From 2920f1be500d53414b863ec61ca9c2008336479f Mon Sep 17 00:00:00 2001 From: lloyd Date: Fri, 30 Dec 2011 20:35:27 +0000 Subject: Rename the session type to 'TLS_Session'. Split the manager out into its own file. Rename tls_state to tls_handshake_state. --- src/tls/tls_session_manager.cpp | 66 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 src/tls/tls_session_manager.cpp (limited to 'src/tls/tls_session_manager.cpp') diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp new file mode 100644 index 000000000..05a092426 --- /dev/null +++ b/src/tls/tls_session_manager.cpp @@ -0,0 +1,66 @@ +/* +* TLS Session Management +* (C) 2011 Jack Lloyd +* +* Released under the terms of the Botan license +*/ + +#include +#include +#include + +namespace Botan { + +bool TLS_Session_Manager_In_Memory::find(const MemoryVector& session_id, + TLS_Session& params) + { + std::map::iterator i = + sessions.find(hex_encode(session_id)); + + if(i == sessions.end()) + return false; + + // session has expired, remove it + const u64bit now = system_time(); + if(i->second.start_time() + session_lifetime >= now) + { + sessions.erase(i); + return false; + } + + params = i->second; + return true; + } + +bool TLS_Session_Manager_In_Memory::find(const std::string& hostname, u16bit port, + TLS_Session& params) + { + return false; + } + +void TLS_Session_Manager_In_Memory::prohibit_resumption( + const MemoryVector& session_id) + { + std::map::iterator i = + sessions.find(hex_encode(session_id)); + + if(i != sessions.end()) + sessions.erase(i); + } + +void TLS_Session_Manager_In_Memory::save(const TLS_Session& session_data) + { + if(max_sessions != 0) + { + /* + This removes randomly based on ordering of session ids. + Instead, remove oldest first? + */ + while(sessions.size() >= max_sessions) + sessions.erase(sessions.begin()); + } + + sessions[hex_encode(session_data.session_id())] = session_data; + } + +} -- cgit v1.2.3 From bf41971fe4ee6a38609e0ea142010b03017e0329 Mon Sep 17 00:00:00 2001 From: lloyd Date: Fri, 30 Dec 2011 21:26:20 +0000 Subject: Better names on the session manager. Plausible client lookup support, untested though. --- src/tls/tls_server.cpp | 2 +- src/tls/tls_session_manager.cpp | 46 ++++++++++++++++++++++++++++++++--------- src/tls/tls_session_manager.h | 32 +++++++++++++++++----------- 3 files changed, 57 insertions(+), 23 deletions(-) (limited to 'src/tls/tls_session_manager.cpp') diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 1d96f5631..f0d1fb361 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -40,7 +40,7 @@ bool check_for_resume(TLS_Session& session_info, return false; // not found - if(!session_manager.find(client_session_id, session_info)) + if(!session_manager.load_from_session_id(client_session_id, session_info)) return false; // wrong version diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp index 05a092426..7503b7c28 100644 --- a/src/tls/tls_session_manager.cpp +++ b/src/tls/tls_session_manager.cpp @@ -11,11 +11,10 @@ namespace Botan { -bool TLS_Session_Manager_In_Memory::find(const MemoryVector& session_id, - TLS_Session& params) +bool TLS_Session_Manager_In_Memory::load_from_session_str( + const std::string& session_str, TLS_Session& session) { - std::map::iterator i = - sessions.find(hex_encode(session_id)); + std::map::iterator i = sessions.find(session_str); if(i == sessions.end()) return false; @@ -28,17 +27,39 @@ bool TLS_Session_Manager_In_Memory::find(const MemoryVector& session_id, return false; } - params = i->second; + session = i->second; return true; } -bool TLS_Session_Manager_In_Memory::find(const std::string& hostname, u16bit port, - TLS_Session& params) +bool TLS_Session_Manager_In_Memory::load_from_session_id( + const MemoryVector& session_id, TLS_Session& session) { + return load_from_session_str(hex_encode(session_id), session); + } + +bool TLS_Session_Manager_In_Memory::load_from_host_info( + const std::string& hostname, u16bit port, TLS_Session& session) + { + std::map::iterator i; + + if(port > 0) + i = host_sessions.find(hostname + ":" + to_string(port)); + else + i = host_sessions.find(hostname); + + if(i == host_sessions.end()) + return false; + + if(load_from_session_str(i->second, session)) + return true; + + // was removed from sessions map, remove host_sessions entry + host_sessions.erase(i); + return false; } -void TLS_Session_Manager_In_Memory::prohibit_resumption( +void TLS_Session_Manager_In_Memory::remove_entry( const MemoryVector& session_id) { std::map::iterator i = @@ -48,7 +69,7 @@ void TLS_Session_Manager_In_Memory::prohibit_resumption( sessions.erase(i); } -void TLS_Session_Manager_In_Memory::save(const TLS_Session& session_data) +void TLS_Session_Manager_In_Memory::save(const TLS_Session& session) { if(max_sessions != 0) { @@ -60,7 +81,12 @@ void TLS_Session_Manager_In_Memory::save(const TLS_Session& session_data) sessions.erase(sessions.begin()); } - sessions[hex_encode(session_data.session_id())] = session_data; + const std::string session_id_str = hex_encode(session.session_id()); + + sessions[session_id_str] = session; + + if(session.side() == CLIENT && session.sni_hostname() != "") + host_sessions[session.sni_hostname()] = session_id_str; } } diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h index e2b66afb5..b30de7364 100644 --- a/src/tls/tls_session_manager.h +++ b/src/tls/tls_session_manager.h @@ -17,6 +17,9 @@ namespace Botan { * TLS_Session_Manager is an interface to systems which can save * session parameters for supporting session resumption. * +* Saving sessions is done on a best-effort basis; an implementation is +* allowed to drop sessions due to space constraints. +* * Implementations should strive to be thread safe */ class BOTAN_DLL TLS_Session_Manager @@ -29,8 +32,8 @@ class BOTAN_DLL TLS_Session_Manager or not modified if not found * @return true if params was modified */ - virtual bool find(const MemoryVector& session_id, - TLS_Session& params) = 0; + virtual bool load_from_session_id(const MemoryVector& session_id, + TLS_Session& params) = 0; /** * Try to load a saved session (client side) @@ -40,13 +43,13 @@ class BOTAN_DLL TLS_Session_Manager or not modified if not found * @return true if params was modified */ - virtual bool find(const std::string& hostname, u16bit port, - TLS_Session& params) = 0; + virtual bool load_from_host_info(const std::string& hostname, u16bit port, + TLS_Session& params) = 0; /** - * Prohibit resumption of this session. Effectively an erase. + * Remove this session id from the cache */ - virtual void prohibit_resumption(const MemoryVector& session_id) = 0; + virtual void remove_entry(const MemoryVector& session_id) = 0; /** * Save a session on a best effort basis; the manager may not in @@ -83,19 +86,24 @@ class BOTAN_DLL TLS_Session_Manager_In_Memory : public TLS_Session_Manager session_lifetime(session_lifetime) {} - bool find(const MemoryVector& session_id, - TLS_Session& params); + bool load_from_session_id(const MemoryVector& session_id, + TLS_Session& params); - bool find(const std::string& hostname, u16bit port, - TLS_Session& params); + bool load_from_host_info(const std::string& hostname, u16bit port, + TLS_Session& params); - void prohibit_resumption(const MemoryVector& session_id); + void remove_entry(const MemoryVector& session_id); void save(const TLS_Session& session_data); private: + bool load_from_session_str(const std::string& session_str, + TLS_Session& params); + size_t max_sessions, session_lifetime; - std::map sessions; + + std::map sessions; // hex(session_id) -> session + std::map host_sessions; }; } -- cgit v1.2.3 From 074ea8fdee34a668c57b19b474468a7e4d581567 Mon Sep 17 00:00:00 2001 From: lloyd Date: Sat, 31 Dec 2011 02:15:18 +0000 Subject: Add support for client-side session resumption --- doc/examples/tls_client.cpp | 143 +++++++++++++++++++++------------------- src/tls/hello.cpp | 23 ++++++- src/tls/tls_channel.h | 13 ++-- src/tls/tls_client.cpp | 143 ++++++++++++++++++++++++++++++++-------- src/tls/tls_client.h | 2 +- src/tls/tls_handshake_state.h | 5 ++ src/tls/tls_messages.h | 32 +++++---- src/tls/tls_server.cpp | 42 ++++++------ src/tls/tls_session.h | 24 +++---- src/tls/tls_session_manager.cpp | 8 ++- src/tls/tls_session_manager.h | 37 +++++------ 11 files changed, 305 insertions(+), 167 deletions(-) (limited to 'src/tls/tls_session_manager.cpp') diff --git a/doc/examples/tls_client.cpp b/doc/examples/tls_client.cpp index 275d4b309..1787e8dea 100644 --- a/doc/examples/tls_client.cpp +++ b/doc/examples/tls_client.cpp @@ -112,6 +112,82 @@ void process_data(const byte buf[], size_t buf_size, u16bit alert_info) printf("%c", buf[i]); } +void doit(RandomNumberGenerator& rng, + TLS_Policy& policy, + TLS_Session_Manager& session_manager, + const std::string& host, + u16bit port) + { + int sockfd = connect_to_host(host, port); + + TLS_Client client(std::tr1::bind(socket_write, sockfd, _1, _2), + process_data, + handshake_complete, + session_manager, + policy, + rng, + host); + + fd_set readfds; + + bool version_reported = false; + + while(true) + { + FD_ZERO(&readfds); + FD_SET(sockfd, &readfds); + FD_SET(STDIN_FILENO, &readfds); + + ::select(sockfd + 1, &readfds, NULL, NULL, NULL); + + if(client.is_closed()) + break; + + if(client.is_active() && !version_reported) + printf("Negotiated version %04X\n", client.protocol_version()); + + if(FD_ISSET(sockfd, &readfds)) + { + byte buf[1024] = { 0 }; + ssize_t got = read(sockfd, buf, sizeof(buf)); + + if(got == 0) + { + printf("EOF on socket\n"); + break; + } + else if(got == -1) + { + printf("Socket error %d (%s)\n", errno, strerror(errno)); + continue; + } + + //printf("socket read %d\n", got); + + client.received_data(buf, got); + } + else if(FD_ISSET(STDIN_FILENO, &readfds)) + { + byte buf[1024] = { 0 }; + ssize_t got = read(STDIN_FILENO, buf, sizeof(buf)); + + if(got == 0) + { + printf("EOF on stdin\n"); + client.close(); + break; + } + else if(got == -1) + { + printf("Error reading stdin %d (%s)\n", errno, strerror(errno)); + continue; + } + + client.queue_for_sending(buf, got); + } + } + } + int main(int argc, char* argv[]) { if(argc != 2 && argc != 3) @@ -130,74 +206,9 @@ int main(int argc, char* argv[]) std::string host = argv[1]; u32bit port = argc == 3 ? Botan::to_u32bit(argv[2]) : 443; - int sockfd = connect_to_host(host, port); - - TLS_Client client(std::tr1::bind(socket_write, sockfd, _1, _2), - process_data, - handshake_complete, - session_manager, - policy, - rng, - host); - - fd_set readfds; - - bool version_reported = false; - while(true) - { - FD_ZERO(&readfds); - FD_SET(sockfd, &readfds); - FD_SET(STDIN_FILENO, &readfds); - - ::select(sockfd + 1, &readfds, NULL, NULL, NULL); - - if(client.is_closed()) - break; - - if(client.is_active() && !version_reported) - printf("Negotiated version %04X\n", client.protocol_version()); + doit(rng, policy, session_manager, host, port); - if(FD_ISSET(sockfd, &readfds)) - { - byte buf[1024] = { 0 }; - ssize_t got = read(sockfd, buf, sizeof(buf)); - - if(got == 0) - { - printf("EOF on socket\n"); - break; - } - else if(got == -1) - { - printf("Socket error %d (%s)\n", errno, strerror(errno)); - continue; - } - - //printf("socket read %d\n", got); - - client.received_data(buf, got); - } - else if(FD_ISSET(STDIN_FILENO, &readfds)) - { - byte buf[1024] = { 0 }; - ssize_t got = read(STDIN_FILENO, buf, sizeof(buf)); - - if(got == 0) - { - printf("EOF on stdin\n"); - client.close(); - break; - } - else if(got == -1) - { - printf("Error reading stdin %d (%s)\n", errno, strerror(errno)); - continue; - } - - client.queue_for_sending(buf, got); - } - } } catch(std::exception& e) { diff --git a/src/tls/hello.cpp b/src/tls/hello.cpp index fc19f6802..08d8eee8e 100644 --- a/src/tls/hello.cpp +++ b/src/tls/hello.cpp @@ -17,7 +17,7 @@ namespace Botan { /* * Encode and send a Handshake message */ -void HandshakeMessage::send(Record_Writer& writer, TLS_Handshake_Hash& hash) const +void Handshake_Message::send(Record_Writer& writer, TLS_Handshake_Hash& hash) const { MemoryVector buf = serialize(); MemoryVector send_buf(4); @@ -85,6 +85,27 @@ Client_Hello::Client_Hello(Record_Writer& writer, send(writer, hash); } +/* +* Create a new Client Hello message +*/ +Client_Hello::Client_Hello(Record_Writer& writer, + TLS_Handshake_Hash& hash, + RandomNumberGenerator& rng, + const TLS_Session& session) : + c_version(session.version()), + sess_id(session.session_id()), + c_random(rng.random_vec(32)), + requested_hostname(session.sni_hostname()), + requested_srp_id(session.srp_identifier()), + m_fragment_size(session.fragment_size()), + has_secure_renegotiation(session.secure_renegotiation()) + { + suites.push_back(session.ciphersuite()); + comp_methods.push_back(session.compression_method()); + + send(writer, hash); + } + /* * Serialize a Client Hello message */ diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index 8eca71305..c1e9e1fda 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -24,9 +24,8 @@ class BOTAN_DLL TLS_Channel public: /** * Inject TLS traffic received from counterparty - * @return a hint as the how many more bytes we need to process the - current record (this may be 0 if on a record boundary) + * current record (this may be 0 if on a record boundary) */ virtual size_t received_data(const byte buf[], size_t buf_size); @@ -43,21 +42,23 @@ class BOTAN_DLL TLS_Channel /** * Send a TLS alert message. If the alert is fatal, the * internal state (keys, etc) will be reset + * @param level is warning or fatal + * @param type is the type of alert */ void alert(Alert_Level level, Alert_Type type); /** - * Is the connection active for sending application data? + * @return true iff the connection is active for sending application data */ bool is_active() const { return handshake_completed && !is_closed(); } /** - * Has the connection been definitely closed + * @return true iff the connection has been definitely closed */ bool is_closed() const { return connection_closed; } /** - * Return the negotiated version (if session is currently active) + * @return negotiated version (if session is currently active) */ Version_Code protocol_version() const; @@ -67,7 +68,7 @@ class BOTAN_DLL TLS_Channel virtual void renegotiate() = 0; /** - * Return the certificates of the peer + * @return certificate chain of the peer (may be empty) */ std::vector peer_cert_chain() const { return peer_certs; } diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index 1790151f9..9942c2d44 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -8,10 +8,13 @@ #include #include #include +#include #include #include #include +#include + namespace Botan { /* @@ -24,7 +27,7 @@ TLS_Client::TLS_Client(std::tr1::function output_fn const TLS_Policy& policy, RandomNumberGenerator& rng, const std::string& hostname, - const std::string& srp_username) : + const std::string& srp_identifier) : TLS_Channel(output_fn, proc_fn, handshake_fn), policy(policy), rng(rng), @@ -34,13 +37,36 @@ TLS_Client::TLS_Client(std::tr1::function output_fn state = new Handshake_State; state->set_expected_next(SERVER_HELLO); - state->client_hello = new Client_Hello(writer, - state->hash, - policy, - rng, - secure_renegotiation.for_client_hello(), - hostname, - srp_username); + + if(hostname != "") + { + TLS_Session session_info; + if(session_manager.load_from_host_info(hostname, 0, session_info)) + { + if(session_info.srp_identifier() == srp_identifier) + { + state->client_hello = new Client_Hello( + writer, + state->hash, + rng, + session_info); + + state->resume_master_secret = session_info.master_secret(); + } + } + } + + if(!state->client_hello) // not resuming + { + state->client_hello = new Client_Hello( + writer, + state->hash, + policy, + rng, + secure_renegotiation.for_client_hello(), + hostname, + srp_identifier); + } secure_renegotiation.update(state->client_hello); } @@ -128,19 +154,14 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, "TLS_Client: Server replied with bad ciphersuite"); } - state->version = state->server_hello->version(); - - if(state->version > state->client_hello->version()) + if(!value_exists(state->client_hello->compression_methods(), + state->server_hello->compression_method())) { throw TLS_Exception(HANDSHAKE_FAILURE, - "TLS_Client: Server replied with bad version"); + "TLS_Client: Server replied with bad compression method"); } - if(state->version < policy.min_version()) - { - throw TLS_Exception(PROTOCOL_VERSION, - "TLS_Client: Server is too old for specified policy"); - } + state->version = state->server_hello->version(); writer.set_version(state->version); reader.set_version(state->version); @@ -149,20 +170,56 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, state->suite = TLS_Cipher_Suite(state->server_hello->ciphersuite()); - // if resuming, next is HANDSHAKE_CCS - - if(state->suite.sig_type() != TLS_ALGO_SIGNER_ANON) - { - state->set_expected_next(CERTIFICATE); - } - else if(state->suite.kex_type() != TLS_ALGO_KEYEXCH_NOKEX) + if(!state->server_hello->session_id().empty() && + (state->server_hello->session_id() == state->client_hello->session_id())) { - state->set_expected_next(SERVER_KEX); + // successful resumption + + /* + In this case, we offered the original session and the server + must resume with it + */ + if(state->server_hello->version() != state->client_hello->version()) + throw TLS_Exception(HANDSHAKE_FAILURE, + "Server resumed session but with wrong version"); + + state->keys = SessionKeys(state->suite, state->version, + state->resume_master_secret, + state->client_hello->random(), + state->server_hello->random(), + true); + + state->set_expected_next(HANDSHAKE_CCS); } else { - state->set_expected_next(CERTIFICATE_REQUEST); // optional - state->set_expected_next(SERVER_HELLO_DONE); + // new session + + if(state->version > state->client_hello->version()) + { + throw TLS_Exception(HANDSHAKE_FAILURE, + "TLS_Client: Server replied with bad version"); + } + + if(state->version < policy.min_version()) + { + throw TLS_Exception(PROTOCOL_VERSION, + "TLS_Client: Server is too old for specified policy"); + } + + if(state->suite.sig_type() != TLS_ALGO_SIGNER_ANON) + { + state->set_expected_next(CERTIFICATE); + } + else if(state->suite.kex_type() != TLS_ALGO_KEYEXCH_NOKEX) + { + state->set_expected_next(SERVER_KEX); + } + else + { + state->set_expected_next(CERTIFICATE_REQUEST); // optional + state->set_expected_next(SERVER_HELLO_DONE); + } } } else if(type == CERTIFICATE) @@ -308,6 +365,38 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, throw TLS_Exception(DECRYPT_ERROR, "Finished message didn't verify"); + state->hash.update(type, contents); + + if(!state->client_finished) // session resume case + { + writer.send(CHANGE_CIPHER_SPEC, 1); + + writer.activate(state->suite, state->keys, CLIENT); + + state->client_finished = new Finished(writer, state->hash, + state->version, CLIENT, + state->keys.master_secret()); + } + + TLS_Session session_info( + state->server_hello->session_id(), + state->keys.master_secret(), + state->server_hello->version(), + state->server_hello->ciphersuite(), + state->server_hello->compression_method(), + CLIENT, + secure_renegotiation.supported(), + state->server_hello->fragment_size(), + peer_certs, + state->client_hello->sni_hostname(), + "" + ); + + session_manager.save(session_info); + + if(handshake_fn) + handshake_fn(session_info); + secure_renegotiation.update(state->client_finished, state->server_finished); delete state; diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h index 75a85f74d..0f654a40f 100644 --- a/src/tls/tls_client.h +++ b/src/tls/tls_client.h @@ -25,7 +25,7 @@ class BOTAN_DLL TLS_Client : public TLS_Channel * @param socket_output_fn is called with data for the outbound socket * @param proc_fn is called when new data (application or alerts) is received * @param handshake_complete is called when a handshake is completed - * @param session_manager manages session resumption + * @param session_manager manages session state * @param policy specifies other connection policy information * @param rng a random number generator * @param servername the server's DNS name, if known diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h index 1602ca17c..f57538478 100644 --- a/src/tls/tls_handshake_state.h +++ b/src/tls/tls_handshake_state.h @@ -50,6 +50,11 @@ class Handshake_State SecureQueue queue; + /* + * Only used by clients for session resumption + */ + SecureVector resume_master_secret; + Version_Code version; private: u32bit hand_expecting_mask, hand_received_mask; diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index 2d66dfa11..f0620003b 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -9,6 +9,7 @@ #define BOTAN_TLS_MESSAGES_H__ #include +#include #include #include #include @@ -25,16 +26,16 @@ class Record_Reader; /** * TLS Handshake Message Base Class */ -class HandshakeMessage +class Handshake_Message { public: void send(Record_Writer& writer, TLS_Handshake_Hash& hash) const; virtual Handshake_Type type() const = 0; - virtual ~HandshakeMessage() {} + virtual ~Handshake_Message() {} private: - HandshakeMessage& operator=(const HandshakeMessage&) { return (*this); } + Handshake_Message& operator=(const Handshake_Message&) { return (*this); } virtual MemoryVector serialize() const = 0; virtual void deserialize(const MemoryRegion&) = 0; }; @@ -42,7 +43,7 @@ class HandshakeMessage /** * Client Hello Message */ -class Client_Hello : public HandshakeMessage +class Client_Hello : public Handshake_Message { public: Handshake_Type type() const { return CLIENT_HELLO; } @@ -82,6 +83,11 @@ class Client_Hello : public HandshakeMessage const std::string& hostname = "", const std::string& srp_identifier = ""); + Client_Hello(Record_Writer& writer, + TLS_Handshake_Hash& hash, + RandomNumberGenerator& rng, + const TLS_Session& resumed_session); + Client_Hello(const MemoryRegion& buf, Handshake_Type type) { @@ -111,7 +117,7 @@ class Client_Hello : public HandshakeMessage /** * Server Hello Message */ -class Server_Hello : public HandshakeMessage +class Server_Hello : public Handshake_Message { public: Handshake_Type type() const { return SERVER_HELLO; } @@ -176,7 +182,7 @@ class Server_Hello : public HandshakeMessage /** * Client Key Exchange Message */ -class Client_Key_Exchange : public HandshakeMessage +class Client_Key_Exchange : public Handshake_Message { public: Handshake_Type type() const { return CLIENT_KEX; } @@ -209,7 +215,7 @@ class Client_Key_Exchange : public HandshakeMessage /** * Certificate Message */ -class Certificate : public HandshakeMessage +class Certificate : public Handshake_Message { public: Handshake_Type type() const { return CERTIFICATE; } @@ -232,7 +238,7 @@ class Certificate : public HandshakeMessage /** * Certificate Request Message */ -class Certificate_Req : public HandshakeMessage +class Certificate_Req : public Handshake_Message { public: Handshake_Type type() const { return CERTIFICATE_REQUEST; } @@ -258,7 +264,7 @@ class Certificate_Req : public HandshakeMessage /** * Certificate Verify Message */ -class Certificate_Verify : public HandshakeMessage +class Certificate_Verify : public Handshake_Message { public: Handshake_Type type() const { return CERTIFICATE_VERIFY; } @@ -291,7 +297,7 @@ class Certificate_Verify : public HandshakeMessage /** * Finished Message */ -class Finished : public HandshakeMessage +class Finished : public Handshake_Message { public: Handshake_Type type() const { return FINISHED; } @@ -327,7 +333,7 @@ class Finished : public HandshakeMessage /** * Hello Request Message */ -class Hello_Request : public HandshakeMessage +class Hello_Request : public Handshake_Message { public: Handshake_Type type() const { return HELLO_REQUEST; } @@ -342,7 +348,7 @@ class Hello_Request : public HandshakeMessage /** * Server Key Exchange Message */ -class Server_Key_Exchange : public HandshakeMessage +class Server_Key_Exchange : public Handshake_Message { public: Handshake_Type type() const { return SERVER_KEX; } @@ -373,7 +379,7 @@ class Server_Key_Exchange : public HandshakeMessage /** * Server Hello Done Message */ -class Server_Hello_Done : public HandshakeMessage +class Server_Hello_Done : public Handshake_Message { public: Handshake_Type type() const { return SERVER_HELLO_DONE; } diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index f0d1fb361..0e2e173cf 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -12,6 +12,8 @@ #include #include +#include + namespace Botan { namespace { @@ -180,6 +182,8 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, if(resuming) { // resume session + + printf("Resuming a session\n"); state->server_hello = new Server_Hello( writer, state->hash, @@ -377,27 +381,27 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, if(state->client_certs && state->client_verify) peer_certs = state->client_certs->cert_chain(); - - TLS_Session session_info( - state->server_hello->session_id(), - state->keys.master_secret(), - state->server_hello->version(), - state->server_hello->ciphersuite(), - state->server_hello->compression_method(), - SERVER, - secure_renegotiation.supported(), - state->server_hello->fragment_size(), - peer_certs, - client_requested_hostname, - "" - ); - - session_manager.save(session_info); - - if(handshake_fn) - handshake_fn(session_info); } + TLS_Session session_info( + state->server_hello->session_id(), + state->keys.master_secret(), + state->server_hello->version(), + state->server_hello->ciphersuite(), + state->server_hello->compression_method(), + SERVER, + secure_renegotiation.supported(), + state->server_hello->fragment_size(), + peer_certs, + client_requested_hostname, + "" + ); + + session_manager.save(session_info); + + if(handshake_fn) + handshake_fn(session_info); + secure_renegotiation.update(state->client_finished, state->server_finished); diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h index c713efc87..b4b3861ed 100644 --- a/src/tls/tls_session.h +++ b/src/tls/tls_session.h @@ -38,16 +38,16 @@ class BOTAN_DLL TLS_Session * New session (sets session start time) */ TLS_Session(const MemoryRegion& session_id, - const MemoryRegion& master_secret, - Version_Code version, - u16bit ciphersuite, - byte compression_method, - Connection_Side side, - bool secure_renegotiation_supported, - size_t fragment_size, - const std::vector& peer_certs, - const std::string& sni_hostname = "", - const std::string& srp_identifier = ""); + const MemoryRegion& master_secret, + Version_Code version, + u16bit ciphersuite, + byte compression_method, + Connection_Side side, + bool secure_renegotiation_supported, + size_t fragment_size, + const std::vector& peer_certs, + const std::string& sni_hostname = "", + const std::string& srp_identifier = ""); /** * Load a session from BER (created by BER_encode) @@ -111,9 +111,9 @@ class BOTAN_DLL TLS_Session size_t fragment_size() const { return m_fragment_size; } /** - * Is secure negotiation supported? + * Is secure renegotiation supported? */ - bool secure_negotiation() const + bool secure_renegotiation() const { return m_secure_renegotiation_supported; } /** diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp index 7503b7c28..4a0126fc0 100644 --- a/src/tls/tls_session_manager.cpp +++ b/src/tls/tls_session_manager.cpp @@ -9,6 +9,8 @@ #include #include +#include + namespace Botan { bool TLS_Session_Manager_In_Memory::load_from_session_str( @@ -21,7 +23,7 @@ bool TLS_Session_Manager_In_Memory::load_from_session_str( // session has expired, remove it const u64bit now = system_time(); - if(i->second.start_time() + session_lifetime >= now) + if(i->second.start_time() + session_lifetime < now) { sessions.erase(i); return false; @@ -32,7 +34,7 @@ bool TLS_Session_Manager_In_Memory::load_from_session_str( } bool TLS_Session_Manager_In_Memory::load_from_session_id( - const MemoryVector& session_id, TLS_Session& session) + const MemoryRegion& session_id, TLS_Session& session) { return load_from_session_str(hex_encode(session_id), session); } @@ -60,7 +62,7 @@ bool TLS_Session_Manager_In_Memory::load_from_host_info( } void TLS_Session_Manager_In_Memory::remove_entry( - const MemoryVector& session_id) + const MemoryRegion& session_id) { std::map::iterator i = sessions.find(hex_encode(session_id)); diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h index b30de7364..289b76a3b 100644 --- a/src/tls/tls_session_manager.h +++ b/src/tls/tls_session_manager.h @@ -28,39 +28,38 @@ class BOTAN_DLL TLS_Session_Manager /** * Try to load a saved session (server side) * @param session_id the session identifier we are trying to resume - * @param params will be set to the saved session data (if found), + * @param session will be set to the saved session data (if found), or not modified if not found - * @return true if params was modified + * @return true if session was modified */ - virtual bool load_from_session_id(const MemoryVector& session_id, - TLS_Session& params) = 0; + virtual bool load_from_session_id(const MemoryRegion& session_id, + TLS_Session& session) = 0; /** * Try to load a saved session (client side) * @param hostname of the host we are connecting to * @param port the port number if we know it, or 0 if unknown - * @param params will be set to the saved session data (if found), + * @param session will be set to the saved session data (if found), or not modified if not found - * @return true if params was modified + * @return true if session was modified */ virtual bool load_from_host_info(const std::string& hostname, u16bit port, - TLS_Session& params) = 0; + TLS_Session& session) = 0; /** - * Remove this session id from the cache + * Remove this session id from the cache, if it exists */ - virtual void remove_entry(const MemoryVector& session_id) = 0; + virtual void remove_entry(const MemoryRegion& session_id) = 0; /** * Save a session on a best effort basis; the manager may not in - * fact be able to save the session for whatever reason, this is + * fact be able to save the session for whatever reason; this is * not an error. Caller cannot assume that calling save followed - * immediately by find will result in a successful lookup. + * immediately by load_from_* will result in a successful lookup. * - * @param session_id the session identifier - * @param params to save + * @param session to save */ - virtual void save(const TLS_Session& params) = 0; + virtual void save(const TLS_Session& session) = 0; virtual ~TLS_Session_Manager() {} }; @@ -86,19 +85,19 @@ class BOTAN_DLL TLS_Session_Manager_In_Memory : public TLS_Session_Manager session_lifetime(session_lifetime) {} - bool load_from_session_id(const MemoryVector& session_id, - TLS_Session& params); + bool load_from_session_id(const MemoryRegion& session_id, + TLS_Session& session); bool load_from_host_info(const std::string& hostname, u16bit port, - TLS_Session& params); + TLS_Session& session); - void remove_entry(const MemoryVector& session_id); + void remove_entry(const MemoryRegion& session_id); void save(const TLS_Session& session_data); private: bool load_from_session_str(const std::string& session_str, - TLS_Session& params); + TLS_Session& session); size_t max_sessions, session_lifetime; -- cgit v1.2.3 From 268b336843cf71f8fcb8c68ed67a622c71e3232a Mon Sep 17 00:00:00 2001 From: lloyd Date: Wed, 4 Jan 2012 17:11:40 +0000 Subject: Split hello.cpp into c_hello.cpp and s_hello.cpp Add support for NPN on the server side. Server is initialized with the list of protocols it wants to offer, once the handshake completes the client requested protocol is available via a getter. --- src/tls/c_hello.cpp | 290 +++++++++++++++++++++++++ src/tls/hello.cpp | 468 ---------------------------------------- src/tls/info.txt | 17 +- src/tls/s_hello.cpp | 201 +++++++++++++++++ src/tls/tls_extensions.cpp | 4 - src/tls/tls_messages.h | 22 +- src/tls/tls_server.cpp | 49 +++-- src/tls/tls_server.h | 19 +- src/tls/tls_session_manager.cpp | 2 - 9 files changed, 560 insertions(+), 512 deletions(-) create mode 100644 src/tls/c_hello.cpp delete mode 100644 src/tls/hello.cpp create mode 100644 src/tls/s_hello.cpp (limited to 'src/tls/tls_session_manager.cpp') diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp new file mode 100644 index 000000000..3164f30ee --- /dev/null +++ b/src/tls/c_hello.cpp @@ -0,0 +1,290 @@ +;/* +* TLS Hello Request and Client Hello Messages +* (C) 2004-2011 Jack Lloyd +* +* Released under the terms of the Botan license +*/ + +#include +#include +#include +#include +#include +#include + +namespace Botan { + +/* +* Encode and send a Handshake message +*/ +void Handshake_Message::send(Record_Writer& writer, TLS_Handshake_Hash& hash) const + { + MemoryVector buf = serialize(); + MemoryVector send_buf(4); + + const size_t buf_size = buf.size(); + + send_buf[0] = type(); + + for(size_t i = 1; i != 4; ++i) + send_buf[i] = get_byte(i, buf_size); + + send_buf += buf; + + hash.update(send_buf); + + writer.send(HANDSHAKE, &send_buf[0], send_buf.size()); + } + +/* +* Create a new Hello Request message +*/ +Hello_Request::Hello_Request(Record_Writer& writer) + { + TLS_Handshake_Hash dummy; // FIXME: *UGLY* + send(writer, dummy); + } + +/* +* Serialize a Hello Request message +*/ +MemoryVector Hello_Request::serialize() const + { + return MemoryVector(); + } + +/* +* Deserialize a Hello Request message +*/ +void Hello_Request::deserialize(const MemoryRegion& buf) + { + if(buf.size()) + throw Decoding_Error("Hello_Request: Must be empty, and is not"); + } + +/* +* Create a new Client Hello message +*/ +Client_Hello::Client_Hello(Record_Writer& writer, + TLS_Handshake_Hash& hash, + const TLS_Policy& policy, + RandomNumberGenerator& rng, + const MemoryRegion& reneg_info, + bool next_protocol, + const std::string& hostname, + const std::string& srp_identifier) : + m_version(policy.pref_version()), + m_random(rng.random_vec(32)), + m_suites(policy.ciphersuites(srp_identifier != "")), + m_comp_methods(policy.compression()), + m_hostname(hostname), + m_srp_identifier(srp_identifier), + m_next_protocol(next_protocol), + m_fragment_size(0), + m_secure_renegotiation(true), + m_renegotiation_info(reneg_info) + { + send(writer, hash); + } + +/* +* Create a new Client Hello message +*/ +Client_Hello::Client_Hello(Record_Writer& writer, + TLS_Handshake_Hash& hash, + RandomNumberGenerator& rng, + const TLS_Session& session, + bool next_protocol) : + m_version(session.version()), + m_session_id(session.session_id()), + m_random(rng.random_vec(32)), + m_hostname(session.sni_hostname()), + m_srp_identifier(session.srp_identifier()), + m_next_protocol(next_protocol), + m_fragment_size(session.fragment_size()), + m_secure_renegotiation(session.secure_renegotiation()) + { + m_suites.push_back(session.ciphersuite()); + m_comp_methods.push_back(session.compression_method()); + + send(writer, hash); + } + +/* +* Serialize a Client Hello message +*/ +MemoryVector Client_Hello::serialize() const + { + MemoryVector buf; + + buf.push_back(static_cast(m_version >> 8)); + buf.push_back(static_cast(m_version )); + buf += m_random; + + append_tls_length_value(buf, m_session_id, 1); + append_tls_length_value(buf, m_suites, 2); + append_tls_length_value(buf, m_comp_methods, 1); + + /* + * May not want to send extensions at all in some cases. + * If so, should include SCSV value (if reneg info is empty, if + * not we are renegotiating with a modern server and should only + * send that extension. + */ + + TLS_Extensions extensions; + + // Initial handshake + if(m_renegotiation_info.empty()) + { + extensions.push_back(new Renegotation_Extension(m_renegotiation_info)); + extensions.push_back(new Server_Name_Indicator(m_hostname)); + extensions.push_back(new SRP_Identifier(m_srp_identifier)); + + if(m_next_protocol) + extensions.push_back(new Next_Protocol_Negotiation()); + } + else + { + // renegotiation + extensions.push_back(new Renegotation_Extension(m_renegotiation_info)); + } + + buf += extensions.serialize(); + + return buf; + } + +void Client_Hello::deserialize_sslv2(const MemoryRegion& buf) + { + if(buf.size() < 12 || buf[0] != 1) + throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); + + const size_t cipher_spec_len = make_u16bit(buf[3], buf[4]); + const size_t m_session_id_len = make_u16bit(buf[5], buf[6]); + const size_t challenge_len = make_u16bit(buf[7], buf[8]); + + const size_t expected_size = + (9 + m_session_id_len + cipher_spec_len + challenge_len); + + if(buf.size() != expected_size) + throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); + + if(m_session_id_len != 0 || cipher_spec_len % 3 != 0 || + (challenge_len < 16 || challenge_len > 32)) + { + throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); + } + + for(size_t i = 9; i != 9 + cipher_spec_len; i += 3) + { + if(buf[i] != 0) // a SSLv2 cipherspec; ignore it + continue; + + m_suites.push_back(make_u16bit(buf[i+1], buf[i+2])); + } + + m_version = static_cast(make_u16bit(buf[1], buf[2])); + + m_random.resize(challenge_len); + copy_mem(&m_random[0], &buf[9+cipher_spec_len+m_session_id_len], challenge_len); + + m_secure_renegotiation = + value_exists(m_suites, static_cast(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)); + + m_fragment_size = 0; + m_next_protocol = false; + } + +/* +* Deserialize a Client Hello message +*/ +void Client_Hello::deserialize(const MemoryRegion& buf) + { + if(buf.size() == 0) + throw Decoding_Error("Client_Hello: Packet corrupted"); + + if(buf.size() < 41) + throw Decoding_Error("Client_Hello: Packet corrupted"); + + TLS_Data_Reader reader(buf); + + m_version = static_cast(reader.get_u16bit()); + m_random = reader.get_fixed(32); + + m_session_id = reader.get_range(1, 0, 32); + + m_suites = reader.get_range_vector(2, 1, 32767); + + m_comp_methods = reader.get_range_vector(1, 1, 255); + + m_next_protocol = false; + m_secure_renegotiation = false; + m_fragment_size = 0; + + TLS_Extensions extensions(reader); + + for(size_t i = 0; i != extensions.count(); ++i) + { + TLS_Extension* extn = extensions.at(i); + + if(Server_Name_Indicator* sni = dynamic_cast(extn)) + { + m_hostname = sni->host_name(); + } + else if(SRP_Identifier* srp = dynamic_cast(extn)) + { + m_srp_identifier = srp->identifier(); + } + else if(Next_Protocol_Negotiation* npn = dynamic_cast(extn)) + { + if(!npn->protocols().empty()) + throw Decoding_Error("Client sent non-empty NPN extension"); + + m_next_protocol = true; + } + else if(Maximum_Fragment_Length* frag = dynamic_cast(extn)) + { + m_fragment_size = frag->fragment_size(); + } + else if(Renegotation_Extension* reneg = dynamic_cast(extn)) + { + // checked by TLS_Client / TLS_Server as they know the handshake state + m_secure_renegotiation = true; + m_renegotiation_info = reneg->renegotiation_info(); + } + } + + if(value_exists(m_suites, static_cast(TLS_EMPTY_RENEGOTIATION_INFO_SCSV))) + { + /* + * Clients are allowed to send both the extension and the SCSV + * though it is not recommended. If it did, require that the + * extension value be empty. + */ + if(m_secure_renegotiation) + { + if(!m_renegotiation_info.empty()) + { + throw TLS_Exception(HANDSHAKE_FAILURE, + "Client send SCSV and non-empty extension"); + } + } + + m_secure_renegotiation = true; + m_renegotiation_info.clear(); + } + } + +/* +* Check if we offered this ciphersuite +*/ +bool Client_Hello::offered_suite(u16bit ciphersuite) const + { + for(size_t i = 0; i != m_suites.size(); ++i) + if(m_suites[i] == ciphersuite) + return true; + return false; + } + +} diff --git a/src/tls/hello.cpp b/src/tls/hello.cpp deleted file mode 100644 index 8c13cb8f6..000000000 --- a/src/tls/hello.cpp +++ /dev/null @@ -1,468 +0,0 @@ -;/* -* TLS Hello Messages -* (C) 2004-2011 Jack Lloyd -* -* Released under the terms of the Botan license -*/ - -#include -#include -#include -#include -#include -#include - -namespace Botan { - -/* -* Encode and send a Handshake message -*/ -void Handshake_Message::send(Record_Writer& writer, TLS_Handshake_Hash& hash) const - { - MemoryVector buf = serialize(); - MemoryVector send_buf(4); - - const size_t buf_size = buf.size(); - - send_buf[0] = type(); - - for(size_t i = 1; i != 4; ++i) - send_buf[i] = get_byte(i, buf_size); - - send_buf += buf; - - hash.update(send_buf); - - writer.send(HANDSHAKE, &send_buf[0], send_buf.size()); - } - -/* -* Create a new Hello Request message -*/ -Hello_Request::Hello_Request(Record_Writer& writer) - { - TLS_Handshake_Hash dummy; // FIXME: *UGLY* - send(writer, dummy); - } - -/* -* Serialize a Hello Request message -*/ -MemoryVector Hello_Request::serialize() const - { - return MemoryVector(); - } - -/* -* Deserialize a Hello Request message -*/ -void Hello_Request::deserialize(const MemoryRegion& buf) - { - if(buf.size()) - throw Decoding_Error("Hello_Request: Must be empty, and is not"); - } - -/* -* Create a new Client Hello message -*/ -Client_Hello::Client_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, - const TLS_Policy& policy, - RandomNumberGenerator& rng, - const MemoryRegion& reneg_info, - bool next_protocol, - const std::string& hostname, - const std::string& srp_identifier) : - m_version(policy.pref_version()), - m_random(rng.random_vec(32)), - m_suites(policy.ciphersuites(srp_identifier != "")), - m_comp_methods(policy.compression()), - m_hostname(hostname), - m_srp_identifier(srp_identifier), - m_next_protocol(next_protocol), - m_fragment_size(0), - m_secure_renegotiation(true), - m_renegotiation_info(reneg_info) - { - send(writer, hash); - } - -/* -* Create a new Client Hello message -*/ -Client_Hello::Client_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, - RandomNumberGenerator& rng, - const TLS_Session& session, - bool next_protocol) : - m_version(session.version()), - m_session_id(session.session_id()), - m_random(rng.random_vec(32)), - m_hostname(session.sni_hostname()), - m_srp_identifier(session.srp_identifier()), - m_next_protocol(next_protocol), - m_fragment_size(session.fragment_size()), - m_secure_renegotiation(session.secure_renegotiation()) - { - m_suites.push_back(session.ciphersuite()); - m_comp_methods.push_back(session.compression_method()); - - send(writer, hash); - } - -/* -* Serialize a Client Hello message -*/ -MemoryVector Client_Hello::serialize() const - { - MemoryVector buf; - - buf.push_back(static_cast(m_version >> 8)); - buf.push_back(static_cast(m_version )); - buf += m_random; - - append_tls_length_value(buf, m_session_id, 1); - append_tls_length_value(buf, m_suites, 2); - append_tls_length_value(buf, m_comp_methods, 1); - - /* - * May not want to send extensions at all in some cases. - * If so, should include SCSV value (if reneg info is empty, if - * not we are renegotiating with a modern server and should only - * send that extension. - */ - - TLS_Extensions extensions; - - // Initial handshake - if(m_renegotiation_info.empty()) - { - extensions.push_back(new Renegotation_Extension(m_renegotiation_info)); - extensions.push_back(new Server_Name_Indicator(m_hostname)); - extensions.push_back(new SRP_Identifier(m_srp_identifier)); - - if(m_next_protocol) - extensions.push_back(new Next_Protocol_Negotiation()); - } - else - { - // renegotiation - extensions.push_back(new Renegotation_Extension(m_renegotiation_info)); - } - - buf += extensions.serialize(); - - return buf; - } - -void Client_Hello::deserialize_sslv2(const MemoryRegion& buf) - { - if(buf.size() < 12 || buf[0] != 1) - throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); - - const size_t cipher_spec_len = make_u16bit(buf[3], buf[4]); - const size_t m_session_id_len = make_u16bit(buf[5], buf[6]); - const size_t challenge_len = make_u16bit(buf[7], buf[8]); - - const size_t expected_size = - (9 + m_session_id_len + cipher_spec_len + challenge_len); - - if(buf.size() != expected_size) - throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); - - if(m_session_id_len != 0 || cipher_spec_len % 3 != 0 || - (challenge_len < 16 || challenge_len > 32)) - { - throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); - } - - for(size_t i = 9; i != 9 + cipher_spec_len; i += 3) - { - if(buf[i] != 0) // a SSLv2 cipherspec; ignore it - continue; - - m_suites.push_back(make_u16bit(buf[i+1], buf[i+2])); - } - - m_version = static_cast(make_u16bit(buf[1], buf[2])); - - m_random.resize(challenge_len); - copy_mem(&m_random[0], &buf[9+cipher_spec_len+m_session_id_len], challenge_len); - - m_secure_renegotiation = - value_exists(m_suites, static_cast(TLS_EMPTY_RENEGOTIATION_INFO_SCSV)); - - m_fragment_size = 0; - m_next_protocol = false; - } - -/* -* Deserialize a Client Hello message -*/ -void Client_Hello::deserialize(const MemoryRegion& buf) - { - if(buf.size() == 0) - throw Decoding_Error("Client_Hello: Packet corrupted"); - - if(buf.size() < 41) - throw Decoding_Error("Client_Hello: Packet corrupted"); - - TLS_Data_Reader reader(buf); - - m_version = static_cast(reader.get_u16bit()); - m_random = reader.get_fixed(32); - - m_session_id = reader.get_range(1, 0, 32); - - m_suites = reader.get_range_vector(2, 1, 32767); - - m_comp_methods = reader.get_range_vector(1, 1, 255); - - m_next_protocol = false; - m_secure_renegotiation = false; - m_fragment_size = 0; - - TLS_Extensions extensions(reader); - - for(size_t i = 0; i != extensions.count(); ++i) - { - TLS_Extension* extn = extensions.at(i); - - if(Server_Name_Indicator* sni = dynamic_cast(extn)) - { - m_hostname = sni->host_name(); - } - else if(SRP_Identifier* srp = dynamic_cast(extn)) - { - m_srp_identifier = srp->identifier(); - } - else if(Next_Protocol_Negotiation* npn = dynamic_cast(extn)) - { - if(!npn->protocols().empty()) - throw Decoding_Error("Client sent non-empty NPN extension"); - - m_next_protocol = true; - } - else if(Maximum_Fragment_Length* frag = dynamic_cast(extn)) - { - m_fragment_size = frag->fragment_size(); - } - else if(Renegotation_Extension* reneg = dynamic_cast(extn)) - { - // checked by TLS_Client / TLS_Server as they know the handshake state - m_secure_renegotiation = true; - m_renegotiation_info = reneg->renegotiation_info(); - } - } - - if(value_exists(m_suites, static_cast(TLS_EMPTY_RENEGOTIATION_INFO_SCSV))) - { - /* - * Clients are allowed to send both the extension and the SCSV - * though it is not recommended. If it did, require that the - * extension value be empty. - */ - if(m_secure_renegotiation) - { - if(!m_renegotiation_info.empty()) - { - throw TLS_Exception(HANDSHAKE_FAILURE, - "Client send SCSV and non-empty extension"); - } - } - - m_secure_renegotiation = true; - m_renegotiation_info.clear(); - } - } - -/* -* Check if we offered this ciphersuite -*/ -bool Client_Hello::offered_suite(u16bit ciphersuite) const - { - for(size_t i = 0; i != m_suites.size(); ++i) - if(m_suites[i] == ciphersuite) - return true; - return false; - } - -/* -* Create a new Server Hello message -*/ -Server_Hello::Server_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, - const TLS_Policy& policy, - RandomNumberGenerator& rng, - bool client_has_secure_renegotiation, - const MemoryRegion& reneg_info, - const std::vector& certs, - const Client_Hello& c_hello, - Version_Code ver) : - s_version(ver), - m_session_id(rng.random_vec(32)), - s_random(rng.random_vec(32)), - m_fragment_size(c_hello.fragment_size()), - m_secure_renegotiation(client_has_secure_renegotiation), - m_renegotiation_info(reneg_info), - m_next_protocol(false) - { - bool have_rsa = false, have_dsa = false; - - for(size_t i = 0; i != certs.size(); ++i) - { - Public_Key* key = certs[i].subject_public_key(); - if(key->algo_name() == "RSA") - have_rsa = true; - - if(key->algo_name() == "DSA") - have_dsa = true; - } - - suite = policy.choose_suite(c_hello.ciphersuites(), have_rsa, have_dsa, false); - - if(suite == 0) - throw TLS_Exception(HANDSHAKE_FAILURE, - "Can't agree on a ciphersuite with client"); - - comp_method = policy.choose_compression(c_hello.compression_methods()); - - send(writer, hash); - } - -/* -* Create a new Server Hello message -*/ -Server_Hello::Server_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, - RandomNumberGenerator& rng, - bool client_has_secure_renegotiation, - const MemoryRegion& reneg_info, - const MemoryRegion& session_id, - size_t fragment_size, - u16bit ciphersuite, - byte compression, - Version_Code ver) : - s_version(ver), - m_session_id(session_id), - s_random(rng.random_vec(32)), - suite(ciphersuite), - comp_method(compression), - m_fragment_size(fragment_size), - m_secure_renegotiation(client_has_secure_renegotiation), - m_renegotiation_info(reneg_info), - m_next_protocol(false) - { - send(writer, hash); - } - -/* -* Serialize a Server Hello message -*/ -MemoryVector Server_Hello::serialize() const - { - MemoryVector buf; - - buf.push_back(static_cast(s_version >> 8)); - buf.push_back(static_cast(s_version )); - buf += s_random; - - append_tls_length_value(buf, m_session_id, 1); - - buf.push_back(get_byte(0, suite)); - buf.push_back(get_byte(1, suite)); - - buf.push_back(comp_method); - - TLS_Extensions extensions; - - if(m_secure_renegotiation) - extensions.push_back(new Renegotation_Extension(m_renegotiation_info)); - - if(m_fragment_size != 0) - extensions.push_back(new Maximum_Fragment_Length(m_fragment_size)); - - if(m_next_protocol) - extensions.push_back(new Next_Protocol_Negotiation(m_next_protocols)); - - buf += extensions.serialize(); - - return buf; - } - -/* -* Deserialize a Server Hello message -*/ -void Server_Hello::deserialize(const MemoryRegion& buf) - { - m_secure_renegotiation = false; - m_next_protocol = false; - - if(buf.size() < 38) - throw Decoding_Error("Server_Hello: Packet corrupted"); - - TLS_Data_Reader reader(buf); - - s_version = static_cast(reader.get_u16bit()); - - if(s_version != SSL_V3 && s_version != TLS_V10 && s_version != TLS_V11) - { - throw TLS_Exception(PROTOCOL_VERSION, - "Server_Hello: Unsupported server version"); - } - - s_random = reader.get_fixed(32); - - m_session_id = reader.get_range(1, 0, 32); - - suite = reader.get_u16bit(); - - comp_method = reader.get_byte(); - - TLS_Extensions extensions(reader); - - for(size_t i = 0; i != extensions.count(); ++i) - { - TLS_Extension* extn = extensions.at(i); - - if(Renegotation_Extension* reneg = dynamic_cast(extn)) - { - // checked by TLS_Client / TLS_Server as they know the handshake state - m_secure_renegotiation = true; - m_renegotiation_info = reneg->renegotiation_info(); - } - else if(Next_Protocol_Negotiation* npn = dynamic_cast(extn)) - { - m_next_protocols = npn->protocols(); - m_next_protocol = true; - } - } - } - -/* -* Create a new Server Hello Done message -*/ -Server_Hello_Done::Server_Hello_Done(Record_Writer& writer, - TLS_Handshake_Hash& hash) - { - send(writer, hash); - } - -/* -* Serialize a Server Hello Done message -*/ -MemoryVector Server_Hello_Done::serialize() const - { - return MemoryVector(); - } - -/* -* Deserialize a Server Hello Done message -*/ -void Server_Hello_Done::deserialize(const MemoryRegion& buf) - { - if(buf.size()) - throw Decoding_Error("Server_Hello_Done: Must be empty, and is not"); - } - -} diff --git a/src/tls/info.txt b/src/tls/info.txt index 6654c3b80..9473b0ae2 100644 --- a/src/tls/info.txt +++ b/src/tls/info.txt @@ -22,34 +22,35 @@ tls_suites.h tls_alerts.h -tls_handshake_hash.h tls_extensions.h +tls_handshake_hash.h +tls_handshake_state.h tls_messages.h tls_reader.h tls_session_key.h -tls_handshake_state.h +c_hello.cpp c_kex.cpp cert_req.cpp cert_ver.cpp finished.cpp -tls_handshake_hash.cpp -tls_extensions.cpp -hello.cpp +next_protocol.cpp rec_read.cpp rec_wri.cpp +s_hello.cpp s_kex.cpp -next_protocol.cpp tls_channel.cpp tls_client.cpp +tls_extensions.cpp +tls_handshake_hash.cpp +tls_handshake_state.cpp tls_policy.cpp tls_server.cpp -tls_session_key.cpp tls_session.cpp +tls_session_key.cpp tls_session_manager.cpp -tls_handshake_state.cpp tls_suites.cpp diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp new file mode 100644 index 000000000..5ffb1e7d4 --- /dev/null +++ b/src/tls/s_hello.cpp @@ -0,0 +1,201 @@ +;/* +* TLS Server Hello and Server Hello Done +* (C) 2004-2011 Jack Lloyd +* +* Released under the terms of the Botan license +*/ + +#include +#include +#include +#include +#include +#include + +namespace Botan { + +/* +* Create a new Server Hello message +*/ +Server_Hello::Server_Hello(Record_Writer& writer, + TLS_Handshake_Hash& hash, + Version_Code version, + const Client_Hello& c_hello, + const std::vector& certs, + const TLS_Policy& policy, + bool client_has_secure_renegotiation, + const MemoryRegion& reneg_info, + bool client_has_npn, + const std::vector& next_protocols, + RandomNumberGenerator& rng) : + s_version(version), + m_session_id(rng.random_vec(32)), + s_random(rng.random_vec(32)), + m_fragment_size(c_hello.fragment_size()), + m_secure_renegotiation(client_has_secure_renegotiation), + m_renegotiation_info(reneg_info), + m_next_protocol(client_has_npn), + m_next_protocols(next_protocols) + { + bool have_rsa = false, have_dsa = false; + + for(size_t i = 0; i != certs.size(); ++i) + { + Public_Key* key = certs[i].subject_public_key(); + if(key->algo_name() == "RSA") + have_rsa = true; + + if(key->algo_name() == "DSA") + have_dsa = true; + } + + suite = policy.choose_suite(c_hello.ciphersuites(), have_rsa, have_dsa, false); + + if(suite == 0) + throw TLS_Exception(HANDSHAKE_FAILURE, + "Can't agree on a ciphersuite with client"); + + comp_method = policy.choose_compression(c_hello.compression_methods()); + + send(writer, hash); + } + +/* +* Create a new Server Hello message +*/ +Server_Hello::Server_Hello(Record_Writer& writer, + TLS_Handshake_Hash& hash, + const MemoryRegion& session_id, + Version_Code ver, + u16bit ciphersuite, + byte compression, + size_t max_fragment_size, + bool client_has_secure_renegotiation, + const MemoryRegion& reneg_info, + bool client_has_npn, + const std::vector& next_protocols, + RandomNumberGenerator& rng) : + s_version(ver), + m_session_id(session_id), + s_random(rng.random_vec(32)), + suite(ciphersuite), + comp_method(compression), + m_fragment_size(max_fragment_size), + m_secure_renegotiation(client_has_secure_renegotiation), + m_renegotiation_info(reneg_info), + m_next_protocol(client_has_npn), + m_next_protocols(next_protocols) + { + send(writer, hash); + } + +/* +* Serialize a Server Hello message +*/ +MemoryVector Server_Hello::serialize() const + { + MemoryVector buf; + + buf.push_back(static_cast(s_version >> 8)); + buf.push_back(static_cast(s_version )); + buf += s_random; + + append_tls_length_value(buf, m_session_id, 1); + + buf.push_back(get_byte(0, suite)); + buf.push_back(get_byte(1, suite)); + + buf.push_back(comp_method); + + TLS_Extensions extensions; + + if(m_secure_renegotiation) + extensions.push_back(new Renegotation_Extension(m_renegotiation_info)); + + if(m_fragment_size != 0) + extensions.push_back(new Maximum_Fragment_Length(m_fragment_size)); + + if(m_next_protocol) + extensions.push_back(new Next_Protocol_Negotiation(m_next_protocols)); + + buf += extensions.serialize(); + + return buf; + } + +/* +* Deserialize a Server Hello message +*/ +void Server_Hello::deserialize(const MemoryRegion& buf) + { + m_secure_renegotiation = false; + m_next_protocol = false; + + if(buf.size() < 38) + throw Decoding_Error("Server_Hello: Packet corrupted"); + + TLS_Data_Reader reader(buf); + + s_version = static_cast(reader.get_u16bit()); + + if(s_version != SSL_V3 && s_version != TLS_V10 && s_version != TLS_V11) + { + throw TLS_Exception(PROTOCOL_VERSION, + "Server_Hello: Unsupported server version"); + } + + s_random = reader.get_fixed(32); + + m_session_id = reader.get_range(1, 0, 32); + + suite = reader.get_u16bit(); + + comp_method = reader.get_byte(); + + TLS_Extensions extensions(reader); + + for(size_t i = 0; i != extensions.count(); ++i) + { + TLS_Extension* extn = extensions.at(i); + + if(Renegotation_Extension* reneg = dynamic_cast(extn)) + { + // checked by TLS_Client / TLS_Server as they know the handshake state + m_secure_renegotiation = true; + m_renegotiation_info = reneg->renegotiation_info(); + } + else if(Next_Protocol_Negotiation* npn = dynamic_cast(extn)) + { + m_next_protocols = npn->protocols(); + m_next_protocol = true; + } + } + } + +/* +* Create a new Server Hello Done message +*/ +Server_Hello_Done::Server_Hello_Done(Record_Writer& writer, + TLS_Handshake_Hash& hash) + { + send(writer, hash); + } + +/* +* Serialize a Server Hello Done message +*/ +MemoryVector Server_Hello_Done::serialize() const + { + return MemoryVector(); + } + +/* +* Deserialize a Server Hello Done message +*/ +void Server_Hello_Done::deserialize(const MemoryRegion& buf) + { + if(buf.size()) + throw Decoding_Error("Server_Hello_Done: Must be empty, and is not"); + } + +} diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp index a6ab13f46..c74790ea1 100644 --- a/src/tls/tls_extensions.cpp +++ b/src/tls/tls_extensions.cpp @@ -9,8 +9,6 @@ #include #include -#include - namespace Botan { namespace { @@ -244,8 +242,6 @@ Next_Protocol_Negotiation::Next_Protocol_Negotiation(TLS_Data_Reader& reader, { const std::string p = reader.get_string(1, 0, 255); - printf("Protocol option %s\n", p.c_str()); - if(bytes_remaining < p.size() + 1) throw Decoding_Error("Bad encoding for next protocol extension"); diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index 9c61501c9..67647d5a3 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -154,24 +154,28 @@ class Server_Hello : public Handshake_Message Server_Hello(Record_Writer& writer, TLS_Handshake_Hash& hash, + Version_Code version, + const Client_Hello& other, + const std::vector& certs, const TLS_Policy& policies, - RandomNumberGenerator& rng, bool client_has_secure_renegotiation, const MemoryRegion& reneg_info, - const std::vector& certs, - const Client_Hello& other, - Version_Code version); + bool client_has_npn, + const std::vector& next_protocols, + RandomNumberGenerator& rng); Server_Hello(Record_Writer& writer, TLS_Handshake_Hash& hash, - RandomNumberGenerator& rng, - bool client_has_secure_renegotiation, - const MemoryRegion& reneg_info, const MemoryRegion& session_id, - size_t max_fragment_size, + Version_Code ver, u16bit ciphersuite, byte compression, - Version_Code ver); + size_t max_fragment_size, + bool client_has_secure_renegotiation, + const MemoryRegion& reneg_info, + bool client_has_npn, + const std::vector& next_protocols, + RandomNumberGenerator& rng); Server_Hello(const MemoryRegion& buf) { deserialize(buf); } private: diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 109835e4a..729c185df 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -12,8 +12,6 @@ #include #include -#include - namespace Botan { namespace { @@ -87,12 +85,14 @@ TLS_Server::TLS_Server(std::tr1::function output_fn TLS_Session_Manager& session_manager, Credentials_Manager& creds, const TLS_Policy& policy, - RandomNumberGenerator& rng) : + RandomNumberGenerator& rng, + const std::vector& next_protocols) : TLS_Channel(output_fn, proc_fn, handshake_fn), policy(policy), rng(rng), session_manager(session_manager), - creds(creds) + creds(creds), + m_possible_protocols(next_protocols) { } @@ -154,7 +154,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, { state->client_hello = new Client_Hello(contents, type); - client_requested_hostname = state->client_hello->sni_hostname(); + m_hostname = state->client_hello->sni_hostname(); state->version = choose_version(state->client_hello->version(), policy.min_version()); @@ -176,14 +176,16 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, state->server_hello = new Server_Hello( writer, state->hash, - rng, - secure_renegotiation.supported(), - secure_renegotiation.for_server_hello(), session_info.session_id(), + Version_Code(session_info.version()), session_info.ciphersuite(), session_info.compression_method(), session_info.fragment_size(), - Version_Code(session_info.version())); + secure_renegotiation.supported(), + secure_renegotiation.for_server_hello(), + state->client_hello->next_protocol_negotiation(), + m_possible_protocols, + rng); if(session_info.fragment_size()) writer.set_maximum_fragment_size(session_info.fragment_size()); @@ -214,24 +216,26 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, std::vector server_certs = creds.cert_chain("", "tls-server", - client_requested_hostname); + m_hostname); Private_Key* private_key = server_certs.empty() ? 0 : (creds.private_key_for(server_certs[0], "tls-server", - client_requested_hostname)); + m_hostname)); state->server_hello = new Server_Hello( writer, state->hash, + state->version, + *(state->client_hello), + server_certs, policy, - rng, secure_renegotiation.supported(), secure_renegotiation.for_server_hello(), - server_certs, - *(state->client_hello), - state->version); + state->client_hello->next_protocol_negotiation(), + m_possible_protocols, + rng); if(state->client_hello->fragment_size()) writer.set_maximum_fragment_size(state->client_hello->fragment_size()); @@ -347,10 +351,21 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, } else if(type == HANDSHAKE_CCS) { - state->set_expected_next(FINISHED); + if(state->server_hello->next_protocol_negotiation()) + state->set_expected_next(NEXT_PROTOCOL); + else + state->set_expected_next(FINISHED); reader.activate(state->suite, state->keys, SERVER); } + else if(type == NEXT_PROTOCOL) + { + state->set_expected_next(FINISHED); + + state->next_protocol = new Next_Protocol(contents); + + m_next_protocol = state->next_protocol->protocol(); + } else if(type == FINISHED) { state->set_expected_next(HANDSHAKE_NONE); @@ -389,7 +404,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, secure_renegotiation.supported(), state->server_hello->fragment_size(), peer_certs, - client_requested_hostname, + m_hostname, "" ); diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h index b08d3f7e8..31e0e9ca4 100644 --- a/src/tls/tls_server.h +++ b/src/tls/tls_server.h @@ -30,15 +30,24 @@ class BOTAN_DLL TLS_Server : public TLS_Channel TLS_Session_Manager& session_manager, Credentials_Manager& creds, const TLS_Policy& policy, - RandomNumberGenerator& rng); + RandomNumberGenerator& rng, + const std::vector& protocols = + std::vector()); void renegotiate(); /** - * Return the server name indicator, if set by the client + * Return the server name indicator, if sent by the client */ std::string server_name_indicator() const - { return client_requested_hostname; } + { return m_hostname; } + + /** + * Return the protocol negotiated with NPN extension + */ + std::string next_protocol() const + { return m_next_protocol; } + private: void read_handshake(byte, const MemoryRegion&); @@ -49,7 +58,9 @@ class BOTAN_DLL TLS_Server : public TLS_Channel TLS_Session_Manager& session_manager; Credentials_Manager& creds; - std::string client_requested_hostname; + std::vector m_possible_protocols; + std::string m_hostname; + std::string m_next_protocol; }; } diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp index 4a0126fc0..e5ec75c88 100644 --- a/src/tls/tls_session_manager.cpp +++ b/src/tls/tls_session_manager.cpp @@ -9,8 +9,6 @@ #include #include -#include - namespace Botan { bool TLS_Session_Manager_In_Memory::load_from_session_str( -- cgit v1.2.3 From a445f7f4a1089fc034c35c500e1572eb9518f44f Mon Sep 17 00:00:00 2001 From: lloyd Date: Mon, 23 Jan 2012 15:30:29 +0000 Subject: Since this branch is hugely API breaking already, go ahead and put everything into a new namespace (Botan::TLS), removing the TLS_ prefixes on everything. --- doc/examples/asio_tls_server.cpp | 20 ++++----- doc/examples/tls_client.cpp | 17 ++++---- doc/examples/tls_server.cpp | 16 ++++---- src/tls/c_hello.cpp | 22 ++++++---- src/tls/c_kex.cpp | 8 +++- src/tls/cert_req.cpp | 10 +++-- src/tls/cert_ver.cpp | 8 +++- src/tls/finished.cpp | 12 ++++-- src/tls/next_protocol.cpp | 6 ++- src/tls/rec_read.cpp | 6 ++- src/tls/rec_wri.cpp | 6 ++- src/tls/s_hello.cpp | 18 ++++---- src/tls/s_kex.cpp | 8 +++- src/tls/tls_alerts.h | 4 ++ src/tls/tls_channel.cpp | 26 +++++++----- src/tls/tls_channel.h | 16 +++++--- src/tls/tls_client.cpp | 38 +++++++++-------- src/tls/tls_client.h | 18 ++++---- src/tls/tls_exceptn.h | 4 ++ src/tls/tls_extensions.cpp | 22 ++++++---- src/tls/tls_extensions.h | 72 ++++++++++++++++---------------- src/tls/tls_handshake_hash.cpp | 10 +++-- src/tls/tls_handshake_hash.h | 6 ++- src/tls/tls_handshake_state.cpp | 18 ++++---- src/tls/tls_handshake_state.h | 14 ++++--- src/tls/tls_magic.h | 6 ++- src/tls/tls_messages.h | 46 +++++++++++---------- src/tls/tls_policy.cpp | 30 ++++++++------ src/tls/tls_policy.h | 8 +++- src/tls/tls_reader.h | 4 ++ src/tls/tls_record.h | 8 +++- src/tls/tls_server.cpp | 42 ++++++++++--------- src/tls/tls_server.h | 20 +++++---- src/tls/tls_session.cpp | 10 +++-- src/tls/tls_session.h | 12 ++++-- src/tls/tls_session_key.cpp | 6 ++- src/tls/tls_session_key.h | 6 ++- src/tls/tls_session_manager.cpp | 24 ++++++----- src/tls/tls_session_manager.h | 32 ++++++++------- src/tls/tls_suites.cpp | 88 +++++++++++++++++++++------------------- src/tls/tls_suites.h | 12 ++++-- 41 files changed, 456 insertions(+), 303 deletions(-) (limited to 'src/tls/tls_session_manager.cpp') diff --git a/doc/examples/asio_tls_server.cpp b/doc/examples/asio_tls_server.cpp index 2ff640983..90f4fc20a 100644 --- a/doc/examples/asio_tls_server.cpp +++ b/doc/examples/asio_tls_server.cpp @@ -23,9 +23,9 @@ class tls_server_session : public boost::enable_shared_from_this pointer; static pointer create(asio::io_service& io_service, - Botan::TLS_Session_Manager& session_manager, + Botan::TLS::Session_Manager& session_manager, Botan::Credentials_Manager& credentials, - Botan::TLS_Policy& policy, + Botan::TLS::Policy& policy, Botan::RandomNumberGenerator& rng) { return pointer( @@ -53,9 +53,9 @@ class tls_server_session : public boost::enable_shared_from_this m_write_buf; @@ -215,7 +215,7 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager std::map certs_and_keys; }; -class Server_TLS_Policy : public Botan::TLS_Policy +class Server_TLS_Policy : public Botan::TLS::Policy { public: //bool require_client_auth() const { return true; } @@ -289,7 +289,7 @@ class tls_server tcp::acceptor m_acceptor; Botan::AutoSeeded_RNG m_rng; - Botan::TLS_Session_Manager_In_Memory m_session_manager; + Botan::TLS::Session_Manager_In_Memory m_session_manager; Server_TLS_Policy m_policy; Credentials_Manager_Simple m_creds; }; diff --git a/doc/examples/tls_client.cpp b/doc/examples/tls_client.cpp index 42fecaf37..3d4dd38b7 100644 --- a/doc/examples/tls_client.cpp +++ b/doc/examples/tls_client.cpp @@ -20,7 +20,7 @@ using namespace Botan; using namespace std::tr1::placeholders; -class Client_TLS_Policy : public TLS_Policy +class Client_TLS_Policy : public TLS::Policy { public: //Version_Code pref_version() const { return TLS_V12; } @@ -72,11 +72,12 @@ int connect_to_host(const std::string& host, u16bit port) return fd; } -bool handshake_complete(const TLS_Session& session) +bool handshake_complete(const TLS::Session& session) { std::cout << "Handshake complete!