From 25b6fb53eec30620d084411fb1dbc8913142fc6d Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sun, 4 Sep 2016 10:04:02 -0400 Subject: Remove Algo_Registry usage from public key code. Instead the key types exposes operations like `create_encryption_op` which will return the relevant operation if the algorithm supports it. Changes pubkey.h interface, now RNG is passed at init time. Blinder previous created its own RNG, now it takes it from app. --- src/lib/pubkey/gost_3410/gost_3410.cpp | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) (limited to 'src/lib/pubkey/gost_3410/gost_3410.cpp') diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp index 51db47619..c37c8c845 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.cpp +++ b/src/lib/pubkey/gost_3410/gost_3410.cpp @@ -7,8 +7,9 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#include #include +#include +#include #include #include @@ -212,7 +213,20 @@ bool GOST_3410_Verification_Operation::verify(const byte msg[], size_t msg_len, } -BOTAN_REGISTER_PK_SIGNATURE_OP("GOST-34.10", GOST_3410_Signature_Operation); -BOTAN_REGISTER_PK_VERIFY_OP("GOST-34.10", GOST_3410_Verification_Operation); +std::unique_ptr +GOST_3410_PublicKey::create_verification_op(RandomNumberGenerator& rng, + const std::string& params, + const std::string& provider) const + { + return std::unique_ptr(new GOST_3410_Verification_Operation(*this, params)); + } + +std::unique_ptr +GOST_3410_PrivateKey::create_signature_op(RandomNumberGenerator& rng, + const std::string& params, + const std::string& provider) const + { + return std::unique_ptr(new GOST_3410_Signature_Operation(*this, params)); + } } -- cgit v1.2.3 From 239bdf36a617df86dc97efb11ec96d7c6d357534 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 14 Sep 2016 16:33:37 -0400 Subject: Revert PK_Verifier change (don't require RNG there). Verification is deterministic and public, so really no RNG is ever needed. Change provider handling - accepts "base", "openssl", or empty, otherwise throws a Provider_Not_Found exception. --- src/cli/pubkey.cpp | 2 +- src/cli/speed.cpp | 2 +- src/lib/cert/x509/ocsp.cpp | 3 +- src/lib/cert/x509/x509_obj.cpp | 3 +- src/lib/prov/openssl/openssl_rsa.cpp | 22 +++------ src/lib/prov/pkcs11/p11_ecdsa.cpp | 11 +++-- src/lib/prov/pkcs11/p11_ecdsa.h | 3 +- src/lib/prov/pkcs11/p11_rsa.cpp | 3 +- src/lib/prov/pkcs11/p11_rsa.h | 3 +- src/lib/prov/tpm/tpm.cpp | 4 +- src/lib/pubkey/curve25519/curve25519.cpp | 6 ++- src/lib/pubkey/dh/dh.cpp | 6 ++- src/lib/pubkey/dsa/dsa.cpp | 13 +++--- src/lib/pubkey/dsa/dsa.h | 5 +-- src/lib/pubkey/ecdh/ecdh.cpp | 20 ++++++--- src/lib/pubkey/ecdsa/ecdsa.cpp | 44 ++++++++++++------ src/lib/pubkey/ecdsa/ecdsa.h | 5 +-- src/lib/pubkey/ecgdsa/ecgdsa.cpp | 13 +++--- src/lib/pubkey/ecgdsa/ecgdsa.h | 5 +-- src/lib/pubkey/eckcdsa/eckcdsa.cpp | 17 ++++--- src/lib/pubkey/eckcdsa/eckcdsa.h | 5 +-- src/lib/pubkey/elgamal/elgamal.cpp | 12 +++-- src/lib/pubkey/gost_3410/gost_3410.cpp | 13 +++--- src/lib/pubkey/gost_3410/gost_3410.h | 5 +-- src/lib/pubkey/keypair/keypair.cpp | 2 +- src/lib/pubkey/mce/mceliece_key.cpp | 12 +++-- src/lib/pubkey/pk_keys.cpp | 3 +- src/lib/pubkey/pk_keys.h | 7 +-- src/lib/pubkey/pubkey.cpp | 3 +- src/lib/pubkey/pubkey.h | 17 ------- src/lib/pubkey/rsa/rsa.cpp | 76 +++++++++++++++++++++++--------- src/lib/pubkey/rsa/rsa.h | 3 +- src/lib/tls/msg_cert_verify.cpp | 5 +-- src/lib/tls/msg_server_kex.cpp | 5 +-- src/lib/tls/tls_client.cpp | 2 +- src/lib/tls/tls_messages.h | 6 +-- src/lib/tls/tls_server.cpp | 2 +- src/lib/utils/exceptn.h | 10 +++++ src/tests/test_pubkey.cpp | 6 +-- src/tests/unit_ecdsa.cpp | 14 +++--- 40 files changed, 220 insertions(+), 178 deletions(-) (limited to 'src/lib/pubkey/gost_3410/gost_3410.cpp') diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp index 7e075202c..6c0ea8352 100644 --- a/src/cli/pubkey.cpp +++ b/src/cli/pubkey.cpp @@ -204,7 +204,7 @@ class PK_Verify final : public Command const std::string sig_padding = get_arg_or("emsa", algo_default_emsa(key->algo_name())) + "(" + get_arg("hash") + ")"; - Botan::PK_Verifier verifier(*key, rng(), sig_padding); + Botan::PK_Verifier verifier(*key, sig_padding); this->read_file(get_arg("file"), [&verifier](const uint8_t b[], size_t l) { verifier.update(b, l); }); diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 8666ff4ab..d864c5858 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -889,7 +889,7 @@ class Speed final : public Command std::vector message, signature, bad_signature; Botan::PK_Signer sig(key, rng(), padding, Botan::IEEE_1363, provider); - Botan::PK_Verifier ver(key, rng(), padding, Botan::IEEE_1363, provider); + Botan::PK_Verifier ver(key, padding, Botan::IEEE_1363, provider); Timer sig_timer(nm, provider, padding + " sign"); Timer ver_timer(nm, provider, padding + " verify"); diff --git a/src/lib/cert/x509/ocsp.cpp b/src/lib/cert/x509/ocsp.cpp index fb6234cc8..761c5b436 100644 --- a/src/lib/cert/x509/ocsp.cpp +++ b/src/lib/cert/x509/ocsp.cpp @@ -61,8 +61,7 @@ void check_signature(const std::vector& tbs_response, Signature_Format format = (pub_key->message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; - Null_RNG null_rng; - PK_Verifier verifier(*pub_key, null_rng, padding, format); + PK_Verifier verifier(*pub_key, padding, format); if(!verifier.verify_message(ASN1::put_in_sequence(tbs_response), signature)) throw Exception("Signature on OCSP response does not verify"); diff --git a/src/lib/cert/x509/x509_obj.cpp b/src/lib/cert/x509/x509_obj.cpp index 25da0155e..983be40b2 100644 --- a/src/lib/cert/x509/x509_obj.cpp +++ b/src/lib/cert/x509/x509_obj.cpp @@ -197,8 +197,7 @@ bool X509_Object::check_signature(const Public_Key& pub_key) const Signature_Format format = (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; - Null_RNG null_rng; - PK_Verifier verifier(pub_key, null_rng, padding, format); + PK_Verifier verifier(pub_key, padding, format); return verifier.verify_message(tbs_data(), signature()); } diff --git a/src/lib/prov/openssl/openssl_rsa.cpp b/src/lib/prov/openssl/openssl_rsa.cpp index 5405ddda1..defa566f0 100644 --- a/src/lib/prov/openssl/openssl_rsa.cpp +++ b/src/lib/prov/openssl/openssl_rsa.cpp @@ -228,28 +228,16 @@ class OpenSSL_RSA_Signing_Operation : public PK_Ops::Signature_with_EMSA std::unique_ptr make_openssl_rsa_enc_op(const RSA_PublicKey& key, const std::string& params) { - try - { - auto pad_info = get_openssl_enc_pad(params); - return std::unique_ptr( - new OpenSSL_RSA_Encryption_Operation(key, pad_info.first, pad_info.second)); - } - catch(...) {} - - return {}; + auto pad_info = get_openssl_enc_pad(params); + return std::unique_ptr( + new OpenSSL_RSA_Encryption_Operation(key, pad_info.first, pad_info.second)); } std::unique_ptr make_openssl_rsa_dec_op(const RSA_PrivateKey& key, const std::string& params) { - try - { - auto pad_info = get_openssl_enc_pad(params); - return std::unique_ptr(new OpenSSL_RSA_Decryption_Operation(key, pad_info.first)); - } - catch(...) {} - - return {}; + auto pad_info = get_openssl_enc_pad(params); + return std::unique_ptr(new OpenSSL_RSA_Decryption_Operation(key, pad_info.first)); } std::unique_ptr diff --git a/src/lib/prov/pkcs11/p11_ecdsa.cpp b/src/lib/prov/pkcs11/p11_ecdsa.cpp index 9e21a3701..c406fe553 100644 --- a/src/lib/prov/pkcs11/p11_ecdsa.cpp +++ b/src/lib/prov/pkcs11/p11_ecdsa.cpp @@ -201,17 +201,16 @@ class PKCS11_ECDSA_Verification_Operation : public PK_Ops::Verification } std::unique_ptr -PKCS11_ECDSA_PublicKey::create_verification_op(RandomNumberGenerator& rng, - const std::string& params, - const std::string& provider) const +PKCS11_ECDSA_PublicKey::create_verification_op(const std::string& params, + const std::string& /*provider*/) const { return std::unique_ptr(new PKCS11_ECDSA_Verification_Operation(*this, params)); } std::unique_ptr -PKCS11_ECDSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng, - const std::string& params, - const std::string& provider) const +PKCS11_ECDSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/, + const std::string& params, + const std::string& /*provider*/) const { return std::unique_ptr(new PKCS11_ECDSA_Signature_Operation(*this, params)); } diff --git a/src/lib/prov/pkcs11/p11_ecdsa.h b/src/lib/prov/pkcs11/p11_ecdsa.h index d391ce0b9..aab56f1f2 100644 --- a/src/lib/prov/pkcs11/p11_ecdsa.h +++ b/src/lib/prov/pkcs11/p11_ecdsa.h @@ -57,8 +57,7 @@ class BOTAN_DLL PKCS11_ECDSA_PublicKey final : public PKCS11_EC_PublicKey, publi ECDSA_PublicKey export_key() const; std::unique_ptr - create_verification_op(RandomNumberGenerator& rng, - const std::string& params, + create_verification_op(const std::string& params, const std::string& provider) const override; }; diff --git a/src/lib/prov/pkcs11/p11_rsa.cpp b/src/lib/prov/pkcs11/p11_rsa.cpp index 18965fd95..c048d9d22 100644 --- a/src/lib/prov/pkcs11/p11_rsa.cpp +++ b/src/lib/prov/pkcs11/p11_rsa.cpp @@ -358,8 +358,7 @@ PKCS11_RSA_PublicKey::create_encryption_op(RandomNumberGenerator& /*rng*/, } std::unique_ptr -PKCS11_RSA_PublicKey::create_verification_op(RandomNumberGenerator& /*rng*/, - const std::string& params, +PKCS11_RSA_PublicKey::create_verification_op(const std::string& params, const std::string& /*provider*/) const { return std::unique_ptr(new PKCS11_RSA_Verification_Operation(*this, params)); diff --git a/src/lib/prov/pkcs11/p11_rsa.h b/src/lib/prov/pkcs11/p11_rsa.h index 6a085a7d7..6d80e45a7 100644 --- a/src/lib/prov/pkcs11/p11_rsa.h +++ b/src/lib/prov/pkcs11/p11_rsa.h @@ -90,8 +90,7 @@ class BOTAN_DLL PKCS11_RSA_PublicKey final : public RSA_PublicKey, const std::string& provider) const override; std::unique_ptr - create_verification_op(RandomNumberGenerator& rng, - const std::string& params, + create_verification_op(const std::string& params, const std::string& provider) const override; }; diff --git a/src/lib/prov/tpm/tpm.cpp b/src/lib/prov/tpm/tpm.cpp index 73eb063ce..20334d75d 100644 --- a/src/lib/prov/tpm/tpm.cpp +++ b/src/lib/prov/tpm/tpm.cpp @@ -443,9 +443,9 @@ class TPM_Signing_Operation : public PK_Ops::Signature } std::unique_ptr -TPM_PrivateKey::create_signature_op(RandomNumberGenerator& rng, +TPM_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/, const std::string& params, - const std::string& provider) const + const std::string& /*provider*/) const { return std::unique_ptr(new TPM_Signing_Operation(*this, params)); } diff --git a/src/lib/pubkey/curve25519/curve25519.cpp b/src/lib/pubkey/curve25519/curve25519.cpp index b1dfc59a1..02ee516de 100644 --- a/src/lib/pubkey/curve25519/curve25519.cpp +++ b/src/lib/pubkey/curve25519/curve25519.cpp @@ -139,9 +139,11 @@ class Curve25519_KA_Operation : public PK_Ops::Key_Agreement_with_KDF std::unique_ptr Curve25519_PrivateKey::create_key_agreement_op(RandomNumberGenerator& /*rng*/, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr(new Curve25519_KA_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new Curve25519_KA_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/dh/dh.cpp b/src/lib/pubkey/dh/dh.cpp index 3cd47c581..19ead1b11 100644 --- a/src/lib/pubkey/dh/dh.cpp +++ b/src/lib/pubkey/dh/dh.cpp @@ -129,9 +129,11 @@ secure_vector DH_KA_Operation::raw_agree(const byte w[], size_t w_len) std::unique_ptr DH_PrivateKey::create_key_agreement_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr(new DH_KA_Operation(*this, params, rng)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new DH_KA_Operation(*this, params, rng)); + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp index 00d7b77d7..15dc45373 100644 --- a/src/lib/pubkey/dsa/dsa.cpp +++ b/src/lib/pubkey/dsa/dsa.cpp @@ -198,19 +198,22 @@ bool DSA_Verification_Operation::verify(const byte msg[], size_t msg_len, } std::unique_ptr -DSA_PublicKey::create_verification_op(RandomNumberGenerator& rng, - const std::string& params, +DSA_PublicKey::create_verification_op(const std::string& params, const std::string& provider) const { - return std::unique_ptr(new DSA_Verification_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new DSA_Verification_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr -DSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng, +DSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/, const std::string& params, const std::string& provider) const { - return std::unique_ptr(new DSA_Signature_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new DSA_Signature_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/dsa/dsa.h b/src/lib/pubkey/dsa/dsa.h index d8cd61df5..57c7b7c5c 100644 --- a/src/lib/pubkey/dsa/dsa.h +++ b/src/lib/pubkey/dsa/dsa.h @@ -34,8 +34,7 @@ class BOTAN_DLL DSA_PublicKey : public virtual DL_Scheme_PublicKey DSA_PublicKey(const DL_Group& group, const BigInt& y); std::unique_ptr - create_verification_op(RandomNumberGenerator& rng, - const std::string& params, + create_verification_op(const std::string& params, const std::string& provider) const override; protected: DSA_PublicKey() {} @@ -61,7 +60,7 @@ class BOTAN_DLL DSA_PrivateKey : public DSA_PublicKey, std::unique_ptr create_signature_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& provider) const; + const std::string& provider) const override; }; } diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp index 79c63da8c..a4791e15e 100644 --- a/src/lib/pubkey/ecdh/ecdh.cpp +++ b/src/lib/pubkey/ecdh/ecdh.cpp @@ -39,6 +39,7 @@ class ECDH_KA_Operation : public PK_Ops::Key_Agreement_with_KDF secure_vector raw_agree(const byte w[], size_t w_len) override { PointGFp point = OS2ECP(w, w_len, m_curve); + // TODO: add blinding PointGFp S = (m_cofactor * point) * m_l_times_priv; BOTAN_ASSERT(S.on_the_curve(), "ECDH agreed value was on the curve"); return BigInt::encode_1363(S.get_affine_x(), m_curve.get_p().bytes()); @@ -57,15 +58,24 @@ ECDH_PrivateKey::create_key_agreement_op(RandomNumberGenerator& /*rng*/, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { - std::unique_ptr res = make_openssl_ecdh_ka_op(*this, params); - if(res) - return res; + try + { + return make_openssl_ecdh_ka_op(*this, params); + } + catch(Exception& e) + { + if(provider == "openssl") + throw Exception("OpenSSL ECDH refused key or params", e.what()); + } } #endif - return std::unique_ptr(new ECDH_KA_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new ECDH_KA_Operation(*this, params)); + + throw Provider_Not_Found(algo_name(), provider); } diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index 6a81ababf..f93fcc7a5 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -159,36 +159,54 @@ bool ECDSA_Verification_Operation::verify(const byte msg[], size_t msg_len, } std::unique_ptr -ECDSA_PublicKey::create_verification_op(RandomNumberGenerator& rng, - const std::string& params, +ECDSA_PublicKey::create_verification_op(const std::string& params, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { - std::unique_ptr res = make_openssl_ecdsa_ver_op(*this, params); - if(res) - return res; + try + { + return