- src/stream/arc4/arc4.h | 4 +- src/stream/ctr/ctr.h | 2 +- src/stream/ofb/ofb.h | 2 +- src/stream/salsa20/salsa20.cpp | 2 +- src/stream/salsa20/salsa20.h | 4 +- src/stream/turing/turing.cpp | 4 +- src/stream/turing/turing.h | 8 +- src/stream/wid_wake/wid_wake.h | 8 +- src/tls/c_hello.cpp | 26 +- src/tls/c_kex.cpp | 26 +- src/tls/cert_req.cpp | 22 +- src/tls/cert_ver.cpp | 10 +- src/tls/finished.cpp | 14 +- src/tls/hello_verify.cpp | 10 +- src/tls/next_protocol.cpp | 6 +- src/tls/rec_read.cpp | 4 +- src/tls/rec_wri.cpp | 6 +- src/tls/s_hello.cpp | 16 +- src/tls/s_kex.cpp | 12 +- src/tls/session_ticket.cpp | 8 +- src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp | 10 +- src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h | 4 +- src/tls/tls_alert.cpp | 2 +- src/tls/tls_alert.h | 2 +- src/tls/tls_channel.cpp | 16 +- src/tls/tls_channel.h | 12 +- src/tls/tls_client.cpp | 6 +- src/tls/tls_client.h | 2 +- src/tls/tls_extensions.cpp | 34 +- src/tls/tls_extensions.h | 36 +-- src/tls/tls_handshake_hash.cpp | 10 +- src/tls/tls_handshake_hash.h | 15 +- src/tls/tls_handshake_reader.cpp | 4 +- src/tls/tls_handshake_reader.h | 4 +- src/tls/tls_handshake_state.cpp | 2 +- src/tls/tls_handshake_state.h | 4 +- src/tls/tls_heartbeats.cpp | 12 +- src/tls/tls_heartbeats.h | 8 +- src/tls/tls_messages.h | 121 +++---- src/tls/tls_reader.h | 35 +- src/tls/tls_record.h | 12 +- src/tls/tls_server.cpp | 12 +- src/tls/tls_server.h | 4 +- src/tls/tls_session.cpp | 26 +- src/tls/tls_session.h | 24 +- src/tls/tls_session_key.cpp | 6 +- src/tls/tls_session_key.h | 6 +- src/tls/tls_session_manager.cpp | 4 +- src/tls/tls_session_manager.h | 8 +- src/utils/datastor/datastor.cpp | 15 +- src/utils/datastor/datastor.h | 5 +- src/utils/xor_buf.h | 26 ++ src/wrap/python/python_botan.h | 2 +- src/wrap/python/rsa.cpp | 4 +- src/wrap/python/x509.cpp | 2 +- 410 files changed, 2250 insertions(+), 3046 deletions(-) delete mode 100644 src/alloc/alloc_mmap/info.txt delete mode 100644 src/alloc/alloc_mmap/mmap_mem.cpp delete mode 100644 src/alloc/alloc_mmap/mmap_mem.h delete mode 100644 src/alloc/allocate.h delete mode 100644 src/alloc/mem_pool/info.txt delete mode 100644 src/alloc/mem_pool/mem_pool.cpp delete mode 100644 src/alloc/mem_pool/mem_pool.h delete mode 100644 src/alloc/system_alloc/defalloc.cpp delete mode 100644 src/alloc/system_alloc/defalloc.h delete mode 100644 src/alloc/system_alloc/info.txt (limited to 'src/kdf/prf_tls') diff --git a/checks/common.h b/checks/common.h index 33499a99d..05a6fb974 100644 --- a/checks/common.h +++ b/checks/common.h @@ -55,13 +55,13 @@ class Fixed_Output_RNG : public Botan::RandomNumberGenerator void clear() throw() {} - Fixed_Output_RNG(const Botan::SecureVector& in) + Fixed_Output_RNG(const Botan::secure_vector& in) { buf.insert(buf.end(), in.begin(), in.end()); } Fixed_Output_RNG(const std::string& in_str) { - Botan::SecureVector in = Botan::hex_decode(in_str); + Botan::secure_vector in = Botan::hex_decode(in_str); buf.insert(buf.end(), in.begin(), in.end()); } diff --git a/checks/cvc_tests.cpp b/checks/cvc_tests.cpp index ccda22cfc..9dc56610c 100644 --- a/checks/cvc_tests.cpp +++ b/checks/cvc_tests.cpp @@ -40,7 +40,7 @@ namespace { // helper functions void helper_write_file(EAC_Signed_Object const& to_write, std::string const& file_path) { - SecureVector sv = to_write.BER_encode(); + std::vector sv = to_write.BER_encode(); std::ofstream cert_file(file_path.c_str(), std::ios::binary); cert_file.write((char*)&sv[0], sv.size()); cert_file.close(); @@ -50,8 +50,8 @@ bool helper_files_equal(std::string const& file_path1, std::string const& file_p { std::ifstream cert_1_in(file_path1.c_str()); std::ifstream cert_2_in(file_path2.c_str()); - SecureVector sv1; - SecureVector sv2; + std::vector sv1; + std::vector sv2; if (!cert_1_in || !cert_2_in) { return false; @@ -94,7 +94,7 @@ void test_enc_gen_selfsigned(RandomNumberGenerator& rng) key.set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA); EAC1_1_CVC cert = CVC_EAC::create_self_signed_cert(key, opts, rng); - SecureVector der(cert.BER_encode()); + std::vector der(cert.BER_encode()); std::ofstream cert_file; cert_file.open(TEST_DATA_DIR "/my_cv_cert.ber", std::ios::binary); //cert_file << der; // this is bad !!! @@ -104,15 +104,15 @@ void test_enc_gen_selfsigned(RandomNumberGenerator& rng) EAC1_1_CVC cert_in(TEST_DATA_DIR "/my_cv_cert.ber"); CHECK(cert == cert_in); // encoding it again while it has no dp - SecureVector der2(cert_in.BER_encode()); + std::vector der2(cert_in.BER_encode()); std::ofstream cert_file2(TEST_DATA_DIR "/my_cv_cert2.ber", std::ios::binary); cert_file2.write((char*)&der2[0], der2.size()); cert_file2.close(); // read both and compare them std::ifstream cert_1_in(TEST_DATA_DIR "/my_cv_cert.ber"); std::ifstream cert_2_in(TEST_DATA_DIR "/my_cv_cert2.ber"); - SecureVector sv1; - SecureVector sv2; + std::vector sv1; + std::vector sv2; if (!cert_1_in || !cert_2_in) { CHECK_MESSAGE(false, "could not read certificate files"); @@ -203,7 +203,7 @@ void test_enc_gen_req(RandomNumberGenerator& rng) ECDSA_PrivateKey key(rng, dom_pars); key.set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA); EAC1_1_Req req = CVC_EAC::create_cvc_req(key, opts.chr, opts.hash_alg, rng); - SecureVector der(req.BER_encode()); + std::vector der(req.BER_encode()); std::ofstream req_file(TEST_DATA_DIR "/my_cv_req.ber", std::ios::binary); req_file.write((char*)&der[0], der.size()); req_file.close(); @@ -260,7 +260,7 @@ void test_cvc_ado_creation(RandomNumberGenerator& rng) req_key.set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA); //EAC1_1_Req req = CVC_EAC::create_cvc_req(req_key, opts); EAC1_1_Req req = CVC_EAC::create_cvc_req(req_key, opts.chr, opts.hash_alg, rng); - SecureVector der(req.BER_encode()); + std::vector der(req.BER_encode()); std::ofstream req_file(TEST_DATA_DIR "/my_cv_req.ber", std::ios::binary); req_file.write((char*)&der[0], der.size()); req_file.close(); @@ -276,7 +276,7 @@ void test_cvc_ado_creation(RandomNumberGenerator& rng) CHECK_MESSAGE(ado.check_signature(ado_key), "failure of ado verification after creation"); std::ofstream ado_file(TEST_DATA_DIR "/ado", std::ios::binary); - SecureVector ado_der(ado.BER_encode()); + std::vector ado_der(ado.BER_encode()); ado_file.write((char*)&ado_der[0], ado_der.size()); ado_file.close(); // read it again and check the signature @@ -332,7 +332,7 @@ void test_cvc_ado_comparison(RandomNumberGenerator& rng) CHECK_MESSAGE(ado != ado2, "ado's found to be equal where they are not"); // std::ofstream ado_file(TEST_DATA_DIR "/ado"); - // SecureVector ado_der(ado.BER_encode()); + // std::vector ado_der(ado.BER_encode()); // ado_file.write((char*)&ado_der[0], ado_der.size()); // ado_file.close(); // read it again and check the signature @@ -490,7 +490,7 @@ void test_cvc_chain(RandomNumberGenerator& rng) ASN1_Car car("DECVCA00001"); EAC1_1_CVC cvca_cert = DE_EAC::create_cvca(cvca_privk, hash, car, true, true, 12, rng); std::ofstream cvca_file(TEST_DATA_DIR "/cvc_chain_cvca.cer", std::ios::binary); - SecureVector cvca_sv = cvca_cert.BER_encode(); + std::vector cvca_sv = cvca_cert.BER_encode(); cvca_file.write((char*)&cvca_sv[0], cvca_sv.size()); cvca_file.close(); @@ -498,7 +498,7 @@ void test_cvc_chain(RandomNumberGenerator& rng) ASN1_Car car2("DECVCA00002"); EAC1_1_CVC cvca_cert2 = DE_EAC::create_cvca(cvca_privk2, hash, car2, true, true, 12, rng); EAC1_1_CVC link12 = DE_EAC::link_cvca(cvca_cert, cvca_privk, cvca_cert2, rng); - SecureVector link12_sv = link12.BER_encode(); + std::vector link12_sv = link12.BER_encode(); std::ofstream link12_file(TEST_DATA_DIR "/cvc_chain_link12.cer", std::ios::binary); link12_file.write((char*)&link12_sv[0], link12_sv.size()); link12_file.close(); @@ -514,7 +514,7 @@ void test_cvc_chain(RandomNumberGenerator& rng) ECDSA_PrivateKey dvca_priv_key(rng, dom_pars); EAC1_1_Req dvca_req = DE_EAC::create_cvc_req(dvca_priv_key, ASN1_Chr("DEDVCAEPASS"), hash, rng); std::ofstream dvca_file(TEST_DATA_DIR "/cvc_chain_dvca_req.cer", std::ios::binary); - SecureVector dvca_sv = dvca_req.BER_encode(); + std::vector dvca_sv = dvca_req.BER_encode(); dvca_file.write((char*)&dvca_sv[0], dvca_sv.size()); dvca_file.close(); @@ -528,7 +528,7 @@ void test_cvc_chain(RandomNumberGenerator& rng) ECDSA_PrivateKey dvca_priv_key2(rng, dom_pars); EAC1_1_Req dvca_req2 = DE_EAC::create_cvc_req(dvca_priv_key2, ASN1_Chr("DEDVCAEPASS"), hash, rng); std::ofstream dvca_file2(TEST_DATA_DIR "/cvc_chain_dvca_req2.cer", std::ios::binary); - SecureVector dvca_sv2 = dvca_req2.BER_encode(); + std::vector dvca_sv2 = dvca_req2.BER_encode(); dvca_file2.write((char*)&dvca_sv2[0], dvca_sv2.size()); dvca_file2.close(); EAC1_1_ADO dvca_ado2 = CVC_EAC::create_ado_req(dvca_priv_key, dvca_req2, diff --git a/checks/dolook.cpp b/checks/dolook.cpp index a8e08a96b..20e260f64 100644 --- a/checks/dolook.cpp +++ b/checks/dolook.cpp @@ -83,14 +83,14 @@ class PBKDF_Filter : public Filter pbkdf = algo; outlen = o; iterations = i; - salt = s.bits_of(); + salt = unlock(s.bits_of()); } ~PBKDF_Filter() { delete pbkdf; } private: std::string passphrase; PBKDF* pbkdf; - SecureVector salt; + std::vector salt; u32bit outlen, iterations; }; @@ -126,12 +126,12 @@ class KDF_Filter : public Filter { kdf = algo; outlen = o; - salt = s.bits_of(); + salt = unlock(s.bits_of()); } ~KDF_Filter() { delete kdf; } private: - SecureVector secret; - SecureVector salt; + std::vector secret; + std::vector salt; KDF* kdf; u32bit outlen; }; diff --git a/checks/ec_tests.cpp b/checks/ec_tests.cpp index e308a5291..39c32de37 100644 --- a/checks/ec_tests.cpp +++ b/checks/ec_tests.cpp @@ -76,10 +76,10 @@ void test_point_turn_on_sp_red_mul() std::string a_secp = "ffffffffffffffffffffffffffffffff7ffffffc"; std::string b_secp = "1c97befc54bd7a8b65acf89f81d4d4adc565fa45"; std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_p_secp = hex_decode(p_secp); - SecureVector sv_a_secp = hex_decode(a_secp); - SecureVector sv_b_secp = hex_decode(b_secp); - SecureVector sv_G_secp_comp = hex_decode(G_secp_comp); + secure_vector sv_p_secp = hex_decode(p_secp); + secure_vector sv_a_secp = hex_decode(a_secp); + secure_vector sv_b_secp = hex_decode(b_secp); + secure_vector sv_G_secp_comp = hex_decode(G_secp_comp); BigInt bi_p_secp = BigInt::decode(&sv_p_secp[0], sv_p_secp.size()); BigInt bi_a_secp = BigInt::decode(&sv_a_secp[0], sv_a_secp.size()); BigInt bi_b_secp = BigInt::decode(&sv_b_secp[0], sv_b_secp.size()); @@ -139,10 +139,10 @@ void test_coordinates() std::string a_secp = "ffffffffffffffffffffffffffffffff7ffffffc"; std::string b_secp = "1c97befc54bd7a8b65acf89f81d4d4adc565fa45"; std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); @@ -196,7 +196,7 @@ void test_point_mult () const CurveGFp& curve = secp160r1.get_curve(); std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_G_secp_comp = hex_decode(G_secp_comp); + secure_vector sv_G_secp_comp = hex_decode(G_secp_comp); PointGFp p_G = OS2ECP(sv_G_secp_comp, curve); BigInt d_U("0xaa374ffc3ce144e6b073307972cb6d57b2a4e982"); @@ -215,10 +215,10 @@ void test_point_negative() std::string a_secp = "ffffffffffffffffffffffffffffffff7ffffffc"; std::string b_secp = "1c97befc54bd7a8b65acf89f81d4d4adc565fa45"; std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); BigInt bi_b_secp = BigInt::decode ( &sv_b_secp[0], sv_b_secp.size() ); @@ -242,7 +242,7 @@ void test_zeropoint() std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp("0xffffffffffffffffffffffffffffffff7fffffff"); BigInt bi_a_secp("0xffffffffffffffffffffffffffffffff7ffffffc"); BigInt bi_b_secp("0x1c97befc54bd7a8b65acf89f81d4d4adc565fa45"); @@ -273,7 +273,7 @@ void test_zeropoint_enc_dec() CHECK_MESSAGE( p.is_zero(), "by constructor created zeropoint is no zeropoint!"); - SecureVector sv_p = EC2OSP(p, PointGFp::UNCOMPRESSED); + secure_vector sv_p = EC2OSP(p, PointGFp::UNCOMPRESSED); PointGFp p_encdec = OS2ECP(sv_p, curve); CHECK_MESSAGE( p == p_encdec, "encoded-decoded (uncompressed) point is not equal the original!"); @@ -291,7 +291,7 @@ void test_calc_with_zeropoint() std::cout << "." << std::flush; std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp("0xffffffffffffffffffffffffffffffff7fffffff"); BigInt bi_a_secp("0xffffffffffffffffffffffffffffffff7ffffffc"); BigInt bi_b_secp("0x1c97befc54bd7a8b65acf89f81d4d4adc565fa45"); @@ -327,10 +327,10 @@ void test_add_point() std::string a_secp = "ffffffffffffffffffffffffffffffff7ffffffc"; std::string b_secp = "1c97befc54bd7a8b65acf89f81d4d4adc565fa45"; std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); BigInt bi_b_secp = BigInt::decode ( &sv_b_secp[0], sv_b_secp.size() ); @@ -363,10 +363,10 @@ void test_sub_point() std::string a_secp = "ffffffffffffffffffffffffffffffff7ffffffc"; std::string b_secp = "1c97befc54bd7a8b65acf89f81d4d4adc565fa45"; std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); BigInt bi_b_secp = BigInt::decode ( &sv_b_secp[0], sv_b_secp.size() ); @@ -398,10 +398,10 @@ void test_mult_point() std::string a_secp = "ffffffffffffffffffffffffffffffff7ffffffc"; std::string b_secp = "1c97befc54bd7a8b65acf89f81d4d4adc565fa45"; std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); BigInt bi_b_secp = BigInt::decode ( &sv_b_secp[0], sv_b_secp.size() ); @@ -427,10 +427,10 @@ void test_basic_operations() std::string a_secp = "ffffffffffffffffffffffffffffffff7ffffffc"; std::string b_secp = "1c97befc54bd7a8b65acf89f81d4d4adc565fa45"; std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); BigInt bi_b_secp = BigInt::decode ( &sv_b_secp[0], sv_b_secp.size() ); @@ -490,10 +490,10 @@ void test_enc_dec_compressed_160() std::string G_secp_comp = "024A96B5688EF573284664698968C38BB913CBFC82"; std::string G_order_secp_comp = "0100000000000000000001F4C8F927AED3CA752257"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); @@ -502,7 +502,7 @@ void test_enc_dec_compressed_160() CurveGFp secp160r1(bi_p_secp, bi_a_secp, bi_b_secp); PointGFp p_G = OS2ECP ( sv_G_secp_comp, secp160r1 ); - SecureVector sv_result = EC2OSP(p_G, PointGFp::COMPRESSED); + secure_vector sv_result = EC2OSP(p_G, PointGFp::COMPRESSED); CHECK( sv_result == sv_G_secp_comp); } @@ -519,10 +519,10 @@ void test_enc_dec_compressed_256() std::string G_secp_comp = "036B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"; std::string G_order_secp_comp = "ffffffff00000000ffffffffffffffffBCE6FAADA7179E84F3B9CAC2FC632551"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); @@ -531,7 +531,7 @@ void test_enc_dec_compressed_256() CurveGFp secp160r1(bi_p_secp, bi_a_secp, bi_b_secp); PointGFp p_G = OS2ECP ( sv_G_secp_comp, secp160r1 ); - SecureVector sv_result = EC2OSP(p_G, PointGFp::COMPRESSED); + secure_vector sv_result = EC2OSP(p_G, PointGFp::COMPRESSED); CHECK( sv_result == sv_G_secp_comp); } @@ -550,10 +550,10 @@ void test_enc_dec_uncompressed_112() std::string G_secp_uncomp = "044BA30AB5E892B4E1649DD0928643ADCD46F5882E3747DEF36E956E97"; std::string G_order_secp_uncomp = "36DF0AAFD8B8D7597CA10520D04B"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_uncomp = hex_decode ( G_secp_uncomp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_uncomp = hex_decode ( G_secp_uncomp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); @@ -562,7 +562,7 @@ void test_enc_dec_uncompressed_112() CurveGFp secp160r1(bi_p_secp, bi_a_secp, bi_b_secp); PointGFp p_G = OS2ECP ( sv_G_secp_uncomp, secp160r1 ); - SecureVector sv_result = EC2OSP(p_G, PointGFp::UNCOMPRESSED); + secure_vector sv_result = EC2OSP(p_G, PointGFp::UNCOMPRESSED); CHECK( sv_result == sv_G_secp_uncomp); } @@ -579,10 +579,10 @@ void test_enc_dec_uncompressed_521() std::string G_secp_uncomp = "0400C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2ffA8DE3348B3C1856A429BF97E7E31C2E5BD66011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650"; std::string G_order_secp_uncomp = "01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_uncomp = hex_decode ( G_secp_uncomp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_uncomp = hex_decode ( G_secp_uncomp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); @@ -592,7 +592,7 @@ void test_enc_dec_uncompressed_521() PointGFp p_G = OS2ECP ( sv_G_secp_uncomp, secp160r1 ); - SecureVector sv_result = EC2OSP(p_G, PointGFp::UNCOMPRESSED); + secure_vector sv_result = EC2OSP(p_G, PointGFp::UNCOMPRESSED); std::string result = hex_encode(&sv_result[0], sv_result.size()); std::string exp_result = hex_encode(&sv_G_secp_uncomp[0], sv_G_secp_uncomp.size()); @@ -611,10 +611,10 @@ void test_enc_dec_uncompressed_521_prime_too_large() std::string G_secp_uncomp = "0400C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2ffA8DE3348B3C1856A429BF97E7E31C2E5BD66011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650"; std::string G_order_secp_uncomp = "01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_uncomp = hex_decode ( G_secp_uncomp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_uncomp = hex_decode ( G_secp_uncomp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); @@ -648,7 +648,7 @@ void test_gfp_store_restore() PointGFp p = dom_pars.get_base_point(); //store point (to std::string) - SecureVector sv_mes = EC2OSP(p, PointGFp::COMPRESSED); + secure_vector sv_mes = EC2OSP(p, PointGFp::COMPRESSED); PointGFp new_p = OS2ECP(sv_mes, dom_pars.get_curve()); CHECK_MESSAGE( p == new_p, "original and restored point are different!"); @@ -662,7 +662,7 @@ void test_cdc_curve_33() std::string G_secp_uncomp = "04081523d03d4f12cd02879dea4bf6a4f3a7df26ed888f10c5b2235a1274c386a2f218300dee6ed217841164533bcdc903f07a096f9fbf4ee95bac098a111f296f5830fe5c35b3e344d5df3a2256985f64fbe6d0edcc4c61d18bef681dd399df3d0194c5a4315e012e0245ecea56365baa9e8be1f7"; - SecureVector sv_G_uncomp = hex_decode ( G_secp_uncomp ); + secure_vector sv_G_uncomp = hex_decode ( G_secp_uncomp ); BigInt bi_p_secp = BigInt("2117607112719756483104013348936480976596328609518055062007450442679169492999007105354629105748524349829824407773719892437896937279095106809"); BigInt bi_a_secp("0xa377dede6b523333d36c78e9b0eaa3bf48ce93041f6d4fc34014d08f6833807498deedd4290101c5866e8dfb589485d13357b9e78c2d7fbe9fe"); @@ -689,7 +689,7 @@ void test_more_zeropoint() // by Falko std::string G = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_G_secp_comp = hex_decode ( G ); + secure_vector sv_G_secp_comp = hex_decode ( G ); BigInt bi_p("0xffffffffffffffffffffffffffffffff7fffffff"); BigInt bi_a("0xffffffffffffffffffffffffffffffff7ffffffc"); BigInt bi_b("0x1c97befc54bd7a8b65acf89f81d4d4adc565fa45"); diff --git a/checks/ecdh.cpp b/checks/ecdh.cpp index c641796d6..841bce55b 100644 --- a/checks/ecdh.cpp +++ b/checks/ecdh.cpp @@ -96,8 +96,8 @@ void test_ecdh_der_derivation(RandomNumberGenerator& rng) ECDH_PrivateKey private_a(rng, dom_pars); ECDH_PrivateKey private_b(rng, dom_pars); - MemoryVector key_a = private_a.public_value(); - MemoryVector key_b = private_b.public_value(); + std::vector key_a = private_a.public_value(); + std::vector key_b = private_b.public_value(); PK_Key_Agreement ka(private_a, "KDF2(SHA-1)"); PK_Key_Agreement kb(private_b, "KDF2(SHA-1)"); diff --git a/checks/ecdsa.cpp b/checks/ecdsa.cpp index 3110bf0fe..554f72dd7 100644 --- a/checks/ecdsa.cpp +++ b/checks/ecdsa.cpp @@ -32,7 +32,7 @@ using namespace Botan; namespace { -std::string to_hex(const SecureVector& bin) +std::string to_hex(const std::vector& bin) { return hex_encode(&bin[0], bin.size()); } @@ -54,7 +54,7 @@ void test_hash_larger_than_n(RandomNumberGenerator& rng) ECDSA_PrivateKey priv_key(rng, dom_pars); - SecureVector message(20); + std::vector message(20); for(size_t i = 0; i != message.size(); ++i) message[i] = i; @@ -64,14 +64,14 @@ void test_hash_larger_than_n(RandomNumberGenerator& rng) PK_Signer pk_signer_224(priv_key, "EMSA1_BSI(SHA-224)"); // Verify we can sign and verify with SHA-160 - SecureVector signature_160 = pk_signer_160.sign_message(message, rng); + std::vector signature_160 = pk_signer_160.sign_message(message, rng); CHECK(pk_verifier_160.verify_message(message, signature_160)); bool signature_failed = false; try { - SecureVector signature_224 = pk_signer_224.sign_message(message, rng); + std::vector signature_224 = pk_signer_224.sign_message(message, rng); } catch(Encoding_Error) { @@ -84,7 +84,7 @@ void test_hash_larger_than_n(RandomNumberGenerator& rng) // sign it with the normal EMSA1 PK_Signer pk_signer(priv_key, "EMSA1(SHA-224)"); - SecureVector signature = pk_signer.sign_message(message, rng); + std::vector signature = pk_signer.sign_message(message, rng); PK_Verifier pk_verifier(priv_key, "EMSA1_BSI(SHA-224)"); @@ -142,8 +142,8 @@ void test_sign_then_ver(RandomNumberGenerator& rng) PK_Signer signer(ecdsa, "EMSA1(SHA-1)"); - SecureVector msg = hex_decode("12345678901234567890abcdef12"); - SecureVector sig = signer.sign_message(msg, rng); + secure_vector msg = hex_decode("12345678901234567890abcdef12"); + std::vector sig = signer.sign_message(msg, rng); PK_Verifier verifier(ecdsa, "EMSA1(SHA-1)"); @@ -174,7 +174,7 @@ bool test_ec_sign(RandomNumberGenerator& rng) for(size_t i = 0; i != 256; ++i) signer.update(static_cast(i)); - SecureVector sig = signer.signature(rng); + std::vector sig = signer.signature(rng); for(u32bit i = 0; i != 256; ++i) verifier.update(static_cast(i)); @@ -267,11 +267,11 @@ void test_create_and_verify(RandomNumberGenerator& rng) std::string G_secp_comp = "04081523d03d4f12cd02879dea4bf6a4f3a7df26ed888f10c5b2235a1274c386a2f218300dee6ed217841164533bcdc903f07a096f9fbf4ee95bac098a111f296f5830fe5c35b3e344d5df3a2256985f64fbe6d0edcc4c61d18bef681dd399df3d0194c5a4315e012e0245ecea56365baa9e8be1f7"; std::string order_g = "0e1a16196e6000000000bc7f1618d867b15bb86474418f"; - // ::SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); - SecureVector sv_order_g = hex_decode ( order_g ); + // ::std::vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_order_g = hex_decode ( order_g ); // BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_p_secp("2117607112719756483104013348936480976596328609518055062007450442679169492999007105354629105748524349829824407773719892437896937279095106809"); @@ -343,8 +343,8 @@ void test_curve_registry(RandomNumberGenerator& rng) PK_Signer signer(ecdsa, "EMSA1(SHA-1)"); PK_Verifier verifier(ecdsa, "EMSA1(SHA-1)"); - SecureVector msg = hex_decode("12345678901234567890abcdef12"); - SecureVector sig = signer.sign_message(msg, rng); + secure_vector msg = hex_decode("12345678901234567890abcdef12"); + std::vector sig = signer.sign_message(msg, rng); if(!verifier.verify_message(msg, sig)) std::cout << "Failed testing ECDSA sig for curve " << oids[i] << "\n"; @@ -361,7 +361,7 @@ void test_read_pkcs8(RandomNumberGenerator& rng) { std::cout << "." << std::flush; - SecureVector msg = hex_decode("12345678901234567890abcdef12"); + secure_vector msg = hex_decode("12345678901234567890abcdef12"); try { @@ -371,7 +371,7 @@ void test_read_pkcs8(RandomNumberGenerator& rng) PK_Signer signer(*ecdsa, "EMSA1(SHA-1)"); - SecureVector sig = signer.sign_message(msg, rng); + std::vector sig = signer.sign_message(msg, rng); PK_Verifier verifier(*ecdsa, "EMSA1(SHA-1)"); @@ -393,7 +393,7 @@ void test_read_pkcs8(RandomNumberGenerator& rng) PK_Signer signer(*ecdsa_nodp, "EMSA1(SHA-1)"); PK_Verifier verifier(*ecdsa_nodp, "EMSA1(SHA-1)"); - SecureVector signature_nodp = signer.sign_message(msg, rng); + std::vector signature_nodp = signer.sign_message(msg, rng); CHECK_MESSAGE(verifier.verify_message(msg, signature_nodp), "generated signature could not be verified positively (no_dom)"); diff --git a/checks/pk.cpp b/checks/pk.cpp index e06efb3ea..261c5f78c 100644 --- a/checks/pk.cpp +++ b/checks/pk.cpp @@ -85,8 +85,8 @@ BigInt to_bigint(std::string input) input.length(), BigInt::Hexadecimal); } -void dump_data(const SecureVector& out, - const SecureVector& expected) +void dump_data(const std::vector& out, + const std::vector& expected) { Pipe pipe(new Hex_Encoder); @@ -142,11 +142,11 @@ void validate_save_and_load(const Private_Key* priv_key, } void validate_decryption(PK_Decryptor& d, const std::string& algo, - const SecureVector ctext, - const SecureVector ptext, + const std::vector ctext, + const std::vector ptext, bool& failure) { - SecureVector decrypted = d.decrypt(ctext); + std::vector decrypted = unlock(d.decrypt(ctext)); if(decrypted != ptext) { std::cout << "FAILED (decrypt): " << algo << std::endl; @@ -160,11 +160,11 @@ void validate_encryption(PK_Encryptor& e, PK_Decryptor& d, const std::string& random, const std::string& exp, bool& failure) { - SecureVector message = hex_decode(input); - SecureVector expected = hex_decode(exp); + std::vector message = unlock(hex_decode(input)); + std::vector expected = unlock(hex_decode(exp)); Fixed_Output_RNG rng(hex_decode(random)); - SecureVector out = e.encrypt(message, rng); + std::vector out = e.encrypt(message, rng); if(out != expected) { std::cout << "FAILED (encrypt): " << algo << std::endl; @@ -180,11 +180,11 @@ void validate_signature(PK_Verifier& v, PK_Signer& s, const std::string& algo, RandomNumberGenerator& rng, const std::string& exp, bool& failure) { - SecureVector message = hex_decode(input); + std::vector message = unlock(hex_decode(input)); - SecureVector expected = hex_decode(exp); + std::vector expected = unlock(hex_decode(exp)); - SecureVector sig = s.sign_message(message, rng); + std::vector sig = s.sign_message(message, rng); if(sig != expected) { @@ -220,18 +220,18 @@ void validate_signature(PK_Verifier& v, PK_Signer& s, const std::string& algo, } void validate_kas(PK_Key_Agreement& kas, const std::string& algo, - const SecureVector& pubkey, const std::string& output, + const std::vector& pubkey, const std::string& output, u32bit keylen, bool& failure) { - SecureVector expected = hex_decode(output); + secure_vector expected = hex_decode(output); - SecureVector got = kas.derive_key(keylen, - pubkey).bits_of(); + secure_vector got = kas.derive_key(keylen, + pubkey).bits_of(); if(got != expected) { std::cout << "FAILED: " << algo << std::endl; - dump_data(got, expected); + dump_data(unlock(got), unlock(expected)); failure = true; } } @@ -325,8 +325,8 @@ u32bit validate_elg_enc(const std::string& algo, validate_encryption(e, d, algo, str[4], str[5], str[6], failure); } else - validate_decryption(d, algo, hex_decode(str[5]), - hex_decode(str[4]), failure); + validate_decryption(d, algo, unlock(hex_decode(str[5])), + unlock(hex_decode(str[4])), failure); return (failure ? 1 : 0); #endif @@ -373,8 +373,8 @@ u32bit validate_rsa_ver(const std::string& algo, PK_Verifier v(key, emsa); - SecureVector msg = hex_decode(str[2]); - SecureVector sig = hex_decode(str[3]); + std::vector msg = unlock(hex_decode(str[2])); + std::vector sig = unlock(hex_decode(str[3])); bool passed = true; passed = v.verify_message(msg, sig); @@ -405,8 +405,8 @@ u32bit validate_rsa_ver_x509(const std::string& algo, PK_Verifier v(*rsakey, emsa); - SecureVector msg = hex_decode(str[1]); - SecureVector sig = hex_decode(str[2]); + std::vector msg = unlock(hex_decode(str[1])); + std::vector sig = unlock(hex_decode(str[2])); bool passed = v.verify_message(msg, sig); return (passed ? 0 : 1); @@ -429,8 +429,8 @@ u32bit validate_rw_ver(const std::string& algo, PK_Verifier v(key, emsa); - SecureVector msg = hex_decode(str[2]); - SecureVector sig = hex_decode(str[3]); + std::vector msg = unlock(hex_decode(str[2])); + std::vector sig = unlock(hex_decode(str[3])); bool passed = true; passed = v.verify_message(msg, sig); @@ -538,7 +538,7 @@ u32bit validate_gost_ver(const std::string& algo, EC_Group group(OIDS::lookup(str[0])); - PointGFp public_point = OS2ECP(hex_decode(str[1]), group.get_curve()); + PointGFp public_point = OS2ECP(unlock(hex_decode(str[1])), group.get_curve()); GOST_3410_PublicKey gost(group, public_point); @@ -546,8 +546,8 @@ u32bit validate_gost_ver(const std::string& algo, PK_Verifier v(gost, emsa); - SecureVector msg = hex_decode(str[2]); - SecureVector sig = hex_decode(str[3]); + std::vector msg = unlock(hex_decode(str[2])); + std::vector sig = unlock(hex_decode(str[3])); bool passed = v.verify_message(msg, sig); return (passed ? 0 : 1); @@ -578,8 +578,8 @@ u32bit validate_dsa_ver(const std::string& algo, PK_Verifier v(*dsakey, emsa); - SecureVector msg = hex_decode(str[1]); - SecureVector sig = hex_decode(str[2]); + std::vector msg = unlock(hex_decode(str[1])); + std::vector sig = unlock(hex_decode(str[2])); v.set_input_format(DER_SEQUENCE); bool passed = v.verify_message(msg, sig); diff --git a/checks/pk_bench.cpp b/checks/pk_bench.cpp index ab4702dba..8241ee5d1 100644 --- a/checks/pk_bench.cpp +++ b/checks/pk_bench.cpp @@ -104,7 +104,7 @@ void benchmark_enc_dec(PK_Encryptor& enc, PK_Decryptor& dec, RandomNumberGenerator& rng, u32bit runs, double seconds) { - SecureVector plaintext, ciphertext; + std::vector plaintext, ciphertext; for(u32bit i = 0; i != runs; ++i) { @@ -127,7 +127,7 @@ void benchmark_enc_dec(PK_Encryptor& enc, PK_Decryptor& dec, if(dec_timer.seconds() < seconds) { dec_timer.start(); - SecureVector plaintext_out = dec.decrypt(ciphertext); + std::vector plaintext_out = unlock(dec.decrypt(ciphertext)); dec_timer.stop(); if(plaintext_out != plaintext) @@ -143,7 +143,7 @@ void benchmark_sig_ver(PK_Verifier& ver, PK_Signer& sig, RandomNumberGenerator& rng, u32bit runs, double seconds) { - SecureVector message, signature, sig_random; + std::vector message, signature, sig_random; for(u32bit i = 0; i != runs; ++i) { @@ -171,7 +171,7 @@ void benchmark_sig_ver(PK_Verifier& ver, PK_Signer& sig, if((i % 100) == 0) { - sig_random = rng.random_vec(signature.size()); + sig_random = unlock(rng.random_vec(signature.size())); verify_timer.start(); const bool verified_bad = ver.verify_message(message, sig_random); diff --git a/checks/validate.cpp b/checks/validate.cpp index 2bb099030..c6a4a29d0 100644 --- a/checks/validate.cpp +++ b/checks/validate.cpp @@ -119,7 +119,7 @@ bool keywrap_test(const char* key_str, Algorithm_Factory& af = global_state().algorithm_factory(); - SecureVector enc = rfc3394_keywrap(key.bits_of(), kek, af); + secure_vector enc = rfc3394_keywrap(key.bits_of(), kek, af); if(enc != expected.bits_of()) { @@ -128,7 +128,7 @@ bool keywrap_test(const char* key_str, ok = false; } - SecureVector dec = rfc3394_keyunwrap(expected.bits_of(), kek, af); + secure_vector dec = rfc3394_keyunwrap(expected.bits_of(), kek, af); if(dec != key.bits_of()) { @@ -490,7 +490,7 @@ bool failed_test(const std::string& algo, pipe.append(test); pipe.append(new Botan::Hex_Encoder); - Botan::SecureVector data = Botan::hex_decode(in); + secure_vector data = Botan::hex_decode(in); const byte* data_ptr = &data[0]; // this can help catch errors with buffering, etc @@ -538,7 +538,7 @@ bool failed_test(const std::string& algo, size_t offset = random_word(rng, pipe.remaining() - 1); size_t length = random_word(rng, pipe.remaining() - offset); - Botan::SecureVector peekbuf(length); + std::vector peekbuf(length); pipe.peek(&peekbuf[0], peekbuf.size(), offset); output = pipe.read_all_as_string(); diff --git a/checks/x509.cpp b/checks/x509.cpp index 8c6cd8187..c3bf2353e 100644 --- a/checks/x509.cpp +++ b/checks/x509.cpp @@ -49,7 +49,7 @@ u64bit key_id(const Public_Key* key) pipe.write(key->x509_subject_public_key()); pipe.end_msg(); - SecureVector output = pipe.read_all(); + secure_vector output = pipe.read_all(); if(output.size() != 8) throw Internal_Error("Public_Key::key_id: Incorrect output size"); diff --git a/doc/examples/GNUmakefile b/doc/examples/GNUmakefile index fb2788218..b034cac78 100644 --- a/doc/examples/GNUmakefile +++ b/doc/examples/GNUmakefile @@ -1,7 +1,7 @@ BOTAN_CONFIG = botan-config -CXX = g++-4.6.0 +CXX = g++-4.8.0-r187608 CFLAGS = -O2 -ansi -std=c++0x -W -Wall -I../../build/include LIBS = -L../.. -lbotan-1.99 @@ -18,7 +18,7 @@ clean: $(CXX) $(CFLAGS) $? $(LIBS) -o $@ eax_test: eax_test.cpp - echo $(CXX) $(CFLAGS) $? $(LIBS) -lboost_regex -o $@ + $(CXX) $(CFLAGS) $? $(LIBS) -lboost_regex -o $@ asio_tls_server: asio_tls_server.cpp credentials.h $(CXX) $(CFLAGS) $< $(LIBS) -lboost_thread -lboost_system -o $@ diff --git a/doc/examples/asn1.cpp b/doc/examples/asn1.cpp index 866e57d75..d12ee1eec 100644 --- a/doc/examples/asn1.cpp +++ b/doc/examples/asn1.cpp @@ -72,8 +72,8 @@ void decode(BER_Decoder& decoder, size_t level) /* hack to insert the tag+length back in front of the stuff now that we've gotten the type info */ DER_Encoder encoder; - encoder.add_object(type_tag, class_tag, obj.value, obj.value.size()); - SecureVector bits = encoder.get_contents(); + encoder.add_object(type_tag, class_tag, obj.value); + secure_vector bits = encoder.get_contents(); BER_Decoder data(bits); @@ -143,7 +143,7 @@ void decode(BER_Decoder& decoder, size_t level) BigInt number; data.decode(number); - SecureVector rep; + std::vector rep; /* If it's small, it's probably a number, not a hash */ if(number.bits() <= 16) @@ -170,7 +170,7 @@ void decode(BER_Decoder& decoder, size_t level) } else if(type_tag == OCTET_STRING) { - SecureVector bits; + secure_vector bits; data.decode(bits, type_tag); bool not_text = false; @@ -184,7 +184,7 @@ void decode(BER_Decoder& decoder, size_t level) } else if(type_tag == BIT_STRING) { - SecureVector bits; + secure_vector bits; data.decode(bits, type_tag); std::vector bit_set; diff --git a/doc/examples/bzip.cpp b/doc/examples/bzip.cpp index 6137bb6af..74ba431ed 100644 --- a/doc/examples/bzip.cpp +++ b/doc/examples/bzip.cpp @@ -37,6 +37,7 @@ int main(int argc, char* argv[]) Botan::LibraryInitializer init; +#ifdef BOTAN_HAS_COMPRESSOR_BZIP2 std::vector files; bool decompress = false, small = false; int level = 9; @@ -60,18 +61,10 @@ int main(int argc, char* argv[]) try { Botan::Filter* bzip = 0; -#ifdef BOTAN_HAS_COMPRESSOR_BZIP2 if(decompress) bzip = new Botan::Bzip_Decompression(small); else bzip = new Botan::Bzip_Compression(level); -#endif - - if(!bzip) - { - std::cout << "Sorry, support for bzip2 not compiled into Botan\n"; - return 1; - } Botan::Pipe pipe(bzip); @@ -112,5 +105,11 @@ int main(int argc, char* argv[]) std::cout << "Exception caught: " << e.what() << std::endl; return 1; } +#else + + std::cout << "Sorry, support for bzip2 not compiled into Botan\n"; + +#endif + return 0; } diff --git a/doc/examples/credentials.h b/doc/examples/credentials.h index 4e4427585..2734b1649 100644 --- a/doc/examples/credentials.h +++ b/doc/examples/credentials.h @@ -97,7 +97,7 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager const std::string& identifier, std::string& group_id, Botan::BigInt& verifier, - Botan::MemoryRegion& salt, + std::vector& salt, bool generate_fake_on_unknown) { diff --git a/doc/examples/decrypt.cpp b/doc/examples/decrypt.cpp index ea510c5e9..42c4071c7 100644 --- a/doc/examples/decrypt.cpp +++ b/doc/examples/decrypt.cpp @@ -27,7 +27,7 @@ stderr so there is no confusion. using namespace Botan; -SecureVector b64_decode(const std::string&); +secure_vector b64_decode(const std::string&); int main(int argc, char* argv[]) { @@ -111,7 +111,7 @@ int main(int argc, char* argv[]) const u32bit PBKDF2_ITERATIONS = 8192; - SecureVector salt = b64_decode(salt_str); + secure_vector salt = b64_decode(salt_str); SymmetricKey bc_key = pbkdf->derive_key(key_len, "BLK" + passphrase, &salt[0], salt.size(), @@ -165,7 +165,7 @@ int main(int argc, char* argv[]) return 0; } -SecureVector b64_decode(const std::string& in) +secure_vector b64_decode(const std::string& in) { Pipe pipe(new Base64_Decoder); pipe.process_msg(in); diff --git a/doc/examples/dh.cpp b/doc/examples/dh.cpp index 8d163303a..d62d49f65 100644 --- a/doc/examples/dh.cpp +++ b/doc/examples/dh.cpp @@ -24,12 +24,12 @@ int main() DH_PrivateKey private_b(rng, shared_domain); // Alice sends to Bob her public key and a session parameter - MemoryVector public_a = private_a.public_value(); + std::vector public_a = private_a.public_value(); const std::string session_param = "Alice and Bob's shared session parameter"; // Bob sends his public key to Alice - MemoryVector public_b = private_b.public_value(); + std::vector public_b = private_b.public_value(); // Now Alice performs the key agreement operation PK_Key_Agreement ka_alice(private_a, "KDF2(SHA-256)"); diff --git a/doc/examples/dsa_ver.cpp b/doc/examples/dsa_ver.cpp index 9cb85740e..e6910a4e1 100644 --- a/doc/examples/dsa_ver.cpp +++ b/doc/examples/dsa_ver.cpp @@ -12,7 +12,7 @@ using namespace Botan; namespace { -SecureVector b64_decode(const std::string& in) +secure_vector b64_decode(const std::string& in) { Pipe pipe(new Base64_Decoder); pipe.process_msg(in); @@ -60,7 +60,7 @@ int main(int argc, char* argv[]) return 1; } - SecureVector sig = b64_decode(sigstr); + secure_vector sig = b64_decode(sigstr); PK_Verifier ver(*dsakey, "EMSA1(SHA-1)"); diff --git a/doc/examples/ecdsa.cpp b/doc/examples/ecdsa.cpp index 1607107eb..b0a66a888 100644 --- a/doc/examples/ecdsa.cpp +++ b/doc/examples/ecdsa.cpp @@ -40,7 +40,7 @@ int main() signer.update((const byte*)message, strlen(message)); - SecureVector sig = signer.signature(rng); + std::vector sig = signer.signature(rng); std::cout << sig.size() << "\n"; diff --git a/doc/examples/encrypt.cpp b/doc/examples/encrypt.cpp index 28017d875..158806936 100644 --- a/doc/examples/encrypt.cpp +++ b/doc/examples/encrypt.cpp @@ -33,7 +33,7 @@ you're encrypting is 1 Gb... you better have a lot of RAM. using namespace Botan; -std::string b64_encode(const SecureVector&); +std::string b64_encode(const secure_vector&); int main(int argc, char* argv[]) { @@ -128,7 +128,7 @@ int main(int argc, char* argv[]) std::auto_ptr pbkdf(get_pbkdf("PBKDF2(SHA-1)")); - SecureVector salt(8); + secure_vector salt(8); rng.randomize(&salt[0], salt.size()); const u32bit PBKDF2_ITERATIONS = 8192; @@ -185,7 +185,7 @@ int main(int argc, char* argv[]) return 0; } -std::string b64_encode(const SecureVector& in) +std::string b64_encode(const secure_vector& in) { Pipe pipe(new Base64_Encoder); pipe.process_msg(in); diff --git a/doc/examples/encrypt2.cpp b/doc/examples/encrypt2.cpp index 41f4fb478..c6c735af9 100644 --- a/doc/examples/encrypt2.cpp +++ b/doc/examples/encrypt2.cpp @@ -28,10 +28,10 @@ int main() const u32bit PBKDF2_ITERATIONS = 8192; - SecureVector salt(8); + secure_vector salt(8); rng.randomize(&salt[0], salt.size()); - SecureVector master_key = pbkdf2.derive_key(48, passphrase, + secure_vector master_key = pbkdf2.derive_key(48, passphrase, &salt[0], salt.size(), PBKDF2_ITERATIONS).bits_of(); @@ -55,12 +55,12 @@ int main() ) ); - outfile.write((const char*)salt.begin(), salt.size()); + outfile.write((const char*)&salt[0], salt.size()); pipe.start_msg(); infile >> pipe; pipe.end_msg(); - SecureVector hmac = pipe.read_all(1); - outfile.write((const char*)hmac.begin(), hmac.size()); + secure_vector hmac = pipe.read_all(1); + outfile.write((const char*)&hmac[0], hmac.size()); } diff --git a/doc/examples/fpe.cpp b/doc/examples/fpe.cpp index 029a761e7..8f5eaca9f 100644 --- a/doc/examples/fpe.cpp +++ b/doc/examples/fpe.cpp @@ -55,11 +55,11 @@ u64bit cc_derank(u64bit cc_number) /* * Use the SHA-1 hash of the account name or ID as a tweak */ -SecureVector sha1(const std::string& acct_name) +std::vector sha1(const std::string& acct_name) { SHA_160 hash; hash.update(acct_name); - return hash.final(); + return unlock(hash.final()); } u64bit encrypt_cc_number(u64bit cc_number, @@ -123,7 +123,7 @@ int main(int argc, char* argv[]) * In practice something like PBKDF2 with a salt and high iteration * count would be a good idea. */ - SymmetricKey key = sha1(passwd); + SymmetricKey key(sha1(passwd)); u64bit enc_cc = encrypt_cc_number(cc_number, key, acct_name); diff --git a/doc/examples/keywrap.cpp b/doc/examples/keywrap.cpp index 730bcb6c9..93cdbfb84 100644 --- a/doc/examples/keywrap.cpp +++ b/doc/examples/keywrap.cpp @@ -28,11 +28,11 @@ int main() Algorithm_Factory& af = global_state().algorithm_factory(); - SecureVector enc = rfc3394_keywrap(key.bits_of(), kek, af); + secure_vector enc = rfc3394_keywrap(key.bits_of(), kek, af); std::cout << "Encrypted: " << hex_encode(enc) << "\n"; - SecureVector dec = rfc3394_keyunwrap(enc, kek, af); + secure_vector dec = rfc3394_keyunwrap(enc, kek, af); std::cout << "Decrypted: " << hex_encode(dec) << "\n"; } diff --git a/doc/examples/new_engine.cpp b/doc/examples/new_engine.cpp index 42e5dbe33..7e51df2e2 100644 --- a/doc/examples/new_engine.cpp +++ b/doc/examples/new_engine.cpp @@ -43,7 +43,7 @@ class XOR_Cipher : public StreamCipher copy_mem(&mask[0], key, length); } - SecureVector mask; + secure_vector mask; u32bit mask_pos; }; diff --git a/doc/examples/pqg_gen.cpp b/doc/examples/pqg_gen.cpp index c033dac3b..b24c30844 100644 --- a/doc/examples/pqg_gen.cpp +++ b/doc/examples/pqg_gen.cpp @@ -13,7 +13,7 @@ #include #include -#include +#include #include #include using namespace Botan; @@ -94,9 +94,7 @@ bool check(RandomNumberGenerator& rng, //u32bit c = to_u32bit(inputs["c"]); - Pipe pipe(new Hex_Decoder); - pipe.process_msg(inputs["Seed"]); - SecureVector seed = pipe.read_all(); + std::vector seed = unlock(hex_decode(inputs["Seed"])); BigInt our_p, our_q; diff --git a/doc/examples/read_ssh.cpp b/doc/examples/read_ssh.cpp index f6299a29d..0392786a5 100644 --- a/doc/examples/read_ssh.cpp +++ b/doc/examples/read_ssh.cpp @@ -42,7 +42,7 @@ BigInt read_bigint(Pipe& pipe) { u32bit len = read_u32bit(pipe); - SecureVector buf(len); + secure_vector buf(len); pipe.read(&buf[0], len); return BigInt::decode(buf); } diff --git a/doc/examples/rng_test.cpp b/doc/examples/rng_test.cpp index c0d24fd80..385ac57f3 100644 --- a/doc/examples/rng_test.cpp +++ b/doc/examples/rng_test.cpp @@ -68,11 +68,11 @@ void x931_tests(std::vector > vecs, ANSI_X931_RNG prng(get_block_cipher(cipher), new Fixed_Output_RNG); - SecureVector x = hex_decode(input); - prng.add_entropy(x.begin(), x.size()); + secure_vector x = hex_decode(input); + prng.add_entropy(&x[0], x.size()); - SecureVector output(result.size() / 2); - prng.randomize(output, output.size()); + secure_vector output(result.size() / 2); + prng.randomize(&output[0], output.size()); if(hex_decode(result) != output) std::cout << "FAIL"; diff --git a/doc/examples/row_encryptor.cpp b/doc/examples/row_encryptor.cpp index 685850945..b512025b6 100644 --- a/doc/examples/row_encryptor.cpp +++ b/doc/examples/row_encryptor.cpp @@ -26,22 +26,22 @@ class Row_Encryptor RandomNumberGenerator& rng); Row_Encryptor(const std::string& passphrase, - const MemoryRegion& salt); + const std::vector& salt); std::string encrypt(const std::string& input, - const MemoryRegion& salt); + const std::vector& salt); std::string decrypt(const std::string& input, - const MemoryRegion& salt); + const std::vector& salt); - SecureVector get_pbkdf_salt() const { return pbkdf_salt; } + std::vector get_pbkdf_salt() const { return pbkdf_salt; } private: void init(const std::string& passphrase); Row_Encryptor(const Row_Encryptor&) {} Row_Encryptor& operator=(const Row_Encryptor&) { return (*this); } - SecureVector pbkdf_salt; + std::vector pbkdf_salt; Pipe enc_pipe, dec_pipe; EAX_Encryption* eax_enc; // owned by enc_pipe EAX_Decryption* eax_dec; // owned by dec_pipe; @@ -56,7 +56,7 @@ Row_Encryptor::Row_Encryptor(const std::string& passphrase, } Row_Encryptor::Row_Encryptor(const std::string& passphrase, - const MemoryRegion& salt) + const std::vector& salt) { pbkdf_salt = salt; init(passphrase); @@ -66,7 +66,7 @@ void Row_Encryptor::init(const std::string& passphrase) { std::auto_ptr pbkdf(get_pbkdf("PBKDF2(SHA-160)")); - SecureVector key = pbkdf->derive_key(32, passphrase, + secure_vector key = pbkdf->derive_key(32, passphrase, &pbkdf_salt[0], pbkdf_salt.size(), 10000).bits_of(); @@ -89,7 +89,7 @@ void Row_Encryptor::init(const std::string& passphrase) } std::string Row_Encryptor::encrypt(const std::string& input, - const MemoryRegion& salt) + const std::vector& salt) { eax_enc->set_iv(salt); enc_pipe.process_msg(input); @@ -97,7 +97,7 @@ std::string Row_Encryptor::encrypt(const std::string& input, } std::string Row_Encryptor::decrypt(const std::string& input, - const MemoryRegion& salt) + const std::vector& salt) { eax_dec->set_iv(salt); dec_pipe.process_msg(input); @@ -133,7 +133,7 @@ int main() } std::vector encrypted_values; - MemoryVector salt(4); // keep out of loop to avoid excessive dynamic allocation + std::vector salt(4); for(u32bit i = 0; i != original_inputs.size(); ++i) { diff --git a/doc/examples/rsa_dec.cpp b/doc/examples/rsa_dec.cpp index 9c470b8e9..98768cda7 100644 --- a/doc/examples/rsa_dec.cpp +++ b/doc/examples/rsa_dec.cpp @@ -20,7 +20,7 @@ same key format as that generated by rsa_kgen. #include using namespace Botan; -SecureVector b64_decode(const std::string&); +secure_vector b64_decode(const std::string&); SymmetricKey derive_key(const std::string&, const SymmetricKey&, u32bit); const std::string SUFFIX = ".enc"; @@ -73,11 +73,11 @@ int main(int argc, char* argv[]) std::string mac_str; std::getline(message, mac_str); - SecureVector enc_masterkey = b64_decode(enc_masterkey_str); + secure_vector enc_masterkey = b64_decode(enc_masterkey_str); PK_Decryptor_EME decryptor(*rsakey, "EME1(SHA-1)"); - SecureVector masterkey = decryptor.decrypt(enc_masterkey); + secure_vector masterkey = decryptor.decrypt(enc_masterkey); SymmetricKey cast_key = derive_key("CAST", masterkey, 16); InitializationVector iv = derive_key("IV", masterkey, 8); @@ -113,7 +113,7 @@ int main(int argc, char* argv[]) return 0; } -SecureVector b64_decode(const std::string& in) +secure_vector b64_decode(const std::string& in) { Pipe pipe(new Base64_Decoder); pipe.process_msg(in); diff --git a/doc/examples/rsa_enc.cpp b/doc/examples/rsa_enc.cpp index ac609c4b3..b8e5d874b 100644 --- a/doc/examples/rsa_enc.cpp +++ b/doc/examples/rsa_enc.cpp @@ -34,9 +34,10 @@ #include #include #include +#include + using namespace Botan; -std::string b64_encode(const SecureVector&); SymmetricKey derive_key(const std::string&, const SymmetricKey&, u32bit); int main(int argc, char* argv[]) @@ -98,10 +99,10 @@ int main(int argc, char* argv[]) SymmetricKey mac_key = derive_key("MAC", masterkey, 16); SymmetricKey iv = derive_key("IV", masterkey, 8); - SecureVector encrypted_key = + std::vector encrypted_key = encryptor.encrypt(masterkey.bits_of(), rng); - ciphertext << b64_encode(encrypted_key) << std::endl; + ciphertext << base64_encode(encrypted_key) << std::endl; Pipe pipe(new Fork( new Chain( @@ -135,13 +136,6 @@ int main(int argc, char* argv[]) return 0; } -std::string b64_encode(const SecureVector& in) - { - Pipe pipe(new Base64_Encoder); - pipe.process_msg(in); - return pipe.read_all_as_string(); - } - SymmetricKey derive_key(const std::string& param, const SymmetricKey& masterkey, u32bit outputlength) diff --git a/doc/examples/tls_client.cpp b/doc/examples/tls_client.cpp index 5de8a59ce..deb0ff460 100644 --- a/doc/examples/tls_client.cpp +++ b/doc/examples/tls_client.cpp @@ -168,7 +168,7 @@ void doit(RandomNumberGenerator& rng, continue; } - const size_t needed = client.received_data(buf, got); + client.received_data(buf, got); //std::cout << "Socket - got " << got << " bytes, need " << needed << "\n"; } else if(FD_ISSET(STDIN_FILENO, &readfds)) diff --git a/doc/examples/tss.cpp b/doc/examples/tss.cpp index 03d7699bf..aecf95796 100644 --- a/doc/examples/tss.cpp +++ b/doc/examples/tss.cpp @@ -11,7 +11,7 @@ namespace { -void print(const Botan::SecureVector& r) +void print(const Botan::secure_vector& r) { for(Botan::u32bit i = 0; i != r.size(); ++i) printf("%02X", r[i]); diff --git a/src/algo_base/buf_comp.h b/src/algo_base/buf_comp.h index 7838571e9..87b57d252 100644 --- a/src/algo_base/buf_comp.h +++ b/src/algo_base/buf_comp.h @@ -34,9 +34,18 @@ class BOTAN_DLL Buffered_Computation /** * Add new input to process. - * @param in the input to process as a MemoryRegion + * @param in the input to process as a secure_vector */ - void update(const MemoryRegion& in) + void update(const secure_vector& in) + { + add_data(&in[0], in.size()); + } + + /** + * Add new input to process. + * @param in the input to process as a std::vector + */ + void update(const std::vector& in) { add_data(&in[0], in.size()); } @@ -82,11 +91,11 @@ class BOTAN_DLL Buffered_Computation /** * Complete the computation and retrieve the * final result. - * @return SecureVector holding the result + * @return secure_vector holding the result */ - SecureVector final() + secure_vector final() { - SecureVector output(output_length()); + secure_vector output(output_length()); final_result(&output[0]); return output; } @@ -98,7 +107,7 @@ class BOTAN_DLL Buffered_Computation * @param length the length of the byte array * @result the result of the call to final() */ - SecureVector process(const byte in[], size_t length) + secure_vector process(const byte in[], size_t length) { add_data(in, length); return final(); @@ -110,7 +119,13 @@ class BOTAN_DLL Buffered_Computation * @param in the input to process * @result the result of the call to final() */ - SecureVector process(const MemoryRegion& in) + secure_vector process(const secure_vector& in) + { + add_data(&in[0], in.size()); + return final(); + } + + secure_vector process(const std::vector& in) { add_data(&in[0], in.size()); return final(); @@ -122,7 +137,7 @@ class BOTAN_DLL Buffered_Computation * @param in the input to process as a string * @result the result of the call to final() */ - SecureVector process(const std::string& in) + secure_vector process(const std::string& in) { update(in); return final(); diff --git a/src/algo_base/symkey.cpp b/src/algo_base/symkey.cpp index 5509b83bc..52b216361 100644 --- a/src/algo_base/symkey.cpp +++ b/src/algo_base/symkey.cpp @@ -40,10 +40,6 @@ OctetString::OctetString(const byte in[], size_t n) bits.assign(in, in + n); } -OctetString::OctetString(const MemoryRegion& b) : bits(b) - { - } - /* * Set the parity of each key byte to odd */ @@ -116,7 +112,7 @@ bool operator!