\n"; std::cout << "Protocol version " << (int)session.major_version() << "." << (int)session.minor_version() << "\n"; + std::cout << "Ciphersuite " << std::hex << session.ciphersuite() << "\n"; std::cout << "Session ID " << hex_encode(session.session_id()) << "\n"; return true; @@ -108,7 +109,7 @@ bool got_alert = false; void process_data(const byte buf[], size_t buf_size, u16bit alert_info) { - if(alert_info != NULL_ALERT) + if(alert_info != TLS::NULL_ALERT) { std::cout << "Alert: " << alert_info << "\n"; got_alert = true; @@ -128,15 +129,15 @@ std::string protocol_chooser(const std::vector& protocols) } void doit(RandomNumberGenerator& rng, - TLS_Policy& policy, - TLS_Session_Manager& session_manager, + TLS::Policy& policy, + TLS::Session_Manager& session_manager, Credentials_Manager& creds, const std::string& host, u16bit port) { int sockfd = connect_to_host(host, port); - TLS_Client client(std::tr1::bind(socket_write, sockfd, _1, _2), + TLS::Client client(std::tr1::bind(socket_write, sockfd, _1, _2), process_data, handshake_complete, session_manager, @@ -180,7 +181,7 @@ void doit(RandomNumberGenerator& rng, } const size_t needed = client.received_data(buf, got); - std::cout << "Socket - got " << got << " bytes, need " << needed << "\n"; + //std::cout << "Socket - got " << got << " bytes, need " << needed << "\n"; } else if(FD_ISSET(STDIN_FILENO, &readfds)) { @@ -251,7 +252,7 @@ int main(int argc, char* argv[]) LibraryInitializer botan_init; AutoSeeded_RNG rng; Client_TLS_Policy policy; - TLS_Session_Manager_In_Memory session_manager; + TLS::Session_Manager_In_Memory session_manager; Credentials_Manager_Simple creds(rng); diff --git a/doc/examples/tls_server.cpp b/doc/examples/tls_server.cpp index 2dbfb4aeb..6f986c7a1 100644 --- a/doc/examples/tls_server.cpp +++ b/doc/examples/tls_server.cpp @@ -52,7 +52,7 @@ class Credentials_Manager_Simple : public Credentials_Manager std::map certs_and_keys; }; -bool handshake_complete(const TLS_Session& session) +bool handshake_complete(const TLS::Session& session) { printf("Handshake complete, protocol=%04X ciphersuite=%04X compression=%d\n", session.version(), session.ciphersuite(), @@ -69,9 +69,9 @@ class Blocking_TLS_Server Blocking_TLS_Server(std::tr1::function output_fn, std::tr1::function input_fn, std::vector& protocols, - TLS_Session_Manager& sessions, + TLS::Session_Manager& sessions, Credentials_Manager& creds, - TLS_Policy& policy, + TLS::Policy& policy, RandomNumberGenerator& rng) : input_fn(input_fn), server( @@ -109,7 +109,7 @@ class Blocking_TLS_Server bool is_active() const { return server.is_active(); } - TLS_Server& underlying() { return server; } + TLS::Server& underlying() { return server; } private: void read_loop(size_t init_desired = 0) { @@ -135,7 +135,7 @@ class Blocking_TLS_Server void reader_fn(const byte buf[], size_t buf_len, u16bit alert_code) { - if(buf_len == 0 && alert_code != NULL_ALERT) + if(buf_len == 0 && alert_code != TLS::NULL_ALERT) { printf("Alert: %d\n", alert_code); //exit = true; @@ -153,12 +153,12 @@ class Blocking_TLS_Server } std::tr1::function input_fn; - TLS_Server server; + TLS::Server server; SecureQueue read_queue; bool exit; }; -class Server_TLS_Policy : public TLS_Policy +class Server_TLS_Policy : public TLS::Policy { public: //bool require_client_auth() const { return true; } @@ -194,7 +194,7 @@ int main(int argc, char* argv[]) Server_TLS_Policy policy; - TLS_Session_Manager_In_Memory sessions; + TLS::Session_Manager_In_Memory sessions; Credentials_Manager_Simple creds(rng); diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp index 2d94de462..4fdadd455 100644 --- a/src/tls/c_hello.cpp +++ b/src/tls/c_hello.cpp @@ -15,6 +15,8 @@ namespace Botan { +namespace TLS { + MemoryVector make_hello_random(RandomNumberGenerator& rng) { MemoryVector buf(32); @@ -27,7 +29,7 @@ MemoryVector make_hello_random(RandomNumberGenerator& rng) /* * Encode and send a Handshake message */ -void Handshake_Message::send(Record_Writer& writer, TLS_Handshake_Hash& hash) const +void Handshake_Message::send(Record_Writer& writer, Handshake_Hash& hash) const { MemoryVector buf = serialize(); MemoryVector send_buf(4); @@ -51,7 +53,7 @@ void Handshake_Message::send(Record_Writer& writer, TLS_Handshake_Hash& hash) co */ Hello_Request::Hello_Request(Record_Writer& writer) { - TLS_Handshake_Hash dummy; // FIXME: *UGLY* + Handshake_Hash dummy; // FIXME: *UGLY* send(writer, dummy); } @@ -76,8 +78,8 @@ MemoryVector Hello_Request::serialize() const * Create a new Client Hello message */ Client_Hello::Client_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, - const TLS_Policy& policy, + Handshake_Hash& hash, + const Policy& policy, RandomNumberGenerator& rng, const MemoryRegion& reneg_info, bool next_protocol, @@ -108,9 +110,9 @@ Client_Hello::Client_Hello(Record_Writer& writer, * Create a new Client Hello message */ Client_Hello::Client_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, RandomNumberGenerator& rng, - const TLS_Session& session, + const Session& session, bool next_protocol) : m_version(session.version()), m_session_id(session.session_id()), @@ -163,7 +165,7 @@ MemoryVector Client_Hello::serialize() const * send that extension. */ - TLS_Extensions extensions; + Extensions extensions; // Initial handshake if(m_renegotiation_info.empty()) @@ -249,7 +251,7 @@ void Client_Hello::deserialize(const MemoryRegion& buf) m_comp_methods = reader.get_range_vector(1, 1, 255); - TLS_Extensions extensions(reader); + Extensions extensions(reader); if(Server_Name_Indicator* sni = extensions.get()) { @@ -276,7 +278,7 @@ void Client_Hello::deserialize(const MemoryRegion& buf) if(Renegotation_Extension* reneg = extensions.get()) { - // checked by TLS_Client / TLS_Server as they know the handshake state + // checked by Client / Server as they know the handshake state m_secure_renegotiation = true; m_renegotiation_info = reneg->renegotiation_info(); } @@ -346,3 +348,5 @@ bool Client_Hello::offered_suite(u16bit ciphersuite) const } } + +} diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index 63ba6fcb7..de8f54fbe 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -16,6 +16,8 @@ namespace Botan { +namespace TLS { + namespace { SecureVector strip_leading_zeros(const MemoryRegion& input) @@ -40,7 +42,7 @@ SecureVector strip_leading_zeros(const MemoryRegion& input) * Create a new Client Key Exchange message */ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, - TLS_Handshake_State* state, + Handshake_State* state, const std::vector& peer_certs, RandomNumberGenerator& rng) { @@ -113,7 +115,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, * Read a Client Key Exchange message */ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion& contents, - const TLS_Ciphersuite& suite, + const Ciphersuite& suite, Version_Code using_version) { include_length = true; @@ -199,3 +201,5 @@ Client_Key_Exchange::pre_master_secret(RandomNumberGenerator& rng, } } + +} diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp index 7fbe2a809..d5a73f64e 100644 --- a/src/tls/cert_req.cpp +++ b/src/tls/cert_req.cpp @@ -17,12 +17,14 @@ namespace Botan { +namespace TLS { + /** * Create a new Certificate Request message */ Certificate_Req::Certificate_Req(Record_Writer& writer, - TLS_Handshake_Hash& hash, - const TLS_Policy& policy, + Handshake_Hash& hash, + const Policy& policy, const std::vector& ca_certs, Version_Code version) { @@ -125,7 +127,7 @@ MemoryVector Certificate_Req::serialize() const * Create a new Certificate message */ Certificate::Certificate(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, const std::vector& cert_list) { certs = cert_list; @@ -190,3 +192,5 @@ MemoryVector Certificate::serialize() const } } + +} diff --git a/src/tls/cert_ver.cpp b/src/tls/cert_ver.cpp index f11ae4dcc..923cdbb42 100644 --- a/src/tls/cert_ver.cpp +++ b/src/tls/cert_ver.cpp @@ -13,11 +13,13 @@ namespace Botan { +namespace TLS { + /* * Create a new Certificate Verify message */ Certificate_Verify::Certificate_Verify(Record_Writer& writer, - TLS_Handshake_State* state, + Handshake_State* state, RandomNumberGenerator& rng, const Private_Key* priv_key) { @@ -88,7 +90,7 @@ MemoryVector Certificate_Verify::serialize() const * Verify a Certificate Verify message */ bool Certificate_Verify::verify(const X509_Certificate& cert, - TLS_Handshake_State* state) + Handshake_State* state) { std::auto_ptr key(cert.subject_public_key()); @@ -110,3 +112,5 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, } } + +} diff --git a/src/tls/finished.cpp b/src/tls/finished.cpp index ecb7c315a..f7f8a7eb8 100644 --- a/src/tls/finished.cpp +++ b/src/tls/finished.cpp @@ -15,6 +15,8 @@ namespace Botan { +namespace TLS { + namespace { KDF* choose_tls_prf(Version_Code version) @@ -31,7 +33,7 @@ KDF* choose_tls_prf(Version_Code version) /* * Compute the verify_data */ -MemoryVector finished_compute_verify(TLS_Handshake_State* state, +MemoryVector finished_compute_verify(Handshake_State* state, Connection_Side side) { if(state->version == SSL_V3) @@ -39,7 +41,7 @@ MemoryVector finished_compute_verify(TLS_Handshake_State* state, const byte SSL_CLIENT_LABEL[] = { 0x43, 0x4C, 0x4E, 0x54 }; const byte SSL_SERVER_LABEL[] = { 0x53, 0x52, 0x56, 0x52 }; - TLS_Handshake_Hash hash = state->hash; // don't modify state + Handshake_Hash hash = state->hash; // don't modify state MemoryVector ssl3_finished; @@ -80,7 +82,7 @@ MemoryVector finished_compute_verify(TLS_Handshake_State* state, * Create a new Finished message */ Finished::Finished(Record_Writer& writer, - TLS_Handshake_State* state, + Handshake_State* state, Connection_Side side) { verification_data = finished_compute_verify(state, side); @@ -106,10 +108,12 @@ Finished::Finished(const MemoryRegion& buf) /* * Verify a Finished message */ -bool Finished::verify(TLS_Handshake_State* state, +bool Finished::verify(Handshake_State* state, Connection_Side side) { return (verification_data == finished_compute_verify(state, side)); } } + +} diff --git a/src/tls/next_protocol.cpp b/src/tls/next_protocol.cpp index a0d4278f1..97b072440 100644 --- a/src/tls/next_protocol.cpp +++ b/src/tls/next_protocol.cpp @@ -11,8 +11,10 @@ namespace Botan { +namespace TLS { + Next_Protocol::Next_Protocol(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, const std::string& protocol) : m_protocol(protocol) { @@ -48,3 +50,5 @@ MemoryVector Next_Protocol::serialize() const } } + +} diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp index d3666abf6..4db50262d 100644 --- a/src/tls/rec_read.cpp +++ b/src/tls/rec_read.cpp @@ -14,6 +14,8 @@ namespace Botan { +namespace TLS { + Record_Reader::Record_Reader() : m_readbuf(TLS_HEADER_SIZE + MAX_CIPHERTEXT_SIZE), m_mac(0) @@ -64,7 +66,7 @@ void Record_Reader::set_version(Version_Code version) /* * Set the keys for reading */ -void Record_Reader::activate(const TLS_Ciphersuite& suite, +void Record_Reader::activate(const Ciphersuite& suite, const Session_Keys& keys, Connection_Side side) { @@ -336,3 +338,5 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, } } + +} diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp index 7f8b4445b..139d84c50 100644 --- a/src/tls/rec_wri.cpp +++ b/src/tls/rec_wri.cpp @@ -16,6 +16,8 @@ namespace Botan { +namespace TLS { + /* * Record_Writer Constructor */ @@ -67,7 +69,7 @@ void Record_Writer::set_version(Version_Code version) /* * Set the keys for writing */ -void Record_Writer::activate(const TLS_Ciphersuite& suite, +void Record_Writer::activate(const Ciphersuite& suite, const Session_Keys& keys, Connection_Side side) { @@ -284,3 +286,5 @@ void Record_Writer::alert(Alert_Level level, Alert_Type type) } } + +} diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp index e6aff94e3..9e61f62af 100644 --- a/src/tls/s_hello.cpp +++ b/src/tls/s_hello.cpp @@ -14,15 +14,17 @@ namespace Botan { +namespace TLS { + /* * Create a new Server Hello message */ Server_Hello::Server_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, Version_Code version, const Client_Hello& c_hello, const std::vector& certs, - const TLS_Policy& policy, + const Policy& policy, bool client_has_secure_renegotiation, const MemoryRegion& reneg_info, bool client_has_npn, @@ -64,7 +66,7 @@ Server_Hello::Server_Hello(Record_Writer& writer, * Create a new Server Hello message */ Server_Hello::Server_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, const MemoryRegion& session_id, Version_Code ver, u16bit ciphersuite, @@ -121,11 +123,11 @@ Server_Hello::Server_Hello(const MemoryRegion& buf) comp_method = reader.get_byte(); - TLS_Extensions extensions(reader); + Extensions extensions(reader); if(Renegotation_Extension* reneg = extensions.get()) { - // checked by TLS_Client / TLS_Server as they know the handshake state + // checked by Client / Server as they know the handshake state m_secure_renegotiation = true; m_renegotiation_info = reneg->renegotiation_info(); } @@ -155,7 +157,7 @@ MemoryVector Server_Hello::serialize() const buf.push_back(comp_method); - TLS_Extensions extensions; + Extensions extensions; if(m_secure_renegotiation) extensions.add(new Renegotation_Extension(m_renegotiation_info)); @@ -175,7 +177,7 @@ MemoryVector Server_Hello::serialize() const * Create a new Server Hello Done message */ Server_Hello_Done::Server_Hello_Done(Record_Writer& writer, - TLS_Handshake_Hash& hash) + Handshake_Hash& hash) { send(writer, hash); } @@ -198,3 +200,5 @@ MemoryVector Server_Hello_Done::serialize() const } } + +} diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp index bbad6fd83..359ef6f4a 100644 --- a/src/tls/s_kex.cpp +++ b/src/tls/s_kex.cpp @@ -15,11 +15,13 @@ namespace Botan { +namespace TLS { + /** * Create a new Server Key Exchange message */ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, - TLS_Handshake_State* state, + Handshake_State* state, RandomNumberGenerator& rng, const Private_Key* private_key) { @@ -121,7 +123,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion& buf, * Verify a Server Key Exchange message */ bool Server_Key_Exchange::verify(const X509_Certificate& cert, - TLS_Handshake_State* state) const + Handshake_State* state) const { std::auto_ptr key(cert.subject_public_key()); @@ -138,3 +140,5 @@ bool Server_Key_Exchange::verify(const X509_Certificate& cert, } } + +} diff --git a/src/tls/tls_alerts.h b/src/tls/tls_alerts.h index 0634d6763..2ccb1ad79 100644 --- a/src/tls/tls_alerts.h +++ b/src/tls/tls_alerts.h @@ -12,6 +12,8 @@ namespace Botan { +namespace TLS { + /** * SSL/TLS Alert Message */ @@ -57,4 +59,6 @@ class Alert } +} + #endif diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index a1e9fd8cd..a3ff69d87 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -14,9 +14,11 @@ namespace Botan { -TLS_Channel::TLS_Channel(std::tr1::function socket_output_fn, +namespace TLS { + +Channel::Channel(std::tr1::function socket_output_fn, std::tr1::function proc_fn, - std::tr1::function handshake_complete) : + std::tr1::function handshake_complete) : proc_fn(proc_fn), handshake_fn(handshake_complete), writer(socket_output_fn), @@ -26,13 +28,13 @@ TLS_Channel::TLS_Channel(std::tr1::function socket_ { } -TLS_Channel::~TLS_Channel() +Channel::~Channel() { delete state; state = 0; } -size_t TLS_Channel::received_data(const byte buf[], size_t buf_size) +size_t Channel::received_data(const byte buf[], size_t buf_size) { try { @@ -130,13 +132,13 @@ size_t TLS_Channel::received_data(const byte buf[], size_t buf_size) /* * Split up and process handshake messages */ -void TLS_Channel::read_handshake(byte rec_type, +void Channel::read_handshake(byte rec_type, const MemoryRegion& rec_buf) { if(rec_type == HANDSHAKE) { if(!state) - state = new TLS_Handshake_State; + state = new Handshake_State; state->queue.write(&rec_buf[0], rec_buf.size()); } @@ -183,7 +185,7 @@ void TLS_Channel::read_handshake(byte rec_type, } } -void TLS_Channel::send(const byte buf[], size_t buf_size) +void Channel::send(const byte buf[], size_t buf_size) { if(!is_active()) throw std::runtime_error("Data cannot be sent on inactive TLS connection"); @@ -191,7 +193,7 @@ void TLS_Channel::send(const byte buf[], size_t buf_size) writer.send(APPLICATION_DATA, buf, buf_size); } -void TLS_Channel::alert(Alert_Level alert_level, Alert_Type alert_code) +void Channel::alert(Alert_Level alert_level, Alert_Type alert_code) { if(alert_code != NULL_ALERT && !connection_closed) { @@ -214,7 +216,7 @@ void TLS_Channel::alert(Alert_Level alert_level, Alert_Type alert_code) } } -void TLS_Channel::Secure_Renegotiation_State::update(Client_Hello* client_hello) +void Channel::Secure_Renegotiation_State::update(Client_Hello* client_hello) { if(initial_handshake) { @@ -246,7 +248,7 @@ void TLS_Channel::Secure_Renegotiation_State::update(Client_Hello* client_hello) } } -void TLS_Channel::Secure_Renegotiation_State::update(Server_Hello* server_hello) +void Channel::Secure_Renegotiation_State::update(Server_Hello* server_hello) { if(initial_handshake) { @@ -283,7 +285,7 @@ void TLS_Channel::Secure_Renegotiation_State::update(Server_Hello* server_hello) initial_handshake = false; } -void TLS_Channel::Secure_Renegotiation_State::update(Finished* client_finished, +void Channel::Secure_Renegotiation_State::update(Finished* client_finished, Finished* server_finished) { client_verify = client_finished->verify_data(); @@ -291,3 +293,5 @@ void TLS_Channel::Secure_Renegotiation_State::update(Finished* client_finished, } } + +} diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index 2b4e6d161..6021b65b2 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -16,10 +16,12 @@ namespace Botan { +namespace TLS { + /** * Generic interface for TLS endpoint */ -class BOTAN_DLL TLS_Channel +class BOTAN_DLL Channel { public: /** @@ -59,11 +61,11 @@ class BOTAN_DLL TLS_Channel */ std::vector peer_cert_chain() const { return peer_certs; } - TLS_Channel(std::tr1::function socket_output_fn, + Channel(std::tr1::function socket_output_fn, std::tr1::function proc_fn, - std::tr1::function handshake_complete); + std::tr1::function handshake_complete); - virtual ~TLS_Channel(); + virtual ~Channel(); protected: /** @@ -83,14 +85,14 @@ class BOTAN_DLL TLS_Channel virtual void alert_notify(bool fatal_alert, Alert_Type type) = 0; std::tr1::function proc_fn; - std::tr1::function handshake_fn; + std::tr1::function handshake_fn; Record_Writer writer; Record_Reader reader; std::vector peer_certs; - class TLS_Handshake_State* state; + class Handshake_State* state; class Secure_Renegotiation_State { @@ -131,4 +133,6 @@ class BOTAN_DLL TLS_Channel } +} + #endif diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index 48f0aec16..d1b31f137 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -13,19 +13,21 @@ namespace Botan { +namespace TLS { + /* * TLS Client Constructor */ -TLS_Client::TLS_Client(std::tr1::function output_fn, +Client::Client(std::tr1::function output_fn, std::tr1::function proc_fn, - std::tr1::function handshake_fn, - TLS_Session_Manager& session_manager, + std::tr1::function handshake_fn, + Session_Manager& session_manager, Credentials_Manager& creds, - const TLS_Policy& policy, + const Policy& policy, RandomNumberGenerator& rng, const