make_openssl_ecdsa_ver_op(*this, params); + } + catch(Exception& e) + { + if(provider == "openssl") + throw Exception("OpenSSL provider refused ECDSA pubkey", e.what()); + } } #endif - return std::unique_ptr(new ECDSA_Verification_Operation(*this, params)); + + if(provider == "base" || provider.empty()) + return std::unique_ptr(new ECDSA_Verification_Operation(*this, params)); + + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr -ECDSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng, +ECDSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/, const std::string& params, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { - std::unique_ptr res = make_openssl_ecdsa_sig_op(*this, params); - if(res) - return res; + try + { + return make_openssl_ecdsa_sig_op(*this, params); + } + catch(Exception& e) + { + if(provider == "openssl") + throw Exception("OpenSSL provider refused ECDSA privkey", e.what()); + } } #endif - return std::unique_ptr(new ECDSA_Signature_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new ECDSA_Signature_Operation(*this, params)); + + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/ecdsa/ecdsa.h b/src/lib/pubkey/ecdsa/ecdsa.h index 9a55fbe48..d9dcacd06 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.h +++ b/src/lib/pubkey/ecdsa/ecdsa.h @@ -54,8 +54,7 @@ class BOTAN_DLL ECDSA_PublicKey : public virtual EC_PublicKey { return domain().get_order().bytes(); } std::unique_ptr - create_verification_op(RandomNumberGenerator& rng, - const std::string& params, + create_verification_op(const std::string& params, const std::string& provider) const override; protected: ECDSA_PublicKey() {} @@ -94,7 +93,7 @@ class BOTAN_DLL ECDSA_PrivateKey : public ECDSA_PublicKey, std::unique_ptr create_signature_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& provider) const; + const std::string& provider) const override; }; } diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp index b112a4466..136f2159a 100644 --- a/src/lib/pubkey/ecgdsa/ecgdsa.cpp +++ b/src/lib/pubkey/ecgdsa/ecgdsa.cpp @@ -141,19 +141,22 @@ bool ECGDSA_Verification_Operation::verify(const byte msg[], size_t msg_len, } std::unique_ptr -ECGDSA_PublicKey::create_verification_op(RandomNumberGenerator& rng, - const std::string& params, +ECGDSA_PublicKey::create_verification_op(const std::string& params, const std::string& provider) const { - return std::unique_ptr(new ECGDSA_Verification_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new ECGDSA_Verification_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr -ECGDSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng, +ECGDSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/, const std::string& params, const std::string& provider) const { - return std::unique_ptr(new ECGDSA_Signature_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new ECGDSA_Signature_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.h b/src/lib/pubkey/ecgdsa/ecgdsa.h index ec9180ee5..203e8d0a8 100644 --- a/src/lib/pubkey/ecgdsa/ecgdsa.h +++ b/src/lib/pubkey/ecgdsa/ecgdsa.h @@ -52,8 +52,7 @@ class BOTAN_DLL ECGDSA_PublicKey : public virtual EC_PublicKey { return domain().get_order().bytes(); } std::unique_ptr - create_verification_op(RandomNumberGenerator& rng, - const std::string& params, + create_verification_op(const std::string& params, const std::string& provider) const override; protected: ECGDSA_PublicKey() {} @@ -92,7 +91,7 @@ class BOTAN_DLL ECGDSA_PrivateKey : public ECGDSA_PublicKey, std::unique_ptr create_signature_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& provider) const; + const std::string& provider) const override; }; } diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.cpp b/src/lib/pubkey/eckcdsa/eckcdsa.cpp index e61ceaa19..5375d047a 100644 --- a/src/lib/pubkey/eckcdsa/eckcdsa.cpp +++ b/src/lib/pubkey/eckcdsa/eckcdsa.cpp @@ -196,19 +196,22 @@ bool ECKCDSA_Verification_Operation::verify(const byte msg[], size_t, } std::unique_ptr -ECKCDSA_PublicKey::create_verification_op(RandomNumberGenerator& rng, - const std::string& params, +ECKCDSA_PublicKey::create_verification_op(const std::string& params, const std::string& provider) const { - return std::unique_ptr(new ECKCDSA_Verification_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new ECKCDSA_Verification_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr -ECKCDSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng, - const std::string& params, - const std::string& provider) const +ECKCDSA_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/, + const std::string& params, + const std::string& provider) const { - return std::unique_ptr(new ECKCDSA_Signature_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new ECKCDSA_Signature_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.h b/src/lib/pubkey/eckcdsa/eckcdsa.h index f8514776b..09ee34ed5 100644 --- a/src/lib/pubkey/eckcdsa/eckcdsa.h +++ b/src/lib/pubkey/eckcdsa/eckcdsa.h @@ -52,8 +52,7 @@ class BOTAN_DLL ECKCDSA_PublicKey : public virtual EC_PublicKey { return domain().get_order().bytes(); } std::unique_ptr - create_verification_op(RandomNumberGenerator& rng, - const std::string& params, + create_verification_op(const std::string& params, const std::string& provider) const override; protected: ECKCDSA_PublicKey() {} @@ -92,7 +91,7 @@ class BOTAN_DLL ECKCDSA_PrivateKey : public ECKCDSA_PublicKey, std::unique_ptr create_signature_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& provider) const; + const std::string& provider) const override; }; } diff --git a/src/lib/pubkey/elgamal/elgamal.cpp b/src/lib/pubkey/elgamal/elgamal.cpp index fbbd09226..046c2c3f6 100644 --- a/src/lib/pubkey/elgamal/elgamal.cpp +++ b/src/lib/pubkey/elgamal/elgamal.cpp @@ -186,17 +186,21 @@ ElGamal_Decryption_Operation::raw_decrypt(const byte msg[], size_t msg_len) std::unique_ptr ElGamal_PublicKey::create_encryption_op(RandomNumberGenerator& /*rng*/, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr(new ElGamal_Encryption_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new ElGamal_Encryption_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr ElGamal_PrivateKey::create_decryption_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr(new ElGamal_Decryption_Operation(*this, params, rng)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new ElGamal_Decryption_Operation(*this, params, rng)); + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp index c37c8c845..7fde29bc5 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.cpp +++ b/src/lib/pubkey/gost_3410/gost_3410.cpp @@ -214,19 +214,22 @@ bool GOST_3410_Verification_Operation::verify(const byte msg[], size_t msg_len, } std::unique_ptr -GOST_3410_PublicKey::create_verification_op(RandomNumberGenerator& rng, - const std::string& params, +GOST_3410_PublicKey::create_verification_op(const std::string& params, const std::string& provider) const { - return std::unique_ptr(new GOST_3410_Verification_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new GOST_3410_Verification_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr -GOST_3410_PrivateKey::create_signature_op(RandomNumberGenerator& rng, +GOST_3410_PrivateKey::create_signature_op(RandomNumberGenerator& /*rng*/, const std::string& params, const std::string& provider) const { - return std::unique_ptr(new GOST_3410_Signature_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new GOST_3410_Signature_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/gost_3410/gost_3410.h b/src/lib/pubkey/gost_3410/gost_3410.h index 9d79f48d7..cca811896 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.h +++ b/src/lib/pubkey/gost_3410/gost_3410.h @@ -60,8 +60,7 @@ class BOTAN_DLL GOST_3410_PublicKey : public virtual EC_PublicKey { return domain().get_order().bytes(); } std::unique_ptr - create_verification_op(RandomNumberGenerator& rng, - const std::string& params, + create_verification_op(const std::string& params, const std::string& provider) const override; protected: @@ -97,7 +96,7 @@ class BOTAN_DLL GOST_3410_PrivateKey : public GOST_3410_PublicKey, std::unique_ptr create_signature_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& provider) const; + const std::string& provider) const override; }; } diff --git a/src/lib/pubkey/keypair/keypair.cpp b/src/lib/pubkey/keypair/keypair.cpp index 6ea514d34..2efd40b6e 100644 --- a/src/lib/pubkey/keypair/keypair.cpp +++ b/src/lib/pubkey/keypair/keypair.cpp @@ -49,7 +49,7 @@ bool signature_consistency_check(RandomNumberGenerator& rng, const std::string& padding) { PK_Signer signer(key, rng, padding); - PK_Verifier verifier(key, rng, padding); + PK_Verifier verifier(key, padding); std::vector message = unlock(rng.random_vec(16)); diff --git a/src/lib/pubkey/mce/mceliece_key.cpp b/src/lib/pubkey/mce/mceliece_key.cpp index b5eed5a38..c65322348 100644 --- a/src/lib/pubkey/mce/mceliece_key.cpp +++ b/src/lib/pubkey/mce/mceliece_key.cpp @@ -356,17 +356,21 @@ class MCE_KEM_Decryptor : public PK_Ops::KEM_Decryption_with_KDF std::unique_ptr McEliece_PublicKey::create_kem_encryption_op(RandomNumberGenerator& /*rng*/, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr(new MCE_KEM_Encryptor(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new MCE_KEM_Encryptor(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr McEliece_PrivateKey::create_kem_decryption_op(RandomNumberGenerator& /*rng*/, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr(new MCE_KEM_Decryptor(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new MCE_KEM_Decryptor(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/pk_keys.cpp b/src/lib/pubkey/pk_keys.cpp index ff57d88cc..21b56ed81 100644 --- a/src/lib/pubkey/pk_keys.cpp +++ b/src/lib/pubkey/pk_keys.cpp @@ -96,8 +96,7 @@ Public_Key::create_kem_encryption_op(RandomNumberGenerator& /*rng*/, } std::unique_ptr -Public_Key::create_verification_op(RandomNumberGenerator& /*rng*/, - const std::string& /*params*/, +Public_Key::create_verification_op(const std::string& /*params*/, const