=(const OctetString& s1, const OctetString& s2) */ OctetString operator+(const OctetString& k1, const OctetString& k2) { - SecureVector out; + secure_vector out; out += k1.bits_of(); out += k2.bits_of(); return OctetString(out); @@ -127,9 +123,10 @@ OctetString operator+(const OctetString& k1, const OctetString& k2) */ OctetString operator^(const OctetString& k1, const OctetString& k2) { - SecureVector ret(std::max(k1.length(), k2.length())); + secure_vector ret(std::max(k1.length(), k2.length())); + copy_mem(&ret[0], k1.begin(), k1.length()); - xor_buf(ret, k2.begin(), k2.length()); + xor_buf(&ret[0], k2.begin(), k2.length()); return OctetString(ret); } diff --git a/src/algo_base/symkey.h b/src/algo_base/symkey.h index 2ccc0b883..b47da8a69 100644 --- a/src/algo_base/symkey.h +++ b/src/algo_base/symkey.h @@ -25,9 +25,9 @@ class BOTAN_DLL OctetString size_t length() const { return bits.size(); } /** - * @return this object as a SecureVector + * @return this object as a secure_vector */ - SecureVector bits_of() const { return bits; } + secure_vector bits_of() const { return bits; } /** * @return start of this string @@ -80,9 +80,15 @@ class BOTAN_DLL OctetString * Create a new OctetString * @param in a bytestring */ - OctetString(const MemoryRegion& in); + OctetString(const secure_vector& in) : bits(in) {} + + /** + * Create a new OctetString + * @param in a bytestring + */ + OctetString(const std::vector& in) : bits(&in[0], &in[in.size()]) {} private: - SecureVector bits; + secure_vector bits; }; /** diff --git a/src/alloc/alloc_mmap/info.txt b/src/alloc/alloc_mmap/info.txt deleted file mode 100644 index 562277a37..000000000 --- a/src/alloc/alloc_mmap/info.txt +++ /dev/null @@ -1,28 +0,0 @@ -define ALLOC_MMAP - - -mmap_mem.cpp - - - -mmap_mem.h - - - -linux -freebsd -dragonfly -openbsd -netbsd -solaris -qnx -darwin -tru64 - -# Only without -ansi, otherwise can't get mkstemp -#cygwin - - - -mem_pool - diff --git a/src/alloc/alloc_mmap/mmap_mem.cpp b/src/alloc/alloc_mmap/mmap_mem.cpp deleted file mode 100644 index b90b6d5f7..000000000 --- a/src/alloc/alloc_mmap/mmap_mem.cpp +++ /dev/null @@ -1,145 +0,0 @@ -/* -* Memory Mapping Allocator -* (C) 1999-2010 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#ifndef MAP_FAILED - #define MAP_FAILED -1 -#endif - -namespace Botan { - -namespace { - -/* -* MemoryMapping_Allocator Exception -*/ -class BOTAN_DLL MemoryMapping_Failed : public Exception - { - public: - MemoryMapping_Failed(const std::string& msg) : - Exception("MemoryMapping_Allocator: " + msg) {} - }; - -} - -/* -* Memory Map a File into Memory -*/ -void* MemoryMapping_Allocator::alloc_block(size_t n) - { - class TemporaryFile - { - public: - int get_fd() const { return fd; } - - TemporaryFile(const std::string& base) - { - const std::string mkstemp_template = base + "XXXXXX"; - - std::vector filepath(mkstemp_template.begin(), - mkstemp_template.end()); - filepath.push_back(0); // add terminating NULL - - mode_t old_umask = ::umask(077); - fd = ::mkstemp(&filepath[0]); - ::umask(old_umask); - - if(fd == -1) - throw MemoryMapping_Failed("Temporary file allocation failed"); - - if(::unlink(&filepath[0]) != 0) - throw MemoryMapping_Failed("Could not unlink temporary file"); - } - - ~TemporaryFile() - { - /* - * We can safely close here, because post-mmap the file - * will continue to exist until the mmap is unmapped from - * our address space upon deallocation (or process exit). - */ - if(fd != -1 && ::close(fd) == -1) - throw MemoryMapping_Failed("Could not close file"); - } - private: - int fd; - }; - - TemporaryFile file("/tmp/botan_"); - - if(file.get_fd() == -1) - throw MemoryMapping_Failed("Could not create file"); - - std::vector zeros(4096); - - size_t remaining = n; - - while(remaining) - { - const size_t write_try = std::min(zeros.size(), remaining); - - ssize_t wrote_got = ::write(file.get_fd(), - &zeros[0], - write_try); - - if(wrote_got == -1 && errno != EINTR) - throw MemoryMapping_Failed("Could not write to file"); - - remaining -= wrote_got; - } - -#ifndef MAP_NOSYNC - #define MAP_NOSYNC 0 -#endif - - void* ptr = ::mmap(0, n, - PROT_READ | PROT_WRITE, - MAP_SHARED | MAP_NOSYNC, - file.get_fd(), 0); - - if(ptr == static_cast(MAP_FAILED)) - throw MemoryMapping_Failed("Could not map file"); - - return ptr; - } - -/* -* Remove a Memory Mapping -*/ -void MemoryMapping_Allocator::dealloc_block(void* ptr, size_t n) - { - if(ptr == nullptr) - return; - - const byte PATTERNS[] = { 0x00, 0xF5, 0x5A, 0xAF, 0x00 }; - - // The char* casts are for Solaris, args are void* on most other systems - - for(size_t i = 0; i != sizeof(PATTERNS); ++i) - { - std::memset(ptr, PATTERNS[i], n); - - if(::msync(static_cast(ptr), n, MS_SYNC)) - throw MemoryMapping_Failed("Sync operation failed"); - } - - if(::munmap(static_cast(ptr), n)) - throw MemoryMapping_Failed("Could not unmap file"); - } - -} diff --git a/src/alloc/alloc_mmap/mmap_mem.h b/src/alloc/alloc_mmap/mmap_mem.h deleted file mode 100644 index c9983ed23..000000000 --- a/src/alloc/alloc_mmap/mmap_mem.h +++ /dev/null @@ -1,32 +0,0 @@ -/* -* Memory Mapping Allocator -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_MMAP_ALLOCATOR_H__ -#define BOTAN_MMAP_ALLOCATOR_H__ - -#include - -namespace Botan { - -/** -* Allocator that uses memory maps backed by disk. We zeroize the map -* upon deallocation. If swap occurs, the VM will swap to the shared -* file backing rather than to a swap device, which means we know where -* it is and can zap it later. -*/ -class MemoryMapping_Allocator : public Pooling_Allocator - { - public: - std::string type() const { return "mmap"; } - private: - void* alloc_block(size_t); - void dealloc_block(void*, size_t); - }; - -} - -#endif diff --git a/src/alloc/allocate.h b/src/alloc/allocate.h deleted file mode 100644 index b8574be1e..000000000 --- a/src/alloc/allocate.h +++ /dev/null @@ -1,65 +0,0 @@ -/* -* Allocator -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_ALLOCATOR_H__ -#define BOTAN_ALLOCATOR_H__ - -#include -#include - -namespace Botan { - -/** -* Allocator Interface -*/ -class BOTAN_DLL Allocator - { - public: - /** - * Acquire a pointer to an allocator - * @param locking is true if the allocator should attempt to - * secure the memory (eg for using to store keys) - * @return pointer to an allocator; ownership remains with library, - * so do not delete - */ - static Allocator* get(bool locking); - - /** - * Allocate a block of memory - * @param n how many bytes to allocate - * @return pointer to n bytes of memory - */ - virtual void* allocate(size_t n) = 0; - - /** - * Deallocate memory allocated with allocate() - * @param ptr the pointer returned by allocate() - * @param n the size of the block pointed to by ptr - */ - virtual void deallocate(void* ptr, size_t n) = 0; - - /** - * @return name of this allocator type - */ - virtual std::string type() const = 0; - - /** - * Initialize the allocator - */ - virtual void init() {} - - /** - * Shutdown the allocator - */ - virtual void destroy() {} - - virtual ~Allocator() {} - }; - -} - -#endif diff --git a/src/alloc/info.txt b/src/alloc/info.txt index 40e7bacdf..0ab7fa768 100644 --- a/src/alloc/info.txt +++ b/src/alloc/info.txt @@ -1,4 +1,3 @@ -allocate.h secmem.h diff --git a/src/alloc/mem_pool/info.txt b/src/alloc/mem_pool/info.txt deleted file mode 100644 index f87ea4c4c..000000000 --- a/src/alloc/mem_pool/info.txt +++ /dev/null @@ -1,8 +0,0 @@ - - -mem_pool.cpp - - - -mem_pool.h - diff --git a/src/alloc/mem_pool/mem_pool.cpp b/src/alloc/mem_pool/mem_pool.cpp deleted file mode 100644 index 770622149..000000000 --- a/src/alloc/mem_pool/mem_pool.cpp +++ /dev/null @@ -1,251 +0,0 @@ -/* -* Pooling Allocator -* (C) 1999-2008 Jack Lloyd -* 2005 Matthew Gregan -* 2005-2006 Matt Johnston -* -* Distributed under the terms of the Botan license -*/ - -#include -#include -#include -#include -#include - -namespace Botan { - -/* -* Memory_Block Constructor -*/ -Pooling_Allocator::Memory_Block::Memory_Block(void* buf) - { - buffer = static_cast(buf); - bitmap = 0; - buffer_end = buffer + (BLOCK_SIZE * BITMAP_SIZE); - } - -/* -* See if ptr is contained by this block -*/ -bool Pooling_Allocator::Memory_Block::contains(void* ptr, - size_t length) const - { - return ((buffer <= ptr) && - (buffer_end >= static_cast(ptr) + length * BLOCK_SIZE)); - } - -/* -* Allocate some memory, if possible -*/ -byte* Pooling_Allocator::Memory_Block::alloc(size_t n) - { - if(n == 0 || n > BITMAP_SIZE) - return 0; - - if(n == BITMAP_SIZE) - { - if(bitmap) - return nullptr; - else - { - bitmap = ~bitmap; - return buffer; - } - } - - bitmap_type mask = (static_cast(1) << n) - 1; - size_t offset = 0; - - while(bitmap & mask) - { - mask <<= 1; - ++offset; - - if((bitmap & mask) == 0) - break; - if(mask >> 63) - break; - } - - if(bitmap & mask) - return nullptr; - - bitmap |= mask; - return buffer + offset * BLOCK_SIZE; - } - -/* -* Mark this memory as free, if we own it -*/ -void Pooling_Allocator::Memory_Block::free(void* ptr, size_t blocks) - { - clear_mem(static_cast(ptr), blocks * BLOCK_SIZE); - - const size_t offset = (static_cast(ptr) - buffer) / BLOCK_SIZE; - - if(offset == 0 && blocks == BITMAP_SIZE) - bitmap = ~bitmap; - else - { - for(size_t j = 0; j != blocks; ++j) - bitmap &= ~(static_cast(1) << (j+offset)); - } - } - -/* -* Pooling_Allocator Constructor -*/ -Pooling_Allocator::Pooling_Allocator() - { - last_used = blocks.begin(); - } - -/* -* Pooling_Allocator Destructor -*/ -Pooling_Allocator::~Pooling_Allocator() - { - if(blocks.size()) - throw Invalid_State("Pooling_Allocator: Never released memory"); - } - -/* -* Free all remaining memory -*/ -void Pooling_Allocator::destroy() - { - std::lock_guard lock(mutex); - - blocks.clear(); - - for(size_t j = 0; j != allocated.size(); ++j) - dealloc_block(allocated[j].first, allocated[j].second); - allocated.clear(); - } - -/* -* Allocation -*/ -void* Pooling_Allocator::allocate(size_t n) - { - const size_t BITMAP_SIZE = Memory_Block::bitmap_size(); - const size_t BLOCK_SIZE = Memory_Block::block_size(); - - std::lock_guard lock(mutex); - - if(n <= BITMAP_SIZE * BLOCK_SIZE) - { - const size_t block_no = round_up(n, BLOCK_SIZE) / BLOCK_SIZE; - - byte* mem = allocate_blocks(block_no); - if(mem) - return mem; - - get_more_core(BOTAN_MEM_POOL_CHUNK_SIZE); - - mem = allocate_blocks(block_no); - if(mem) - return mem; - - throw Memory_Exhaustion(); - } - - void* new_buf = alloc_block(n); - if(new_buf) - return new_buf; - - throw Memory_Exhaustion(); - } - -/* -* Deallocation -*/ -void Pooling_Allocator::deallocate(void* ptr, size_t n) - { - const size_t BITMAP_SIZE = Memory_Block::bitmap_size(); - const size_t BLOCK_SIZE = Memory_Block::block_size(); - - if(ptr == nullptr && n == 0) - return; - - std::lock_guard lock(mutex); - - if(n > BITMAP_SIZE * BLOCK_SIZE) - dealloc_block(ptr, n); - else - { - const size_t block_no = round_up(n, BLOCK_SIZE) / BLOCK_SIZE; - - auto i = std::lower_bound(blocks.begin(), blocks.end(), - Memory_Block(ptr)); - - if(i == blocks.end() || !i->contains(ptr, block_no)) - throw Invalid_State("Pointer released to the wrong allocator"); - - i->free(ptr, block_no); - } - } - -/* -* Try to get some memory from an existing block -*/ -byte* Pooling_Allocator::allocate_blocks(size_t n) - { - if(blocks.empty()) - return nullptr; - - auto i = last_used; - - do - { - byte* mem = i->alloc(n); - if(mem) - { - last_used = i; - return mem; - } - - ++i; - if(i == blocks.end()) - i = blocks.begin(); - } - while(i != last_used); - - return nullptr; - } - -/* -* Allocate more memory for the pool -*/ -void Pooling_Allocator::get_more_core(size_t in_bytes) - { - const size_t BITMAP_SIZE = Memory_Block::bitmap_size(); - const size_t BLOCK_SIZE = Memory_Block::block_size(); - - const size_t TOTAL_BLOCK_SIZE = BLOCK_SIZE * BITMAP_SIZE; - - // upper bound on allocation is 1 MiB - in_bytes = std::min(in_bytes, 1024 * 1024); - - const size_t in_blocks = round_up(in_bytes, BLOCK_SIZE) / TOTAL_BLOCK_SIZE; - const size_t to_allocate = in_blocks * TOTAL_BLOCK_SIZE; - - void* ptr = alloc_block(to_allocate); - if(ptr == nullptr) - throw Memory_Exhaustion(); - - allocated.push_back(std::make_pair(ptr, to_allocate)); - - for(size_t j = 0; j != in_blocks; ++j) - { - byte* byte_ptr = static_cast(ptr); - blocks.push_back(Memory_Block(byte_ptr + j * TOTAL_BLOCK_SIZE)); - } - - std::sort(blocks.begin(), blocks.end()); - last_used = std::lower_bound(blocks.begin(), blocks.end(), - Memory_Block(ptr)); - } - -} diff --git a/src/alloc/mem_pool/mem_pool.h b/src/alloc/mem_pool/mem_pool.h deleted file mode 100644 index f2225e573..000000000 --- a/src/alloc/mem_pool/mem_pool.h +++ /dev/null @@ -1,74 +0,0 @@ -/* -* Pooling Allocator -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_POOLING_ALLOCATOR_H__ -#define BOTAN_POOLING_ALLOCATOR_H__ - -#include -#include -#include -#include -#include - -namespace Botan { - -/** -* Pooling Allocator -*/ -class Pooling_Allocator : public Allocator - { - public: - void* allocate(size_t); - void deallocate(void*, size_t); - - void destroy(); - - Pooling_Allocator(); - ~Pooling_Allocator(); - private: - void get_more_core(size_t); - byte* allocate_blocks(size_t); - - virtual void* alloc_block(size_t) = 0; - virtual void dealloc_block(void*, size_t) = 0; - - class Memory_Block - { - public: - Memory_Block(void*); - - static size_t bitmap_size() { return BITMAP_SIZE; } - static size_t block_size() { return BLOCK_SIZE; } - - bool contains(void*, size_t) const; - byte* alloc(size_t); - void free(void*, size_t); - - bool operator<(const Memory_Block& other) const - { - if(buffer < other.buffer && other.buffer < buffer_end) - return false; - return (buffer < other.buffer); - } - private: - typedef u64bit bitmap_type; - static const size_t BITMAP_SIZE = 8 * sizeof(bitmap_type); - static const size_t BLOCK_SIZE = 64; - - bitmap_type bitmap; - byte* buffer, *buffer_end; - }; - - std::vector blocks; - std::vector::iterator last_used; - std::vector > allocated; - std::mutex mutex; - }; - -} - -#endif diff --git a/src/alloc/secmem.h b/src/alloc/secmem.h index e6b2b71ec..7c27c8d3b 100644 --- a/src/alloc/secmem.h +++ b/src/alloc/secmem.h @@ -1,6 +1,6 @@ /* * Secure Memory Buffers -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2007,2012 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -8,362 +8,87 @@ #ifndef BOTAN_SECURE_MEMORY_BUFFERS_H__ #define BOTAN_SECURE_MEMORY_BUFFERS_H__ -#include #include #include +extern void note_alloc(int n); + namespace Botan { -/** -* This class represents variable length memory buffers. -*/ template -class MemoryRegion +class secure_allocator { public: - /** - * Find out the size of the buffer, i.e. how many objects of type T it - * contains. - * @return size of the buffer - */ - size_t size() const { return used; } - - /** - * Find out whether this buffer is empty. - * @return true if the buffer is empty, false otherwise - */ - bool empty() const { return (used == 0); } - - /** - * Get a pointer to the first element in the buffer. - * @return pointer to the first element in the buffer - */ - operator T* () { return buf; } + typedef T value_type; - /** - * Get a constant pointer to the first element in the buffer. - * @return constant pointer to the first element in the buffer - */ - operator const T* () const { return buf; } + typedef T* pointer; + typedef const T* const_pointer; - /** - * Get a pointer to the first element in the buffer. - * @return pointer to the first element in the buffer - */ - T* begin() { return buf; } - - /** - * Get a constant pointer to the first element in the buffer. - * @return constant pointer to the first element in the buffer - */ - const T* begin() const { return buf; } - - /** - * Get a pointer to one past the last element in the buffer. - * @return pointer to one past the last element in the buffer - */ - T* end() { return (buf + size()); } - - /** - * Get a const pointer to one past the last element in the buffer. - * @return const pointer to one past the last element in the buffer - */ - const T* end() const { return (buf + size()); } - - /** - * Check two buffers for equality. - * @return true iff the content of both buffers is byte-wise equal - */ - bool operator==(const MemoryRegion& other) const - { - return (size() == other.size() && - same_mem(buf, other.buf, size())); - } + typedef T& reference; + typedef const T& const_reference; - /** - * Compare two buffers - * @return true iff this is ordered before other - */ - bool operator<(const MemoryRegion& other) const; + typedef std::size_t size_type; + typedef std::ptrdiff_t difference_type; - /** - * Check two buffers for inequality. - * @return false if the content of both buffers is byte-wise equal, true - * otherwise. - */ - bool operator!=(const MemoryRegion& other) const - { return (!(*this == other)); } + secure_allocator() noexcept {} - /** - * Copy the contents of another buffer into this buffer. - * The former contents of *this are discarded. - * @param other the buffer to copy the contents from. - * @return reference to *this - */ - MemoryRegion& operator=(const MemoryRegion& other) - { - if(this != &other) - { - this->resize(other.size()); - this->copy(&other[0], other.size()); - } - return (*this); - } + ~secure_allocator() noexcept {} - /** - * Copy the contents of an array of objects of type T into this buffer. - * The former contents of *this are discarded. - * The length of *this must be at least n, otherwise memory errors occur. - * @param in the array to copy the contents from - * @param n the length of in - */ + pointer address(reference x) const noexcept + { return std::addressof(x); } - void copy(const T in[], size_t n) - { - copy_mem(buf, in, std::min(n, size())); - } + const_pointer address(const_reference x) const noexcept + { return std::addressof(x); } - void assign(const T* start, const T* end) + pointer allocate(size_type n, const void* = 0) { - resize(end - start); - copy_mem(buf, start, (end - start)); + pointer p = new T[n]; + clear_mem(p, n); + note_alloc(sizeof(T)*n); + return p; } - /** - * Append a single element. - * @param x the element to append - */ - void push_back(T x) + void deallocate(pointer p, size_type n) { - resize(size() + 1); - buf[size()-1] = x; + clear_mem(p, n); + delete [] p; + note_alloc(-(int(n)*sizeof(T))); } - /** - * Reset this buffer to an empty buffer with size zero. - */ - void clear() { resize(0); } - - /** - * Inserts or erases elements at the end such that the size - * becomes n, leaving elements in the range 0...n unmodified if - * set or otherwise zero-initialized - * @param n length of the new buffer - */ - void resize(size_t n); - - /** - * Swap this buffer with another object. - */ - void swap(MemoryRegion& other); - - virtual ~MemoryRegion() { deallocate(buf, allocated); } - protected: - MemoryRegion() : buf(0), used(0), allocated(0), alloc(0) {} - - /** - * Copy constructor - * @param other the other region to copy - */ - MemoryRegion(const MemoryRegion& other) : - buf(0), - used(0), - allocated(0), - alloc(other.alloc) + size_type max_size() const noexcept { - resize(other.size()); - copy(&other[0], other.size()); + return static_cast(-1) / sizeof(T); } - /** - * @param locking should we use a locking allocator - * @param length the initial length to use - */ - void init(bool locking, size_t length = 0) - { alloc = Allocator::get(locking); resize(length); } - - private: - T* allocate(size_t n) - { - return static_cast(alloc->allocate(sizeof(T)*n)); - } + template + void + construct(U* p, Args&&... args) + { ::new((void *)p) U(std::forward(args)...); } - void deallocate(T* p, size_t n) - { if(alloc && p && n) alloc->deallocate(p, sizeof(T)*n); } + template void destroy(U* p) { p->~U(); } - T* buf; - size_t used; - size_t allocated; - Allocator* alloc; }; -/* -* Change the size of the buffer -*/ -template -void MemoryRegion::resize(size_t n) - { - if(n <= allocated) - { - size_t zap = std::min(used, n); - clear_mem(buf + zap, allocated - zap); - used = n; - } - else - { - T* new_buf = allocate(n); - copy_mem(new_buf, buf, used); - deallocate(buf, allocated); - buf = new_buf; - allocated = used = n; - } - } - -/* -* Compare this buffer with another one -*/ -template -bool MemoryRegion::operator<(const MemoryRegion& other) const - { - const size_t min_size = std::min(size(), other.size()); +template inline bool +operator==(const secure_allocator&, const secure_allocator&) + { return true; } - // This should probably be rewritten to run in constant time - for(size_t i = 0; i != min_size; ++i) - { - if(buf[i] < other[i]) - return true; - if(buf[i] > other[i]) - return false; - } +template inline bool +operator!=(const secure_allocator&, const secure_allocator&) + { return false; } - // First min_size bytes are equal, shorter is first - return (size() < other.size()); - } +template using secure_vector = std::vector>; -/* -* Swap this buffer with another one -*/ template -void MemoryRegion::swap(MemoryRegion& x) +std::vector unlock(const secure_vector& in) { - std::swap(buf, x.buf); - std::swap(used, x.used); - std::swap(allocated, x.allocated); - std::swap(alloc, x.alloc); + std::vector out(in.size()); + copy_mem(&out[0], &in[0], in.size()); + return out; } -/** -* This class represents variable length buffers that do not -* make use of memory locking. -*/ -template -class MemoryVector : public MemoryRegion - { - public: - /** - * Copy the contents of another buffer into this buffer. - * @param in the buffer to copy the contents from - * @return reference to *this - */ - MemoryVector& operator=(const MemoryRegion& in) - { - if(this != &in) - { - this->resize(in.size()); - this->copy(&in[0], in.size()); - } - return (*this); - } - - /** - * Create a buffer of the specified length. - * @param n the length of the buffer to create. - */ - MemoryVector(size_t n = 0) { this->init(false, n); } - - /** - * Create a buffer with the specified contents. - * @param in the array containing the data to be initially copied - * into the newly created buffer - * @param n the size of the arry in - */ - MemoryVector(const T in[], size_t n) - { - this->init(false); - this->resize(n); - this->copy(in, n); - } - - /** - * Copy constructor. - */ - MemoryVector(const MemoryRegion& in) - { - this->init(false); - this->resize(in.size()); - this->copy(&in[0], in.size()); - } - }; - -/** -* This class represents variable length buffers using the operating -* systems capability to lock memory, i.e. keeping it from being -* swapped out to disk. In this way, a security hole allowing attackers -* to find swapped out secret keys is closed. -*/ -template -class SecureVector : public MemoryRegion - { - public: - /** - * Copy the contents of another buffer into this buffer. - * @param other the buffer to copy the contents from - * @return reference to *this - */ - SecureVector& operator=(const MemoryRegion& other) - { - if(this != &other) - { - this->resize(other.size()); - this->copy(&other[0], other.size()); - } - return (*this); - } - - /** - * Create a buffer of the specified length. - * @param n the length of the buffer to create. - */ - SecureVector(size_t n = 0) { this->init(true, n); } - - /** - * Create a buffer with the specified contents. - * @param in the array containing the data to be initially copied - * into the newly created buffer - * @param n the size of the array in - */ - SecureVector(const T in[], size_t n) - { - this->init(true); - this->resize(n); - this->copy(&in[0], n); - } - - /** - * Create a buffer with contents specified contents. - * @param in the buffer holding the contents that will be - * copied into the newly created buffer. - */ - SecureVector(const MemoryRegion& in) - { - this->init(true); - this->resize(in.size()); - this->copy(&in[0], in.size()); - } - }; - -template -size_t buffer_insert(MemoryRegion& buf, +template +size_t buffer_insert(std::vector& buf, size_t buf_offset, const T input[], size_t input_length) @@ -373,19 +98,20 @@ size_t buffer_insert(MemoryRegion& buf, return to_copy; } -template -size_t buffer_insert(MemoryRegion& buf, +template +size_t buffer_insert(std::vector& buf, size_t buf_offset, - const MemoryRegion& input) + const std::vector& input) { const size_t to_copy = std::min(input.size(), buf.size() - buf_offset); copy_mem(&buf[buf_offset], &input[0], to_copy); return to_copy; } -template -MemoryRegion& operator+=(MemoryRegion& out, - const MemoryRegion& in) +template +std::vector& +operator+=(std::vector& out, + const std::vector& in) { const size_t copy_offset = out.size(); out.resize(out.size() + in.size()); @@ -393,17 +119,16 @@ MemoryRegion& operator+=(MemoryRegion& out, return out; } -template -MemoryRegion& operator+=(MemoryRegion& out, - T in) +template +std::vector& operator+=(std::vector& out, T in) { out.push_back(in); return out; } -template -MemoryRegion& operator+=(MemoryRegion& out, - const std::pair& in) +template +std::vector& operator+=(std::vector& out, + const std::pair& in) { const size_t copy_offset = out.size(); out.resize(out.size() + in.second); @@ -411,9 +136,9 @@ MemoryRegion& operator+=(MemoryRegion& out, return out; } -template -MemoryRegion& operator+=(MemoryRegion& out, - const std::pair& in) +template +std::vector& operator+=(std::vector& out, + const std::pair& in) { const size_t copy_offset = out.size(); out.resize(out.size() + in.second); @@ -425,22 +150,12 @@ MemoryRegion& operator+=(MemoryRegion& out, * Zeroise the values; length remains unchanged * @param vec the vector to zeroise */ -template -void zeroise(MemoryRegion& vec) +template +void zeroise(std::vector& vec) { clear_mem(&vec[0], vec.size()); } } -namespace std { - -template -inline void swap(Botan::MemoryRegion& x, Botan::MemoryRegion& y) - { - x.swap(y); - } - -} - #endif diff --git a/src/alloc/system_alloc/defalloc.cpp b/src/alloc/system_alloc/defalloc.cpp deleted file mode 100644 index 8e178bb14..000000000 --- a/src/alloc/system_alloc/defalloc.cpp +++ /dev/null @@ -1,103 +0,0 @@ -/* -* Basic Allocators -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include -#include -#include -#include -#include - -namespace Botan { - -namespace { - -/* -* Perform Memory Allocation -*/ -void* do_malloc(size_t n, bool do_lock) - { - void* ptr = std::malloc(n); - - if(!ptr) - return 0; - - if(do_lock) - lock_mem(ptr, n); - - std::memset(ptr, 0, n); - return ptr; - } - -/* -* Perform Memory Deallocation -*/ -void do_free(void* ptr, size_t n, bool do_lock) - { - if(!ptr) - return; - - std::memset(ptr, 0, n); - if(do_lock) - unlock_mem(ptr, n); - - std::free(ptr); - } - -} - -/* -* Malloc_Allocator's Allocation -*/ -void* Malloc_Allocator::allocate(size_t n) - { - void* ptr = do_malloc(n, false); - if(!ptr) - throw Memory_Exhaustion(); - return ptr; - } - -/* -* Malloc_Allocator's Deallocation -*/ -void Malloc_Allocator::deallocate(void* ptr, size_t n) - { - do_free(ptr, n, false); - } - -/* -* Locking_Allocator's Allocation -*/ -void* Locking_Allocator::alloc_block(size_t n) - { - return do_malloc(n, true); - } - -/* -* Locking_Allocator's Deallocation -*/ -void Locking_Allocator::dealloc_block(void* ptr, size_t n) - { - do_free(ptr, n, true); - } - -/* -* Get an allocator -*/ -Allocator* Allocator::get(bool locking) - { - std::string type = ""; - if(!locking) - type = "malloc"; - - Allocator* alloc = global_state().get_allocator(type); - if(alloc) - return alloc; - - throw Internal_Error("Couldn't find an allocator to use in get_allocator"); - } - -} diff --git a/src/alloc/system_alloc/defalloc.h b/src/alloc/system_alloc/defalloc.h deleted file mode 100644 index c4b90d081..000000000 --- a/src/alloc/system_alloc/defalloc.h +++ /dev/null @@ -1,41 +0,0 @@ -/* -* Basic Allocators -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_BASIC_ALLOC_H__ -#define BOTAN_BASIC_ALLOC_H__ - -#include - -namespace Botan { - -/** -* Allocator using malloc -*/ -class Malloc_Allocator : public Allocator - { - public: - void* allocate(size_t); - void deallocate(void*, size_t); - - std::string type() const { return "malloc"; } - }; - -/** -* Allocator using malloc plus locking -*/ -class Locking_Allocator : public Pooling_Allocator - { - public: - std::string type() const { return "locking"; } - private: - void* alloc_block(size_t); - void dealloc_block(void*, size_t); - }; - -} - -#endif diff --git a/src/alloc/system_alloc/info.txt b/src/alloc/system_alloc/info.txt deleted file mode 100644 index 87de0cb67..000000000 --- a/src/alloc/system_alloc/info.txt +++ /dev/null @@ -1,13 +0,0 @@ - - -defalloc.cpp - - - -defalloc.h - - - -libstate -mem_pool - diff --git a/src/asn1/alg_id.cpp b/src/asn1/alg_id.cpp index 665e42fb3..c4c6b6e24 100644 --- a/src/asn1/alg_id.cpp +++ b/src/asn1/alg_id.cpp @@ -16,7 +16,7 @@ namespace Botan { * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id, - const MemoryRegion& param) + const std::vector& param) { oid = alg_id; parameters = param; @@ -26,7 +26,7 @@ AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id, * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const std::string& alg_id, - const MemoryRegion& param) + const std::vector& param) { oid = OIDS::lookup(alg_id); parameters = param; diff --git a/src/asn1/alg_id.h b/src/asn1/alg_id.h index 417a71b30..1ec6b62d3 100644 --- a/src/asn1/alg_id.h +++ b/src/asn1/alg_id.h @@ -29,11 +29,11 @@ class BOTAN_DLL AlgorithmIdentifier : public ASN1_Object AlgorithmIdentifier(const OID&, Encoding_Option); AlgorithmIdentifier(const std::string&, Encoding_Option); - AlgorithmIdentifier(const OID&, const MemoryRegion&); - AlgorithmIdentifier(const std::string&, const MemoryRegion&); + AlgorithmIdentifier(const OID&, const std::vector&); + AlgorithmIdentifier(const std::string&, const std::vector&); OID oid; - SecureVector parameters; + std::vector parameters; }; /* diff --git a/src/asn1/asn1_att.cpp b/src/asn1/asn1_att.cpp index c8d771e25..c0adae643 100644 --- a/src/asn1/asn1_att.cpp +++ b/src/asn1/asn1_att.cpp @@ -15,7 +15,7 @@ namespace Botan { /* * Create an Attribute */ -Attribute::Attribute(const OID& attr_oid, const MemoryRegion& attr_value) +Attribute::Attribute(const OID& attr_oid, const std::vector& attr_value) { oid = attr_oid; parameters = attr_value; @@ -25,7 +25,7 @@ Attribute::Attribute(const OID& attr_oid, const MemoryRegion& attr_value) * Create an Attribute */ Attribute::Attribute(const std::string& attr_oid, - const MemoryRegion& attr_value) + const std::vector& attr_value) { oid = OIDS::lookup(attr_oid); parameters = attr_value; diff --git a/src/asn1/asn1_int.cpp b/src/asn1/asn1_int.cpp index bb4a3ecf7..ff8eba54e 100644 --- a/src/asn1/asn1_int.cpp +++ b/src/asn1/asn1_int.cpp @@ -31,13 +31,13 @@ namespace ASN1 { /* * Put some arbitrary bytes into a SEQUENCE */ -SecureVector put_in_sequence(const MemoryRegion& contents) +std::vector put_in_sequence(const std::vector& contents) { return DER_Encoder() .start_cons(SEQUENCE) .raw_bytes(contents) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* diff --git a/src/asn1/asn1_int.h b/src/asn1/asn1_int.h index 25b3cf100..37edc4e3c 100644 --- a/src/asn1/asn1_int.h +++ b/src/asn1/asn1_int.h @@ -80,7 +80,7 @@ class BOTAN_DLL BER_Object void assert_is_a(ASN1_Tag, ASN1_Tag); ASN1_Tag type_tag, class_tag; - SecureVector value; + secure_vector value; }; /* @@ -90,7 +90,7 @@ class DataSource; namespace ASN1 { -SecureVector put_in_sequence(const MemoryRegion& val); +std::vector put_in_sequence(const std::vector& val); std::string to_string(const BER_Object& obj); /** diff --git a/src/asn1/asn1_obj.h b/src/asn1/asn1_obj.h index 3cd8422e6..cee5a18ed 100644 --- a/src/asn1/asn1_obj.h +++ b/src/asn1/asn1_obj.h @@ -29,11 +29,11 @@ class BOTAN_DLL Attribute : public ASN1_Object void decode_from(class BER_Decoder& from); OID oid; - MemoryVector parameters; + std::vector parameters; Attribute() {} - Attribute(const OID&, const MemoryRegion&); - Attribute(const std::string&, const MemoryRegion&); + Attribute(const OID&, const std::vector&); + Attribute(const std::string&, const std::vector&); }; /** diff --git a/src/asn1/asn1_oid.cpp b/src/asn1/asn1_oid.cpp index 750eb90f7..009b1c2fc 100644 --- a/src/asn1/asn1_oid.cpp +++ b/src/asn1/asn1_oid.cpp @@ -129,7 +129,7 @@ void OID::encode_into(DER_Encoder& der) const if(id.size() < 2) throw Invalid_Argument("OID::encode_into: OID is invalid"); - MemoryVector encoding; + std::vector encoding; encoding.push_back(40 * id[0] + id[1]); for(size_t i = 2; i != id.size(); ++i) diff --git a/src/asn1/ber_dec.cpp b/src/asn1/ber_dec.cpp index 3754bb158..ea0a380d4 100644 --- a/src/asn1/ber_dec.cpp +++ b/src/asn1/ber_dec.cpp @@ -99,7 +99,7 @@ size_t decode_length(DataSource* ber) */ size_t find_eoc(DataSource* ber) { - SecureVector buffer(DEFAULT_BUFFERSIZE), data; + secure_vector buffer(DEFAULT_BUFFERSIZE), data; while(true) { @@ -171,7 +171,16 @@ BER_Decoder& BER_Decoder::verify_end() /* * Save all the bytes remaining in the source */ -BER_Decoder& BER_Decoder::raw_bytes(MemoryRegion& out) +BER_Decoder& BER_Decoder::raw_bytes(secure_vector& out) + { + out.clear(); + byte buf; + while(source->read_byte(buf)) + out.push_back(buf); + return (*this); + } + +BER_Decoder& BER_Decoder::raw_bytes(std::vector& out) { out.clear(); byte buf; @@ -212,7 +221,10 @@ BER_Object BER_Decoder::get_next_object() size_t length = decode_length(source); next.value.resize(length); if(source->read(&next.value[0], length) != length) + { + abort(); throw BER_Decoding_Error("Value truncated"); + } if(next.type_tag == EOC && next.class_tag == UNIVERSAL) return get_next_object(); @@ -281,7 +293,7 @@ BER_Decoder::BER_Decoder(const byte data[], size_t length) /* * BER_Decoder Constructor */ -BER_Decoder::BER_Decoder(const MemoryRegion& data) +BER_Decoder::BER_Decoder(const secure_vector& data) { source = new DataSource_Memory(data); owns = true; @@ -289,6 +301,17 @@ BER_Decoder::BER_Decoder(const MemoryRegion& data) parent = 0; } +/* +* BER_Decoder Constructor +*/ +BER_Decoder::BER_Decoder(const std::vector& data) + { + source = new DataSource_Memory(&data[0], data.size()); + owns = true; + pushed.type_tag = pushed.class_tag = NO_OBJECT; + parent = 0; + } + /* * BER_Decoder Copy Constructor */ @@ -362,7 +385,7 @@ BER_Decoder& BER_Decoder::decode(BigInt& out) BER_Decoder& BER_Decoder::decode_octet_string_bigint(BigInt& out) { - SecureVector out_vec; + secure_vector out_vec; decode(out_vec, OCTET_STRING); out = BigInt::decode(&out_vec[0], out_vec.size()); return (*this); @@ -462,7 +485,15 @@ BER_Decoder& BER_Decoder::decode(BigInt& out, /* * BER decode a BIT STRING or OCTET STRING */ -BER_Decoder& BER_Decoder::decode(MemoryRegion& out, ASN1_Tag real_type) +BER_Decoder& BER_Decoder::decode(secure_vector& out, ASN1_Tag real_type) + { + return decode(out, real_type, real_type, UNIVERSAL); + } + +/* +* BER decode a BIT STRING or OCTET STRING +*/ +BER_Decoder& BER_Decoder::decode(std::vector& out, ASN1_Tag real_type) { return decode(out, real_type, real_type, UNIVERSAL); } @@ -470,7 +501,7 @@ BER_Decoder& BER_Decoder::decode(MemoryRegion& out, ASN1_Tag real_type) /* * BER decode a BIT STRING or OCTET STRING */ -BER_Decoder& BER_Decoder::decode(MemoryRegion& buffer, +BER_Decoder& BER_Decoder::decode(secure_vector& buffer, ASN1_Tag real_type, ASN1_Tag type_tag, ASN1_Tag class_tag) { @@ -493,10 +524,50 @@ BER_Decoder& BER_Decoder::decode(MemoryRegion& buffer, return (*this); } +BER_Decoder& BER_Decoder::decode(std::vector& buffer, + ASN1_Tag real_type, + ASN1_Tag type_tag, ASN1_Tag class_tag) + { + if(real_type != OCTET_STRING && real_type != BIT_STRING) + throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type); + + BER_Object obj = get_next_object(); + obj.assert_is_a(type_tag, class_tag); + + if(real_type == OCTET_STRING) + buffer = unlock(obj.value); + else + { + if(obj.value[0] >= 8) + throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); + + buffer.resize(obj.value.size() - 1); + copy_mem(&buffer[0], &obj.value[1], obj.value.size() - 1); + } + return (*this); + } + /* * Decode an OPTIONAL string type */ -BER_Decoder& BER_Decoder::decode_optional_string(MemoryRegion& out, +BER_Decoder& BER_Decoder::decode_optional_string(secure_vector& out, + ASN1_Tag real_type, + u16bit type_no) + { + BER_Object obj = get_next_object(); + + ASN1_Tag type_tag = static_cast(type_no); + + out.clear(); + push_back(obj); + + if(obj.type_tag == type_tag && obj.class_tag == CONTEXT_SPECIFIC) + decode(out, real_type, type_tag, CONTEXT_SPECIFIC); + + return (*this); + } + +BER_Decoder& BER_Decoder::decode_optional_string(std::vector& out, ASN1_Tag real_type, u16bit type_no) { diff --git a/src/asn1/ber_dec.h b/src/asn1/ber_dec.h index 87039ed93..6b010fcc4 100644 --- a/src/asn1/ber_dec.h +++ b/src/asn1/ber_dec.h @@ -29,13 +29,15 @@ class BOTAN_DLL BER_Decoder BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag = UNIVERSAL); BER_Decoder& end_cons(); - BER_Decoder& raw_bytes(MemoryRegion& v); + BER_Decoder& raw_bytes(secure_vector& v); + BER_Decoder& raw_bytes(std::vector& v); BER_Decoder& decode_null(); BER_Decoder& decode(bool& v); BER_Decoder& decode(size_t& v); BER_Decoder& decode(class BigInt& v); - BER_Decoder& decode(MemoryRegion& v, ASN1_Tag type_tag); + BER_Decoder& decode(std::vector& v, ASN1_Tag type_tag); + BER_Decoder& decode(secure_vector& v, ASN1_Tag type_tag); BER_Decoder& decode(bool& v, ASN1_Tag type_tag, @@ -49,7 +51,12 @@ class BOTAN_DLL BER_Decoder ASN1_Tag type_tag, ASN1_Tag class_tag = CONTEXT_SPECIFIC); - BER_Decoder& decode(MemoryRegion& v, + BER_Decoder& decode(std::vector& v, + ASN1_Tag real_type, + ASN1_Tag type_tag, + ASN1_Tag class_tag = CONTEXT_SPECIFIC); + + BER_Decoder& decode(secure_vector& v, ASN1_Tag real_type, ASN1_Tag type_tag, ASN1_Tag class_tag = CONTEXT_SPECIFIC); @@ -99,15 +106,24 @@ class BOTAN_DLL BER_Decoder return (*this); } - BER_Decoder& decode_optional_string(MemoryRegion& out, + BER_Decoder& decode_optional_string(std::vector& out, + ASN1_Tag real_type, + u16bit type_no); + + BER_Decoder& decode_optional_string(secure_vector& out, ASN1_Tag real_type, u16bit type_no); BER_Decoder& operator=(const BER_Decoder&) = delete; BER_Decoder(DataSource&); + BER_Decoder(const byte[], size_t); - BER_Decoder(const MemoryRegion&); + + BER_Decoder(const secure_vector&); + + BER_Decoder(const std::vector& vec); + BER_Decoder(const BER_Decoder&); ~BER_Decoder(); private: diff --git a/src/asn1/der_enc.cpp b/src/asn1/der_enc.cpp index d19e434f0..ea9dfe9f8 100644 --- a/src/asn1/der_enc.cpp +++ b/src/asn1/der_enc.cpp @@ -20,13 +20,13 @@ namespace { /* * DER encode an ASN.1 type tag */ -SecureVector encode_tag(ASN1_Tag type_tag, ASN1_Tag class_tag) +secure_vector encode_tag(ASN1_Tag type_tag, ASN1_Tag class_tag) { if((class_tag | 0xE0) != 0xE0) throw Encoding_Error("DER_Encoder: Invalid class tag " + std::to_string(class_tag)); - SecureVector encoded_tag; + secure_vector encoded_tag; if(type_tag <= 30) encoded_tag.push_back(static_cast(type_tag | class_tag)); else @@ -46,9 +46,9 @@ SecureVector encode_tag(ASN1_Tag type_tag, ASN1_Tag class_tag) /* * DER encode an ASN.1 length field */ -SecureVector encode_length(size_t length) +secure_vector encode_length(size_t length) { - SecureVector encoded_length; + secure_vector encoded_length; if(length <= 127) encoded_length.push_back(static_cast(length)); else @@ -68,7 +68,7 @@ SecureVector encode_length(size_t length) /* * Return the encoded SEQUENCE/SET */ -SecureVector DER_Encoder::DER_Sequence::get_contents() +secure_vector DER_Encoder::DER_Sequence::get_contents() { const ASN1_Tag real_class_tag = ASN1_Tag(class_tag | CONSTRUCTED); @@ -80,7 +80,7 @@ SecureVector DER_Encoder::DER_Sequence::get_contents() set_contents.clear(); } - SecureVector result; + secure_vector result; result += encode_tag(type_tag, real_class_tag); result += encode_length(contents.size()); result += contents; @@ -95,7 +95,7 @@ SecureVector DER_Encoder::DER_Sequence::get_contents() void DER_Encoder::DER_Sequence::add_bytes(const byte data[], size_t length) { if(type_tag == SET) - set_contents.push_back(SecureVector(data, length)); + set_contents.push_back(secure_vector(data, data + length)); else contents += std::make_pair(data, length); } @@ -119,12 +119,12 @@ DER_Encoder::DER_Sequence::DER_Sequence(ASN1_Tag t1, ASN1_Tag t2) : /* * Return the encoded contents */ -SecureVector DER_Encoder::get_contents() +secure_vector DER_Encoder::get_contents() { if(subsequences.size() != 0) throw Invalid_State("DER_Encoder: Sequence hasn't been marked done"); - SecureVector output; + secure_vector output; std::swap(output, contents); return output; } @@ -147,7 +147,7 @@ DER_Encoder& DER_Encoder::end_cons() if(subsequences.empty()) throw Invalid_State("DER_Encoder::end_cons: No such sequence"); - SecureVector seq = subsequences[subsequences.size()-1].get_contents(); + secure_vector seq = subsequences[subsequences.size()-1].get_contents(); subsequences.pop_back(); raw_bytes(seq); return (*this); @@ -177,7 +177,12 @@ DER_Encoder& DER_Encoder::end_explicit() /* * Write raw bytes into the stream */ -DER_Encoder& DER_Encoder::raw_bytes(const MemoryRegion& val) +DER_Encoder& DER_Encoder::raw_bytes(const secure_vector& val) + { + return raw_bytes(&val[0], val.size()); + } + +DER_Encoder& DER_Encoder::raw_bytes(const std::vector& val) { return raw_bytes(&val[0], val.size()); } @@ -230,7 +235,17 @@ DER_Encoder& DER_Encoder::encode(const BigInt& n) /* * DER encode an OCTET STRING or BIT STRING */ -DER_Encoder& DER_Encoder::encode(const MemoryRegion& bytes, +DER_Encoder& DER_Encoder::encode(const secure_vector& bytes, + ASN1_Tag real_type) + { + return encode(&bytes[0], bytes.size(), + real_type, real_type, UNIVERSAL); + } + +/* +* DER encode an OCTET STRING or BIT STRING +*/ +DER_Encoder& DER_Encoder::encode(const std::vector& bytes, ASN1_Tag real_type) { return encode(&bytes[0], bytes.size(), @@ -275,7 +290,7 @@ DER_Encoder& DER_Encoder::encode(const BigInt& n, return add_object(type_tag, class_tag, 0); bool extra_zero = (n.bits() % 8 == 0); - SecureVector contents(extra_zero + n.bytes()); + secure_vector contents(extra_zero + n.bytes()); BigInt::encode(&contents[extra_zero], n); if(n < 0) { @@ -292,7 +307,18 @@ DER_Encoder& DER_Encoder::encode(const BigInt& n, /* * DER encode an OCTET STRING or BIT STRING */ -DER_Encoder& DER_Encoder::encode(const MemoryRegion& bytes, +DER_Encoder& DER_Encoder::encode(const secure_vector& bytes, + ASN1_Tag real_type, + ASN1_Tag type_tag, ASN1_Tag class_tag) + { + return encode(&bytes[0], bytes.size(), + real_type, type_tag, class_tag); + } + +/* +* DER encode an OCTET STRING or BIT STRING +*/ +DER_Encoder& DER_Encoder::encode(const std::vector& bytes, ASN1_Tag real_type, ASN1_Tag type_tag, ASN1_Tag class_tag) { @@ -312,7 +338,7 @@ DER_Encoder& DER_Encoder::encode(const byte bytes[], size_t length, if(real_type == BIT_STRING) { - SecureVector encoded; + secure_vector encoded; encoded.push_back(0); encoded += std::make_pair(bytes, length); return add_object(type_tag, class_tag, encoded); @@ -346,7 +372,7 @@ DER_Encoder& DER_Encoder::encode(const ASN1_Object& obj) DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, const byte rep[], size_t length) { - SecureVector buffer; + secure_vector buffer; buffer += encode_tag(type_tag, class_tag); buffer += encode_length(length); buffer += std::make_pair(rep, length); @@ -354,17 +380,6 @@ DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, return raw_bytes(buffer); } -/* -* Write the encoding of the byte(s) -*/ -DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, - const MemoryRegion& rep_buf) - { - const byte* rep = &rep_buf[0]; - const size_t rep_len = rep_buf.size(); - return add_object(type_tag, class_tag, rep, rep_len); - } - /* * Write the encoding of the byte(s) */ diff --git a/src/asn1/der_enc.h b/src/asn1/der_enc.h index 183e43b80..adab02247 100644 --- a/src/asn1/der_enc.h +++ b/src/asn1/der_enc.h @@ -22,7 +22,10 @@ class ASN1_Object; class BOTAN_DLL DER_Encoder { public: - SecureVector get_contents(); + secure_vector get_contents(); + + std::vector get_contents_unlocked() + { return unlock(get_contents()); } DER_Encoder& start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag = UNIVERSAL); @@ -32,13 +35,15 @@ class BOTAN_DLL DER_Encoder DER_Encoder& end_explicit(); DER_Encoder& raw_bytes(const byte val[], size_t len); - DER_Encoder& raw_bytes(const MemoryRegion& val); + DER_Encoder& raw_bytes(const secure_vector& val); + DER_Encoder& raw_bytes(const std::vector& val); DER_Encoder& encode_null(); DER_Encoder& encode(bool b); DER_Encoder& encode(size_t s); DER_Encoder& encode(const BigInt& n); - DER_Encoder& encode(const MemoryRegion& v, ASN1_Tag real_type); + DER_Encoder& encode(const secure_vector& v, ASN1_Tag real_type); + DER_Encoder& encode(const std::vector& v, ASN1_Tag real_type); DER_Encoder& encode(const byte val[], size_t len, ASN1_Tag real_type); DER_Encoder& encode(bool b, @@ -53,7 +58,12 @@ class BOTAN_DLL DER_Encoder ASN1_Tag type_tag, ASN1_Tag class_tag = CONTEXT_SPECIFIC); - DER_Encoder& encode(const MemoryRegion& v, + DER_Encoder& encode(const std::vector& v, + ASN1_Tag real_type, + ASN1_Tag type_tag, + ASN1_Tag class_tag = CONTEXT_SPECIFIC); + + DER_Encoder& encode(const secure_vector& v, ASN1_Tag real_type, ASN1_Tag type_tag, ASN1_Tag class_tag = CONTEXT_SPECIFIC); @@ -86,7 +96,16 @@ class BOTAN_DLL DER_Encoder const byte rep[], size_t length); DER_Encoder& add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, - const MemoryRegion& rep); + const std::vector& rep) + { + return add_object(type_tag, class_tag, &rep[0], rep.size()); + } + + DER_Encoder& add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, + const secure_vector& rep) + { + return add_object(type_tag, class_tag, &rep[0], rep.size()); + } DER_Encoder& add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, const std::string& str); @@ -99,16 +118,16 @@ class BOTAN_DLL DER_Encoder { public: ASN1_Tag tag_of() const; - SecureVector get_contents(); + secure_vector get_contents(); void add_bytes(const byte[], size_t); DER_Sequence(ASN1_Tag, ASN1_Tag); private: ASN1_Tag type_tag, class_tag; - SecureVector contents; - std::vector< SecureVector > set_contents; + secure_vector contents; + std::vector< secure_vector > set_contents; }; - SecureVector contents; + secure_vector contents; std::vector subsequences; }; diff --git a/src/asn1/x509_dn.cpp b/src/asn1/x509_dn.cpp index 984645cfe..8504bed16 100644 --- a/src/asn1/x509_dn.cpp +++ b/src/asn1/x509_dn.cpp @@ -106,7 +106,7 @@ std::vector X509_DN::get_attribute(const std::string& attr) const /* * Return the BER encoded data, if any */ -MemoryVector X509_DN::get_bits() const +std::vector X509_DN::get_bits() const { return dn_bits; } @@ -247,7 +247,7 @@ void X509_DN::encode_into(DER_Encoder& der) const */ void X509_DN::decode_from(BER_Decoder& source) { - MemoryVector bits; + std::vector bits; source.start_cons(SEQUENCE) .raw_bytes(bits) diff --git a/src/asn1/x509_dn.h b/src/asn1/x509_dn.h index 3f63eb49c..a7b2b24d3 100644 --- a/src/asn1/x509_dn.h +++ b/src/asn1/x509_dn.h @@ -34,14 +34,14 @@ class BOTAN_DLL X509_DN : public ASN1_Object static std::string deref_info_field(const std::string&); - MemoryVector get_bits() const; + std::vector get_bits() const; X509_DN(); X509_DN(const std::multimap&); X509_DN(const std::multimap&); private: std::multimap dn_info; - MemoryVector dn_bits; + std::vector dn_bits; }; bool BOTAN_DLL operator==(const X509_DN&, const X509_DN&); diff --git a/src/block/aes/aes.cpp b/src/block/aes/aes.cpp index 5f47762a8..42db7abae 100644 --- a/src/block/aes/aes.cpp +++ b/src/block/aes/aes.cpp @@ -414,8 +414,8 @@ const u32bit TD[1024] = { */ void aes_encrypt_n(const byte in[], byte out[], size_t blocks, - const MemoryRegion& EK, - const MemoryRegion& ME) + const secure_vector& EK, + const secure_vector& ME) { const size_t BLOCK_SIZE = 16; @@ -525,8 +525,8 @@ void aes_encrypt_n(const byte in[], byte out[], * AES Decryption */ void aes_decrypt_n(const byte in[], byte out[], size_t blocks, - const MemoryRegion& DK, - const MemoryRegion& MD) + const secure_vector& DK, + const secure_vector& MD) { const size_t BLOCK_SIZE = 16; @@ -606,10 +606,10 @@ void aes_decrypt_n(const byte in[], byte out[], size_t blocks, } void aes_key_schedule(const byte key[], size_t length, - MemoryRegion& EK, - MemoryRegion& DK, - MemoryRegion& ME, - MemoryRegion& MD) + secure_vector& EK, + secure_vector& DK, + secure_vector& ME, + secure_vector& MD) { static const u32bit RC[10] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, @@ -617,7 +617,7 @@ void aes_key_schedule(const byte key[], size_t length, const size_t rounds = (length / 4) + 6; - SecureVector XEK(length + 32), XDK(length + 32); + secure_vector XEK(length + 32), XDK(length + 32); const size_t X = length / 4; for(size_t i = 0; i != X; ++i) diff --git a/src/block/aes/aes.h b/src/block/aes/aes.h index a165f83b5..f6f683bf9 100644 --- a/src/block/aes/aes.h +++ b/src/block/aes/aes.h @@ -30,8 +30,8 @@ class BOTAN_DLL AES_128 : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte key[], size_t length); - SecureVector EK, DK; - SecureVector ME, MD; + secure_vector EK, DK; + secure_vector ME, MD; }; /** @@ -52,8 +52,8 @@ class BOTAN_DLL AES_192 : public Block_Cipher_Fixed_Params<16, 24> private: void key_schedule(const byte key[], size_t length); - SecureVector EK, DK; - SecureVector ME, MD; + secure_vector EK, DK; + secure_vector ME, MD; }; /** @@ -74,8 +74,8 @@ class BOTAN_DLL AES_256 : public Block_Cipher_Fixed_Params<16, 32> private: void key_schedule(const byte key[], size_t length); - SecureVector EK, DK; - SecureVector ME, MD; + secure_vector EK, DK; + secure_vector ME, MD; }; } diff --git a/src/block/aes_ni/aes_ni.h b/src/block/aes_ni/aes_ni.h index ae9e5b3f4..4844b7fe8 100644 --- a/src/block/aes_ni/aes_ni.h +++ b/src/block/aes_ni/aes_ni.h @@ -31,7 +31,7 @@ class BOTAN_DLL AES_128_NI : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; /** @@ -53,7 +53,7 @@ class BOTAN_DLL AES_192_NI : public Block_Cipher_Fixed_Params<16, 24> private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; /** @@ -75,7 +75,7 @@ class BOTAN_DLL AES_256_NI : public Block_Cipher_Fixed_Params<16, 32> private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; } diff --git a/src/block/aes_ssse3/aes_ssse3.h b/src/block/aes_ssse3/aes_ssse3.h index 686b7999f..3d7c16f42 100644 --- a/src/block/aes_ssse3/aes_ssse3.h +++ b/src/block/aes_ssse3/aes_ssse3.h @@ -29,7 +29,7 @@ class BOTAN_DLL AES_128_SSSE3 : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; /** @@ -49,7 +49,7 @@ class BOTAN_DLL AES_192_SSSE3 : public Block_Cipher_Fixed_Params<16, 24> private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; /** @@ -69,7 +69,7 @@ class BOTAN_DLL AES_256_SSSE3 : public Block_Cipher_Fixed_Params<16, 32> private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; } diff --git a/src/block/block_cipher.h b/src/block/block_cipher.h index 8e820fc5a..4a07bb048 100644 --- a/src/block/block_cipher.h +++ b/src/block/block_cipher.h @@ -73,6 +73,50 @@ class BOTAN_DLL BlockCipher : public SymmetricAlgorithm */ void decrypt(byte block[]) const { decrypt_n(block, block, 1); } + /** + * Encrypt one or more blocks + * @param block the input/output buffer (multiple of block_size()) + */ + template + void encrypt(std::vector& block) const + { + return encrypt_n(&block[0], &block[0], block.size() / block_size()); + } + + /** + * Decrypt one or more blocks + * @param block the input/output buffer (multiple of block_size()) + */ + template + void decrypt(std::vector& block) const + { + return decrypt_n(&block[0], &block[0], block.size() / block_size()); + } + + /** + * Encrypt one or more blocks + * @param in the input buffer (multiple of block_size()) + * @param out the output buffer (same size as in) + */ + template + void encrypt(const std::vector& in, + std::vector& out) const + { + return encrypt_n(&in[0], &out[0], in.size() / block_size()); + } + + /** + * Decrypt one or more blocks + * @param in the input buffer (multiple of block_size()) + * @param out the output buffer (same size as in) + */ + template + void decrypt(const std::vector& in, + std::vector& out) const + { + return decrypt_n(&in[0], &out[0], in.size() / block_size()); + } + /** * Encrypt one or more blocks * @param in the input buffer (multiple of block_size()) diff --git a/src/block/blowfish/blowfish.cpp b/src/block/blowfish/blowfish.cpp index b6319eec0..9f5ac1724 100644 --- a/src/block/blowfish/blowfish.cpp +++ b/src/block/blowfish/blowfish.cpp @@ -143,7 +143,7 @@ void Blowfish::eks_key_schedule(const byte key[], size_t length, /* * Generate one of the Sboxes */ -void Blowfish::generate_sbox(MemoryRegion& box, +void Blowfish::generate_sbox(secure_vector& box, u32bit& L, u32bit& R, const byte salt[16], size_t salt_off) const diff --git a/src/block/blowfish/blowfish.h b/src/block/blowfish/blowfish.h index 13706d21e..5bec4b231 100644 --- a/src/block/blowfish/blowfish.h +++ b/src/block/blowfish/blowfish.h @@ -39,7 +39,7 @@ class BOTAN_DLL Blowfish : public Block_Cipher_Fixed_Params<8, 1, 56> size_t key_length, const byte salt[16]); - void generate_sbox(MemoryRegion& box, + void generate_sbox(secure_vector& box, u32bit& L, u32bit& R, const byte salt[16], size_t salt_off) const; @@ -47,8 +47,8 @@ class BOTAN_DLL Blowfish : public Block_Cipher_Fixed_Params<8, 1, 56> static const u32bit P_INIT[18]; static const u32bit S_INIT[1024]; - SecureVector S; - SecureVector P; + secure_vector S; + secure_vector P; }; } diff --git a/src/block/camellia/camellia.cpp b/src/block/camellia/camellia.cpp index 7b85b1aca..bea5d4c51 100644 --- a/src/block/camellia/camellia.cpp +++ b/src/block/camellia/camellia.cpp @@ -116,7 +116,7 @@ inline u64bit FLINV(u64bit v, u64bit K) * Camellia Encryption */ void encrypt(const byte in[], byte out[], size_t blocks, - const SecureVector& SK, const size_t rounds) + const secure_vector& SK, const size_t rounds) { for(size_t i = 0; i != blocks; ++i) { @@ -160,7 +160,7 @@ void encrypt(const byte in[], byte out[], size_t blocks, * Camellia Decryption */ void decrypt(const byte in[], byte out[], size_t blocks, - const SecureVector& SK, const size_t rounds) + const secure_vector& SK, const size_t rounds) { for(size_t i = 0; i != blocks; ++i) { @@ -213,7 +213,7 @@ u64bit left_rot_lo(u64bit h, u64bit l, size_t shift) /* * Camellia Key Schedule */ -void key_schedule(SecureVector& SK, const byte key[], size_t length) +void key_schedule(secure_vector& SK, const byte key[], size_t length) { const u64bit Sigma1 = 0xA09E667F3BCC908B; const u64bit Sigma2 = 0xB67AE8584CAA73B2; diff --git a/src/block/camellia/camellia.h b/src/block/camellia/camellia.h index 9ce305983..4db115f2c 100644 --- a/src/block/camellia/camellia.h +++ b/src/block/camellia/camellia.h @@ -27,7 +27,7 @@ class BOTAN_DLL Camellia_128 : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte key[], size_t length); - SecureVector SK; + secure_vector SK; }; /** @@ -45,7 +45,7 @@ class BOTAN_DLL Camellia_192 : public Block_Cipher_Fixed_Params<16, 24> private: void key_schedule(const byte key[], size_t length); - SecureVector SK; + secure_vector SK; }; /** @@ -63,7 +63,7 @@ class BOTAN_DLL Camellia_256 : public Block_Cipher_Fixed_Params<16, 32> private: void key_schedule(const byte key[], size_t length); - SecureVector SK; + secure_vector SK; }; } diff --git a/src/block/cast/cast128.cpp b/src/block/cast/cast128.cpp index 24469e025..8fae4040d 100644 --- a/src/block/cast/cast128.cpp +++ b/src/block/cast/cast128.cpp @@ -119,7 +119,7 @@ void CAST_128::decrypt_n(const byte in[], byte out[], size_t blocks) const void CAST_128::key_schedule(const byte key[], size_t length) { clear(); - SecureVector X(4); + secure_vector X(4); for(size_t j = 0; j != length; ++j) X[j/4] = (X[j/4] << 8) + key[j]; @@ -133,8 +133,8 @@ void CAST_128::key_schedule(const byte key[], size_t length) /* * S-Box Based Key Expansion */ -void CAST_128::cast_ks(MemoryRegion& K, - MemoryRegion& X) +void CAST_128::cast_ks(secure_vector& K, + secure_vector& X) { class ByteReader { @@ -145,7 +145,7 @@ void CAST_128::cast_ks(MemoryRegion& K, const u32bit* X; }; - SecureVector Z(4); + secure_vector Z(4); ByteReader x(&X[0]), z(&Z[0]); Z[0] = X[0] ^ S5[x(13)] ^ S6[x(15)] ^ S7[x(12)] ^ S8[x(14)] ^ S7[x( 8)]; diff --git a/src/block/cast/cast128.h b/src/block/cast/cast128.h index 10c646c94..15efc8132 100644 --- a/src/block/cast/cast128.h +++ b/src/block/cast/cast128.h @@ -29,15 +29,15 @@ class BOTAN_DLL CAST_128 : public Block_Cipher_Fixed_Params<8, 11, 16> private: void key_schedule(const byte[], size_t); - static void cast_ks(MemoryRegion& ks, - MemoryRegion& user_key); + static void cast_ks(secure_vector& ks, + secure_vector& user_key); static const u32bit S5[256]; static const u32bit S6[256]; static const u32bit S7[256]; static const u32bit S8[256]; - SecureVector MK, RK; + secure_vector MK, RK; }; extern const u32bit CAST_SBOX1[256]; diff --git a/src/block/cast/cast256.cpp b/src/block/cast/cast256.cpp index 8be0a8dd6..00e0fbd30 100644 --- a/src/block/cast/cast256.cpp +++ b/src/block/cast/cast256.cpp @@ -138,7 +138,7 @@ void CAST_256::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void CAST_256::key_schedule(const byte key[], size_t length) { - SecureVector K(8); + secure_vector K(8); for(size_t j = 0; j != length; ++j) K[j/4] = (K[j/4] << 8) + key[j]; diff --git a/src/block/cast/cast256.h b/src/block/cast/cast256.h index 2f2beef47..11c5117a3 100644 --- a/src/block/cast/cast256.h +++ b/src/block/cast/cast256.h @@ -32,8 +32,8 @@ class BOTAN_DLL CAST_256 : public Block_Cipher_Fixed_Params<16, 4, 32, 4> static const u32bit KEY_MASK[192]; static const byte KEY_ROT[32]; - SecureVector MK; - SecureVector RK; + secure_vector MK; + secure_vector RK; }; extern const u32bit CAST_SBOX1[256]; diff --git a/src/block/des/des.h b/src/block/des/des.h index db5a375e0..711efb16d 100644 --- a/src/block/des/des.h +++ b/src/block/des/des.h @@ -29,7 +29,7 @@ class BOTAN_DLL DES : public Block_Cipher_Fixed_Params<8, 8> private: void key_schedule(const byte[], size_t); - SecureVector round_key; + secure_vector round_key; }; /** @@ -49,7 +49,7 @@ class BOTAN_DLL TripleDES : public Block_Cipher_Fixed_Params<8, 16, 24, 8> private: void key_schedule(const byte[], size_t); - SecureVector round_key; + secure_vector round_key; }; /* diff --git a/src/block/des/desx.h b/src/block/des/desx.h index 993eca86b..1fe8b000c 100644 --- a/src/block/des/desx.h +++ b/src/block/des/desx.h @@ -28,7 +28,7 @@ class BOTAN_DLL DESX : public Block_Cipher_Fixed_Params<8, 24> DESX() : K1(8), K2(8) {} private: void key_schedule(const byte[], size_t); - SecureVector K1, K2; + secure_vector K1, K2; DES des; }; diff --git a/src/block/gost_28147/gost_28147.h b/src/block/gost_28147/gost_28147.h index bc26da774..a4a13b827 100644 --- a/src/block/gost_28147/gost_28147.h +++ b/src/block/gost_28147/gost_28147.h @@ -65,13 +65,13 @@ class BOTAN_DLL GOST_28147_89 : public Block_Cipher_Fixed_Params<8, 32> */ GOST_28147_89(const GOST_28147_89_Params& params); private: - GOST_28147_89(const SecureVector& other_SBOX) : + GOST_28147_89(const secure_vector& other_SBOX) : SBOX(other_SBOX), EK(8) {} void key_schedule(const byte[], size_t); - SecureVector SBOX; - SecureVector EK; + secure_vector SBOX; + secure_vector EK; }; } diff --git a/src/block/idea/idea.h b/src/block/idea/idea.h index 42fa60c47..f3f0ce1bc 100644 --- a/src/block/idea/idea.h +++ b/src/block/idea/idea.h @@ -30,16 +30,16 @@ class BOTAN_DLL IDEA : public Block_Cipher_Fixed_Params<8, 16> /** * @return const reference to encryption subkeys */ - const SecureVector& get_EK() const { return EK; } + const secure_vector& get_EK() const { return EK; } /** * @return const reference to decryption subkeys */ - const SecureVector& get_DK() const { return DK; } + const secure_vector& get_DK() const { return DK; } private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; } diff --git a/src/block/kasumi/kasumi.cpp b/src/block/kasumi/kasumi.cpp index a57c0396a..d3894789d 100644 --- a/src/block/kasumi/kasumi.cpp +++ b/src/block/kasumi/kasumi.cpp @@ -204,7 +204,7 @@ void KASUMI::key_schedule(const byte key[], size_t) static const u16bit RC[] = { 0x0123, 0x4567, 0x89AB, 0xCDEF, 0xFEDC, 0xBA98, 0x7654, 0x3210 }; - SecureVector K(16); + secure_vector K(16); for(size_t i = 0; i != 8; ++i) { K[i] = load_be(key, i); diff --git a/src/block/kasumi/kasumi.h b/src/block/kasumi/kasumi.h index 7871aa170..f3dd7e0c7 100644 --- a/src/block/kasumi/kasumi.h +++ b/src/block/kasumi/kasumi.h @@ -29,7 +29,7 @@ class BOTAN_DLL KASUMI : public Block_Cipher_Fixed_Params<8, 16> private: void key_schedule(const byte[], size_t); - SecureVector EK; + secure_vector EK; }; } diff --git a/src/block/lion/lion.cpp b/src/block/lion/lion.cpp index 4a9e8b901..778b55be0 100644 --- a/src/block/lion/lion.cpp +++ b/src/block/lion/lion.cpp @@ -16,7 +16,7 @@ namespace Botan { */ void Lion::encrypt_n(const byte in[], byte out[], size_t blocks) const { - SecureVector buffer_vec(LEFT_SIZE); + secure_vector buffer_vec(LEFT_SIZE); byte* buffer = &buffer_vec[0]; for(size_t i = 0; i != blocks; ++i) @@ -43,7 +43,7 @@ void Lion::encrypt_n(const byte in[], byte out[], size_t blocks) const */ void Lion::decrypt_n(const byte in[], byte out[], size_t blocks) const { - SecureVector buffer_vec(LEFT_SIZE); + secure_vector buffer_vec(LEFT_SIZE); byte* buffer = &buffer_vec[0]; for(size_t i = 0; i != blocks; ++i) diff --git a/src/block/lion/lion.h b/src/block/lion/lion.h index 5076f4461..d016c0e82 100644 --- a/src/block/lion/lion.h +++ b/src/block/lion/lion.h @@ -56,7 +56,7 @@ class BOTAN_DLL Lion : public BlockCipher HashFunction* hash; StreamCipher* cipher; - SecureVector key1, key2; + secure_vector key1, key2; }; } diff --git a/src/block/lubyrack/lubyrack.cpp b/src/block/lubyrack/lubyrack.cpp index ef4a11e9d..2fe4c87bf 100644 --- a/src/block/lubyrack/lubyrack.cpp +++ b/src/block/lubyrack/lubyrack.cpp @@ -17,7 +17,7 @@ void LubyRackoff::encrypt_n(const byte in[], byte out[], size_t blocks) const { const size_t len = hash->output_length(); - SecureVector buffer_vec(len); + secure_vector buffer_vec(len); byte* buffer = &buffer_vec[0]; for(size_t i = 0; i != blocks; ++i) @@ -54,7 +54,7 @@ void LubyRackoff::decrypt_n(const byte in[], byte out[], size_t blocks) const { const size_t len = hash->output_length(); - SecureVector buffer_vec(len); + secure_vector buffer_vec(len); byte* buffer = &buffer_vec[0]; for(size_t i = 0; i != blocks; ++i) diff --git a/src/block/lubyrack/lubyrack.h b/src/block/lubyrack/lubyrack.h index 81dddf579..e28c60be7 100644 --- a/src/block/lubyrack/lubyrack.h +++ b/src/block/lubyrack/lubyrack.h @@ -42,7 +42,7 @@ class BOTAN_DLL LubyRackoff : public BlockCipher void key_schedule(const byte[], size_t); HashFunction* hash; - SecureVector K1, K2; + secure_vector K1, K2; }; } diff --git a/src/block/mars/mars.cpp b/src/block/mars/mars.cpp index 171ce2945..64ece83ab 100644 --- a/src/block/mars/mars.cpp +++ b/src/block/mars/mars.cpp @@ -320,7 +320,7 @@ void MARS::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void MARS::key_schedule(const byte key[], size_t length) { - SecureVector T(15); + secure_vector T(15); for(size_t i = 0; i != length / 4; ++i) T[i] = load_le(key, i); diff --git a/src/block/mars/mars.h b/src/block/mars/mars.h index 5ca05f886..fc732ae10 100644 --- a/src/block/mars/mars.h +++ b/src/block/mars/mars.h @@ -29,7 +29,7 @@ class BOTAN_DLL MARS : public Block_Cipher_Fixed_Params<16, 16, 32, 4> private: void key_schedule(const byte[], size_t); - SecureVector EK; + secure_vector EK; }; } diff --git a/src/block/misty1/misty1.cpp b/src/block/misty1/misty1.cpp index 77d1047b1..64298ee92 100644 --- a/src/block/misty1/misty1.cpp +++ b/src/block/misty1/misty1.cpp @@ -204,7 +204,7 @@ void MISTY1::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void MISTY1::key_schedule(const byte key[], size_t length) { - SecureVector KS(32); + secure_vector KS(32); for(size_t i = 0; i != length / 2; ++i) KS[i] = load_be(key, i); diff --git a/src/block/misty1/misty1.h b/src/block/misty1/misty1.h index 14d8a2958..a4bfa14b3 100644 --- a/src/block/misty1/misty1.h +++ b/src/block/misty1/misty1.h @@ -33,7 +33,7 @@ class BOTAN_DLL MISTY1 : public Block_Cipher_Fixed_Params<8, 16> private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; } diff --git a/src/block/noekeon/noekeon.h b/src/block/noekeon/noekeon.h index 7c5c73dcb..8bcff64c9 100644 --- a/src/block/noekeon/noekeon.h +++ b/src/block/noekeon/noekeon.h @@ -35,16 +35,16 @@ class BOTAN_DLL Noekeon : public Block_Cipher_Fixed_Params<16, 16> /** * @return const reference to encryption subkeys */ - const SecureVector& get_EK() const { return EK; } + const secure_vector& get_EK() const { return EK; } /** * @return const reference to decryption subkeys */ - const SecureVector& get_DK() const { return DK; } + const secure_vector& get_DK() const { return DK; } private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; } diff --git a/src/block/noekeon_simd/noekeon_simd.cpp b/src/block/noekeon_simd/noekeon_simd.cpp index b2beafc82..2a4c1fd74 100644 --- a/src/block/noekeon_simd/noekeon_simd.cpp +++ b/src/block/noekeon_simd/noekeon_simd.cpp @@ -65,7 +65,7 @@ namespace Botan { */ void Noekeon_SIMD::encrypt_n(const byte in[], byte out[], size_t blocks) const { - const SecureVector& EK = this->get_EK(); + const secure_vector& EK = this->get_EK(); SIMD_32 K0 = SIMD_32(EK[0]); SIMD_32 K1 = SIMD_32(EK[1]); @@ -122,7 +122,7 @@ void Noekeon_SIMD::encrypt_n(const byte in[], byte out[], size_t blocks) const */ void Noekeon_SIMD::decrypt_n(const byte in[], byte out[], size_t blocks) const { - const SecureVector& DK = this->get_DK(); + const secure_vector& DK = this->get_DK(); SIMD_32 K0 = SIMD_32(DK[0]); SIMD_32 K1 = SIMD_32(DK[1]); diff --git a/src/block/rc2/rc2.cpp b/src/block/rc2/rc2.cpp index 071e4e209..98e76ecfc 100644 --- a/src/block/rc2/rc2.cpp +++ b/src/block/rc2/rc2.cpp @@ -124,7 +124,7 @@ void RC2::key_schedule(const byte key[], size_t length) 0xC5, 0xF3, 0xDB, 0x47, 0xE5, 0xA5, 0x9C, 0x77, 0x0A, 0xA6, 0x20, 0x68, 0xFE, 0x7F, 0xC1, 0xAD }; - SecureVector L(128); + secure_vector L(128); copy_mem(&L[0], key, length); for(size_t i = length; i != 128; ++i) diff --git a/src/block/rc2/rc2.h b/src/block/rc2/rc2.h index 1ebad1e73..dc78b06fc 100644 --- a/src/block/rc2/rc2.h +++ b/src/block/rc2/rc2.h @@ -36,7 +36,7 @@ class BOTAN_DLL RC2 : public Block_Cipher_Fixed_Params<8, 