std::string& hostname, std::tr1::function)> next_protocol) : - TLS_Channel(output_fn, proc_fn, handshake_fn), + Channel(output_fn, proc_fn, handshake_fn), policy(policy), rng(rng), session_manager(session_manager), @@ -33,7 +35,7 @@ TLS_Client::TLS_Client(std::tr1::function output_fn { writer.set_version(SSL_V3); - state = new TLS_Handshake_State; + state = new Handshake_State; state->set_expected_next(SERVER_HELLO); state->client_npn_cb = next_protocol; @@ -44,7 +46,7 @@ TLS_Client::TLS_Client(std::tr1::function output_fn if(hostname != "") { - TLS_Session session_info; + Session session_info; if(session_manager.load_from_host_info(hostname, 0, session_info)) { if(session_info.srp_identifier() == srp_identifier) @@ -80,12 +82,12 @@ TLS_Client::TLS_Client(std::tr1::function output_fn /* * Send a new client hello to renegotiate */ -void TLS_Client::renegotiate() +void Client::renegotiate() { if(state) return; // currently in handshake - state = new TLS_Handshake_State; + state = new Handshake_State; state->set_expected_next(SERVER_HELLO); state->client_hello = new Client_Hello(writer, state->hash, policy, rng, @@ -94,7 +96,7 @@ void TLS_Client::renegotiate() secure_renegotiation.update(state->client_hello); } -void TLS_Client::alert_notify(bool, Alert_Type type) +void Client::alert_notify(bool, Alert_Type type) { if(type == NO_RENEGOTIATION) { @@ -109,7 +111,7 @@ void TLS_Client::alert_notify(bool, Alert_Type type) /* * Process a handshake message */ -void TLS_Client::process_handshake_msg(Handshake_Type type, +void Client::process_handshake_msg(Handshake_Type type, const MemoryRegion& contents) { if(state == 0) @@ -178,7 +180,7 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, secure_renegotiation.update(state->server_hello); - state->suite = TLS_Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite()); + state->suite = Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite()); if(!state->server_hello->session_id().empty() && (state->server_hello->session_id() == state->client_hello->session_id())) @@ -206,13 +208,13 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, if(state->version > state->client_hello->version()) { throw TLS_Exception(HANDSHAKE_FAILURE, - "TLS_Client: Server replied with bad version"); + "Client: Server replied with bad version"); } if(state->version < policy.min_version()) { throw TLS_Exception(PROTOCOL_VERSION, - "TLS_Client: Server is too old for specified policy"); + "Client: Server is too old for specified policy"); } if(state->suite.sig_algo() != "") @@ -247,11 +249,11 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, peer_certs = state->server_certs->cert_chain(); if(peer_certs.size() == 0) throw TLS_Exception(HANDSHAKE_FAILURE, - "TLS_Client: No certificates sent by server"); + "Client: No certificates sent by server"); if(!policy.check_cert(peer_certs)) throw TLS_Exception(BAD_CERTIFICATE, - "TLS_Client: Server certificate is not valid"); + "Client: Server certificate is not valid"); std::auto_ptr peer_key(peer_certs[0].subject_public_key()); @@ -368,7 +370,7 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, state->client_finished = new Finished(writer, state, CLIENT); } - TLS_Session session_info( + Session session_info( state->server_hello->session_id(), state->keys.master_secret(), state->server_hello->version(), @@ -398,3 +400,5 @@ void TLS_Client::process_handshake_msg(Handshake_Type type, } } + +} diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h index 95b5c8f61..d67a14b75 100644 --- a/src/tls/tls_client.h +++ b/src/tls/tls_client.h @@ -15,10 +15,12 @@ namespace Botan { +namespace TLS { + /** * SSL/TLS Client */ -class BOTAN_DLL TLS_Client : public TLS_Channel +class BOTAN_DLL Client : public Channel { public: /** @@ -40,12 +42,12 @@ class BOTAN_DLL TLS_Client : public TLS_Channel * called with the list of protocols the server advertised; * the client should return the protocol it would like to use. */ - TLS_Client(std::tr1::function socket_output_fn, + Client(std::tr1::function socket_output_fn, std::tr1::function proc_fn, - std::tr1::function handshake_complete, - TLS_Session_Manager& session_manager, + std::tr1::function handshake_complete, + Session_Manager& session_manager, Credentials_Manager& creds, - const TLS_Policy& policy, + const Policy& policy, RandomNumberGenerator& rng, const std::string& servername = "", std::tr1::function)> next_protocol = @@ -58,12 +60,14 @@ class BOTAN_DLL TLS_Client : public TLS_Channel void alert_notify(bool is_fatal, Alert_Type type); - const TLS_Policy& policy; + const Policy& policy; RandomNumberGenerator& rng; - TLS_Session_Manager& session_manager; + Session_Manager& session_manager; Credentials_Manager& creds; }; } +} + #endif diff --git a/src/tls/tls_exceptn.h b/src/tls/tls_exceptn.h index 37b9c0d27..f29f008be 100644 --- a/src/tls/tls_exceptn.h +++ b/src/tls/tls_exceptn.h @@ -13,6 +13,8 @@ namespace Botan { +namespace TLS { + /** * Exception Base Class */ @@ -40,4 +42,6 @@ struct BOTAN_DLL Unexpected_Message : public TLS_Exception } +} + #endif diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp index 570c7161c..631095c1e 100644 --- a/src/tls/tls_extensions.cpp +++ b/src/tls/tls_extensions.cpp @@ -11,11 +11,13 @@ namespace Botan { +namespace TLS { + namespace { -TLS_Extension* make_extension(TLS_Data_Reader& reader, - u16bit code, - u16bit size) +Extension* make_extension(TLS_Data_Reader& reader, + u16bit code, + u16bit size) { switch(code) { @@ -47,7 +49,7 @@ TLS_Extension* make_extension(TLS_Data_Reader& reader, } -TLS_Extensions::TLS_Extensions(TLS_Data_Reader& reader) +Extensions::Extensions(TLS_Data_Reader& reader) { if(reader.has_remaining()) { @@ -61,7 +63,7 @@ TLS_Extensions::TLS_Extensions(TLS_Data_Reader& reader) const u16bit extension_code = reader.get_u16bit(); const u16bit extension_size = reader.get_u16bit(); - TLS_Extension* extn = make_extension(reader, + Extension* extn = make_extension(reader, extension_code, extension_size); @@ -73,11 +75,11 @@ TLS_Extensions::TLS_Extensions(TLS_Data_Reader& reader) } } -MemoryVector TLS_Extensions::serialize() const +MemoryVector Extensions::serialize() const { MemoryVector buf(2); // 2 bytes for length field - for(std::map::const_iterator i = extensions.begin(); + for(std::map::const_iterator i = extensions.begin(); i != extensions.end(); ++i) { if(i->second->empty()) @@ -108,9 +110,9 @@ MemoryVector TLS_Extensions::serialize() const return buf; } -TLS_Extensions::~TLS_Extensions() +Extensions::~Extensions() { - for(std::map::const_iterator i = extensions.begin(); + for(std::map::const_iterator i = extensions.begin(); i != extensions.end(); ++i) { delete i->second; @@ -516,3 +518,5 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader, } } + +} diff --git a/src/tls/tls_extensions.h b/src/tls/tls_extensions.h index d0aee6d04..7f9321331 100644 --- a/src/tls/tls_extensions.h +++ b/src/tls/tls_extensions.h @@ -16,33 +16,35 @@ namespace Botan { +namespace TLS { + class TLS_Data_Reader; /** * Base class representing a TLS extension of some kind */ -class TLS_Extension +class Extension { public: - virtual TLS_Handshake_Extension_Type type() const = 0; + virtual Handshake_Extension_Type type() const = 0; virtual MemoryVector serialize() const = 0; virtual bool empty() const = 0; - virtual ~TLS_Extension() {} + virtual ~Extension() {} }; /** * Server Name Indicator extension (RFC 3546) */ -class Server_Name_Indicator : public TLS_Extension +class Server_Name_Indicator : public Extension { public: - static TLS_Handshake_Extension_Type static_type() + static Handshake_Extension_Type static_type() { return TLSEXT_SERVER_NAME_INDICATION; } - TLS_Handshake_Extension_Type type() const { return static_type(); } + Handshake_Extension_Type type() const { return static_type(); } Server_Name_Indicator(const std::string& host_name) : sni_host_name(host_name) {} @@ -62,13 +64,13 @@ class Server_Name_Indicator : public TLS_Extension /** * SRP identifier extension (RFC 5054) */ -class SRP_Identifier : public TLS_Extension +class SRP_Identifier : public Extension { public: - static TLS_Handshake_Extension_Type static_type() + static Handshake_Extension_Type static_type() { return TLSEXT_SRP_IDENTIFIER; } - TLS_Handshake_Extension_Type type() const { return static_type(); } + Handshake_Extension_Type type() const { return static_type(); } SRP_Identifier(const std::string& identifier) : srp_identifier(identifier) {} @@ -88,13 +90,13 @@ class SRP_Identifier : public TLS_Extension /** * Renegotiation Indication Extension (RFC 5746) */ -class Renegotation_Extension : public TLS_Extension +class Renegotation_Extension : public Extension { public: - static TLS_Handshake_Extension_Type static_type() + static Handshake_Extension_Type static_type() { return TLSEXT_SAFE_RENEGOTIATION; } - TLS_Handshake_Extension_Type type() const { return static_type(); } + Handshake_Extension_Type type() const { return static_type(); } Renegotation_Extension() {} @@ -117,13 +119,13 @@ class Renegotation_Extension : public TLS_Extension /** * Maximum Fragment Length Negotiation Extension (RFC 4366 sec 3.2) */ -class Maximum_Fragment_Length : public TLS_Extension +class Maximum_Fragment_Length : public Extension { public: - static TLS_Handshake_Extension_Type static_type() + static Handshake_Extension_Type static_type() { return TLSEXT_MAX_FRAGMENT_LENGTH; } - TLS_Handshake_Extension_Type type() const { return static_type(); } + Handshake_Extension_Type type() const { return static_type(); } bool empty() const { return val != 0; } @@ -156,13 +158,13 @@ class Maximum_Fragment_Length : public TLS_Extension * spec (implemented in Chromium); the internet draft leaves the format * unspecified. */ -class Next_Protocol_Notification : public TLS_Extension +class Next_Protocol_Notification : public Extension { public: - static TLS_Handshake_Extension_Type static_type() + static Handshake_Extension_Type static_type() { return TLSEXT_NEXT_PROTOCOL; } - TLS_Handshake_Extension_Type type() const { return static_type(); } + Handshake_Extension_Type type() const { return static_type(); } const std::vector& protocols() const { return m_protocols; } @@ -191,13 +193,13 @@ class Next_Protocol_Notification : public TLS_Extension /** * Supported Elliptic Curves Extension (RFC 4492) */ -class Supported_Elliptic_Curves : public TLS_Extension +class Supported_Elliptic_Curves : public Extension { public: - static TLS_Handshake_Extension_Type static_type() + static Handshake_Extension_Type static_type() { return TLSEXT_USABLE_ELLIPTIC_CURVES; } - TLS_Handshake_Extension_Type type() const { return static_type(); } + Handshake_Extension_Type type() const { return static_type(); } const std::vector& curves() const { return m_curves; } @@ -216,13 +218,13 @@ class Supported_Elliptic_Curves : public TLS_Extension /** * Signature Algorithms Extension for TLS 1.2 (RFC 5246) */ -class Signature_Algorithms : public TLS_Extension +class Signature_Algorithms : public Extension { public: - static TLS_Handshake_Extension_Type static_type() + static Handshake_Extension_Type static_type() { return TLSEXT_SIGNATURE_ALGORITHMS; } - TLS_Handshake_Extension_Type type() const { return static_type(); } + Handshake_Extension_Type type() const { return static_type(); } static std::string hash_algo_name(byte code); static byte hash_algo_code(const std::string& name); @@ -252,15 +254,15 @@ class Signature_Algorithms : public TLS_Extension /** * Represents a block of extensions in a hello message */ -class TLS_Extensions +class Extensions { public: template T* get() const { - TLS_Handshake_Extension_Type type = T::static_type(); + Handshake_Extension_Type type = T::static_type(); - std::map::const_iterator i = + std::map::const_iterator i = extensions.find(type); if(i != extensions.end()) @@ -268,7 +270,7 @@ class TLS_Extensions return 0; } - void add(TLS_Extension* extn) + void add(Extension* extn) { delete extensions[extn->type()]; // or hard error if already exists? extensions[extn->type()] = extn; @@ -276,18 +278,20 @@ class TLS_Extensions MemoryVector serialize() const; - TLS_Extensions() {} + Extensions() {} - TLS_Extensions(TLS_Data_Reader& reader); // deserialize + Extensions(TLS_Data_Reader& reader); // deserialize - ~TLS_Extensions(); + ~Extensions(); private: - TLS_Extensions(const TLS_Extensions&) {} - TLS_Extensions& operator=(const TLS_Extensions&) { return (*this); } + Extensions(const Extensions&) {} + Extensions& operator=(const Extensions&) { return (*this); } - std::map extensions; + std::map extensions; }; } +} + #endif diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp index 14d5cd5a1..e521ea342 100644 --- a/src/tls/tls_handshake_hash.cpp +++ b/src/tls/tls_handshake_hash.cpp @@ -14,7 +14,9 @@ namespace Botan { -void TLS_Handshake_Hash::update(Handshake_Type handshake_type, +namespace TLS { + +void Handshake_Hash::update(Handshake_Type handshake_type, const MemoryRegion& handshake_msg) { update(static_cast(handshake_type)); @@ -29,7 +31,7 @@ void TLS_Handshake_Hash::update(Handshake_Type handshake_type, /** * Return a TLS Handshake Hash */ -SecureVector TLS_Handshake_Hash::final(Version_Code version) +SecureVector Handshake_Hash::final(Version_Code version) { SecureVector output; @@ -61,7 +63,7 @@ SecureVector TLS_Handshake_Hash::final(Version_Code version) /** * Return a SSLv3 Handshake Hash */ -SecureVector TLS_Handshake_Hash::final_ssl3(const MemoryRegion& secret) +SecureVector Handshake_Hash::final_ssl3(const MemoryRegion& secret) { const byte PAD_INNER = 0x36, PAD_OUTER = 0x5C; @@ -97,3 +99,5 @@ SecureVector TLS_Handshake_Hash::final_ssl3(const MemoryRegion& secr } } + +} diff --git a/src/tls/tls_handshake_hash.h b/src/tls/tls_handshake_hash.h index 1ca11b99f..a6c2b44e1 100644 --- a/src/tls/tls_handshake_hash.h +++ b/src/tls/tls_handshake_hash.h @@ -13,12 +13,14 @@ namespace Botan { +namespace TLS { + using namespace Botan; /** * TLS Handshake Hash */ -class TLS_Handshake_Hash +class Handshake_Hash { public: void update(const byte in[], size_t length) @@ -45,4 +47,6 @@ class TLS_Handshake_Hash } +} + #endif diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index 6ad9b630c..5eb44414e 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -11,6 +11,8 @@ namespace Botan { +namespace TLS { + namespace { u32bit bitmask_for_handshake_type(Handshake_Type type) @@ -73,7 +75,7 @@ u32bit bitmask_for_handshake_type(Handshake_Type type) /* * Initialize the SSL/TLS Handshake State */ -TLS_Handshake_State::TLS_Handshake_State() +Handshake_State::Handshake_State() { client_hello = 0; server_hello = 0; @@ -97,7 +99,7 @@ TLS_Handshake_State::TLS_Handshake_State() hand_received_mask = 0; } -void TLS_Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) +void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) { const u32bit mask = bitmask_for_handshake_type(handshake_msg); @@ -117,12 +119,12 @@ void TLS_Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) hand_expecting_mask = 0; } -void TLS_Handshake_State::set_expected_next(Handshake_Type handshake_msg) +void Handshake_State::set_expected_next(Handshake_Type handshake_msg) { hand_expecting_mask |= bitmask_for_handshake_type(handshake_msg); } -bool TLS_Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) const +bool Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) const { const u32bit mask = bitmask_for_handshake_type(handshake_msg); @@ -130,7 +132,7 @@ bool TLS_Handshake_State::received_handshake_msg(Handshake_Type handshake_msg) c } std::pair -TLS_Handshake_State::choose_sig_format(const Private_Key* key, +Handshake_State::choose_sig_format(const Private_Key* key, std::string& hash_algo_out, std::string& sig_algo_out, bool for_client_auth) @@ -182,7 +184,7 @@ TLS_Handshake_State::choose_sig_format(const Private_Key* key, } std::pair -TLS_Handshake_State::understand_sig_format(const Public_Key* key, +Handshake_State::understand_sig_format(const Public_Key* key, std::string hash_algo, std::string sig_algo, bool for_client_auth) @@ -247,7 +249,7 @@ TLS_Handshake_State::understand_sig_format(const Public_Key* key, /* * Destroy the SSL/TLS Handshake State */ -TLS_Handshake_State::~TLS_Handshake_State() +Handshake_State::~Handshake_State() { delete client_hello; delete server_hello; @@ -267,3 +269,5 @@ TLS_Handshake_State::~TLS_Handshake_State() } } + +} diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h index 18b289fe1..54e0da892 100644 --- a/src/tls/tls_handshake_state.h +++ b/src/tls/tls_handshake_state.h @@ -32,14 +32,16 @@ namespace Botan { +namespace TLS { + /** * SSL/TLS Handshake State */ -class TLS_Handshake_State +class Handshake_State { public: - TLS_Handshake_State(); - ~TLS_Handshake_State(); + Handshake_State(); + ~Handshake_State(); bool received_handshake_msg(Handshake_Type handshake_msg) const; @@ -78,9 +80,9 @@ class TLS_Handshake_State Private_Key* kex_priv; - TLS_Ciphersuite suite; + Ciphersuite suite; Session_Keys keys; - TLS_Handshake_Hash hash; + Handshake_Hash hash; SecureQueue queue; @@ -100,4 +102,6 @@ class TLS_Handshake_State } +} + #endif diff --git a/src/tls/tls_magic.h b/src/tls/tls_magic.h index 3426088bd..09919c26f 100644 --- a/src/tls/tls_magic.h +++ b/src/tls/tls_magic.h @@ -10,6 +10,8 @@ namespace Botan { +namespace TLS { + /** * Protocol Constants for SSL/TLS */ @@ -167,7 +169,7 @@ enum Compression_Method { DEFLATE_COMPRESSION = 0x01 }; -enum TLS_Handshake_Extension_Type { +enum Handshake_Extension_Type { TLSEXT_SERVER_NAME_INDICATION = 0, TLSEXT_MAX_FRAGMENT_LENGTH = 1, TLSEXT_CLIENT_CERT_URL = 2, @@ -189,4 +191,6 @@ enum TLS_Handshake_Extension_Type { } +} + #endif diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index 3579f7828..89eb4af16 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -20,6 +20,8 @@ namespace Botan { +namespace TLS { + class Record_Writer; class Record_Reader; @@ -29,7 +31,7 @@ class Record_Reader; class Handshake_Message { public: - void send(Record_Writer& writer, TLS_Handshake_Hash& hash) const; + void send(Record_Writer& writer, Handshake_Hash& hash) const; virtual Handshake_Type type() const = 0; @@ -82,8 +84,8 @@ class Client_Hello : public Handshake_Message size_t fragment_size() const { return m_fragment_size; } Client_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, - const TLS_Policy& policy, + Handshake_Hash& hash, + const Policy& policy, RandomNumberGenerator& rng, const MemoryRegion& reneg_info, bool next_protocol = false, @@ -91,9 +93,9 @@ class Client_Hello : public Handshake_Message const std::string& srp_identifier = ""); Client_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, RandomNumberGenerator& rng, - const TLS_Session& resumed_session, + const Session& resumed_session, bool next_protocol = false); Client_Hello(const MemoryRegion& buf, @@ -153,11 +155,11 @@ class Server_Hello : public Handshake_Message const MemoryVector& random() const { return s_random; } Server_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, Version_Code version, const Client_Hello& other, const std::vector& certs, - const TLS_Policy& policies, + const Policy& policies, bool client_has_secure_renegotiation, const MemoryRegion& reneg_info, bool client_has_npn, @@ -165,7 +167,7 @@ class Server_Hello : public Handshake_Message RandomNumberGenerator& rng); Server_Hello(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, const MemoryRegion& session_id, Version_Code ver, u16bit ciphersuite, @@ -210,12 +212,12 @@ class Client_Key_Exchange : public Handshake_Message Version_Code version); Client_Key_Exchange(Record_Writer& output, - TLS_Handshake_State* state, + Handshake_State* state, const std::vector& peer_certs, RandomNumberGenerator& rng); Client_Key_Exchange(const MemoryRegion& buf, - const TLS_Ciphersuite& suite, + const Ciphersuite& suite, Version_Code using_version); private: MemoryVector serialize() const; @@ -237,7 +239,7 @@ class Certificate : public Handshake_Message bool empty() const { return certs.empty(); } Certificate(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, const std::vector& certs); Certificate(const MemoryRegion& buf); @@ -262,8 +264,8 @@ class Certificate_Req : public Handshake_Message { return m_supported_algos; } Certificate_Req(Record_Writer& writer, - TLS_Handshake_Hash& hash, - const TLS_Policy& policy, + Handshake_Hash& hash, + const Policy& policy, const std::vector& allowed_cas, Version_Code version); @@ -292,10 +294,10 @@ class Certificate_Verify : public Handshake_Message * @param state the handshake state */ bool verify(const X509_Certificate& cert, - TLS_Handshake_State* state); + Handshake_State* state); Certificate_Verify(Record_Writer& writer, - TLS_Handshake_State* state, + Handshake_State* state, RandomNumberGenerator& rng, const Private_Key* key); @@ -320,11 +322,11 @@ class Finished : public Handshake_Message MemoryVector verify_data() const { return verification_data; } - bool verify(TLS_Handshake_State* state, + bool verify(Handshake_State* state, Connection_Side side); Finished(Record_Writer& writer, - TLS_Handshake_State* state, + Handshake_State* state, Connection_Side side); Finished(const MemoryRegion& buf); @@ -360,10 +362,10 @@ class Server_Key_Exchange : public Handshake_Message const std::vector& params() const { return m_params; } bool verify(const X509_Certificate& cert, - TLS_Handshake_State* state) const; + Handshake_State* state) const; Server_Key_Exchange(Record_Writer& writer, - TLS_Handshake_State* state, + Handshake_State* state, RandomNumberGenerator& rng, const Private_Key* priv_key); @@ -390,7 +392,7 @@ class Server_Hello_Done : public Handshake_Message public: Handshake_Type