std::string& /*provider*/) const { throw Lookup_Error(algo_name() + " does not support verification"); diff --git a/src/lib/pubkey/pk_keys.h b/src/lib/pubkey/pk_keys.h index 9de884103..13d94c085 100644 --- a/src/lib/pubkey/pk_keys.h +++ b/src/lib/pubkey/pk_keys.h @@ -122,14 +122,9 @@ class BOTAN_DLL Public_Key /** * Return a verification operation for this key/params or throw - * - * @param rng a random number generator. The PK_Op may maintain a - * reference to the RNG and use it many times. The rng must outlive - * any operations which reference it. */ virtual std::unique_ptr - create_verification_op(RandomNumberGenerator& rng, - const std::string& params, + create_verification_op(const std::string& params, const std::string& provider) const; virtual ~Public_Key() {} diff --git a/src/lib/pubkey/pubkey.cpp b/src/lib/pubkey/pubkey.cpp index 51869326a..fa5777bde 100644 --- a/src/lib/pubkey/pubkey.cpp +++ b/src/lib/pubkey/pubkey.cpp @@ -252,12 +252,11 @@ std::vector PK_Signer::signature(RandomNumberGenerator& rng) } PK_Verifier::PK_Verifier(const Public_Key& key, - RandomNumberGenerator& rng, const std::string& emsa, Signature_Format format, const std::string& provider) { - m_op = key.create_verification_op(rng, emsa, provider); + m_op = key.create_verification_op(emsa, provider); BOTAN_ASSERT_NONNULL(m_op); m_sig_format = format; } diff --git a/src/lib/pubkey/pubkey.h b/src/lib/pubkey/pubkey.h index 18b5d0f9b..077796a5d 100644 --- a/src/lib/pubkey/pubkey.h +++ b/src/lib/pubkey/pubkey.h @@ -281,27 +281,10 @@ class BOTAN_DLL PK_Verifier * @param format the signature format to use */ PK_Verifier(const Public_Key& pub_key, - RandomNumberGenerator& rng, const std::string& emsa, Signature_Format format = IEEE_1363, const std::string& provider = ""); -#if defined(BOTAN_PUBKEY_INCLUDE_DEPRECATED_CONSTRUCTORS) - /** - * Construct a PK Verifier. - * @param pub_key the public key to verify against - * @param emsa the EMSA to use (eg "EMSA3(SHA-1)") - * @param format the signature format to use - */ - BOTAN_DEPRECATED("Use constructor taking a RNG object") - PK_Verifier(const Public_Key& pub_key, - const std::string& emsa, - Signature_Format format = IEEE_1363, - const std::string& provider = "") : - PK_Verifier(pub_key, system_rng(), emsa, format, provider) - {} -#endif - /** * Verify a signature. * @param msg the message that the signature belongs to, as a byte array diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index c8d1e7afc..b40f485e3 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -406,37 +406,51 @@ class RSA_KEM_Encryption_Operation : public PK_Ops::KEM_Encryption_with_KDF, } std::unique_ptr -RSA_PublicKey::create_encryption_op(RandomNumberGenerator& rng, +RSA_PublicKey::create_encryption_op(RandomNumberGenerator& /*rng*/, const std::string& params, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { - std::unique_ptr res = make_openssl_rsa_enc_op(*this, params); - if(res) - return res; + try + { + return make_openssl_rsa_enc_op(*this, params); + } + catch(Exception& e) + { + /* + * If OpenSSL for some reason could not handle this (eg due to OAEP params), + * throw if openssl was specifically requested but otherwise just fall back + * to the normal version. + */ + if(provider == "openssl") + throw Exception("OpenSSL RSA provider rejected key:", e.what()); + } } #endif - return std::unique_ptr(new RSA_Encryption_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new RSA_Encryption_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr -RSA_PublicKey::create_kem_encryption_op(RandomNumberGenerator& rng, +RSA_PublicKey::create_kem_encryption_op(RandomNumberGenerator& /*rng*/, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr(new RSA_KEM_Encryption_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new RSA_KEM_Encryption_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr -RSA_PublicKey::create_verification_op(RandomNumberGenerator& rng, - const std::string& params, +RSA_PublicKey::create_verification_op(const std::string& params, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { std::unique_ptr res = make_openssl_rsa_ver_op(*this, params); if(res) @@ -444,7 +458,10 @@ RSA_PublicKey::create_verification_op(RandomNumberGenerator& rng, } #endif - return std::unique_ptr(new RSA_Verify_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new RSA_Verify_Operation(*this, params)); + + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr @@ -453,23 +470,35 @@ RSA_PrivateKey::create_decryption_op(RandomNumberGenerator& rng, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { - std::unique_ptr res = make_openssl_rsa_dec_op(*this, params); - if(res) - return res; + try + { + return make_openssl_rsa_dec_op(*this, params); + } + catch(Exception& e) + { + if(provider == "openssl") + throw Exception("OpenSSL RSA provider rejected key:", e.what()); + } } #endif - return std::unique_ptr(new RSA_Decryption_Operation(*this, params, rng)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new