1, 32> private: void key_schedule(const byte[], size_t); - SecureVector K; + secure_vector K; }; } diff --git a/src/block/rc5/rc5.cpp b/src/block/rc5/rc5.cpp index 981f73564..1ac421996 100644 --- a/src/block/rc5/rc5.cpp +++ b/src/block/rc5/rc5.cpp @@ -95,7 +95,7 @@ void RC5::key_schedule(const byte key[], size_t length) for(size_t i = 1; i != S.size(); ++i) S[i] = S[i-1] + 0x9E3779B9; - SecureVector K(8); + secure_vector K(8); for(s32bit i = length-1; i >= 0; --i) K[i/4] = (K[i/4] << 8) + key[i]; diff --git a/src/block/rc5/rc5.h b/src/block/rc5/rc5.h index c69705471..bf059a996 100644 --- a/src/block/rc5/rc5.h +++ b/src/block/rc5/rc5.h @@ -35,7 +35,7 @@ class BOTAN_DLL RC5 : public Block_Cipher_Fixed_Params<8, 1, 32> void key_schedule(const byte[], size_t); - SecureVector S; + secure_vector S; }; } diff --git a/src/block/rc6/rc6.cpp b/src/block/rc6/rc6.cpp index 53ca5a7a2..42d00878f 100644 --- a/src/block/rc6/rc6.cpp +++ b/src/block/rc6/rc6.cpp @@ -120,7 +120,7 @@ void RC6::key_schedule(const byte key[], size_t length) for(size_t i = 1; i != S.size(); ++i) S[i] = S[i-1] + 0x9E3779B9; - SecureVector K(8); + secure_vector K(8); for(s32bit i = length-1; i >= 0; --i) K[i/4] = (K[i/4] << 8) + key[i]; diff --git a/src/block/rc6/rc6.h b/src/block/rc6/rc6.h index af7b62316..d3270daf7 100644 --- a/src/block/rc6/rc6.h +++ b/src/block/rc6/rc6.h @@ -29,7 +29,7 @@ class BOTAN_DLL RC6 : public Block_Cipher_Fixed_Params<16, 1, 32> private: void key_schedule(const byte[], size_t); - SecureVector S; + secure_vector S; }; } diff --git a/src/block/safer/safer_sk.cpp b/src/block/safer/safer_sk.cpp index 5275a0781..f5fe4edd7 100644 --- a/src/block/safer/safer_sk.cpp +++ b/src/block/safer/safer_sk.cpp @@ -208,7 +208,7 @@ void SAFER_SK::key_schedule(const byte key[], size_t) 0x07, 0x08, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x11, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; - SecureVector KB(18); + secure_vector KB(18); for(size_t i = 0; i != 8; ++i) { diff --git a/src/block/safer/safer_sk.h b/src/block/safer/safer_sk.h index 564ea5c50..cf8ad90f7 100644 --- a/src/block/safer/safer_sk.h +++ b/src/block/safer/safer_sk.h @@ -34,7 +34,7 @@ class BOTAN_DLL SAFER_SK : public Block_Cipher_Fixed_Params<8, 16> size_t get_rounds() const { return (EK.size() - 8) / 16; } void key_schedule(const byte[], size_t); - SecureVector EK; + secure_vector EK; }; } diff --git a/src/block/seed/seed.cpp b/src/block/seed/seed.cpp index 408220013..40deb18bc 100644 --- a/src/block/seed/seed.cpp +++ b/src/block/seed/seed.cpp @@ -111,7 +111,7 @@ void SEED::key_schedule(const byte key[], size_t) 0x779B99E3, 0xEF3733C6, 0xDE6E678D, 0xBCDCCF1B }; - SecureVector WK(4); + secure_vector WK(4); for(size_t i = 0; i != 4; ++i) WK[i] = load_be(key, i); diff --git a/src/block/seed/seed.h b/src/block/seed/seed.h index 979312930..d5476de82 100644 --- a/src/block/seed/seed.h +++ b/src/block/seed/seed.h @@ -37,7 +37,7 @@ class BOTAN_DLL SEED : public Block_Cipher_Fixed_Params<16, 16> static const u32bit S0[256], S1[256], S2[256], S3[256]; }; - SecureVector K; + secure_vector K; }; } diff --git a/src/block/serpent/serpent.cpp b/src/block/serpent/serpent.cpp index b1e632c29..0f0a4fd63 100644 --- a/src/block/serpent/serpent.cpp +++ b/src/block/serpent/serpent.cpp @@ -358,7 +358,7 @@ void Serpent::key_schedule(const byte key[], size_t length) { const u32bit PHI = 0x9E3779B9; - SecureVector W(140); + secure_vector W(140); for(size_t i = 0; i != length / 4; ++i) W[i] = load_le(key, i); diff --git a/src/block/serpent/serpent.h b/src/block/serpent/serpent.h index df3f039aa..6191e50d7 100644 --- a/src/block/serpent/serpent.h +++ b/src/block/serpent/serpent.h @@ -31,7 +31,7 @@ class BOTAN_DLL Serpent : public Block_Cipher_Fixed_Params<16, 16, 32, 8> * For use by subclasses using SIMD, asm, etc * @return const reference to the key schedule */ - const SecureVector& get_round_keys() const + const secure_vector& get_round_keys() const { return round_key; } /** @@ -45,7 +45,7 @@ class BOTAN_DLL Serpent : public Block_Cipher_Fixed_Params<16, 16, 32, 8> private: void key_schedule(const byte key[], size_t length); - SecureVector round_key; + secure_vector round_key; }; } diff --git a/src/block/serpent_x86_32/serp_x86_32.cpp b/src/block/serpent_x86_32/serp_x86_32.cpp index 4cefe1d65..9566ed8a6 100644 --- a/src/block/serpent_x86_32/serp_x86_32.cpp +++ b/src/block/serpent_x86_32/serp_x86_32.cpp @@ -72,7 +72,7 @@ void Serpent_X86_32::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void Serpent_X86_32::key_schedule(const byte key[], size_t length) { - SecureVector W(140); + secure_vector W(140); for(size_t i = 0; i != length / 4; ++i) W[i] = load_le(key, i); W[length / 4] |= u32bit(1) << ((length%4)*8); diff --git a/src/block/skipjack/skipjack.h b/src/block/skipjack/skipjack.h index 051d35351..9abd10d47 100644 --- a/src/block/skipjack/skipjack.h +++ b/src/block/skipjack/skipjack.h @@ -29,7 +29,7 @@ class BOTAN_DLL Skipjack : public Block_Cipher_Fixed_Params<8, 10> private: void key_schedule(const byte[], size_t); - SecureVector FTAB; + secure_vector FTAB; }; } diff --git a/src/block/square/square.cpp b/src/block/square/square.cpp index ff98c040e..bb9132e10 100644 --- a/src/block/square/square.cpp +++ b/src/block/square/square.cpp @@ -142,7 +142,7 @@ void Square::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void Square::key_schedule(const byte key[], size_t) { - SecureVector XEK(36), XDK(36); + secure_vector XEK(36), XDK(36); for(size_t i = 0; i != 4; ++i) XEK[i] = load_be(key, i); diff --git a/src/block/square/square.h b/src/block/square/square.h index 5147c0383..f40ad0e31 100644 --- a/src/block/square/square.h +++ b/src/block/square/square.h @@ -45,8 +45,8 @@ class BOTAN_DLL Square : public Block_Cipher_Fixed_Params<16, 16> static const u32bit TD2[256]; static const u32bit TD3[256]; - SecureVector EK, DK; - SecureVector ME, MD; + secure_vector EK, DK; + secure_vector ME, MD; }; } diff --git a/src/block/tea/tea.h b/src/block/tea/tea.h index 0290b112f..5d418e084 100644 --- a/src/block/tea/tea.h +++ b/src/block/tea/tea.h @@ -28,7 +28,7 @@ class BOTAN_DLL TEA : public Block_Cipher_Fixed_Params<8, 16> TEA() : K(4) {} private: void key_schedule(const byte[], size_t); - SecureVector K; + secure_vector K; }; } diff --git a/src/block/twofish/twofish.cpp b/src/block/twofish/twofish.cpp index c0735e202..d0a4213fb 100644 --- a/src/block/twofish/twofish.cpp +++ b/src/block/twofish/twofish.cpp @@ -121,7 +121,7 @@ void Twofish::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void Twofish::key_schedule(const byte key[], size_t length) { - SecureVector S(16); + secure_vector S(16); for(size_t i = 0; i != length; ++i) rs_mul(&S[4*(i/8)], key[i], i); diff --git a/src/block/twofish/twofish.h b/src/block/twofish/twofish.h index 7594bdcfd..cd84c6fe0 100644 --- a/src/block/twofish/twofish.h +++ b/src/block/twofish/twofish.h @@ -41,7 +41,7 @@ class BOTAN_DLL Twofish : public Block_Cipher_Fixed_Params<16, 16, 32, 8> static const byte EXP_TO_POLY[255]; static const byte POLY_TO_EXP[255]; - SecureVector SB, RK; + secure_vector SB, RK; }; } diff --git a/src/block/xtea/xtea.cpp b/src/block/xtea/xtea.cpp index 597eedd07..29287e5a0 100644 --- a/src/block/xtea/xtea.cpp +++ b/src/block/xtea/xtea.cpp @@ -123,7 +123,7 @@ void XTEA::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void XTEA::key_schedule(const byte key[], size_t) { - SecureVector UK(4); + secure_vector UK(4); for(size_t i = 0; i != 4; ++i) UK[i] = load_be(key, i); diff --git a/src/block/xtea/xtea.h b/src/block/xtea/xtea.h index 985e9d6d1..2bf544696 100644 --- a/src/block/xtea/xtea.h +++ b/src/block/xtea/xtea.h @@ -30,11 +30,11 @@ class BOTAN_DLL XTEA : public Block_Cipher_Fixed_Params<8, 16> /** * @return const reference to the key schedule */ - const SecureVector& get_EK() const { return EK; } + const secure_vector& get_EK() const { return EK; } private: void key_schedule(const byte[], size_t); - SecureVector EK; + secure_vector EK; }; } diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index d22ae6202..f3babb394 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -1,6 +1,6 @@ macro_name GCC -binary_name g++-4.6.0 +binary_name g++-4.8.0-r187608 compile_option "-c " output_to_option "-o " diff --git a/src/cert/certstore/certstor.cpp b/src/cert/certstore/certstor.cpp index 3cba2f39e..9c383d9e8 100644 --- a/src/cert/certstore/certstor.cpp +++ b/src/cert/certstore/certstor.cpp @@ -28,7 +28,7 @@ void Certificate_Store_Memory::add_certificate(const X509_Certificate& cert) std::vector Certificate_Store_Memory::find_cert_by_subject_and_key_id( const X509_DN& subject_dn, - const MemoryRegion& key_id) const + const std::vector& key_id) const { std::vector result; @@ -37,7 +37,7 @@ Certificate_Store_Memory::find_cert_by_subject_and_key_id( // Only compare key ids if set in both call and in the cert if(key_id.size()) { - MemoryVector skid = certs[i].subject_key_id(); + std::vector skid = certs[i].subject_key_id(); if(skid.size() && skid != key_id) // no match continue; @@ -74,7 +74,7 @@ void Certificate_Store_Memory::add_crl(const X509_CRL& crl) std::vector Certificate_Store_Memory::find_crl_by_subject_and_key_id( const X509_DN& issuer_dn, - const MemoryRegion& key_id) const + const std::vector& key_id) const { std::vector result; @@ -83,7 +83,7 @@ Certificate_Store_Memory::find_crl_by_subject_and_key_id( // Only compare key ids if set in both call and in the CRL if(key_id.size()) { - MemoryVector akid = crls[i].authority_key_id(); + std::vector akid = crls[i].authority_key_id(); if(akid.size() && akid != key_id) // no match continue; diff --git a/src/cert/certstore/certstor.h b/src/cert/certstore/certstor.h index 374013984..a0526e1a6 100644 --- a/src/cert/certstore/certstor.h +++ b/src/cert/certstore/certstor.h @@ -39,7 +39,7 @@ class BOTAN_DLL Certificate_Store virtual std::vector find_cert_by_subject_and_key_id( const X509_DN& subject_dn, - const MemoryRegion& key_id) const = 0; + const std::vector& key_id) const = 0; /** * Find CRLs by the DN and key id of the issuer @@ -47,7 +47,7 @@ class BOTAN_DLL Certificate_Store virtual std::vector find_crl_by_subject_and_key_id( const X509_DN& issuer_dn, - const MemoryRegion& key_id) const = 0; + const std::vector& key_id) const = 0; }; /** @@ -64,11 +64,11 @@ class BOTAN_DLL Certificate_Store_Memory : public Certificate_Store std::vector find_cert_by_subject_and_key_id( const X509_DN& subject_dn, - const MemoryRegion& key_id) const; + const std::vector& key_id) const; std::vector find_crl_by_subject_and_key_id( const X509_DN& issuer_dn, - const MemoryRegion& key_id) const; + const std::vector& key_id) const; Certificate_Store_Memory() {} private: diff --git a/src/cert/cvc/asn1_eac_tm.cpp b/src/cert/cvc/asn1_eac_tm.cpp index 12221b582..a3a4d043d 100644 --- a/src/cert/cvc/asn1_eac_tm.cpp +++ b/src/cert/cvc/asn1_eac_tm.cpp @@ -18,9 +18,9 @@ namespace Botan { namespace { -SecureVector enc_two_digit(u32bit in) +secure_vector enc_two_digit(u32bit in) { - SecureVector result; + secure_vector result; in %= 100; if(in < 10) result.push_back(0x00); @@ -281,9 +281,9 @@ void EAC_Time::decode_from(BER_Decoder& source) /* * make the value an octet string for encoding */ -SecureVector EAC_Time::encoded_eac_time() const +secure_vector EAC_Time::encoded_eac_time() const { - SecureVector result; + secure_vector result; result += enc_two_digit(year); result += enc_two_digit(month); result += enc_two_digit(day); diff --git a/src/cert/cvc/cvc_ado.cpp b/src/cert/cvc/cvc_ado.cpp index 38f51e8dc..f224d15b9 100644 --- a/src/cert/cvc/cvc_ado.cpp +++ b/src/cert/cvc/cvc_ado.cpp @@ -26,7 +26,7 @@ EAC1_1_ADO::EAC1_1_ADO(const std::string& in) void EAC1_1_ADO::force_decode() { - SecureVector inner_cert; + secure_vector inner_cert; BER_Decoder(tbs_bits) .start_cons(ASN1_Tag(33)) .raw_bytes(inner_cert) @@ -34,7 +34,7 @@ void EAC1_1_ADO::force_decode() .decode(m_car) .verify_end(); - SecureVector req_bits = DER_Encoder() + secure_vector req_bits = DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) .raw_bytes(inner_cert) .end_cons() @@ -45,11 +45,11 @@ void EAC1_1_ADO::force_decode() sig_algo = m_req.sig_algo; } -MemoryVector EAC1_1_ADO::make_signed(PK_Signer& signer, - const MemoryRegion& tbs_bits, +std::vector EAC1_1_ADO::make_signed(PK_Signer& signer, + const secure_vector& tbs_bits, RandomNumberGenerator& rng) { - SecureVector concat_sig = signer.sign_message(tbs_bits, rng); + secure_vector concat_sig = signer.sign_message(tbs_bits, rng); return DER_Encoder() .start_cons(ASN1_Tag(7), APPLICATION) @@ -65,11 +65,11 @@ ASN1_Car EAC1_1_ADO::get_car() const } void EAC1_1_ADO::decode_info(DataSource& source, - SecureVector & res_tbs_bits, + secure_vector & res_tbs_bits, ECDSA_Signature & res_sig) { - SecureVector concat_sig; - SecureVector cert_inner_bits; + secure_vector concat_sig; + secure_vector cert_inner_bits; ASN1_Car car; BER_Decoder(source) @@ -81,7 +81,7 @@ void EAC1_1_ADO::decode_info(DataSource& source, .decode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION) .end_cons(); - SecureVector enc_cert = DER_Encoder() + secure_vector enc_cert = DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) .raw_bytes(cert_inner_bits) .end_cons() @@ -97,7 +97,7 @@ void EAC1_1_ADO::encode(Pipe& out, X509_Encoding encoding) const if(encoding == PEM) throw Invalid_Argument("EAC1_1_ADO::encode() cannot PEM encode an EAC object"); - SecureVector concat_sig( + secure_vector concat_sig( EAC1_1_obj::m_sig.get_concatenation()); out.write(DER_Encoder() @@ -108,7 +108,7 @@ void EAC1_1_ADO::encode(Pipe& out, X509_Encoding encoding) const .get_contents()); } -SecureVector EAC1_1_ADO::tbs_data() const +secure_vector EAC1_1_ADO::tbs_data() const { return tbs_bits; } diff --git a/src/cert/cvc/cvc_ado.h b/src/cert/cvc/cvc_ado.h index 65a39fd91..81b89ea00 100644 --- a/src/cert/cvc/cvc_ado.h +++ b/src/cert/cvc/cvc_ado.h @@ -43,9 +43,9 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj * @param tbs_bits the TBS data to sign * @param rng a random number generator */ - static MemoryVector make_signed( + static std::vector make_signed( PK_Signer& signer, - const MemoryRegion& tbs_bits, + const secure_vector& tbs_bits, RandomNumberGenerator& rng); /** @@ -73,7 +73,7 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj * Get the TBS data of this CVC ADO request. * @result the TBS data */ - SecureVector tbs_data() const; + secure_vector tbs_data() const; virtual ~EAC1_1_ADO() {} private: @@ -82,7 +82,7 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj void force_decode(); static void decode_info(DataSource& source, - SecureVector & res_tbs_bits, + secure_vector & res_tbs_bits, ECDSA_Signature & res_sig); }; diff --git a/src/cert/cvc/cvc_cert.cpp b/src/cert/cvc/cvc_cert.cpp index 54f72ecfc..12558bb80 100644 --- a/src/cert/cvc/cvc_cert.cpp +++ b/src/cert/cvc/cvc_cert.cpp @@ -33,8 +33,8 @@ u32bit EAC1_1_CVC::get_chat_value() const */ void EAC1_1_CVC::force_decode() { - SecureVector enc_pk; - SecureVector enc_chat_val; + secure_vector enc_pk; + secure_vector enc_chat_val; size_t cpi; BER_Decoder tbs_cert(tbs_bits); tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION) @@ -88,7 +88,7 @@ bool EAC1_1_CVC::operator==(EAC1_1_CVC const& rhs) const && get_concat_sig() == rhs.get_concat_sig()); } -ECDSA_PublicKey* decode_eac1_1_key(const MemoryRegion&, +ECDSA_PublicKey* decode_eac1_1_key(const secure_vector&, AlgorithmIdentifier&) { throw Internal_Error("decode_eac1_1_key: Unimplemented"); @@ -96,7 +96,7 @@ ECDSA_PublicKey* decode_eac1_1_key(const MemoryRegion&, } EAC1_1_CVC make_cvc_cert(PK_Signer& signer, - MemoryRegion const& public_key, + secure_vector const& public_key, ASN1_Car const& car, ASN1_Chr const& chr, byte holder_auth_templ, @@ -105,12 +105,12 @@ EAC1_1_CVC make_cvc_cert(PK_Signer& signer, RandomNumberGenerator& rng) { OID chat_oid(OIDS::lookup("CertificateHolderAuthorizationTemplate")); - MemoryVector enc_chat_val; + std::vector enc_chat_val; enc_chat_val.push_back(holder_auth_templ); - MemoryVector enc_cpi; + std::vector enc_cpi; enc_cpi.push_back(0x00); - MemoryVector tbs = DER_Encoder() + std::vector tbs = DER_Encoder() .encode(enc_cpi, OCTET_STRING, ASN1_Tag(41), APPLICATION) // cpi .encode(car) .raw_bytes(public_key) @@ -123,7 +123,7 @@ EAC1_1_CVC make_cvc_cert(PK_Signer& signer, .encode(cex) .get_contents(); - MemoryVector signed_cert = + std::vector signed_cert = EAC1_1_CVC::make_signed(signer, EAC1_1_CVC::build_cert_body(tbs), rng); diff --git a/src/cert/cvc/cvc_cert.h b/src/cert/cvc/cvc_cert.h index 69d0d824a..20370e64b 100644 --- a/src/cert/cvc/cvc_cert.h +++ b/src/cert/cvc/cvc_cert.h @@ -96,7 +96,7 @@ inline bool operator!=(EAC1_1_CVC const& lhs, EAC1_1_CVC const& rhs) * @param rng a random number generator */ EAC1_1_CVC BOTAN_DLL make_cvc_cert(PK_Signer& signer, - const MemoryRegion& public_key, + const secure_vector& public_key, ASN1_Car const& car, ASN1_Chr const& chr, byte holder_auth_templ, @@ -107,7 +107,7 @@ EAC1_1_CVC BOTAN_DLL make_cvc_cert(PK_Signer& signer, /** * Decode an EAC encoding ECDSA key */ -BOTAN_DLL ECDSA_PublicKey* decode_eac1_1_key(const MemoryRegion& enc_key, +BOTAN_DLL ECDSA_PublicKey* decode_eac1_1_key(const secure_vector& enc_key, AlgorithmIdentifier& sig_algo); } diff --git a/src/cert/cvc/cvc_gen_cert.h b/src/cert/cvc/cvc_gen_cert.h index ad61b85bf..a272e316f 100644 --- a/src/cert/cvc/cvc_gen_cert.h +++ b/src/cert/cvc/cvc_gen_cert.h @@ -56,14 +56,14 @@ class EAC1_1_gen_CVC : public EAC1_1_obj // CRTP continuation from EAC1 * Get the to-be-signed (TBS) data of this object. * @result the TBS data of this object */ - SecureVector tbs_data() const; + secure_vector tbs_data() const; /** * Build the DER encoded certifcate body of an object * @param tbs the data to be signed * @result the correctly encoded body of the object */ - static SecureVector build_cert_body(MemoryRegion const& tbs); + static secure_vector build_cert_body(secure_vector const& tbs); /** * Create a signed generalized CVC object. @@ -72,9 +72,9 @@ class EAC1_1_gen_CVC : public EAC1_1_obj // CRTP continuation from EAC1 * @param rng a random number generator * @result the DER encoded signed generalized CVC object */ - static MemoryVector make_signed( + static std::vector make_signed( PK_Signer& signer, - const MemoryRegion& tbs_bits, + const secure_vector& tbs_bits, RandomNumberGenerator& rng); EAC1_1_gen_CVC() { m_pk = 0; } @@ -88,7 +88,7 @@ class EAC1_1_gen_CVC : public EAC1_1_obj // CRTP continuation from EAC1 bool self_signed; static void decode_info(DataSource& source, - SecureVector & res_tbs_bits, + secure_vector & res_tbs_bits, ECDSA_Signature & res_sig); }; @@ -104,12 +104,12 @@ template bool EAC1_1_gen_CVC::is_self_signed() const } template -MemoryVector EAC1_1_gen_CVC::make_signed( +std::vector EAC1_1_gen_CVC::make_signed( PK_Signer& signer, - const MemoryRegion& tbs_bits, + const secure_vector& tbs_bits, RandomNumberGenerator& rng) // static { - SecureVector concat_sig = signer.sign_message(tbs_bits, rng); + secure_vector concat_sig = signer.sign_message(tbs_bits, rng); return DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) @@ -125,7 +125,7 @@ Public_Key* EAC1_1_gen_CVC::subject_public_key() const return new ECDSA_PublicKey(*m_pk); } -template SecureVector EAC1_1_gen_CVC::build_cert_body(MemoryRegion const& tbs) +template secure_vector EAC1_1_gen_CVC::build_cert_body(secure_vector const& tbs) { return DER_Encoder() .start_cons(ASN1_Tag(78), APPLICATION) @@ -133,15 +133,15 @@ template SecureVector EAC1_1_gen_CVC::build_cer .end_cons().get_contents(); } -template SecureVector EAC1_1_gen_CVC::tbs_data() const +template secure_vector EAC1_1_gen_CVC::tbs_data() const { return build_cert_body(EAC1_1_obj::tbs_bits); } template void EAC1_1_gen_CVC::encode(Pipe& out, X509_Encoding encoding) const { - SecureVector concat_sig(EAC1_1_obj::m_sig.get_concatenation()); - SecureVector der = DER_Encoder() + secure_vector concat_sig(EAC1_1_obj::m_sig.get_concatenation()); + secure_vector der = DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) .start_cons(ASN1_Tag(78), APPLICATION) .raw_bytes(EAC1_1_obj::tbs_bits) @@ -159,10 +159,10 @@ template void EAC1_1_gen_CVC::encode(Pipe& out, X509_ template void EAC1_1_gen_CVC::decode_info( DataSource& source, - SecureVector & res_tbs_bits, + secure_vector & res_tbs_bits, ECDSA_Signature & res_sig) { - SecureVector concat_sig; + secure_vector concat_sig; BER_Decoder(source) .start_cons(ASN1_Tag(33)) .start_cons(ASN1_Tag(78)) diff --git a/src/cert/cvc/cvc_req.cpp b/src/cert/cvc/cvc_req.cpp index ad9e2f4ca..bd7dee3fa 100644 --- a/src/cert/cvc/cvc_req.cpp +++ b/src/cert/cvc/cvc_req.cpp @@ -19,7 +19,7 @@ bool EAC1_1_Req::operator==(EAC1_1_Req const& rhs) const void EAC1_1_Req::force_decode() { - SecureVector enc_pk; + secure_vector enc_pk; BER_Decoder tbs_cert(tbs_bits); size_t cpi; tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION) diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp index 61a1e7b64..e692bc9b8 100644 --- a/src/cert/cvc/cvc_self.cpp +++ b/src/cert/cvc/cvc_self.cpp @@ -34,7 +34,7 @@ void encode_eac_bigint(DER_Encoder& der, const BigInt& x, ASN1_Tag tag) der.encode(BigInt::encode_1363(x, x.bytes()), OCTET_STRING, tag); } -MemoryVector eac_1_1_encoding(const EC_PublicKey* key, +std::vector eac_1_1_encoding(const EC_PublicKey* key, const OID& sig_algo) { if(key->domain_format() == EC_DOMPAR_ENC_OID) @@ -106,7 +106,7 @@ EAC1_1_CVC create_self_signed_cert(Private_Key const& key, PK_Signer signer(*priv_key, padding_and_hash); - MemoryVector enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); + std::vector enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); return make_cvc_cert(signer, enc_public_key, @@ -133,17 +133,17 @@ EAC1_1_Req create_cvc_req(Private_Key const& key, PK_Signer signer(*priv_key, padding_and_hash); - MemoryVector enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); + std::vector enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); - MemoryVector enc_cpi; + std::vector enc_cpi; enc_cpi.push_back(0x00); - MemoryVector tbs = DER_Encoder() + std::vector tbs = DER_Encoder() .encode(enc_cpi, OCTET_STRING, ASN1_Tag(41), APPLICATION) .raw_bytes(enc_public_key) .encode(chr) .get_contents(); - MemoryVector signed_cert = + std::vector signed_cert = EAC1_1_gen_CVC::make_signed(signer, EAC1_1_gen_CVC::build_cert_body(tbs), rng); @@ -166,10 +166,10 @@ EAC1_1_ADO create_ado_req(Private_Key const& key, std::string padding_and_hash = padding_and_hash_from_oid(req.signature_algorithm().oid); PK_Signer signer(*priv_key, padding_and_hash); - SecureVector tbs_bits = req.BER_encode(); + secure_vector tbs_bits = req.BER_encode(); tbs_bits += DER_Encoder().encode(car).get_contents(); - MemoryVector signed_cert = + std::vector signed_cert = EAC1_1_ADO::make_signed(signer, tbs_bits, rng); DataSource_Memory source(signed_cert); @@ -235,7 +235,7 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer, ECDSA_PublicKey* subj_pk = dynamic_cast(pk.get()); subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_EXPLICIT); - MemoryVector enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); + std::vector enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); return make_cvc_cert(pk_signer, enc_public_key, signer.get_car(), @@ -309,7 +309,7 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, // (IS cannot sign certificates) } - MemoryVector enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); + std::vector enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); return make_cvc_cert(pk_signer, enc_public_key, ASN1_Car(signer_cert.get_chr().iso_8859()), diff --git a/src/cert/cvc/eac_asn_obj.h b/src/cert/cvc/eac_asn_obj.h index 54a9f1517..9937abb01 100644 --- a/src/cert/cvc/eac_asn_obj.h +++ b/src/cert/cvc/eac_asn_obj.h @@ -98,7 +98,7 @@ class BOTAN_DLL EAC_Time : public ASN1_Object virtual ~EAC_Time() {} private: - SecureVector encoded_eac_time() const; + secure_vector encoded_eac_time() const; bool passes_sanity_check() const; u32bit year, month, day; ASN1_Tag tag; diff --git a/src/cert/cvc/eac_obj.h b/src/cert/cvc/eac_obj.h index eb6db3369..39f34b874 100644 --- a/src/cert/cvc/eac_obj.h +++ b/src/cert/cvc/eac_obj.h @@ -24,7 +24,7 @@ class EAC1_1_obj : public EAC_Signed_Object * Return the signature as a concatenation of the encoded parts. * @result the concatenated signature */ - SecureVector get_concat_sig() const + secure_vector get_concat_sig() const { return m_sig.get_concatenation(); } bool check_signature(class Public_Key& key) const diff --git a/src/cert/cvc/ecdsa_sig.cpp b/src/cert/cvc/ecdsa_sig.cpp index e8fd7f051..91166ad79 100644 --- a/src/cert/cvc/ecdsa_sig.cpp +++ b/src/cert/cvc/ecdsa_sig.cpp @@ -10,7 +10,7 @@ namespace Botan { -ECDSA_Signature::ECDSA_Signature(const MemoryRegion& ber) +ECDSA_Signature::ECDSA_Signature(const secure_vector& ber) { BER_Decoder(ber) .start_cons(SEQUENCE) @@ -20,7 +20,7 @@ ECDSA_Signature::ECDSA_Signature(const MemoryRegion& ber) .verify_end(); } -MemoryVector ECDSA_Signature::DER_encode() const +std::vector ECDSA_Signature::DER_encode() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -30,20 +30,20 @@ MemoryVector ECDSA_Signature::DER_encode() const .get_contents(); } -MemoryVector ECDSA_Signature::get_concatenation() const +std::vector ECDSA_Signature::get_concatenation() const { // use the larger const size_t enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes(); - SecureVector sv_r = BigInt::encode_1363(m_r, enc_len); - SecureVector sv_s = BigInt::encode_1363(m_s, enc_len); + secure_vector sv_r = BigInt::encode_1363(m_r, enc_len); + secure_vector sv_s = BigInt::encode_1363(m_s, enc_len); - SecureVector result(sv_r); + secure_vector result(sv_r); result += sv_s; return result; } -ECDSA_Signature decode_concatenation(const MemoryRegion& concat) +ECDSA_Signature decode_concatenation(const secure_vector& concat) { if(concat.size() % 2 != 0) throw Invalid_Argument("Erroneous length of signature"); diff --git a/src/cert/cvc/ecdsa_sig.h b/src/cert/cvc/ecdsa_sig.h index a92052470..a92d5078c 100644 --- a/src/cert/cvc/ecdsa_sig.h +++ b/src/cert/cvc/ecdsa_sig.h @@ -27,7 +27,7 @@ class BOTAN_DLL ECDSA_Signature ECDSA_Signature(const BigInt& r, const BigInt& s) : m_r(r), m_s(s) {} - ECDSA_Signature(const MemoryRegion& ber); + ECDSA_Signature(const secure_vector& ber); const BigInt& get_r() const { return m_r; } const BigInt& get_s() const { return m_s; } @@ -35,9 +35,9 @@ class BOTAN_DLL ECDSA_Signature /** * return the r||s */ - MemoryVector get_concatenation() const; + std::vector get_concatenation() const; - MemoryVector DER_encode() const; + std::vector DER_encode() const; bool operator==(const ECDSA_Signature& other) const { @@ -54,7 +54,7 @@ inline bool operator!=(const ECDSA_Signature& lhs, const ECDSA_Signature& rhs) return !(lhs == rhs); } -ECDSA_Signature decode_concatenation(const MemoryRegion& concatenation); +ECDSA_Signature decode_concatenation(const secure_vector& concatenation); } diff --git a/src/cert/cvc/signed_obj.cpp b/src/cert/cvc/signed_obj.cpp index d6aa2f02b..4f04cd72e 100644 --- a/src/cert/cvc/signed_obj.cpp +++ b/src/cert/cvc/signed_obj.cpp @@ -16,7 +16,7 @@ namespace Botan { /* * Return a BER encoded X.509 object */ -SecureVector EAC_Signed_Object::BER_encode() const +secure_vector EAC_Signed_Object::BER_encode() const { Pipe ber; ber.start_msg(); @@ -46,7 +46,7 @@ AlgorithmIdentifier EAC_Signed_Object::signature_algorithm() const } bool EAC_Signed_Object::check_signature(Public_Key& pub_key, - const MemoryRegion& sig) const + const secure_vector& sig) const { try { @@ -62,7 +62,7 @@ bool EAC_Signed_Object::check_signature(Public_Key& pub_key, Signature_Format format = (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; - SecureVector to_sign = tbs_data(); + secure_vector to_sign = tbs_data(); PK_Verifier verifier(pub_key, padding, format); return verifier.verify_message(to_sign, sig); diff --git a/src/cert/cvc/signed_obj.h b/src/cert/cvc/signed_obj.h index 0c0fb30af..eb0e11848 100644 --- a/src/cert/cvc/signed_obj.h +++ b/src/cert/cvc/signed_obj.h @@ -26,7 +26,7 @@ class BOTAN_DLL EAC_Signed_Object * Get the TBS (to-be-signed) data in this object. * @return DER encoded TBS data of this object */ - virtual SecureVector tbs_data() const = 0; + virtual secure_vector tbs_data() const = 0; /** * Get the signature of this object as a concatenation, i.e. if the @@ -39,7 +39,7 @@ class BOTAN_DLL EAC_Signed_Object NOTE: this is here only because abstract signature objects have not yet been introduced */ - virtual SecureVector get_concat_sig() const = 0; + virtual secure_vector get_concat_sig() const = 0; /** * Get the signature algorithm identifier used to sign this object. @@ -55,7 +55,7 @@ class BOTAN_DLL EAC_Signed_Object * associated with this public key */ bool check_signature(class Public_Key& key, - const MemoryRegion& sig) const; + const secure_vector& sig) const; /** * Write this object DER encoded into a specified pipe. @@ -69,7 +69,7 @@ class BOTAN_DLL EAC_Signed_Object * BER encode this object. * @return result containing the BER representation of this object. */ - SecureVector BER_encode() const; + secure_vector BER_encode() const; /** * PEM encode this object. @@ -83,7 +83,7 @@ class BOTAN_DLL EAC_Signed_Object EAC_Signed_Object() {} AlgorithmIdentifier sig_algo; - SecureVector tbs_bits; + secure_vector tbs_bits; std::string PEM_label_pref; std::vector PEM_labels_allowed; private: diff --git a/src/cert/pkcs10/pkcs10.cpp b/src/cert/pkcs10/pkcs10.cpp index 870a4d3a1..c67f74142 100644 --- a/src/cert/pkcs10/pkcs10.cpp +++ b/src/cert/pkcs10/pkcs10.cpp @@ -34,6 +34,15 @@ PKCS10_Request::PKCS10_Request(const std::string& in) : do_decode(); } +/* +* PKCS10_Request Constructor +*/ +PKCS10_Request::PKCS10_Request(const std::vector& in) : + X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST") + { + do_decode(); + } + /* * Deocde the CertificateRequestInfo */ @@ -59,7 +68,7 @@ void PKCS10_Request::force_decode() info.add("X509.Certificate.public_key", PEM_Code::encode( - ASN1::put_in_sequence(public_key.value), + ASN1::put_in_sequence(unlock(public_key.value)), "PUBLIC KEY" ) ); @@ -136,10 +145,10 @@ X509_DN PKCS10_Request::subject_dn() const /* * Return the public key of the requestor */ -MemoryVector PKCS10_Request::raw_public_key() const +std::vector PKCS10_Request::raw_public_key() const { DataSource_Memory source(info.get1("X509.Certificate.public_key")); - return PEM_Code::decode_check_label(source, "PUBLIC KEY"); + return unlock(PEM_Code::decode_check_label(source, "PUBLIC KEY")); } /* diff --git a/src/cert/pkcs10/pkcs10.h b/src/cert/pkcs10/pkcs10.h index bd01fb6b5..1ab0af7c7 100644 --- a/src/cert/pkcs10/pkcs10.h +++ b/src/cert/pkcs10/pkcs10.h @@ -32,7 +32,7 @@ class BOTAN_DLL PKCS10_Request : public X509_Object * Get the raw DER encoded public key. * @return raw DER encoded public key */ - MemoryVector raw_public_key() const; + std::vector raw_public_key() const; /** * Get the subject DN. @@ -90,6 +90,12 @@ class BOTAN_DLL PKCS10_Request : public X509_Object * encoded request file */ PKCS10_Request(const std::string& filename); + + /** + * Create a PKCS#10 Request from binary data. + * @param vec a std::vector containing the DER value + */ + PKCS10_Request(const std::vector& vec); private: void force_decode(); void handle_attribute(const Attribute&); diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp index 37b4f44b4..4012a873b 100644 --- a/src/cert/x509ca/x509_ca.cpp +++ b/src/cert/x509ca/x509_ca.cpp @@ -86,7 +86,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, X509_Certificate X509_CA::make_cert(PK_Signer* signer, RandomNumberGenerator& rng, const AlgorithmIdentifier& sig_algo, - const MemoryRegion& pub_key, + const std::vector& pub_key, const X509_Time& not_before, const X509_Time& not_after, const X509_DN& issuer_dn, @@ -98,35 +98,35 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer, BigInt serial_no(rng, SERIAL_BITS); - DataSource_Memory source(X509_Object::make_signed(signer, rng, sig_algo, - DER_Encoder().start_cons(SEQUENCE) - .start_explicit(0) - .encode(X509_CERT_VERSION-1) - .end_explicit() + const std::vector cert = X509_Object::make_signed( + signer, rng, sig_algo, + DER_Encoder().start_cons(SEQUENCE) + .start_explicit(0) + .encode(X509_CERT_VERSION-1) + .end_explicit() - .encode(serial_no) + .encode(serial_no) - .encode(sig_algo) - .encode(issuer_dn) + .encode(sig_algo) + .encode(issuer_dn) - .start_cons(SEQUENCE) - .encode(not_before) - .encode(not_after) - .end_cons() + .start_cons(SEQUENCE) + .encode(not_before) + .encode(not_after) + .end_cons() - .encode(subject_dn) - .raw_bytes(pub_key) + .encode(subject_dn) + .raw_bytes(pub_key) - .start_explicit(3) - .start_cons(SEQUENCE) - .encode(extensions) - .end_cons() - .end_explicit() - .end_cons() - .get_contents() - )); + .start_explicit(3) + .start_cons(SEQUENCE) + .encode(extensions) + .end_cons() + .end_explicit() + .end_cons() + .get_contents()); - return X509_Certificate(source); + return X509_Certificate(cert); } /* @@ -176,29 +176,29 @@ X509_CRL X509_CA::make_crl(const std::vector& revoked, new Cert_Extension::Authority_Key_ID(cert.subject_key_id())); extensions.add(new Cert_Extension::CRL_Number(crl_number)); - DataSource_Memory source(X509_Object::make_signed(signer, rng, ca_sig_algo, - DER_Encoder().start_cons(SEQUENCE) - .encode(X509_CRL_VERSION-1) - .encode(ca_sig_algo) - .encode(cert.issuer_dn()) - .encode(X509_Time(current_time)) - .encode(X509_Time(expire_time)) - .encode_if(revoked.size() > 0, - DER_Encoder() - .start_cons(SEQUENCE) - .encode_list(revoked) - .end_cons() - ) - .start_explicit(0) - .start_cons(SEQUENCE) - .encode(extensions) - .end_cons() - .end_explicit() - .end_cons() - .get_contents() - )); + const std::vector crl = X509_Object::make_signed( + signer, rng, ca_sig_algo, + DER_Encoder().start_cons(SEQUENCE) + .encode(X509_CRL_VERSION-1) + .encode(ca_sig_algo) + .encode(cert.issuer_dn()) + .encode(X509_Time(current_time)) + .encode(X509_Time(expire_time)) + .encode_if(revoked.size() > 0, + DER_Encoder() + .start_cons(SEQUENCE) + .encode_list(revoked) + .end_cons() + ) + .start_explicit(0) + .start_cons(SEQUENCE) + .encode(extensions) + .end_cons() + .end_explicit() + .end_cons() + .get_contents()); - return X509_CRL(source); + return X509_CRL(crl); } /* diff --git a/src/cert/x509ca/x509_ca.h b/src/cert/x509ca/x509_ca.h index 7aca26d03..d37b02eaf 100644 --- a/src/cert/x509ca/x509_ca.h +++ b/src/cert/x509ca/x509_ca.h @@ -82,7 +82,7 @@ class BOTAN_DLL X509_CA static X509_Certificate make_cert(PK_Signer* signer, RandomNumberGenerator& rng, const AlgorithmIdentifier& sig_algo, - const MemoryRegion& pub_key, + const std::vector& pub_key, const X509_Time& not_before, const X509_Time& not_after, const X509_DN& issuer_dn, diff --git a/src/cert/x509cert/x509_ext.cpp b/src/cert/x509cert/x509_ext.cpp index 6e0befaf3..873de4264 100644 --- a/src/cert/x509cert/x509_ext.cpp +++ b/src/cert/x509cert/x509_ext.cpp @@ -114,7 +114,7 @@ void Extensions::decode_from(BER_Decoder& from_source) while(sequence.more_items()) { OID oid; - MemoryVector value; + std::vector value; bool critical; sequence.start_cons(SEQUENCE) @@ -176,7 +176,7 @@ size_t Basic_Constraints::get_path_limit() const /* * Encode the extension */ -MemoryVector Basic_Constraints::encode_inner() const +std::vector Basic_Constraints::encode_inner() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -186,13 +186,13 @@ MemoryVector Basic_Constraints::encode_inner() const .encode_optional(path_limit, NO_CERT_PATH_LIMIT) ) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void Basic_Constraints::decode_inner(const MemoryRegion& in) +void Basic_Constraints::decode_inner(const std::vector& in) { BER_Decoder(in) .start_cons(SEQUENCE) @@ -217,14 +217,14 @@ void Basic_Constraints::contents_to(Data_Store& subject, Data_Store&) const /* * Encode the extension */ -MemoryVector Key_Usage::encode_inner() const +std::vector Key_Usage::encode_inner() const { if(constraints == NO_CONSTRAINTS) throw Encoding_Error("Cannot encode zero usage constraints"); const size_t unused_bits = low_bit(constraints) - 1; - MemoryVector der; + std::vector der; der.push_back(BIT_STRING); der.push_back(2 + ((unused_bits < 8) ? 1 : 0)); der.push_back(unused_bits % 8); @@ -238,7 +238,7 @@ MemoryVector Key_Usage::encode_inner() const /* * Decode the extension */ -void Key_Usage::decode_inner(const MemoryRegion& in) +void Key_Usage::decode_inner(const std::vector& in) { BER_Decoder ber(in); @@ -274,15 +274,15 @@ void Key_Usage::contents_to(Data_Store& subject, Data_Store&) const /* * Encode the extension */ -MemoryVector Subject_Key_ID::encode_inner() const +std::vector Subject_Key_ID::encode_inner() const { - return DER_Encoder().encode(key_id, OCTET_STRING).get_contents(); + return DER_Encoder().encode(key_id, OCTET_STRING).get_contents_unlocked(); } /* * Decode the extension */ -void Subject_Key_ID::decode_inner(const MemoryRegion& in) +void Subject_Key_ID::decode_inner(const std::vector& in) { BER_Decoder(in).decode(key_id, OCTET_STRING).verify_end(); } @@ -298,28 +298,28 @@ void Subject_Key_ID::contents_to(Data_Store& subject, Data_Store&) const /* * Subject_Key_ID Constructor */ -Subject_Key_ID::Subject_Key_ID(const MemoryRegion& pub_key) +Subject_Key_ID::Subject_Key_ID(const std::vector& pub_key) { SHA_160 hash; - key_id = hash.process(pub_key); + key_id = unlock(hash.process(pub_key)); } /* * Encode the extension */ -MemoryVector Authority_Key_ID::encode_inner() const +std::vector Authority_Key_ID::encode_inner() const { return DER_Encoder() .start_cons(SEQUENCE) .encode(key_id, OCTET_STRING, ASN1_Tag(0), CONTEXT_SPECIFIC) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void Authority_Key_ID::decode_inner(const MemoryRegion& in) +void Authority_Key_ID::decode_inner(const std::vector& in) { BER_Decoder(in) .start_cons(SEQUENCE) @@ -338,15 +338,15 @@ void Authority_Key_ID::contents_to(Data_Store&, Data_Store& issuer) const /* * Encode the extension */ -MemoryVector Alternative_Name::encode_inner() const +std::vector Alternative_Name::encode_inner() const { - return DER_Encoder().encode(alt_name).get_contents(); + return DER_Encoder().encode(alt_name).get_contents_unlocked(); } /* * Decode the extension */ -void Alternative_Name::decode_inner(const MemoryRegion& in) +void Alternative_Name::decode_inner(const std::vector& in) { BER_Decoder(in).decode(alt_name); } @@ -404,19 +404,19 @@ Issuer_Alternative_Name::Issuer_Alternative_Name(const AlternativeName& name) : /* * Encode the extension */ -MemoryVector Extended_Key_Usage::encode_inner() const +std::vector Extended_Key_Usage::encode_inner() const { return DER_Encoder() .start_cons(SEQUENCE) .encode_list(oids) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void Extended_Key_Usage::decode_inner(const MemoryRegion& in) +void Extended_Key_Usage::decode_inner(const std::vector& in) { BER_Decoder(in) .start_cons(SEQUENCE) @@ -467,7 +467,7 @@ class Policy_Information : public ASN1_Object /* * Encode the extension */ -MemoryVector Certificate_Policies::encode_inner() const +std::vector Certificate_Policies::encode_inner() const { std::vector policies; @@ -478,13 +478,13 @@ MemoryVector Certificate_Policies::encode_inner() const .start_cons(SEQUENCE) .encode_list(policies) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void Certificate_Policies::decode_inner(const MemoryRegion& in) +void Certificate_Policies::decode_inner(const std::vector& in) { std::vector policies; @@ -530,15 +530,15 @@ CRL_Number* CRL_Number::copy() const /* * Encode the extension */ -MemoryVector CRL_Number::encode_inner() const +std::vector CRL_Number::encode_inner() const { - return DER_Encoder().encode(crl_number).get_contents(); + return DER_Encoder().encode(crl_number).get_contents_unlocked(); } /* * Decode the extension */ -void CRL_Number::decode_inner(const MemoryRegion& in) +void CRL_Number::decode_inner(const std::vector& in) { BER_Decoder(in).decode(crl_number); } @@ -554,17 +554,17 @@ void CRL_Number::contents_to(Data_Store& info, Data_Store&) const /* * Encode the extension */ -MemoryVector CRL_ReasonCode::encode_inner() const +std::vector CRL_ReasonCode::encode_inner() const { return DER_Encoder() .encode(static_cast(reason), ENUMERATED, UNIVERSAL) - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void CRL_ReasonCode::decode_inner(const MemoryRegion& in) +void CRL_ReasonCode::decode_inner(const std::vector& in) { size_t reason_code = 0; BER_Decoder(in).decode(reason_code, ENUMERATED, UNIVERSAL); diff --git a/src/cert/x509cert/x509_ext.h b/src/cert/x509cert/x509_ext.h index 8799c5921..ee0e66959 100644 --- a/src/cert/x509cert/x509_ext.h +++ b/src/cert/x509cert/x509_ext.h @@ -56,8 +56,8 @@ class BOTAN_DLL Certificate_Extension protected: friend class Extensions; virtual bool should_encode() const { return true; } - virtual MemoryVector encode_inner() const = 0; - virtual void decode_inner(const MemoryRegion&) = 0; + virtual std::vector encode_inner() const = 0; + virtual void decode_inner(const std::vector&) = 0; }; /** @@ -107,8 +107,8 @@ class BOTAN_DLL Basic_Constraints : public Certificate_Extension std::string config_id() const { return "basic_constraints"; } std::string oid_name() const { return "X509v3.BasicConstraints"; } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; bool is_ca; @@ -131,8 +131,8 @@ class BOTAN_DLL Key_Usage : public Certificate_Extension std::string oid_name() const { return "X509v3.KeyUsage"; } bool should_encode() const { return (constraints != NO_CONSTRAINTS); } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; Key_Constraints constraints; @@ -147,19 +147,19 @@ class BOTAN_DLL Subject_Key_ID : public Certificate_Extension Subject_Key_ID* copy() const { return new Subject_Key_ID(key_id); } Subject_Key_ID() {} - Subject_Key_ID(const MemoryRegion&); + Subject_Key_ID(const std::vector&); - MemoryVector get_key_id() const { return key_id; } + std::vector get_key_id() const { return key_id; } private: std::string config_id() const { return "subject_key_id"; } std::string oid_name() const { return "X509v3.SubjectKeyIdentifier"; } bool should_encode() const { return (key_id.size() > 0); } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; - MemoryVector key_id; + std::vector key_id; }; /** @@ -171,19 +171,19 @@ class BOTAN_DLL Authority_Key_ID : public Certificate_Extension Authority_Key_ID* copy() const { return new Authority_Key_ID(key_id); } Authority_Key_ID() {} - Authority_Key_ID(const MemoryRegion& k) : key_id(k) {} + Authority_Key_ID(const std::vector& k) : key_id(k) {} - MemoryVector get_key_id() const { return key_id; } + std::vector get_key_id() const { return key_id; } private: std::string config_id() const { return "authority_key_id"; } std::string oid_name() const { return "X509v3.AuthorityKeyIdentifier"; } bool should_encode() const { return (key_id.size() > 0); } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; - MemoryVector key_id; + std::vector key_id; }; /** @@ -204,8 +204,8 @@ class BOTAN_DLL Alternative_Name : public Certificate_Extension std::string oid_name() const { return oid_name_str; } bool should_encode() const { return alt_name.has_items(); } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; std::string config_name_str, oid_name_str; @@ -253,8 +253,8 @@ class BOTAN_DLL Extended_Key_Usage : public Certificate_Extension std::string oid_name() const { return "X509v3.ExtendedKeyUsage"; } bool should_encode() const { return (oids.size() > 0); } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; std::vector oids; @@ -278,8 +278,8 @@ class BOTAN_DLL Certificate_Policies : public Certificate_Extension std::string oid_name() const { return "X509v3.CertificatePolicies"; } bool should_encode() const { return (oids.size() > 0); } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; std::vector oids; @@ -302,8 +302,8 @@ class BOTAN_DLL CRL_Number : public Certificate_Extension std::string oid_name() const { return "X509v3.CRLNumber"; } bool should_encode() const { return has_value; } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; bool has_value; @@ -326,8 +326,8 @@ class BOTAN_DLL CRL_ReasonCode : public Certificate_Extension std::string oid_name() const { return "X509v3.ReasonCode"; } bool should_encode() const { return (reason != UNSPECIFIED); } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; CRL_Code reason; diff --git a/src/cert/x509cert/x509_obj.cpp b/src/cert/x509cert/x509_obj.cpp index eff8e2543..5de4049ba 100644 --- a/src/cert/x509cert/x509_obj.cpp +++ b/src/cert/x509cert/x509_obj.cpp @@ -27,7 +27,7 @@ X509_Object::X509_Object(DataSource& stream, const std::string& labels) } /* -* Createa a generic X.509 object +* Create a generic X.509 object */ X509_Object::X509_Object(const std::string& file, const std::string& labels) { @@ -35,6 +35,15 @@ X509_Object::X509_Object(const std::string& file, const std::string& labels) init(stream, labels); } +/* +* Create a generic X.509 object +*/ +X509_Object::X509_Object(const std::vector& vec, const std::string& labels) + { + DataSource_Memory stream(&vec[0], vec.size()); + init(stream, labels); + } + /* * Read a PEM or BER X.509 object */ @@ -97,7 +106,7 @@ void X509_Object::encode(Pipe& out, X509_Encoding encoding) const /* * Return a BER encoded X.509 object */ -MemoryVector X509_Object::BER_encode() const +std::vector X509_Object::BER_encode() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -107,7 +116,7 @@ MemoryVector X509_Object::BER_encode() const .encode(sig_algo) .encode(sig, BIT_STRING) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* @@ -121,7 +130,7 @@ std::string X509_Object::PEM_encode() const /* * Return the TBS data */ -MemoryVector X509_Object::tbs_data() const +std::vector X509_Object::tbs_data() const { return ASN1::put_in_sequence(tbs_bits); } @@ -129,7 +138,7 @@ MemoryVector X509_Object::tbs_data() const /* * Return the signature of this object */ -MemoryVector X509_Object::signature() const +std::vector X509_Object::signature() const { return sig; } @@ -201,10 +210,10 @@ bool X509_Object::check_signature(Public_Key& pub_key) const /* * Apply the X.509 SIGNED macro */ -MemoryVector X509_Object::make_signed(PK_Signer* signer, +std::vector X509_Object::make_signed(PK_Signer* signer, RandomNumberGenerator& rng, const AlgorithmIdentifier& algo, - const MemoryRegion& tbs_bits) + const secure_vector& tbs_bits) { return DER_Encoder() .start_cons(SEQUENCE) @@ -212,7 +221,7 @@ MemoryVector X509_Object::make_signed(PK_Signer* signer, .encode(algo) .encode(signer->sign_message(tbs_bits, rng), BIT_STRING) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* diff --git a/src/cert/x509cert/x509_obj.h b/src/cert/x509cert/x509_obj.h index 570b00f51..26c9e22bf 100644 --- a/src/cert/x509cert/x509_obj.h +++ b/src/cert/x509cert/x509_obj.h @@ -27,12 +27,12 @@ class BOTAN_DLL X509_Object * The underlying data that is to be or was signed * @return data that is or was signed */ - MemoryVector tbs_data() const; + std::vector tbs_data() const; /** * @return signature on tbs_data() */ - MemoryVector signature() const; + std::vector signature() const; /** * @return signature algorithm that was used to generate signature @@ -52,10 +52,10 @@ class BOTAN_DLL X509_Object * @param tbs the tbs bits to be signed * @return signed X509 object */ - static MemoryVector make_signed(class PK_Signer* signer, - RandomNumberGenerator& rng, - const AlgorithmIdentifier& alg_id, - const MemoryRegion& tbs); + static std::vector make_signed(class PK_Signer* signer, + RandomNumberGenerator& rng, + const AlgorithmIdentifier& alg_id, + const secure_vector& tbs); /** * Check the signature on this data @@ -75,7 +75,7 @@ class BOTAN_DLL X509_Object /** * @return BER encoding of this */ - MemoryVector BER_encode() const; + std::vector BER_encode() const; /** * @return PEM encoding of this @@ -95,15 +95,17 @@ class BOTAN_DLL X509_Object protected: X509_Object(DataSource& src, const std::string& pem_labels); X509_Object(const std::string& file, const std::string& pem_labels); + X509_Object(const std::vector& vec, const std::string& labels); void do_decode(); X509_Object() {} AlgorithmIdentifier sig_algo; - MemoryVector tbs_bits, sig; + std::vector tbs_bits, sig; private: virtual void force_decode() = 0; void init(DataSource&, const std::string&); void decode_info(DataSource&); + std::vector PEM_labels_allowed; std::string PEM_label_pref; }; diff --git a/src/cert/x509cert/x509cert.cpp b/src/cert/x509cert/x509cert.cpp index 4cff28c39..8dc4b8b0c 100644 --- a/src/cert/x509cert/x509cert.cpp +++ b/src/cert/x509cert/x509cert.cpp @@ -57,6 +57,16 @@ X509_Certificate::X509_Certificate(const std::string& in) : do_decode(); } +/* +* X509_Certificate Constructor +*/ +X509_Certificate::X509_Certificate(const std::vector& in) : + X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") + { + self_signed = false; + do_decode(); + } + /* * Decode the TBSCertificate data */ @@ -97,7 +107,7 @@ void X509_Certificate::force_decode() throw BER_Bad_Tag("X509_Certificate: Unexpected tag for public key", public_key.type_tag, public_key.class_tag); - MemoryVector v2_issuer_key_id, v2_subject_key_id; + std::vector v2_issuer_key_id, v2_subject_key_id; tbs_cert.decode_optional_string(v2_issuer_key_id, BIT_STRING, 1); tbs_cert.decode_optional_string(v2_subject_key_id, BIT_STRING, 2); @@ -129,7 +139,7 @@ void X509_Certificate::force_decode() subject.add("X509.Certificate.public_key", PEM_Code::encode( - ASN1::put_in_sequence(public_key.value), + ASN1::put_in_sequence(unlock(public_key.value)), "PUBLIC KEY" ) ); @@ -243,7 +253,7 @@ std::vector X509_Certificate::policies() const /* * Return the authority key id */ -MemoryVector X509_Certificate::authority_key_id() const +std::vector X509_Certificate::authority_key_id() const { return issuer.get1_memvec("X509v3.AuthorityKeyIdentifier"); } @@ -251,7 +261,7 @@ MemoryVector X509_Certificate::authority_key_id() const /* * Return the subject key id */ -MemoryVector X509_Certificate::subject_key_id() const +std::vector X509_Certificate::subject_key_id() const { return subject.get1_memvec("X509v3.SubjectKeyIdentifier"); } @@ -259,7 +269,7 @@ MemoryVector X509_Certificate::subject_key_id() const /* * Return the certificate serial number */ -MemoryVector X509_Certificate::serial_number() const +std::vector X509_Certificate::serial_number() const { return subject.get1_memvec("X509.Certificate.serial"); } diff --git a/src/cert/x509cert/x509cert.h b/src/cert/x509cert/x509cert.h index 26c57e524..87a8069d6 100644 --- a/src/cert/x509cert/x509cert.h +++ b/src/cert/x509cert/x509cert.h @@ -85,19 +85,19 @@ class BOTAN_DLL X509_Certificate : public X509_Object * Get the serial number of this certificate. * @return certificates serial number */ - MemoryVector serial_number() const; + std::vector serial_number() const; /** * Get the DER encoded AuthorityKeyIdentifier of this certificate. * @return DER encoded AuthorityKeyIdentifier */ - MemoryVector authority_key_id() const; + std::vector authority_key_id() const; /** * Get the DER encoded SubjectKeyIdentifier of this certificate. * @return DER encoded SubjectKeyIdentifier */ - MemoryVector subject_key_id() const; + std::vector subject_key_id() const; /** * Check whether this certificate is self signed. @@ -176,6 +176,9 @@ class BOTAN_DLL X509_Certificate : public X509_Object * @param filename the name of the certificate file */ X509_Certificate(const std::string& filename); + + X509_Certificate(const std::vector& in); + private: void force_decode(); friend class X509_CA; diff --git a/src/cert/x509crl/crl_ent.h b/src/cert/x509crl/crl_ent.h index b3e696a86..f80fbb862 100644 --- a/src/cert/x509crl/crl_ent.h +++ b/src/cert/x509crl/crl_ent.h @@ -25,7 +25,7 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object * Get the serial number of the certificate associated with this entry. * @return certificate's serial number */ - MemoryVector serial_number() const { return serial; } + std::vector serial_number() const { return serial; } /** * Get the revocation date of the certificate associated with this entry @@ -54,7 +54,7 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object private: bool throw_on_unknown_critical; - MemoryVector serial; + std::vector serial; X509_Time time; CRL_Code reason; }; diff --git a/src/cert/x509crl/x509_crl.cpp b/src/cert/x509crl/x509_crl.cpp index 72da81fce..7b0d03453 100644 --- a/src/cert/x509crl/x509_crl.cpp +++ b/src/cert/x509crl/x509_crl.cpp @@ -32,6 +32,12 @@ X509_CRL::X509_CRL(const std::string& in, bool touc) : do_decode(); } +X509_CRL::X509_CRL(const std::vector& in, bool touc) : + X509_Object(in, "CRL/X509 CRL"), throw_on_unknown_critical(touc) + { + do_decode(); + } + /* * Decode the TBSCertList data */ @@ -115,7 +121,7 @@ X509_DN X509_CRL::issuer_dn() const /* * Return the key identifier of the issuer */ -MemoryVector X509_CRL::authority_key_id() const +std::vector X509_CRL::authority_key_id() const { return info.get1_memvec("X509v3.AuthorityKeyIdentifier"); } diff --git a/src/cert/x509crl/x509_crl.h b/src/cert/x509crl/x509_crl.h index c2b3c4f5c..37076169e 100644 --- a/src/cert/x509crl/x509_crl.h +++ b/src/cert/x509crl/x509_crl.h @@ -45,7 +45,7 @@ class BOTAN_DLL X509_CRL : public X509_Object * Get the AuthorityKeyIdentifier of this CRL. * @return this CRLs AuthorityKeyIdentifier */ - MemoryVector authority_key_id() const; + std::vector authority_key_id() const; /** * Get the serial number of this CRL. @@ -81,6 +81,16 @@ class BOTAN_DLL X509_CRL : public X509_Object */ X509_CRL(const std::string& filename, bool throw_on_unknown_critical = false); + + /** + * Construct a CRL from a binary vector + * @param vec the binary (DER) representation of the CRL + * @param throw_on_unknown_critical should we throw an exception + * if an unknown CRL extension marked as critical is encountered. + */ + X509_CRL(const std::vector& vec, + bool throw_on_unknown_critical = false); + private: void force_decode(); diff --git a/src/cert/x509self/x509self.cpp b/src/cert/x509self/x509self.cpp index c100ee825..c13772382 100644 --- a/src/cert/x509self/x509self.cpp +++ b/src/cert/x509self/x509self.cpp @@ -53,7 +53,7 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, opts.sanity_check(); - MemoryVector pub_key = X509::BER_encode(key); + std::vector pub_key = X509::BER_encode(key); std::unique_ptr signer(choose_sig_format(key, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); @@ -99,7 +99,7 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, opts.sanity_check(); - MemoryVector pub_key = X509::BER_encode(key); + std::vector pub_key = X509::BER_encode(key); std::unique_ptr signer(choose_sig_format(key, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); @@ -134,7 +134,7 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, tbs_req.encode( Attribute("PKCS9.ChallengePassword", - DER_Encoder().encode(challenge).get_contents() + DER_Encoder().encode(challenge).get_contents_unlocked() ) ); } @@ -145,20 +145,17 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, .start_cons(SEQUENCE) .encode(extensions) .end_cons() - .get_contents() + .get_contents_unlocked() ) ) .end_explicit() .end_cons(); - DataSource_Memory source( - X509_Object::make_signed(signer.get(), - rng, - sig_algo, - tbs_req.get_contents()) - ); + const std::vector req = + X509_Object::make_signed(signer.get(), rng, sig_algo, + tbs_req.get_contents()); - return PKCS10_Request(source); + return PKCS10_Request(req); } } diff --git a/src/cert/x509store/x509stor.cpp b/src/cert/x509store/x509stor.cpp index a635b3930..ccce9abce 100644 --- a/src/cert/x509store/x509stor.cpp +++ b/src/cert/x509store/x509stor.cpp @@ -36,8 +36,8 @@ s32bit validity_check(const X509_Time& start, const X509_Time& end, /* * Compare the value of unique ID fields */ -bool compare_ids(const MemoryVector& id1, - const MemoryVector& id2) +bool compare_ids(const std::vector& id1, + const std::vector& id2) { if(!id1.size() || !id2.size()) return true; @@ -136,10 +136,10 @@ bool X509_Store::CRL_Data::operator<(const X509_Store::CRL_Data& other) const if(*this == other) return false; - const MemoryVector& serial1 = serial; - const MemoryVector& key_id1 = auth_key_id; - const MemoryVector& serial2 = other.serial; - const MemoryVector& key_id2 = other.auth_key_id; + const std::vector& serial1 = serial; + const std::vector& key_id1 = auth_key_id; + const std::vector& serial2 = other.serial; + const std::vector& key_id2 = other.auth_key_id; if(compare_ids(key_id1, key_id2) == false) { @@ -252,7 +252,7 @@ X509_Code X509_Store::validate_cert(const X509_Certificate& cert, * Find this certificate */ size_t X509_Store::find_cert(const X509_DN& subject_dn, - const MemoryRegion& subject_key_id) const + const std::vector& subject_key_id) const { for(size_t j = 0; j != certs.size(); ++j) { @@ -270,7 +270,7 @@ size_t X509_Store::find_cert(const X509_DN& subject_dn, size_t X509_Store::find_parent_of(const X509_Certificate& cert) { const X509_DN issuer_dn = cert.issuer_dn(); - const MemoryVector auth_key_id = cert.authority_key_id(); + const std::vector auth_key_id = cert.authority_key_id(); size_t index = find_cert(issuer_dn, auth_key_id); diff --git a/src/cert/x509store/x509stor.h b/src/cert/x509store/x509stor.h index 532db6190..3945f9fd3 100644 --- a/src/cert/x509store/x509stor.h +++ b/src/cert/x509store/x509stor.h @@ -87,7 +87,7 @@ class BOTAN_DLL X509_Store { public: X509_DN issuer; - MemoryVector serial, auth_key_id; + std::vector serial, auth_key_id; bool operator==(const CRL_Data&) const; bool operator!