type() const { return SERVER_HELLO_DONE; } - Server_Hello_Done(Record_Writer& writer, TLS_Handshake_Hash& hash); + Server_Hello_Done(Record_Writer& writer, Handshake_Hash& hash); Server_Hello_Done(const MemoryRegion& buf); private: MemoryVector serialize() const; @@ -407,7 +409,7 @@ class Next_Protocol : public Handshake_Message std::string protocol() const { return m_protocol; } Next_Protocol(Record_Writer& writer, - TLS_Handshake_Hash& hash, + Handshake_Hash& hash, const std::string& protocol); Next_Protocol(const MemoryRegion& buf); @@ -419,4 +421,6 @@ class Next_Protocol : public Handshake_Message } +} + #endif diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp index c02f35a9a..ca6286b72 100644 --- a/src/tls/tls_policy.cpp +++ b/src/tls/tls_policy.cpp @@ -12,7 +12,9 @@ namespace Botan { -std::vector TLS_Policy::allowed_ciphers() const +namespace TLS { + +std::vector Policy::allowed_ciphers() const { std::vector allowed; allowed.push_back("AES-256"); @@ -23,7 +25,7 @@ std::vector TLS_Policy::allowed_ciphers() const return allowed; } -std::vector TLS_Policy::allowed_hashes() const +std::vector Policy::allowed_hashes() const { std::vector allowed; allowed.push_back("SHA-512"); @@ -35,7 +37,7 @@ std::vector TLS_Policy::allowed_hashes() const return allowed; } -std::vector TLS_Policy::allowed_key_exchange_methods() const +std::vector Policy::allowed_key_exchange_methods() const { std::vector allowed; //allowed.push_back("ECDH"); @@ -45,7 +47,7 @@ std::vector TLS_Policy::allowed_key_exchange_methods() const return allowed; } -std::vector TLS_Policy::allowed_signature_methods() const +std::vector Policy::allowed_signature_methods() const { std::vector allowed; //allowed.push_back("ECDSA"); @@ -65,7 +67,7 @@ class Ciphersuite_Preference_Ordering const std::vector& sigs) : m_ciphers(ciphers), m_hashes(hashes), m_kex(kex), m_sigs(sigs) {} - bool operator()(const TLS_Ciphersuite& a, const TLS_Ciphersuite& b) const + bool operator()(const Ciphersuite& a, const Ciphersuite& b) const { if(a.kex_algo() != b.kex_algo()) { @@ -120,7 +122,7 @@ class Ciphersuite_Preference_Ordering } -std::vector TLS_Policy::ciphersuite_list(bool have_srp) const +std::vector Policy::ciphersuite_list(bool have_srp) const { std::vector ciphers = allowed_ciphers(); std::vector hashes = allowed_hashes(); @@ -137,12 +139,12 @@ std::vector TLS_Policy::ciphersuite_list(bool have_srp) const Ciphersuite_Preference_Ordering order(ciphers, hashes, kex, sigs); - std::map ciphersuites(order); + std::map ciphersuites(order); // When in doubt use brute force :) for(u32bit i = 0; i != 65536; ++i) { - TLS_Ciphersuite suite = TLS_Ciphersuite::lookup_ciphersuite(i); + Ciphersuite suite = Ciphersuite::lookup_ciphersuite(i); if(suite.cipher_keylen() == 0) continue; // not a ciphersuite we know @@ -157,7 +159,7 @@ std::vector TLS_Policy::ciphersuite_list(bool have_srp) const std::vector ciphersuite_codes; - for(std::map::iterator i = ciphersuites.begin(); + for(std::map::iterator i = ciphersuites.begin(); i != ciphersuites.end(); ++i) { ciphersuite_codes.push_back(i->second); @@ -169,7 +171,7 @@ std::vector TLS_Policy::ciphersuite_list(bool have_srp) const /* * Return allowed compression algorithms */ -std::vector TLS_Policy::compression() const +std::vector Policy::compression() const { std::vector algs; algs.push_back(NO_COMPRESSION); @@ -179,7 +181,7 @@ std::vector TLS_Policy::compression() const /* * Choose which ciphersuite to use */ -u16bit TLS_Policy::choose_suite(const std::vector& client_suites, +u16bit Policy::choose_suite(const std::vector& client_suites, bool have_rsa, bool have_dsa, bool have_srp) const @@ -187,7 +189,7 @@ u16bit TLS_Policy::choose_suite(const std::vector& client_suites, for(size_t i = 0; i != client_suites.size(); ++i) { u16bit suite_id = client_suites[i]; - TLS_Ciphersuite suite = TLS_Ciphersuite::lookup_ciphersuite(suite_id); + Ciphersuite suite = Ciphersuite::lookup_ciphersuite(suite_id); if(suite.cipher_keylen() == 0) continue; // not a ciphersuite we know @@ -216,7 +218,7 @@ u16bit TLS_Policy::choose_suite(const std::vector& client_suites, /* * Choose which compression algorithm to use */ -byte TLS_Policy::choose_compression(const std::vector& c_comp) const +byte Policy::choose_compression(const std::vector& c_comp) const { std::vector s_comp = compression(); @@ -229,3 +231,5 @@ byte TLS_Policy::choose_compression(const std::vector& c_comp) const } } + +} diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h index 5bf60742b..f8e608cdb 100644 --- a/src/tls/tls_policy.h +++ b/src/tls/tls_policy.h @@ -15,11 +15,13 @@ namespace Botan { +namespace TLS { + /** * TLS Policy Base Class * Inherit and overload as desired to suite local policy concerns */ -class BOTAN_DLL TLS_Policy +class BOTAN_DLL Policy { public: /* @@ -77,9 +79,11 @@ class BOTAN_DLL TLS_Policy */ virtual Version_Code pref_version() const { return TLS_V12; } - virtual ~TLS_Policy() {} + virtual ~Policy() {} }; } +} + #endif diff --git a/src/tls/tls_reader.h b/src/tls/tls_reader.h index 1cf7adab0..09487c5f9 100644 --- a/src/tls/tls_reader.h +++ b/src/tls/tls_reader.h @@ -17,6 +17,8 @@ namespace Botan { +namespace TLS { + /** * Helper class for decoding TLS protocol messages */ @@ -205,4 +207,6 @@ void append_tls_length_value(MemoryRegion& buf, } +} + #endif diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h index c4b483c80..979154001 100644 --- a/src/tls/tls_record.h +++ b/src/tls/tls_record.h @@ -30,6 +30,8 @@ namespace Botan { +namespace TLS { + class Session_Keys; /** @@ -43,7 +45,7 @@ class BOTAN_DLL Record_Writer void alert(Alert_Level level, Alert_Type type); - void activate(const TLS_Ciphersuite& suite, + void activate(const Ciphersuite& suite, const Session_Keys& keys, Connection_Side side); @@ -97,7 +99,7 @@ class BOTAN_DLL Record_Reader byte& msg_type, MemoryVector& msg); - void activate(const TLS_Ciphersuite& suite, + void activate(const Ciphersuite& suite, const Session_Keys& keys, Connection_Side side); @@ -132,4 +134,6 @@ class BOTAN_DLL Record_Reader } +} + #endif diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 5d07d22ba..6c6977b91 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -13,10 +13,12 @@ namespace Botan { +namespace TLS { + namespace { -bool check_for_resume(TLS_Session& session_info, - TLS_Session_Manager& session_manager, +bool check_for_resume(Session& session_info, + Session_Manager& session_manager, Client_Hello* client_hello) { MemoryVector client_session_id = client_hello->session_id(); @@ -64,15 +66,15 @@ bool check_for_resume(TLS_Session& session_info, /* * TLS Server Constructor */ -TLS_Server::TLS_Server(std::tr1::function output_fn, +Server::Server(std::tr1::function output_fn, std::tr1::function proc_fn, - std::tr1::function handshake_fn, - TLS_Session_Manager& session_manager, + std::tr1::function handshake_fn, + Session_Manager& session_manager, Credentials_Manager& creds, - const TLS_Policy& policy, + const Policy& policy, RandomNumberGenerator& rng, const std::vector& next_protocols) : - TLS_Channel(output_fn, proc_fn, handshake_fn), + Channel(output_fn, proc_fn, handshake_fn), policy(policy), rng(rng), session_manager(session_manager), @@ -84,17 +86,17 @@ TLS_Server::TLS_Server(std::tr1::function output_fn /* * Send a hello request to the client */ -void TLS_Server::renegotiate() +void Server::renegotiate() { if(state) return; // currently in handshake - state = new TLS_Handshake_State; + state = new Handshake_State; state->set_expected_next(CLIENT_HELLO); Hello_Request hello_req(writer); } -void TLS_Server::alert_notify(bool, Alert_Type type) +void Server::alert_notify(bool, Alert_Type type) { if(type == NO_RENEGOTIATION) { @@ -109,22 +111,22 @@ void TLS_Server::alert_notify(bool, Alert_Type type) /* * Split up and process handshake messages */ -void TLS_Server::read_handshake(byte rec_type, +void Server::read_handshake(byte rec_type, const MemoryRegion& rec_buf) { if(rec_type == HANDSHAKE && !state) { - state = new TLS_Handshake_State; + state = new Handshake_State; state->set_expected_next(CLIENT_HELLO); } - TLS_Channel::read_handshake(rec_type, rec_buf); + Channel::read_handshake(rec_type, rec_buf); } /* * Process a handshake message */ -void TLS_Server::process_handshake_msg(Handshake_Type type, +void Server::process_handshake_msg(Handshake_Type type, const MemoryRegion& contents) { if(state == 0) @@ -169,7 +171,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, writer.set_version(state->version); reader.set_version(state->version); - TLS_Session session_info; + Session session_info; const bool resuming = check_for_resume(session_info, session_manager, state->client_hello); @@ -198,7 +200,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, writer.set_maximum_fragment_size(session_info.fragment_size()); } - state->suite = TLS_Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite()); + state->suite = Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite()); state->keys = Session_Keys(state, session_info.master_secret(), true); @@ -245,7 +247,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, writer.set_maximum_fragment_size(state->client_hello->fragment_size()); } - state->suite = TLS_Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite()); + state->suite = Ciphersuite::lookup_ciphersuite(state->server_hello->ciphersuite()); if(state->suite.sig_algo() != "") { @@ -259,7 +261,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, if(state->suite.kex_algo() == "DH") state->kex_priv = new DH_PrivateKey(rng, policy.dh_group()); else - throw Internal_Error("TLS_Server: Unknown ciphersuite kex type " + + throw Internal_Error("Server: Unknown ciphersuite kex type " + state->suite.kex_algo()); state->server_kex = @@ -386,7 +388,7 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, peer_certs = state->client_certs->cert_chain(); } - TLS_Session session_info( + Session session_info( state->server_hello->session_id(), state->keys.master_secret(), state->server_hello->version(), @@ -417,3 +419,5 @@ void TLS_Server::process_handshake_msg(Handshake_Type type, } } + +} diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h index f8c3a8563..c283d4a18 100644 --- a/src/tls/tls_server.h +++ b/src/tls/tls_server.h @@ -15,21 +15,23 @@ namespace Botan { +namespace TLS { + /** * TLS Server */ -class BOTAN_DLL TLS_Server : public TLS_Channel +class BOTAN_DLL Server : public Channel { public: /** - * TLS_Server initialization + * Server initialization */ - TLS_Server(std::tr1::function socket_output_fn, + Server(std::tr1::function socket_output_fn, std::tr1::function proc_fn, - std::tr1::function handshake_complete, - TLS_Session_Manager& session_manager, + std::tr1::function handshake_complete, + Session_Manager& session_manager, Credentials_Manager& creds, - const TLS_Policy& policy, + const Policy& policy, RandomNumberGenerator& rng, const std::vector& protocols = std::vector()); @@ -55,9 +57,9 @@ class BOTAN_DLL TLS_Server : public TLS_Channel void alert_notify(bool is_fatal, Alert_Type type); - const TLS_Policy& policy; + const Policy& policy; RandomNumberGenerator& rng; - TLS_Session_Manager& session_manager; + Session_Manager& session_manager; Credentials_Manager& creds; std::vector m_possible_protocols; @@ -67,4 +69,6 @@ class BOTAN_DLL TLS_Server : public TLS_Channel } +} + #endif diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp index deaddb227..3716878e1 100644 --- a/src/tls/tls_session.cpp +++ b/src/tls/tls_session.cpp @@ -13,7 +13,9 @@ namespace Botan { -TLS_Session::TLS_Session(const MemoryRegion& session_identifier, +namespace TLS { + +Session::Session(const MemoryRegion& session_identifier, const MemoryRegion& master_secret, Version_Code version, u16bit ciphersuite, @@ -41,7 +43,7 @@ TLS_Session::TLS_Session(const MemoryRegion& session_identifier, m_peer_certificate = certs[0].BER_encode(); } -TLS_Session::TLS_Session(const byte ber[], size_t ber_len) +Session::Session(const byte ber[], size_t ber_len) { BER_Decoder decoder(ber, ber_len); @@ -70,7 +72,7 @@ TLS_Session::TLS_Session(const byte ber[], size_t ber_len) m_connection_side = static_cast(side_code); } -SecureVector TLS_Session::BER_encode() const +SecureVector Session::BER_encode() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -92,3 +94,5 @@ SecureVector TLS_Session::BER_encode() const } } + +} diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h index 12b76bcab..9b3f5b194 100644 --- a/src/tls/tls_session.h +++ b/src/tls/tls_session.h @@ -14,17 +14,19 @@ namespace Botan { +namespace TLS { + /** * Class representing a TLS session state */ -class BOTAN_DLL TLS_Session +class BOTAN_DLL Session { public: /** * Uninitialized session */ - TLS_Session() : + Session() : m_start_time(0), m_version(0), m_ciphersuite(0), @@ -37,7 +39,7 @@ class BOTAN_DLL TLS_Session /** * New session (sets session start time) */ - TLS_Session(const MemoryRegion& session_id, + Session(const MemoryRegion& session_id, const MemoryRegion& master_secret, Version_Code version, u16bit ciphersuite, @@ -52,7 +54,7 @@ class BOTAN_DLL TLS_Session /** * Load a session from BER (created by BER_encode) */ - TLS_Session(const byte ber[], size_t ber_len); + Session(const byte ber[], size_t ber_len); /** * Encode this session data for storage @@ -154,4 +156,6 @@ class BOTAN_DLL TLS_Session } +} + #endif diff --git a/src/tls/tls_session_key.cpp b/src/tls/tls_session_key.cpp index cb55499f0..42727273a 100644 --- a/src/tls/tls_session_key.cpp +++ b/src/tls/tls_session_key.cpp @@ -13,6 +13,8 @@ namespace Botan { +namespace TLS { + namespace { std::string lookup_prf_name(Version_Code version) @@ -32,7 +34,7 @@ std::string lookup_prf_name(Version_Code version) /** * Session_Keys Constructor */ -Session_Keys::Session_Keys(TLS_Handshake_State* state, +Session_Keys::Session_Keys(Handshake_State* state, const MemoryRegion& pre_master_secret, bool resuming) { @@ -101,3 +103,5 @@ Session_Keys::Session_Keys(TLS_Handshake_State* state, } } + +} diff --git a/src/tls/tls_session_key.h b/src/tls/tls_session_key.h index 8ba3d2b72..736475be6 100644 --- a/src/tls/tls_session_key.h +++ b/src/tls/tls_session_key.h @@ -14,6 +14,8 @@ namespace Botan { +namespace TLS { + /** * TLS Session Keys */ @@ -33,7 +35,7 @@ class Session_Keys Session_Keys() {} - Session_Keys(class TLS_Handshake_State* state, + Session_Keys(class Handshake_State* state, const MemoryRegion& pre_master, bool resuming); @@ -45,4 +47,6 @@ class Session_Keys } +} + #endif diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp index e5ec75c88..59fc75b9f 100644 --- a/src/tls/tls_session_manager.cpp +++ b/src/tls/tls_session_manager.cpp @@ -11,10 +11,12 @@ namespace Botan { -bool TLS_Session_Manager_In_Memory::load_from_session_str( - const std::string& session_str, TLS_Session& session) +namespace TLS { + +bool Session_Manager_In_Memory::load_from_session_str( + const std::string& session_str, Session& session) { - std::map::iterator i = sessions.find(session_str); + std::map::iterator i = sessions.find(session_str); if(i == sessions.end()) return false; @@ -31,14 +33,14 @@ bool TLS_Session_Manager_In_Memory::load_from_session_str( return true; } -bool TLS_Session_Manager_In_Memory::load_from_session_id( - const MemoryRegion& session_id, TLS_Session& session) +bool Session_Manager_In_Memory::load_from_session_id( + const MemoryRegion& session_id, Session& session) { return load_from_session_str(hex_encode(session_id), session); } -bool TLS_Session_Manager_In_Memory::load_from_host_info( - const std::string& hostname, u16bit port, TLS_Session& session) +bool Session_Manager_In_Memory::load_from_host_info( + const std::string& hostname, u16bit port, Session& session) { std::map::iterator i; @@ -59,17 +61,17 @@ bool TLS_Session_Manager_In_Memory::load_from_host_info( return false; } -void TLS_Session_Manager_In_Memory::remove_entry( +void Session_Manager_In_Memory::remove_entry( const MemoryRegion& session_id) { - std::map::iterator i = + std::map::iterator i = sessions.find(hex_encode(session_id)); if(i != sessions.end()) sessions.erase(i); } -void TLS_Session_Manager_In_Memory::save(const TLS_Session& session) +void Session_Manager_In_Memory::save(const Session& session) { if(max_sessions != 0) { @@ -90,3 +92,5 @@ void TLS_Session_Manager_In_Memory::save(const TLS_Session& session) } } + +} diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h index 289b76a3b..c25fecac4 100644 --- a/src/tls/tls_session_manager.h +++ b/src/tls/tls_session_manager.h @@ -13,8 +13,10 @@ namespace Botan { +namespace TLS { + /** -* TLS_Session_Manager is an interface to systems which can save +* Session_Manager is an interface to systems which can save * session parameters for supporting session resumption. * * Saving sessions is done on a best-effort basis; an implementation is @@ -22,7 +24,7 @@ namespace Botan { * * Implementations should strive to be thread safe */ -class BOTAN_DLL TLS_Session_Manager +class BOTAN_DLL Session_Manager { public: /** @@ -33,7 +35,7 @@ class BOTAN_DLL TLS_Session_Manager * @return true if session was modified */ virtual bool load_from_session_id(const MemoryRegion& session_id, - TLS_Session& session) = 0; + Session& session) = 0; /** * Try to load a saved session (client side) @@ -44,7 +46,7 @@ class BOTAN_DLL TLS_Session_Manager * @return true if session was modified */ virtual bool load_from_host_info(const std::string& hostname, u16bit port, - TLS_Session& session) = 0; + Session& session) = 0; /** * Remove this session id from the cache, if it exists @@ -59,18 +61,18 @@ class BOTAN_DLL TLS_Session_Manager * * @param session to save */ - virtual void save(const TLS_Session& session) = 0; + virtual void save(const Session& session) = 0; - virtual ~TLS_Session_Manager() {} + virtual ~Session_Manager() {} }; /** -* A simple implementation of TLS_Session_Manager that just saves +* A simple implementation of Session_Manager that just saves * values in memory, with no persistance abilities * * @todo add locking */ -class BOTAN_DLL TLS_Session_Manager_In_Memory : public TLS_Session_Manager +class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager { public: /** @@ -79,32 +81,34 @@ class BOTAN_DLL TLS_Session_Manager_In_Memory : public TLS_Session_Manager * @param session_lifetime sessions are expired after this many * seconds have elapsed from initial handshake. */ - TLS_Session_Manager_In_Memory(size_t max_sessions = 1000, + Session_Manager_In_Memory(size_t max_sessions = 1000, size_t session_lifetime = 7200) : max_sessions(max_sessions), session_lifetime(session_lifetime) {} bool load_from_session_id(const MemoryRegion& session_id, - TLS_Session& session); + Session& session); bool load_from_host_info(const std::string& hostname, u16bit port, - TLS_Session& session); + Session& session); void remove_entry(const MemoryRegion& session_id); - void save(const TLS_Session& session_data); + void save(const Session& session_data); private: bool load_from_session_str(const std::string& session_str, - TLS_Session& session); + Session& session); size_t max_sessions, session_lifetime; - std::map sessions; // hex(session_id) -> session + std::map sessions; // hex(session_id) -> session std::map host_sessions; }; } +} + #endif diff --git a/src/tls/tls_suites.cpp b/src/tls/tls_suites.cpp index c24cdb9f7..442d261cd 100644 --- a/src/tls/tls_suites.cpp +++ b/src/tls/tls_suites.cpp @@ -10,149 +10,151 @@ namespace Botan { +namespace TLS { + /** * Convert an SSL/TLS ciphersuite to algorithm fields */ -TLS_Ciphersuite TLS_Ciphersuite::lookup_ciphersuite(u16bit suite) +Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite) { switch(suite) { // RSA ciphersuites case TLS_RSA_WITH_AES_128_CBC_SHA: - return TLS_Ciphersuite("RSA", "", "SHA-1", "AES-128", 16); + return Ciphersuite("RSA", "", "SHA-1", "AES-128", 16); case TLS_RSA_WITH_AES_256_CBC_SHA: - return TLS_Ciphersuite("RSA", "", "SHA-1", "AES-256", 32); + return Ciphersuite("RSA", "", "SHA-1", "AES-256", 32); case TLS_RSA_WITH_AES_128_CBC_SHA256: - return TLS_Ciphersuite("RSA", "", "SHA-256", "AES-128", 16); + return Ciphersuite("RSA", "", "SHA-256", "AES-128", 16); case TLS_RSA_WITH_AES_256_CBC_SHA256: - return TLS_Ciphersuite("RSA", "", "SHA-256", "AES-256", 32); + return Ciphersuite("RSA", "", "SHA-256", "AES-256", 32); case TLS_RSA_WITH_3DES_EDE_CBC_SHA: - return TLS_Ciphersuite("RSA", "", "SHA-1", "TripleDES", 24); + return Ciphersuite("RSA", "", "SHA-1", "TripleDES", 24); case TLS_RSA_WITH_RC4_128_SHA: - return TLS_Ciphersuite("RSA", "", "SHA-1", "ARC4", 16); + return Ciphersuite("RSA", "", "SHA-1", "ARC4", 16); case TLS_RSA_WITH_RC4_128_MD5: - return TLS_Ciphersuite("RSA", "", "MD5", "ARC4", 16); + return Ciphersuite("RSA", "", "MD5", "ARC4", 16); case TLS_RSA_WITH_SEED_CBC_SHA: - return TLS_Ciphersuite("RSA", "", "SHA-1", "SEED", 16); + return Ciphersuite("RSA", "", "SHA-1", "SEED", 16); // DH/DSS ciphersuites case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: - return TLS_Ciphersuite("DSA", "DH", "SHA-1", "AES-128", 16); + return Ciphersuite("DSA", "DH", "SHA-1", "AES-128", 16); case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: - return TLS_Ciphersuite("DSA", "DH", "SHA-1", "AES-256", 32); + return Ciphersuite("DSA", "DH", "SHA-1", "AES-256", 32); case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256: - return TLS_Ciphersuite("DSA", "DH", "SHA-256", "AES-128", 16); + return Ciphersuite("DSA", "DH", "SHA-256", "AES-128", 16); case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256: - return TLS_Ciphersuite("DSA", "DH", "SHA-256", "AES-256", 