RSA_Decryption_Operation(*this, params, rng)); + + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr RSA_PrivateKey::create_kem_decryption_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr(new RSA_KEM_Decryption_Operation(*this, params, rng)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new RSA_KEM_Decryption_Operation(*this, params, rng)); + + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr @@ -478,7 +507,7 @@ RSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { std::unique_ptr res = make_openssl_rsa_sig_op(*this, params); if(res) @@ -486,7 +515,10 @@ RSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng, } #endif - return std::unique_ptr(new RSA_Signature_Operation(*this, params, rng)); + if(provider == "base" || provider.empty()) + return std::unique_ptr(new RSA_Signature_Operation(*this, params, rng)); + + throw Provider_Not_Found(algo_name(), provider); } } diff --git a/src/lib/pubkey/rsa/rsa.h b/src/lib/pubkey/rsa/rsa.h index 203a3a323..ddfd23b05 100644 --- a/src/lib/pubkey/rsa/rsa.h +++ b/src/lib/pubkey/rsa/rsa.h @@ -63,8 +63,7 @@ class BOTAN_DLL RSA_PublicKey : public virtual Public_Key const std::string& provider) const override; std::unique_ptr - create_verification_op(RandomNumberGenerator& rng, - const std::string& params, + create_verification_op(const std::string& params, const std::string& provider) const override; protected: diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp index cc162f8a0..ac8fa97fd 100644 --- a/src/lib/tls/msg_cert_verify.cpp +++ b/src/lib/tls/msg_cert_verify.cpp @@ -78,8 +78,7 @@ std::vector Certificate_Verify::serialize() const */ bool Certificate_Verify::verify(const X509_Certificate& cert, const Handshake_State& state, - const Policy& policy, - RandomNumberGenerator& rng) const + const Policy& policy) const { std::unique_ptr key(cert.subject_public_key()); @@ -89,7 +88,7 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, state.parse_sig_format(*key.get(), m_hash_algo, m_sig_algo, true, policy); - PK_Verifier verifier(*key, rng, format.first, format.second); + PK_Verifier verifier(*key, format.first, format.second); return verifier.verify_message(state.hash().get_contents(), m_signature); } diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp index 3df23955b..325e5d1b0 100644 --- a/src/lib/tls/msg_server_kex.cpp +++ b/src/lib/tls/msg_server_kex.cpp @@ -237,8 +237,7 @@ std::vector Server_Key_Exchange::serialize() const */ bool Server_Key_Exchange::verify(const Public_Key& server_key, const Handshake_State& state, - const Policy& policy, - RandomNumberGenerator& rng) const + const Policy& policy) const { policy.check_peer_key_acceptable(server_key); @@ -246,7 +245,7 @@ bool Server_Key_Exchange::verify(const Public_Key& server_key, state.parse_sig_format(server_key, m_hash_algo, m_sig_algo, false, policy); - PK_Verifier verifier(server_key, rng, format.first, format.second); + PK_Verifier verifier(server_key, format.first, format.second); verifier.update(state.client_hello()->random()); verifier.update(state.server_hello()->random()); diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp index 6bfbdc008..0e72b9a28 100644 --- a/src/lib/tls/tls_client.cpp +++ b/src/lib/tls/tls_client.cpp @@ -415,7 +415,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state, { const Public_Key& server_key = state.get_server_public_Key(); - if(!state.server_kex()->verify(server_key, state, policy(), rng())) + if(!state.server_kex()->verify(server_key, state, policy())) { throw TLS_Exception(Alert::DECRYPT_ERROR, "Bad signature on server key exchange"); diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h index 76421bf4a..25228c865 100644 --- a/src/lib/tls/tls_messages.h +++ b/src/lib/tls/tls_messages.h @@ -482,8 +482,7 @@ class BOTAN_DLL Certificate_Verify final : public Handshake_Message */ bool verify(const X509_Certificate& cert, const Handshake_State& state, - const Policy& policy, - RandomNumberGenerator& rng) const; + const Policy& policy) const; Certificate_Verify(Handshake_IO& io, Handshake_State& state, @@ -552,8 +551,7 @@ class Server_Key_Exchange final : public Handshake_Message bool verify(const Public_Key& server_key, const Handshake_State& state, - const Policy& policy, - RandomNumberGenerator& rng) const; + const Policy& policy) const; // Only valid for certain kex types const Private_Key& server_kex_key() const; diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp index 510a30421..82e7fad75 100644 --- a/src/lib/tls/tls_server.cpp +++ b/src/lib/tls/tls_server.cpp @@ -509,7 +509,7 @@ void Server::process_certificate_verify_msg(Server_Handshake_State& pending_stat pending_state.client_certs()->cert_chain(); const bool sig_valid = - pending_state.client_verify()->verify ( client_certs[0], pending_state, policy(), rng() ); + pending_state.client_verify()->verify ( client_certs[0], pending_state, policy() ); pending_state.hash().update ( pending_state.handshake_io().format ( contents, type ) ); diff --git