=(const CRL_Data&) const; bool operator<(const CRL_Data&) const; @@ -112,7 +112,7 @@ class BOTAN_DLL X509_Store static X509_Code check_sig(const X509_Object&, Public_Key*); - size_t find_cert(const X509_DN&, const MemoryRegion&) const; + size_t find_cert(const X509_DN&, const std::vector&) const; X509_Code check_sig(const Cert_Info&, const Cert_Info&) const; void recompute_revoked_info() const; diff --git a/src/cms/cms_algo.cpp b/src/cms/cms_algo.cpp index 3c245cc6f..6d768306b 100644 --- a/src/cms/cms_algo.cpp +++ b/src/cms/cms_algo.cpp @@ -23,10 +23,10 @@ namespace { /* * Wrap a key as specified in RFC 3217 */ -SecureVector do_rfc3217_wrap(RandomNumberGenerator& rng, +secure_vector do_rfc3217_wrap(RandomNumberGenerator& rng, const std::string& cipher_name, const SymmetricKey& kek, - const SecureVector& input) + const secure_vector& input) { class Flip_Bytes : public Filter { @@ -44,9 +44,9 @@ SecureVector do_rfc3217_wrap(RandomNumberGenerator& rng, buf.clear(); } - Flip_Bytes(const SecureVector& prefix) : buf(prefix) {} + Flip_Bytes(const secure_vector& prefix) : buf(prefix) {} private: - SecureVector buf; + secure_vector buf; }; Algorithm_Factory& af = global_state().algorithm_factory(); @@ -78,7 +78,7 @@ SecureVector do_rfc3217_wrap(RandomNumberGenerator& rng, /* * Wrap a CEK with a KEK */ -SecureVector CMS_Encoder::wrap_key(RandomNumberGenerator& rng, +secure_vector CMS_Encoder::wrap_key(RandomNumberGenerator& rng, const std::string& cipher, const SymmetricKey& cek, const SymmetricKey& kek) @@ -98,7 +98,7 @@ SecureVector CMS_Encoder::wrap_key(RandomNumberGenerator& rng, if(kek.length() != 16) throw Encoding_Error("CMS: 128-bit KEKs must be used with " + cipher); - SecureVector lcekpad; + secure_vector lcekpad; lcekpad.push_back(static_cast(cek.length())); lcekpad += cek.bits_of(); while(lcekpad.size() % 8) @@ -113,7 +113,7 @@ SecureVector CMS_Encoder::wrap_key(RandomNumberGenerator& rng, /* * Encode the parameters for an encryption algo */ -SecureVector CMS_Encoder::encode_params(const std::string& cipher, +secure_vector CMS_Encoder::encode_params(const std::string& cipher, const SymmetricKey& key, const InitializationVector& iv) { diff --git a/src/cms/cms_comp.cpp b/src/cms/cms_comp.cpp index 3d9108e13..8ff46acea 100644 --- a/src/cms/cms_comp.cpp +++ b/src/cms/cms_comp.cpp @@ -37,13 +37,13 @@ void CMS_Encoder::compress(const std::string& algo) Pipe pipe(compressor); pipe.process_msg(data); - SecureVector compressed = pipe.read_all(); + secure_vector compressed = pipe.read_all(); DER_Encoder encoder; encoder.start_cons(SEQUENCE). encode(static_cast(0)). encode(AlgorithmIdentifier("Compression." + algo, - MemoryVector())). + std::vector())). raw_bytes(make_econtent(compressed, type)). end_cons(); diff --git a/src/cms/cms_dalg.cpp b/src/cms/cms_dalg.cpp index 9fb5a29f2..96bdd5be3 100644 --- a/src/cms/cms_dalg.cpp +++ b/src/cms/cms_dalg.cpp @@ -20,7 +20,7 @@ namespace { /* * Compute the hash of some content */ -SecureVector hash_of(const SecureVector& content, +secure_vector hash_of(const secure_vector& content, const AlgorithmIdentifier& hash_algo, std::string& hash_name) { @@ -106,11 +106,11 @@ void read_orig_info(BER_Decoder& info, X509_Store& store) /* * Decode any Attributes, and check type */ -SecureVector decode_attributes(BER_Decoder& ber, const OID& type, +secure_vector decode_attributes(BER_Decoder& ber, const OID& type, bool& bad_attributes) { BER_Object obj = ber.get_next_object(); - SecureVector digest; + secure_vector digest; bool got_digest = false; bool got_content_type = false; @@ -178,7 +178,7 @@ void CMS_Decoder::decode_layer() { size_t version; AlgorithmIdentifier hash_algo; - SecureVector digest; + secure_vector digest; BER_Decoder hash_info = decoder.start_cons(SEQUENCE); @@ -213,7 +213,7 @@ void CMS_Decoder::decode_layer() while(signer_infos.more_items()) { AlgorithmIdentifier sig_algo, hash_algo; - SecureVector signature, digest; + secure_vector signature, digest; size_t version; BER_Decoder signer_info = BER::get_subsequence(signer_infos); diff --git a/src/cms/cms_dec.h b/src/cms/cms_dec.h index 8aa5c0edb..8c2057c2a 100644 --- a/src/cms/cms_dec.h +++ b/src/cms/cms_dec.h @@ -52,7 +52,7 @@ class BOTAN_DLL CMS_Decoder std::vector keys; OID type, next_type; - SecureVector data; + secure_vector data; Status status; std::string info; }; diff --git a/src/cms/cms_ealg.cpp b/src/cms/cms_ealg.cpp index 2acffa5f7..4c3fd98fc 100644 --- a/src/cms/cms_ealg.cpp +++ b/src/cms/cms_ealg.cpp @@ -53,7 +53,7 @@ DER_Encoder& encode_si(DER_Encoder& der, const X509_Certificate& cert, /* * Compute the hash of some content */ -SecureVector hash_of(const SecureVector& content, +secure_vector hash_of(const secure_vector& content, const std::string& hash_name) { Algorithm_Factory& af = global_state().algorithm_factory(); @@ -64,11 +64,11 @@ SecureVector hash_of(const SecureVector& content, /* * Encode Attributes containing info on content */ -SecureVector encode_attr(const SecureVector& data, +secure_vector encode_attr(const secure_vector& data, const std::string& type, const std::string& hash) { - SecureVector digest = hash_of(data, hash); + secure_vector digest = hash_of(data, hash); DER_Encoder encoder; encoder.encode(OIDS::lookup(type)); @@ -198,7 +198,7 @@ void CMS_Encoder::encrypt(RandomNumberGenerator& rng, const std::string cipher = choose_algo(user_cipher, "TripleDES"); SymmetricKey cek = setup_key(rng, cipher); - SecureVector kek_id; // FIXME: ? + secure_vector kek_id; // FIXME: ? DER_Encoder encoder; @@ -244,7 +244,7 @@ void CMS_Encoder::encrypt(RandomNumberGenerator&, /* * Encrypt the content with the chosen key/cipher */ -SecureVector CMS_Encoder::do_encrypt(RandomNumberGenerator& rng, +secure_vector CMS_Encoder::do_encrypt(RandomNumberGenerator& rng, const SymmetricKey& key, const std::string& cipher_name) { @@ -297,9 +297,9 @@ void CMS_Encoder::sign(const X509_Certificate& cert, AlgorithmIdentifier sig_algo(OIDS::lookup(key.algo_name() + "/" + padding), AlgorithmIdentifier::USE_NULL_PARAM); - SecureVector signed_attr = encode_attr(data, type, hash); + secure_vector signed_attr = encode_attr(data, type, hash); signer.update(signed_attr); - SecureVector signature = signer.signature(rng); + secure_vector signature = signer.signature(rng); signed_attr[0] = 0xA0; const size_t SI_VERSION = cert.subject_key_id().size() ? 3 : 1; diff --git a/src/cms/cms_enc.cpp b/src/cms/cms_enc.cpp index 1a45a6a46..58d7cabb6 100644 --- a/src/cms/cms_enc.cpp +++ b/src/cms/cms_enc.cpp @@ -36,7 +36,7 @@ void CMS_Encoder::set_data(const std::string& str) /* * Finalize and return the CMS encoded data */ -SecureVector CMS_Encoder::get_contents() +secure_vector CMS_Encoder::get_contents() { DER_Encoder encoder; @@ -72,7 +72,7 @@ std::string CMS_Encoder::PEM_contents() /* * Make an EncapsulatedContentInfo */ -SecureVector CMS_Encoder::make_econtent(const SecureVector& data, +secure_vector CMS_Encoder::make_econtent(const secure_vector& data, const std::string& type) { return DER_Encoder().start_cons(SEQUENCE). diff --git a/src/cms/cms_enc.h b/src/cms/cms_enc.h index 5dca838dd..c86dbe58e 100644 --- a/src/cms/cms_enc.h +++ b/src/cms/cms_enc.h @@ -47,7 +47,7 @@ class BOTAN_DLL CMS_Encoder void compress(const std::string&); static bool can_compress_with(const std::string&); - SecureVector get_contents(); + secure_vector get_contents(); std::string PEM_contents(); void set_data(const std::string&); @@ -65,25 +65,25 @@ class BOTAN_DLL CMS_Encoder const X509_Certificate&, Public_Key*, const std::string&); - SecureVector do_encrypt(RandomNumberGenerator& rng, + secure_vector do_encrypt(RandomNumberGenerator& rng, const SymmetricKey&, const std::string&); - static SecureVector make_econtent(const SecureVector&, + static secure_vector make_econtent(const secure_vector&, const std::string&); static SymmetricKey setup_key(RandomNumberGenerator& rng, const std::string&); - static SecureVector wrap_key(RandomNumberGenerator& rng, + static secure_vector wrap_key(RandomNumberGenerator& rng, const std::string&, const SymmetricKey&, const SymmetricKey&); - static SecureVector encode_params(const std::string&, + static secure_vector encode_params(const std::string&, const SymmetricKey&, const InitializationVector&); - SecureVector data; + secure_vector data; std::string type; }; diff --git a/src/codec/base64/base64.cpp b/src/codec/base64/base64.cpp index 6a53a7a9a..719a3e8fa 100644 --- a/src/codec/base64/base64.cpp +++ b/src/codec/base64/base64.cpp @@ -92,11 +92,6 @@ std::string base64_encode(const byte input[], return output; } -std::string base64_encode(const MemoryRegion& input) - { - return base64_encode(&input[0], input.size()); - } - size_t base64_decode(byte output[], const char input[], size_t input_length, @@ -226,11 +221,11 @@ size_t base64_decode(byte output[], return base64_decode(output, &input[0], input.length(), ignore_ws); } -SecureVector base64_decode(const char input[], +secure_vector base64_decode(const char input[], size_t input_length, bool ignore_ws) { - SecureVector bin((round_up(input_length, 4) * 3) / 4); + secure_vector bin((round_up(input_length, 4) * 3) / 4); size_t written = base64_decode(&bin[0], input, @@ -241,7 +236,7 @@ SecureVector base64_decode(const char input[], return bin; } -SecureVector base64_decode(const std::string& input, +secure_vector base64_decode(const std::string& input, bool ignore_ws) { return base64_decode(&input[0], input.size(), ignore_ws); diff --git a/src/codec/base64/base64.h b/src/codec/base64/base64.h index 23a2558bd..9ea4143b7 100644 --- a/src/codec/base64/base64.h +++ b/src/codec/base64/base64.h @@ -46,7 +46,11 @@ std::string BOTAN_DLL base64_encode(const byte input[], * @param input some input * @return base64adecimal representation of input */ -std::string BOTAN_DLL base64_encode(const MemoryRegion& input); +template +std::string base64_encode(const std::vector& input) + { + return base64_encode(&input[0], input.size()); + } /** * Perform base64 decoding @@ -104,7 +108,7 @@ size_t BOTAN_DLL base64_decode(byte output[], exception if whitespace is encountered * @return decoded base64 output */ -SecureVector BOTAN_DLL base64_decode(const char input[], +secure_vector BOTAN_DLL base64_decode(const char input[], size_t input_length, bool ignore_ws = true); @@ -115,7 +119,7 @@ SecureVector BOTAN_DLL base64_decode(const char input[], exception if whitespace is encountered * @return decoded base64 output */ -SecureVector BOTAN_DLL base64_decode(const std::string& input, +secure_vector BOTAN_DLL base64_decode(const std::string& input, bool ignore_ws = true); } diff --git a/src/codec/hex/hex.cpp b/src/codec/hex/hex.cpp index 41ba1298d..1fd32e2ed 100644 --- a/src/codec/hex/hex.cpp +++ b/src/codec/hex/hex.cpp @@ -34,12 +34,6 @@ void hex_encode(char output[], } } -std::string hex_encode(const MemoryRegion& input, - bool uppercase) - { - return hex_encode(&input[0], input.size(), uppercase); - } - std::string hex_encode(const byte input[], size_t input_length, bool uppercase) @@ -165,11 +159,11 @@ size_t hex_decode(byte output[], return hex_decode(output, &input[0], input.length(), ignore_ws); } -SecureVector hex_decode(const char input[], +secure_vector hex_decode(const char input[], size_t input_length, bool ignore_ws) { - SecureVector bin(1 + input_length / 2); + secure_vector bin(1 + input_length / 2); size_t written = hex_decode(&bin[0], input, @@ -180,7 +174,7 @@ SecureVector hex_decode(const char input[], return bin; } -SecureVector hex_decode(const std::string& input, +secure_vector hex_decode(const std::string& input, bool ignore_ws) { return hex_decode(&input[0], input.size(), ignore_ws); diff --git a/src/codec/hex/hex.h b/src/codec/hex/hex.h index 40930e808..bdb5e5365 100644 --- a/src/codec/hex/hex.h +++ b/src/codec/hex/hex.h @@ -42,8 +42,12 @@ std::string BOTAN_DLL hex_encode(const byte input[], * @param uppercase should output be upper or lower case? * @return hexadecimal representation of input */ -std::string BOTAN_DLL hex_encode(const MemoryRegion& input, - bool uppercase = true); +template +std::string hex_encode(const std::vector& input, + bool uppercase = true) + { + return hex_encode(&input[0], input.size(), uppercase); + } /** * Perform hex decoding @@ -98,7 +102,7 @@ size_t BOTAN_DLL hex_decode(byte output[], exception if whitespace is encountered * @return decoded hex output */ -SecureVector BOTAN_DLL hex_decode(const char input[], +secure_vector BOTAN_DLL hex_decode(const char input[], size_t input_length, bool ignore_ws = true); @@ -109,8 +113,8 @@ SecureVector BOTAN_DLL hex_decode(const char input[], exception if whitespace is encountered * @return decoded hex output */ -SecureVector BOTAN_DLL hex_decode(const std::string& input, - bool ignore_ws = true); +secure_vector BOTAN_DLL hex_decode(const std::string& input, + bool ignore_ws = true); } diff --git a/src/codec/openpgp/openpgp.cpp b/src/codec/openpgp/openpgp.cpp index ab9673689..fe6ac6edf 100644 --- a/src/codec/openpgp/openpgp.cpp +++ b/src/codec/openpgp/openpgp.cpp @@ -67,7 +67,7 @@ std::string PGP_encode(const byte input[], size_t length, /* * OpenPGP Base64 decoding */ -SecureVector PGP_decode(DataSource& source, +secure_vector PGP_decode(DataSource& source, std::string& label, std::map& headers) { @@ -186,7 +186,7 @@ SecureVector PGP_decode(DataSource& source, /* * OpenPGP Base64 decoding */ -SecureVector PGP_decode(DataSource& source, std::string& label) +secure_vector PGP_decode(DataSource& source, std::string& label) { std::map ignored; return PGP_decode(source, label, ignored); diff --git a/src/codec/openpgp/openpgp.h b/src/codec/openpgp/openpgp.h index 0cd77d53a..de56155f2 100644 --- a/src/codec/openpgp/openpgp.h +++ b/src/codec/openpgp/openpgp.h @@ -42,7 +42,7 @@ BOTAN_DLL std::string PGP_encode( * @param headers is set to any headers * @return decoded output as raw binary */ -BOTAN_DLL SecureVector PGP_decode( +BOTAN_DLL secure_vector PGP_decode( DataSource& source, std::string& label, std::map& headers); @@ -52,7 +52,7 @@ BOTAN_DLL SecureVector PGP_decode( * @param label is set to the human-readable label * @return decoded output as raw binary */ -BOTAN_DLL SecureVector PGP_decode( +BOTAN_DLL secure_vector PGP_decode( DataSource& source, std::string& label); diff --git a/src/codec/pem/pem.cpp b/src/codec/pem/pem.cpp index 52a22d8ef..03ec33440 100644 --- a/src/codec/pem/pem.cpp +++ b/src/codec/pem/pem.cpp @@ -27,23 +27,14 @@ std::string encode(const byte der[], size_t length, const std::string& label, return (PEM_HEADER + pipe.read_all_as_string() + PEM_TRAILER); } -/* -* PEM encode BER/DER-encoded objects -*/ -std::string encode(const MemoryRegion& data, const std::string& label, - size_t width) - { - return encode(&data[0], data.size(), label, width); - } - /* * Decode PEM down to raw BER/DER */ -SecureVector decode_check_label(DataSource& source, +secure_vector decode_check_label(DataSource& source, const std::string& label_want) { std::string label_got; - SecureVector ber = decode(source, label_got); + secure_vector ber = decode(source, label_got); if(label_got != label_want) throw Decoding_Error("PEM: Label mismatch, wanted " + label_want + ", got " + label_got); @@ -53,7 +44,7 @@ SecureVector decode_check_label(DataSource& source, /* * Decode PEM down to raw BER/DER */ -SecureVector decode(DataSource& source, std::string& label) +secure_vector decode(DataSource& source, std::string& label) { const size_t RANDOM_CHAR_LIMIT = 8; @@ -110,14 +101,14 @@ SecureVector decode(DataSource& source, std::string& label) return base64.read_all(); } -SecureVector decode_check_label(const std::string& pem, +secure_vector decode_check_label(const std::string& pem, const std::string& label_want) { DataSource_Memory src(pem); return decode_check_label(src, label_want); } -SecureVector decode(const std::string& pem, std::string& label) +secure_vector decode(const std::string& pem, std::string& label) { DataSource_Memory src(pem); return decode(src, label); @@ -131,7 +122,7 @@ bool matches(DataSource& source, const std::string& extra, { const std::string PEM_HEADER = "-----BEGIN " + extra; - SecureVector search_buf(search_range); + secure_vector search_buf(search_range); size_t got = source.peek(&search_buf[0], search_buf.size(), 0); if(got < PEM_HEADER.length()) diff --git a/src/codec/pem/pem.h b/src/codec/pem/pem.h index 10267f029..6c33c642d 100644 --- a/src/codec/pem/pem.h +++ b/src/codec/pem/pem.h @@ -17,37 +17,50 @@ namespace PEM_Code { /** * Encode some binary data in PEM format */ -BOTAN_DLL std::string encode(const byte der[], - size_t der_len, +BOTAN_DLL std::string encode(const byte data[], + size_t data_len, const std::string& label, size_t line_width = 64); /** * Encode some binary data in PEM format */ -BOTAN_DLL std::string encode(const MemoryRegion& der, - const std::string& label, - size_t line_width = 64); +inline std::string encode(const std::vector& data, + const std::string& label, + size_t line_width = 64) + { + return encode(&data[0], data.size(), label, line_width); + } + +/** +* Encode some binary data in PEM format +*/ +inline std::string encode(const secure_vector& data, + const std::string& label, + size_t line_width = 64) + { + return encode(&data[0], data.size(), label, line_width); + } /** * Decode PEM data * @param label is set to the PEM label found for later inspection */ -BOTAN_DLL SecureVector decode(DataSource& pem, +BOTAN_DLL secure_vector decode(DataSource& pem, std::string& label); /** * Decode PEM data * @param label is set to the PEM label found for later inspection */ -BOTAN_DLL SecureVector decode(const std::string& pem, +BOTAN_DLL secure_vector decode(const std::string& pem, std::string& label); /** * Decode PEM data * @param label is what we expect the label to be */ -BOTAN_DLL SecureVector decode_check_label( +BOTAN_DLL secure_vector decode_check_label( DataSource& pem, const std::string& label); @@ -55,7 +68,7 @@ BOTAN_DLL SecureVector decode_check_label( * Decode PEM data * @param label is what we expect the label to be */ -BOTAN_DLL SecureVector decode_check_label( +BOTAN_DLL secure_vector decode_check_label( const std::string& pem, const std::string& label); diff --git a/src/constructs/aont/package.cpp b/src/constructs/aont/package.cpp index 4d46f6b61..1adee90e8 100644 --- a/src/constructs/aont/package.cpp +++ b/src/constructs/aont/package.cpp @@ -37,7 +37,7 @@ void aont_package(RandomNumberGenerator& rng, // Set K0 (the all zero key) cipher->set_key(SymmetricKey(all_zeros)); - SecureVector buf(BLOCK_SIZE); + secure_vector buf(BLOCK_SIZE); const size_t blocks = (input_len + BLOCK_SIZE - 1) / BLOCK_SIZE; @@ -57,13 +57,13 @@ void aont_package(RandomNumberGenerator& rng, for(size_t j = 0; j != sizeof(i); ++j) buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i); - cipher->encrypt(buf); + cipher->encrypt(&buf[0]); - xor_buf(final_block, buf, BLOCK_SIZE); + xor_buf(&final_block[0], &buf[0], BLOCK_SIZE); } // XOR the random package key into the final block - xor_buf(final_block, package_key.begin(), BLOCK_SIZE); + xor_buf(&final_block[0], package_key.begin(), BLOCK_SIZE); } void aont_unpackage(BlockCipher* cipher, @@ -83,8 +83,8 @@ void aont_unpackage(BlockCipher* cipher, cipher->set_key(SymmetricKey(all_zeros)); - SecureVector package_key(BLOCK_SIZE); - SecureVector buf(BLOCK_SIZE); + secure_vector package_key(BLOCK_SIZE); + secure_vector buf(BLOCK_SIZE); // Copy the package key (masked with the block hashes) copy_mem(&package_key[0], @@ -105,9 +105,9 @@ void aont_unpackage(BlockCipher* cipher, for(size_t j = 0; j != sizeof(i); ++j) buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i); - cipher->encrypt(buf); + cipher->encrypt(&buf[0]); - xor_buf(&package_key[0], buf, BLOCK_SIZE); + xor_buf(&package_key[0], &buf[0], BLOCK_SIZE); } Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key)); diff --git a/src/constructs/cryptobox/cryptobox.cpp b/src/constructs/cryptobox/cryptobox.cpp index ab263c3e9..bb7bf353c 100644 --- a/src/constructs/cryptobox/cryptobox.cpp +++ b/src/constructs/cryptobox/cryptobox.cpp @@ -44,7 +44,7 @@ std::string encrypt(const byte input[], size_t input_len, const std::string& passphrase, RandomNumberGenerator& rng) { - SecureVector pbkdf_salt(PBKDF_SALT_LEN); + secure_vector pbkdf_salt(PBKDF_SALT_LEN); rng.randomize(&pbkdf_salt[0], pbkdf_salt.size()); PKCS5_PBKDF2 pbkdf(new HMAC(new SHA_512)); @@ -79,10 +79,10 @@ std::string encrypt(const byte input[], size_t input_len, */ const size_t ciphertext_len = pipe.remaining(0); - SecureVector out_buf(VERSION_CODE_LEN + - PBKDF_SALT_LEN + - MAC_OUTPUT_LEN + - ciphertext_len); + std::vector out_buf(VERSION_CODE_LEN + + PBKDF_SALT_LEN + + MAC_OUTPUT_LEN + + ciphertext_len); for(size_t i = 0; i != VERSION_CODE_LEN; ++i) out_buf[i] = get_byte(i, CRYPTOBOX_VERSION_CODE); @@ -100,7 +100,7 @@ std::string decrypt(const byte input[], size_t input_len, const std::string& passphrase) { DataSource_Memory input_src(input, input_len); - SecureVector ciphertext = + secure_vector ciphertext = PEM_Code::decode_check_label(input_src, "BOTAN CRYPTOBOX MESSAGE"); diff --git a/src/constructs/fpe_fe1/fpe_fe1.cpp b/src/constructs/fpe_fe1/fpe_fe1.cpp index 91d328c17..b22d3a8df 100644 --- a/src/constructs/fpe_fe1/fpe_fe1.cpp +++ b/src/constructs/fpe_fe1/fpe_fe1.cpp @@ -84,7 +84,7 @@ class FPE_Encryptor public: FPE_Encryptor(const SymmetricKey& key, const BigInt& n, - const MemoryRegion& tweak); + const std::vector& tweak); ~FPE_Encryptor() { delete mac; } @@ -92,17 +92,17 @@ class FPE_Encryptor private: MessageAuthenticationCode* mac; - SecureVector mac_n_t; + std::vector mac_n_t; }; FPE_Encryptor::FPE_Encryptor(const SymmetricKey& key, const BigInt& n, - const MemoryRegion& tweak) + const std::vector& tweak) { mac = new HMAC(new SHA_256); mac->set_key(key); - SecureVector n_bin = BigInt::encode(n); + std::vector n_bin = BigInt::encode(n); if(n_bin.size() > MAX_N_BYTES) throw std::runtime_error("N is too large for FPE encryption"); @@ -113,12 +113,12 @@ FPE_Encryptor::FPE_Encryptor(const SymmetricKey& key, mac->update_be(static_cast(tweak.size())); mac->update(&tweak[0], tweak.size()); - mac_n_t = mac->final(); + mac_n_t = unlock(mac->final()); } BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R) { - SecureVector r_bin = BigInt::encode(R); + secure_vector r_bin = BigInt::encode_locked(R); mac->update(mac_n_t); mac->update_be(static_cast(round_no)); @@ -126,7 +126,7 @@ BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R) mac->update_be(static_cast(r_bin.size())); mac->update(&r_bin[0], r_bin.size()); - SecureVector X = mac->final(); + secure_vector X = mac->final(); return BigInt(&X[0], X.size()); } @@ -137,7 +137,7 @@ BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R) */ BigInt fe1_encrypt(const BigInt& n, const BigInt& X0, const SymmetricKey& key, - const MemoryRegion& tweak) + const std::vector& tweak) { FPE_Encryptor F(key, n, tweak); @@ -165,7 +165,7 @@ BigInt fe1_encrypt(const BigInt& n, const BigInt& X0, */ BigInt fe1_decrypt(const BigInt& n, const BigInt& X0, const SymmetricKey& key, - const MemoryRegion& tweak) + const std::vector& tweak) { FPE_Encryptor F(key, n, tweak); diff --git a/src/constructs/fpe_fe1/fpe_fe1.h b/src/constructs/fpe_fe1/fpe_fe1.h index da9a6bcb6..66e7f1cfa 100644 --- a/src/constructs/fpe_fe1/fpe_fe1.h +++ b/src/constructs/fpe_fe1/fpe_fe1.h @@ -24,7 +24,7 @@ namespace FPE { */ BigInt BOTAN_DLL fe1_encrypt(const BigInt& n, const BigInt& X, const SymmetricKey& key, - const MemoryRegion& tweak); + const std::vector& tweak); /** * Decrypt X from and onto the group Z_n using key and tweak @@ -35,7 +35,7 @@ BigInt BOTAN_DLL fe1_encrypt(const BigInt& n, const BigInt& X, */ BigInt BOTAN_DLL fe1_decrypt(const BigInt& n, const BigInt& X, const SymmetricKey& key, - const MemoryRegion& tweak); + const std::vector& tweak); } diff --git a/src/constructs/rfc3394/rfc3394.cpp b/src/constructs/rfc3394/rfc3394.cpp index db6420ff3..cfe95f40b 100644 --- a/src/constructs/rfc3394/rfc3394.cpp +++ b/src/constructs/rfc3394/rfc3394.cpp @@ -32,9 +32,9 @@ BlockCipher* make_aes(size_t keylength, } -SecureVector rfc3394_keywrap(const MemoryRegion& key, - const SymmetricKey& kek, - Algorithm_Factory& af) +secure_vector rfc3394_keywrap(const secure_vector& key, + const SymmetricKey& kek, + Algorithm_Factory& af) { if(key.size() % 8 != 0) throw std::invalid_argument("Bad input key size for NIST key wrap"); @@ -44,13 +44,13 @@ SecureVector rfc3394_keywrap(const MemoryRegion& key, const size_t n = key.size() / 8; - SecureVector R((n + 1) * 8); - SecureVector A(16); + secure_vector R((n + 1) * 8); + secure_vector A(16); for(size_t i = 0; i != 8; ++i) A[i] = 0xA6; - copy_mem(&R[8], key.begin(), key.size()); + copy_mem(&R[8], &key[0], key.size()); for(size_t j = 0; j <= 5; ++j) { @@ -74,7 +74,7 @@ SecureVector rfc3394_keywrap(const MemoryRegion& key, return R; } -SecureVector rfc3394_keyunwrap(const MemoryRegion& key, +secure_vector rfc3394_keyunwrap(const secure_vector& key, const SymmetricKey& kek, Algorithm_Factory& af) { @@ -86,13 +86,13 @@ SecureVector rfc3394_keyunwrap(const MemoryRegion& key, const size_t n = (key.size() - 8) / 8; - SecureVector R(n * 8); - SecureVector A(16); + secure_vector R(n * 8); + secure_vector A(16); for(size_t i = 0; i != 8; ++i) A[i] = key[i]; - copy_mem(&R[0], key.begin() + 8, key.size() - 8); + copy_mem(&R[0], &key[8], key.size() - 8); for(size_t j = 0; j <= 5; ++j) { diff --git a/src/constructs/rfc3394/rfc3394.h b/src/constructs/rfc3394/rfc3394.h index 645586ee2..febd5207e 100644 --- a/src/constructs/rfc3394/rfc3394.h +++ b/src/constructs/rfc3394/rfc3394.h @@ -23,7 +23,7 @@ class Algorithm_Factory; * @param af an algorithm factory * @return key encrypted under kek */ -SecureVector BOTAN_DLL rfc3394_keywrap(const MemoryRegion& key, +secure_vector BOTAN_DLL rfc3394_keywrap(const secure_vector& key, const SymmetricKey& kek, Algorithm_Factory& af); @@ -36,7 +36,7 @@ SecureVector BOTAN_DLL rfc3394_keywrap(const MemoryRegion& key, * @param af an algorithm factory * @return key decrypted under kek */ -SecureVector BOTAN_DLL rfc3394_keyunwrap(const MemoryRegion& key, +secure_vector BOTAN_DLL rfc3394_keyunwrap(const secure_vector& key, const SymmetricKey& kek, Algorithm_Factory& af); diff --git a/src/constructs/srp6/srp6.cpp b/src/constructs/srp6/srp6.cpp index 0eccdc154..569454350 100644 --- a/src/constructs/srp6/srp6.cpp +++ b/src/constructs/srp6/srp6.cpp @@ -48,7 +48,7 @@ BigInt hash_seq(const std::string& hash_id, BigInt compute_x(const std::string& hash_id, const std::string& identifier, const std::string& password, - const MemoryRegion& salt) + const std::vector& salt) { std::unique_ptr hash_fn( global_state().algorithm_factory().make_hash_function(hash_id)); @@ -57,12 +57,12 @@ BigInt compute_x(const std::string& hash_id, hash_fn->update(":"); hash_fn->update(password); - SecureVector inner_h = hash_fn->final(); + secure_vector inner_h = hash_fn->final(); hash_fn->update(salt); hash_fn->update(inner_h); - SecureVector outer_h = hash_fn->final(); + secure_vector outer_h = hash_fn->final(); return BigInt::decode(outer_h); } @@ -97,7 +97,7 @@ srp6_client_agree(const std::string& identifier, const std::string& password, const std::string& group_id, const std::string& hash_id, - const MemoryRegion& salt, + const std::vector& salt, const BigInt& B, RandomNumberGenerator& rng) { @@ -129,7 +129,7 @@ srp6_client_agree(const std::string& identifier, BigInt generate_srp6_verifier(const std::string& identifier, const std::string& password, - const MemoryRegion& salt, + const std::vector& salt, const std::string& group_id, const std::string& hash_id) { diff --git a/src/constructs/srp6/srp6.h b/src/constructs/srp6/srp6.h index 4fd127c70..b34253d7a 100644 --- a/src/constructs/srp6/srp6.h +++ b/src/constructs/srp6/srp6.h @@ -33,7 +33,7 @@ BOTAN_DLL srp6_client_agree(const std::string& username, const std::string& password, const std::string& group_id, const std::string& hash_id, - const MemoryRegion& salt, + const std::vector& salt, const BigInt& B, RandomNumberGenerator& rng); @@ -45,7 +45,7 @@ BOTAN_DLL srp6_client_agree(const std::string& username, */ BigInt BOTAN_DLL generate_srp6_verifier(const std::string& identifier, const std::string& password, - const MemoryRegion& salt, + const std::vector& salt, const std::string& group_id, const std::string& hash_id); diff --git a/src/constructs/srp6/srp6_files.cpp b/src/constructs/srp6/srp6_files.cpp index bc321745f..4df2986f3 100644 --- a/src/constructs/srp6/srp6_files.cpp +++ b/src/constructs/srp6/srp6_files.cpp @@ -31,7 +31,7 @@ SRP6_Authenticator_File::SRP6_Authenticator_File(const std::string& filename) std::string username = parts[0]; BigInt v = BigInt::decode(base64_decode(parts[1])); - MemoryVector salt = base64_decode(parts[2]); + std::vector salt = unlock(base64_decode(parts[2])); BigInt group_id_idx = BigInt::decode(base64_decode(parts[3])); std::string group_id; @@ -51,7 +51,7 @@ SRP6_Authenticator_File::SRP6_Authenticator_File(const std::string& filename) bool SRP6_Authenticator_File::lookup_user(const std::string& username, BigInt& v, - MemoryRegion& salt, + std::vector& salt, std::string& group_id) const { std::map::const_iterator i = entries.find(username); diff --git a/src/constructs/srp6/srp6_files.h b/src/constructs/srp6/srp6_files.h index 4e3293423..4e0d3ff02 100644 --- a/src/constructs/srp6/srp6_files.h +++ b/src/constructs/srp6/srp6_files.h @@ -28,7 +28,7 @@ class BOTAN_DLL SRP6_Authenticator_File bool lookup_user(const std::string& username, BigInt& v, - MemoryRegion& salt, + std::vector& salt, std::string& group_id) const; private: struct SRP6_Data @@ -36,12 +36,12 @@ class BOTAN_DLL SRP6_Authenticator_File SRP6_Data() {} SRP6_Data(const BigInt& v, - const MemoryRegion& salt, + const std::vector& salt, const std::string& group_id) : v(v), salt(salt), group_id(group_id) {} BigInt v; - MemoryVector salt; + std::vector salt; std::string group_id; }; diff --git a/src/constructs/tss/tss.cpp b/src/constructs/tss/tss.cpp index cc34216f3..e002084a1 100644 --- a/src/constructs/tss/tss.cpp +++ b/src/constructs/tss/tss.cpp @@ -150,7 +150,7 @@ RTSS_Share::split(byte M, byte N, shares[i].contents.push_back(i+1); // secret = S || H(S) - SecureVector secret(S, S_len); + secure_vector secret(S, S + S_len); secret += hash.process(S, S_len); for(size_t i = 0; i != secret.size(); ++i) @@ -178,7 +178,7 @@ RTSS_Share::split(byte M, byte N, return shares; } -SecureVector +secure_vector RTSS_Share::reconstruct(const std::vector& shares) { const size_t RTSS_HEADER_SIZE = 20; @@ -211,7 +211,7 @@ RTSS_Share::reconstruct(const std::vector& shares) throw Decoding_Error("Bad RTSS length field in header"); std::vector V(shares.size()); - SecureVector secret; + secure_vector secret; for(size_t i = RTSS_HEADER_SIZE + 1; i != shares[0].size(); ++i) { @@ -250,13 +250,13 @@ RTSS_Share::reconstruct(const std::vector& shares) throw Decoding_Error("Bad length in RTSS output"); hash->update(&secret[0], secret_len); - SecureVector hash_check = hash->final(); + secure_vector hash_check = hash->final(); if(!same_mem(&hash_check[0], &secret[secret_len], hash->output_length())) throw Decoding_Error("RTSS hash check failed"); - return SecureVector(&secret[0], secret_len); + return secure_vector(&secret[0], &secret[secret_len]); } } diff --git a/src/constructs/tss/tss.h b/src/constructs/tss/tss.h index 297c65971..4664af317 100644 --- a/src/constructs/tss/tss.h +++ b/src/constructs/tss/tss.h @@ -38,7 +38,7 @@ class BOTAN_DLL RTSS_Share /** * @param shares the list of shares */ - static SecureVector + static secure_vector reconstruct(const std::vector& shares); RTSS_Share() {} @@ -68,7 +68,7 @@ class BOTAN_DLL RTSS_Share */ bool initialized() const { return (contents.size() > 0); } private: - SecureVector contents; + secure_vector contents; }; } diff --git a/src/credentials/credentials_manager.cpp b/src/credentials/credentials_manager.cpp index 07d2979f9..6013fe4ea 100644 --- a/src/credentials/credentials_manager.cpp +++ b/src/credentials/credentials_manager.cpp @@ -54,7 +54,7 @@ bool Credentials_Manager::srp_verifier(const std::string&, const std::string&, std::string&, BigInt&, - MemoryRegion&, + std::vector&, bool) { return false; diff --git a/src/credentials/credentials_manager.h b/src/credentials/credentials_manager.h index 67da07eec..57ebd8b38 100644 --- a/src/credentials/credentials_manager.h +++ b/src/credentials/credentials_manager.h @@ -81,7 +81,7 @@ class BOTAN_DLL Credentials_Manager const std::string& identifier, std::string& group_name, BigInt& verifier, - MemoryRegion& salt, + std::vector& salt, bool generate_fake_on_unknown); /** diff --git a/src/engine/gnump/gmp_wrap.h b/src/engine/gnump/gmp_wrap.h index fc7aa856e..0a786f3ee 100644 --- a/src/engine/gnump/gmp_wrap.h +++ b/src/engine/gnump/gmp_wrap.h @@ -25,7 +25,7 @@ class GMP_MPZ void encode(byte[], size_t) const; size_t bytes() const; - SecureVector to_bytes() const + secure_vector to_bytes() const { return BigInt::encode(to_bigint()); } GMP_MPZ& operator=(const GMP_MPZ&); diff --git a/src/engine/gnump/gnump_pk.cpp b/src/engine/gnump/gnump_pk.cpp index 25735fe55..b2a2f9352 100644 --- a/src/engine/gnump/gnump_pk.cpp +++ b/src/engine/gnump/gnump_pk.cpp @@ -38,7 +38,7 @@ class GMP_DH_KA_Operation : public PK_Ops::Key_Agreement GMP_DH_KA_Operation(const DH_PrivateKey& dh) : x(dh.get_x()), p(dh.group_p()) {} - SecureVector agree(const byte w[], size_t w_len) + secure_vector agree(const byte w[], size_t w_len) { GMP_MPZ z(w, w_len); mpz_powm(z.value, z.value, x.value, p.value); @@ -66,14 +66,14 @@ class GMP_DSA_Signature_Operation : public PK_Ops::Signature size_t message_part_size() const { return (q_bits + 7) / 8; } size_t max_input_bits() const { return q_bits; } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: const GMP_MPZ x, p, q, g; size_t q_bits; }; -SecureVector +secure_vector GMP_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -104,7 +104,7 @@ GMP_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, if(mpz_cmp_ui(r.value, 0) == 0 || mpz_cmp_ui(s.value, 0) == 0) throw Internal_Error("GMP_DSA_Op::sign: r or s was zero"); - SecureVector output(2*q_bytes); + secure_vector output(2*q_bytes); r.encode(output, q_bytes); s.encode(output + q_bytes, q_bytes); return output; @@ -192,7 +192,7 @@ class GMP_RSA_Private_Operation : public PK_Ops::Signature, size_t max_input_bits() const { return (n_bits - 1); } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator&) { BigInt m(msg, msg_len); @@ -200,7 +200,7 @@ class GMP_RSA_Private_Operation : public PK_Ops::Signature, return BigInt::encode_1363(x, (n_bits + 7) / 8); } - SecureVector decrypt(const byte msg[], size_t msg_len) + secure_vector decrypt(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); return BigInt::encode(private_op(m)); @@ -238,14 +238,14 @@ class GMP_RSA_Public_Operation : public PK_Ops::Verification, size_t max_input_bits() const { return (n.bits() - 1); } bool with_recovery() const { return true; } - SecureVector encrypt(const byte msg[], size_t msg_len, + secure_vector encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector verify_mr(const byte msg[], size_t msg_len) + secure_vector verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); return BigInt::encode(public_op(m)); diff --git a/src/engine/openssl/bn_wrap.cpp b/src/engine/openssl/bn_wrap.cpp index 779956824..0ac31f61b 100644 --- a/src/engine/openssl/bn_wrap.cpp +++ b/src/engine/openssl/bn_wrap.cpp @@ -15,7 +15,7 @@ namespace Botan { OSSL_BN::OSSL_BN(const BigInt& in) { value = BN_new(); - SecureVector encoding = BigInt::encode(in); + secure_vector encoding = BigInt::encode(in); if(in != 0) BN_bin2bn(encoding, encoding.size(), value); } @@ -75,7 +75,7 @@ size_t OSSL_BN::bytes() const */ BigInt OSSL_BN::to_bigint() const { - SecureVector out(bytes()); + secure_vector out(bytes()); BN_bn2bin(value, out); return BigInt::decode(out); } diff --git a/src/engine/openssl/bn_wrap.h b/src/engine/openssl/bn_wrap.h index c5c07a35c..177dbd8c7 100644 --- a/src/engine/openssl/bn_wrap.h +++ b/src/engine/openssl/bn_wrap.h @@ -25,7 +25,7 @@ class OSSL_BN void encode(byte[], size_t) const; size_t bytes() const; - SecureVector to_bytes() const + secure_vector to_bytes() const { return BigInt::encode(to_bigint()); } OSSL_BN& operator=(const OSSL_BN&); diff --git a/src/engine/openssl/ossl_bc.cpp b/src/engine/openssl/ossl_bc.cpp index 36f78205f..d419f56be 100644 --- a/src/engine/openssl/ossl_bc.cpp +++ b/src/engine/openssl/ossl_bc.cpp @@ -123,7 +123,7 @@ void EVP_BlockCipher::decrypt_n(const byte in[], byte out[], */ void EVP_BlockCipher::key_schedule(const byte key[], size_t length) { - SecureVector full_key(key, length); + secure_vector full_key(key, length); if(cipher_name == "TripleDES" && length == 16) { diff --git a/src/engine/openssl/ossl_pk.cpp b/src/engine/openssl/ossl_pk.cpp index 23ae6b25d..2557ec297 100644 --- a/src/engine/openssl/ossl_pk.cpp +++ b/src/engine/openssl/ossl_pk.cpp @@ -36,7 +36,7 @@ class OSSL_DH_KA_Operation : public PK_Ops::Key_Agreement OSSL_DH_KA_Operation(const DH_PrivateKey& dh) : x(dh.get_x()), p(dh.group_p()) {} - SecureVector agree(const byte w[], size_t w_len) + secure_vector agree(const byte w[], size_t w_len) { OSSL_BN i(w, w_len), r; BN_mod_exp(r.value, i.value, x.value, p.value, ctx.value); @@ -65,7 +65,7 @@ class OSSL_DSA_Signature_Operation : public PK_Ops::Signature size_t message_part_size() const { return (q_bits + 7) / 8; } size_t max_input_bits() const { return q_bits; } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: const OSSL_BN x, p, q, g; @@ -73,7 +73,7 @@ class OSSL_DSA_Signature_Operation : public PK_Ops::Signature size_t q_bits; }; -SecureVector +secure_vector OSSL_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -103,7 +103,7 @@ OSSL_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, if(BN_is_zero(r.value) || BN_is_zero(s.value)) throw Internal_Error("OpenSSL_DSA_Op::sign: r or s was zero"); - SecureVector output(2*q_bytes); + secure_vector output(2*q_bytes); r.encode(output, q_bytes); s.encode(output + q_bytes, q_bytes); return output; @@ -191,7 +191,7 @@ class OSSL_RSA_Private_Operation : public PK_Ops::Signature, size_t max_input_bits() const { return (n_bits - 1); } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator&) { BigInt m(msg, msg_len); @@ -199,7 +199,7 @@ class OSSL_RSA_Private_Operation : public PK_Ops::Signature, return BigInt::encode_1363(x, (n_bits + 7) / 8); } - SecureVector decrypt(const byte msg[], size_t msg_len) + secure_vector decrypt(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); return BigInt::encode(private_op(m)); @@ -237,14 +237,14 @@ class OSSL_RSA_Public_Operation : public PK_Ops::Verification, size_t max_input_bits() const { return (n.bits() - 1); } bool with_recovery() const { return true; } - SecureVector encrypt(const byte msg[], size_t msg_len, + secure_vector encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector verify_mr(const byte msg[], size_t msg_len) + secure_vector verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); return BigInt::encode(public_op(m)); diff --git a/src/entropy/cryptoapi_rng/es_capi.cpp b/src/entropy/cryptoapi_rng/es_capi.cpp index c9069ce65..a706b4d5c 100644 --- a/src/entropy/cryptoapi_rng/es_capi.cpp +++ b/src/entropy/cryptoapi_rng/es_capi.cpp @@ -55,7 +55,7 @@ class CSP_Handle */ void Win32_CAPI_EntropySource::poll(Entropy_Accumulator& accum) { - MemoryRegion& io_buffer = accum.get_io_buffer(32); + secure_vector& io_buffer = accum.get_io_buffer(32); for(size_t i = 0; i != prov_types.size(); ++i) { diff --git a/src/entropy/dev_random/dev_random.cpp b/src/entropy/dev_random/dev_random.cpp index 9e4f0b373..d92176ce9 100644 --- a/src/entropy/dev_random/dev_random.cpp +++ b/src/entropy/dev_random/dev_random.cpp @@ -111,7 +111,7 @@ void Device_EntropySource::poll(Entropy_Accumulator& accum) accum.desired_remaining_bits() / ENTROPY_BITS_PER_BYTE, 32); const size_t read_wait_ms = std::max(go_get, 100); - MemoryRegion& io_buffer = accum.get_io_buffer(go_get); + secure_vector& io_buffer = accum.get_io_buffer(go_get); for(size_t i = 0; i != devices.size(); ++i) { diff --git a/src/entropy/egd/es_egd.cpp b/src/entropy/egd/es_egd.cpp index e0ebf9509..d8dbecd44 100644 --- a/src/entropy/egd/es_egd.cpp +++ b/src/entropy/egd/es_egd.cpp @@ -139,7 +139,7 @@ void EGD_EntropySource::poll(Entropy_Accumulator& accum) { size_t go_get = std::min(accum.desired_remaining_bits() / 8, 32); - MemoryRegion& io_buffer = accum.get_io_buffer(go_get); + secure_vector& io_buffer = accum.get_io_buffer(go_get); for(size_t i = 0; i != sockets.size(); ++i) { diff --git a/src/entropy/entropy_src.h b/src/entropy/entropy_src.h index 3f15b5907..e130574f4 100644 --- a/src/entropy/entropy_src.h +++ b/src/entropy/entropy_src.h @@ -35,7 +35,7 @@ class BOTAN_DLL Entropy_Accumulator * @param size requested size for the I/O buffer * @return cached I/O buffer for repeated polls */ - MemoryRegion& get_io_buffer(size_t size) + secure_vector& get_io_buffer(size_t size) { io_buffer.resize(size); return io_buffer; } /** @@ -87,7 +87,7 @@ class BOTAN_DLL Entropy_Accumulator private: virtual void add_bytes(const byte bytes[], size_t length) = 0; - SecureVector io_buffer; + secure_vector io_buffer; size_t entropy_goal; double collected_bits; }; diff --git a/src/entropy/proc_walk/es_ftw.cpp b/src/entropy/proc_walk/es_ftw.cpp index 407034891..d65aadfb1 100644 --- a/src/entropy/proc_walk/es_ftw.cpp +++ b/src/entropy/proc_walk/es_ftw.cpp @@ -151,7 +151,7 @@ void FTW_EntropySource::poll(Entropy_Accumulator& accum) if(!dir) dir = new Directory_Walker(path); - MemoryRegion& io_buffer = accum.get_io_buffer(4096); + secure_vector& io_buffer = accum.get_io_buffer(4096); for(size_t i = 0; i != MAX_FILES_READ_PER_POLL; ++i) { diff --git a/src/entropy/unix_procs/es_unix.cpp b/src/entropy/unix_procs/es_unix.cpp index b989e0213..9ec5f7148 100644 --- a/src/entropy/unix_procs/es_unix.cpp +++ b/src/entropy/unix_procs/es_unix.cpp @@ -93,7 +93,7 @@ void Unix_EntropySource::poll(Entropy_Accumulator& accum) const size_t MINIMAL_WORKING = 16; - MemoryRegion& io_buffer = accum.get_io_buffer(DEFAULT_BUFFERSIZE); + secure_vector& io_buffer = accum.get_io_buffer(DEFAULT_BUFFERSIZE); for(size_t i = 0; i != sources.size(); i++) { diff --git a/src/filters/algo_filt.cpp b/src/filters/algo_filt.cpp index 337733b5f..dbc46c7e6 100644 --- a/src/filters/algo_filt.cpp +++ b/src/filters/algo_filt.cpp @@ -92,7 +92,7 @@ Hash_Filter::Hash_Filter(const std::string& algo_spec, */ void Hash_Filter::end_msg() { - SecureVector output = hash->final(); + secure_vector output = hash->final(); if(OUTPUT_LENGTH) send(output, std::min(OUTPUT_LENGTH, output.size())); else @@ -125,7 +125,7 @@ MAC_Filter::MAC_Filter(const std::string& mac_name, const SymmetricKey& key, */ void MAC_Filter::end_msg() { - SecureVector output = mac->final(); + secure_vector output = mac->final(); if(OUTPUT_LENGTH) send(output, std::min(OUTPUT_LENGTH, output.size())); else diff --git a/src/filters/buf_filt.h b/src/filters/buf_filt.h index 87180e3e1..9a3fc9a2b 100644 --- a/src/filters/buf_filt.h +++ b/src/filters/buf_filt.h @@ -27,6 +27,12 @@ class BOTAN_DLL Buffered_Filter */ void write(const byte in[], size_t length); + template + void write(const std::vector& in, size_t length) + { + write(&in[0], length); + } + /** * Finish a message, emitting to buffered_block and buffered_final * Will throw an exception if less than final_minimum bytes were @@ -78,7 +84,7 @@ class BOTAN_DLL Buffered_Filter private: size_t main_block_mod, final_minimum; - SecureVector buffer; + secure_vector buffer; size_t buffer_pos; }; diff --git a/src/filters/bzip2/bzip2.h b/src/filters/bzip2/bzip2.h index b3b222eb2..2505cf54e 100644 --- a/src/filters/bzip2/bzip2.h +++ b/src/filters/bzip2/bzip2.h @@ -33,7 +33,7 @@ class BOTAN_DLL Bzip_Compression : public Filter void clear(); const size_t level; - SecureVector buffer; + secure_vector buffer; class Bzip_Stream* bz; }; @@ -55,7 +55,7 @@ class BOTAN_DLL Bzip_Decompression : public Filter void clear(); const bool small_mem; - SecureVector buffer; + secure_vector buffer; class Bzip_Stream* bz; bool no_writes; }; diff --git a/src/filters/codec_filt/b64_filt.h b/src/filters/codec_filt/b64_filt.h index afff53f30..dcb3cdbd5 100644 --- a/src/filters/codec_filt/b64_filt.h +++ b/src/filters/codec_filt/b64_filt.h @@ -47,7 +47,7 @@ class BOTAN_DLL Base64_Encoder : public Filter const size_t line_length; const bool trailing_newline; - MemoryVector in, out; + std::vector in, out; size_t position, out_position; }; @@ -79,7 +79,7 @@ class BOTAN_DLL Base64_Decoder : public Filter Base64_Decoder(Decoder_Checking checking = NONE); private: const Decoder_Checking checking; - MemoryVector in, out; + std::vector in, out; size_t position; }; diff --git a/src/filters/codec_filt/hex_filt.h b/src/filters/codec_filt/hex_filt.h index 0dc38c804..dbe6b9bae 100644 --- a/src/filters/codec_filt/hex_filt.h +++ b/src/filters/codec_filt/hex_filt.h @@ -49,7 +49,7 @@ class BOTAN_DLL Hex_Encoder : public Filter const Case casing; const size_t line_length; - MemoryVector in, out; + std::vector in, out; size_t position, counter; }; @@ -72,7 +72,7 @@ class BOTAN_DLL Hex_Decoder : public Filter Hex_Decoder(Decoder_Checking checking = NONE); private: const Decoder_Checking checking; - MemoryVector in, out; + std::vector in, out; size_t position; }; diff --git a/src/filters/data_src.cpp b/src/filters/data_src.cpp index da67baa98..4980507ca 100644 --- a/src/filters/data_src.cpp +++ b/src/filters/data_src.cpp @@ -74,29 +74,13 @@ bool DataSource_Memory::end_of_data() const return (offset == source.size()); } -/* -* DataSource_Memory Constructor -*/ -DataSource_Memory::DataSource_Memory(const byte in[], size_t length) : - source(in, length) - { - offset = 0; - } - -/* -* DataSource_Memory Constructor -*/ -DataSource_Memory::DataSource_Memory(const MemoryRegion& in) : - source(in) - { - offset = 0; - } - /* * DataSource_Memory Constructor */ DataSource_Memory::DataSource_Memory(const std::string& in) : - source(reinterpret_cast(in.data()), in.length()) + source(reinterpret_cast(in.data()), + reinterpret_cast(in.data()) + in.length()), + offset(0) { offset = 0; } @@ -127,7 +111,7 @@ size_t DataSource_Stream::peek(byte out[], size_t length, size_t offset) const if(offset) { - SecureVector buf(offset); + secure_vector buf(offset); source.read(reinterpret_cast(&buf[0]), buf.size()); if(source.bad()) throw Stream_IO_Error("DataSource_Stream::peek: Source failure"); diff --git a/src/filters/data_src.h b/src/filters/data_src.h index d2d51fe23..62bdacd33 100644 --- a/src/filters/data_src.h +++ b/src/filters/data_src.h @@ -106,15 +106,24 @@ class BOTAN_DLL DataSource_Memory : public DataSource * @param in the byte array to read from * @param length the length of the byte array */ - DataSource_Memory(const byte in[], size_t length); + DataSource_Memory(const byte in[], size_t length) : + source(in, in + length), offset(0) {} /** - * Construct a memory source that reads from a MemoryRegion + * Construct a memory source that reads from a secure_vector * @param in the MemoryRegion to read from */ - DataSource_Memory(const MemoryRegion& in); + DataSource_Memory(const secure_vector& in) : + source(in), offset(0) {} + + /** + * Construct a memory source that reads from a std::vector + * @param in the MemoryRegion to read from + */ + DataSource_Memory(const std::vector& in) : + source(&in[0], &in[in.size()]), offset(0) {} private: - SecureVector source; + secure_vector source; size_t offset; }; diff --git a/src/filters/fd_unix/fd_unix.cpp b/src/filters/fd_unix/fd_unix.cpp index 3a9253b5e..dc6fbe696 100644 --- a/src/filters/fd_unix/fd_unix.cpp +++ b/src/filters/fd_unix/fd_unix.cpp @@ -16,7 +16,7 @@ namespace Botan { */ int operator<<(int fd, Pipe& pipe) { - SecureVector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(DEFAULT_BUFFERSIZE); while(pipe.remaining()) { size_t got = pipe.read(&buffer[0], buffer.size()); @@ -38,7 +38,7 @@ int operator<<(int fd, Pipe& pipe) */ int operator>>(int fd, Pipe& pipe) { - SecureVector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(DEFAULT_BUFFERSIZE); while(true) { ssize_t ret = read(fd, &buffer[0], buffer.size()); diff --git a/src/filters/filter.h b/src/filters/filter.h index b62846075..f59677528 100644 --- a/src/filters/filter.h +++ b/src/filters/filter.h @@ -65,13 +65,27 @@ class BOTAN_DLL Filter /** * @param in some input for the filter */ - void send(const MemoryRegion& in) { send(&in[0], in.size()); } + void send(const secure_vector& in) { send(&in[0], in.size()); } + + /** + * @param in some input for the filter + */ + void send(const std::vector& in) { send(&in[0], in.size()); } + + /** + * @param in some input for the filter + * @param length the number of bytes of in to send + */ + void send(const secure_vector& in, size_t length) + { + send(&in[0], length); + } /** * @param in some input for the filter * @param length the number of bytes of in to send */ - void send(const MemoryRegion& in, size_t length) + void send(const std::vector& in, size_t length) { send(&in[0], length); } @@ -120,7 +134,7 @@ class BOTAN_DLL Filter void set_next(Filter* filters[], size_t count); Filter* get_next() const; - SecureVector write_queue; + secure_vector write_queue; std::vector next; size_t port_num, filter_owns; diff --git a/src/filters/filters.h b/src/filters/filters.h index b409e78f5..08b505bc0 100644 --- a/src/filters/filters.h +++ b/src/filters/filters.h @@ -94,7 +94,7 @@ class BOTAN_DLL StreamCipher_Filter : public Keyed_Filter ~StreamCipher_Filter() { delete cipher; } private: - SecureVector buffer; + secure_vector buffer; StreamCipher* cipher; }; diff --git a/src/filters/modes/cbc/cbc.cpp b/src/filters/modes/cbc/cbc.cpp index b464d075f..00518fc86 100644 --- a/src/filters/modes/cbc/cbc.cpp +++ b/src/filters/modes/cbc/cbc.cpp @@ -65,9 +65,9 @@ void CBC_Encryption::buffered_block(const byte input[], size_t length) for(size_t i = 0; i != blocks; ++i) { - xor_buf(state, input + i * cipher->block_size(), state.size()); + xor_buf(&state[0], input + i * cipher->block_size(), state.size()); cipher->encrypt(state); - send(state, state.size()); + send(state); } } @@ -91,13 +91,13 @@ void CBC_Encryption::end_msg() { size_t last_block = current_position() % cipher->block_size(); - SecureVector padding(cipher->block_size()); - padder->pad(padding, padding.size(), last_block); + std::vector padding(cipher->block_size()); + padder->pad(&padding[0], padding.size(), last_block); size_t pad_bytes = padder->pad_bytes(cipher->block_size(), last_block); if(pad_bytes) - Buffered_Filter::write(padding, pad_bytes); + Buffered_Filter::write(&padding[0], pad_bytes); Buffered_Filter::end_msg(); } @@ -170,7 +170,7 @@ void CBC_Decryption::buffered_block(const byte input[], size_t length) cipher->decrypt_n(input, &temp[0], to_proc); - xor_buf(temp, state, cipher->block_size()); + xor_buf(&temp[0], &state[0], cipher->block_size()); for(size_t i = 1; i < to_proc; ++i) xor_buf(&temp[i * cipher->block_size()], @@ -202,9 +202,9 @@ void CBC_Decryption::buffered_final(const byte input[], size_t length) input += extra_blocks * cipher->block_size(); - cipher->decrypt(input, temp); - xor_buf(temp, state, cipher->block_size()); - send(temp, padder->unpad(temp, cipher->block_size())); + cipher->decrypt(&input[0], &temp[0]); + xor_buf(&temp[0], &state[0], cipher->block_size()); + send(&temp[0], padder->unpad(&temp[0], cipher->block_size())); copy_mem(&state[0], input, state.size()); // save for IV chaining } diff --git a/src/filters/modes/cbc/cbc.h b/src/filters/modes/cbc/cbc.h index d828f53a6..4fd0f7d66 100644 --- a/src/filters/modes/cbc/cbc.h +++ b/src/filters/modes/cbc/cbc.h @@ -52,7 +52,7 @@ class BOTAN_DLL CBC_Encryption : public Keyed_Filter, BlockCipher* cipher; const BlockCipherModePaddingMethod* padder; - SecureVector state; + secure_vector state; }; /** @@ -92,7 +92,7 @@ class BOTAN_DLL CBC_Decryption : public Keyed_Filter, BlockCipher* cipher; const BlockCipherModePaddingMethod* padder; - SecureVector state, temp; + secure_vector state, temp; }; } diff --git a/src/filters/modes/cfb/cfb.cpp b/src/filters/modes/cfb/cfb.cpp index 9aa6f6159..2b7cca84a 100644 --- a/src/filters/modes/cfb/cfb.cpp +++ b/src/filters/modes/cfb/cfb.cpp @@ -61,7 +61,7 @@ void CFB_Encryption::set_iv(const InitializationVector& iv) zeroise(buffer); position = 0; - cipher->encrypt(state, buffer); + cipher->encrypt(&state[0], &buffer[0]); } /* diff --git a/src/filters/modes/cfb/cfb.h b/src/filters/modes/cfb/cfb.h index 64eb1e832..212ac76da 100644 --- a/src/filters/modes/cfb/cfb.h +++ b/src/filters/modes/cfb/cfb.h @@ -43,7 +43,7 @@ class BOTAN_DLL CFB_Encryption : public Keyed_Filter void write(const byte[], size_t); BlockCipher* cipher; - SecureVector buffer, state; + secure_vector buffer, state; size_t position, feedback; }; @@ -77,7 +77,7 @@ class BOTAN_DLL CFB_Decryption : public Keyed_Filter void write(const byte[], size_t); BlockCipher* cipher; - SecureVector buffer, state; + secure_vector buffer, state; size_t position, feedback; }; diff --git a/src/filters/modes/cts/cts.cpp b/src/filters/modes/cts/cts.cpp index 694d7d524..f77a28dd5 100644 --- a/src/filters/modes/cts/cts.cpp +++ b/src/filters/modes/cts/cts.cpp @@ -56,7 +56,7 @@ void CTS_Encryption::set_iv(const InitializationVector& iv) */ void CTS_Encryption::encrypt(const byte block[]) { - xor_buf(state, block, cipher->block_size()); + xor_buf(&state[0], &block[0], cipher->block_size()); cipher->encrypt(state); send(state, cipher->block_size()); } @@ -105,7 +105,7 @@ void CTS_Encryption::end_msg() xor_buf(state, buffer, cipher->block_size()); cipher->encrypt(state); - SecureVector cn = state; + secure_vector cn = state; clear_mem(&buffer[position], buffer.size() - position); encrypt(&buffer[cipher->block_size()]); send(cn, position - cipher->block_size()); @@ -177,7 +177,7 @@ void CTS_Decryption::write(const byte input[], size_t length) if(length == 0) return; - decrypt(buffer); + decrypt(&buffer[0]); if(length > cipher->block_size()) { decrypt(&buffer[cipher->block_size()]); @@ -203,17 +203,17 @@ void CTS_Decryption::write(const byte input[], size_t length) */ void CTS_Decryption::end_msg() { - cipher->decrypt(buffer, temp); - xor_buf(temp, &buffer[cipher->block_size()], position - cipher->block_size()); + cipher->decrypt(&buffer[0], &temp[0]); + xor_buf(&temp[0], &buffer[cipher->block_size()], position - cipher->block_size()); - SecureVector xn = temp; + secure_vector xn = temp; copy_mem(&buffer[position], &xn[position - cipher->block_size()], buffer.size() - position); - cipher->decrypt(&buffer[cipher->block_size()], temp); - xor_buf(temp, state, cipher->block_size()); + cipher->decrypt(&buffer[cipher->block_size()], &temp[0]); + xor_buf(&temp[0], &state[0], cipher->block_size()); send(temp, cipher->block_size()); send(xn, position - cipher->block_size()); } diff --git a/src/filters/modes/cts/cts.h b/src/filters/modes/cts/cts.h index 8e19073f4..ac296316f 100644 --- a/src/filters/modes/cts/cts.h +++ b/src/filters/modes/cts/cts.h @@ -44,7 +44,7 @@ class BOTAN_DLL CTS_Encryption : public Keyed_Filter void encrypt(const byte[]); BlockCipher* cipher; - SecureVector buffer, state; + secure_vector buffer, state; size_t position; }; @@ -79,7 +79,7 @@ class BOTAN_DLL CTS_Decryption : public Keyed_Filter void decrypt(const byte[]); BlockCipher* cipher; - SecureVector buffer, state, temp; + secure_vector buffer, state, temp; size_t position; }; diff --git a/src/filters/modes/eax/eax.cpp b/src/filters/modes/eax/eax.cpp index 791286cc6..fb75d73fd 100644 --- a/src/filters/modes/eax/eax.cpp +++ b/src/filters/modes/eax/eax.cpp @@ -19,7 +19,7 @@ namespace { /* * EAX MAC-based PRF */ -SecureVector eax_prf(byte tag, size_t BLOCK_SIZE, +secure_vector eax_prf(byte tag, size_t BLOCK_SIZE, MessageAuthenticationCode* mac, const byte in[], size_t length) { @@ -131,7 +131,7 @@ void EAX_Encryption::write(const byte input[], size_t length) */ void EAX_Encryption::end_msg() { - SecureVector data_mac = cmac->final(); + secure_vector data_mac = cmac->final(); xor_buf(data_mac, nonce_mac, data_mac.size()); xor_buf(data_mac, header_mac, data_mac.size()); diff --git a/src/filters/modes/eax/eax.h b/src/filters/modes/eax/eax.h index e8efb9398..d78287521 100644 --- a/src/filters/modes/eax/eax.h +++ b/src/filters/modes/eax/eax.h @@ -81,17 +81,17 @@ class BOTAN_DLL EAX_Base : public Keyed_Filter /** * The MAC of the nonce */ - SecureVector nonce_mac; + secure_vector nonce_mac; /** * The MAC of the header */ - SecureVector header_mac; + secure_vector header_mac; /** * A buffer for CTR mode encryption */ - SecureVector ctr_buf; + secure_vector ctr_buf; }; /** @@ -151,7 +151,7 @@ class BOTAN_DLL EAX_Decryption : public EAX_Base void do_write(const byte[], size_t); void end_msg(); - SecureVector queue; + secure_vector queue; size_t queue_start, queue_end; }; diff --git a/src/filters/modes/eax/eax_dec.cpp b/src/filters/modes/eax/eax_dec.cpp index d14ba5e70..a2675cac0 100644 --- a/src/filters/modes/eax/eax_dec.cpp +++ b/src/filters/modes/eax/eax_dec.cpp @@ -62,7 +62,7 @@ void EAX_Decryption::write(const byte input[], size_t length) if(queue_start + TAG_SIZE == queue_end && queue_start >= queue.size() / 2) { - SecureVector queue_data(TAG_SIZE); + secure_vector queue_data(TAG_SIZE); copy_mem(&queue_data[0], &queue[queue_start], TAG_SIZE); copy_mem(&queue[0], &queue_data[0], TAG_SIZE); queue_start = 0; @@ -100,7 +100,7 @@ void EAX_Decryption::end_msg() if((queue_end - queue_start) != TAG_SIZE) throw Decoding_Error(name() + ": Message authentication failure"); - SecureVector data_mac = cmac->final(); + secure_vector data_mac = cmac->final(); for(size_t j = 0; j != TAG_SIZE; ++j) if(queue[queue_start+j] != (data_mac[j] ^ nonce_mac[j] ^ header_mac[j])) diff --git a/src/filters/modes/ecb/ecb.cpp b/src/filters/modes/ecb/ecb.cpp index 9115d6362..d36d2350b 100644 --- a/src/filters/modes/ecb/ecb.cpp +++ b/src/filters/modes/ecb/ecb.cpp @@ -70,8 +70,8 @@ void ECB_Encryption::end_msg() { size_t last_block = current_position() % cipher->block_size(); - SecureVector padding(cipher->block_size()); - padder->pad(padding, padding.size(), last_block); + secure_vector padding(cipher->block_size()); + padder->pad(&padding[0], padding.size(), last_block); size_t pad_bytes = padder->pad_bytes(cipher->block_size(), last_block); @@ -203,8 +203,8 @@ void ECB_Decryption::buffered_final(const byte input[], size_t length) input += extra_blocks * cipher->block_size(); - cipher->decrypt(input, temp); - send(temp, padder->unpad(temp, cipher->block_size())); + cipher->decrypt(input, &temp[0]); + send(&temp[0], padder->unpad(&temp[0], cipher->block_size())); } } diff --git a/src/filters/modes/ecb/ecb.h b/src/filters/modes/ecb/ecb.h index 94cff1f52..e6476ab5d 100644 --- a/src/filters/modes/ecb/ecb.h +++ b/src/filters/modes/ecb/ecb.h @@ -46,7 +46,7 @@ class BOTAN_DLL ECB_Encryption : public Keyed_Filter, BlockCipher* cipher; BlockCipherModePaddingMethod* padder; - SecureVector temp; + secure_vector temp; }; /** @@ -80,7 +80,7 @@ class BOTAN_DLL ECB_Decryption : public Keyed_Filter, BlockCipher* cipher; BlockCipherModePaddingMethod* padder; - SecureVector temp; + secure_vector temp; }; } diff --git a/src/filters/modes/xts/xts.cpp b/src/filters/modes/xts/xts.cpp index 42b1f2bf0..e29ef6b98 100644 --- a/src/filters/modes/xts/xts.cpp +++ b/src/filters/modes/xts/xts.cpp @@ -136,7 +136,7 @@ void XTS_Encryption::buffered_block(const byte input[], size_t length) const size_t blocks_in_tweak = tweak.size() / cipher->block_size(); size_t blocks = length / cipher->block_size(); - SecureVector temp(tweak.size()); + secure_vector temp(tweak.size()); while(blocks) { @@ -194,7 +194,7 @@ void XTS_Encryption::buffered_final(const byte input[], size_t length) input += leftover_blocks; length -= leftover_blocks; - SecureVector temp(input, length); + secure_vector temp(input, input + length); xor_buf(temp, tweak, cipher->block_size()); cipher->encrypt(temp); @@ -311,7 +311,7 @@ void XTS_Decryption::buffered_block(const byte input[], size_t input_length) const size_t blocks_in_tweak = tweak.size() / cipher->block_size(); size_t blocks = input_length / cipher->block_size(); - SecureVector temp(tweak.size()); + secure_vector temp(tweak.size()); while(blocks) { @@ -365,8 +365,8 @@ void XTS_Decryption::buffered_final(const byte input[], size_t length) input += leftover_blocks; length -= leftover_blocks; - SecureVector temp(input, length); - SecureVector tweak_copy(&tweak[0], cipher->block_size()); + secure_vector temp(input, input + length); + secure_vector tweak_copy(&tweak[0], &tweak[cipher->block_size()]); poly_double(&tweak_copy[0], cipher->block_size()); diff --git a/src/filters/modes/xts/xts.h b/src/filters/modes/xts/xts.h index 52db9bcfc..d4801cd37 100644 --- a/src/filters/modes/xts/xts.h +++ b/src/filters/modes/xts/xts.h @@ -48,7 +48,7 @@ class BOTAN_DLL XTS_Encryption : public Keyed_Filter, BlockCipher* cipher; BlockCipher* cipher2; - SecureVector tweak; + secure_vector tweak; }; /** @@ -85,7 +85,7 @@ class BOTAN_DLL XTS_Decryption : public Keyed_Filter, BlockCipher* cipher; BlockCipher* cipher2; - SecureVector tweak; + secure_vector tweak; }; } diff --git a/src/filters/pipe.cpp b/src/filters/pipe.cpp index 2c5e07589..6664098b3 100644 --- a/src/filters/pipe.cpp +++ b/src/filters/pipe.cpp @@ -124,7 +124,12 @@ void Pipe::process_msg(const byte input[], size_t length) /* * Process a full message at once */ -void Pipe::process_msg(const MemoryRegion& input) +void Pipe::process_msg(const secure_vector& input) + { + process_msg(&input[0], input.size()); + } + +void Pipe::process_msg(const std::vector& input) { process_msg(&input[0], input.size()); } diff --git a/src/filters/pipe.h b/src/filters/pipe.h index 6df518d3e..e53f0d508 100644 --- a/src/filters/pipe.h +++ b/src/filters/pipe.h @@ -66,9 +66,17 @@ class BOTAN_DLL Pipe : public DataSource /** * Write input to the pipe, i.e. to its first filter. - * @param in the MemoryRegion containing the data to write + * @param in the secure_vector containing the data to write */ - void write(const MemoryRegion& in); + void write(const secure_vector& in) + { write(&in[0], in.size()); } + + /** + * Write input to the pipe, i.e. to its first filter. + * @param in the std::vector containing the data to write + */ + void write(const std::vector& in) + { write(&in[0], in.size()); } /** * Write input to the pipe, i.e. to its first filter. @@ -97,9 +105,15 @@ class BOTAN_DLL Pipe : public DataSource /** * Perform start_msg(), write() and end_msg() sequentially. - * @param in the MemoryRegion containing the data to write + * @param in the secure_vector containing the data to write + */ + void process_msg(const secure_vector& in); + + /** + * Perform start_msg(), write() and end_msg() sequentially. + * @param in the secure_vector containing the data to write */ - void process_msg(const MemoryRegion& in); + void process_msg(const std::vector& in); /** * Perform start_msg(), write() and end_msg() sequentially. @@ -157,9 +171,9 @@ class BOTAN_DLL Pipe : public DataSource /** * Read the full contents of the pipe. * @param msg the number identifying the message to read from - * @return SecureVector holding the contents of the pipe + * @return secure_vector holding the contents of the pipe */ - SecureVector read_all(message_id msg = DEFAULT_MESSAGE); + secure_vector read_all(message_id msg = DEFAULT_MESSAGE); /** * Read the full contents of the pipe. diff --git a/src/filters/pipe_io.cpp b/src/filters/pipe_io.cpp index 9dd0ad0bb..a549eaee8 100644 --- a/src/filters/pipe_io.cpp +++ b/src/filters/pipe_io.cpp @@ -15,7 +15,7 @@ namespace Botan { */ std::ostream& operator<<(std::ostream& stream, Pipe& pipe) { - SecureVector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(DEFAULT_BUFFERSIZE); while(stream.good() && pipe.remaining()) { size_t got = pipe.read(&buffer[0], buffer.size()); @@ -31,7 +31,7 @@ std::ostream& operator<<(std::ostream& stream, Pipe& pipe) */ std::istream& operator>>(std::istream& stream, Pipe& pipe) { - SecureVector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(DEFAULT_BUFFERSIZE); while(stream.good()) { stream.read(reinterpret_cast(&buffer[0]), buffer.size()); diff --git a/src/filters/pipe_rw.cpp b/src/filters/pipe_rw.cpp index 90af9ed34..8a713ea8d 100644 --- a/src/filters/pipe_rw.cpp +++ b/src/filters/pipe_rw.cpp @@ -38,14 +38,6 @@ void Pipe::write(const byte input[], size_t length) pipe->write(input, length); } -/* -* Write into a Pipe -*/ -void Pipe::write(const MemoryRegion& input) - { - write(&input[0], input.size()); - } - /* * Write a string into a Pipe */ @@ -67,7 +59,7 @@ void Pipe::write(byte input) */ void Pipe::write(DataSource& source) { - SecureVector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(DEFAULT_BUFFERSIZE); while(!source.end_of_data()) { size_t got = source.read(&buffer[0], buffer.size()); @@ -102,10 +94,10 @@ size_t Pipe::read(byte& out, message_id msg) /* * Return all data in the pipe */ -SecureVector Pipe::read_all(message_id msg) +secure_vector Pipe::read_all(message_id msg) { msg = ((msg != DEFAULT_MESSAGE) ? msg : default_msg()); - SecureVector buffer(remaining(msg)); + secure_vector buffer(remaining(msg)); size_t got = read(&buffer[0], buffer.size(), msg); buffer.resize(got); return buffer; @@ -117,7 +109,7 @@ SecureVector Pipe::read_all(message_id msg) std::string Pipe::read_all_as_string(message_id msg) { msg = ((msg != DEFAULT_MESSAGE) ? msg : default_msg()); - SecureVector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(DEFAULT_BUFFERSIZE); std::string str; str.reserve(remaining(msg)); diff --git a/src/filters/pk_filts/pk_filts.cpp b/src/filters/pk_filts/pk_filts.cpp index d843d711c..45fcc18b8 100644 --- a/src/filters/pk_filts/pk_filts.cpp +++ b/src/filters/pk_filts/pk_filts.cpp @@ -83,14 +83,13 @@ void PK_Verifier_Filter::end_msg() */ void PK_Verifier_Filter::set_signature(const byte sig[], size_t length) { - signature.resize(length); - copy_mem(&signature[0], sig, length); + signature.assign(sig, sig + length); } /* * Set the signature to check */ -void PK_Verifier_Filter::set_signature(const MemoryRegion& sig) +void PK_Verifier_Filter::set_signature(const secure_vector& sig) { signature = sig; } @@ -100,7 +99,7 @@ void PK_Verifier_Filter::set_signature(const MemoryRegion& sig) */ PK_Verifier_Filter::PK_Verifier_Filter(PK_Verifier* v, const byte sig[], size_t length) : - verifier(v), signature(sig, length) + verifier(v), signature(sig, sig + length) { } @@ -108,7 +107,7 @@ PK_Verifier_Filter::PK_Verifier_Filter(PK_Verifier* v, const byte sig[], * PK_Verifier_Filter Constructor */ PK_Verifier_Filter::PK_Verifier_Filter(PK_Verifier* v, - const MemoryRegion& sig) : + const secure_vector& sig) : verifier(v), signature(sig) { } diff --git a/src/filters/pk_filts/pk_filts.h b/src/filters/pk_filts/pk_filts.h index dd67e389b..cc1c2220d 100644 --- a/src/filters/pk_filts/pk_filts.h +++ b/src/filters/pk_filts/pk_filts.h @@ -28,7 +28,7 @@ class BOTAN_DLL PK_Encryptor_Filter : public Filter private: PK_Encryptor* cipher; RandomNumberGenerator& rng; - SecureVector buffer; + secure_vector buffer; }; /** @@ -43,7 +43,7 @@ class BOTAN_DLL PK_Decryptor_Filter : public Filter ~PK_Decryptor_Filter() { delete cipher; } private: PK_Decryptor* cipher; - SecureVector buffer; + secure_vector buffer; }; /** @@ -75,15 +75,15 @@ class BOTAN_DLL PK_Verifier_Filter : public Filter void end_msg(); void set_signature(const byte[], size_t); - void set_signature(const MemoryRegion&); + void set_signature(const secure_vector&); PK_Verifier_Filter(PK_Verifier* v) : verifier(v) {} PK_Verifier_Filter(PK_Verifier*, const byte[], size_t); - PK_Verifier_Filter(PK_Verifier*, const MemoryRegion&); + PK_Verifier_Filter(PK_Verifier*, const secure_vector&); ~PK_Verifier_Filter() { delete verifier; } private: PK_Verifier* verifier; - SecureVector signature; + secure_vector signature; }; } diff --git a/src/filters/secqueue.cpp b/src/filters/secqueue.cpp index f65aff2a9..63d4f88d3 100644 --- a/src/filters/secqueue.cpp +++ b/src/filters/secqueue.cpp @@ -50,7 +50,7 @@ class SecureQueueNode private: friend class SecureQueue; SecureQueueNode* next; - SecureVector buffer; + secure_vector buffer; size_t start, end; }; diff --git a/src/filters/zlib/zlib.h b/src/filters/zlib/zlib.h index 60117f2bc..c4d21a250 100644 --- a/src/filters/zlib/zlib.h +++ b/src/filters/zlib/zlib.h @@ -45,7 +45,7 @@ class BOTAN_DLL Zlib_Compression : public Filter const size_t level; const bool raw_deflate; - SecureVector buffer; + secure_vector buffer; class Zlib_Stream* zlib; }; @@ -68,7 +68,7 @@ class BOTAN_DLL Zlib_Decompression : public Filter const bool raw_deflate; - SecureVector buffer; + secure_vector buffer; class Zlib_Stream* zlib; bool no_writes; }; diff --git a/src/hash/bmw_512/bmw_512.h b/src/hash/bmw_512/bmw_512.h index 474b607bb..b9ea63578 100644 --- a/src/hash/bmw_512/bmw_512.h +++ b/src/hash/bmw_512/bmw_512.h @@ -30,7 +30,7 @@ class BOTAN_DLL BMW_512 : public MDx_HashFunction void compress_n(const byte input[], size_t blocks); void copy_out(byte output[]); - SecureVector H, M, Q; + secure_vector H, M, Q; }; } diff --git a/src/hash/comb4p/comb4p.cpp b/src/hash/comb4p/comb4p.cpp index 1ea64a5cb..7aec5972e 100644 --- a/src/hash/comb4p/comb4p.cpp +++ b/src/hash/comb4p/comb4p.cpp @@ -13,8 +13,8 @@ namespace Botan { namespace { -void comb4p_round(MemoryRegion& out, - const MemoryRegion& in, +void comb4p_round(secure_vector& out, + const secure_vector& in, byte round_no, HashFunction* h1, HashFunction* h2) @@ -25,7 +25,7 @@ void comb4p_round(MemoryRegion& out, h1->update(&in[0], in.size()); h2->update(&in[0], in.size()); - SecureVector h_buf = h1->final(); + secure_vector h_buf = h1->final(); xor_buf(&out[0], &h_buf[0], std::min(out.size(), h_buf.size())); h_buf = h2->final(); @@ -78,8 +78,8 @@ void Comb4P::add_data(const byte input[], size_t length) void Comb4P::final_result(byte out[]) { - SecureVector h1 = hash1->final(); - SecureVector h2 = hash2->final(); + secure_vector h1 = hash1->final(); + secure_vector h2 = hash2->final(); // First round xor_buf(&h1[0], &h2[0], std::min(h1.size(), h2.size())); diff --git a/src/hash/gost_3411/gost_3411.cpp b/src/hash/gost_3411/gost_3411.cpp index 6e56c2b97..eb889c0a5 100644 --- a/src/hash/gost_3411/gost_3411.cpp +++ b/src/hash/gost_3411/gost_3411.cpp @@ -225,11 +225,11 @@ void GOST_34_11::final_result(byte out[]) compress_n(&buffer[0], 1); } - SecureVector length_buf(32); + secure_vector length_buf(32); const u64bit bit_count = count * 8; store_le(bit_count, &length_buf[0]); - SecureVector sum_buf = sum; + secure_vector sum_buf = sum; compress_n(&length_buf[0], 1); compress_n(&sum_buf[0], 1); diff --git a/src/hash/gost_3411/gost_3411.h b/src/hash/gost_3411/gost_3411.h index fbbcb7a89..5437ca4d8 100644 --- a/src/hash/gost_3411/gost_3411.h +++ b/src/hash/gost_3411/gost_3411.h @@ -34,7 +34,7 @@ class BOTAN_DLL GOST_34_11 : public HashFunction void final_result(byte[]); GOST_28147_89 cipher; - SecureVector buffer, sum, hash; + secure_vector buffer, sum, hash; size_t position; u64bit count; }; diff --git a/src/hash/has160/has160.h b/src/hash/has160/has160.h index d32361601..9947d9580 100644 --- a/src/hash/has160/has160.h +++ b/src/hash/has160/has160.h @@ -31,7 +31,7 @@ class BOTAN_DLL HAS_160 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector X, digest; + secure_vector X, digest; }; } diff --git a/src/hash/keccak/keccak.cpp b/src/hash/keccak/keccak.cpp index 107055509..e34c0fd43 100644 --- a/src/hash/keccak/keccak.cpp +++ b/src/hash/keccak/keccak.cpp @@ -178,12 +178,12 @@ void Keccak_1600::add_data(const byte input[], size_t length) void Keccak_1600::final_result(byte output[]) { - MemoryVector padding(bitrate / 8 - S_pos); + std::vector padding(bitrate / 8 - S_pos); padding[0] = 0x01; padding[padding.size()-1] |= 0x80; - add_data(padding, padding.size()); + add_data(&padding[0], padding.size()); /* * We never have to run the permutation again because we only support diff --git a/src/hash/keccak/keccak.h b/src/hash/keccak/keccak.h index 17ae632ba..e91a04d32 100644 --- a/src/hash/keccak/keccak.h +++ b/src/hash/keccak/keccak.h @@ -38,7 +38,7 @@ class BOTAN_DLL Keccak_1600 : public HashFunction void final_result(byte out[]); size_t output_bits, bitrate; - SecureVector S; + secure_vector S; size_t S_pos; }; diff --git a/src/hash/md2/md2.h b/src/hash/md2/md2.h index 84e0323f7..032d8a8e0 100644 --- a/src/hash/md2/md2.h +++ b/src/hash/md2/md2.h @@ -32,7 +32,7 @@ class BOTAN_DLL MD2 : public HashFunction void hash(const byte[]); void final_result(byte[]); - SecureVector X, checksum, buffer; + secure_vector X, checksum, buffer; size_t position; }; diff --git a/src/hash/md4/md4.h b/src/hash/md4/md4.h index d37dbe3b2..750be0fe7 100644 --- a/src/hash/md4/md4.h +++ b/src/hash/md4/md4.h @@ -33,12 +33,12 @@ class BOTAN_DLL MD4 : public MDx_HashFunction /** * The message buffer, exposed for use by subclasses (x86 asm) */ - SecureVector M; + secure_vector M; /** * The digest value, exposed for use by subclasses (x86 asm) */ - SecureVector digest; + secure_vector digest; }; } diff --git a/src/hash/md5/md5.h b/src/hash/md5/md5.h index 92c023c92..bc90df0af 100644 --- a/src/hash/md5/md5.h +++ b/src/hash/md5/md5.h @@ -33,12 +33,12 @@ class BOTAN_DLL MD5 : public MDx_HashFunction /** * The message buffer, exposed for use by subclasses (x86 asm) */ - SecureVector M; + secure_vector M; /** * The digest value, exposed for use by subclasses (x86 asm) */ - SecureVector digest; + secure_vector digest; }; } diff --git a/src/hash/mdx_hash/mdx_hash.h b/src/hash/mdx_hash/mdx_hash.h index ed3381605..14d3c27a0 100644 --- a/src/hash/mdx_hash/mdx_hash.h +++ b/src/hash/mdx_hash/mdx_hash.h @@ -55,7 +55,7 @@ class BOTAN_DLL MDx_HashFunction : public HashFunction */ virtual void write_count(byte out[]); private: - SecureVector buffer; + secure_vector buffer; u64bit count; size_t position; diff --git a/src/hash/rmd128/rmd128.h b/src/hash/rmd128/rmd128.h index d64cf3c84..e37666a27 100644 --- a/src/hash/rmd128/rmd128.h +++ b/src/hash/rmd128/rmd128.h @@ -30,7 +30,7 @@ class BOTAN_DLL RIPEMD_128 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector M, digest; + secure_vector M, digest; }; } diff --git a/src/hash/rmd160/rmd160.h b/src/hash/rmd160/rmd160.h index 5df4ad490..0e43fed9a 100644 --- a/src/hash/rmd160/rmd160.h +++ b/src/hash/rmd160/rmd160.h @@ -30,7 +30,7 @@ class BOTAN_DLL RIPEMD_160 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector M, digest; + secure_vector M, digest; }; } diff --git a/src/hash/sha1/sha160.h b/src/hash/sha1/sha160.h index c3b264861..e2a81808d 100644 --- a/src/hash/sha1/sha160.h +++ b/src/hash/sha1/sha160.h @@ -47,12 +47,12 @@ class BOTAN_DLL SHA_160 : public MDx_HashFunction /** * The digest value, exposed for use by subclasses (asm, SSE2) */ - SecureVector digest; + secure_vector digest; /** * The message buffer, exposed for use by subclasses (asm, SSE2) */ - SecureVector W; + secure_vector W; }; } diff --git a/src/hash/sha2_32/sha2_32.cpp b/src/hash/sha2_32/sha2_32.cpp index 6dd780e64..cffc8bd2a 100644 --- a/src/hash/sha2_32/sha2_32.cpp +++ b/src/hash/sha2_32/sha2_32.cpp @@ -50,7 +50,7 @@ inline u32bit sigma(u32bit X, u32bit rot1, u32bit rot2, u32bit shift) /* * SHA-224 / SHA-256 compression function */ -void compress(MemoryRegion& digest, +void compress(secure_vector& digest, const byte input[], size_t blocks) { u32bit A = digest[0], B = digest[1], C = digest[2], diff --git a/src/hash/sha2_32/sha2_32.h b/src/hash/sha2_32/sha2_32.h index 807b979d1..ccb8e07f2 100644 --- a/src/hash/sha2_32/sha2_32.h +++ b/src/hash/sha2_32/sha2_32.h @@ -31,7 +31,7 @@ class BOTAN_DLL SHA_224 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector digest; + secure_vector digest; }; /** @@ -52,7 +52,7 @@ class BOTAN_DLL SHA_256 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector digest; + secure_vector digest; }; } diff --git a/src/hash/sha2_64/sha2_64.cpp b/src/hash/sha2_64/sha2_64.cpp index 3026c3a39..8dcb4684e 100644 --- a/src/hash/sha2_64/sha2_64.cpp +++ b/src/hash/sha2_64/sha2_64.cpp @@ -49,7 +49,7 @@ inline u64bit sigma(u64bit X, u32bit rot1, u32bit rot2, u32bit shift) /* * SHA-{384,512} Compression Function */ -void compress(MemoryRegion& digest, +void compress(secure_vector& digest, const byte input[], size_t blocks) { u64bit A = digest[0], B = digest[1], C = digest[2], diff --git a/src/hash/sha2_64/sha2_64.h b/src/hash/sha2_64/sha2_64.h index 124d4bbfb..58b154170 100644 --- a/src/hash/sha2_64/sha2_64.h +++ b/src/hash/sha2_64/sha2_64.h @@ -30,7 +30,7 @@ class BOTAN_DLL SHA_384 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector digest; + secure_vector digest; }; /** @@ -51,7 +51,7 @@ class BOTAN_DLL SHA_512 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector digest; + secure_vector digest; }; } diff --git a/src/hash/skein/skein_512.cpp b/src/hash/skein/skein_512.cpp index 2458bf5f0..28c2aa38b 100644 --- a/src/hash/skein/skein_512.cpp +++ b/src/hash/skein/skein_512.cpp @@ -27,8 +27,8 @@ enum type_code { SKEIN_OUTPUT = 63 }; -void ubi_512(MemoryRegion& H, - MemoryRegion& T, +void ubi_512(secure_vector& H, + secure_vector& T, const byte msg[], size_t msg_len) { do @@ -125,7 +125,7 @@ void ubi_512(MemoryRegion& H, } while(msg_len); } -void reset_tweak(MemoryRegion& T, +void reset_tweak(secure_vector& T, type_code type, bool final) { T[0] = 0; @@ -135,8 +135,8 @@ void reset_tweak(MemoryRegion& T, (static_cast(final) << 63); } -void initial_block(MemoryRegion& H, - MemoryRegion& T, +void initial_block(secure_vector& H, + secure_vector& T, size_t output_bits, const std::string& personalization) { @@ -245,7 +245,7 @@ void Skein_512::final_result(byte out[]) size_t out_bytes = output_bits / 8; - SecureVector H_out(9); + secure_vector H_out(9); while(out_bytes) { diff --git a/src/hash/skein/skein_512.h b/src/hash/skein/skein_512.h index 8605e5991..e0abc06ae 100644 --- a/src/hash/skein/skein_512.h +++ b/src/hash/skein/skein_512.h @@ -41,9 +41,9 @@ class BOTAN_DLL Skein_512 : public HashFunction std::string personalization; size_t output_bits; - SecureVector H; - SecureVector T; - SecureVector buffer; + secure_vector H; + secure_vector T; + secure_vector buffer; size_t buf_pos; }; diff --git a/src/hash/tiger/tiger.cpp b/src/hash/tiger/tiger.cpp index daa0939b9..57250d6f5 100644 --- a/src/hash/tiger/tiger.cpp +++ b/src/hash/tiger/tiger.cpp @@ -17,7 +17,7 @@ namespace { /* * Tiger Mixing Function */ -inline void mix(MemoryRegion& X) +inline void mix(secure_vector& X) { X[0] -= X[7] ^ 0xA5A5A5A5A5A5A5A5; X[1] ^= X[0]; @@ -83,7 +83,7 @@ void Tiger::copy_out(byte output[]) * Tiger Pass */ void Tiger::pass(u64bit& A, u64bit& B, u64bit& C, - const MemoryRegion& X, + const secure_vector& X, byte mul) { C ^= X[0]; diff --git a/src/hash/tiger/tiger.h b/src/hash/tiger/tiger.h index 09c9947fb..70c70958b 100644 --- a/src/hash/tiger/tiger.h +++ b/src/hash/tiger/tiger.h @@ -38,7 +38,7 @@ class BOTAN_DLL Tiger : public MDx_HashFunction void copy_out(byte[]); static void pass(u64bit& A, u64bit& B, u64bit& C, - const MemoryRegion& M, + const secure_vector& M, byte mul); static const u64bit SBOX1[256]; @@ -46,7 +46,7 @@ class BOTAN_DLL Tiger : public MDx_HashFunction static const u64bit SBOX3[256]; static const u64bit SBOX4[256]; - SecureVector X, digest; + secure_vector X, digest; const size_t hash_len, passes; }; diff --git a/src/hash/whirlpool/whrlpool.h b/src/hash/whirlpool/whrlpool.h index ab7a78bc8..d4ad805e1 100644 --- a/src/hash/whirlpool/whrlpool.h +++ b/src/hash/whirlpool/whrlpool.h @@ -39,7 +39,7 @@ class BOTAN_DLL Whirlpool : public MDx_HashFunction static const u64bit C6[256]; static const u64bit C7[256]; - SecureVector M, digest; + secure_vector M, digest; }; } diff --git a/src/kdf/kdf.cpp b/src/kdf/kdf.cpp index 6281f753c..88cbd5b99 100644 --- a/src/kdf/kdf.cpp +++ b/src/kdf/kdf.cpp @@ -12,8 +12,8 @@ namespace Botan { /* * Derive a key */ -SecureVector KDF::derive_key(size_t key_len, - const MemoryRegion& secret, +secure_vector KDF::derive_key(size_t key_len, + const secure_vector& secret, const std::string& salt) const { return derive_key(key_len, &secret[0], secret.size(), @@ -24,8 +24,8 @@ SecureVector KDF::derive_key(size_t key_len, /* * Derive a key */ -SecureVector KDF::derive_key(size_t key_len, - const MemoryRegion& secret, +secure_vector KDF::derive_key(size_t key_len, + const secure_vector& secret, const byte salt[], size_t salt_len) const { return derive_key(key_len, &secret[0], secret.size(), @@ -35,18 +35,7 @@ SecureVector KDF::derive_key(size_t key_len, /* * Derive a key */ -SecureVector KDF::derive_key(size_t key_len, - const MemoryRegion& secret, - const MemoryRegion& salt) const - { - return derive_key(key_len, &secret[0], secret.size(), - &salt[0], salt.size()); - } - -/* -* Derive a key -*/ -SecureVector KDF::derive_key(size_t key_len, +secure_vector KDF::derive_key(size_t key_len, const byte secret[], size_t secret_len, const std::string& salt) const { @@ -58,7 +47,7 @@ SecureVector KDF::derive_key(size_t key_len, /* * Derive a key */ -SecureVector KDF::derive_key(size_t key_len, +secure_vector KDF::derive_key(size_t key_len, const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const { diff --git a/src/kdf/kdf.h b/src/kdf/kdf.h index 3ec912cfe..e158df0ae 100644 --- a/src/kdf/kdf.h +++ b/src/kdf/kdf.h @@ -26,8 +26,8 @@ class BOTAN_DLL KDF : public Algorithm * @param secret the secret input * @param salt a diversifier */ - SecureVector derive_key(size_t key_len, - const MemoryRegion& secret, + secure_vector derive_key(size_t key_len, + const secure_vector& secret, const std::string& salt = "") const; /** @@ -36,9 +36,15 @@ class BOTAN_DLL KDF : public Algorithm * @param secret the secret input * @param salt a diversifier */ - SecureVector derive_key(size_t key_len, - const MemoryRegion& secret, - const MemoryRegion& salt) const; + template + secure_vector derive_key(size_t key_len, + const std::vector& secret, + const std::vector& salt) const + { + return derive_key(key_len, &secret[0], secret.size(), + &salt[0], salt.size()); + + } /** * Derive a key @@ -47,8 +53,8 @@ class BOTAN_DLL KDF : public Algorithm * @param salt a diversifier * @param salt_len size of salt in bytes */ - SecureVector derive_key(size_t key_len, - const MemoryRegion& secret, + secure_vector derive_key(size_t key_len, + const secure_vector& secret, const byte salt[], size_t salt_len) const; @@ -59,7 +65,7 @@ class BOTAN_DLL KDF : public Algorithm * @param secret_len size of secret in bytes * @param salt a diversifier */ - SecureVector derive_key(size_t key_len, + secure_vector derive_key(size_t key_len, const byte secret[], size_t secret_len, const std::string& salt = "") const; @@ -72,7 +78,7 @@ class BOTAN_DLL KDF : public Algorithm * @param salt a diversifier * @param salt_len size of salt in bytes */ - SecureVector derive_key(size_t key_len, + secure_vector derive_key(size_t key_len, const byte secret[], size_t secret_len, const byte salt[], @@ -82,7 +88,7 @@ class BOTAN_DLL KDF : public Algorithm virtual KDF* clone() const = 0; private: - virtual SecureVector + virtual secure_vector derive(size_t key_len, const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const = 0; diff --git a/src/kdf/kdf1/kdf1.cpp b/src/kdf/kdf1/kdf1.cpp index f3e4e208f..f00f71010 100644 --- a/src/kdf/kdf1/kdf1.cpp +++ b/src/kdf/kdf1/kdf1.cpp @@ -12,7 +12,7 @@ namespace Botan { /* * KDF1 Key Derivation Mechanism */ -SecureVector KDF1::derive(size_t, +secure_vector KDF1::derive(size_t, const byte secret[], size_t secret_len, const byte P[], size_t P_len) const { diff --git a/src/kdf/kdf1/kdf1.h b/src/kdf/kdf1/kdf1.h index f627235be..6a14d2995 100644 --- a/src/kdf/kdf1/kdf1.h +++ b/src/kdf/kdf1/kdf1.h @@ -19,7 +19,7 @@ namespace Botan { class BOTAN_DLL KDF1 : public KDF { public: - SecureVector derive(size_t, + secure_vector derive(size_t, const byte secret[], size_t secret_len, const byte P[], size_t P_len) const; diff --git a/src/kdf/kdf2/kdf2.cpp b/src/kdf/kdf2/kdf2.cpp index 51b9e41ea..39a929b58 100644 --- a/src/kdf/kdf2/kdf2.cpp +++ b/src/kdf/kdf2/kdf2.cpp @@ -12,11 +12,11 @@ namespace Botan { /* * KDF2 Key Derivation Mechanism */ -SecureVector KDF2::derive(size_t out_len, +secure_vector KDF2::derive(size_t out_len, const byte secret[], size_t secret_len, const byte P[], size_t P_len) const { - SecureVector output; + secure_vector output; u32bit counter = 1; while(out_len && counter) @@ -25,7 +25,7 @@ SecureVector KDF2::derive(size_t out_len, hash->update_be(counter); hash->update(P, P_len); - SecureVector hash_result = hash->final(); + secure_vector hash_result = hash->final(); size_t added = std::min(hash_result.size(), out_len); output += std::make_pair(&hash_result[0], added); diff --git a/src/kdf/kdf2/kdf2.h b/src/kdf/kdf2/kdf2.h index e85fe6d1c..e33939df9 100644 --- a/src/kdf/kdf2/kdf2.h +++ b/src/kdf/kdf2/kdf2.h @@ -19,7 +19,7 @@ namespace Botan { class BOTAN_DLL KDF2 : public KDF { public: - SecureVector derive(size_t, const byte[], size_t, + secure_vector derive(size_t, const byte[], size_t, const byte[], size_t) const; std::string name() const { return "KDF2(" + hash->name() + ")"; } diff --git a/src/kdf/mgf1/mgf1.cpp b/src/kdf/mgf1/mgf1.cpp index 7d949c2b8..e0433a02f 100644 --- a/src/kdf/mgf1/mgf1.cpp +++ b/src/kdf/mgf1/mgf1.cpp @@ -25,7 +25,7 @@ void MGF1::mask(const byte in[], size_t in_len, byte out[], { hash->update(in, in_len); hash->update_be(counter); - SecureVector buffer = hash->final(); + secure_vector buffer = hash->final(); size_t xored = std::min(buffer.size(), out_len); xor_buf(out, &buffer[0], xored); diff --git a/src/kdf/prf_ssl3/prf_ssl3.cpp b/src/kdf/prf_ssl3/prf_ssl3.cpp index 72cf023e2..8475bf40a 100644 --- a/src/kdf/prf_ssl3/prf_ssl3.cpp +++ b/src/kdf/prf_ssl3/prf_ssl3.cpp @@ -33,11 +33,11 @@ OctetString next_hash(size_t where, size_t want, sha1.update(static_cast(ASCII_A_CHAR + where)); sha1.update(secret, secret_len); sha1.update(seed, seed_len); - SecureVector sha1_hash = sha1.final(); + secure_vector sha1_hash = sha1.final(); md5.update(secret, secret_len); md5.update(sha1_hash); - SecureVector md5_hash = md5.final(); + secure_vector md5_hash = md5.final(); return OctetString(&md5_hash[0], want); } @@ -47,7 +47,7 @@ OctetString next_hash(size_t where, size_t want, /* * SSL3 PRF */ -SecureVector SSL3_PRF::derive(size_t key_len, +secure_vector SSL3_PRF::derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const { diff --git a/src/kdf/prf_ssl3/prf_ssl3.h b/src/kdf/prf_ssl3/prf_ssl3.h index b07454be2..bae8badb8 100644 --- a/src/kdf/prf_ssl3/prf_ssl3.h +++ b/src/kdf/prf_ssl3/prf_ssl3.h @@ -18,7 +18,7 @@ namespace Botan { class BOTAN_DLL SSL3_PRF : public KDF { public: - SecureVector derive(size_t, const byte[], size_t, + secure_vector derive(size_t, const byte[], size_t, const byte[], size_t) const; std::string name() const { return "SSL3-PRF"; } diff --git a/src/kdf/prf_tls/prf_tls.cpp b/src/kdf/prf_tls/prf_tls.cpp index 1236e13c7..006b418c9 100644 --- a/src/kdf/prf_tls/prf_tls.cpp +++ b/src/kdf/prf_tls/prf_tls.cpp @@ -18,7 +18,7 @@ namespace { /* * TLS PRF P_hash function */ -void P_hash(MemoryRegion& output, +void P_hash(secure_vector& output, MessageAuthenticationCode* mac, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) @@ -34,7 +34,7 @@ void P_hash(MemoryRegion& output, " bytes is too long for the PRF"); } - SecureVector A(seed, seed_len); + secure_vector A(seed, seed + seed_len); size_t offset = 0; @@ -47,7 +47,7 @@ void P_hash(MemoryRegion& output, mac->update(A); mac->update(seed, seed_len); - SecureVector block = mac->final(); + secure_vector block = mac->final(); xor_buf(&output[offset], &block[0], this_block_len); offset += this_block_len; @@ -74,11 +74,11 @@ TLS_PRF::~TLS_PRF() /* * TLS PRF */ -SecureVector TLS_PRF::derive(size_t key_len, +secure_vector TLS_PRF::derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const { - SecureVector output(key_len); + secure_vector output(key_len); size_t S1_len = (secret_len + 1) / 2, S2_len = (secret_len + 1) / 2; @@ -103,11 +103,11 @@ TLS_12_PRF::~TLS_12_PRF() delete hmac; } -SecureVector TLS_12_PRF::derive(size_t key_len, +secure_vector TLS_12_PRF::derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const { - SecureVector output(key_len); + secure_vector output(key_len); P_hash(output, hmac, secret, secret_len, seed, seed_len); diff --git a/src/kdf/prf_tls/prf_tls.h b/src/kdf/prf_tls/prf_tls.h index 5237f17c0..fce11eae0 100644 --- a/src/kdf/prf_tls/prf_tls.h +++ b/src/kdf/prf_tls/prf_tls.h @@ -20,7 +20,7 @@ namespace Botan { class BOTAN_DLL TLS_PRF : public KDF { public: - SecureVector derive(size_t key_len, + secure_vector derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const; @@ -40,7 +40,7 @@ class BOTAN_DLL TLS_PRF : public KDF class BOTAN_DLL TLS_12_PRF : public KDF { public: - SecureVector derive(size_t key_len, + secure_vector derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const; diff --git a/src/kdf/prf_x942/prf_x942.cpp b/src/kdf/prf_x942/prf_x942.cpp index fc31effe4..149be163f 100644 --- a/src/kdf/prf_x942/prf_x942.cpp +++ b/src/kdf/prf_x942/prf_x942.cpp @@ -20,11 +20,11 @@ namespace { /* * Encode an integer as an OCTET STRING */ -MemoryVector encode_x942_int(u32bit n) +std::vector encode_x942_int(u32bit n) { byte n_buf[4] = { 0 }; store_be(n, n_buf); - return DER_Encoder().encode(n_buf, 4, OCTET_STRING).get_contents(); + return DER_Encoder().encode(n_buf, 4, OCTET_STRING).get_contents_unlocked(); } } @@ -32,14 +32,14 @@ MemoryVector encode_x942_int(u32bit n) /* * X9.42 PRF */ -SecureVector X942_PRF::derive(size_t key_len, +secure_vector X942_PRF::derive(size_t key_len, const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const { SHA_160 hash; const OID kek_algo(key_wrap_oid); - SecureVector key; + secure_vector key; u32bit counter = 1; while(key.size() != key_len && counter) @@ -68,7 +68,7 @@ SecureVector X942_PRF::derive(size_t key_len, .end_cons().get_contents() ); - SecureVector digest = hash.final(); + secure_vector digest = hash.final(); const size_t needed = std::min(digest.size(), key_len - key.size()); key += std::make_pair(&digest[0], needed); diff --git a/src/kdf/prf_x942/prf_x942.h b/src/kdf/prf_x942/prf_x942.h index e6093eda6..f86b1bdd5 100644 --- a/src/kdf/prf_x942/prf_x942.h +++ b/src/kdf/prf_x942/prf_x942.h @@ -18,7 +18,7 @@ namespace Botan { class BOTAN_DLL X942_PRF : public KDF { public: - SecureVector derive(size_t, const byte[], size_t, + secure_vector derive(size_t, const byte[], size_t, const byte[], size_t) const; std::string name() const { return "X942_PRF(" + key_wrap_oid + ")"; } diff --git a/src/libstate/info.txt b/src/libstate/info.txt index ef0c9a47e..0e523e601 100644 --- a/src/libstate/info.txt +++ b/src/libstate/info.txt @@ -45,5 +45,4 @@ rng sha2_32 sha2_64 stream -system_alloc diff --git a/src/libstate/libstate.cpp b/src/libstate/libstate.cpp index 588c5db1b..eafa6dbb0 100644 --- a/src/libstate/libstate.cpp +++ b/src/libstate/libstate.cpp @@ -9,7 +9,6 @@ #include #include #include -#include #include #include #include @@ -19,10 +18,6 @@ #include #endif -#if defined(BOTAN_HAS_ALLOC_MMAP) - #include -#endif - #if defined(BOTAN_HAS_ENGINE_ASSEMBLER) #include #endif @@ -45,53 +40,6 @@ namespace Botan { -/* -* Get an allocator by its name -*/ -Allocator* Library_State::get_allocator(const std::string& type) - { - std::lock_guard lock(allocator_lock); - - if(type != "") - return search_map(alloc_factory, type, 0); - - if(!cached_default_allocator) - { - cached_default_allocator = - search_map(alloc_factory, - default_allocator_name, 0); - } - - return cached_default_allocator; - } - -/* -* Create a new name to object mapping -*/ -void Library_State::add_allocator(Allocator* allocator) - { - std::lock_guard lock(allocator_lock); - - allocator->init(); - - allocators.push_back(allocator); - alloc_factory[allocator->type()] = allocator; - } - -/* -* Set the default allocator type -*/ -void Library_State::set_default_allocator(const std::string& type) - { - if(type == "") - return; - - std::lock_guard lock(allocator_lock); - - default_allocator_name = type; - cached_default_allocator = 0; - } - /* * Get a configuration value */ @@ -184,16 +132,6 @@ void Library_State::initialize() if(m_algorithm_factory) throw Invalid_State("Library_State has already been initialized"); - cached_default_allocator = 0; - default_allocator_name = has_mlock() ? "locking" : "malloc"; - - add_allocator(new Malloc_Allocator); - add_allocator(new Locking_Allocator); - -#if defined(BOTAN_HAS_ALLOC_MMAP) - add_allocator(new MemoryMapping_Allocator); -#endif - load_default_config(); m_algorithm_factory = new Algorithm_Factory(); @@ -230,7 +168,6 @@ void Library_State::initialize() */ Library_State::Library_State() { - cached_default_allocator = 0; m_algorithm_factory = 0; global_rng_ptr = 0; @@ -246,15 +183,6 @@ Library_State::~Library_State() delete global_rng_ptr; global_rng_ptr = 0; - - - cached_default_allocator = 0; - - for(size_t i = 0; i != allocators.size(); ++i) - { - allocators[i]->destroy(); - delete allocators[i]; - } } } diff --git a/src/libstate/libstate.h b/src/libstate/libstate.h index 49908a1e3..b260a5bb9 100644 --- a/src/libstate/libstate.h +++ b/src/libstate/libstate.h @@ -9,7 +9,6 @@ #define BOTAN_LIB_STATE_H__ #include -#include #include #include @@ -44,18 +43,6 @@ class BOTAN_DLL Library_State */ RandomNumberGenerator& global_rng(); - /** - * @param name the name of the allocator - * @return allocator matching this name, or NULL - */ - Allocator* get_allocator(const std::string& name = ""); - - /** - * Add a new allocator to the list of available ones - * @param alloc the allocator to add - */ - void add_allocator(Allocator* alloc); - /** * Set the default allocator * @param name the name of the allocator to use as the default @@ -121,12 +108,6 @@ class BOTAN_DLL Library_State std::mutex config_lock; std::map config; - std::mutex allocator_lock; - std::string default_allocator_name; - std::map alloc_factory; - mutable Allocator* cached_default_allocator; - std::vector allocators; - Algorithm_Factory* m_algorithm_factory; }; diff --git a/src/mac/cbc_mac/cbc_mac.h b/src/mac/cbc_mac/cbc_mac.h index 5cc8adc67..be25718d9 100644 --- a/src/mac/cbc_mac/cbc_mac.h +++ b/src/mac/cbc_mac/cbc_mac.h @@ -40,7 +40,7 @@ class BOTAN_DLL CBC_MAC : public MessageAuthenticationCode void key_schedule(const byte[], size_t); BlockCipher* e; - SecureVector state; + secure_vector state; size_t position; }; diff --git a/src/mac/cmac/cmac.cpp b/src/mac/cmac/cmac.cpp index 7cd53f578..00120cf14 100644 --- a/src/mac/cmac/cmac.cpp +++ b/src/mac/cmac/cmac.cpp @@ -13,12 +13,12 @@ namespace Botan { /* * Perform CMAC's multiplication in GF(2^n) */ -SecureVector CMAC::poly_double(const MemoryRegion& in, +secure_vector CMAC::poly_double(const secure_vector& in, byte polynomial) { const byte poly_xor = (in[0] & 0x80) ? polynomial : 0; - SecureVector out = in; + secure_vector out = in; byte carry = 0; for(size_t i = out.size(); i != 0; --i) diff --git a/src/mac/cmac/cmac.h b/src/mac/cmac/cmac.h index 98634bdb7..3e75d3951 100644 --- a/src/mac/cmac/cmac.h +++ b/src/mac/cmac/cmac.h @@ -35,7 +35,7 @@ class BOTAN_DLL CMAC : public MessageAuthenticationCode * @param in the input * @param polynomial the byte value of the polynomial */ - static SecureVector poly_double(const MemoryRegion& in, + static secure_vector poly_double(const secure_vector& in, byte polynomial); /** @@ -49,7 +49,7 @@ class BOTAN_DLL CMAC : public MessageAuthenticationCode void key_schedule(const byte[], size_t); BlockCipher* e; - SecureVector buffer, state, B, P; + secure_vector buffer, state, B, P; size_t position; byte polynomial; }; diff --git a/src/mac/hmac/hmac.cpp b/src/mac/hmac/hmac.cpp index fc35e26ea..61cb262d0 100644 --- a/src/mac/hmac/hmac.cpp +++ b/src/mac/hmac/hmac.cpp @@ -42,7 +42,7 @@ void HMAC::key_schedule(const byte key[], size_t length) if(length > hash->hash_block_size()) { - SecureVector hmac_key = hash->process(key, length); + secure_vector hmac_key = hash->process(key, length); xor_buf(i_key, hmac_key, hmac_key.size()); xor_buf(o_key, hmac_key, hmac_key.size()); } diff --git a/src/mac/hmac/hmac.h b/src/mac/hmac/hmac.h index 9de1bc7b5..cb5bd6917 100644 --- a/src/mac/hmac/hmac.h +++ b/src/mac/hmac/hmac.h @@ -41,7 +41,7 @@ class BOTAN_DLL HMAC : public MessageAuthenticationCode void key_schedule(const byte[], size_t); HashFunction* hash; - SecureVector i_key, o_key; + secure_vector i_key, o_key; }; } diff --git a/src/mac/mac.cpp b/src/mac/mac.cpp index 2ef4ab64c..094aa1b4a 100644 --- a/src/mac/mac.cpp +++ b/src/mac/mac.cpp @@ -15,7 +15,7 @@ namespace Botan { */ bool MessageAuthenticationCode::verify_mac(const byte mac[], size_t length) { - SecureVector our_mac = final(); + secure_vector our_mac = final(); if(our_mac.size() != length) return false; diff --git a/src/mac/ssl3mac/ssl3_mac.h b/src/mac/ssl3mac/ssl3_mac.h index a85a78263..d23ac023c 100644 --- a/src/mac/ssl3mac/ssl3_mac.h +++ b/src/mac/ssl3mac/ssl3_mac.h @@ -41,7 +41,7 @@ class BOTAN_DLL SSL3_MAC : public MessageAuthenticationCode void key_schedule(const byte[], size_t); HashFunction* hash; - SecureVector i_key, o_key; + secure_vector i_key, o_key; }; } diff --git a/src/mac/x919_mac/x919_mac.cpp b/src/mac/x919_mac/x919_mac.cpp index fcbe77537..faf6138ef 100644 --- a/src/mac/x919_mac/x919_mac.cpp +++ b/src/mac/x919_mac/x919_mac.cpp @@ -44,7 +44,7 @@ void ANSI_X919_MAC::final_result(byte mac[]) { if(position) e->encrypt(state); - d->decrypt(state, mac); + d->decrypt(&state[0], mac); e->encrypt(mac); zeroise(state); position = 0; diff --git a/src/mac/x919_mac/x919_mac.h b/src/mac/x919_mac/x919_mac.h index 58a005e0b..4b5e63b33 100644 --- a/src/mac/x919_mac/x919_mac.h +++ b/src/mac/x919_mac/x919_mac.h @@ -41,7 +41,7 @@ class BOTAN_DLL ANSI_X919_MAC : public MessageAuthenticationCode BlockCipher* e; BlockCipher* d; - SecureVector state; + secure_vector state; size_t position; }; diff --git a/src/math/bigint/big_code.cpp b/src/math/bigint/big_code.cpp index 28614c9f1..a55ec662e 100644 --- a/src/math/bigint/big_code.cpp +++ b/src/math/bigint/big_code.cpp @@ -21,7 +21,7 @@ void BigInt::encode(byte output[], const BigInt& n, Base base) n.binary_encode(output); else if(base == Hexadecimal) { - SecureVector binary(n.encoded_size(Binary)); + secure_vector binary(n.encoded_size(Binary)); n.binary_encode(&binary[0]); hex_encode(reinterpret_cast(output), @@ -61,9 +61,23 @@ void BigInt::encode(byte output[], const BigInt& n, Base base) /* * Encode a BigInt */ -SecureVector BigInt::encode(const BigInt& n, Base base) +std::vector BigInt::encode(const BigInt& n, Base base) { - SecureVector output(n.encoded_size(base)); + std::vector output(n.encoded_size(base)); + encode(&output[0], n, base); + if(base != Binary) + for(size_t j = 0; j != output.size(); ++j) + if(output[j] == 0) + output[j] = '0'; + return output; + } + +/* +* Encode a BigInt +*/ +secure_vector BigInt::encode_locked(const BigInt& n, Base base) + { + secure_vector output(n.encoded_size(base)); encode(&output[0], n, base); if(base != Binary) for(size_t j = 0; j != output.size(); ++j) @@ -75,7 +89,7 @@ SecureVector BigInt::encode(const BigInt& n, Base base) /* * Encode a BigInt, with leading 0s if needed */ -SecureVector BigInt::encode_1363(const BigInt& n, size_t bytes) +secure_vector BigInt::encode_1363(const BigInt& n, size_t bytes) { const size_t n_bytes = n.bytes(); if(n_bytes > bytes) @@ -83,19 +97,11 @@ SecureVector BigInt::encode_1363(const BigInt& n, size_t bytes) const size_t leading_0s = bytes - n_bytes; - SecureVector output(bytes); + secure_vector output(bytes); encode(&output[leading_0s], n, Binary); return output; } -/* -* Decode a BigInt -*/ -BigInt BigInt::decode(const MemoryRegion& buf, Base base) - { - return BigInt::decode(&buf[0], buf.size(), base); - } - /* * Decode a BigInt */ @@ -106,7 +112,7 @@ BigInt BigInt::decode(const byte buf[], size_t length, Base base) r.binary_decode(buf, length); else if(base == Hexadecimal) { - SecureVector binary; + secure_vector binary; if(length % 2) { diff --git a/src/math/bigint/big_io.cpp b/src/math/bigint/big_io.cpp index 70e4a464a..130a98a3b 100644 --- a/src/math/bigint/big_io.cpp +++ b/src/math/bigint/big_io.cpp @@ -27,7 +27,7 @@ std::ostream& operator<<(std::ostream& stream, const BigInt& n) { if(n < 0) stream.write("-", 1); - SecureVector buffer = BigInt::encode(n, base); + const std::vector buffer = BigInt::encode(n, base); size_t skip = 0; while(buffer[skip] == '0' && skip < buffer.size()) ++skip; diff --git a/src/math/bigint/big_ops2.cpp b/src/math/bigint/big_ops2.cpp index ff5cc7922..ea2bdc961 100644 --- a/src/math/bigint/big_ops2.cpp +++ b/src/math/bigint/big_ops2.cpp @@ -23,15 +23,15 @@ BigInt& BigInt::operator+=(const BigInt& y) grow_to(reg_size); if(sign() == y.sign()) - bigint_add2(get_reg(), reg_size - 1, y.data(), y_sw); + bigint_add2(data(), reg_size - 1, y.data(), y_sw); else { s32bit relative_size = bigint_cmp(data(), x_sw, y.data(), y_sw); if(relative_size < 0) { - SecureVector z(reg_size - 1); - bigint_sub3(z, y.data(), reg_size - 1, data(), x_sw); + secure_vector z(reg_size - 1); + bigint_sub3(&z[0], y.data(), reg_size - 1, data(), x_sw); copy_mem(®[0], &z[0], z.size()); set_sign(y.sign()); } @@ -41,7 +41,7 @@ BigInt& BigInt::operator+=(const BigInt& y) set_sign(Positive); } else if(relative_size > 0) - bigint_sub2(get_reg(), x_sw, y.data(), y_sw); + bigint_sub2(data(), x_sw, y.data(), y_sw); } return (*this); @@ -62,9 +62,9 @@ BigInt& BigInt::operator-=(const BigInt& y) if(relative_size < 0) { if(sign() == y.sign()) - bigint_sub2_rev(get_reg(), y.data(), y_sw); + bigint_sub2_rev(data(), y.data(), y_sw); else - bigint_add2(get_reg(), reg_size - 1, y.data(), y_sw); + bigint_add2(data(), reg_size - 1, y.data(), y_sw); set_sign(y.reverse_sign()); } @@ -76,14 +76,14 @@ BigInt& BigInt::operator-=(const BigInt& y) set_sign(Positive); } else - bigint_shl1(get_reg(), x_sw, 0, 1); + bigint_shl1(data(), x_sw, 0, 1); } else if(relative_size > 0) { if(sign() == y.sign()) - bigint_sub2(get_reg(), x_sw, y.data(), y_sw); + bigint_sub2(data(), x_sw, y.data(), y_sw); else - bigint_add2(get_reg(), reg_size - 1, y.data(), y_sw); + bigint_add2(data(), reg_size - 1, y.data(), y_sw); } return (*this); @@ -105,22 +105,22 @@ BigInt& BigInt::operator*=(const BigInt& y) else if(x_sw == 1 && y_sw) { grow_to(y_sw + 2); - bigint_linmul3(get_reg(), y.data(), y_sw, word_at(0)); + bigint_linmul3(data(), y.data(), y_sw, word_at(0)); } else if(y_sw == 1 && x_sw) { grow_to(x_sw + 2); - bigint_linmul2(get_reg(), x_sw, y.word_at(0)); + bigint_linmul2(data(), x_sw, y.word_at(0)); } else { grow_to(size() + y.size()); - SecureVector z(data(), x_sw); - SecureVector workspace(size()); + secure_vector z(data(), data() + x_sw); + secure_vector workspace(size()); - bigint_mul(get_reg(), size(), workspace, - z, z.size(), x_sw, + bigint_mul(data(), size(), &workspace[0], + &z[0], z.size(), x_sw, y.data(), y.size(), y_sw); } @@ -159,7 +159,7 @@ word BigInt::operator%=(word mod) word result = (word_at(0) & (mod - 1)); clear(); grow_to(2); - get_reg()[0] = result; + reg[0] = result; return result; } @@ -171,9 +171,9 @@ word BigInt::operator%=(word mod) grow_to(2); if(remainder && sign() == BigInt::Negative) - get_reg()[0] = mod - remainder; + reg[0] = mod - remainder; else - get_reg()[0] = remainder; + reg[0] = remainder; set_sign(BigInt::Positive); @@ -192,7 +192,7 @@ BigInt& BigInt::operator<<=(size_t shift) words = sig_words(); grow_to(words + shift_words + (shift_bits ? 1 : 0)); - bigint_shl1(get_reg(), words, shift_words, shift_bits); + bigint_shl1(data(), words, shift_words, shift_bits); } return (*this); @@ -208,7 +208,7 @@ BigInt& BigInt::operator>>=(size_t shift) const size_t shift_words = shift / MP_WORD_BITS, shift_bits = shift % MP_WORD_BITS; - bigint_shr1(get_reg(), sig_words(), shift_words, shift_bits); + bigint_shr1(data(), sig_words(), shift_words, shift_bits); if(is_zero()) set_sign(Positive); diff --git a/src/math/bigint/big_ops3.cpp b/src/math/bigint/big_ops3.cpp index 52472bc52..a33b32bb7 100644 --- a/src/math/bigint/big_ops3.cpp +++ b/src/math/bigint/big_ops3.cpp @@ -23,20 +23,20 @@ BigInt operator+(const BigInt& x, const BigInt& y) BigInt z(x.sign(), std::max(x_sw, y_sw) + 1); if((x.sign() == y.sign())) - bigint_add3(z.get_reg(), x.data(), x_sw, y.data(), y_sw); + bigint_add3(z.data(), x.data(), x_sw, y.data(), y_sw); else { s32bit relative_size = bigint_cmp(x.data(), x_sw, y.data(), y_sw); if(relative_size < 0) { - bigint_sub3(z.get_reg(), y.data(), y_sw, x.data(), x_sw); + bigint_sub3(z.data(), y.data(), y_sw, x.data(), x_sw); z.set_sign(y.sign()); } else if(relative_size == 0) z.set_sign(BigInt::Positive); else if(relative_size > 0) - bigint_sub3(z.get_reg(), x.data(), x_sw, y.data(), y_sw); + bigint_sub3(z.data(), x.data(), x_sw, y.data(), y_sw); } return z; @@ -56,22 +56,22 @@ BigInt operator-(const BigInt& x, const BigInt& y) if(relative_size < 0) { if(x.sign() == y.sign()) - bigint_sub3(z.get_reg(), y.data(), y_sw, x.data(), x_sw); + bigint_sub3(z.data(), y.data(), y_sw, x.data(), x_sw); else - bigint_add3(z.get_reg(), x.data(), x_sw, y.data(), y_sw); + bigint_add3(z.data(), x.data(), x_sw, y.data(), y_sw); z.set_sign(y.reverse_sign()); } else if(relative_size == 0) { if(x.sign() != y.sign()) - bigint_shl2(z.get_reg(), x.data(), x_sw, 0, 1); + bigint_shl2(z.data(), x.data(), x_sw, 0, 1); } else if(relative_size > 0) { if(x.sign() == y.sign()) - bigint_sub3(z.get_reg(), x.data(), x_sw, y.data(), y_sw); + bigint_sub3(z.data(), x.data(), x_sw, y.data(), y_sw); else - bigint_add3(z.get_reg(), x.data(), x_sw, y.data(), y_sw); + bigint_add3(z.data(), x.data(), x_sw, y.data(), y_sw); z.set_sign(x.sign()); } return z; @@ -87,13 +87,13 @@ BigInt operator*(const BigInt& x, const BigInt& y) BigInt z(BigInt::Positive, x.size() + y.size()); if(x_sw == 1 && y_sw) - bigint_linmul3(z.get_reg(), y.data(), y_sw, x.word_at(0)); + bigint_linmul3(z.data(), y.data(), y_sw, x.word_at(0)); else if(y_sw == 1 && x_sw) - bigint_linmul3(z.get_reg(), x.data(), x_sw, y.word_at(0)); + bigint_linmul3(z.data(), x.data(), x_sw, y.word_at(0)); else if(x_sw && y_sw) { - SecureVector workspace(z.size()); - bigint_mul(z.get_reg(), z.size(), workspace, + secure_vector workspace(z.size()); + bigint_mul(z.data(), z.size(), &workspace[0], x.data(), x.size(), x_sw, y.data(), y.size(), y_sw); } @@ -164,7 +164,7 @@ BigInt operator<<(const BigInt& x, size_t shift) const size_t x_sw = x.sig_words(); BigInt y(x.sign(), x_sw + shift_words + (shift_bits ? 1 : 0)); - bigint_shl2(y.get_reg(), x.data(), x_sw, shift_words, shift_bits); + bigint_shl2(y.data(), x.data(), x_sw, shift_words, shift_bits); return y; } @@ -183,7 +183,7 @@ BigInt operator>>(const BigInt& x, size_t shift) x_sw = x.sig_words(); BigInt y(x.sign(), x_sw - shift_words); - bigint_shr2(y.get_reg(), x.data(), x_sw, shift_words, shift_bits); + bigint_shr2(y.data(), x.data(), x_sw, shift_words, shift_bits); return y; } diff --git a/src/math/bigint/big_rand.cpp b/src/math/bigint/big_rand.cpp index 7cddb2de0..a6776a296 100644 --- a/src/math/bigint/big_rand.cpp +++ b/src/math/bigint/big_rand.cpp @@ -35,7 +35,7 @@ void BigInt::randomize(RandomNumberGenerator& rng, clear(); else { - SecureVector array = rng.random_vec((bitsize + 7) / 8); + secure_vector array = rng.random_vec((bitsize + 7) / 8); if(bitsize % 8) array[0] &= 0xFF >> (8 - (bitsize % 8)); diff --git a/src/math/bigint/bigint.cpp b/src/math/bigint/bigint.cpp index df4414aba..5029c01f8 100644 --- a/src/math/bigint/bigint.cpp +++ b/src/math/bigint/bigint.cpp @@ -345,12 +345,4 @@ void BigInt::binary_decode(const byte buf[], size_t length) reg[length / WORD_BYTES] = (reg[length / WORD_BYTES] << 8) | buf[i]; } -/* -* Set this number to the value in buf -*/ -void BigInt::binary_decode(const MemoryRegion& buf) - { - binary_decode(buf, buf.size()); - } - } diff --git a/src/math/bigint/bigint.h b/src/math/bigint/bigint.h index 57aa84528..98b98bd6f 100644 --- a/src/math/bigint/bigint.h +++ b/src/math/bigint/bigint.h @@ -309,6 +309,13 @@ class BOTAN_DLL BigInt */ size_t bits() const; + /** + * Return a pointer to the big integer word register + * @result a pointer to the start of the internal register of + * the integer value + */ + word* data() { return ®[0]; } + /** * Return a pointer to the big integer word register * @result a pointer to the start of the internal register of @@ -318,18 +325,18 @@ class BOTAN_DLL BigInt /** * return a reference to the internal register containing the value - * @result a reference to the word-array (SecureVector) + * @result a reference to the word-array (secure_vector) * with the internal register value (containing the integer * value) */ - SecureVector& get_reg() { return reg; } + secure_vector& get_reg() { return reg; } /** * return a const reference to the internal register containing the value - * @result a const reference to the word-array (SecureVector) + * @result a const reference to the word-array (secure_vector) * with the internal register value (containing the integer value) */ - const SecureVector& get_reg() const { return reg; } + const secure_vector& get_reg() const { return reg; } /** * Assign using a plain word array @@ -369,10 +376,13 @@ class BOTAN_DLL BigInt void binary_decode(const byte buf[], size_t length); /** - * Read integer value from a byte array (MemoryRegion) + * Read integer value from a byte array (secure_vector) * @param buf the array to load from */ - void binary_decode(const MemoryRegion& buf); + void binary_decode(const secure_vector& buf) + { + binary_decode(&buf[0], buf.size()); + } /** * @param base the base to measure the size for @@ -391,12 +401,21 @@ class BOTAN_DLL BigInt const BigInt& max); /** - * Encode the integer value from a BigInt to a SecureVector of bytes + * Encode the integer value from a BigInt to a std::vector of bytes + * @param n the BigInt to use as integer source + * @param base number-base of resulting byte array representation + * @result secure_vector of bytes containing the integer with given base + */ + static std::vector encode(const BigInt& n, Base base = Binary); + + /** + * Encode the integer value from a BigInt to a secure_vector of bytes * @param n the BigInt to use as integer source * @param base number-base of resulting byte array representation - * @result SecureVector of bytes containing the integer with given base + * @result secure_vector of bytes containing the integer with given base */ - static SecureVector encode(const BigInt& n, Base base = Binary); + static secure_vector encode_locked(const BigInt& n, + Base base = Binary); /** * Encode the integer value from a BigInt to a byte array @@ -423,16 +442,31 @@ class BOTAN_DLL BigInt * @param base number-base of the integer in buf * @result BigInt representing the integer in the byte array */ - static BigInt decode(const MemoryRegion& buf, - Base base = Binary); + static BigInt decode(const secure_vector& buf, + Base base = Binary) + { + return BigInt::decode(&buf[0], buf.size(), base); + } + + /** + * Create a BigInt from an integer in a byte array + * @param buf the binary value to load + * @param base number-base of the integer in buf + * @result BigInt representing the integer in the byte array + */ + static BigInt decode(const std::vector& buf, + Base base = Binary) + { + return BigInt::decode(&buf[0], buf.size(), base); + } /** * Encode a BigInt to a byte array according to IEEE 1363 * @param n the BigInt to encode - * @param bytes the length of the resulting SecureVector - * @result a SecureVector containing the encoded BigInt + * @param bytes the length of the resulting secure_vector + * @result a secure_vector containing the encoded BigInt */ - static SecureVector encode_1363(const BigInt& n, size_t bytes); + static secure_vector encode_1363(const BigInt& n, size_t bytes); /** * Swap this value with another @@ -528,7 +562,7 @@ class BOTAN_DLL BigInt */ BigInt& operator=(const BigInt&) = default; private: - SecureVector reg; + secure_vector reg; Sign signedness; }; diff --git a/src/math/ec_gfp/point_gfp.cpp b/src/math/ec_gfp/point_gfp.cpp index 7ac6b4141..ec6fed4a1 100644 --- a/src/math/ec_gfp/point_gfp.cpp +++ b/src/math/ec_gfp/point_gfp.cpp @@ -45,7 +45,7 @@ void PointGFp::monty_mult(BigInt& z, const BigInt& x, const BigInt& y) const const size_t p_size = curve.get_p_words(); const word p_dash = curve.get_p_dash(); - SecureVector& z_reg = z.get_reg(); + secure_vector& z_reg = z.get_reg(); z_reg.resize(2*p_size+1); zeroise(z_reg); @@ -71,7 +71,7 @@ void PointGFp::monty_sqr(BigInt& z, const BigInt& x) const const size_t p_size = curve.get_p_words(); const word p_dash = curve.get_p_dash(); - SecureVector& z_reg = z.get_reg(); + secure_vector& z_reg = z.get_reg(); z_reg.resize(2*p_size+1); zeroise(z_reg); @@ -479,22 +479,22 @@ bool PointGFp::operator==(const PointGFp& other) const } // encoding and decoding -SecureVector EC2OSP(const PointGFp& point, byte format) +secure_vector EC2OSP(const PointGFp& point, byte format) { if(point.is_zero()) - return SecureVector(1); // single 0 byte + return secure_vector(1); // single 0 byte const size_t p_bytes = point.get_curve().get_p().bytes(); BigInt x = point.get_affine_x(); BigInt y = point.get_affine_y(); - SecureVector bX = BigInt::encode_1363(x, p_bytes); - SecureVector bY = BigInt::encode_1363(y, p_bytes); + secure_vector bX = BigInt::encode_1363(x, p_bytes); + secure_vector bY = BigInt::encode_1363(y, p_bytes); if(format == PointGFp::UNCOMPRESSED) { - SecureVector result; + secure_vector result; result.push_back(0x04); result += bX; @@ -504,7 +504,7 @@ SecureVector EC2OSP(const PointGFp& point, byte format) } else if(format == PointGFp::COMPRESSED) { - SecureVector result; + secure_vector result; result.push_back(0x02 | static_cast(y.get_bit(0))); result += bX; @@ -513,7 +513,7 @@ SecureVector EC2OSP(const PointGFp& point, byte format) } else if(format == PointGFp::HYBRID) { - SecureVector result; + secure_vector result; result.push_back(0x06 | static_cast(y.get_bit(0))); result += bX; diff --git a/src/math/ec_gfp/point_gfp.h b/src/math/ec_gfp/point_gfp.h index 546a8dd6f..017f66e1c 100644 --- a/src/math/ec_gfp/point_gfp.h +++ b/src/math/ec_gfp/point_gfp.h @@ -245,7 +245,7 @@ class BOTAN_DLL PointGFp CurveGFp curve; BigInt coord_x, coord_y, coord_z; - mutable SecureVector ws; // workspace for Montgomery + mutable secure_vector ws; // workspace for Montgomery }; // relational operators @@ -278,12 +278,13 @@ inline PointGFp operator*(const PointGFp& point, const BigInt& scalar) } // encoding and decoding -SecureVector BOTAN_DLL EC2OSP(const PointGFp& point, byte format); +secure_vector BOTAN_DLL EC2OSP(const PointGFp& point, byte format); PointGFp BOTAN_DLL OS2ECP(const byte data[], size_t data_len, const CurveGFp& curve); -inline PointGFp OS2ECP(const MemoryRegion& data, const CurveGFp& curve) +template +PointGFp OS2ECP(const std::vector& data, const CurveGFp& curve) { return OS2ECP(&data[0], data.size(), curve); } } diff --git a/src/math/numbertheory/dsa_gen.cpp b/src/math/numbertheory/dsa_gen.cpp index 612370804..d30a08f1a 100644 --- a/src/math/numbertheory/dsa_gen.cpp +++ b/src/math/numbertheory/dsa_gen.cpp @@ -42,7 +42,7 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, Algorithm_Factory& af, BigInt& p, BigInt& q, size_t pbits, size_t qbits, - const MemoryRegion& seed_c) + const std::vector& seed_c) { if(!fips186_3_valid_size(pbits, qbits)) throw Invalid_Argument( @@ -62,9 +62,9 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, class Seed { public: - Seed(const MemoryRegion& s) : seed(s) {} + Seed(const std::vector& s) : seed(s) {} - operator MemoryRegion& () { return seed; } + operator std::vector& () { return seed; } Seed& operator++() { @@ -74,7 +74,7 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, return (*this); } private: - SecureVector seed; + std::vector seed; }; Seed seed(seed_c); @@ -90,7 +90,7 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, b = (pbits-1) % (HASH_SIZE * 8); BigInt X; - SecureVector V(HASH_SIZE * (n+1)); + std::vector V(HASH_SIZE * (n+1)); for(size_t j = 0; j != 4096; ++j) { @@ -116,14 +116,15 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, /* * Generate DSA Primes */ -SecureVector generate_dsa_primes(RandomNumberGenerator& rng, - Algorithm_Factory& af, - BigInt& p, BigInt& q, - size_t pbits, size_t qbits) +std::vector generate_dsa_primes(RandomNumberGenerator& rng, + Algorithm_Factory& af, + BigInt& p, BigInt& q, + size_t pbits, size_t qbits) { while(true) { - SecureVector seed = rng.random_vec(qbits / 8); + std::vector seed(qbits / 8); + rng.randomize(&seed[0], seed.size()); if(generate_dsa_primes(rng, af, p, q, pbits, qbits, seed)) return seed; diff --git a/src/math/numbertheory/make_prm.cpp b/src/math/numbertheory/make_prm.cpp index 1e8d11000..dc94420ab 100644 --- a/src/math/numbertheory/make_prm.cpp +++ b/src/math/numbertheory/make_prm.cpp @@ -48,7 +48,7 @@ BigInt random_prime(RandomNumberGenerator& rng, p += (modulo - p % modulo) + equiv; const size_t sieve_size = std::min(bits / 2, PRIME_TABLE_SIZE); - SecureVector sieve(sieve_size); + secure_vector sieve(sieve_size); for(size_t j = 0; j != sieve.size(); ++j) sieve[j] = p % PRIMES[j]; diff --git a/src/math/numbertheory/mp_numth.cpp b/src/math/numbertheory/mp_numth.cpp index 23623b5f0..b10fe2639 100644 --- a/src/math/numbertheory/mp_numth.cpp +++ b/src/math/numbertheory/mp_numth.cpp @@ -20,9 +20,9 @@ BigInt square(const BigInt& x) const size_t x_sw = x.sig_words(); BigInt z(BigInt::Positive, round_up(2*x_sw, 16)); - SecureVector workspace(z.size()); + secure_vector workspace(z.size()); - bigint_sqr(z.get_reg(), z.size(), workspace, + bigint_sqr(z.data(), z.size(), &workspace[0], x.data(), x.size(), x_sw); return z; } @@ -44,13 +44,13 @@ BigInt mul_add(const BigInt& a, const BigInt& b, const BigInt& c) const size_t c_sw = c.sig_words(); BigInt r(sign, std::max(a.size() + b.size(), c_sw) + 1); - SecureVector workspace(r.size()); + secure_vector workspace(r.size()); - bigint_mul(r.get_reg(), r.size(), workspace, + bigint_mul(r.data(), r.size(), &workspace[0], a.data(), a.size(), a_sw, b.data(), b.size(), b_sw); const size_t r_size = std::max(r.sig_words(), c_sw); - bigint_add2(r.get_reg(), r_size, c.data(), c_sw); + bigint_add2(r.data(), r_size, c.data(), c_sw); return r; } diff --git a/src/math/numbertheory/numthry.h b/src/math/numbertheory/numthry.h index 750fbc78e..d21635f34 100644 --- a/src/math/numbertheory/numthry.h +++ b/src/math/numbertheory/numthry.h @@ -189,7 +189,7 @@ class Algorithm_Factory; * @param qbits how long q will be in bits * @return random seed used to generate this parameter set */ -SecureVector BOTAN_DLL +std::vector BOTAN_DLL generate_dsa_primes(RandomNumberGenerator& rng, Algorithm_Factory& af, BigInt& p_out, BigInt& q_out, @@ -212,7 +212,7 @@ generate_dsa_primes(RandomNumberGenerator& rng, Algorithm_Factory& af, BigInt& p_out, BigInt& q_out, size_t pbits, size_t qbits, - const MemoryRegion& seed); + const std::vector& seed); /** * The size of the PRIMES[] array diff --git a/src/math/numbertheory/powm_mnt.cpp b/src/math/numbertheory/powm_mnt.cpp index 8993f4ba9..0db5455a7 100644 --- a/src/math/numbertheory/powm_mnt.cpp +++ b/src/math/numbertheory/powm_mnt.cpp @@ -29,8 +29,8 @@ void Montgomery_Exponentiator::set_base(const BigInt& base) g.resize((1 << window_bits) - 1); - SecureVector z(2 * (mod_words + 1)); - SecureVector workspace(z.size()); + secure_vector z(2 * (mod_words + 1)); + secure_vector workspace(z.size()); g[0] = (base >= modulus) ? (base % modulus) : base; @@ -69,8 +69,8 @@ BigInt Montgomery_Exponentiator::execute() const const size_t exp_nibbles = (exp_bits + window_bits - 1) / window_bits; BigInt x = R_mod; - SecureVector z(2 * (mod_words + 1)); - SecureVector workspace(2 * (mod_words + 1)); + secure_vector z(2 * (mod_words + 1)); + secure_vector workspace(2 * (mod_words + 1)); for(size_t i = exp_nibbles; i > 0; --i) { diff --git a/src/passhash/bcrypt/bcrypt.cpp b/src/passhash/bcrypt/bcrypt.cpp index b0d654717..eeb99399f 100644 --- a/src/passhash/bcrypt/bcrypt.cpp +++ b/src/passhash/bcrypt/bcrypt.cpp @@ -54,7 +54,7 @@ std::string bcrypt_base64_encode(const byte input[], size_t length) return b64; } -MemoryVector bcrypt_base64_decode(std::string input) +std::vector bcrypt_base64_decode(std::string input) { const byte OPENBSD_BASE64_SUB[256] = { 0x00, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, @@ -84,11 +84,11 @@ MemoryVector bcrypt_base64_decode(std::string input) for(size_t i = 0; i != input.size(); ++i) input[i] = OPENBSD_BASE64_SUB[static_cast(input[i])]; - return base64_decode(input); + return unlock(base64_decode(input)); } std::string make_bcrypt(const std::string& pass, - const MemoryRegion& salt, + const std::vector& salt, u16bit work_factor) { const byte magic[24] = { @@ -97,14 +97,14 @@ std::string make_bcrypt(const std::string& pass, 0x63, 0x72, 0x79, 0x44, 0x6F, 0x75, 0x62, 0x74 }; - MemoryVector ctext(magic, 24); + std::vector ctext(magic, magic + sizeof(magic)); Blowfish blowfish; // Include the trailing NULL byte blowfish.eks_key_schedule(reinterpret_cast(pass.c_str()), pass.length() + 1, - salt, + &salt[0], work_factor); for(size_t i = 0; i != 64; ++i) @@ -127,7 +127,7 @@ std::string generate_bcrypt(const std::string& pass, RandomNumberGenerator& rng, u16bit work_factor) { - return make_bcrypt(pass, rng.random_vec(16), work_factor); + return make_bcrypt(pass, unlock(rng.random_vec(16)), work_factor); } bool check_bcrypt(const std::string& pass, const std::string& hash) @@ -141,7 +141,7 @@ bool check_bcrypt(const std::string& pass, const std::string& hash) const u16bit workfactor = to_u32bit(hash.substr(4, 2)); - MemoryVector salt = bcrypt_base64_decode(hash.substr(7, 22)); + std::vector salt = bcrypt_base64_decode(hash.substr(7, 22)); const std::string compare = make_bcrypt(pass, salt, workfactor); diff --git a/src/passhash/passhash9/passhash9.cpp b/src/passhash/passhash9/passhash9.cpp index 43bfdd36e..cbfe668f1 100644 --- a/src/passhash/passhash9/passhash9.cpp +++ b/src/passhash/passhash9/passhash9.cpp @@ -59,12 +59,12 @@ std::string generate_passhash9(const std::string& pass, PKCS5_PBKDF2 kdf(prf); // takes ownership of pointer - SecureVector salt(SALT_BYTES); + secure_vector salt(SALT_BYTES); rng.randomize(&salt[0], salt.size()); const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor; - SecureVector pbkdf2_output = + secure_vector pbkdf2_output = kdf.derive_key(PASSHASH9_PBKDF_OUTPUT_LEN, pass, &salt[0], salt.size(), @@ -105,7 +105,7 @@ bool check_passhash9(const std::string& pass, const std::string& hash) pipe.write(hash.c_str() + MAGIC_PREFIX.size()); pipe.end_msg(); - SecureVector bin = pipe.read_all(); + secure_vector bin = pipe.read_all(); if(bin.size() != BINARY_LENGTH) return false; @@ -125,7 +125,7 @@ bool check_passhash9(const std::string& pass, const std::string& hash) PKCS5_PBKDF2 kdf(pbkdf_prf); // takes ownership of pointer - SecureVector cmp = kdf.derive_key( + secure_vector cmp = kdf.derive_key( PASSHASH9_PBKDF_OUTPUT_LEN, pass, &bin[ALGID_BYTES + WORKFACTOR_BYTES], SALT_BYTES, diff --git a/src/pbe/pbe.h b/src/pbe/pbe.h index 9add98872..975f3e6c7 100644 --- a/src/pbe/pbe.h +++ b/src/pbe/pbe.h @@ -37,7 +37,7 @@ class BOTAN_DLL PBE : public Filter * DER encode the params (the number of iterations and the salt value) * @return encoded params */ - virtual MemoryVector encode_params() const = 0; + virtual std::vector encode_params() const = 0; /** * Decode params and use them inside this Filter. diff --git a/src/pbe/pbes1/pbes1.cpp b/src/pbe/pbes1/pbes1.cpp index ec5ebb253..0e5e8284c 100644 --- a/src/pbe/pbes1/pbes1.cpp +++ b/src/pbe/pbes1/pbes1.cpp @@ -65,7 +65,7 @@ void PBE_PKCS5v15::flush_pipe(bool safe_to_skip) if(safe_to_skip && pipe.remaining() < 64) return; - SecureVector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(DEFAULT_BUFFERSIZE); while(pipe.remaining()) { size_t got = pipe.read(&buffer[0], buffer.size()); @@ -80,7 +80,7 @@ void PBE_PKCS5v15::set_key(const std::string& passphrase) { PKCS5_PBKDF1 pbkdf(hash_function->clone()); - SecureVector key_and_iv = pbkdf.derive_key(16, passphrase, + secure_vector key_and_iv = pbkdf.derive_key(16, passphrase, &salt[0], salt.size(), iterations).bits_of(); @@ -102,14 +102,14 @@ void PBE_PKCS5v15::new_params(RandomNumberGenerator& rng) /* * Encode PKCS#5 PBES1 parameters */ -MemoryVector PBE_PKCS5v15::encode_params() const +std::vector PBE_PKCS5v15::encode_params() const { return DER_Encoder() .start_cons(SEQUENCE) .encode(salt, OCTET_STRING) .encode(iterations) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* diff --git a/src/pbe/pbes1/pbes1.h b/src/pbe/pbes1/pbes1.h index e10cbbb53..bbdbd5b9d 100644 --- a/src/pbe/pbes1/pbes1.h +++ b/src/pbe/pbes1/pbes1.h @@ -40,7 +40,7 @@ class BOTAN_DLL PBE_PKCS5v15 : public PBE private: void set_key(const std::string&); void new_params(RandomNumberGenerator& rng); - MemoryVector encode_params() const; + std::vector encode_params() const; void decode_params(DataSource&); OID get_oid() const; @@ -50,7 +50,7 @@ class BOTAN_DLL PBE_PKCS5v15 : public PBE BlockCipher* block_cipher; HashFunction* hash_function; - SecureVector salt, key, iv; + secure_vector salt, key, iv; size_t iterations; Pipe pipe; }; diff --git a/src/pbe/pbes2/pbes2.cpp b/src/pbe/pbes2/pbes2.cpp index 85afe6ffe..384fc3d90 100644 --- a/src/pbe/pbes2/pbes2.cpp +++ b/src/pbe/pbes2/pbes2.cpp @@ -72,7 +72,7 @@ void PBE_PKCS5v20::flush_pipe(bool safe_to_skip) if(safe_to_skip && pipe.remaining() < 64) return; - SecureVector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(DEFAULT_BUFFERSIZE); while(pipe.remaining()) { size_t got = pipe.read(&buffer[0], buffer.size()); @@ -107,7 +107,7 @@ void PBE_PKCS5v20::new_params(RandomNumberGenerator& rng) /* * Encode PKCS#5 PBES2 parameters */ -MemoryVector PBE_PKCS5v20::encode_params() const +std::vector PBE_PKCS5v20::encode_params() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -119,18 +119,18 @@ MemoryVector PBE_PKCS5v20::encode_params() const .encode(iterations) .encode(key_length) .end_cons() - .get_contents() + .get_contents_unlocked() ) ) .encode( AlgorithmIdentifier(block_cipher->name() + "/CBC", DER_Encoder() .encode(iv, OCTET_STRING) - .get_contents() + .get_contents_unlocked() ) ) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* diff --git a/src/pbe/pbes2/pbes2.h b/src/pbe/pbes2/pbes2.h index 7b82980e5..5593c9091 100644 --- a/src/pbe/pbes2/pbes2.h +++ b/src/pbe/pbes2/pbes2.h @@ -49,7 +49,7 @@ class BOTAN_DLL PBE_PKCS5v20 : public PBE private: void set_key(const std::string&); void new_params(RandomNumberGenerator& rng); - MemoryVector encode_params() const; + std::vector encode_params() const; void decode_params(DataSource&); OID get_oid() const; @@ -58,7 +58,7 @@ class BOTAN_DLL PBE_PKCS5v20 : public PBE Cipher_Dir direction; BlockCipher* block_cipher; HashFunction* hash_function; - SecureVector salt, key, iv; + secure_vector salt, key, iv; size_t iterations, key_length; Pipe pipe; }; diff --git a/src/pbkdf/pbkdf1/pbkdf1.cpp b/src/pbkdf/pbkdf1/pbkdf1.cpp index 16de435e9..7f0939b8f 100644 --- a/src/pbkdf/pbkdf1/pbkdf1.cpp +++ b/src/pbkdf/pbkdf1/pbkdf1.cpp @@ -26,7 +26,7 @@ OctetString PKCS5_PBKDF1::derive_key(size_t key_len, hash->update(passphrase); hash->update(salt, salt_size); - SecureVector key = hash->final(); + secure_vector key = hash->final(); for(size_t j = 1; j != iterations; ++j) { diff --git a/src/pbkdf/pbkdf2/pbkdf2.cpp b/src/pbkdf/pbkdf2/pbkdf2.cpp index 39d53d417..699ce7c6b 100644 --- a/src/pbkdf/pbkdf2/pbkdf2.cpp +++ b/src/pbkdf/pbkdf2/pbkdf2.cpp @@ -33,11 +33,11 @@ OctetString PKCS5_PBKDF2::derive_key(size_t key_len, std::to_string(passphrase.length())); } - SecureVector key(key_len); + secure_vector key(key_len); byte* T = &key[0]; - SecureVector U(mac->output_length()); + secure_vector U(mac->output_length()); u32bit counter = 1; while(key_len) @@ -48,13 +48,13 @@ OctetString PKCS5_PBKDF2::derive_key(size_t key_len, mac->update_be(counter); mac->final(&U[0]); - xor_buf(T, U, T_size); + xor_buf(T, &U[0], T_size); for(size_t j = 1; j != iterations; ++j) { mac->update(U); mac->final(&U[0]); - xor_buf(T, U, T_size); + xor_buf(T, &U[0], T_size); } key_len -= T_size; diff --git a/src/pbkdf/pgps2k/pgp_s2k.cpp b/src/pbkdf/pgps2k/pgp_s2k.cpp index 4ee4c6bd9..6f6de58e2 100644 --- a/src/pbkdf/pgps2k/pgp_s2k.cpp +++ b/src/pbkdf/pgps2k/pgp_s2k.cpp @@ -17,7 +17,7 @@ OctetString OpenPGP_S2K::derive_key(size_t key_len, const byte salt_buf[], size_t salt_size, size_t iterations) const { - SecureVector key(key_len), hash_buf; + secure_vector key(key_len), hash_buf; size_t pass = 0, generated = 0, total_size = passphrase.size() + salt_size; diff --git a/src/pk_pad/eme.cpp b/src/pk_pad/eme.cpp index cfdaa240d..f90239d8c 100644 --- a/src/pk_pad/eme.cpp +++ b/src/pk_pad/eme.cpp @@ -12,7 +12,7 @@ namespace Botan { /* * Encode a message */ -SecureVector EME::encode(const byte msg[], size_t msg_len, +secure_vector EME::encode(const byte msg[], size_t msg_len, size_t key_bits, RandomNumberGenerator& rng) const { @@ -22,7 +22,7 @@ SecureVector EME::encode(const byte msg[], size_t msg_len, /* * Encode a message */ -SecureVector EME::encode(const MemoryRegion& msg, +secure_vector EME::encode(const secure_vector& msg, size_t key_bits, RandomNumberGenerator& rng) const { @@ -32,7 +32,7 @@ SecureVector EME::encode(const MemoryRegion& msg, /* * Decode a message */ -SecureVector EME::decode(const byte msg[], size_t msg_len, +secure_vector EME::decode(const byte msg[], size_t msg_len, size_t key_bits) const { return unpad(msg, msg_len, key_bits); @@ -41,7 +41,7 @@ SecureVector EME::decode(const byte msg[], size_t msg_len, /* * Decode a message */ -SecureVector EME::decode(const MemoryRegion& msg, +secure_vector EME::decode(const secure_vector& msg, size_t key_bits) const { return unpad(&msg[0], msg.size(), key_bits); diff --git a/src/pk_pad/eme.h b/src/pk_pad/eme.h index 4e89ef9d3..6f8acaa23 100644 --- a/src/pk_pad/eme.h +++ b/src/pk_pad/eme.h @@ -34,7 +34,7 @@ class BOTAN_DLL EME * @param rng a random number generator * @return encoded plaintext */ - SecureVector encode(const byte in[], + secure_vector encode(const byte in[], size_t in_length, size_t key_length, RandomNumberGenerator& rng) const; @@ -46,7 +46,7 @@ class BOTAN_DLL EME * @param rng a random number generator * @return encoded plaintext */ - SecureVector encode(const MemoryRegion& in, + secure_vector encode(const secure_vector& in, size_t key_length, RandomNumberGenerator& rng) const; @@ -57,7 +57,7 @@ class BOTAN_DLL EME * @param key_length length of the key in bits * @return plaintext */ - SecureVector decode(const byte in[], + secure_vector decode(const byte in[], size_t in_length, size_t key_length) const; @@ -67,7 +67,7 @@ class BOTAN_DLL EME * @param key_length length of the key in bits * @return plaintext */ - SecureVector decode(const MemoryRegion& in, + secure_vector decode(const secure_vector& in, size_t key_length) const; virtual ~EME() {} @@ -80,7 +80,7 @@ class BOTAN_DLL EME * @param rng a random number generator * @return encoded plaintext */ - virtual SecureVector pad(const byte in[], + virtual secure_vector pad(const byte in[], size_t in_length, size_t key_length, RandomNumberGenerator& rng) const = 0; @@ -92,7 +92,7 @@ class BOTAN_DLL EME * @param key_length length of the key in bits * @return plaintext */ - virtual SecureVector unpad(const byte in[], + virtual secure_vector unpad(const byte in[], size_t in_length, size_t key_length) const = 0; }; diff --git a/src/pk_pad/eme1/eme1.cpp b/src/pk_pad/eme1/eme1.cpp index 69251605f..57275d4f9 100644 --- a/src/pk_pad/eme1/eme1.cpp +++ b/src/pk_pad/eme1/eme1.cpp @@ -15,7 +15,7 @@ namespace Botan { /* * EME1 Pad Operation */ -SecureVector EME1::pad(const byte in[], size_t in_length, +secure_vector EME1::pad(const byte in[], size_t in_length, size_t key_length, RandomNumberGenerator& rng) const { @@ -24,7 +24,7 @@ SecureVector EME1::pad(const byte in[], size_t in_length, if(in_length > key_length - 2*Phash.size() - 1) throw Invalid_Argument("EME1: Input is too large"); - SecureVector out(key_length); + secure_vector out(key_length); rng.randomize(&out[0], Phash.size()); @@ -44,7 +44,7 @@ SecureVector EME1::pad(const byte in[], size_t in_length, /* * EME1 Unpad Operation */ -SecureVector EME1::unpad(const byte in[], size_t in_length, +secure_vector EME1::unpad(const byte in[], size_t in_length, size_t key_length) const { /* @@ -65,7 +65,7 @@ SecureVector EME1::unpad(const byte in[], size_t in_length, if(in_length > key_length) in_length = 0; - SecureVector input(key_length); + secure_vector input(key_length); buffer_insert(input, key_length - in_length, in, in_length); mgf->mask(&input[Phash.size()], input.size() - Phash.size(), @@ -104,8 +104,7 @@ SecureVector EME1::unpad(const byte in[], size_t in_length, if(bad_input) throw Decoding_Error("Invalid EME1 encoding"); - return SecureVector(input + delim_idx + 1, - input.size() - delim_idx - 1); + return secure_vector(&input[delim_idx + 1], &input[input.size()]); } /* diff --git a/src/pk_pad/eme1/eme1.h b/src/pk_pad/eme1/eme1.h index 0d0223de0..eb6fc6bf5 100644 --- a/src/pk_pad/eme1/eme1.h +++ b/src/pk_pad/eme1/eme1.h @@ -30,11 +30,11 @@ class BOTAN_DLL EME1 : public EME ~EME1() { delete mgf; } private: - SecureVector pad(const byte[], size_t, size_t, + secure_vector pad(const byte[], size_t, size_t, RandomNumberGenerator&) const; - SecureVector unpad(const byte[], size_t, size_t) const; + secure_vector unpad(const byte[], size_t, size_t) const; - SecureVector Phash; + secure_vector Phash; MGF* mgf; }; diff --git a/src/pk_pad/eme_pkcs/eme_pkcs.cpp b/src/pk_pad/eme_pkcs/eme_pkcs.cpp index a217d6d03..0e7d1fc30 100644 --- a/src/pk_pad/eme_pkcs/eme_pkcs.cpp +++ b/src/pk_pad/eme_pkcs/eme_pkcs.cpp @@ -12,7 +12,7 @@ namespace Botan { /* * PKCS1 Pad Operation */ -SecureVector EME_PKCS1v15::pad(const byte in[], size_t inlen, +secure_vector EME_PKCS1v15::pad(const byte in[], size_t inlen, size_t olen, RandomNumberGenerator& rng) const { @@ -23,7 +23,7 @@ SecureVector EME_PKCS1v15::pad(const byte in[], size_t inlen, if(inlen > olen - 10) throw Encoding_Error("PKCS1: Input is too large"); - SecureVector out(olen); + secure_vector out(olen); out[0] = 0x02; for(size_t j = 1; j != olen - inlen - 1; ++j) @@ -37,7 +37,7 @@ SecureVector EME_PKCS1v15::pad(const byte in[], size_t inlen, /* * PKCS1 Unpad Operation */ -SecureVector EME_PKCS1v15::unpad(const byte in[], size_t inlen, +secure_vector EME_PKCS1v15::unpad(const byte in[], size_t inlen, size_t key_len) const { if(inlen != key_len / 8 || inlen < 10 || in[0] != 0x02) @@ -53,7 +53,7 @@ SecureVector EME_PKCS1v15::unpad(const byte in[], size_t inlen, if(seperator < 9) throw Decoding_Error("PKCS1::unpad"); - return SecureVector(in + seperator + 1, inlen - seperator - 1); + return secure_vector(&in[seperator + 1], &in[inlen]); } /* diff --git a/src/pk_pad/eme_pkcs/eme_pkcs.h b/src/pk_pad/eme_pkcs/eme_pkcs.h index 4c4614bda..2808e18d6 100644 --- a/src/pk_pad/eme_pkcs/eme_pkcs.h +++ b/src/pk_pad/eme_pkcs/eme_pkcs.h @@ -20,9 +20,9 @@ class BOTAN_DLL EME_PKCS1v15 : public EME public: size_t maximum_input_size(size_t) const; private: - SecureVector pad(const byte[], size_t, size_t, + secure_vector pad(const byte[], size_t, size_t, RandomNumberGenerator&) const; - SecureVector unpad(const byte[], size_t, size_t) const; + secure_vector unpad(const byte[], size_t, size_t) const; }; } diff --git a/src/pk_pad/emsa.h b/src/pk_pad/emsa.h index e943fc5eb..821ca782f 100644 --- a/src/pk_pad/emsa.h +++ b/src/pk_pad/emsa.h @@ -29,7 +29,7 @@ class BOTAN_DLL EMSA /** * @return raw hash */ - virtual SecureVector raw_data() = 0; + virtual secure_vector raw_data() = 0; /** * Return the encoding of a message @@ -38,7 +38,7 @@ class BOTAN_DLL EMSA * @param rng a random number generator * @return encoded signature */ - virtual SecureVector encoding_of(const MemoryRegion& msg, + virtual secure_vector encoding_of(const secure_vector& msg, size_t output_bits, RandomNumberGenerator& rng) = 0; @@ -49,8 +49,8 @@ class BOTAN_DLL EMSA * @param key_bits the size of the key in bits * @return true if coded is a valid encoding of raw, otherwise false */ - virtual bool verify(const MemoryRegion& coded, - const MemoryRegion& raw, + virtual bool verify(const secure_vector& coded, + const secure_vector& raw, size_t key_bits) = 0; virtual ~EMSA() {} }; diff --git a/src/pk_pad/emsa1/emsa1.cpp b/src/pk_pad/emsa1/emsa1.cpp index ba861898a..7f9a1885f 100644 --- a/src/pk_pad/emsa1/emsa1.cpp +++ b/src/pk_pad/emsa1/emsa1.cpp @@ -11,7 +11,7 @@ namespace Botan { namespace { -SecureVector emsa1_encoding(const MemoryRegion& msg, +secure_vector emsa1_encoding(const secure_vector& msg, size_t output_bits) { if(8*msg.size() <= output_bits) @@ -20,7 +20,7 @@ SecureVector emsa1_encoding(const MemoryRegion& msg, size_t shift = 8*msg.size() - output_bits; size_t byte_shift = shift / 8, bit_shift = shift % 8; - SecureVector digest(msg.size() - byte_shift); + secure_vector digest(msg.size() - byte_shift); for(size_t j = 0; j != msg.size() - byte_shift; ++j) digest[j] = msg[j]; @@ -51,7 +51,7 @@ void EMSA1::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector EMSA1::raw_data() +secure_vector EMSA1::raw_data() { return hash->final(); } @@ -59,7 +59,7 @@ SecureVector EMSA1::raw_data() /* * EMSA1 Encode Operation */ -SecureVector EMSA1::encoding_of(const MemoryRegion& msg, +secure_vector EMSA1::encoding_of(const secure_vector& msg, size_t output_bits, RandomNumberGenerator&) { @@ -71,14 +71,14 @@ SecureVector EMSA1::encoding_of(const MemoryRegion& msg, /* * EMSA1 Decode/Verify Operation */ -bool EMSA1::verify(const MemoryRegion& coded, - const MemoryRegion& raw, size_t key_bits) +bool EMSA1::verify(const secure_vector& coded, + const secure_vector& raw, size_t key_bits) { try { if(raw.size() != hash->output_length()) throw Encoding_Error("EMSA1::encoding_of: Invalid size for input"); - SecureVector our_coding = emsa1_encoding(raw, key_bits); + secure_vector our_coding = emsa1_encoding(raw, key_bits); if(our_coding == coded) return true; if(our_coding[0] != 0) return false; diff --git a/src/pk_pad/emsa1/emsa1.h b/src/pk_pad/emsa1/emsa1.h index 120cb0cd3..f84ca5ae7 100644 --- a/src/pk_pad/emsa1/emsa1.h +++ b/src/pk_pad/emsa1/emsa1.h @@ -32,12 +32,12 @@ class BOTAN_DLL EMSA1 : public EMSA const HashFunction* hash_ptr() const { return hash; } private: void update(const byte[], size_t); - SecureVector raw_data(); + secure_vector raw_data(); - SecureVector encoding_of(const MemoryRegion&, size_t, + secure_vector encoding_of(const secure_vector&, size_t, RandomNumberGenerator& rng); - bool verify(const MemoryRegion&, const MemoryRegion&, + bool verify(const secure_vector&, const secure_vector&, size_t); HashFunction* hash; diff --git a/src/pk_pad/emsa1_bsi/emsa1_bsi.cpp b/src/pk_pad/emsa1_bsi/emsa1_bsi.cpp index bbcc5aae7..9096edfbf 100644 --- a/src/pk_pad/emsa1_bsi/emsa1_bsi.cpp +++ b/src/pk_pad/emsa1_bsi/emsa1_bsi.cpp @@ -13,7 +13,7 @@ namespace Botan { /* * EMSA1 BSI Encode Operation */ -SecureVector EMSA1_BSI::encoding_of(const MemoryRegion& msg, +secure_vector EMSA1_BSI::encoding_of(const secure_vector& msg, size_t output_bits, RandomNumberGenerator&) { diff --git a/src/pk_pad/emsa1_bsi/emsa1_bsi.h b/src/pk_pad/emsa1_bsi/emsa1_bsi.h index 51ed6bc00..1b90f48df 100644 --- a/src/pk_pad/emsa1_bsi/emsa1_bsi.h +++ b/src/pk_pad/emsa1_bsi/emsa1_bsi.h @@ -26,7 +26,7 @@ class BOTAN_DLL EMSA1_BSI : public EMSA1 */ EMSA1_BSI(HashFunction* hash) : EMSA1(hash) {} private: - SecureVector encoding_of(const MemoryRegion&, size_t, + secure_vector encoding_of(const secure_vector&, size_t, RandomNumberGenerator& rng); }; diff --git a/src/pk_pad/emsa2/emsa2.cpp b/src/pk_pad/emsa2/emsa2.cpp index 50ea7dbe3..d299ddacd 100644 --- a/src/pk_pad/emsa2/emsa2.cpp +++ b/src/pk_pad/emsa2/emsa2.cpp @@ -15,9 +15,9 @@ namespace { /* * EMSA2 Encode Operation */ -SecureVector emsa2_encoding(const MemoryRegion& msg, +secure_vector emsa2_encoding(const secure_vector& msg, size_t output_bits, - const MemoryRegion& empty_hash, + const secure_vector& empty_hash, byte hash_id) { const size_t HASH_SIZE = empty_hash.size(); @@ -34,7 +34,7 @@ SecureVector emsa2_encoding(const MemoryRegion& msg, if(empty_hash[j] != msg[j]) empty = false; - SecureVector output(output_length); + secure_vector output(output_length); output[0] = (empty ? 0x4B : 0x6B); output[output_length - 3 - HASH_SIZE] = 0xBA; @@ -59,7 +59,7 @@ void EMSA2::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector EMSA2::raw_data() +secure_vector EMSA2::raw_data() { return hash->final(); } @@ -67,7 +67,7 @@ SecureVector EMSA2::raw_data() /* * EMSA2 Encode Operation */ -SecureVector EMSA2::encoding_of(const MemoryRegion& msg, +secure_vector EMSA2::encoding_of(const secure_vector& msg, size_t output_bits, RandomNumberGenerator&) { @@ -77,8 +77,8 @@ SecureVector EMSA2::encoding_of(const MemoryRegion& msg, /* * EMSA2 Verify Operation */ -bool EMSA2::verify(const MemoryRegion& coded, - const MemoryRegion& raw, +bool EMSA2::verify(const secure_vector& coded, + const secure_vector& raw, size_t key_bits) { try diff --git a/src/pk_pad/emsa2/emsa2.h b/src/pk_pad/emsa2/emsa2.h index 9e0fa6a95..fb0cecb21 100644 --- a/src/pk_pad/emsa2/emsa2.h +++ b/src/pk_pad/emsa2/emsa2.h @@ -27,15 +27,15 @@ class BOTAN_DLL EMSA2 : public EMSA ~EMSA2() { delete hash; } private: void update(const byte[], size_t); - SecureVector raw_data(); + secure_vector raw_data(); - SecureVector encoding_of(const MemoryRegion&, size_t, + secure_vector encoding_of(const secure_vector&, size_t, RandomNumberGenerator& rng); - bool verify(const MemoryRegion&, const MemoryRegion&, + bool verify(const secure_vector&, const secure_vector&, size_t); - SecureVector empty_hash; + secure_vector empty_hash; HashFunction* hash; byte hash_id; }; diff --git a/src/pk_pad/emsa3/emsa3.cpp b/src/pk_pad/emsa3/emsa3.cpp index 6532bafd4..493140a63 100644 --- a/src/pk_pad/emsa3/emsa3.cpp +++ b/src/pk_pad/emsa3/emsa3.cpp @@ -15,7 +15,7 @@ namespace { /* * EMSA3 Encode Operation */ -SecureVector emsa3_encoding(const MemoryRegion& msg, +secure_vector emsa3_encoding(const secure_vector& msg, size_t output_bits, const byte hash_id[], size_t hash_id_length) @@ -24,7 +24,7 @@ SecureVector emsa3_encoding(const MemoryRegion& msg, if(output_length < hash_id_length + msg.size() + 10) throw Encoding_Error("emsa3_encoding: Output length is too small"); - SecureVector T(output_length); + secure_vector T(output_length); const size_t P_LENGTH = output_length - msg.size() - hash_id_length - 2; T[0] = 0x01; @@ -48,7 +48,7 @@ void EMSA3::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector EMSA3::raw_data() +secure_vector EMSA3::raw_data() { return hash->final(); } @@ -56,7 +56,7 @@ SecureVector EMSA3::raw_data() /* * EMSA3 Encode Operation */ -SecureVector EMSA3::encoding_of(const MemoryRegion& msg, +secure_vector EMSA3::encoding_of(const secure_vector& msg, size_t output_bits, RandomNumberGenerator&) { @@ -70,8 +70,8 @@ SecureVector EMSA3::encoding_of(const MemoryRegion& msg, /* * Default signature decoding */ -bool EMSA3::verify(const MemoryRegion& coded, - const MemoryRegion& raw, +bool EMSA3::verify(const secure_vector& coded, + const secure_vector& raw, size_t key_bits) { if(raw.size() != hash->output_length()) @@ -115,9 +115,9 @@ void EMSA3_Raw::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector EMSA3_Raw::raw_data() +secure_vector EMSA3_Raw::raw_data() { - SecureVector ret; + secure_vector ret; std::swap(ret, message); return ret; } @@ -125,7 +125,7 @@ SecureVector EMSA3_Raw::raw_data() /* * EMSA3_Raw Encode Operation */ -SecureVector EMSA3_Raw::encoding_of(const MemoryRegion& msg, +secure_vector EMSA3_Raw::encoding_of(const secure_vector& msg, size_t output_bits, RandomNumberGenerator&) { @@ -135,8 +135,8 @@ SecureVector EMSA3_Raw::encoding_of(const MemoryRegion& msg, /* * Default signature decoding */ -bool EMSA3_Raw::verify(const MemoryRegion& coded, - const MemoryRegion& raw, +bool EMSA3_Raw::verify(const secure_vector& coded, + const secure_vector& raw, size_t key_bits) { try diff --git a/src/pk_pad/emsa3/emsa3.h b/src/pk_pad/emsa3/emsa3.h index 5faf9d7e5..9fbda67ee 100644 --- a/src/pk_pad/emsa3/emsa3.h +++ b/src/pk_pad/emsa3/emsa3.h @@ -29,16 +29,16 @@ class BOTAN_DLL EMSA3 : public EMSA void update(const byte[], size_t); - SecureVector raw_data(); + secure_vector raw_data(); - SecureVector encoding_of(const MemoryRegion&, size_t, + secure_vector encoding_of(const secure_vector&, size_t, RandomNumberGenerator& rng); - bool verify(const MemoryRegion&, const MemoryRegion&, + bool verify(const secure_vector&, const secure_vector&, size_t); private: HashFunction* hash; - SecureVector hash_id; + std::vector hash_id; }; /** @@ -51,16 +51,16 @@ class BOTAN_DLL EMSA3_Raw : public EMSA public: void update(const byte[], size_t); - SecureVector raw_data(); + secure_vector raw_data(); - SecureVector encoding_of(const MemoryRegion&, size_t, + secure_vector encoding_of(const secure_vector&, size_t, RandomNumberGenerator& rng); - bool verify(const MemoryRegion&, const MemoryRegion&, + bool verify(const secure_vector&, const secure_vector&, size_t); private: - SecureVector message; + secure_vector message; }; } diff --git a/src/pk_pad/emsa4/emsa4.cpp b/src/pk_pad/emsa4/emsa4.cpp index d05e4a5b5..c8b8cbc6a 100644 --- a/src/pk_pad/emsa4/emsa4.cpp +++ b/src/pk_pad/emsa4/emsa4.cpp @@ -22,7 +22,7 @@ void EMSA4::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector EMSA4::raw_data() +secure_vector EMSA4::raw_data() { return hash->final(); } @@ -30,7 +30,7 @@ SecureVector EMSA4::raw_data() /* * EMSA4 Encode Operation */ -SecureVector EMSA4::encoding_of(const MemoryRegion& msg, +secure_vector EMSA4::encoding_of(const secure_vector& msg, size_t output_bits, RandomNumberGenerator& rng) { @@ -43,19 +43,19 @@ SecureVector EMSA4::encoding_of(const MemoryRegion& msg, const size_t output_length = (output_bits + 7) / 8; - SecureVector salt = rng.random_vec(SALT_SIZE); + secure_vector salt = rng.random_vec(SALT_SIZE); for(size_t j = 0; j != 8; ++j) hash->update(0); hash->update(msg); - hash->update(salt, SALT_SIZE); - SecureVector H = hash->final(); + hash->update(salt); + secure_vector H = hash->final(); - SecureVector EM(output_length); + secure_vector EM(output_length); EM[output_length - HASH_SIZE - SALT_SIZE - 2] = 0x01; buffer_insert(EM, output_length - 1 - HASH_SIZE - SALT_SIZE, salt); - mgf->mask(H, HASH_SIZE, EM, output_length - HASH_SIZE - 1); + mgf->mask(&H[0], HASH_SIZE, &EM[0], output_length - HASH_SIZE - 1); EM[0] &= 0xFF >> (8 * ((output_bits + 7) / 8) - output_bits); buffer_insert(EM, output_length - 1 - HASH_SIZE, H); EM[output_length-1] = 0xBC; @@ -66,8 +66,8 @@ SecureVector EMSA4::encoding_of(const MemoryRegion& msg, /* * EMSA4 Decode/Verify Operation */ -bool EMSA4::verify(const MemoryRegion& const_coded, - const MemoryRegion& raw, size_t key_bits) +bool EMSA4::verify(const secure_vector& const_coded, + const secure_vector& raw, size_t key_bits) { const size_t HASH_SIZE = hash->output_length(); const size_t KEY_BYTES = (key_bits + 7) / 8; @@ -84,10 +84,10 @@ bool EMSA4::verify(const MemoryRegion& const_coded, if(const_coded[const_coded.size()-1] != 0xBC) return false; - SecureVector coded = const_coded; + secure_vector coded = const_coded; if(coded.size() < KEY_BYTES) { - SecureVector temp(KEY_BYTES); + secure_vector temp(KEY_BYTES); buffer_insert(temp, KEY_BYTES - coded.size(), coded); coded = temp; } @@ -96,14 +96,17 @@ bool EMSA4::verify(const MemoryRegion& const_coded, if(TOP_BITS > 8 - high_bit(coded[0])) return false; - SecureVector DB(&coded[0], coded.size() - HASH_SIZE - 1); - SecureVector H(&coded[coded.size() - HASH_SIZE - 1], HASH_SIZE); + byte* DB = &coded[0]; + const size_t DB_size = coded.size() - HASH_SIZE - 1; + + const byte* H = &coded[DB_size]; + const size_t H_size = HASH_SIZE; - mgf->mask(H, H.size(), DB, coded.size() - H.size() - 1); + mgf->mask(&H[0], H_size, &DB[0], DB_size); DB[0] &= 0xFF >> TOP_BITS; size_t salt_offset = 0; - for(size_t j = 0; j != DB.size(); ++j) + for(size_t j = 0; j != DB_size; ++j) { if(DB[j] == 0x01) { salt_offset = j + 1; break; } @@ -113,15 +116,13 @@ bool EMSA4::verify(const MemoryRegion& const_coded, if(salt_offset == 0) return false; - SecureVector salt(&DB[salt_offset], DB.size() - salt_offset); - for(size_t j = 0; j != 8; ++j) hash->update(0); hash->update(raw); - hash->update(salt); - SecureVector H2 = hash->final(); + hash->update(&DB[salt_offset], DB_size - salt_offset); + secure_vector H2 = hash->final(); - return (H == H2); + return same_mem(&H[0], &H2[0], HASH_SIZE); } /* diff --git a/src/pk_pad/emsa4/emsa4.h b/src/pk_pad/emsa4/emsa4.h index bd8b32ca1..44bf5a429 100644 --- a/src/pk_pad/emsa4/emsa4.h +++ b/src/pk_pad/emsa4/emsa4.h @@ -34,11 +34,11 @@ class BOTAN_DLL EMSA4 : public EMSA ~EMSA4() { delete hash; delete mgf; } private: void update(const byte[], size_t); - SecureVector raw_data(); + secure_vector raw_data(); - SecureVector encoding_of(const MemoryRegion&, size_t, + secure_vector encoding_of(const secure_vector&, size_t, RandomNumberGenerator& rng); - bool verify(const MemoryRegion&, const MemoryRegion&, + bool verify(const secure_vector&, const secure_vector&, size_t); size_t SALT_SIZE; diff --git a/src/pk_pad/emsa_raw/emsa_raw.cpp b/src/pk_pad/emsa_raw/emsa_raw.cpp index d0f3918dd..cb0f99e9c 100644 --- a/src/pk_pad/emsa_raw/emsa_raw.cpp +++ b/src/pk_pad/emsa_raw/emsa_raw.cpp @@ -20,9 +20,9 @@ void EMSA_Raw::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector EMSA_Raw::raw_data() +secure_vector EMSA_Raw::raw_data() { - SecureVector output; + secure_vector output; std::swap(message, output); return output; } @@ -30,7 +30,7 @@ SecureVector EMSA_Raw::raw_data() /* * EMSA-Raw Encode Operation */ -SecureVector EMSA_Raw::encoding_of(const MemoryRegion& msg, +secure_vector EMSA_Raw::encoding_of(const secure_vector& msg, size_t, RandomNumberGenerator&) { @@ -40,8 +40,8 @@ SecureVector EMSA_Raw::encoding_of(const MemoryRegion& msg, /* * EMSA-Raw Verify Operation */ -bool EMSA_Raw::verify(const MemoryRegion& coded, - const MemoryRegion& raw, +bool EMSA_Raw::verify(const secure_vector& coded, + const secure_vector& raw, size_t) { if(coded.size() == raw.size()) diff --git a/src/pk_pad/emsa_raw/emsa_raw.h b/src/pk_pad/emsa_raw/emsa_raw.h index 2ccd076f2..8ab763575 100644 --- a/src/pk_pad/emsa_raw/emsa_raw.h +++ b/src/pk_pad/emsa_raw/emsa_raw.h @@ -20,14 +20,14 @@ class BOTAN_DLL EMSA_Raw : public EMSA { private: void update(const byte[], size_t); - SecureVector raw_data(); + secure_vector raw_data(); - SecureVector encoding_of(const MemoryRegion&, size_t, + secure_vector encoding_of(const secure_vector&, size_t, RandomNumberGenerator&); - bool verify(const MemoryRegion&, const MemoryRegion&, + bool verify(const secure_vector&, const secure_vector&, size_t); - SecureVector message; + secure_vector message; }; } diff --git a/src/pk_pad/hash_id/hash_id.cpp b/src/pk_pad/hash_id/hash_id.cpp index 74653cb83..a60e53352 100644 --- a/src/pk_pad/hash_id/hash_id.cpp +++ b/src/pk_pad/hash_id/hash_id.cpp @@ -57,32 +57,51 @@ const byte TIGER_PKCS_ID[] = { /* * HashID as specified by PKCS */ -MemoryVector pkcs_hash_id(const std::string& name) +std::vector pkcs_hash_id(const std::string& name) { // Special case for SSL/TLS RSA signatures if(name == "Parallel(MD5,SHA-160)") - return MemoryVector(); + return std::vector(); if(name == "MD2") - return MemoryVector(MD2_PKCS_ID, sizeof(MD2_PKCS_ID)); + return std::vector(MD2_PKCS_ID, + MD2_PKCS_ID + sizeof(MD2_PKCS_ID)); + if(name == "MD5") - return MemoryVector(MD5_PKCS_ID, sizeof(MD5_PKCS_ID)); + return std::vector(MD5_PKCS_ID, + MD5_PKCS_ID + sizeof(MD5_PKCS_ID)); + if(name == "RIPEMD-128") - return MemoryVector(RIPEMD_128_PKCS_ID, sizeof(RIPEMD_128_PKCS_ID)); + return std::vector(RIPEMD_128_PKCS_ID, + RIPEMD_128_PKCS_ID + sizeof(RIPEMD_128_PKCS_ID)); + if(name == "RIPEMD-160") - return MemoryVector(RIPEMD_160_PKCS_ID, sizeof(RIPEMD_160_PKCS_ID)); + return std::vector(RIPEMD_160_PKCS_ID, + RIPEMD_160_PKCS_ID + sizeof(RIPEMD_160_PKCS_ID)); + if(name == "SHA-160") - return MemoryVector(SHA_160_PKCS_ID, sizeof(SHA_160_PKCS_ID)); + return std::vector(SHA_160_PKCS_ID, + SHA_160_PKCS_ID + sizeof(SHA_160_PKCS_ID)); + if(name == "SHA-224") - return MemoryVector(SHA_224_PKCS_ID, sizeof(SHA_224_PKCS_ID)); + return std::vector(SHA_224_PKCS_ID, + SHA_224_PKCS_ID + sizeof(SHA_224_PKCS_ID)); + if(name == "SHA-256") - return MemoryVector(SHA_256_PKCS_ID, sizeof(SHA_256_PKCS_ID)); + return std::vector(SHA_256_PKCS_ID, + SHA_256_PKCS_ID + sizeof(SHA_256_PKCS_ID)); + if(name == "SHA-384") - return MemoryVector(SHA_384_PKCS_ID, sizeof(SHA_384_PKCS_ID)); + return std::vector(SHA_384_PKCS_ID, + SHA_384_PKCS_ID + sizeof(SHA_384_PKCS_ID)); + if(name == "SHA-512") - return MemoryVector(SHA_512_PKCS_ID, sizeof(SHA_512_PKCS_ID)); + return std::vector(SHA_512_PKCS_ID, + SHA_512_PKCS_ID + sizeof(SHA_512_PKCS_ID)); + if(name == "Tiger(24,3)") - return MemoryVector(TIGER_PKCS_ID, sizeof(TIGER_PKCS_ID)); + return std::vector(TIGER_PKCS_ID, + TIGER_PKCS_ID + sizeof(TIGER_PKCS_ID)); throw Invalid_Argument("No PKCS #1 identifier for " + name); } diff --git a/src/pk_pad/hash_id/hash_id.h b/src/pk_pad/hash_id/hash_id.h index 909cc6b19..070e7ddb9 100644 --- a/src/pk_pad/hash_id/hash_id.h +++ b/src/pk_pad/hash_id/hash_id.h @@ -20,7 +20,7 @@ namespace Botan { * @return byte sequence identifying the hash * @throw Invalid_Argument if the hash has no known PKCS #1 hash id */ -BOTAN_DLL MemoryVector pkcs_hash_id(const std::string& hash_name); +BOTAN_DLL std::vector pkcs_hash_id(const std::string& hash_name); /** * Return the IEEE 1363 hash identifier diff --git a/src/pubkey/dh/dh.cpp b/src/pubkey/dh/dh.cpp index d58fece12..04941af73 100644 --- a/src/pubkey/dh/dh.cpp +++ b/src/pubkey/dh/dh.cpp @@ -24,9 +24,9 @@ DH_PublicKey::DH_PublicKey(const DL_Group& grp, const BigInt& y1) /* * Return the public value for key agreement */ -MemoryVector DH_PublicKey::public_value() const +std::vector DH_PublicKey::public_value() const { - return BigInt::encode_1363(y, group_p().bytes()); + return unlock(BigInt::encode_1363(y, group_p().bytes())); } /* @@ -58,7 +58,7 @@ DH_PrivateKey::DH_PrivateKey(RandomNumberGenerator& rng, * Load a DH private key */ DH_PrivateKey::DH_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_42) { @@ -71,7 +71,7 @@ DH_PrivateKey::DH_PrivateKey(const AlgorithmIdentifier& alg_id, /* * Return the public value for key agreement */ -MemoryVector DH_PrivateKey::public_value() const +std::vector DH_PrivateKey::public_value() const { return DH_PublicKey::public_value(); } @@ -83,7 +83,7 @@ DH_KA_Operation::DH_KA_Operation(const DH_PrivateKey& dh) : blinder = Blinder(k, powermod_x_p(inverse_mod(k, p)), p); } -SecureVector DH_KA_Operation::agree(const byte w[], size_t w_len) +secure_vector DH_KA_Operation::agree(const byte w[], size_t w_len) { BigInt input = BigInt::decode(w, w_len); diff --git a/src/pubkey/dh/dh.h b/src/pubkey/dh/dh.h index 497238417..bf02ffdb9 100644 --- a/src/pubkey/dh/dh.h +++ b/src/pubkey/dh/dh.h @@ -23,13 +23,13 @@ class BOTAN_DLL DH_PublicKey : public virtual DL_Scheme_PublicKey public: std::string algo_name() const { return "DH"; } - MemoryVector public_value() const; + std::vector public_value() const; size_t max_input_bits() const { return group_p().bits(); } DL_Group::Format group_format() const { return DL_Group::ANSI_X9_42; } DH_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : DL_Scheme_PublicKey(alg_id, key_bits, DL_Group::ANSI_X9_42) {} /** @@ -50,7 +50,7 @@ class BOTAN_DLL DH_PrivateKey : public DH_PublicKey, public virtual DL_Scheme_PrivateKey { public: - MemoryVector public_value() const; + std::vector public_value() const; /** * Load a DH private key @@ -59,7 +59,7 @@ class BOTAN_DLL DH_PrivateKey : public DH_PublicKey, * @param rng a random number generator */ DH_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng); /** @@ -80,7 +80,7 @@ class BOTAN_DLL DH_KA_Operation : public PK_Ops::Key_Agreement public: DH_KA_Operation(const DH_PrivateKey& key); - SecureVector agree(const byte w[], size_t w_len); + secure_vector agree(const byte w[], size_t w_len); private: const BigInt& p; diff --git a/src/pubkey/dl_algo/dl_algo.cpp b/src/pubkey/dl_algo/dl_algo.cpp index 8e326ef6a..1034a3252 100644 --- a/src/pubkey/dl_algo/dl_algo.cpp +++ b/src/pubkey/dl_algo/dl_algo.cpp @@ -18,13 +18,13 @@ AlgorithmIdentifier DL_Scheme_PublicKey::algorithm_identifier() const group.DER_encode(group_format())); } -MemoryVector DL_Scheme_PublicKey::x509_subject_public_key() const +std::vector DL_Scheme_PublicKey::x509_subject_public_key() const { - return DER_Encoder().encode(y).get_contents(); + return DER_Encoder().encode(y).get_contents_unlocked(); } DL_Scheme_PublicKey::DL_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, DL_Group::Format format) { DataSource_Memory source(alg_id.parameters); @@ -33,13 +33,13 @@ DL_Scheme_PublicKey::DL_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, BER_Decoder(key_bits).decode(y); } -MemoryVector DL_Scheme_PrivateKey::pkcs8_private_key() const +secure_vector DL_Scheme_PrivateKey::pkcs8_private_key() const { return DER_Encoder().encode(x).get_contents(); } DL_Scheme_PrivateKey::DL_Scheme_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, DL_Group::Format format) { DataSource_Memory source(alg_id.parameters); diff --git a/src/pubkey/dl_algo/dl_algo.h b/src/pubkey/dl_algo/dl_algo.h index 2cc632caa..af2806b02 100644 --- a/src/pubkey/dl_algo/dl_algo.h +++ b/src/pubkey/dl_algo/dl_algo.h @@ -24,7 +24,7 @@ class BOTAN_DLL DL_Scheme_PublicKey : public virtual Public_Key AlgorithmIdentifier algorithm_identifier() const; - MemoryVector x509_subject_public_key() const; + std::vector x509_subject_public_key() const; /** * Get the DL domain parameters of this key. @@ -62,7 +62,7 @@ class BOTAN_DLL DL_Scheme_PublicKey : public virtual Public_Key virtual DL_Group::Format group_format() const = 0; DL_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, DL_Group::Format group_format); protected: @@ -94,10 +94,10 @@ class BOTAN_DLL DL_Scheme_PrivateKey : public virtual DL_Scheme_PublicKey, */ const BigInt& get_x() const { return x; } - MemoryVector pkcs8_private_key() const; + secure_vector pkcs8_private_key() const; DL_Scheme_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, DL_Group::Format group_format); protected: diff --git a/src/pubkey/dl_group/dl_group.cpp b/src/pubkey/dl_group/dl_group.cpp index 3904841ba..93bbcbb2d 100644 --- a/src/pubkey/dl_group/dl_group.cpp +++ b/src/pubkey/dl_group/dl_group.cpp @@ -90,7 +90,8 @@ DL_Group::DL_Group(RandomNumberGenerator& rng, * DL_Group Constructor */ DL_Group::DL_Group(RandomNumberGenerator& rng, - const MemoryRegion& seed, size_t pbits, size_t qbits) + const std::vector& seed, + size_t pbits, size_t qbits) { if(!generate_dsa_primes(rng, global_state().algorithm_factory(), @@ -202,7 +203,7 @@ const BigInt& DL_Group::get_q() const /* * DER encode the parameters */ -SecureVector DL_Group::DER_encode(Format format) const +std::vector DL_Group::DER_encode(Format format) const { init_check(); @@ -217,7 +218,7 @@ SecureVector DL_Group::DER_encode(Format format) const .encode(q) .encode(g) .end_cons() - .get_contents(); + .get_contents_unlocked(); } else if(format == ANSI_X9_42) { @@ -227,7 +228,7 @@ SecureVector DL_Group::DER_encode(Format format) const .encode(g) .encode(q) .end_cons() - .get_contents(); + .get_contents_unlocked(); } else if(format == PKCS_3) { @@ -236,7 +237,7 @@ SecureVector DL_Group::DER_encode(Format format) const .encode(p) .encode(g) .end_cons() - .get_contents(); + .get_contents_unlocked(); } throw Invalid_Argument("Unknown DL_Group encoding " + std::to_string(format)); @@ -247,7 +248,8 @@ SecureVector DL_Group::DER_encode(Format format) const */ std::string DL_Group::PEM_encode(Format format) const { - SecureVector encoding = DER_encode(format); + const std::vector encoding = DER_encode(format); + if(format == PKCS_3) return PEM_Code::encode(encoding, "DH PARAMETERS"); else if(format == ANSI_X9_57) diff --git a/src/pubkey/dl_group/dl_group.h b/src/pubkey/dl_group/dl_group.h index bfc2c04e5..aa90388ae 100644 --- a/src/pubkey/dl_group/dl_group.h +++ b/src/pubkey/dl_group/dl_group.h @@ -77,7 +77,7 @@ class BOTAN_DLL DL_Group * @param format the encoding format * @return string holding the DER encoded group */ - SecureVector DER_encode(Format format) const; + std::vector DER_encode(Format format) const; /** * Decode a DER/BER encoded group into this instance. @@ -131,7 +131,8 @@ class BOTAN_DLL DL_Group * @param pbits the desired bit size of the prime p * @param qbits the desired bit size of the prime q. */ - DL_Group(RandomNumberGenerator& rng, const MemoryRegion& seed, + DL_Group(RandomNumberGenerator& rng, + const std::vector& seed, size_t pbits = 1024, size_t qbits = 0); /** diff --git a/src/pubkey/dlies/dlies.cpp b/src/pubkey/dlies/dlies.cpp index 80dde048b..715b55a36 100644 --- a/src/pubkey/dlies/dlies.cpp +++ b/src/pubkey/dlies/dlies.cpp @@ -34,19 +34,19 @@ DLIES_Encryptor::~DLIES_Encryptor() /* * DLIES Encryption */ -SecureVector DLIES_Encryptor::enc(const byte in[], size_t length, - RandomNumberGenerator&) const +std::vector DLIES_Encryptor::enc(const byte in[], size_t length, + RandomNumberGenerator&) const { if(length > maximum_input_size()) throw Invalid_Argument("DLIES: Plaintext too large"); if(other_key.empty()) throw Invalid_State("DLIES: The other key was never set"); - SecureVector out(my_key.size() + length + mac->output_length()); + secure_vector out(my_key.size() + length + mac->output_length()); buffer_insert(out, 0, my_key); buffer_insert(out, my_key.size(), in, length); - SecureVector vz = my_key; + secure_vector vz(my_key.begin(), my_key.end()); vz += ka.derive_key(0, other_key).bits_of(); const size_t K_LENGTH = length + mac_keylen; @@ -65,13 +65,13 @@ SecureVector DLIES_Encryptor::enc(const byte in[], size_t length, mac->final(C + length); - return out; + return unlock(out); } /* * Set the other parties public key */ -void DLIES_Encryptor::set_other_key(const MemoryRegion& ok) +void DLIES_Encryptor::set_other_key(const std::vector& ok) { other_key = ok; } @@ -108,18 +108,21 @@ DLIES_Decryptor::~DLIES_Decryptor() /* * DLIES Decryption */ -SecureVector DLIES_Decryptor::dec(const byte msg[], size_t length) const +secure_vector DLIES_Decryptor::dec(const byte msg[], size_t length) const { if(length < my_key.size() + mac->output_length()) throw Decoding_Error("DLIES decryption: ciphertext is too short"); const size_t CIPHER_LEN = length - my_key.size() - mac->output_length(); - SecureVector v(msg, my_key.size()); - SecureVector C(msg + my_key.size(), CIPHER_LEN); - SecureVector T(msg + my_key.size() + CIPHER_LEN, mac->output_length()); + std::vector v(msg, msg + my_key.size()); - SecureVector vz(msg, my_key.size()); + secure_vector C(msg + my_key.size(), msg + my_key.size() + CIPHER_LEN); + + secure_vector T(msg + my_key.size() + CIPHER_LEN, + msg + my_key.size() + CIPHER_LEN + mac->output_length()); + + secure_vector vz(msg, msg + my_key.size()); vz += ka.derive_key(0, v).bits_of(); const size_t K_LENGTH = C.size() + mac_keylen; @@ -131,7 +134,7 @@ SecureVector DLIES_Decryptor::dec(const byte msg[], size_t length) const mac->update(C); for(size_t j = 0; j != 8; ++j) mac->update(0); - SecureVector T2 = mac->final(); + secure_vector T2 = mac->final(); if(T != T2) throw Decoding_Error("DLIES: message authentication failed"); diff --git a/src/pubkey/dlies/dlies.h b/src/pubkey/dlies/dlies.h index 8e5c05852..9739afeb2 100644 --- a/src/pubkey/dlies/dlies.h +++ b/src/pubkey/dlies/dlies.h @@ -27,13 +27,14 @@ class BOTAN_DLL DLIES_Encryptor : public PK_Encryptor ~DLIES_Encryptor(); - void set_other_key(const MemoryRegion&); + void set_other_key(const std::vector&); private: - SecureVector enc(const byte[], size_t, - RandomNumberGenerator&) const; + std::vector enc(const byte[], size_t, + RandomNumberGenerator&) const; + size_t maximum_input_size() const; - SecureVector other_key, my_key; + std::vector other_key, my_key; PK_Key_Agreement ka; KDF* kdf; @@ -55,9 +56,9 @@ class BOTAN_DLL DLIES_Decryptor : public PK_Decryptor ~DLIES_Decryptor(); private: - SecureVector dec(const byte[], size_t) const; + secure_vector dec(const byte[], size_t) const; - SecureVector my_key; + std::vector my_key; PK_Key_Agreement ka; KDF* kdf; diff --git a/src/pubkey/dsa/dsa.cpp b/src/pubkey/dsa/dsa.cpp index c3b4f260b..5d56d6b89 100644 --- a/src/pubkey/dsa/dsa.cpp +++ b/src/pubkey/dsa/dsa.cpp @@ -42,7 +42,7 @@ DSA_PrivateKey::DSA_PrivateKey(RandomNumberGenerator& rng, } DSA_PrivateKey::DSA_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { @@ -73,7 +73,7 @@ DSA_Signature_Operation::DSA_Signature_Operation(const DSA_PrivateKey& dsa) : { } -SecureVector +secure_vector DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -97,7 +97,7 @@ DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, s = mod_q.multiply(s, mul_add(x, r, i)); } - SecureVector output(2*q.bytes()); + secure_vector output(2*q.bytes()); r.binary_encode(&output[output.size() / 2 - r.bytes()]); s.binary_encode(&output[output.size() - s.bytes()]); return output; diff --git a/src/pubkey/dsa/dsa.h b/src/pubkey/dsa/dsa.h index a41a8432c..7d51cfdd0 100644 --- a/src/pubkey/dsa/dsa.h +++ b/src/pubkey/dsa/dsa.h @@ -29,7 +29,7 @@ class BOTAN_DLL DSA_PublicKey : public virtual DL_Scheme_PublicKey size_t max_input_bits() const { return group_q().bits(); } DSA_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : DL_Scheme_PublicKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { } @@ -47,7 +47,7 @@ class BOTAN_DLL DSA_PrivateKey : public DSA_PublicKey, { public: DSA_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng); DSA_PrivateKey(RandomNumberGenerator& rng, @@ -69,7 +69,7 @@ class BOTAN_DLL DSA_Signature_Operation : public PK_Ops::Signature size_t message_part_size() const { return q.bytes(); } size_t max_input_bits() const { return q.bits(); } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: const BigInt& q; diff --git a/src/pubkey/ec_group/ec_group.cpp b/src/pubkey/ec_group/ec_group.cpp index fe4fae885..88c4616a4 100644 --- a/src/pubkey/ec_group/ec_group.cpp +++ b/src/pubkey/ec_group/ec_group.cpp @@ -37,8 +37,8 @@ EC_Group::EC_Group(const std::string& str) { DataSource_Memory input(str); - SecureVector ber = - PEM_Code::decode_check_label(input, "EC PARAMETERS"); + std::vector ber = + unlock(PEM_Code::decode_check_label(input, "EC PARAMETERS")); *this = EC_Group(ber); } @@ -48,7 +48,7 @@ EC_Group::EC_Group(const std::string& str) } } -EC_Group::EC_Group(const MemoryRegion& ber_data) +EC_Group::EC_Group(const std::vector& ber_data) { BER_Decoder ber(ber_data); BER_Object obj = ber.get_next_object(); @@ -64,7 +64,7 @@ EC_Group::EC_Group(const MemoryRegion& ber_data) else if(obj.type_tag == SEQUENCE) { BigInt p, a, b; - SecureVector sv_base_point; + std::vector sv_base_point; BER_Decoder(ber_data) .start_cons(SEQUENCE) @@ -91,7 +91,7 @@ EC_Group::EC_Group(const MemoryRegion& ber_data) throw Decoding_Error("Unexpected tag while decoding ECC domain params"); } -SecureVector +std::vector EC_Group::DER_encode(EC_Group_Encoding form) const { if(form == EC_DOMPAR_ENC_EXPLICIT) @@ -118,19 +118,19 @@ EC_Group::DER_encode(EC_Group_Encoding form) const .encode(order) .encode(cofactor) .end_cons() - .get_contents(); + .get_contents_unlocked(); } else if(form == EC_DOMPAR_ENC_OID) - return DER_Encoder().encode(get_oid()).get_contents(); + return DER_Encoder().encode(get_oid()).get_contents_unlocked(); else if(form == EC_DOMPAR_ENC_IMPLICITCA) - return DER_Encoder().encode_null().get_contents(); + return DER_Encoder().encode_null().get_contents_unlocked(); else throw Internal_Error("EC_Group::DER_encode: Unknown encoding"); } std::string EC_Group::PEM_encode() const { - SecureVector der = DER_encode(EC_DOMPAR_ENC_EXPLICIT); + const std::vector der = DER_encode(EC_DOMPAR_ENC_EXPLICIT); return PEM_Code::encode(der, "EC PARAMETERS"); } diff --git a/src/pubkey/ec_group/ec_group.h b/src/pubkey/ec_group/ec_group.h index dadc9fba3..756c158dc 100644 --- a/src/pubkey/ec_group/ec_group.h +++ b/src/pubkey/ec_group/ec_group.h @@ -54,7 +54,7 @@ class BOTAN_DLL EC_Group * Decode a BER encoded ECC domain parameter set * @param ber_encoding the bytes of the BER encoding */ - EC_Group(const MemoryRegion& ber_encoding); + EC_Group(const std::vector& ber_encoding); /** * Create an EC domain by OID (or throw if unknown) @@ -74,7 +74,7 @@ class BOTAN_DLL EC_Group * @param form of encoding to use * @returns bytes encododed as DER */ - SecureVector DER_encode(EC_Group_Encoding form) const; + std::vector DER_encode(EC_Group_Encoding form) const; /** * Return the PEM encoding (always in explicit form) diff --git a/src/pubkey/ecc_key/ecc_key.cpp b/src/pubkey/ecc_key/ecc_key.cpp index 991446f07..ead129ec6 100644 --- a/src/pubkey/ecc_key/ecc_key.cpp +++ b/src/pubkey/ecc_key/ecc_key.cpp @@ -28,7 +28,7 @@ EC_PublicKey::EC_PublicKey(const EC_Group& dom_par, } EC_PublicKey::EC_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) + const secure_vector& key_bits) { domain_params = EC_Group(alg_id.parameters); domain_encoding = EC_DOMPAR_ENC_EXPLICIT; @@ -47,9 +47,9 @@ AlgorithmIdentifier EC_PublicKey::algorithm_identifier() const return AlgorithmIdentifier(get_oid(), DER_domain()); } -MemoryVector EC_PublicKey::x509_subject_public_key() const +std::vector EC_PublicKey::x509_subject_public_key() const { - return EC2OSP(public_point(), PointGFp::COMPRESSED); + return unlock(EC2OSP(public_point(), PointGFp::COMPRESSED)); } void EC_PublicKey::set_parameter_encoding(EC_Group_Encoding form) @@ -96,7 +96,7 @@ EC_PrivateKey::EC_PrivateKey(RandomNumberGenerator& rng, "ECC private key was not on the curve"); } -MemoryVector EC_PrivateKey::pkcs8_private_key() const +secure_vector EC_PrivateKey::pkcs8_private_key() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -108,7 +108,7 @@ MemoryVector EC_PrivateKey::pkcs8_private_key() const } EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) + const secure_vector& key_bits) { domain_params = EC_Group(alg_id.parameters); domain_encoding = EC_DOMPAR_ENC_EXPLICIT; diff --git a/src/pubkey/ecc_key/ecc_key.h b/src/pubkey/ecc_key/ecc_key.h index cccc8d53c..76a63a7e4 100644 --- a/src/pubkey/ecc_key/ecc_key.h +++ b/src/pubkey/ecc_key/ecc_key.h @@ -34,7 +34,7 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key const PointGFp& pub_point); EC_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits); + const secure_vector& key_bits); /** * Get the public point of this key. @@ -46,7 +46,7 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key AlgorithmIdentifier algorithm_identifier() const; - MemoryVector x509_subject_public_key() const; + std::vector x509_subject_public_key() const; bool check_key(RandomNumberGenerator& rng, bool strong) const; @@ -69,7 +69,7 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key * Return the DER encoding of this keys domain in whatever format * is preset for this particular key */ - MemoryVector DER_domain() const + std::vector DER_domain() const { return domain().DER_encode(domain_format()); } /** @@ -98,9 +98,9 @@ class BOTAN_DLL EC_PrivateKey : public virtual EC_PublicKey, const BigInt& private_key); EC_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits); + const secure_vector& key_bits); - MemoryVector pkcs8_private_key() const; + secure_vector pkcs8_private_key() const; /** * Get the private key value of this key object. diff --git a/src/pubkey/ecdh/ecdh.cpp b/src/pubkey/ecdh/ecdh.cpp index 656644370..511dd0678 100644 --- a/src/pubkey/ecdh/ecdh.cpp +++ b/src/pubkey/ecdh/ecdh.cpp @@ -20,7 +20,7 @@ ECDH_KA_Operation::ECDH_KA_Operation(const ECDH_PrivateKey& key) : key.private_value(); } -SecureVector ECDH_KA_Operation::agree(const byte w[], size_t w_len) +secure_vector ECDH_KA_Operation::agree(const byte w[], size_t w_len) { PointGFp point = OS2ECP(w, w_len, curve); diff --git a/src/pubkey/ecdh/ecdh.h b/src/pubkey/ecdh/ecdh.h index 6fe0697bf..0c5d4e010 100644 --- a/src/pubkey/ecdh/ecdh.h +++ b/src/pubkey/ecdh/ecdh.h @@ -23,7 +23,7 @@ class BOTAN_DLL ECDH_PublicKey : public virtual EC_PublicKey public: ECDH_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : EC_PublicKey(alg_id, key_bits) {} /** @@ -52,8 +52,8 @@ class BOTAN_DLL ECDH_PublicKey : public virtual EC_PublicKey /** * @return public point value */ - MemoryVector public_value() const - { return EC2OSP(public_point(), PointGFp::UNCOMPRESSED); } + std::vector public_value() const + { return unlock(EC2OSP(public_point(), PointGFp::UNCOMPRESSED)); } protected: ECDH_PublicKey() {} @@ -69,7 +69,7 @@ class BOTAN_DLL ECDH_PrivateKey : public ECDH_PublicKey, public: ECDH_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : EC_PrivateKey(alg_id, key_bits) {} /** @@ -83,7 +83,7 @@ class BOTAN_DLL ECDH_PrivateKey : public ECDH_PublicKey, const BigInt& x = 0) : EC_PrivateKey(rng, domain, x) {} - MemoryVector public_value() const + std::vector public_value() const { return ECDH_PublicKey::public_value(); } }; @@ -95,7 +95,7 @@ class BOTAN_DLL ECDH_KA_Operation : public PK_Ops::Key_Agreement public: ECDH_KA_Operation(const ECDH_PrivateKey& key); - SecureVector agree(const byte w[], size_t w_len); + secure_vector agree(const byte w[], size_t w_len); private: const CurveGFp& curve; const BigInt& cofactor; diff --git a/src/pubkey/ecdsa/ecdsa.cpp b/src/pubkey/ecdsa/ecdsa.cpp index 5c45c5ed3..6ff082649 100644 --- a/src/pubkey/ecdsa/ecdsa.cpp +++ b/src/pubkey/ecdsa/ecdsa.cpp @@ -32,7 +32,7 @@ ECDSA_Signature_Operation::ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecd { } -SecureVector +secure_vector ECDSA_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -56,7 +56,7 @@ ECDSA_Signature_Operation::sign(const byte msg[], size_t msg_len, s = mod_order.multiply(inverse_mod(k, order), mul_add(x, r, m)); } - SecureVector output(2*order.bytes()); + secure_vector output(2*order.bytes()); r.binary_encode(&output[output.size() / 2 - r.bytes()]); s.binary_encode(&output[output.size() - s.bytes()]); return output; diff --git a/src/pubkey/ecdsa/ecdsa.h b/src/pubkey/ecdsa/ecdsa.h index f0834abd8..e37fa1562 100644 --- a/src/pubkey/ecdsa/ecdsa.h +++ b/src/pubkey/ecdsa/ecdsa.h @@ -33,7 +33,7 @@ class BOTAN_DLL ECDSA_PublicKey : public virtual EC_PublicKey EC_PublicKey(dom_par, public_point) {} ECDSA_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : EC_PublicKey(alg_id, key_bits) {} /** @@ -72,7 +72,7 @@ class BOTAN_DLL ECDSA_PrivateKey : public ECDSA_PublicKey, * @param key_bits PKCS #8 structure */ ECDSA_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : EC_PrivateKey(alg_id, key_bits) {} /** @@ -97,7 +97,7 @@ class BOTAN_DLL ECDSA_Signature_Operation : public PK_Ops::Signature public: ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecdsa); - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); size_t message_parts() const { return 2; } diff --git a/src/pubkey/elgamal/elgamal.cpp b/src/pubkey/elgamal/elgamal.cpp index 6d15aed79..3988f3155 100644 --- a/src/pubkey/elgamal/elgamal.cpp +++ b/src/pubkey/elgamal/elgamal.cpp @@ -44,7 +44,7 @@ ElGamal_PrivateKey::ElGamal_PrivateKey(RandomNumberGenerator& rng, } ElGamal_PrivateKey::ElGamal_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_42) { @@ -76,7 +76,7 @@ ElGamal_Encryption_Operation::ElGamal_Encryption_Operation(const ElGamal_PublicK mod_p = Modular_Reducer(p); } -SecureVector +secure_vector ElGamal_Encryption_Operation::encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -92,7 +92,7 @@ ElGamal_Encryption_Operation::encrypt(const byte msg[], size_t msg_len, BigInt a = powermod_g_p(k); BigInt b = mod_p.multiply(m, powermod_y_p(k)); - SecureVector output(2*p.bytes()); + secure_vector output(2*p.bytes()); a.binary_encode(&output[p.bytes() - a.bytes()]); b.binary_encode(&output[output.size() / 2 + (p.bytes() - b.bytes())]); return output; @@ -109,7 +109,7 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private blinder = Blinder(k, powermod_x_p(k), p); } -SecureVector +secure_vector ElGamal_Decryption_Operation::decrypt(const byte msg[], size_t msg_len) { const BigInt& p = mod_p.get_modulus(); @@ -129,7 +129,7 @@ ElGamal_Decryption_Operation::decrypt(const byte msg[], size_t msg_len) BigInt r = mod_p.multiply(b, inverse_mod(powermod_x_p(a), p)); - return BigInt::encode(blinder.unblind(r)); + return BigInt::encode_locked(blinder.unblind(r)); } } diff --git a/src/pubkey/elgamal/elgamal.h b/src/pubkey/elgamal/elgamal.h index 383a4160b..957aa4656 100644 --- a/src/pubkey/elgamal/elgamal.h +++ b/src/pubkey/elgamal/elgamal.h @@ -28,7 +28,7 @@ class BOTAN_DLL ElGamal_PublicKey : public virtual DL_Scheme_PublicKey size_t max_input_bits() const { return (group_p().bits() - 1); } ElGamal_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : DL_Scheme_PublicKey(alg_id, key_bits, DL_Group::ANSI_X9_42) {} @@ -47,7 +47,7 @@ class BOTAN_DLL ElGamal_PrivateKey : public ElGamal_PublicKey, bool check_key(RandomNumberGenerator& rng, bool) const; ElGamal_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng); ElGamal_PrivateKey(RandomNumberGenerator& rng, @@ -65,7 +65,7 @@ class BOTAN_DLL ElGamal_Encryption_Operation : public PK_Ops::Encryption ElGamal_Encryption_Operation(const ElGamal_PublicKey& key); - SecureVector encrypt(const byte msg[], size_t msg_len, + secure_vector encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: @@ -83,7 +83,7 @@ class BOTAN_DLL ElGamal_Decryption_Operation : public PK_Ops::Decryption ElGamal_Decryption_Operation(const ElGamal_PrivateKey& key); - SecureVector decrypt(const byte msg[], size_t msg_len); + secure_vector decrypt(const byte msg[], size_t msg_len); private: Fixed_Exponent_Power_Mod powermod_x_p; Modular_Reducer mod_p; diff --git a/src/pubkey/gost_3410/gost_3410.cpp b/src/pubkey/gost_3410/gost_3410.cpp index f97f83aa0..289cdcac4 100644 --- a/src/pubkey/gost_3410/gost_3410.cpp +++ b/src/pubkey/gost_3410/gost_3410.cpp @@ -14,7 +14,7 @@ namespace Botan { -MemoryVector GOST_3410_PublicKey::x509_subject_public_key() const +std::vector GOST_3410_PublicKey::x509_subject_public_key() const { // Trust CryptoPro to come up with something obnoxious const BigInt x = public_point().get_affine_x(); @@ -22,7 +22,7 @@ MemoryVector GOST_3410_PublicKey::x509_subject_public_key() const size_t part_size = std::max(x.bytes(), y.bytes()); - MemoryVector bits(2*part_size); + std::vector bits(2*part_size); x.binary_encode(&bits[part_size - x.bytes()]); y.binary_encode(&bits[2*part_size - y.bytes()]); @@ -34,22 +34,22 @@ MemoryVector GOST_3410_PublicKey::x509_subject_public_key() const std::swap(bits[part_size+i], bits[2*part_size-1-i]); } - return DER_Encoder().encode(bits, OCTET_STRING).get_contents(); + return DER_Encoder().encode(bits, OCTET_STRING).get_contents_unlocked(); } AlgorithmIdentifier GOST_3410_PublicKey::algorithm_identifier() const { - MemoryVector params = + std::vector params = DER_Encoder().start_cons(SEQUENCE) .encode(OID(domain().get_oid())) .end_cons() - .get_contents(); + .get_contents_unlocked(); return AlgorithmIdentifier(get_oid(), params); } GOST_3410_PublicKey::GOST_3410_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) + const secure_vector& key_bits) { OID ecc_param_id; @@ -58,7 +58,7 @@ GOST_3410_PublicKey::GOST_3410_PublicKey(const AlgorithmIdentifier& alg_id, domain_params = EC_Group(ecc_param_id); - SecureVector bits; + secure_vector bits; BER_Decoder(key_bits).decode(bits, OCTET_STRING); const size_t part_size = bits.size() / 2; @@ -83,7 +83,7 @@ namespace { BigInt decode_le(const byte msg[], size_t msg_len) { - SecureVector msg_le(msg, msg_len); + secure_vector msg_le(msg, msg + msg_len); for(size_t i = 0; i != msg_le.size() / 2; ++i) std::swap(msg_le[i], msg_le[msg_le.size()-1-i]); @@ -102,7 +102,7 @@ GOST_3410_Signature_Operation::GOST_3410_Signature_Operation( { } -SecureVector +secure_vector GOST_3410_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -129,7 +129,7 @@ GOST_3410_Signature_Operation::sign(const byte msg[], size_t msg_len, if(r == 0 || s == 0) throw Invalid_State("GOST 34.10: r == 0 || s == 0"); - SecureVector output(2*order.bytes()); + secure_vector output(2*order.bytes()); s.binary_encode(&output[output.size() / 2 - s.bytes()]); r.binary_encode(&output[output.size() - r.bytes()]); return output; diff --git a/src/pubkey/gost_3410/gost_3410.h b/src/pubkey/gost_3410/gost_3410.h index 7b638d7b5..6b1506b10 100644 --- a/src/pubkey/gost_3410/gost_3410.h +++ b/src/pubkey/gost_3410/gost_3410.h @@ -35,7 +35,7 @@ class BOTAN_DLL GOST_3410_PublicKey : public virtual EC_PublicKey * Construct from X.509 algorithm id and subject public key bits */ GOST_3410_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits); + const secure_vector& key_bits); /** * Get this keys algorithm name. @@ -45,7 +45,7 @@ class BOTAN_DLL GOST_3410_PublicKey : public virtual EC_PublicKey AlgorithmIdentifier algorithm_identifier() const; - MemoryVector x509_subject_public_key() const; + std::vector x509_subject_public_key() const; /** * Get the maximum number of bits allowed to be fed to this key. @@ -73,7 +73,7 @@ class BOTAN_DLL GOST_3410_PrivateKey : public GOST_3410_PublicKey, public: GOST_3410_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : EC_PrivateKey(alg_id, key_bits) {} /** @@ -103,7 +103,7 @@ class BOTAN_DLL GOST_3410_Signature_Operation : public PK_Ops::Signature size_t message_part_size() const { return order.bytes(); } size_t max_input_bits() const { return order.bits(); } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: diff --git a/src/pubkey/if_algo/if_algo.cpp b/src/pubkey/if_algo/if_algo.cpp index 6e75bc276..f044afd03 100644 --- a/src/pubkey/if_algo/if_algo.cpp +++ b/src/pubkey/if_algo/if_algo.cpp @@ -18,18 +18,18 @@ AlgorithmIdentifier IF_Scheme_PublicKey::algorithm_identifier() const AlgorithmIdentifier::USE_NULL_PARAM); } -MemoryVector IF_Scheme_PublicKey::x509_subject_public_key() const +std::vector IF_Scheme_PublicKey::x509_subject_public_key() const { return DER_Encoder() .start_cons(SEQUENCE) .encode(n) .encode(e) .end_cons() - .get_contents(); + .get_contents_unlocked(); } IF_Scheme_PublicKey::IF_Scheme_PublicKey(const AlgorithmIdentifier&, - const MemoryRegion& key_bits) + const secure_vector& key_bits) { BER_Decoder(key_bits) .start_cons(SEQUENCE) @@ -49,7 +49,7 @@ bool IF_Scheme_PublicKey::check_key(RandomNumberGenerator&, bool) const return true; } -MemoryVector IF_Scheme_PrivateKey::pkcs8_private_key() const +secure_vector IF_Scheme_PrivateKey::pkcs8_private_key() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -68,7 +68,7 @@ MemoryVector IF_Scheme_PrivateKey::pkcs8_private_key() const IF_Scheme_PrivateKey::IF_Scheme_PrivateKey(RandomNumberGenerator& rng, const AlgorithmIdentifier&, - const MemoryRegion& key_bits) + const secure_vector& key_bits) { BER_Decoder(key_bits) .start_cons(SEQUENCE) diff --git a/src/pubkey/if_algo/if_algo.h b/src/pubkey/if_algo/if_algo.h index b6683d30e..5c95aecd1 100644 --- a/src/pubkey/if_algo/if_algo.h +++ b/src/pubkey/if_algo/if_algo.h @@ -22,7 +22,7 @@ class BOTAN_DLL IF_Scheme_PublicKey : public virtual Public_Key { public: IF_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits); + const secure_vector& key_bits); IF_Scheme_PublicKey(const BigInt& n, const BigInt& e) : n(n), e(e) {} @@ -31,7 +31,7 @@ class BOTAN_DLL IF_Scheme_PublicKey : public virtual Public_Key AlgorithmIdentifier algorithm_identifier() const; - MemoryVector x509_subject_public_key() const; + std::vector x509_subject_public_key() const; /** * @return public modulus @@ -67,7 +67,7 @@ class BOTAN_DLL IF_Scheme_PrivateKey : public virtual IF_Scheme_PublicKey, IF_Scheme_PrivateKey(RandomNumberGenerator& rng, const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits); + const secure_vector& key_bits); bool check_key(RandomNumberGenerator& rng, bool) const; @@ -93,7 +93,7 @@ class BOTAN_DLL IF_Scheme_PrivateKey : public virtual IF_Scheme_PublicKey, const BigInt& get_d1() const { return d1; } const BigInt& get_d2() const { return d2; } - MemoryVector pkcs8_private_key() const; + secure_vector pkcs8_private_key() const; protected: IF_Scheme_PrivateKey() {} diff --git a/src/pubkey/keypair/keypair.cpp b/src/pubkey/keypair/keypair.cpp index 857a5328a..a8631062d 100644 --- a/src/pubkey/keypair/keypair.cpp +++ b/src/pubkey/keypair/keypair.cpp @@ -29,14 +29,14 @@ bool encryption_consistency_check(RandomNumberGenerator& rng, if(encryptor.maximum_input_size() == 0) return true; - SecureVector plaintext = - rng.random_vec(encryptor.maximum_input_size() - 1); + std::vector plaintext = + unlock(rng.random_vec(encryptor.maximum_input_size() - 1)); - SecureVector ciphertext = encryptor.encrypt(plaintext, rng); + std::vector ciphertext = encryptor.encrypt(plaintext, rng); if(ciphertext == plaintext) return false; - SecureVector decrypted = decryptor.decrypt(ciphertext); + std::vector decrypted = unlock(decryptor.decrypt(ciphertext)); return (plaintext == decrypted); } @@ -51,9 +51,9 @@ bool signature_consistency_check(RandomNumberGenerator& rng, PK_Signer signer(key, padding); PK_Verifier verifier(key, padding); - SecureVector message = rng.random_vec(16); + std::vector message = unlock(rng.random_vec(16)); - SecureVector signature; + std::vector signature; try { diff --git a/src/pubkey/nr/nr.cpp b/src/pubkey/nr/nr.cpp index 7490e1b64..87cf3d038 100644 --- a/src/pubkey/nr/nr.cpp +++ b/src/pubkey/nr/nr.cpp @@ -13,7 +13,7 @@ namespace Botan { NR_PublicKey::NR_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : DL_Scheme_PublicKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { } @@ -49,7 +49,7 @@ NR_PrivateKey::NR_PrivateKey(RandomNumberGenerator& rng, } NR_PrivateKey::NR_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { @@ -80,7 +80,7 @@ NR_Signature_Operation::NR_Signature_Operation(const NR_PrivateKey& nr) : { } -SecureVector +secure_vector NR_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -104,7 +104,7 @@ NR_Signature_Operation::sign(const byte msg[], size_t msg_len, d = mod_q.reduce(k - x * c); } - SecureVector output(2*q.bytes()); + secure_vector output(2*q.bytes()); c.binary_encode(&output[output.size() / 2 - c.bytes()]); d.binary_encode(&output[output.size() - d.bytes()]); return output; @@ -119,7 +119,7 @@ NR_Verification_Operation::NR_Verification_Operation(const NR_PublicKey& nr) : mod_q = Modular_Reducer(nr.group_q()); } -SecureVector +secure_vector NR_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) { const BigInt& q = mod_q.get_modulus(); @@ -137,7 +137,7 @@ NR_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) BigInt g_d = powermod_g_p(d); BigInt i = mod_p.multiply(g_d, future_y_c.get()); - return BigInt::encode(mod_q.reduce(c - i)); + return BigInt::encode_locked(mod_q.reduce(c - i)); } } diff --git a/src/pubkey/nr/nr.h b/src/pubkey/nr/nr.h index 0d426fb3a..5be336a21 100644 --- a/src/pubkey/nr/nr.h +++ b/src/pubkey/nr/nr.h @@ -30,7 +30,7 @@ class BOTAN_DLL NR_PublicKey : public virtual DL_Scheme_PublicKey size_t max_input_bits() const { return (group_q().bits() - 1); } NR_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits); + const secure_vector& key_bits); NR_PublicKey(const DL_Group& group, const BigInt& pub_key); protected: @@ -47,7 +47,7 @@ class BOTAN_DLL NR_PrivateKey : public NR_PublicKey, bool check_key(RandomNumberGenerator& rng, bool strong) const; NR_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng); NR_PrivateKey(RandomNumberGenerator& rng, @@ -67,7 +67,7 @@ class BOTAN_DLL NR_Signature_Operation : public PK_Ops::Signature size_t message_part_size() const { return q.bytes(); } size_t max_input_bits() const { return (q.bits() - 1); } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: const BigInt& q; @@ -90,7 +90,7 @@ class BOTAN_DLL NR_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return true; } - SecureVector verify_mr(const byte msg[], size_t msg_len); + secure_vector verify_mr(const byte msg[], size_t msg_len); private: const BigInt& q; const BigInt& y; diff --git a/src/pubkey/pk_algs.cpp b/src/pubkey/pk_algs.cpp index 9b3218ac4..863eb57e4 100644 --- a/src/pubkey/pk_algs.cpp +++ b/src/pubkey/pk_algs.cpp @@ -47,7 +47,7 @@ namespace Botan { Public_Key* make_public_key(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) + const secure_vector& key_bits) { const std::string alg_name = OIDS::lookup(alg_id.oid); if(alg_name == "") @@ -102,7 +102,7 @@ Public_Key* make_public_key(const AlgorithmIdentifier& alg_id, } Private_Key* make_private_key(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng) { const std::string alg_name = OIDS::lookup(alg_id.oid); diff --git a/src/pubkey/pk_algs.h b/src/pubkey/pk_algs.h index a1e65cb3d..d8f24a1b8 100644 --- a/src/pubkey/pk_algs.h +++ b/src/pubkey/pk_algs.h @@ -13,10 +13,10 @@ namespace Botan { Public_Key* make_public_key(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits); + const secure_vector& key_bits); Private_Key* make_private_key(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng); } diff --git a/src/pubkey/pk_keys.h b/src/pubkey/pk_keys.h index 770949b59..a3b693956 100644 --- a/src/pubkey/pk_keys.h +++ b/src/pubkey/pk_keys.h @@ -69,7 +69,7 @@ class BOTAN_DLL Public_Key /** * @return X.509 subject key encoding for this key object */ - virtual MemoryVector x509_subject_public_key() const = 0; + virtual std::vector x509_subject_public_key() const = 0; virtual ~Public_Key() {} protected: @@ -89,7 +89,7 @@ class BOTAN_DLL Private_Key : public virtual Public_Key /** * @return PKCS #8 private key encoding for this key object */ - virtual MemoryVector pkcs8_private_key() const = 0; + virtual secure_vector pkcs8_private_key() const = 0; /** * @return PKCS #8 AlgorithmIdentifier for this key @@ -121,7 +121,7 @@ class BOTAN_DLL PK_Key_Agreement_Key : public virtual Private_Key /* * @return public component of this key */ - virtual MemoryVector public_value() const = 0; + virtual std::vector public_value() const = 0; virtual ~PK_Key_Agreement_Key() {} }; diff --git a/src/pubkey/pk_ops.h b/src/pubkey/pk_ops.h index 51543cd33..8a08ef430 100644 --- a/src/pubkey/pk_ops.h +++ b/src/pubkey/pk_ops.h @@ -23,7 +23,7 @@ class BOTAN_DLL Encryption public: virtual size_t max_input_bits() const = 0; - virtual SecureVector encrypt(const byte msg[], size_t msg_len, + virtual secure_vector encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) = 0; virtual ~Encryption() {} @@ -37,7 +37,7 @@ class BOTAN_DLL Decryption public: virtual size_t max_input_bits() const = 0; - virtual SecureVector decrypt(const byte msg[], + virtual secure_vector decrypt(const byte msg[], size_t msg_len) = 0; virtual ~Decryption() {} @@ -73,7 +73,7 @@ class BOTAN_DLL Signature * @param msg_len the length of msg in bytes * @param rng a random number generator */ - virtual SecureVector sign(const byte msg[], size_t msg_len, + virtual secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) = 0; virtual ~Signature() {} @@ -130,7 +130,7 @@ class BOTAN_DLL Verification * @param msg_len the length of msg in bytes * @returns recovered message */ - virtual SecureVector verify_mr(const byte[], + virtual secure_vector verify_mr(const byte[], size_t) { throw Invalid_State("Message recovery not supported"); @@ -151,7 +151,7 @@ class BOTAN_DLL Key_Agreement * @param w_len the length of w in bytes * @returns the agreed key */ - virtual SecureVector agree(const byte w[], size_t w_len) = 0; + virtual secure_vector agree(const byte w[], size_t w_len) = 0; virtual ~Key_Agreement() {} }; diff --git a/src/pubkey/pkcs8.cpp b/src/pubkey/pkcs8.cpp index 57bb5c1e2..baf6d1250 100644 --- a/src/pubkey/pkcs8.cpp +++ b/src/pubkey/pkcs8.cpp @@ -24,10 +24,10 @@ namespace { /* * Get info from an EncryptedPrivateKeyInfo */ -SecureVector PKCS8_extract(DataSource& source, +secure_vector PKCS8_extract(DataSource& source, AlgorithmIdentifier& pbe_alg_id) { - SecureVector key_data; + secure_vector key_data; BER_Decoder(source) .start_cons(SEQUENCE) @@ -41,13 +41,13 @@ SecureVector PKCS8_extract(DataSource& source, /* * PEM decode and/or decrypt a private key */ -SecureVector PKCS8_decode( +secure_vector PKCS8_decode( DataSource& source, std::function ()> get_passphrase, AlgorithmIdentifier& pk_alg_id) { AlgorithmIdentifier pbe_alg_id; - SecureVector key_data, key; + secure_vector key_data, key; bool is_encrypted = true; try { @@ -71,9 +71,9 @@ SecureVector PKCS8_decode( if(key_data.empty()) throw PKCS8_Exception("No key data found"); } - catch(Decoding_Error) + catch(Decoding_Error& e) { - throw Decoding_Error("PKCS #8 private key decoding failed"); + throw Decoding_Error("PKCS #8 private key decoding failed: " + std::string(e.what())); } if(!is_encrypted) @@ -131,7 +131,7 @@ SecureVector PKCS8_decode( /* * BER encode a PKCS #8 private key, unencrypted */ -SecureVector BER_encode(const Private_Key& key) +secure_vector BER_encode(const Private_Key& key) { const size_t PKCS8_VERSION = 0; @@ -155,7 +155,7 @@ std::string PEM_encode(const Private_Key& key) /* * BER encode a PKCS #8 private key, encrypted */ -SecureVector BER_encode(const Private_Key& key, +secure_vector BER_encode(const Private_Key& key, RandomNumberGenerator& rng, const std::string& pass, const std::string& pbe_algo) @@ -203,7 +203,7 @@ Private_Key* load_key(DataSource& source, std::function ()> get_pass) { AlgorithmIdentifier alg_id; - SecureVector pkcs8_key = PKCS8_decode(source, get_pass, alg_id); + secure_vector pkcs8_key = PKCS8_decode(source, get_pass, alg_id); const std::string alg_name = OIDS::lookup(alg_id.oid); if(alg_name == "" || alg_name == alg_id.oid.as_string()) diff --git a/src/pubkey/pkcs8.h b/src/pubkey/pkcs8.h index d573fb460..fae1633a8 100644 --- a/src/pubkey/pkcs8.h +++ b/src/pubkey/pkcs8.h @@ -32,7 +32,7 @@ namespace PKCS8 { * @param key the private key to encode * @return BER encoded key */ -BOTAN_DLL SecureVector BER_encode(const Private_Key& key); +BOTAN_DLL secure_vector BER_encode(const Private_Key& key); /** * Get a string containing a PEM encoded private key. @@ -51,7 +51,7 @@ BOTAN_DLL std::string PEM_encode(const Private_Key& key); default will be chosen. * @return encrypted key in binary BER form */ -BOTAN_DLL SecureVector BER_encode(const Private_Key& key, +BOTAN_DLL secure_vector BER_encode(const Private_Key& key, RandomNumberGenerator& rng, const std::string& pass, const std::string& pbe_algo = ""); diff --git a/src/pubkey/pubkey.cpp b/src/pubkey/pubkey.cpp index d0b74071c..370eeddbf 100644 --- a/src/pubkey/pubkey.cpp +++ b/src/pubkey/pubkey.cpp @@ -44,27 +44,27 @@ PK_Encryptor_EME::PK_Encryptor_EME(const Public_Key& key, /* * Encrypt a message */ -SecureVector +std::vector PK_Encryptor_EME::enc(const byte in[], size_t length, RandomNumberGenerator& rng) const { if(eme) { - SecureVector encoded = + secure_vector encoded = eme->encode(in, length, op->max_input_bits(), rng); if(8*(encoded.size() - 1) + high_bit(encoded[0]) > op->max_input_bits()) throw Invalid_Argument("PK_Encryptor_EME: Input is too large"); - return op->encrypt(&encoded[0], encoded.size(), rng); + return unlock(op->encrypt(&encoded[0], encoded.size(), rng)); } else { if(8*(length - 1) + high_bit(in[0]) > op->max_input_bits()) throw Invalid_Argument("PK_Encryptor_EME: Input is too large"); - return op->encrypt(&in[0], length, rng); + return unlock(op->encrypt(&in[0], length, rng)); } } @@ -104,11 +104,11 @@ PK_Decryptor_EME::PK_Decryptor_EME(const Private_Key& key, /* * Decrypt a message */ -SecureVector PK_Decryptor_EME::dec(const byte msg[], - size_t length) const +secure_vector PK_Decryptor_EME::dec(const byte msg[], + size_t length) const { try { - SecureVector decrypted = op->decrypt(msg, length); + secure_vector decrypted = op->decrypt(msg, length); if(eme) return eme->decode(decrypted, op->max_input_bits()); else @@ -156,7 +156,7 @@ PK_Signer::PK_Signer(const Private_Key& key, /* * Sign a message */ -SecureVector PK_Signer::sign_message(const byte msg[], size_t length, +std::vector PK_Signer::sign_message(const byte msg[], size_t length, RandomNumberGenerator& rng) { update(msg, length); @@ -174,16 +174,16 @@ void PK_Signer::update(const byte in[], size_t length) /* * Check the signature we just created, to help prevent fault attacks */ -bool PK_Signer::self_test_signature(const MemoryRegion& msg, - const MemoryRegion& sig) const +bool PK_Signer::self_test_signature(const std::vector& msg, + const std::vector& sig) const { if(!verify_op) return true; // checking disabled, assume ok if(verify_op->with_recovery()) { - SecureVector recovered = - verify_op->verify_mr(&sig[0], sig.size()); + std::vector recovered = + unlock(verify_op->verify_mr(&sig[0], sig.size())); if(msg.size() > recovered.size()) { @@ -206,13 +206,13 @@ bool PK_Signer::self_test_signature(const MemoryRegion& msg, /* * Create a signature */ -SecureVector PK_Signer::signature(RandomNumberGenerator& rng) +std::vector PK_Signer::signature(RandomNumberGenerator& rng) { - SecureVector encoded = emsa->encoding_of(emsa->raw_data(), - op->max_input_bits(), - rng); + std::vector encoded = unlock(emsa->encoding_of(emsa->raw_data(), + op->max_input_bits(), + rng)); - SecureVector plain_sig = op->sign(&encoded[0], encoded.size(), rng); + std::vector plain_sig = unlock(op->sign(&encoded[0], encoded.size(), rng)); BOTAN_ASSERT(self_test_signature(encoded, plain_sig), "PK_Signer consistency check failed"); @@ -234,7 +234,7 @@ SecureVector PK_Signer::signature(RandomNumberGenerator& rng) .start_cons(SEQUENCE) .encode_list(sig_parts) .end_cons() - .get_contents(); + .get_contents_unlocked(); } else throw Encoding_Error("PK_Signer: Unknown signature format " + @@ -307,7 +307,7 @@ bool PK_Verifier::check_signature(const byte sig[], size_t length) BER_Decoder ber_sig = decoder.start_cons(SEQUENCE); size_t count = 0; - SecureVector real_sig; + std::vector real_sig; while(ber_sig.more_items()) { BigInt sig_part; @@ -332,19 +332,19 @@ bool PK_Verifier::check_signature(const byte sig[], size_t length) /* * Verify a signature */ -bool PK_Verifier::validate_signature(const MemoryRegion& msg, +bool PK_Verifier::validate_signature(const secure_vector& msg, const byte sig[], size_t sig_len) { if(op->with_recovery()) { - SecureVector output_of_key = op->verify_mr(sig, sig_len); + secure_vector output_of_key = op->verify_mr(sig, sig_len); return emsa->verify(output_of_key, msg, op->max_input_bits()); } else { Null_RNG rng; - SecureVector encoded = + secure_vector encoded = emsa->encoding_of(msg, op->max_input_bits(), rng); return op->verify(&encoded[0], encoded.size(), sig, sig_len); @@ -377,7 +377,7 @@ SymmetricKey PK_Key_Agreement::derive_key(size_t key_len, const byte in[], size_t in_len, const byte params[], size_t params_len) const { - SecureVector z = op->agree(in, in_len); + secure_vector z = op->agree(in, in_len); if(!kdf) return z; diff --git a/src/pubkey/pubkey.h b/src/pubkey/pubkey.h index cd813dc65..5013a1ed1 100644 --- a/src/pubkey/pubkey.h +++ b/src/pubkey/pubkey.h @@ -45,7 +45,7 @@ class BOTAN_DLL PK_Encryptor * @param rng the random number source to use * @return encrypted message */ - SecureVector encrypt(const byte in[], size_t length, + std::vector encrypt(const byte in[], size_t length, RandomNumberGenerator& rng) const { return enc(in, length, rng); @@ -57,8 +57,9 @@ class BOTAN_DLL PK_Encryptor * @param rng the random number source to use * @return encrypted message */ - SecureVector encrypt(const MemoryRegion& in, - RandomNumberGenerator& rng) const + template + std::vector encrypt(const std::vector& in, + RandomNumberGenerator& rng) const { return enc(&in[0], in.size(), rng); } @@ -75,7 +76,7 @@ class BOTAN_DLL PK_Encryptor PK_Encryptor(const PK_Encryptor&) {} PK_Encryptor& operator=(const PK_Encryptor&) { return *this; } - virtual SecureVector enc(const byte[], size_t, + virtual std::vector enc(const byte[], size_t, RandomNumberGenerator&) const = 0; }; @@ -91,7 +92,7 @@ class BOTAN_DLL PK_Decryptor * @param length the length of the above byte array * @return decrypted message */ - SecureVector decrypt(const byte in[], size_t length) const + secure_vector decrypt(const byte in[], size_t length) const { return dec(in, length); } @@ -101,7 +102,8 @@ class BOTAN_DLL PK_Decryptor * @param in the ciphertext * @return decrypted message */ - SecureVector decrypt(const MemoryRegion& in) const + template + secure_vector decrypt(const std::vector& in) const { return dec(&in[0], in.size()); } @@ -112,7 +114,7 @@ class BOTAN_DLL PK_Decryptor PK_Decryptor(const PK_Decryptor&) {} PK_Decryptor& operator=(const PK_Decryptor&) { return *this; } - virtual SecureVector dec(const byte[], size_t) const = 0; + virtual secure_vector dec(const byte[], size_t) const = 0; }; /** @@ -130,7 +132,7 @@ class BOTAN_DLL PK_Signer * @param rng the rng to use * @return signature */ - SecureVector sign_message(const byte in[], size_t length, + std::vector sign_message(const byte in[], size_t length, RandomNumberGenerator& rng); /** @@ -139,8 +141,12 @@ class BOTAN_DLL PK_Signer * @param rng the rng to use * @return signature */ - SecureVector sign_message(const MemoryRegion& in, - RandomNumberGenerator& rng) + std::vector sign_message(const std::vector& in, + RandomNumberGenerator& rng) + { return sign_message(&in[0], in.size(), rng); } + + std::vector sign_message(const secure_vector& in, + RandomNumberGenerator& rng) { return sign_message(&in[0], in.size(), rng); } /** @@ -160,7 +166,7 @@ class BOTAN_DLL PK_Signer * Add a message part. * @param in the message part to add */ - void update(const MemoryRegion& in) { update(&in[0], in.size()); } + void update(const std::vector& in) { update(&in[0], in.size()); } /** * Get the signature of the so far processed message (provided by the @@ -168,7 +174,7 @@ class BOTAN_DLL PK_Signer * @param rng the rng to use * @return signature of the total message */ - SecureVector signature(RandomNumberGenerator& rng); + std::vector signature(RandomNumberGenerator& rng); /** * Set the output format of the signature. @@ -191,8 +197,8 @@ class BOTAN_DLL PK_Signer ~PK_Signer() { delete op; delete verify_op; delete emsa; } private: - bool self_test_signature(const MemoryRegion& msg, - const MemoryRegion& sig) const; + bool self_test_signature(const std::vector& msg, + const std::vector& sig) const; PK_Signer(const PK_Signer&) {} PK_Signer& operator=(const PK_Signer&) { return *this; } @@ -227,8 +233,9 @@ class BOTAN_DLL PK_Verifier * @param sig the signature * @return true if the signature is valid */ - bool verify_message(const MemoryRegion& msg, - const MemoryRegion& sig) + template + bool verify_message(const std::vector& msg, + const std::vector& sig) { return verify_message(&msg[0], msg.size(), &sig[0], sig.size()); @@ -254,7 +261,7 @@ class BOTAN_DLL PK_Verifier * signature to be verified. * @param in the new message part */ - void update(const MemoryRegion& in) + void update(const std::vector& in) { update(&in[0], in.size()); } /** @@ -272,7 +279,8 @@ class BOTAN_DLL PK_Verifier * @param sig the signature to be verified * @return true if the signature is valid, false otherwise */ - bool check_signature(const MemoryRegion& sig) + template + bool check_signature(const std::vector& sig) { return check_signature(&sig[0], sig.size()); } @@ -298,7 +306,7 @@ class BOTAN_DLL PK_Verifier PK_Verifier(const PK_Verifier&) {} PK_Verifier& operator=(const PK_Verifier&) { return *this; } - bool validate_signature(const MemoryRegion& msg, + bool validate_signature(const secure_vector& msg, const byte sig[], size_t sig_len); PK_Ops::Verification* op; @@ -336,7 +344,7 @@ class BOTAN_DLL PK_Key_Agreement * @param params_len the length of params in bytes */ SymmetricKey derive_key(size_t key_len, - const MemoryRegion& in, + const std::vector& in, const byte params[], size_t params_len) const { @@ -367,7 +375,7 @@ class BOTAN_DLL PK_Key_Agreement * @param params extra derivation params */ SymmetricKey derive_key(size_t key_len, - const MemoryRegion& in, + const std::vector& in, const std::string& params = "") const { return derive_key(key_len, &in[0], in.size(), @@ -410,7 +418,7 @@ class BOTAN_DLL PK_Encryptor_EME : public PK_Encryptor ~PK_Encryptor_EME() { delete op; delete eme; } private: - SecureVector enc(const byte[], size_t, + std::vector enc(const byte[], size_t, RandomNumberGenerator& rng) const; PK_Ops::Encryption* op; @@ -433,7 +441,7 @@ class BOTAN_DLL PK_Decryptor_EME : public PK_Decryptor ~PK_Decryptor_EME() { delete op; delete eme; } private: - SecureVector dec(const byte[], size_t) const; + secure_vector dec(const byte[], size_t) const; PK_Ops::Decryption* op; const EME* eme; diff --git a/src/pubkey/rsa/rsa.cpp b/src/pubkey/rsa/rsa.cpp index 2da366699..22474d7d5 100644 --- a/src/pubkey/rsa/rsa.cpp +++ b/src/pubkey/rsa/rsa.cpp @@ -88,7 +88,7 @@ BigInt RSA_Private_Operation::private_op(const BigInt& m) const return mul_add(j1, q, j2); } -SecureVector +secure_vector RSA_Private_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator&) { @@ -105,7 +105,7 @@ RSA_Private_Operation::sign(const byte msg[], size_t msg_len, /* * RSA Decryption Operation */ -SecureVector +secure_vector RSA_Private_Operation::decrypt(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); @@ -114,7 +114,7 @@ RSA_Private_Operation::decrypt(const byte msg[], size_t msg_len) BOTAN_ASSERT(m == powermod_e_n(x), "RSA private op failed consistency check"); - return BigInt::encode(x); + return BigInt::encode_locked(x); } } diff --git a/src/pubkey/rsa/rsa.h b/src/pubkey/rsa/rsa.h index dddecdbed..0942d92ad 100644 --- a/src/pubkey/rsa/rsa.h +++ b/src/pubkey/rsa/rsa.h @@ -24,7 +24,7 @@ class BOTAN_DLL RSA_PublicKey : public virtual IF_Scheme_PublicKey std::string algo_name() const { return "RSA"; } RSA_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : IF_Scheme_PublicKey(alg_id, key_bits) {} @@ -51,7 +51,7 @@ class BOTAN_DLL RSA_PrivateKey : public RSA_PublicKey, bool check_key(RandomNumberGenerator& rng, bool) const; RSA_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng) : IF_Scheme_PrivateKey(rng, alg_id, key_bits) {} @@ -94,10 +94,10 @@ class BOTAN_DLL RSA_Private_Operation : public PK_Ops::Signature, size_t max_input_bits() const { return (n.bits() - 1); } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); - SecureVector decrypt(const byte msg[], size_t msg_len); + secure_vector decrypt(const byte msg[], size_t msg_len); private: BigInt private_op(const BigInt& m) const; @@ -124,17 +124,17 @@ class BOTAN_DLL RSA_Public_Operation : public PK_Ops::Verification, size_t max_input_bits() const { return (n.bits() - 1); } bool with_recovery() const { return true; } - SecureVector encrypt(const byte msg[], size_t msg_len, + secure_vector encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector verify_mr(const byte msg[], size_t msg_len) + secure_vector verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); - return BigInt::encode(public_op(m)); + return BigInt::encode_locked(public_op(m)); } private: diff --git a/src/pubkey/rw/rw.cpp b/src/pubkey/rw/rw.cpp index dab84b59f..c41b18101 100644 --- a/src/pubkey/rw/rw.cpp +++ b/src/pubkey/rw/rw.cpp @@ -70,7 +70,7 @@ RW_Signature_Operation::RW_Signature_Operation(const RW_PrivateKey& rw) : { } -SecureVector +secure_vector RW_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -101,7 +101,7 @@ RW_Signature_Operation::sign(const byte msg[], size_t msg_len, return BigInt::encode_1363(r, n.bytes()); } -SecureVector +secure_vector RW_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); @@ -111,15 +111,15 @@ RW_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) BigInt r = powermod_e_n(m); if(r % 16 == 12) - return BigInt::encode(r); + return BigInt::encode_locked(r); if(r % 8 == 6) - return BigInt::encode(2*r); + return BigInt::encode_locked(2*r); r = n - r; if(r % 16 == 12) - return BigInt::encode(r); + return BigInt::encode_locked(r); if(r % 8 == 6) - return BigInt::encode(2*r); + return BigInt::encode_locked(2*r); throw Invalid_Argument("RW signature verification: Invalid signature"); } diff --git a/src/pubkey/rw/rw.h b/src/pubkey/rw/rw.h index b8d92eb3a..1e918e70c 100644 --- a/src/pubkey/rw/rw.h +++ b/src/pubkey/rw/rw.h @@ -24,7 +24,7 @@ class BOTAN_DLL RW_PublicKey : public virtual IF_Scheme_PublicKey std::string algo_name() const { return "RW"; } RW_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : IF_Scheme_PublicKey(alg_id, key_bits) {} @@ -44,7 +44,7 @@ class BOTAN_DLL RW_PrivateKey : public RW_PublicKey, { public: RW_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng) : IF_Scheme_PrivateKey(rng, alg_id, key_bits) {} @@ -69,7 +69,7 @@ class BOTAN_DLL RW_Signature_Operation : public PK_Ops::Signature size_t max_input_bits() const { return (n.bits() - 1); } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: const BigInt& n; @@ -95,7 +95,7 @@ class BOTAN_DLL RW_Verification_Operation : public PK_Ops::Verification size_t max_input_bits() const { return (n.bits() - 1); } bool with_recovery() const { return true; } - SecureVector verify_mr(const byte msg[], size_t msg_len); + secure_vector verify_mr(const byte msg[], size_t msg_len); private: const BigInt& n; diff --git a/src/pubkey/x509_key.cpp b/src/pubkey/x509_key.cpp index 4714b1285..1b0ce46b3 100644 --- a/src/pubkey/x509_key.cpp +++ b/src/pubkey/x509_key.cpp @@ -18,14 +18,14 @@ namespace Botan { namespace X509 { -MemoryVector BER_encode(const Public_Key& key) +std::vector BER_encode(const Public_Key& key) { return DER_Encoder() .start_cons(SEQUENCE) .encode(key.algorithm_identifier()) .encode(key.x509_subject_public_key(), BIT_STRING) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* @@ -44,7 +44,7 @@ Public_Key* load_key(DataSource& source) { try { AlgorithmIdentifier alg_id; - MemoryVector key_bits; + secure_vector key_bits; if(ASN1::maybe_BER(source) && !PEM_Code::matches(source)) { @@ -92,7 +92,7 @@ Public_Key* load_key(const std::string& fsname) /* * Extract a public key and return it */ -Public_Key* load_key(const MemoryRegion& mem) +Public_Key* load_key(const secure_vector& mem) { DataSource_Memory source(mem); return X509::load_key(source); diff --git a/src/pubkey/x509_key.h b/src/pubkey/x509_key.h index 3fdee8cde..9d4c883a1 100644 --- a/src/pubkey/x509_key.h +++ b/src/pubkey/x509_key.h @@ -26,7 +26,7 @@ namespace X509 { * @param key the public key to encode * @return BER encoding of this key */ -BOTAN_DLL MemoryVector BER_encode(const Public_Key& key); +BOTAN_DLL std::vector BER_encode(const Public_Key& key); /** * PEM encode a public key into a string. @@ -54,7 +54,7 @@ BOTAN_DLL Public_Key* load_key(const std::string& filename); * @param enc the memory region containing the DER or PEM encoded key * @return new public key object */ -BOTAN_DLL Public_Key* load_key(const MemoryRegion& enc); +BOTAN_DLL Public_Key* load_key(const secure_vector& enc); /** * Copy a key. diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp index 311942c19..da7535b18 100644 --- a/src/rng/hmac_rng/hmac_rng.cpp +++ b/src/rng/hmac_rng/hmac_rng.cpp @@ -15,7 +15,7 @@ namespace Botan { namespace { void hmac_prf(MessageAuthenticationCode* prf, - MemoryRegion& K, + secure_vector& K, u32bit& counter, const std::string& label) { @@ -200,7 +200,7 @@ HMAC_RNG::HMAC_RNG(MessageAuthenticationCode* extractor_mac, the estimated entropy counter is high enough. That variable is only set when a reseeding is performed. */ - MemoryVector prf_key(extractor->output_length()); + secure_vector prf_key(extractor->output_length()); prf->set_key(prf_key); /* diff --git a/src/rng/hmac_rng/hmac_rng.h b/src/rng/hmac_rng/hmac_rng.h index fc6a14f3a..1e70c00a7 100644 --- a/src/rng/hmac_rng/hmac_rng.h +++ b/src/rng/hmac_rng/hmac_rng.h @@ -51,7 +51,7 @@ class BOTAN_DLL HMAC_RNG : public RandomNumberGenerator std::vector entropy_sources; bool seeded; - SecureVector K, io_buffer; + secure_vector K, io_buffer; size_t user_input_len; u32bit counter; }; diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp index 51354db12..ef55f3975 100644 --- a/src/rng/randpool/randpool.cpp +++ b/src/rng/randpool/randpool.cpp @@ -56,7 +56,7 @@ void Randpool::update_buffer() mac->update(static_cast(GEN_OUTPUT)); mac->update(counter); - SecureVector mac_val = mac->final(); + secure_vector mac_val = mac->final(); for(size_t i = 0; i != mac_val.size(); ++i) buffer[i % buffer.size()] ^= mac_val[i]; @@ -112,7 +112,7 @@ void Randpool::reseed(size_t poll_bits) } } - SecureVector mac_val = mac->final(); + secure_vector mac_val = mac->final(); xor_buf(pool, mac_val, mac_val.size()); mix_pool(); @@ -126,7 +126,7 @@ void Randpool::reseed(size_t poll_bits) */ void Randpool::add_entropy(const byte input[], size_t length) { - SecureVector mac_val = mac->process(input, length); + secure_vector mac_val = mac->process(input, length); xor_buf(pool, mac_val, mac_val.size()); mix_pool(); diff --git a/src/rng/randpool/randpool.h b/src/rng/randpool/randpool.h index ed224221c..64572bcfb 100644 --- a/src/rng/randpool/randpool.h +++ b/src/rng/randpool/randpool.h @@ -52,7 +52,7 @@ class BOTAN_DLL Randpool : public RandomNumberGenerator MessageAuthenticationCode* mac; std::vector entropy_sources; - SecureVector pool, buffer, counter; + secure_vector pool, buffer, counter; bool seeded; }; diff --git a/src/rng/rng.h b/src/rng/rng.h index c078ef08f..12b423e7c 100644 --- a/src/rng/rng.h +++ b/src/rng/rng.h @@ -37,9 +37,9 @@ class BOTAN_DLL RandomNumberGenerator * @param bytes number of bytes in the result * @return randomized vector of length bytes */ - SecureVector random_vec(size_t bytes) + secure_vector random_vec(size_t bytes) { - SecureVector output(bytes); + secure_vector output(bytes); randomize(&output[0], output.size()); return output; } diff --git a/src/rng/x931_rng/x931_rng.cpp b/src/rng/x931_rng/x931_rng.cpp index ac77b4344..7562c7ad5 100644 --- a/src/rng/x931_rng/x931_rng.cpp +++ b/src/rng/x931_rng/x931_rng.cpp @@ -40,7 +40,7 @@ void ANSI_X931_RNG::update_buffer() { const size_t BLOCK_SIZE = cipher->block_size(); - SecureVector DT = prng->random_vec(BLOCK_SIZE); + secure_vector DT = prng->random_vec(BLOCK_SIZE); cipher->encrypt(DT); xor_buf(&R[0], &V[0], &DT[0], BLOCK_SIZE); diff --git a/src/rng/x931_rng/x931_rng.h b/src/rng/x931_rng/x931_rng.h index 41fa9328b..c8a1b8707 100644 --- a/src/rng/x931_rng/x931_rng.h +++ b/src/rng/x931_rng/x931_rng.h @@ -42,7 +42,7 @@ class BOTAN_DLL ANSI_X931_RNG : public RandomNumberGenerator BlockCipher* cipher; RandomNumberGenerator* prng; - SecureVector V, R; + secure_vector V, R; size_t position; }; diff --git a/src/stream/arc4/arc4.h b/src/stream/arc4/arc4.h index e3df97f83..8f8de87b6 100644 --- a/src/stream/arc4/arc4.h +++ b/src/stream/arc4/arc4.h @@ -44,9 +44,9 @@ class BOTAN_DLL ARC4 : public StreamCipher const size_t SKIP; byte X, Y; - SecureVector state; + secure_vector state; - SecureVector buffer; + secure_vector buffer; size_t position; }; diff --git a/src/stream/ctr/ctr.h b/src/stream/ctr/ctr.h index 64b43b0f5..9f391da7e 100644 --- a/src/stream/ctr/ctr.h +++ b/src/stream/ctr/ctr.h @@ -48,7 +48,7 @@ class BOTAN_DLL CTR_BE : public StreamCipher void increment_counter(); BlockCipher* permutation; - SecureVector counter, buffer; + secure_vector counter, buffer; size_t position; }; diff --git a/src/stream/ofb/ofb.h b/src/stream/ofb/ofb.h index c4d8b2601..9d4fd882f 100644 --- a/src/stream/ofb/ofb.h +++ b/src/stream/ofb/ofb.h @@ -47,7 +47,7 @@ class BOTAN_DLL OFB : public StreamCipher void key_schedule(const byte key[], size_t key_len); BlockCipher* permutation; - SecureVector buffer; + secure_vector buffer; size_t position; }; diff --git a/src/stream/salsa20/salsa20.cpp b/src/stream/salsa20/salsa20.cpp index 7d062befe..65ee3d758 100644 --- a/src/stream/salsa20/salsa20.cpp +++ b/src/stream/salsa20/salsa20.cpp @@ -193,7 +193,7 @@ void Salsa20::set_iv(const byte iv[], size_t length) state[8] = load_le(iv, 2); state[9] = load_le(iv, 3); - SecureVector hsalsa(8); + secure_vector hsalsa(8); hsalsa20(&hsalsa[0], &state[0]); state[ 1] = hsalsa[0]; diff --git a/src/stream/salsa20/salsa20.h b/src/stream/salsa20/salsa20.h index d9645015f..ac2a9b33a 100644 --- a/src/stream/salsa20/salsa20.h +++ b/src/stream/salsa20/salsa20.h @@ -38,8 +38,8 @@ class BOTAN_DLL Salsa20 : public StreamCipher private: void key_schedule(const byte key[], size_t key_len); - SecureVector state; - SecureVector buffer; + secure_vector state; + secure_vector buffer; size_t position; }; diff --git a/src/stream/turing/turing.cpp b/src/stream/turing/turing.cpp index 697c660ed..c455185b0 100644 --- a/src/stream/turing/turing.cpp +++ b/src/stream/turing/turing.cpp @@ -17,7 +17,7 @@ namespace { /* * Perform an N-way PHT */ -inline void PHT(MemoryRegion& B) +inline void PHT(secure_vector& B) { u32bit sum = 0; for(size_t i = 0; i < B.size() - 1; ++i) @@ -284,7 +284,7 @@ void Turing::set_iv(const byte iv[], size_t length) if(!valid_iv_length(length)) throw Invalid_IV_Length(name(), length); - SecureVector IV(length / 4); + secure_vector IV(length / 4); for(size_t i = 0; i != length; ++i) IV[i/4] = (IV[i/4] << 8) + iv[i]; diff --git a/src/stream/turing/turing.h b/src/stream/turing/turing.h index aff314080..84bfbe9c0 100644 --- a/src/stream/turing/turing.h +++ b/src/stream/turing/turing.h @@ -45,10 +45,10 @@ class BOTAN_DLL Turing : public StreamCipher static const u32bit Q_BOX[256]; static const byte SBOX[256]; - SecureVector S0, S1, S2, S3; - SecureVector R; - SecureVector K; - SecureVector buffer; + secure_vector S0, S1, S2, S3; + secure_vector R; + secure_vector K; + secure_vector buffer; size_t position; }; diff --git a/src/stream/wid_wake/wid_wake.h b/src/stream/wid_wake/wid_wake.h index 05842a574..ca8d9a316 100644 --- a/src/stream/wid_wake/wid_wake.h +++ b/src/stream/wid_wake/wid_wake.h @@ -45,10 +45,10 @@ class BOTAN_DLL WiderWake_41_BE : public StreamCipher void generate(size_t); - SecureVector T; - SecureVector state; - SecureVector t_key; - SecureVector buffer; + secure_vector T; + secure_vector state; + secure_vector t_key; + secure_vector buffer; size_t position; }; diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp index df3957a4b..e63dc91ba 100644 --- a/src/tls/c_hello.cpp +++ b/src/tls/c_hello.cpp @@ -21,14 +21,14 @@ enum { TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF }; -MemoryVector make_hello_random(RandomNumberGenerator& rng) +std::vector make_hello_random(RandomNumberGenerator& rng) { - MemoryVector buf(32); + std::vector buf(32); const u32bit time32 = static_cast( std::chrono::system_clock::to_time_t(std::chrono::system_clock::now())); - store_be(time32, buf); + store_be(time32, &buf[0]); rng.randomize(&buf[4], buf.size() - 4); return buf; } @@ -44,7 +44,7 @@ Hello_Request::Hello_Request(Record_Writer& writer) /* * Deserialize a Hello Request message */ -Hello_Request::Hello_Request(const MemoryRegion& buf) +Hello_Request::Hello_Request(const std::vector& buf) { if(buf.size()) throw Decoding_Error("Bad Hello_Request, has non-zero size"); @@ -53,9 +53,9 @@ Hello_Request::Hello_Request(const MemoryRegion& buf) /* * Serialize a Hello Request message */ -MemoryVector Hello_Request::serialize() const +std::vector Hello_Request::serialize() const { - return MemoryVector(); + return std::vector(); } /* @@ -65,7 +65,7 @@ Client_Hello::Client_Hello(Record_Writer& writer, Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const MemoryRegion& reneg_info, + const std::vector& reneg_info, bool next_protocol, const std::string& hostname, const std::string& srp_identifier) : @@ -101,7 +101,7 @@ Client_Hello::Client_Hello(Record_Writer& writer, Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const MemoryRegion& reneg_info, + const std::vector& reneg_info, const Session& session, bool next_protocol) : m_version(session.version()), @@ -140,7 +140,7 @@ Client_Hello::Client_Hello(Record_Writer& writer, /* * Read a counterparty client hello */ -Client_Hello::Client_Hello(const MemoryRegion& buf, Handshake_Type type) +Client_Hello::Client_Hello(const std::vector& buf, Handshake_Type type) { m_next_protocol = false; m_secure_renegotiation = false; @@ -158,9 +158,9 @@ Client_Hello::Client_Hello(const MemoryRegion& buf, Handshake_Type type) /* * Serialize a Client Hello message */ -MemoryVector Client_Hello::serialize() const +std::vector Client_Hello::serialize() const { - MemoryVector buf; + std::vector buf; buf.push_back(m_version.major_version()); buf.push_back(m_version.minor_version()); @@ -202,7 +202,7 @@ MemoryVector Client_Hello::serialize() const return buf; } -void Client_Hello::deserialize_sslv2(const MemoryRegion& buf) +void Client_Hello::deserialize_sslv2(const std::vector& buf) { if(buf.size() < 12 || buf[0] != 1) throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); @@ -243,7 +243,7 @@ void Client_Hello::deserialize_sslv2(const MemoryRegion& buf) /* * Deserialize a Client Hello message */ -void Client_Hello::deserialize(const MemoryRegion& buf) +void Client_Hello::deserialize(const std::vector& buf) { if(buf.size() == 0) throw Decoding_Error("Client_Hello: Packet corrupted"); diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index f97081383..5ff9ec1ce 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -26,7 +26,7 @@ namespace TLS { namespace { -SecureVector strip_leading_zeros(const MemoryRegion& input) +secure_vector strip_leading_zeros(const secure_vector& input) { size_t leading_zeros = 0; @@ -37,8 +37,8 @@ SecureVector strip_leading_zeros(const MemoryRegion& input) ++leading_zeros; } - SecureVector output(&input[leading_zeros], - input.size() - leading_zeros); + secure_vector output(&input[leading_zeros], + &input[input.size()-1]); return output; } @@ -76,7 +76,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, SymmetricKey psk = creds.psk("tls-client", hostname, psk_identity); - MemoryVector zeros(psk.length()); + std::vector zeros(psk.length()); append_tls_length_value(pre_master, zeros, 2); append_tls_length_value(pre_master, psk.bits_of(), 2); @@ -124,7 +124,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, PK_Key_Agreement ka(priv_key, "Raw"); - SecureVector dh_secret = strip_leading_zeros( + secure_vector dh_secret = strip_leading_zeros( ka.derive_key(0, counterparty_key.public_value()).bits_of()); if(kex_algo == "DH") @@ -153,7 +153,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, EC_Group group(name); - MemoryVector ecdh_key = reader.get_range(1, 1, 255); + std::vector ecdh_key = reader.get_range(1, 1, 255); ECDH_PublicKey counterparty_key(group, OS2ECP(ecdh_key, group.get_curve())); @@ -161,7 +161,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, PK_Key_Agreement ka(priv_key, "Raw"); - SecureVector ecdh_secret = ka.derive_key(0, counterparty_key.public_value()).bits_of(); + secure_vector ecdh_secret = ka.derive_key(0, counterparty_key.public_value()).bits_of(); if(kex_algo == "ECDH") pre_master = ecdh_secret; @@ -177,7 +177,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, { const BigInt N = BigInt::decode(reader.get_range(2, 1, 65535)); const BigInt g = BigInt::decode(reader.get_range(2, 1, 65535)); - MemoryVector salt = reader.get_range(1, 1, 255); + std::vector salt = reader.get_range(1, 1, 255); const BigInt B = BigInt::decode(reader.get_range(2, 1, 65535)); const std::string srp_group = srp6_group_identifier(N, g); @@ -228,7 +228,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, PK_Encryptor_EME encryptor(*rsa_pub, "PKCS1v15"); - MemoryVector encrypted_key = encryptor.encrypt(pre_master, rng); + std::vector encrypted_key = encryptor.encrypt(pre_master, rng); if(state->version() == Protocol_Version::SSL_V3) key_material = encrypted_key; // no length field @@ -247,7 +247,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, /* * Read a Client Key Exchange message */ -Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion& contents, +Client_Key_Exchange::Client_Key_Exchange(const std::vector& contents, const Handshake_State* state, Credentials_Manager& creds, const Policy& policy, @@ -326,7 +326,7 @@ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion& contents, if(kex_algo == "PSK") { - MemoryVector zeros(psk.length()); + std::vector zeros(psk.length()); append_tls_length_value(pre_master, zeros, 2); append_tls_length_value(pre_master, psk.bits_of(), 2); } @@ -352,14 +352,14 @@ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion& contents, { PK_Key_Agreement ka(*ka_key, "Raw"); - MemoryVector client_pubkey; + std::vector client_pubkey; if(ka_key->algo_name() == "DH") client_pubkey = reader.get_range(2, 0, 65535); else client_pubkey = reader.get_range(1, 0, 255); - SecureVector shared_secret = ka.derive_key(0, client_pubkey).bits_of(); + secure_vector shared_secret = ka.derive_key(0, client_pubkey).bits_of(); if(ka_key->algo_name() == "DH") shared_secret = strip_leading_zeros(shared_secret); diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp index 1b686c1c4..6ec5339bb 100644 --- a/src/tls/cert_req.cpp +++ b/src/tls/cert_req.cpp @@ -80,7 +80,7 @@ Certificate_Req::Certificate_Req(Record_Writer& writer, /** * Deserialize a Certificate Request message */ -Certificate_Req::Certificate_Req(const MemoryRegion& buf, +Certificate_Req::Certificate_Req(const std::vector& buf, Protocol_Version version) { if(buf.size() < 4) @@ -141,9 +141,9 @@ Certificate_Req::Certificate_Req(const MemoryRegion& buf, /** * Serialize a Certificate Request message */ -MemoryVector Certificate_Req::serialize() const +std::vector Certificate_Req::serialize() const { - MemoryVector buf; + std::vector buf; std::vector cert_types; @@ -155,7 +155,7 @@ MemoryVector Certificate_Req::serialize() const if(!m_supported_algos.empty()) buf += Signature_Algorithms(m_supported_algos).serialize(); - MemoryVector encoded_names; + std::vector encoded_names; for(size_t i = 0; i != names.size(); ++i) { @@ -184,7 +184,7 @@ Certificate::Certificate(Record_Writer& writer, /** * Deserialize a Certificate message */ -Certificate::Certificate(const MemoryRegion& buf) +Certificate::Certificate(const std::vector& buf) { if(buf.size() < 3) throw Decoding_Error("Certificate: Message malformed"); @@ -196,14 +196,14 @@ Certificate::Certificate(const MemoryRegion& buf) const byte* certs = &buf[3]; - while(certs != buf.end()) + while(size_t remaining_bytes = &buf[buf.size()] - certs) { - if(buf.end() - certs < 3) + if(remaining_bytes < 3) throw Decoding_Error("Certificate: Message malformed"); const size_t cert_size = make_u32bit(0, certs[0], certs[1], certs[2]); - if(buf.end() - certs < (3 + cert_size)) + if(remaining_bytes < (3 + cert_size)) throw Decoding_Error("Certificate: Message malformed"); DataSource_Memory cert_buf(&certs[3], cert_size); @@ -216,13 +216,13 @@ Certificate::Certificate(const MemoryRegion& buf) /** * Serialize a Certificate message */ -MemoryVector Certificate::serialize() const +std::vector Certificate::serialize() const { - MemoryVector buf(3); + std::vector buf(3); for(size_t i = 0; i != m_certs.size(); ++i) { - MemoryVector raw_cert = m_certs[i].BER_encode(); + std::vector raw_cert = m_certs[i].BER_encode(); const size_t cert_size = raw_cert.size(); for(size_t i = 0; i != 3; ++i) buf.push_back(get_byte(i+1, cert_size)); diff --git a/src/tls/cert_ver.cpp b/src/tls/cert_ver.cpp index 0a377b35f..e6d90b060 100644 --- a/src/tls/cert_ver.cpp +++ b/src/tls/cert_ver.cpp @@ -33,7 +33,7 @@ Certificate_Verify::Certificate_Verify(Record_Writer& writer, if(state->version() == Protocol_Version::SSL_V3) { - SecureVector md5_sha = state->hash.final_ssl3( + secure_vector md5_sha = state->hash.final_ssl3( state->keys.master_secret()); if(priv_key->algo_name() == "DSA") @@ -52,7 +52,7 @@ Certificate_Verify::Certificate_Verify(Record_Writer& writer, /* * Deserialize a Certificate Verify message */ -Certificate_Verify::Certificate_Verify(const MemoryRegion& buf, +Certificate_Verify::Certificate_Verify(const std::vector& buf, Protocol_Version version) { TLS_Data_Reader reader(buf); @@ -69,9 +69,9 @@ Certificate_Verify::Certificate_Verify(const MemoryRegion& buf, /* * Serialize a Certificate Verify message */ -MemoryVector Certificate_Verify::serialize() const +std::vector Certificate_Verify::serialize() const { - MemoryVector buf; + std::vector buf; if(hash_algo != "" && sig_algo != "") { @@ -102,7 +102,7 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, if(state->version() == Protocol_Version::SSL_V3) { - SecureVector md5_sha = state->hash.final_ssl3( + secure_vector md5_sha = state->hash.final_ssl3( state->keys.master_secret()); return verifier.verify_message(&md5_sha[16], md5_sha.size()-16, diff --git a/src/tls/finished.cpp b/src/tls/finished.cpp index bb6e8d20e..c8ae4a343 100644 --- a/src/tls/finished.cpp +++ b/src/tls/finished.cpp @@ -18,7 +18,7 @@ namespace { /* * Compute the verify_data */ -MemoryVector finished_compute_verify(Handshake_State* state, +std::vector finished_compute_verify(Handshake_State* state, Connection_Side side) { if(state->version() == Protocol_Version::SSL_V3) @@ -28,14 +28,14 @@ MemoryVector finished_compute_verify(Handshake_State* state, Handshake_Hash hash = state->hash; // don't modify state - MemoryVector ssl3_finished; + std::vector ssl3_finished; if(side == CLIENT) hash.update(SSL_CLIENT_LABEL, sizeof(SSL_CLIENT_LABEL)); else hash.update(SSL_SERVER_LABEL, sizeof(SSL_SERVER_LABEL)); - return hash.final_ssl3(state->keys.master_secret()); + return unlock(hash.final_ssl3(state->keys.master_secret())); } else { @@ -49,7 +49,7 @@ MemoryVector finished_compute_verify(Handshake_State* state, std::unique_ptr prf(state->protocol_specific_prf()); - MemoryVector input; + std::vector input; if(side == CLIENT) input += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL)); else @@ -57,7 +57,7 @@ MemoryVector finished_compute_verify(Handshake_State* state, input += state->hash.final(state->version(), state->suite.mac_algo()); - return prf->derive_key(12, state->keys.master_secret(), input); + return unlock(prf->derive_key(12, state->keys.master_secret(), input)); } } @@ -77,7 +77,7 @@ Finished::Finished(Record_Writer& writer, /* * Serialize a Finished message */ -MemoryVector Finished::serialize() const +std::vector Finished::serialize() const { return verification_data; } @@ -85,7 +85,7 @@ MemoryVector Finished::serialize() const /* * Deserialize a Finished message */ -Finished::Finished(const MemoryRegion& buf) +Finished::Finished(const std::vector& buf) { verification_data = buf; } diff --git a/src/tls/hello_verify.cpp b/src/tls/hello_verify.cpp index e844d7f72..c77076e4c 100644 --- a/src/tls/hello_verify.cpp +++ b/src/tls/hello_verify.cpp @@ -13,7 +13,7 @@ namespace Botan { namespace TLS { -Hello_Verify_Request::Hello_Verify_Request(const MemoryRegion& buf) +Hello_Verify_Request::Hello_Verify_Request(const std::vector& buf) { if(buf.size() < 3) throw Decoding_Error("Hello verify request too small"); @@ -25,7 +25,7 @@ Hello_Verify_Request::Hello_Verify_Request(const MemoryRegion& buf) copy_mem(&m_cookie[0], &buf[2], buf.size() - 2); } -Hello_Verify_Request::Hello_Verify_Request(const MemoryVector& client_hello_bits, +Hello_Verify_Request::Hello_Verify_Request(const std::vector& client_hello_bits, const std::string& client_identity, const SymmetricKey& secret_key) { @@ -37,10 +37,10 @@ Hello_Verify_Request::Hello_Verify_Request(const MemoryVector& client_hell hmac->update_be(client_identity.size()); hmac->update(client_identity); - m_cookie = hmac->final(); + m_cookie = unlock(hmac->final()); } -MemoryVector Hello_Verify_Request::serialize() const +std::vector Hello_Verify_Request::serialize() const { /* DTLS 1.2 server implementations SHOULD use DTLS version 1.0 regardless of the version of TLS that is expected to be @@ -49,7 +49,7 @@ MemoryVector Hello_Verify_Request::serialize() const Protocol_Version format_version(Protocol_Version::TLS_V11); - MemoryVector bits; + std::vector bits; bits.push_back(format_version.major_version()); bits.push_back(format_version.minor_version()); bits += m_cookie; diff --git a/src/tls/next_protocol.cpp b/src/tls/next_protocol.cpp index 17b77fb6e..adf9acbe9 100644 --- a/src/tls/next_protocol.cpp +++ b/src/tls/next_protocol.cpp @@ -22,7 +22,7 @@ Next_Protocol::Next_Protocol(Record_Writer& writer, hash.update(writer.send(*this)); } -Next_Protocol::Next_Protocol(const MemoryRegion& buf) +Next_Protocol::Next_Protocol(const std::vector& buf) { TLS_Data_Reader reader(buf); @@ -31,9 +31,9 @@ Next_Protocol::Next_Protocol(const MemoryRegion& buf) reader.get_range_vector(1, 0, 255); // padding, ignored } -MemoryVector Next_Protocol::serialize() const +std::vector Next_Protocol::serialize() const { - MemoryVector buf; + std::vector buf; append_tls_length_value(buf, reinterpret_cast(m_protocol.data()), diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp index b240f4703..4a1d6aac1 100644 --- a/src/tls/rec_read.cpp +++ b/src/tls/rec_read.cpp @@ -165,7 +165,7 @@ size_t Record_Reader::fill_buffer_to(const byte*& input, size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, size_t& consumed, byte& msg_type, - MemoryVector& msg) + std::vector& msg) { const byte* input = &input_array[0]; @@ -333,7 +333,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, ++m_seq_no; - m_mac->final(m_macbuf); + m_mac->final(&m_macbuf[0]); const size_t mac_offset = record_len - (m_macbuf.size() + pad_size); diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp index 3a54d7931..63383f85e 100644 --- a/src/tls/rec_wri.cpp +++ b/src/tls/rec_wri.cpp @@ -146,10 +146,10 @@ void Record_Writer::activate(Connection_Side side, throw Invalid_Argument("Record_Writer: Unknown hash " + mac_algo); } -MemoryVector Record_Writer::send(Handshake_Message& msg) +std::vector Record_Writer::send(Handshake_Message& msg) { - const MemoryVector buf = msg.serialize(); - MemoryVector send_buf(4); + const std::vector buf = msg.serialize(); + std::vector send_buf(4); const size_t buf_size = buf.size(); diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp index 1244dd2d8..d4cc4a1ab 100644 --- a/src/tls/s_hello.cpp +++ b/src/tls/s_hello.cpp @@ -21,13 +21,13 @@ namespace TLS { */ Server_Hello::Server_Hello(Record_Writer& writer, Handshake_Hash& hash, - const MemoryRegion& session_id, + const std::vector& session_id, Protocol_Version ver, u16bit ciphersuite, byte compression, size_t max_fragment_size, bool client_has_secure_renegotiation, - const MemoryRegion& reneg_info, + const std::vector& reneg_info, bool offer_session_ticket, bool client_has_npn, const std::vector& next_protocols, @@ -53,7 +53,7 @@ Server_Hello::Server_Hello(Record_Writer& writer, /* * Deserialize a Server Hello message */ -Server_Hello::Server_Hello(const MemoryRegion& buf) +Server_Hello::Server_Hello(const std::vector& buf) { m_secure_renegotiation = false; m_supports_session_ticket = false; @@ -118,9 +118,9 @@ Server_Hello::Server_Hello(const MemoryRegion& buf) /* * Serialize a Server Hello message */ -MemoryVector Server_Hello::serialize() const +std::vector Server_Hello::serialize() const { - MemoryVector buf; + std::vector buf; buf.push_back(m_version.major_version()); buf.push_back(m_version.minor_version()); @@ -167,7 +167,7 @@ Server_Hello_Done::Server_Hello_Done(Record_Writer& writer, /* * Deserialize a Server Hello Done message */ -Server_Hello_Done::Server_Hello_Done(const MemoryRegion& buf) +Server_Hello_Done::Server_Hello_Done(const std::vector& buf) { if(buf.size()) throw Decoding_Error("Server_Hello_Done: Must be empty, and is not"); @@ -176,9 +176,9 @@ Server_Hello_Done::Server_Hello_Done(const MemoryRegion& buf) /* * Serialize a Server Hello Done message */ -MemoryVector Server_Hello_Done::serialize() const +std::vector Server_Hello_Done::serialize() const { - return MemoryVector(); + return std::vector(); } } diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp index 34cd872ac..d28b44857 100644 --- a/src/tls/s_kex.cpp +++ b/src/tls/s_kex.cpp @@ -95,7 +95,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, std::string group_id; BigInt v; - MemoryVector salt; + std::vector salt; const bool found = creds.srp_verifier("tls-server", hostname, srp_identifier, @@ -142,7 +142,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, /** * Deserialize a Server Key Exchange message */ -Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion& buf, +Server_Key_Exchange::Server_Key_Exchange(const std::vector& buf, const std::string& kex_algo, const std::string& sig_algo, Protocol_Version version) : @@ -186,7 +186,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion& buf, const std::string name = Supported_Elliptic_Curves::curve_id_to_name(curve_id); - MemoryVector ecdh_key = reader.get_range(1, 1, 255); + std::vector ecdh_key = reader.get_range(1, 1, 255); if(name == "") throw Decoding_Error("Server_Key_Exchange: Server sent unknown named curve " + @@ -203,7 +203,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion& buf, const BigInt N = BigInt::decode(reader.get_range(2, 1, 65535)); const BigInt g = BigInt::decode(reader.get_range(2, 1, 65535)); - MemoryVector salt = reader.get_range(1, 1, 255); + std::vector salt = reader.get_range(1, 1, 255); const BigInt B = BigInt::decode(reader.get_range(2, 1, 65535)); append_tls_length_value(m_params, BigInt::encode(N), 2); @@ -236,9 +236,9 @@ Server_Key_Exchange::~Server_Key_Exchange() /** * Serialize a Server Key Exchange message */ -MemoryVector Server_Key_Exchange::serialize() const +std::vector Server_Key_Exchange::serialize() const { - MemoryVector buf = params(); + std::vector buf = params(); if(m_signature.size()) { diff --git a/src/tls/session_ticket.cpp b/src/tls/session_ticket.cpp index 273996a16..8cee2a454 100644 --- a/src/tls/session_ticket.cpp +++ b/src/tls/session_ticket.cpp @@ -17,7 +17,7 @@ namespace TLS { New_Session_Ticket::New_Session_Ticket(Record_Writer& writer, Handshake_Hash& hash, - const MemoryRegion& ticket, + const std::vector& ticket, u32bit lifetime) : m_ticket_lifetime_hint(lifetime), m_ticket(ticket) @@ -32,7 +32,7 @@ New_Session_Ticket::New_Session_Ticket(Record_Writer& writer, hash.update(writer.send(*this)); } -New_Session_Ticket::New_Session_Ticket(const MemoryRegion& buf) : +New_Session_Ticket::New_Session_Ticket(const std::vector& buf) : m_ticket_lifetime_hint(0) { if(buf.size() < 6) @@ -44,9 +44,9 @@ New_Session_Ticket::New_Session_Ticket(const MemoryRegion& buf) : m_ticket = reader.get_range(2, 0, 65535); } -MemoryVector New_Session_Ticket::serialize() const +std::vector New_Session_Ticket::serialize() const { - MemoryVector buf(4); + std::vector buf(4); store_be(m_ticket_lifetime_hint, &buf[0]); append_tls_length_value(buf, m_ticket, 2); return buf; diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp index f4d0e1034..b6aaa3498 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp +++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp @@ -53,7 +53,7 @@ class sqlite3_statement bind(column, timeval); } - void bind(int column, const MemoryRegion& val) + void bind(int column, const std::vector& val) { int rc = sqlite3_bind_blob(m_stmt, column, &val[0], val.size(), SQLITE_TRANSIENT); if(rc != SQLITE_OK) @@ -137,7 +137,7 @@ SymmetricKey derive_key(const std::string& passphrase, { std::unique_ptr pbkdf(get_pbkdf("PBKDF2(SHA-512)")); - SecureVector x = pbkdf->derive_key(32 + 3, + std::vector x = pbkdf->derive_key(32 + 3, passphrase, salt, salt_len, iterations).bits_of(); @@ -217,7 +217,7 @@ Session_Manager_SQLite::Session_Manager_SQLite(const std::string& passphrase, // new database case - MemoryVector salt = rng.random_vec(16); + std::vector salt = rng.random_vec(16); const size_t iterations = 64 * 1024; size_t check_val = 0; @@ -240,7 +240,7 @@ Session_Manager_SQLite::~Session_Manager_SQLite() sqlite3_close(m_db); } -bool Session_Manager_SQLite::load_from_session_id(const MemoryRegion& session_id, +bool Session_Manager_SQLite::load_from_session_id(const std::vector& session_id, Session& session) { sqlite3_statement stmt(m_db, "select session from tls_sessions where session_id = ?1"); @@ -300,7 +300,7 @@ bool Session_Manager_SQLite::load_from_host_info(const std::string& hostname, return false; } -void Session_Manager_SQLite::remove_entry(const MemoryRegion& session_id) +void Session_Manager_SQLite::remove_entry(const std::vector& session_id) { sqlite3_statement stmt(m_db, "delete from tls_sessions where session_id = ?1"); diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h index cac7affd0..923915496 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h +++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h @@ -40,13 +40,13 @@ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager ~Session_Manager_SQLite(); - bool load_from_session_id(const MemoryRegion& session_id, + bool load_from_session_id(const std::vector& session_id, Session& session); bool load_from_host_info(const std::string& hostname, u16bit port, Session& session); - void remove_entry(const MemoryRegion& session_id); + void remove_entry(const std::vector& session_id); void save(const Session& session_data); diff --git a/src/tls/tls_alert.cpp b/src/tls/tls_alert.cpp index dee082bac..5bc2e7484 100644 --- a/src/tls/tls_alert.cpp +++ b/src/tls/tls_alert.cpp @@ -12,7 +12,7 @@ namespace Botan { namespace TLS { -Alert::Alert(const MemoryRegion& buf) +Alert::Alert(const std::vector& buf) { if(buf.size() != 2) throw Decoding_Error("Alert: Bad size " + std::to_string(buf.size()) + diff --git a/src/tls/tls_alert.h b/src/tls/tls_alert.h index 3dfff3d29..b3001f259 100644 --- a/src/tls/tls_alert.h +++ b/src/tls/tls_alert.h @@ -82,7 +82,7 @@ class BOTAN_DLL Alert * Deserialize an Alert message * @param buf the serialized alert */ - Alert(const MemoryRegion& buf); + Alert(const std::vector& buf); Alert(Type alert_type, bool is_fatal = false) : fatal(is_fatal), type_code(alert_type) {} diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index 7a66eb946..ff6722b5e 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -43,7 +43,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) while(buf_size) { byte rec_type = CONNECTION_CLOSED; - MemoryVector record; + std::vector record; size_t consumed = 0; const size_t needed = reader.add_input(buf, buf_size, @@ -67,12 +67,12 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) { Heartbeat_Message heartbeat(record); - const MemoryRegion& payload = heartbeat.payload(); + const std::vector& payload = heartbeat.payload(); if(heartbeat.is_request() && !state) { Heartbeat_Message response(Heartbeat_Message::RESPONSE, - payload, payload.size()); + &payload[0], payload.size()); writer.send(HEARTBEAT, response.contents()); } @@ -159,7 +159,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) * Split up and process handshake messages */ void Channel::read_handshake(byte rec_type, - const MemoryRegion& rec_buf) + const std::vector& rec_buf) { if(rec_type == HANDSHAKE) { @@ -178,7 +178,7 @@ void Channel::read_handshake(byte rec_type, { if(state->handshake_reader()->have_full_record()) { - std::pair > msg = + std::pair > msg = state->handshake_reader()->get_next_record(); process_handshake_msg(msg.first, msg.second); } @@ -188,7 +188,7 @@ void Channel::read_handshake(byte rec_type, else if(rec_type == CHANGE_CIPHER_SPEC) { if(state->handshake_reader()->empty() && rec_buf.size() == 1 && rec_buf[0] == 1) - process_handshake_msg(HANDSHAKE_CCS, MemoryVector()); + process_handshake_msg(HANDSHAKE_CCS, std::vector()); else throw Decoding_Error("Malformed ChangeCipherSpec message"); } @@ -259,7 +259,7 @@ void Channel::Secure_Renegotiation_State::update(Client_Hello* client_hello) if(client_hello->secure_renegotiation()) { - const MemoryVector& data = client_hello->renegotiation_info(); + const std::vector& data = client_hello->renegotiation_info(); if(initial_handshake) { @@ -294,7 +294,7 @@ void Channel::Secure_Renegotiation_State::update(Server_Hello* server_hello) if(secure_renegotiation) { - const MemoryVector& data = server_hello->renegotiation_info(); + const std::vector& data = server_hello->renegotiation_info(); if(initial_handshake) { diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index d1131460b..46dafc416 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -92,10 +92,10 @@ class BOTAN_DLL Channel void send_alert(const Alert& alert); virtual void read_handshake(byte rec_type, - const MemoryRegion& rec_buf); + const std::vector& rec_buf); virtual void process_handshake_msg(Handshake_Type type, - const MemoryRegion& contents) = 0; + const std::vector& contents) = 0; virtual void alert_notify(const Alert& alert) = 0; @@ -122,12 +122,12 @@ class BOTAN_DLL Channel void update(class Finished* client_finished, class Finished* server_finished); - const MemoryVector& for_client_hello() const + const std::vector& for_client_hello() const { return client_verify; } - MemoryVector for_server_hello() const + std::vector for_server_hello() const { - MemoryVector buf = client_verify; + std::vector buf = client_verify; buf += server_verify; return buf; } @@ -137,7 +137,7 @@ class BOTAN_DLL Channel private: bool initial_handshake; bool secure_renegotiation; - MemoryVector client_verify, server_verify; + std::vector client_verify, server_verify; }; Secure_Renegotiation_State secure_renegotiation; diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index dd17db2cf..feb9ef85f 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -141,7 +141,7 @@ void Client::alert_notify(const Alert& alert) * Process a handshake message */ void Client::process_handshake_msg(Handshake_Type type, - const MemoryRegion& contents) + const std::vector& contents) { if(state == 0) throw Unexpected_Message("Unexpected handshake message from server"); @@ -446,9 +446,9 @@ void Client::process_handshake_msg(Handshake_Type type, secure_renegotiation.update(state->client_finished, state->server_finished); - MemoryVector session_id = state->server_hello->session_id(); + std::vector session_id = state->server_hello->session_id(); - const MemoryRegion& session_ticket = state->session_ticket(); + const std::vector& session_ticket = state->session_ticket(); if(session_id.empty() && !session_ticket.empty()) session_id = make_hello_random(rng); diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h index 297c5f611..2844780bd 100644 --- a/src/tls/tls_client.h +++ b/src/tls/tls_client.h @@ -56,7 +56,7 @@ class BOTAN_DLL Client : public Channel void renegotiate(bool force_full_renegotiation); private: void process_handshake_msg(Handshake_Type type, - const MemoryRegion& contents); + const std::vector& contents) override; void alert_notify(const Alert& alert); diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp index 6d69bfb9b..0f4e3176e 100644 --- a/src/tls/tls_extensions.cpp +++ b/src/tls/tls_extensions.cpp @@ -81,9 +81,9 @@ Extensions::Extensions(TLS_Data_Reader& reader) } } -MemoryVector Extensions::serialize() const +std::vector Extensions::serialize() const { - MemoryVector buf(2); // 2 bytes for length field + std::vector buf(2); // 2 bytes for length field for(std::map::const_iterator i = extensions.begin(); i != extensions.end(); ++i) @@ -93,7 +93,7 @@ MemoryVector Extensions::serialize() const const u16bit extn_code = i->second->type(); - MemoryVector extn_val = i->second->serialize(); + std::vector extn_val = i->second->serialize(); buf.push_back(get_byte(0, extn_code)); buf.push_back(get_byte(1, extn_code)); @@ -111,7 +111,7 @@ MemoryVector Extensions::serialize() const // avoid sending a completely empty extensions block if(buf.size() == 2) - return MemoryVector(); + return std::vector(); return buf; } @@ -159,9 +159,9 @@ Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader, } } -MemoryVector Server_Name_Indicator::serialize() const +std::vector Server_Name_Indicator::serialize() const { - MemoryVector buf; + std::vector buf; size_t name_len = sni_host_name.size(); @@ -188,9 +188,9 @@ SRP_Identifier::SRP_Identifier(TLS_Data_Reader& reader, throw Decoding_Error("Bad encoding for SRP identifier extension"); } -MemoryVector SRP_Identifier::serialize() const +std::vector SRP_Identifier::serialize() const { - MemoryVector buf; + std::vector buf; const byte* srp_bytes = reinterpret_cast(srp_identifier.data()); @@ -209,9 +209,9 @@ Renegotation_Extension::Renegotation_Extension(TLS_Data_Reader& reader, throw Decoding_Error("Bad encoding for secure renegotiation extn"); } -MemoryVector Renegotation_Extension::serialize() const +std::vector Renegotation_Extension::serialize() const { - MemoryVector buf; + std::vector buf; append_tls_length_value(buf, reneg_data, 1); return buf; } @@ -279,9 +279,9 @@ Next_Protocol_Notification::Next_Protocol_Notification(TLS_Data_Reader& reader, } } -MemoryVector Next_Protocol_Notification::serialize() const +std::vector Next_Protocol_Notification::serialize() const { - MemoryVector buf; + std::vector buf; for(size_t i = 0; i != m_protocols.size(); ++i) { @@ -356,9 +356,9 @@ u16bit Supported_Elliptic_Curves::name_to_curve_id(const std::string& name) throw Invalid_Argument("name_to_curve_id unknown name " + name); } -MemoryVector Supported_Elliptic_Curves::serialize() const +std::vector Supported_Elliptic_Curves::serialize() const { - MemoryVector buf(2); + std::vector buf(2); for(size_t i = 0; i != m_curves.size(); ++i) { @@ -466,9 +466,9 @@ byte Signature_Algorithms::sig_algo_code(const std::string& name) throw Internal_Error("Unknown sig ID " + name + " for signature_algorithms"); } -MemoryVector Signature_Algorithms::serialize() const +std::vector Signature_Algorithms::serialize() const { - MemoryVector buf(2); + std::vector buf(2); for(size_t i = 0; i != m_supported_algos.size(); ++i) { @@ -516,7 +516,7 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader, Session_Ticket::Session_Ticket(TLS_Data_Reader& reader, u16bit extension_size) { - m_ticket = reader.get_elem >(extension_size); + m_ticket = reader.get_elem >(extension_size); } } diff --git a/src/tls/tls_extensions.h b/src/tls/tls_extensions.h index 3fe3f7399..885851c95 100644 --- a/src/tls/tls_extensions.h +++ b/src/tls/tls_extensions.h @@ -49,7 +49,7 @@ class Extension public: virtual Handshake_Extension_Type type() const = 0; - virtual MemoryVector serialize() const = 0; + virtual std::vector serialize() const = 0; virtual bool empty() const = 0; @@ -75,7 +75,7 @@ class Server_Name_Indicator : public Extension std::string host_name() const { return sni_host_name; } - MemoryVector serialize() const; + std::vector serialize() const; bool empty() const { return sni_host_name == ""; } private: @@ -101,7 +101,7 @@ class SRP_Identifier : public Extension std::string identifier() const { return srp_identifier; } - MemoryVector serialize() const; + std::vector serialize() const; bool empty() const { return srp_identifier == ""; } private: @@ -121,20 +121,20 @@ class Renegotation_Extension : public Extension Renegotation_Extension() {} - Renegotation_Extension(const MemoryRegion& bits) : + Renegotation_Extension(const std::vector& bits) : reneg_data(bits) {} Renegotation_Extension(TLS_Data_Reader& reader, u16bit extension_size); - const MemoryVector& renegotiation_info() const + const std::vector& renegotiation_info() const { return reneg_data; } - MemoryVector serialize() const; + std::vector serialize() const; bool empty() const { return false; } // always send this private: - MemoryVector reneg_data; + std::vector reneg_data; }; /** @@ -152,9 +152,9 @@ class Maximum_Fragment_Length : public Extension size_t fragment_size() const; - MemoryVector serialize() const + std::vector serialize() const { - return MemoryVector(&val, 1); + return std::vector(1, val); } /** @@ -204,7 +204,7 @@ class Next_Protocol_Notification : public Extension Next_Protocol_Notification(TLS_Data_Reader& reader, u16bit extension_size); - MemoryVector serialize() const; + std::vector serialize() const; bool empty() const { return false; } private: @@ -219,7 +219,7 @@ class Session_Ticket : public Extension Handshake_Extension_Type type() const { return static_type(); } - const MemoryVector& contents() const { return m_ticket; } + const std::vector& contents() const { return m_ticket; } /** * Create empty extension, used by both client and server @@ -229,7 +229,7 @@ class Session_Ticket : public Extension /** * Extension with ticket, used by client */ - Session_Ticket(const MemoryRegion& session_ticket) : + Session_Ticket(const std::vector& session_ticket) : m_ticket(session_ticket) {} /** @@ -237,11 +237,11 @@ class Session_Ticket : public Extension */ Session_Ticket(TLS_Data_Reader& reader, u16bit extension_size); - MemoryVector serialize() const { return m_ticket; } + std::vector serialize() const { return m_ticket; } bool empty() const { return false; } private: - MemoryVector m_ticket; + std::vector m_ticket; }; /** @@ -260,7 +260,7 @@ class Supported_Elliptic_Curves : public Extension const std::vector& curves() const { return m_curves; } - MemoryVector serialize() const; + std::vector serialize() const; Supported_Elliptic_Curves(const std::vector& curves) : m_curves(curves) {} @@ -296,7 +296,7 @@ class Signature_Algorithms : public Extension return m_supported_algos; } - MemoryVector serialize() const; + std::vector serialize() const; bool empty() const { return false; } @@ -322,7 +322,7 @@ class Heartbeat_Support_Indicator : public Extension bool peer_allowed_to_send() const { return m_peer_allowed_to_send; } - MemoryVector serialize() const; + std::vector serialize() const; bool empty() const { return false; } @@ -360,7 +360,7 @@ class Extensions extensions[extn->type()] = extn; } - MemoryVector serialize() const; + std::vector serialize() const; Extensions() {} diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp index 02516632e..df956e7bb 100644 --- a/src/tls/tls_handshake_hash.cpp +++ b/src/tls/tls_handshake_hash.cpp @@ -16,7 +16,7 @@ namespace Botan { namespace TLS { void Handshake_Hash::update(Handshake_Type handshake_type, - const MemoryRegion& handshake_msg) + const std::vector& handshake_msg) { update(static_cast(handshake_type)); @@ -30,7 +30,7 @@ void Handshake_Hash::update(Handshake_Type handshake_type, /** * Return a TLS Handshake Hash */ -SecureVector Handshake_Hash::final(Protocol_Version version, +secure_vector Handshake_Hash::final(Protocol_Version version, const std::string& mac_algo) { Algorithm_Factory& af = global_state().algorithm_factory(); @@ -59,7 +59,7 @@ SecureVector Handshake_Hash::final(Protocol_Version version, /** * Return a SSLv3 Handshake Hash */ -SecureVector Handshake_Hash::final_ssl3(const MemoryRegion& secret) +secure_vector Handshake_Hash::final_ssl3(const secure_vector& secret) { const byte PAD_INNER = 0x36, PAD_OUTER = 0x5C; @@ -79,7 +79,7 @@ SecureVector Handshake_Hash::final_ssl3(const MemoryRegion& secret) for(size_t i = 0; i != 40; ++i) sha1->update(PAD_INNER); - SecureVector inner_md5 = md5->final(), inner_sha1 = sha1->final(); + secure_vector inner_md5 = md5->final(), inner_sha1 = sha1->final(); md5->update(secret); sha1->update(secret); @@ -92,7 +92,7 @@ SecureVector Handshake_Hash::final_ssl3(const MemoryRegion& secret) md5->update(inner_md5); sha1->update(inner_sha1); - SecureVector output; + secure_vector output; output += md5->final(); output += sha1->final(); return output; diff --git a/src/tls/tls_handshake_hash.h b/src/tls/tls_handshake_hash.h index c13f97aa8..02943977f 100644 --- a/src/tls/tls_handshake_hash.h +++ b/src/tls/tls_handshake_hash.h @@ -27,25 +27,28 @@ class Handshake_Hash void update(const byte in[], size_t length) { data += std::make_pair(in, length); } - void update(const MemoryRegion& in) + void update(const secure_vector& in) + { data += in; } + + void update(const std::vector& in) { data += in; } void update(byte in) { data.push_back(in); } void update(Handshake_Type handshake_type, - const MemoryRegion& handshake_msg); + const std::vector& handshake_msg); - SecureVector final(Protocol_Version version, + secure_vector final(Protocol_Version version, const std::string& mac_algo); - SecureVector final_ssl3(const MemoryRegion& master_secret); + secure_vector final_ssl3(const secure_vector& master_secret); - const SecureVector& get_contents() const + const secure_vector& get_contents() const { return data; } private: - SecureVector data; + secure_vector data; }; } diff --git a/src/tls/tls_handshake_reader.cpp b/src/tls/tls_handshake_reader.cpp index 8278a2296..a3fe48f71 100644 --- a/src/tls/tls_handshake_reader.cpp +++ b/src/tls/tls_handshake_reader.cpp @@ -38,7 +38,7 @@ bool Stream_Handshake_Reader::have_full_record() const return false; } -std::pair > Stream_Handshake_Reader::get_next_record() +std::pair > Stream_Handshake_Reader::get_next_record() { if(m_queue.size() >= 4) { @@ -50,7 +50,7 @@ std::pair > Stream_Handshake_Reader::get_next if(m_queue.size() >= length + 4) { Handshake_Type type = static_cast(head[0]); - MemoryVector contents(length); + std::vector contents(length); m_queue.read(head, 4); // discard m_queue.read(&contents[0], contents.size()); diff --git a/src/tls/tls_handshake_reader.h b/src/tls/tls_handshake_reader.h index 06a273ced..618e1878a 100644 --- a/src/tls/tls_handshake_reader.h +++ b/src/tls/tls_handshake_reader.h @@ -29,7 +29,7 @@ class Handshake_Reader virtual bool have_full_record() const = 0; - virtual std::pair > get_next_record() = 0; + virtual std::pair > get_next_record() = 0; virtual ~Handshake_Reader() {} }; @@ -46,7 +46,7 @@ class Stream_Handshake_Reader : public Handshake_Reader bool have_full_record() const; - std::pair > get_next_record(); + std::pair > get_next_record(); private: SecureQueue m_queue; }; diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index f5a9f899c..b8f3125c8 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -154,7 +154,7 @@ std::string Handshake_State::srp_identifier() const return ""; } -const MemoryRegion& Handshake_State::session_ticket() const +const std::vector& Handshake_State::session_ticket() const { if(new_session_ticket && !new_session_ticket->ticket().empty()) return new_session_ticket->ticket(); diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h index 364c715f8..ef8b4ee8f 100644 --- a/src/tls/tls_handshake_state.h +++ b/src/tls/tls_handshake_state.h @@ -37,7 +37,7 @@ class Handshake_State void confirm_transition_to(Handshake_Type handshake_msg); void set_expected_next(Handshake_Type handshake_msg); - const MemoryRegion& session_ticket() const; + const std::vector& session_ticket() const; std::pair understand_sig_format(const Public_Key* key, @@ -86,7 +86,7 @@ class Handshake_State /* * Only used by clients for session resumption */ - SecureVector resume_master_secret; + secure_vector resume_master_secret; /* * diff --git a/src/tls/tls_heartbeats.cpp b/src/tls/tls_heartbeats.cpp index 059772d34..8c129858e 100644 --- a/src/tls/tls_heartbeats.cpp +++ b/src/tls/tls_heartbeats.cpp @@ -14,7 +14,7 @@ namespace Botan { namespace TLS { -Heartbeat_Message::Heartbeat_Message(const MemoryRegion& buf) +Heartbeat_Message::Heartbeat_Message(const std::vector& buf) { TLS_Data_Reader reader(buf); @@ -35,13 +35,13 @@ Heartbeat_Message::Heartbeat_Message(Type type, const byte payload[], size_t payload_len) : m_type(type), - m_payload(payload, payload_len) + m_payload(payload, payload + payload_len) { } -MemoryVector Heartbeat_Message::contents() const +std::vector Heartbeat_Message::contents() const { - MemoryVector send_buf(3 + m_payload.size() + 16); + std::vector send_buf(3 + m_payload.size() + 16); send_buf[0] = m_type; send_buf[1] = get_byte(0, m_payload.size()); send_buf[2] = get_byte(1, m_payload.size()); @@ -51,9 +51,9 @@ MemoryVector Heartbeat_Message::contents() const return send_buf; } -MemoryVector Heartbeat_Support_Indicator::serialize() const +std::vector Heartbeat_Support_Indicator::serialize() const { - MemoryVector heartbeat(1); + std::vector heartbeat(1); heartbeat[0] = (m_peer_allowed_to_send ? 1 : 2); return heartbeat; } diff --git a/src/tls/tls_heartbeats.h b/src/tls/tls_heartbeats.h index 4fa49501b..f3cc9ec68 100644 --- a/src/tls/tls_heartbeats.h +++ b/src/tls/tls_heartbeats.h @@ -19,18 +19,18 @@ class Heartbeat_Message public: enum Type { REQUEST = 1, RESPONSE = 2 }; - MemoryVector contents() const; + std::vector contents() const; - const MemoryRegion& payload() const { return m_payload; } + const std::vector& payload() const { return m_payload; } bool is_request() const { return m_type == REQUEST; } - Heartbeat_Message(const MemoryRegion& buf); + Heartbeat_Message(const std::vector& buf); Heartbeat_Message(Type type, const byte payload[], size_t payload_len); private: Type m_type; - MemoryVector m_payload; + std::vector m_payload; }; } diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index d9146dda1..e3bdaa6a0 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -34,7 +34,7 @@ class Record_Reader; class Handshake_Message { public: - virtual MemoryVector serialize() const = 0; + virtual std::vector serialize() const = 0; virtual Handshake_Type type() const = 0; Handshake_Message() {} @@ -44,7 +44,7 @@ class Handshake_Message Handshake_Message& operator=(const Handshake_Message&) { return (*this); } }; -MemoryVector make_hello_random(RandomNumberGenerator& rng); +std::vector make_hello_random(RandomNumberGenerator& rng); /** * DTLS Hello Verify Request @@ -52,18 +52,18 @@ MemoryVector make_hello_random(RandomNumberGenerator& rng); class Hello_Verify_Request : public Handshake_Message { public: - MemoryVector serialize() const; + std::vector serialize() const; Handshake_Type type() const { return HELLO_VERIFY_REQUEST; } - MemoryVector cookie() const { return m_cookie; } + std::vector cookie() const { return m_cookie; } - Hello_Verify_Request(const MemoryRegion& buf); + Hello_Verify_Request(const std::vector& buf); - Hello_Verify_Request(const MemoryVector& client_hello_bits, + Hello_Verify_Request(const std::vector& client_hello_bits, const std::string& client_identity, const SymmetricKey& secret_key); private: - MemoryVector m_cookie; + std::vector m_cookie; }; /** @@ -76,7 +76,7 @@ class Client_Hello : public Handshake_Message Protocol_Version version() const { return m_version; } - const MemoryVector& session_id() const { return m_session_id; } + const std::vector& session_id() const { return m_session_id; } const std::vector >& supported_algos() const { return m_supported_algos; } @@ -87,7 +87,7 @@ class Client_Hello : public Handshake_Message std::vector ciphersuites() const { return m_suites; } std::vector compression_methods() const { return m_comp_methods; } - const MemoryVector& random() const { return m_random; } + const std::vector& random() const { return m_random; } std::string sni_hostname() const { return m_hostname; } @@ -95,7 +95,7 @@ class Client_Hello : public Handshake_Message bool secure_renegotiation() const { return m_secure_renegotiation; } - const MemoryVector& renegotiation_info() + const std::vector& renegotiation_info() { return m_renegotiation_info; } bool offered_suite(u16bit ciphersuite) const; @@ -106,7 +106,7 @@ class Client_Hello : public Handshake_Message bool supports_session_ticket() const { return m_supports_session_ticket; } - const MemoryRegion& session_ticket() const + const std::vector& session_ticket() const { return m_session_ticket; } bool supports_heartbeats() const { return m_supports_heartbeats; } @@ -117,7 +117,7 @@ class Client_Hello : public Handshake_Message Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const MemoryRegion& reneg_info, + const std::vector& reneg_info, bool next_protocol = false, const std::string& hostname = "", const std::string& srp_identifier = ""); @@ -126,20 +126,20 @@ class Client_Hello : public Handshake_Message Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const MemoryRegion& reneg_info, + const std::vector& reneg_info, const Session& resumed_session, bool next_protocol = false); - Client_Hello(const MemoryRegion& buf, + Client_Hello(const std::vector& buf, Handshake_Type type); private: - MemoryVector serialize() const; - void deserialize(const MemoryRegion& buf); - void deserialize_sslv2(const MemoryRegion& buf); + std::vector serialize() const; + void deserialize(const std::vector& buf); + void deserialize_sslv2(const std::vector& buf); Protocol_Version m_version; - MemoryVector m_session_id, m_random; + std::vector m_session_id, m_random; std::vector m_suites; std::vector m_comp_methods; std::string m_hostname; @@ -148,13 +148,13 @@ class Client_Hello : public Handshake_Message size_t m_fragment_size; bool m_secure_renegotiation; - MemoryVector m_renegotiation_info; + std::vector m_renegotiation_info; std::vector > m_supported_algos; std::vector m_supported_curves; bool m_supports_session_ticket; - MemoryVector m_session_ticket; + std::vector m_session_ticket; bool m_supports_heartbeats; bool m_peer_can_send_heartbeats; @@ -170,9 +170,9 @@ class Server_Hello : public Handshake_Message Protocol_Version version() { return m_version; } - const MemoryVector& random() const { return m_random; } + const std::vector& random() const { return m_random; } - const MemoryVector& session_id() const { return m_session_id; } + const std::vector& session_id() const { return m_session_id; } u16bit ciphersuite() const { return m_ciphersuite; } @@ -189,7 +189,7 @@ class Server_Hello : public Handshake_Message size_t fragment_size() const { return m_fragment_size; } - const MemoryVector& renegotiation_info() + const std::vector& renegotiation_info() { return m_renegotiation_info; } bool supports_heartbeats() const { return m_supports_heartbeats; } @@ -198,31 +198,31 @@ class Server_Hello : public Handshake_Message Server_Hello(Record_Writer& writer, Handshake_Hash& hash, - const MemoryRegion& session_id, + const std::vector& session_id, Protocol_Version ver, u16bit ciphersuite, byte compression, size_t max_fragment_size, bool client_has_secure_renegotiation, - const MemoryRegion& reneg_info, + const std::vector& reneg_info, bool offer_session_ticket, bool client_has_npn, const std::vector& next_protocols, bool client_has_heartbeat, RandomNumberGenerator& rng); - Server_Hello(const MemoryRegion& buf); + Server_Hello(const std::vector& buf); private: - MemoryVector serialize() const; + std::vector serialize() const; Protocol_Version m_version; - MemoryVector m_session_id, m_random; + std::vector m_session_id, m_random; u16bit m_ciphersuite; byte m_comp_method; size_t m_fragment_size; bool m_secure_renegotiation; - MemoryVector m_renegotiation_info; + std::vector m_renegotiation_info; bool m_next_protocol; std::vector m_next_protocols; @@ -240,7 +240,7 @@ class Client_Key_Exchange : public Handshake_Message public: Handshake_Type type() const { return CLIENT_KEX; } - const SecureVector& pre_master_secret() const + const secure_vector& pre_master_secret() const { return pre_master; } Client_Key_Exchange(Record_Writer& output, @@ -250,16 +250,17 @@ class Client_Key_Exchange : public Handshake_Message const std::string& hostname, RandomNumberGenerator& rng); - Client_Key_Exchange(const MemoryRegion& buf, + Client_Key_Exchange(const std::vector& buf, const Handshake_State* state, Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng); private: - MemoryVector serialize() const { return key_material; } + std::vector serialize() const { return key_material; } - SecureVector key_material, pre_master; + std::vector key_material; + secure_vector pre_master; }; /** @@ -278,9 +279,9 @@ class Certificate : public Handshake_Message Handshake_Hash& hash, const std::vector& certs); - Certificate(const MemoryRegion& buf); + Certificate(const std::vector& buf); private: - MemoryVector serialize() const; + std::vector serialize() const; std::vector m_certs; }; @@ -307,10 +308,10 @@ class Certificate_Req : public Handshake_Message const std::vector& allowed_cas, Protocol_Version version); - Certificate_Req(const MemoryRegion& buf, + Certificate_Req(const std::vector& buf, Protocol_Version version); private: - MemoryVector serialize() const; + std::vector serialize() const; std::vector names; std::vector cert_key_types; @@ -339,14 +340,14 @@ class Certificate_Verify : public Handshake_Message RandomNumberGenerator& rng, const Private_Key* key); - Certificate_Verify(const MemoryRegion& buf, + Certificate_Verify(const std::vector& buf, Protocol_Version version); private: - MemoryVector serialize() const; + std::vector serialize() const; std::string sig_algo; // sig algo used to create signature std::string hash_algo; // hash used to create signature - MemoryVector signature; + std::vector signature; }; /** @@ -357,7 +358,7 @@ class Finished : public Handshake_Message public: Handshake_Type type() const { return FINISHED; } - MemoryVector verify_data() const + std::vector verify_data() const { return verification_data; } bool verify(Handshake_State* state, @@ -367,12 +368,12 @@ class Finished : public Handshake_Message Handshake_State* state, Connection_Side side); - Finished(const MemoryRegion& buf); + Finished(const std::vector& buf); private: - MemoryVector serialize() const; + std::vector serialize() const; Connection_Side side; - MemoryVector verification_data; + std::vector verification_data; }; /** @@ -384,9 +385,9 @@ class Hello_Request : public Handshake_Message Handshake_Type type() const { return HELLO_REQUEST; } Hello_Request(Record_Writer& writer); - Hello_Request(const MemoryRegion& buf); + Hello_Request(const std::vector& buf); private: - MemoryVector serialize() const; + std::vector serialize() const; }; /** @@ -397,7 +398,7 @@ class Server_Key_Exchange : public Handshake_Message public: Handshake_Type type() const { return SERVER_KEX; } - const MemoryVector& params() const { return m_params; } + const std::vector& params() const { return m_params; } bool verify(const X509_Certificate& cert, Handshake_State* state) const; @@ -415,23 +416,23 @@ class Server_Key_Exchange : public Handshake_Message RandomNumberGenerator& rng, const Private_Key* signing_key = 0); - Server_Key_Exchange(const MemoryRegion& buf, + Server_Key_Exchange(const std::vector& buf, const std::string& kex_alg, const std::string& sig_alg, Protocol_Version version); ~Server_Key_Exchange(); private: - MemoryVector serialize() const; + std::vector serialize() const; Private_Key* m_kex_key; SRP6_Server_Session* m_srp_params; - MemoryVector m_params; + std::vector m_params; std::string m_sig_algo; // sig algo used to create signature std::string m_hash_algo; // hash used to create signature - MemoryVector m_signature; + std::vector m_signature; }; /** @@ -443,9 +444,9 @@ class Server_Hello_Done : public Handshake_Message Handshake_Type type() const { return SERVER_HELLO_DONE; } Server_Hello_Done(Record_Writer& writer, Handshake_Hash& hash); - Server_Hello_Done(const MemoryRegion& buf); + Server_Hello_Done(const std::vector& buf); private: - MemoryVector serialize() const; + std::vector serialize() const; }; /** @@ -462,9 +463,9 @@ class Next_Protocol : public Handshake_Message Handshake_Hash& hash, const std::string& protocol); - Next_Protocol(const MemoryRegion& buf); + Next_Protocol(const std::vector& buf); private: - MemoryVector serialize() const; + std::vector serialize() const; std::string m_protocol; }; @@ -475,22 +476,22 @@ class New_Session_Ticket : public Handshake_Message Handshake_Type type() const { return NEW_SESSION_TICKET; } u32bit ticket_lifetime_hint() const { return m_ticket_lifetime_hint; } - const MemoryVector& ticket() const { return m_ticket; } + const std::vector& ticket() const { return m_ticket; } New_Session_Ticket(Record_Writer& writer, Handshake_Hash& hash, - const MemoryRegion& ticket, + const std::vector& ticket, u32bit lifetime); New_Session_Ticket(Record_Writer& writer, Handshake_Hash& hash); - New_Session_Ticket(const MemoryRegion& buf); + New_Session_Ticket(const std::vector& buf); private: - MemoryVector serialize() const; + std::vector serialize() const; u32bit m_ticket_lifetime_hint; - MemoryVector m_ticket; + std::vector m_ticket; }; } diff --git a/src/tls/tls_reader.h b/src/tls/tls_reader.h index bf8098bed..7440e16b7 100644 --- a/src/tls/tls_reader.h +++ b/src/tls/tls_reader.h @@ -25,7 +25,7 @@ namespace TLS { class TLS_Data_Reader { public: - TLS_Data_Reader(const MemoryRegion& buf_in) : + TLS_Data_Reader(const std::vector& buf_in) : buf(buf_in), offset(0) {} void assert_done() const @@ -91,14 +91,14 @@ class TLS_Data_Reader } template - SecureVector get_range(size_t len_bytes, + std::vector get_range(size_t len_bytes, size_t min_elems, size_t max_elems) { const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems); - return get_elem >(num_elems); + return get_elem >(num_elems); } template @@ -123,9 +123,9 @@ class TLS_Data_Reader } template - SecureVector get_fixed(size_t size) + std::vector get_fixed(size_t size) { - return get_elem >(size); + return get_elem >(size); } private: @@ -169,15 +169,15 @@ class TLS_Data_Reader } } - const MemoryRegion& buf; + const std::vector& buf; size_t offset; }; /** * Helper function for encoding length-tagged vectors */ -template -void append_tls_length_value(MemoryRegion& buf, +template +void append_tls_length_value(std::vector& buf, const T* vals, size_t vals_size, size_t tag_size) @@ -200,26 +200,19 @@ void append_tls_length_value(MemoryRegion& buf, buf.push_back(get_byte(j, vals[i])); } -template -void append_tls_length_value(MemoryRegion& buf, - const MemoryRegion& vals, +template +void append_tls_length_value(std::vector& buf, + const std::vector& vals, size_t tag_size) { append_tls_length_value(buf, &vals[0], vals.size(), tag_size); } -template -void append_tls_length_value(MemoryRegion& buf, - const std::vector& vals, +template +void append_tls_length_value(std::vector& buf, + const std::string& str, size_t tag_size) { - append_tls_length_value(buf, &vals[0], vals.size(), tag_size); - } - -inline void append_tls_length_value(MemoryRegion& buf, - const std::string& str, - size_t tag_size) - { append_tls_length_value(buf, reinterpret_cast(&str[0]), str.size(), diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h index 3b44ee1c6..a92dcbe9d 100644 --- a/src/tls/tls_record.h +++ b/src/tls/tls_record.h @@ -33,10 +33,10 @@ class BOTAN_DLL Record_Writer void send(byte type, const byte input[], size_t length); void send(byte type, byte val) { send(type, &val, 1); } - void send(byte type, const MemoryRegion& input) + void send(byte type, const std::vector& input) { send(type, &input[0], input.size()); } - MemoryVector send(class Handshake_Message& msg); + std::vector send(class Handshake_Message& msg); void send_alert(const Alert& alert); @@ -62,7 +62,7 @@ class BOTAN_DLL Record_Writer std::function m_output_fn; - MemoryVector m_writebuf; + std::vector m_writebuf; Pipe m_cipher; MessageAuthenticationCode* m_mac; @@ -93,7 +93,7 @@ class BOTAN_DLL Record_Reader size_t add_input(const byte input[], size_t input_size, size_t& input_consumed, byte& msg_type, - MemoryVector& msg); + std::vector& msg); void activate(Connection_Side side, const Ciphersuite& suite, @@ -118,8 +118,8 @@ class BOTAN_DLL Record_Reader size_t& input_consumed, size_t desired); - MemoryVector m_readbuf; - MemoryVector m_macbuf; + std::vector m_readbuf; + std::vector m_macbuf; size_t m_readbuf_pos; Pipe m_cipher; diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 1e8c73ec3..7c2c4d323 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -24,8 +24,8 @@ bool check_for_resume(Session& session_info, Client_Hello* client_hello, std::chrono::seconds session_ticket_lifetime) { - const MemoryVector& client_session_id = client_hello->session_id(); - const MemoryVector& session_ticket = client_hello->session_ticket(); + const std::vector& client_session_id = client_hello->session_id(); + const std::vector& session_ticket = client_hello->session_ticket(); if(session_ticket.empty()) { @@ -232,7 +232,7 @@ void Server::alert_notify(const Alert& alert) * Split up and process handshake messages */ void Server::read_handshake(byte rec_type, - const MemoryRegion& rec_buf) + const std::vector& rec_buf) { if(rec_type == HANDSHAKE && !state) { @@ -247,7 +247,7 @@ void Server::read_handshake(byte rec_type, * Process a handshake message */ void Server::process_handshake_msg(Handshake_Type type, - const MemoryRegion& contents) + const std::vector& contents) { if(state == 0) throw Unexpected_Message("Unexpected handshake message from client"); @@ -396,7 +396,7 @@ void Server::process_handshake_msg(Handshake_Type type, state->server_hello = new Server_Hello( writer, state->hash, - rng.random_vec(32), // new session ID + unlock(rng.random_vec(32)), // new session ID state->version(), choose_ciphersuite(policy, creds, cert_chains, state->client_hello), choose_compression(policy, state->client_hello->compression_methods()), @@ -569,7 +569,7 @@ void Server::process_handshake_msg(Handshake_Type type, secure_renegotiation.supported(), state->server_hello->fragment_size(), peer_certs, - MemoryVector(), + std::vector(), m_hostname, state->srp_identifier() ); diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h index 684021ebc..441e03eb2 100644 --- a/src/tls/tls_server.h +++ b/src/tls/tls_server.h @@ -51,9 +51,9 @@ class BOTAN_DLL Server : public Channel { return m_next_protocol; } private: - void read_handshake(byte, const MemoryRegion&); + void read_handshake(byte, const std::vector&); - void process_handshake_msg(Handshake_Type, const MemoryRegion&); + void process_handshake_msg(Handshake_Type, const std::vector&); void alert_notify(const Alert& alert); diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp index dac38e67b..d2aae9a7e 100644 --- a/src/tls/tls_session.cpp +++ b/src/tls/tls_session.cpp @@ -18,8 +18,8 @@ namespace Botan { namespace TLS { -Session::Session(const MemoryRegion& session_identifier, - const MemoryRegion& master_secret, +Session::Session(const std::vector& session_identifier, + const secure_vector& master_secret, Protocol_Version version, u16bit ciphersuite, byte compression_method, @@ -27,7 +27,7 @@ Session::Session(const MemoryRegion& session_identifier, bool secure_renegotiation_supported, size_t fragment_size, const std::vector& certs, - const MemoryRegion& ticket, + const std::vector& ticket, const std::string& sni_hostname, const std::string& srp_identifier) : m_start_time(std::chrono::system_clock::now()), @@ -48,7 +48,7 @@ Session::Session(const MemoryRegion& session_identifier, Session::Session(const std::string& pem) { - SecureVector der = PEM_Code::decode_check_label(pem, "SSL SESSION"); + secure_vector der = PEM_Code::decode_check_label(pem, "SSL SESSION"); *this = Session(&der[0], der.size()); } @@ -61,7 +61,7 @@ Session::Session(const byte ber[], size_t ber_len) byte major_version = 0, minor_version = 0; - MemoryVector peer_cert_bits; + std::vector peer_cert_bits; size_t start_time = 0; @@ -94,16 +94,16 @@ Session::Session(const byte ber[], size_t ber_len) if(!peer_cert_bits.empty()) { - DataSource_Memory certs(peer_cert_bits); + DataSource_Memory certs(&peer_cert_bits[0], peer_cert_bits.size()); while(!certs.end_of_data()) m_peer_certs.push_back(X509_Certificate(certs)); } } -SecureVector Session::DER_encode() const +secure_vector Session::DER_encode() const { - MemoryVector peer_cert_bits; + std::vector peer_cert_bits; for(size_t i = 0; i != m_peer_certs.size(); ++i) peer_cert_bits += m_peer_certs[i].BER_encode(); @@ -154,7 +154,7 @@ const size_t MAC_OUTPUT_LENGTH = 32; } -MemoryVector +std::vector Session::encrypt(const SymmetricKey& master_key, RandomNumberGenerator& rng) const { @@ -177,9 +177,9 @@ Session::encrypt(const SymmetricKey& master_key, Pipe pipe(get_cipher(SESSION_CRYPTO_CIPHER, cipher_key, cipher_iv, ENCRYPTION)); pipe.process_msg(this->DER_encode()); - MemoryVector ctext = pipe.read_all(0); + secure_vector ctext = pipe.read_all(0); - MemoryVector out(MAGIC_LENGTH); + std::vector out(MAGIC_LENGTH); store_be(SESSION_CRYPTO_MAGIC, &out[0]); out += cipher_iv.bits_of(); out += ctext; @@ -217,7 +217,7 @@ Session Session::decrypt(const byte buf[], size_t buf_len, mac->set_key(mac_key); mac->update(&buf[0], buf_len - MAC_OUTPUT_LENGTH); - MemoryVector computed_mac = mac->final(); + secure_vector computed_mac = mac->final(); if(!same_mem(&buf[buf_len - MAC_OUTPUT_LENGTH], &computed_mac[0], computed_mac.size())) throw Decoding_Error("MAC verification failed for encrypted session"); @@ -234,7 +234,7 @@ Session Session::decrypt(const byte buf[], size_t buf_len, Pipe pipe(get_cipher(SESSION_CRYPTO_CIPHER, cipher_key, cipher_iv, DECRYPTION)); pipe.process_msg(&buf[CTEXT_OFFSET], buf_len - (MAC_OUTPUT_LENGTH + CTEXT_OFFSET)); - SecureVector ber = pipe.read_all(); + secure_vector ber = pipe.read_all(); return Session(&ber[0], ber.size()); } diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h index a2b341a30..2c474bc6a 100644 --- a/src/tls/tls_session.h +++ b/src/tls/tls_session.h @@ -43,8 +43,8 @@ class BOTAN_DLL Session /** * New session (sets session start time) */ - Session(const MemoryRegion& session_id, - const MemoryRegion& master_secret, + Session(const std::vector& session_id, + const secure_vector& master_secret, Protocol_Version version, u16bit ciphersuite, byte compression_method, @@ -52,7 +52,7 @@ class BOTAN_DLL Session bool secure_renegotiation_supported, size_t fragment_size, const std::vector& peer_certs, - const MemoryRegion& session_ticket, + const std::vector& session_ticket, const std::string& sni_hostname = "", const std::string& srp_identifier = ""); @@ -71,12 +71,12 @@ class BOTAN_DLL Session * @warning if the master secret is compromised so is the * session traffic */ - SecureVector DER_encode() const; + secure_vector DER_encode() const; /** * Encrypt a session (useful for serialization or session tickets) */ - MemoryVector encrypt(const SymmetricKey& key, + std::vector encrypt(const SymmetricKey& key, RandomNumberGenerator& rng) const; @@ -95,7 +95,7 @@ class BOTAN_DLL Session * @param ctext the ciphertext returned by encrypt * @param key the same key used by the encrypting side */ - static inline Session decrypt(const MemoryRegion& ctext, + static inline Session decrypt(const std::vector& ctext, const SymmetricKey& key) { return Session::decrypt(&ctext[0], ctext.size(), key); @@ -147,13 +147,13 @@ class BOTAN_DLL Session /** * Get the saved master secret */ - const SecureVector& master_secret() const + const secure_vector& master_secret() const { return m_master_secret; } /** * Get the session identifier */ - const MemoryVector& session_id() const + const std::vector& session_id() const { return m_identifier; } /** @@ -186,16 +186,16 @@ class BOTAN_DLL Session /** * Return the session ticket the server gave us */ - const MemoryVector& session_ticket() const { return m_session_ticket; } + const std::vector& session_ticket() const { return m_session_ticket; } private: enum { TLS_SESSION_PARAM_STRUCT_VERSION = 0x2994e300 }; std::chrono::system_clock::time_point m_start_time; - MemoryVector m_identifier; - MemoryVector m_session_ticket; // only used by client side - SecureVector m_master_secret; + std::vector m_identifier; + std::vector m_session_ticket; // only used by client side + secure_vector m_master_secret; Protocol_Version m_version; u16bit m_ciphersuite; diff --git a/src/tls/tls_session_key.cpp b/src/tls/tls_session_key.cpp index 4d7603ce1..0cd74a63a 100644 --- a/src/tls/tls_session_key.cpp +++ b/src/tls/tls_session_key.cpp @@ -19,7 +19,7 @@ namespace TLS { * Session_Keys Constructor */ Session_Keys::Session_Keys(Handshake_State* state, - const MemoryRegion& pre_master_secret, + const secure_vector& pre_master_secret, bool resuming) { const size_t mac_keylen = output_length_of(state->suite.mac_algo()); @@ -45,7 +45,7 @@ Session_Keys::Session_Keys(Handshake_State* state, } else { - SecureVector salt; + secure_vector salt; if(state->version() != Protocol_Version::SSL_V3) salt += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC)); @@ -56,7 +56,7 @@ Session_Keys::Session_Keys(Handshake_State* state, master_sec = prf->derive_key(48, pre_master_secret, salt); } - SecureVector salt; + secure_vector salt; if(state->version() != Protocol_Version::SSL_V3) salt += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC)); salt += state->server_hello->random(); diff --git a/src/tls/tls_session_key.h b/src/tls/tls_session_key.h index 25de56aea..0021694e3 100644 --- a/src/tls/tls_session_key.h +++ b/src/tls/tls_session_key.h @@ -31,16 +31,16 @@ class Session_Keys InitializationVector client_iv() const { return c_iv; } InitializationVector server_iv() const { return s_iv; } - const SecureVector& master_secret() const { return master_sec; } + const secure_vector& master_secret() const { return master_sec; } Session_Keys() {} Session_Keys(class Handshake_State* state, - const MemoryRegion& pre_master, + const secure_vector& pre_master, bool resuming); private: - SecureVector master_sec; + secure_vector master_sec; SymmetricKey c_cipher, s_cipher, c_mac, s_mac; InitializationVector c_iv, s_iv; }; diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp index d103df35f..72eb83c21 100644 --- a/src/tls/tls_session_manager.cpp +++ b/src/tls/tls_session_manager.cpp @@ -37,7 +37,7 @@ bool Session_Manager_In_Memory::load_from_session_str( } bool Session_Manager_In_Memory::load_from_session_id( - const MemoryRegion& session_id, Session& session) + const std::vector& session_id, Session& session) { std::lock_guard lock(m_mutex); @@ -69,7 +69,7 @@ bool Session_Manager_In_Memory::load_from_host_info( } void Session_Manager_In_Memory::remove_entry( - const MemoryRegion& session_id) + const std::vector& session_id) { std::lock_guard lock(m_mutex); diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h index 84d51406d..fa1ecae39 100644 --- a/src/tls/tls_session_manager.h +++ b/src/tls/tls_session_manager.h @@ -36,7 +36,7 @@ class BOTAN_DLL Session_Manager or not modified if not found * @return true if session was modified */ - virtual bool load_from_session_id(const MemoryRegion& session_id, + virtual bool load_from_session_id(const std::vector& session_id, Session& session) = 0; /** @@ -53,7 +53,7 @@ class BOTAN_DLL Session_Manager /** * Remove this session id from the cache, if it exists */ - virtual void remove_entry(const MemoryRegion& session_id) = 0; + virtual void remove_entry(const std::vector& session_id) = 0; /** * Save a session on a best effort basis; the manager may not in @@ -94,13 +94,13 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager m_session_lifetime(session_lifetime) {} - bool load_from_session_id(const MemoryRegion& session_id, + bool load_from_session_id(const std::vector& session_id, Session& session); bool load_from_host_info(const std::string& hostname, u16bit port, Session& session); - void remove_entry(const MemoryRegion& session_id); + void remove_entry(const std::vector& session_id); void save(const Session& session_data); diff --git a/src/utils/datastor/datastor.cpp b/src/utils/datastor/datastor.cpp index 363136c69..d65b3f1ac 100644 --- a/src/utils/datastor/datastor.cpp +++ b/src/utils/datastor/datastor.cpp @@ -72,21 +72,21 @@ std::string Data_Store::get1(const std::string& key) const } /* -* Get a single MemoryVector atom +* Get a single std::vector atom */ -MemoryVector +std::vector Data_Store::get1_memvec(const std::string& key) const { std::vector vals = get(key); if(vals.empty()) - return MemoryVector(); + return std::vector(); if(vals.size() > 1) throw Invalid_State("Data_Store::get1_memvec: Multiple values for " + key); - return hex_decode(vals[0]); + return unlock(hex_decode(vals[0])); } /* @@ -125,7 +125,12 @@ void Data_Store::add(const std::string& key, u32bit val) /* * Insert a single key and value */ -void Data_Store::add(const std::string& key, const MemoryRegion& val) +void Data_Store::add(const std::string& key, const secure_vector& val) + { + add(key, hex_encode(&val[0], val.size())); + } + +void Data_Store::add(const std::string& key, const std::vector& val) { add(key, hex_encode(&val[0], val.size())); } diff --git a/src/utils/datastor/datastor.h b/src/utils/datastor/datastor.h index 26a0d418c..b471f85e1 100644 --- a/src/utils/datastor/datastor.h +++ b/src/utils/datastor/datastor.h @@ -35,7 +35,7 @@ class BOTAN_DLL Data_Store std::string get1(const std::string&) const; - MemoryVector get1_memvec(const std::string&) const; + std::vector get1_memvec(const std::string&) const; u32bit get1_u32bit(const std::string&, u32bit = 0) const; bool has_value(const std::string&) const; @@ -43,7 +43,8 @@ class BOTAN_DLL Data_Store void add(const std::multimap&); void add(const std::string&, const std::string&); void add(const std::string&, u32bit); - void add(const std::string&, const MemoryRegion&); + void add(const std::string&, const secure_vector&); + void add(const std::string&, const std::vector&); private: std::multimap contents; }; diff --git a/src/utils/xor_buf.h b/src/utils/xor_buf.h index 3c96dea70..b67d84c50 100644 --- a/src/utils/xor_buf.h +++ b/src/utils/xor_buf.h @@ -9,6 +9,7 @@ #define BOTAN_XOR_BUF_H__ #include +#include namespace Botan { @@ -70,6 +71,31 @@ inline void xor_buf(byte out[], out[i] = in[i] ^ in2[i]; } +template +void xor_buf(std::vector& out, + const std::vector& in, + size_t n) + { + xor_buf(&out[0], &in[0], n); + } + +template +void xor_buf(std::vector& out, + const byte* in, + size_t n) + { + xor_buf(&out[0], in, n); + } + +template +void xor_buf(std::vector& out, + const byte* in, + const std::vector& in2, + size_t n) + { + xor_buf(&out[0], &in[0], &in2[0], n); + } + } #endif diff --git a/src/wrap/python/python_botan.h b/src/wrap/python/python_botan.h index ac0a17d7f..03bdd9156 100644 --- a/src/wrap/python/python_botan.h +++ b/src/wrap/python/python_botan.h @@ -34,7 +34,7 @@ inline std::string make_string(const byte input[], u32bit length) return std::string((const char*)input, length); } -inline std::string make_string(const MemoryRegion& in) +inline std::string make_string(const secure_vector& in) { return make_string(in.begin(), in.size()); } diff --git a/src/wrap/python/rsa.cpp b/src/wrap/python/rsa.cpp index dc6053503..3ff1edb07 100644 --- a/src/wrap/python/rsa.cpp +++ b/src/wrap/python/rsa.cpp @@ -40,7 +40,7 @@ class Py_RSA_PrivateKey std::string to_ber() const { - SecureVector bits = PKCS8::BER_encode(*rsa_key); + secure_vector bits = PKCS8::BER_encode(*rsa_key); return std::string(reinterpret_cast(&bits[0]), bits.size()); @@ -140,7 +140,7 @@ class Py_RSA_PublicKey std::string to_ber() const { - SecureVector bits = X509::BER_encode(*rsa_key); + secure_vector bits = X509::BER_encode(*rsa_key); return std::string(reinterpret_cast(&bits[0]), bits.size()); diff --git a/src/wrap/python/x509.cpp b/src/wrap/python/x509.cpp index 4c248890d..0a29ad83a 100644 --- a/src/wrap/python/x509.cpp +++ b/src/wrap/python/x509.cpp @@ -63,7 +63,7 @@ void export_x509() { vector_to_list(); vector_to_list(); - memvec_to_hexstr >(); + memvec_to_hexstr >(); python::class_ ("X509_Certificate", python::init()) -- cgit v1.2.3