32); + return Ciphersuite("DSA", "DH", "SHA-256", "AES-256", 32); case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: - return TLS_Ciphersuite("DSA", "DH", "SHA-1", "TripleDES", 24); + return Ciphersuite("DSA", "DH", "SHA-1", "TripleDES", 24); case TLS_DHE_DSS_WITH_RC4_128_SHA: - return TLS_Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16); + return Ciphersuite("DSA", "DH", "SHA-1", "ARC4", 16); case TLS_DHE_DSS_WITH_SEED_CBC_SHA: - return TLS_Ciphersuite("DSA", "DH", "SHA-1", "SEED", 16); + return Ciphersuite("DSA", "DH", "SHA-1", "SEED", 16); // DH/RSA ciphersuites case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: - return TLS_Ciphersuite("RSA", "DH", "SHA-1", "AES-128", 16); + return Ciphersuite("RSA", "DH", "SHA-1", "AES-128", 16); case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: - return TLS_Ciphersuite("RSA", "DH", "SHA-1", "AES-256", 32); + return Ciphersuite("RSA", "DH", "SHA-1", "AES-256", 32); case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256: - return TLS_Ciphersuite("RSA", "DH", "SHA-256", "AES-128", 16); + return Ciphersuite("RSA", "DH", "SHA-256", "AES-128", 16); case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256: - return TLS_Ciphersuite("RSA", "DH", "SHA-256", "AES-256", 32); + return Ciphersuite("RSA", "DH", "SHA-256", "AES-256", 32); case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: - return TLS_Ciphersuite("RSA", "DH", "SHA-1", "TripleDES", 24); + return Ciphersuite("RSA", "DH", "SHA-1", "TripleDES", 24); case TLS_DHE_RSA_WITH_SEED_CBC_SHA: - return TLS_Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16); + return Ciphersuite("RSA", "DH", "SHA-1", "SEED", 16); // ECDH/RSA ciphersuites case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: - return TLS_Ciphersuite("RSA", "ECDH", "SHA-1", "AES-128", 16); + return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-128", 16); case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: - return TLS_Ciphersuite("RSA", "ECDH", "SHA-1", "AES-256", 32); + return Ciphersuite("RSA", "ECDH", "SHA-1", "AES-256", 32); case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: - return TLS_Ciphersuite("RSA", "ECDH", "SHA-1", "TripleDES", 24); + return Ciphersuite("RSA", "ECDH", "SHA-1", "TripleDES", 24); case TLS_ECDHE_RSA_WITH_RC4_128_SHA: - return TLS_Ciphersuite("RSA", "ECDH", "SHA-1", "ARC4", 16); + return Ciphersuite("RSA", "ECDH", "SHA-1", "ARC4", 16); // SRP/RSA ciphersuites case TLS_SRP_SHA_RSA_WITH_AES_128_SHA: - return TLS_Ciphersuite("RSA", "SRP", "SHA-1", "AES-128", 16); + return Ciphersuite("RSA", "SRP", "SHA-1", "AES-128", 16); case TLS_SRP_SHA_RSA_WITH_AES_256_SHA: - return TLS_Ciphersuite("RSA", "SRP", "SHA-1", "AES-256", 32); + return Ciphersuite("RSA", "SRP", "SHA-1", "AES-256", 32); case TLS_SRP_SHA_RSA_WITH_3DES_EDE_SHA: - return TLS_Ciphersuite("RSA", "SRP", "SHA-1", "TripleDES", 24); + return Ciphersuite("RSA", "SRP", "SHA-1", "TripleDES", 24); // SRP/DSA ciphersuites case TLS_SRP_SHA_DSS_WITH_AES_128_SHA: - return TLS_Ciphersuite("DSA", "SRP", "SHA-1", "AES-128", 16); + return Ciphersuite("DSA", "SRP", "SHA-1", "AES-128", 16); case TLS_SRP_SHA_DSS_WITH_AES_256_SHA: - return TLS_Ciphersuite("DSA", "SRP", "SHA-1", "AES-256", 32); + return Ciphersuite("DSA", "SRP", "SHA-1", "AES-256", 32); case TLS_SRP_SHA_DSS_WITH_3DES_EDE_SHA: - return TLS_Ciphersuite("DSA", "SRP", "SHA-1", "TripleDES", 24); + return Ciphersuite("DSA", "SRP", "SHA-1", "TripleDES", 24); // ECDH/ECDSA ciphersuites case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: - return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-128", 16); + return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-128", 16); case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: - return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-256", 32); + return Ciphersuite("ECDSA", "ECDH", "SHA-1", "AES-256", 32); case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: - return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16); + return Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16); case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384: - return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32); + return Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32); case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: - return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16); + return Ciphersuite("ECDSA", "ECDH", "SHA-256", "AES-128", 16); case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384: - return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32); + return Ciphersuite("ECDSA", "ECDH", "SHA-384", "AES-256", 32); case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: - return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-1", "ARC4", 16); + return Ciphersuite("ECDSA", "ECDH", "SHA-1", "ARC4", 16); case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: - return TLS_Ciphersuite("ECDSA", "ECDH", "SHA-1", "TripleDES", 24); + return Ciphersuite("ECDSA", "ECDH", "SHA-1", "TripleDES", 24); default: - return TLS_Ciphersuite(); // some unknown ciphersuite + return Ciphersuite(); // some unknown ciphersuite } } -TLS_Ciphersuite::TLS_Ciphersuite(const std::string& sig_algo, +Ciphersuite::Ciphersuite(const std::string& sig_algo, const std::string& kex_algo, const std::string& mac_algo, const std::string& cipher_algo, @@ -166,3 +168,5 @@ TLS_Ciphersuite::TLS_Ciphersuite(const std::string& sig_algo, } } + +} diff --git a/src/tls/tls_suites.h b/src/tls/tls_suites.h index 65203bdf7..1fd975beb 100644 --- a/src/tls/tls_suites.h +++ b/src/tls/tls_suites.h @@ -14,13 +14,15 @@ namespace Botan { +namespace TLS { + /** * Ciphersuite Information */ -class BOTAN_DLL TLS_Ciphersuite +class BOTAN_DLL Ciphersuite { public: - static TLS_Ciphersuite lookup_ciphersuite(u16bit suite); + static Ciphersuite lookup_ciphersuite(u16bit suite); const std::string kex_algo() const { return m_kex_algo; } const std::string sig_algo() const { return m_sig_algo; } @@ -30,9 +32,9 @@ class BOTAN_DLL TLS_Ciphersuite size_t cipher_keylen() const { return m_cipher_keylen; } - TLS_Ciphersuite() : m_cipher_keylen(0) {} + Ciphersuite() : m_cipher_keylen(0) {} - TLS_Ciphersuite(const std::string& sig_algo, + Ciphersuite(const std::string& sig_algo, const std::string& kex_algo, const std::string& mac_algo, const std::string& cipher_algo, @@ -44,4 +46,6 @@ class BOTAN_DLL TLS_Ciphersuite } +} + #endif -- cgit v1.2.3 From 7fb2de6b49d8bf42ede7b4dfda7c358bb67e5c9f Mon Sep 17 00:00:00 2001 From: lloyd Date: Mon, 20 Feb 2012 18:33:49 +0000 Subject: Merge fixups. Add locking to default session manager. Use chrono lib and unique_ptr. --- src/asn1/ber_dec.cpp | 8 ++++---- src/benchmark/benchmark.cpp | 2 +- src/benchmark/benchmark.h | 4 +++- src/build-data/cc/gcc.txt | 2 +- src/kdf/prf_tls/prf_tls.cpp | 3 ++- src/tls/c_hello.cpp | 7 +++++-- src/tls/c_kex.cpp | 5 +++-- src/tls/finished.cpp | 2 +- src/tls/rec_read.cpp | 2 +- src/tls/rec_wri.cpp | 6 +++--- src/tls/s_kex.cpp | 6 +++--- src/tls/tls_alert.cpp | 4 ++-- src/tls/tls_channel.cpp | 8 ++++---- src/tls/tls_channel.h | 10 +++++----- src/tls/tls_ciphersuite.cpp | 2 +- src/tls/tls_client.cpp | 10 +++++----- src/tls/tls_client.h | 20 ++++++++++---------- src/tls/tls_extensions.cpp | 2 +- src/tls/tls_handshake_hash.cpp | 6 +++--- src/tls/tls_handshake_state.cpp | 6 +++--- src/tls/tls_handshake_state.h | 17 ++--------------- src/tls/tls_reader.h | 4 ++-- src/tls/tls_record.h | 2 +- src/tls/tls_server.cpp | 6 +++--- src/tls/tls_server.h | 18 +++++++++--------- src/tls/tls_session.cpp | 9 ++++++--- src/tls/tls_session.h | 8 +++++--- src/tls/tls_session_key.cpp | 2 +- src/tls/tls_session_manager.cpp | 24 +++++++++++++++++------- src/tls/tls_session_manager.h | 11 +++++++---- src/tls/tls_version.cpp | 4 ++-- src/utils/stl_util.h | 1 + 32 files changed, 117 insertions(+), 104 deletions(-) (limited to 'src/tls/tls_session_manager.cpp') diff --git a/src/asn1/ber_dec.cpp b/src/asn1/ber_dec.cpp index 4d800d471..21a722551 100644 --- a/src/asn1/ber_dec.cpp +++ b/src/asn1/ber_dec.cpp @@ -142,10 +142,10 @@ void BER_Object::assert_is_a(ASN1_Tag type_tag, ASN1_Tag class_tag) { if(this->type_tag != type_tag || this->class_tag != class_tag) throw BER_Decoding_Error("Tag mismatch when decoding got " + - to_string(this->type_tag) + "/" + - to_string(this->class_tag) + " expected " + - to_string(type_tag) + "/" + - to_string(class_tag)); + std::to_string(this->type_tag) + "/" + + std::to_string(this->class_tag) + " expected " + + std::to_string(type_tag) + "/" + + std::to_string(class_tag)); } /* diff --git a/src/benchmark/benchmark.cpp b/src/benchmark/benchmark.cpp index cb5d8bb41..f44aabb1f 100644 --- a/src/benchmark/benchmark.cpp +++ b/src/benchmark/benchmark.cpp @@ -139,7 +139,7 @@ std::map algorithm_benchmark(const std::string& name, Algorithm_Factory& af, RandomNumberGenerator& rng, - u32bit milliseconds, + std::chrono::milliseconds milliseconds, size_t buf_size) { std::vector providers = af.providers_of(name); diff --git a/src/benchmark/benchmark.h b/src/benchmark/benchmark.h index f3e43bd06..17df85e4e 100644 --- a/src/benchmark/benchmark.h +++ b/src/benchmark/benchmark.h @@ -12,6 +12,8 @@ #include #include #include +#include + namespace Botan { /** @@ -27,7 +29,7 @@ std::map BOTAN_DLL algorithm_benchmark(const std::string& name, Algorithm_Factory& af, RandomNumberGenerator& rng, - u32bit milliseconds, + std::chrono::milliseconds milliseconds, size_t buf_size); } diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 4e7536e0f..0c1972bc1 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -8,7 +8,7 @@ add_include_dir_option -I add_lib_dir_option -L add_lib_option -l -lang_flags "-D_REENTRANT -std=c++0x" +lang_flags "-D_REENTRANT -std=c++11" warning_flags "-W -Wall" maintainer_warning_flags "-Werror -Weffc++ -Wall -Wextra -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wold-style-cast" diff --git a/src/kdf/prf_tls/prf_tls.cpp b/src/kdf/prf_tls/prf_tls.cpp index 3790650b0..1236e13c7 100644 --- a/src/kdf/prf_tls/prf_tls.cpp +++ b/src/kdf/prf_tls/prf_tls.cpp @@ -29,7 +29,8 @@ void P_hash(MemoryRegion& output, } catch(Invalid_Key_Length) { - throw Internal_Error("The premaster secret of " + to_string(secret_len) + + throw Internal_Error("The premaster secret of " + + std::to_string(secret_len) + " bytes is too long for the PRF"); } diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp index ecb6f43d6..6743254a5 100644 --- a/src/tls/c_hello.cpp +++ b/src/tls/c_hello.cpp @@ -11,7 +11,7 @@ #include #include #include -#include +#include namespace Botan { @@ -20,7 +20,10 @@ namespace TLS { MemoryVector make_hello_random(RandomNumberGenerator& rng) { MemoryVector buf(32); - const u32bit time32 = system_time(); + + const u32bit time32 = static_cast( + std::chrono::system_clock::to_time_t(std::chrono::system_clock::now())); + store_be(time32, buf); rng.randomize(&buf[4], buf.size() - 4); return buf; diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index 58e458e81..6728b4877 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -146,7 +146,8 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, const std::string name = Supported_Elliptic_Curves::curve_id_to_name(curve_id); if(name == "") - throw Decoding_Error("Server sent unknown named curve " + to_string(curve_id)); + throw Decoding_Error("Server sent unknown named curve " + + std::to_string(curve_id)); EC_Group group(name); @@ -186,7 +187,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, if(peer_certs.empty()) throw Internal_Error("No certificate and no server key exchange"); - std::auto_ptr pub_key(peer_certs[0].subject_public_key()); + std::unique_ptr pub_key(peer_certs[0].subject_public_key()); if(const RSA_PublicKey* rsa_pub = dynamic_cast(pub_key.get())) { diff --git a/src/tls/finished.cpp b/src/tls/finished.cpp index 18cc51b96..b4c9bdc3d 100644 --- a/src/tls/finished.cpp +++ b/src/tls/finished.cpp @@ -46,7 +46,7 @@ MemoryVector finished_compute_verify(Handshake_State* state, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64 }; - std::auto_ptr prf(state->protocol_specific_prf()); + std::unique_ptr prf(state->protocol_specific_prf()); MemoryVector input; if(side == CLIENT) diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp index d1fab4692..bd6ae5af9 100644 --- a/src/tls/rec_read.cpp +++ b/src/tls/rec_read.cpp @@ -219,7 +219,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, m_readbuf[0] != APPLICATION_DATA) { throw Unexpected_Message( - "Unknown record type " + to_string(m_readbuf[0]) + " from counterparty"); + "Unknown record type " + std::to_string(m_readbuf[0]) + " from counterparty"); } const size_t record_len = make_u16bit(m_readbuf[3], m_readbuf[4]); diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp index 602d25397..633b63720 100644 --- a/src/tls/rec_wri.cpp +++ b/src/tls/rec_wri.cpp @@ -21,7 +21,7 @@ namespace TLS { /* * Record_Writer Constructor */ -Record_Writer::Record_Writer(std::tr1::function out) : +Record_Writer::Record_Writer(std::function out) : m_output_fn(out), m_writebuf(TLS_HEADER_SIZE + MAX_CIPHERTEXT_SIZE) { m_mac = 0; @@ -286,8 +286,8 @@ void Record_Writer::send_record(byte type, const byte input[], size_t length) */ void Record_Writer::send_alert(const Alert& alert) { - const byte alert_bits[2] = { alert.is_fatal() ? 2 : 1, - alert.type() }; + const byte alert_bits[2] = { static_cast(alert.is_fatal() ? 2 : 1), + static_cast(alert.type()) }; send(ALERT, alert_bits, sizeof(alert_bits)); } diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp index 6a5cdfa33..945c574b9 100644 --- a/src/tls/s_kex.cpp +++ b/src/tls/s_kex.cpp @@ -46,7 +46,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, if(kex_algo == "DH" || kex_algo == "DHE_PSK") { - std::auto_ptr dh(new DH_PrivateKey(rng, policy.dh_group())); + std::unique_ptr dh(new DH_PrivateKey(rng, policy.dh_group())); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_p()), 2); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_g()), 2); @@ -69,7 +69,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, EC_Group ec_group(curve_name); - std::auto_ptr ecdh(new ECDH_PrivateKey(rng, ec_group)); + std::unique_ptr ecdh(new ECDH_PrivateKey(rng, ec_group)); const std::string ecdh_domain_oid = ecdh->domain().get_oid(); const std::string domain = OIDS::lookup(OID(ecdh_domain_oid)); @@ -159,7 +159,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion& buf, if(name == "") throw Decoding_Error("Server_Key_Exchange: Server sent unknown named curve " + - to_string(curve_id)); + std::to_string(curve_id)); m_params.push_back(curve_type); m_params.push_back(get_byte(0, curve_id)); diff --git a/src/tls/tls_alert.cpp b/src/tls/tls_alert.cpp index b526eeac3..30c51d4c8 100644 --- a/src/tls/tls_alert.cpp +++ b/src/tls/tls_alert.cpp @@ -15,7 +15,7 @@ namespace TLS { Alert::Alert(const MemoryRegion& buf) { if(buf.size() != 2) - throw Decoding_Error("Alert: Bad size " + to_string(buf.size()) + + throw Decoding_Error("Alert: Bad size " + std::to_string(buf.size()) + " for alert message"); if(buf[0] == 1) fatal = false; @@ -106,7 +106,7 @@ std::string Alert::type_string() const * compiler can warn us that it is not included in the switch * statement. */ - return "unrecognized_alert_" + to_string(type()); + return "unrecognized_alert_" + std::to_string(type()); } diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index d737ef237..fa240cc23 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -15,9 +15,9 @@ namespace Botan { namespace TLS { -Channel::Channel(std::tr1::function socket_output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_complete) : +Channel::Channel(std::function socket_output_fn, + std::function proc_fn, + std::function handshake_complete) : proc_fn(proc_fn), handshake_fn(handshake_complete), writer(socket_output_fn), @@ -106,7 +106,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) } else throw Unexpected_Message("Unknown TLS message type " + - to_string(rec_type) + " received"); + std::to_string(rec_type) + " received"); } return 0; // on a record boundary diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index aa171ca4b..c85b32ba0 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -62,9 +62,9 @@ class BOTAN_DLL Channel */ std::vector peer_cert_chain() const { return peer_certs; } - Channel(std::tr1::function socket_output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_complete); + Channel(std::function socket_output_fn, + std::function proc_fn, + std::function handshake_complete); virtual ~Channel(); protected: @@ -85,8 +85,8 @@ class BOTAN_DLL Channel virtual void alert_notify(const Alert& alert) = 0; - std::tr1::function proc_fn; - std::tr1::function handshake_fn; + std::function proc_fn; + std::function handshake_fn; Record_Writer writer; Record_Reader reader; diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp index 82e2cdd28..22815a048 100644 --- a/src/tls/tls_ciphersuite.cpp +++ b/src/tls/tls_ciphersuite.cpp @@ -310,7 +310,7 @@ std::string Ciphersuite::to_string() const if(cipher_algo() == "3DES") out << "3DES_EDE"; if(cipher_algo() == "Camellia") - out << "CAMELLIA_" << Botan::to_string(8*cipher_keylen()); + out << "CAMELLIA_" << std::to_string(8*cipher_keylen()); else out << replace_char(cipher_algo(), '-', '_'); diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index 8b5ea9347..2dd30819f 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -18,15 +18,15 @@ namespace TLS { /* * TLS Client Constructor */ -Client::Client(std::tr1::function output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_fn, +Client::Client(std::function output_fn, + std::function proc_fn, + std::function handshake_fn, Session_Manager& session_manager, Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng, const std::string& hostname, - std::tr1::function)> next_protocol) : + std::function)> next_protocol) : Channel(output_fn, proc_fn, handshake_fn), policy(policy), rng(rng), @@ -274,7 +274,7 @@ void Client::process_handshake_msg(Handshake_Type type, throw TLS_Exception(Alert::BAD_CERTIFICATE, e.what()); } - std::auto_ptr peer_key(peer_certs[0].subject_public_key()); + std::unique_ptr peer_key(peer_certs[0].subject_public_key()); if(peer_key->algo_name() != state->suite.sig_algo()) throw TLS_Exception(Alert::ILLEGAL_PARAMETER, diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h index f5528f4c1..cd972fa28 100644 --- a/src/tls/tls_client.h +++ b/src/tls/tls_client.h @@ -42,16 +42,16 @@ class BOTAN_DLL Client : public Channel * called with the list of protocols the server advertised; * the client should return the protocol it would like to use. */ - Client(std::tr1::function socket_output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_complete, - Session_Manager& session_manager, - Credentials_Manager& creds, - const Policy& policy, - RandomNumberGenerator& rng, - const std::string& servername = "", - std::tr1::function)> next_protocol = - std::tr1::function)>()); + Client(std::function socket_output_fn, + std::function proc_fn, + std::function handshake_complete, + Session_Manager& session_manager, + Credentials_Manager& creds, + const Policy& policy, + RandomNumberGenerator& rng, + const std::string& servername = "", + std::function)> next_protocol = + std::function)>()); void renegotiate(); private: diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp index 5d345cc9b..7162dcf40 100644 --- a/src/tls/tls_extensions.cpp +++ b/src/tls/tls_extensions.cpp @@ -239,7 +239,7 @@ Maximum_Fragment_Length::Maximum_Fragment_Length(size_t max_fragment) else if(max_fragment == 4096) val = 4; else - throw std::invalid_argument("Bad setting " + to_string(max_fragment) + + throw std::invalid_argument("Bad setting " + std::to_string(max_fragment) + " for maximum fragment size"); } diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp index 61295a95c..a9bd8dccf 100644 --- a/src/tls/tls_handshake_hash.cpp +++ b/src/tls/tls_handshake_hash.cpp @@ -35,7 +35,7 @@ SecureVector Handshake_Hash::final(Protocol_Version version, { Algorithm_Factory& af = global_state().algorithm_factory(); - std::auto_ptr hash; + std::unique_ptr hash; if(version == Protocol_Version::TLS_V10 || version == Protocol_Version::TLS_V11) { @@ -65,8 +65,8 @@ SecureVector Handshake_Hash::final_ssl3(const MemoryRegion& secret) Algorithm_Factory& af = global_state().algorithm_factory(); - std::auto_ptr md5(af.make_hash_function("MD5")); - std::auto_ptr sha1(af.make_hash_function("SHA-1")); + std::unique_ptr md5(af.make_hash_function("MD5")); + std::unique_ptr sha1(af.make_hash_function("SHA-1")); md5->update(data); sha1->update(data); diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index 9087031b6..86e6e0b55 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -65,7 +65,7 @@ u32bit bitmask_for_handshake_type(Handshake_Type type) return 0; default: - throw Internal_Error("Unknown handshake type " + to_string(type)); + throw Internal_Error("Unknown handshake type " + std::to_string(type)); } return 0; @@ -110,8 +110,8 @@ void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) if(!ok) throw Unexpected_Message("Unexpected state transition in handshake, got " + - to_string(handshake_msg) + " mask is " + - to_string(hand_expecting_mask)); + std::to_string(handshake_msg) + " mask is " + + std::to_string(hand_expecting_mask)); /* We don't know what to expect next, so force a call to set_expected_next; if it doesn't happen, the next transition diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h index 5be5c3620..4e1cb2f25 