a/src/lib/utils/exceptn.h b/src/lib/utils/exceptn.h index a3cb11f81..bfde49002 100644 --- a/src/lib/utils/exceptn.h +++ b/src/lib/utils/exceptn.h @@ -147,6 +147,16 @@ struct BOTAN_DLL No_Provider_Found : public Exception {} }; +/** +* Provider_Not_Found is thrown when a specific provider was requested +* but that provider is not available. +*/ +struct BOTAN_DLL Provider_Not_Found : public Lookup_Error + { + Provider_Not_Found(const std::string& algo, const std::string& provider) : + Lookup_Error("Could not find provider '" + provider + "' for " + algo) {} + }; + /** * Invalid_Algorithm_Name Exception */ diff --git a/src/tests/test_pubkey.cpp b/src/tests/test_pubkey.cpp index 04fa6292f..66069f110 100644 --- a/src/tests/test_pubkey.cpp +++ b/src/tests/test_pubkey.cpp @@ -102,7 +102,7 @@ PK_Signature_Generation_Test::run_one_test(const std::string&, const VarMap& var try { - signer.reset(new Botan::PK_Signer(*privkey, Test::rng(), padding, Botan::IEEE_1363, sign_provider)); + signer.reset(new Botan::PK_Signer(*privkey, padding, Botan::IEEE_1363, sign_provider)); } catch(Botan::Lookup_Error&) { @@ -130,7 +130,7 @@ PK_Signature_Generation_Test::run_one_test(const std::string&, const VarMap& var try { - verifier.reset(new Botan::PK_Verifier(*pubkey, Test::rng(), padding, Botan::IEEE_1363, verify_provider)); + verifier.reset(new Botan::PK_Verifier(*pubkey, padding, Botan::IEEE_1363, verify_provider)); } catch(Botan::Lookup_Error&) { @@ -168,7 +168,7 @@ PK_Signature_Verification_Test::run_one_test(const std::string&, const VarMap& v try { - verifier.reset(new Botan::PK_Verifier(*pubkey, Test::rng(), padding, Botan::IEEE_1363, verify_provider)); + verifier.reset(new Botan::PK_Verifier(*pubkey, padding, Botan::IEEE_1363, verify_provider)); result.test_eq("correct signature valid", verifier->verify_message(message, signature), true); check_invalid_signatures(result, *verifier, message, signature); } diff --git a/src/tests/unit_ecdsa.cpp b/src/tests/unit_ecdsa.cpp index 869ca7716..268e5cce0 100644 --- a/src/tests/unit_ecdsa.cpp +++ b/src/tests/unit_ecdsa.cpp @@ -59,7 +59,7 @@ Test::Result test_hash_larger_than_n() } Botan::PK_Signer pk_signer_160(priv_key, Test::rng(), "EMSA1(SHA-1)"); - Botan::PK_Verifier pk_verifier_160(priv_key, Test::rng(), "EMSA1(SHA-1)"); + Botan::PK_Verifier pk_verifier_160(priv_key, "EMSA1(SHA-1)"); // Verify we can sign and verify with SHA-160 std::vector signature_160 = pk_signer_160.sign_message(message, Test::rng()); @@ -68,7 +68,7 @@ Test::Result test_hash_larger_than_n() // Verify we can sign and verify with SHA-224 Botan::PK_Signer pk_signer(priv_key, Test::rng(), "EMSA1(SHA-224)"); std::vector signature = pk_signer.sign_message(message, Test::rng()); - Botan::PK_Verifier pk_verifier(priv_key, Test::rng(), "EMSA1(SHA-224)"); + Botan::PK_Verifier pk_verifier(priv_key, "EMSA1(SHA-224)"); result.test_eq("message verifies", pk_verifier.verify_message(message, signature), true); return result; @@ -127,7 +127,7 @@ Test::Result test_sign_then_ver() auto msg = Botan::hex_decode("12345678901234567890abcdef12"); std::vector sig = signer.sign_message(msg, Test::rng()); - Botan::PK_Verifier verifier(ecdsa, Test::rng(), "EMSA1(SHA-256)"); + Botan::PK_Verifier verifier(ecdsa, "EMSA1(SHA-256)"); result.confirm("signature verifies", verifier.verify_message(msg, sig)); @@ -145,7 +145,7 @@ Test::Result test_ec_sign() Botan::EC_Group dom_pars(Botan::OID("1.3.132.0.8")); Botan::ECDSA_PrivateKey priv_key(Test::rng(), dom_pars); Botan::PK_Signer signer(priv_key, Test::rng(), "EMSA1(SHA-224)"); - Botan::PK_Verifier verifier(priv_key, Test::rng(), "EMSA1(SHA-224)"); + Botan::PK_Verifier verifier(priv_key, "EMSA1(SHA-224)"); for(size_t i = 0; i != 256; ++i) { @@ -212,7 +212,7 @@ Test::Result test_ecdsa_create_save_load() Botan::ECDSA_PrivateKey* loaded_ec_key = dynamic_cast(loaded_key.get()); result.confirm("the loaded key could be converted into an ECDSA_PrivateKey", loaded_ec_key); - Botan::PK_Verifier verifier(*loaded_ec_key, Test::rng(), "EMSA1(SHA-256)"); + Botan::PK_Verifier verifier(*loaded_ec_key, "EMSA1(SHA-256)"); result.confirm("generated signature valid", verifier.verify_message(msg, msg_signature)); @@ -261,7 +261,7 @@ Test::Result test_read_pkcs8() result.confirm("key loaded", ecdsa_nodp); Botan::PK_Signer signer(*ecdsa_nodp, Test::rng(), "EMSA1(SHA-256)"); - Botan::PK_Verifier verifier(*ecdsa_nodp, Test::rng(), "EMSA1(SHA-256)"); + Botan::PK_Verifier verifier(*ecdsa_nodp, "EMSA1(SHA-256)"); std::vector signature_nodp = signer.sign_message(msg, Test::rng()); @@ -328,7 +328,7 @@ Test::Result test_curve_registry() Botan::ECDSA_PrivateKey ecdsa(Test::rng(), dom_pars); Botan::PK_Signer signer(ecdsa, Test::rng(), "EMSA1(SHA-256)"); - Botan::PK_Verifier verifier(ecdsa, Test::rng(), "EMSA1(SHA-256)"); + Botan::PK_Verifier verifier(ecdsa, "EMSA1(SHA-256)"); auto msg = Botan::hex_decode("12345678901234567890abcdef12"); std::vector sig = signer.sign_message(msg, Test::rng()); -- cgit v1.2.3