100644 --- a/src/tls/tls_handshake_state.h +++ b/src/tls/tls_handshake_state.h @@ -15,20 +15,7 @@ #include #include - -#if defined(BOTAN_USE_STD_TR1) - -#if defined(BOTAN_BUILD_COMPILER_IS_MSVC) - #include -#else - #include -#endif - -#elif defined(BOTAN_USE_BOOST_TR1) - #include -#else - #error "No TR1 library defined for use" -#endif +#include namespace Botan { @@ -99,7 +86,7 @@ class Handshake_State /** * Used by client using NPN */ - std::tr1::function)> client_npn_cb; + std::function)> client_npn_cb; private: u32bit hand_expecting_mask, hand_received_mask; diff --git a/src/tls/tls_reader.h b/src/tls/tls_reader.h index 162f691aa..8c2e9efe2 100644 --- a/src/tls/tls_reader.h +++ b/src/tls/tls_reader.h @@ -154,8 +154,8 @@ class TLS_Data_Reader { if(buf.size() - offset < n) { - throw Decoding_Error("TLS_Data_Reader: Expected " + to_string(n) + - " bytes remaining, only " + to_string(buf.size()-offset) + + throw Decoding_Error("TLS_Data_Reader: Expected " + std::to_string(n) + + " bytes remaining, only " + std::to_string(buf.size()-offset) + " left"); } } diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h index f91cb6fe2..6634810df 100644 --- a/src/tls/tls_record.h +++ b/src/tls/tls_record.h @@ -55,7 +55,7 @@ class BOTAN_DLL Record_Writer void send_record(byte type, const byte input[], size_t length); - std::tr1::function m_output_fn; + std::function m_output_fn; MemoryVector m_writebuf; diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index a7857edf3..129d5346d 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -87,9 +87,9 @@ get_server_certs(const std::string& hostname, /* * TLS Server Constructor */ -Server::Server(std::tr1::function output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_fn, +Server::Server(std::function output_fn, + std::function proc_fn, + std::function handshake_fn, Session_Manager& session_manager, Credentials_Manager& creds, const Policy& policy, diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h index bb385e420..a90982066 100644 --- a/src/tls/tls_server.h +++ b/src/tls/tls_server.h @@ -26,15 +26,15 @@ class BOTAN_DLL Server : public Channel /** * Server initialization */ - Server(std::tr1::function socket_output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_complete, - Session_Manager& session_manager, - Credentials_Manager& creds, - const Policy& policy, - RandomNumberGenerator& rng, - const std::vector& protocols = - std::vector()); + Server(std::function socket_output_fn, + std::function proc_fn, + std::function handshake_complete, + Session_Manager& session_manager, + Credentials_Manager& creds, + const Policy& policy, + RandomNumberGenerator& rng, + const std::vector& protocols = + std::vector()); void renegotiate(); diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp index 2e25a8ab3..6a485fd44 100644 --- a/src/tls/tls_session.cpp +++ b/src/tls/tls_session.cpp @@ -27,7 +27,7 @@ Session::Session(const MemoryRegion& session_identifier, const std::vector& certs, const std::string& sni_hostname, const std::string& srp_identifier) : - m_start_time(system_time()), + m_start_time(std::chrono::system_clock::now()), m_identifier(session_identifier), m_master_secret(master_secret), m_version(version), @@ -54,12 +54,14 @@ Session::Session(const byte ber[], size_t ber_len) MemoryVector peer_cert_bits; + size_t start_time = 0; + BER_Decoder(ber, ber_len) .start_cons(SEQUENCE) .decode_and_check(static_cast(TLS_SESSION_PARAM_STRUCT_VERSION), "Unknown version in session structure") .decode(m_identifier, OCTET_STRING) - .decode_integer_type(m_start_time) + .decode_integer_type(start_time) .decode_integer_type(major_version) .decode_integer_type(minor_version) .decode_integer_type(m_ciphersuite) @@ -75,6 +77,7 @@ Session::Session(const byte ber[], size_t ber_len) .verify_end(); m_version = Protocol_Version(major_version, minor_version); + m_start_time = std::chrono::system_clock::from_time_t(start_time); m_sni_hostname = sni_hostname_str.value(); m_srp_identifier = srp_identifier_str.value(); m_connection_side = static_cast(side_code); @@ -105,7 +108,7 @@ SecureVector Session::DER_encode() const .start_cons(SEQUENCE) .encode(static_cast(TLS_SESSION_PARAM_STRUCT_VERSION)) .encode(m_identifier, OCTET_STRING) - .encode(static_cast(m_start_time)) + .encode(static_cast(std::chrono::system_clock::to_time_t(m_start_time))) .encode(static_cast(m_version.major_version())) .encode(static_cast(m_version.minor_version())) .encode(static_cast(m_ciphersuite)) diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h index 96b6d6daf..82c202ebe 100644 --- a/src/tls/tls_session.h +++ b/src/tls/tls_session.h @@ -13,6 +13,7 @@ #include #include #include +#include namespace Botan { @@ -29,7 +30,7 @@ class BOTAN_DLL Session * Uninitialized session */ Session() : - m_start_time(0), + m_start_time(std::chrono::system_clock::time_point::min()), m_version(), m_ciphersuite(0), m_compression_method(0), @@ -144,12 +145,13 @@ class BOTAN_DLL Session /** * Get the time this session began (seconds since Epoch) */ - u64bit start_time() const { return m_start_time; } + std::chrono::system_clock::time_point start_time() const + { return m_start_time; } private: enum { TLS_SESSION_PARAM_STRUCT_VERSION = 1 }; - u64bit m_start_time; + std::chrono::system_clock::time_point m_start_time; MemoryVector m_identifier; SecureVector m_master_secret; diff --git a/src/tls/tls_session_key.cpp b/src/tls/tls_session_key.cpp index 83ac7540b..0f520d140 100644 --- a/src/tls/tls_session_key.cpp +++ b/src/tls/tls_session_key.cpp @@ -37,7 +37,7 @@ Session_Keys::Session_Keys(Handshake_State* state, const byte KEY_GEN_MAGIC[] = { 0x6B, 0x65, 0x79, 0x20, 0x65, 0x78, 0x70, 0x61, 0x6E, 0x73, 0x69, 0x6F, 0x6E }; - std::auto_ptr prf(state->protocol_specific_prf()); + std::unique_ptr prf(state->protocol_specific_prf()); if(resuming) { diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp index 59fc75b9f..4c6bc1a47 100644 --- a/src/tls/tls_session_manager.cpp +++ b/src/tls/tls_session_manager.cpp @@ -7,7 +7,7 @@ #include #include -#include +#include namespace Botan { @@ -16,13 +16,16 @@ namespace TLS { bool Session_Manager_In_Memory::load_from_session_str( const std::string& session_str, Session& session) { - std::map::iterator i = sessions.find(session_str); + // assert(lock is held) + + auto i = sessions.find(session_str); if(i == sessions.end()) return false; - // session has expired, remove it - const u64bit now = system_time(); + // if session has expired, remove it + const auto now = std::chrono::system_clock::now(); + if(i->second.start_time() + session_lifetime < now) { sessions.erase(i); @@ -36,16 +39,20 @@ bool Session_Manager_In_Memory::load_from_session_str( bool Session_Manager_In_Memory::load_from_session_id( const MemoryRegion& session_id, Session& session) { + std::lock_guard lock(mutex); + return load_from_session_str(hex_encode(session_id), session); } bool Session_Manager_In_Memory::load_from_host_info( const std::string& hostname, u16bit port, Session& session) { + std::lock_guard lock(mutex); + std::map::iterator i; if(port > 0) - i = host_sessions.find(hostname + ":" + to_string(port)); + i = host_sessions.find(hostname + ":" + std::to_string(port)); else i = host_sessions.find(hostname); @@ -64,8 +71,9 @@ bool Session_Manager_In_Memory::load_from_host_info( void Session_Manager_In_Memory::remove_entry( const MemoryRegion& session_id) { - std::map::iterator i = - sessions.find(hex_encode(session_id)); + std::lock_guard lock(mutex); + + auto i = sessions.find(hex_encode(session_id)); if(i != sessions.end()) sessions.erase(i); @@ -73,6 +81,8 @@ void Session_Manager_In_Memory::remove_entry( void Session_Manager_In_Memory::save(const Session& session) { + std::lock_guard lock(mutex); + if(max_sessions != 0) { /* diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h index c25fecac4..4152f2392 100644 --- a/src/tls/tls_session_manager.h +++ b/src/tls/tls_session_manager.h @@ -9,6 +9,8 @@ #define TLS_SESSION_MANAGER_H__ #include +#include +#include #include namespace Botan { @@ -69,8 +71,6 @@ class BOTAN_DLL Session_Manager /** * A simple implementation of Session_Manager that just saves * values in memory, with no persistance abilities -* -* @todo add locking */ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager { @@ -82,7 +82,7 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager * seconds have elapsed from initial handshake. */ Session_Manager_In_Memory(size_t max_sessions = 1000, - size_t session_lifetime = 7200) : + std::chrono::seconds session_lifetime = std::chrono::seconds(7200)) : max_sessions(max_sessions), session_lifetime(session_lifetime) {} @@ -101,7 +101,10 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager bool load_from_session_str(const std::string& session_str, Session& session); - size_t max_sessions, session_lifetime; + std::mutex mutex; + + size_t max_sessions; + std::chrono::seconds session_lifetime; std::map sessions; // hex(session_id) -> session std::map host_sessions; diff --git a/src/tls/tls_version.cpp b/src/tls/tls_version.cpp index 4445998eb..82dce0be9 100644 --- a/src/tls/tls_version.cpp +++ b/src/tls/tls_version.cpp @@ -19,13 +19,13 @@ std::string Protocol_Version::to_string() const // Some very new or very old protocol? if(maj != 3) - return "Protocol " + Botan::to_string(maj) + "." + Botan::to_string(min); + return "Protocol " + std::to_string(maj) + "." + std::to_string(min); if(maj == 3 && min == 0) return "SSL v3"; // The TLS v1.[0123...] case - return "TLS v1." + Botan::to_string(min-1); + return "TLS v1." + std::to_string(min-1); } } diff --git a/src/utils/stl_util.h b/src/utils/stl_util.h index c681ef8c9..1a62e8fe7 100644 --- a/src/utils/stl_util.h +++ b/src/utils/stl_util.h @@ -8,6 +8,7 @@ #ifndef BOTAN_STL_UTIL_H__ #define BOTAN_STL_UTIL_H__ +#include #include namespace Botan { -- cgit v1.2.3 From f5d35f360a04acef3ad19b0abf9a830b0d52d5d8 Mon Sep 17 00:00:00 2001 From: lloyd Date: Wed, 4 Apr 2012 15:09:51 +0000 Subject: Limit the lifetime of tickets to Policy::session_ticket_lifetime() seconds and report that value to the client in the NewSessionTicket message. After that point, a session ticket is ignored and a full renegotiation is forced. Only send a new session ticket on a new session, or on a resumed session where the client indicated it supports session tickets but for whatever reason didn't send one in the hello. Perhaps in this case, we should also remove the session from the session manager? Clean up server selection of the ciphersuite a bit, all in an anon function in tls_server instead of scattered over Server, Policy, and Server_Hello. Add Session::session_age and Session_Manager::session_lifetime --- src/tls/s_hello.cpp | 81 ++++++------------------ src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp | 2 +- src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h | 7 ++- src/tls/tls_ciphersuite.cpp | 12 ++++ src/tls/tls_ciphersuite.h | 3 + src/tls/tls_client.cpp | 4 +- src/tls/tls_extensions.cpp | 13 ++-- src/tls/tls_messages.h | 33 +++------- src/tls/tls_policy.cpp | 63 +++++++------------ src/tls/tls_policy.h | 7 +++ src/tls/tls_server.cpp | 82 ++++++++++++++++++------- src/tls/tls_session.cpp | 5 ++ src/tls/tls_session.h | 5 ++ src/tls/tls_session_manager.cpp | 34 +++++----- src/tls/tls_session_manager.h | 23 +++++-- 15 files changed, 196 insertions(+), 178 deletions(-) (limited to 'src/tls/tls_session_manager.cpp') diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp index 7da9fdc57..bb93108d9 100644 --- a/src/tls/s_hello.cpp +++ b/src/tls/s_hello.cpp @@ -16,47 +16,6 @@ namespace Botan { namespace TLS { -/* -* Create a new Server Hello message -*/ -Server_Hello::Server_Hello(Record_Writer& writer, - Handshake_Hash& hash, - Protocol_Version version, - const Client_Hello& c_hello, - const std::vector& available_cert_types, - const Policy& policy, - bool have_session_ticket_key, - bool client_has_secure_renegotiation, - const MemoryRegion& reneg_info, - bool client_has_npn, - const std::vector& next_protocols, - RandomNumberGenerator& rng) : - s_version(version), - m_session_id(rng.random_vec(32)), - s_random(make_hello_random(rng)), - m_fragment_size(c_hello.fragment_size()), - m_secure_renegotiation(client_has_secure_renegotiation), - m_renegotiation_info(reneg_info), - m_next_protocol(client_has_npn), - m_next_protocols(next_protocols), - m_supports_session_ticket(have_session_ticket_key && - c_hello.supports_session_ticket()) - { - suite = policy.choose_suite( - c_hello.ciphersuites(), - available_cert_types, - policy.choose_curve(c_hello.supported_ecc_curves()) != "", - false); - - if(suite == 0) - throw TLS_Exception(Alert::HANDSHAKE_FAILURE, - "Can't agree on a ciphersuite with client"); - - comp_method = policy.choose_compression(c_hello.compression_methods()); - - hash.update(writer.send(*this)); - } - /* * Create a new Server Hello message */ @@ -69,21 +28,21 @@ Server_Hello::Server_Hello(Record_Writer& writer, size_t max_fragment_size, bool client_has_secure_renegotiation, const MemoryRegion& reneg_info, - bool client_supports_session_tickets, + bool offer_session_ticket, bool client_has_npn, const std::vector& next_protocols, RandomNumberGenerator& rng) : - s_version(ver), + m_version(ver), m_session_id(session_id), - s_random(make_hello_random(rng)), - suite(ciphersuite), - comp_method(compression), + m_random(make_hello_random(rng)), + m_ciphersuite(ciphersuite), + m_comp_method(compression), m_fragment_size(max_fragment_size), m_secure_renegotiation(client_has_secure_renegotiation), m_renegotiation_info(reneg_info), m_next_protocol(client_has_npn), m_next_protocols(next_protocols), - m_supports_session_ticket(client_supports_session_tickets) + m_supports_session_ticket(offer_session_ticket) { hash.update(writer.send(*this)); } @@ -105,24 +64,24 @@ Server_Hello::Server_Hello(const MemoryRegion& buf) const byte major_version = reader.get_byte(); const byte minor_version = reader.get_byte(); - s_version = Protocol_Version(major_version, minor_version); + m_version = Protocol_Version(major_version, minor_version); - if(s_version != Protocol_Version::SSL_V3 && - s_version != Protocol_Version::TLS_V10 && - s_version != Protocol_Version::TLS_V11 && - s_version != Protocol_Version::TLS_V12) + if(m_version != Protocol_Version::SSL_V3 && + m_version != Protocol_Version::TLS_V10 && + m_version != Protocol_Version::TLS_V11 && + m_version != Protocol_Version::TLS_V12) { throw TLS_Exception(Alert::PROTOCOL_VERSION, "Server_Hello: Unsupported server version"); } - s_random = reader.get_fixed(32); + m_random = reader.get_fixed(32); m_session_id = reader.get_range(1, 0, 32); - suite = reader.get_u16bit(); + m_ciphersuite = reader.get_u16bit(); - comp_method = reader.get_byte(); + m_comp_method = reader.get_byte(); Extensions extensions(reader); @@ -154,16 +113,16 @@ MemoryVector Server_Hello::serialize() const { MemoryVector buf; - buf.push_back(s_version.major_version()); - buf.push_back(s_version.minor_version()); - buf += s_random; + buf.push_back(m_version.major_version()); + buf.push_back(m_version.minor_version()); + buf += m_random; append_tls_length_value(buf, m_session_id, 1); - buf.push_back(get_byte(0, suite)); - buf.push_back(get_byte(1, suite)); + buf.push_back(get_byte(0, m_ciphersuite)); + buf.push_back(get_byte(1, m_ciphersuite)); - buf.push_back(comp_method); + buf.push_back(m_comp_method); Extensions extensions; diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp index 4d78a5365..cb831aadf 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp +++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp @@ -145,7 +145,7 @@ Session_Manager_SQLite::Session_Manager_SQLite(const std::string& passphrase, RandomNumberGenerator& rng, const std::string& db_filename, size_t max_sessions, - size_t session_lifetime) : + u32bit session_lifetime) : m_rng(rng), m_max_sessions(max_sessions), m_session_lifetime(session_lifetime) diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h index 424db24e5..7ac2caeb2 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h +++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h @@ -36,7 +36,7 @@ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager RandomNumberGenerator& rng, const std::string& db_filename, size_t max_sessions = 1000, - size_t session_lifetime = 7200); + u32bit session_lifetime = 7200); ~Session_Manager_SQLite(); @@ -49,6 +49,8 @@ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager void remove_entry(const MemoryRegion& session_id); void save(const Session& session_data); + + u32bit session_lifetime() const { return m_session_lifetime; } private: Session_Manager_SQLite(const Session_Manager_SQLite&); Session_Manager_SQLite& operator=(const Session_Manager_SQLite&); @@ -57,7 +59,8 @@ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager SymmetricKey m_session_key; RandomNumberGenerator& m_rng; - size_t m_max_sessions, m_session_lifetime; + size_t m_max_sessions; + u32bit m_session_lifetime; class sqlite3* m_db; }; diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp index d3d8f061b..afe0e68ee 100644 --- a/src/tls/tls_ciphersuite.cpp +++ b/src/tls/tls_ciphersuite.cpp @@ -30,6 +30,18 @@ Ciphersuite Ciphersuite::by_name(const std::string& name) return Ciphersuite(); // some unknown ciphersuite } +bool Ciphersuite::psk_ciphersuite() const + { + return (kex_algo() == "PSK" || + kex_algo() == "DHE_PSK" || + kex_algo() == "ECDHE_PSK"); + } + +bool Ciphersuite::ecc_ciphersuite() const + { + return (kex_algo() == "ECDH" || sig_algo() == "ECDSA"); + } + std::string Ciphersuite::to_string() const { if(m_cipher_keylen == 0) diff --git a/src/tls/tls_ciphersuite.h b/src/tls/tls_ciphersuite.h index 6081fc9eb..dcb4b6a6f 100644 --- a/src/tls/tls_ciphersuite.h +++ b/src/tls/tls_ciphersuite.h @@ -33,6 +33,9 @@ class BOTAN_DLL Ciphersuite */ std::string to_string() const; + bool psk_ciphersuite() const; + bool ecc_ciphersuite() const; + std::string kex_algo() const { return m_kex_algo; } std::string sig_algo() const { return m_sig_algo; } diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index ba9ec8082..2ec7eec2e 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -241,8 +241,8 @@ void Client::process_handshake_msg(Handshake_Type type, ever sent. The server may or may not send a server kex, depending on if it has an identity hint for us. - DHE_PSK always sends a server key exchange for the DH - exchange portion. + (EC)DHE_PSK always sends a server key exchange for the + DH exchange portion. */ state->set_expected_next(SERVER_KEX); diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp index 1ca4e3eb4..59ab64374 100644 --- a/src/tls/tls_extensions.cpp +++ b/src/tls/tls_extensions.cpp @@ -468,11 +468,16 @@ MemoryVector Signature_Algorithms::serialize() const for(size_t i = 0; i != m_supported_algos.size(); ++i) { - if(m_supported_algos[i].second == "") - continue; + try + { + const byte hash_code = hash_algo_code(m_supported_algos[i].first); + const byte sig_code = sig_algo_code(m_supported_algos[i].second); - buf.push_back(hash_algo_code(m_supported_algos[i].first)); - buf.push_back(sig_algo_code(m_supported_algos[i].second)); + buf.push_back(hash_code); + buf.push_back(sig_code); + } + catch(...) + {} } buf[0] = get_byte(0, buf.size()-2); diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index 2f8af5fd2..920a1c7a7 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -163,10 +163,10 @@ class Server_Hello : public Handshake_Message { public: Handshake_Type type() const { return SERVER_HELLO; } - Protocol_Version version() { return s_version; } + Protocol_Version version() { return m_version; } const MemoryVector& session_id() const { return m_session_id; } - u16bit ciphersuite() const { return suite; } - byte compression_method() const { return comp_method; } + u16bit ciphersuite() const { return m_ciphersuite; } + byte compression_method() const { return m_comp_method; } std::vector session_id_vector() const { @@ -189,20 +189,7 @@ class Server_Hello : public Handshake_Message const MemoryVector& renegotiation_info() { return m_renegotiation_info; } - const MemoryVector& random() const { return s_random; } - - Server_Hello(Record_Writer& writer, - Handshake_Hash& hash, - Protocol_Version version, - const Client_Hello& other, - const std::vector& available_cert_types, - const Policy& policies, - bool have_session_ticket_key, - bool client_has_secure_renegotiation, - const MemoryRegion& reneg_info, - bool client_has_npn, - const std::vector& next_protocols, - RandomNumberGenerator& rng); + const MemoryVector& random() const { return m_random; } Server_Hello(Record_Writer& writer, Handshake_Hash& hash, @@ -213,7 +200,7 @@ class Server_Hello : public Handshake_Message size_t max_fragment_size, bool client_has_secure_renegotiation, const MemoryRegion& reneg_info, - bool client_supports_session_tickets, + bool offer_session_ticket, bool client_has_npn, const std::vector& next_protocols, RandomNumberGenerator& rng); @@ -222,10 +209,10 @@ class Server_Hello : public Handshake_Message private: MemoryVector serialize() const; - Protocol_Version s_version; - MemoryVector m_session_id, s_random; - u16bit suite; - byte comp_method; + Protocol_Version m_version; + MemoryVector m_session_id, m_random; + u16bit m_ciphersuite; + byte m_comp_method; size_t m_fragment_size; bool m_secure_renegotiation; @@ -479,7 +466,7 @@ class New_Session_Ticket : public Handshake_Message New_Session_Ticket(Record_Writer& writer, Handshake_Hash& hash, const MemoryRegion& ticket, - u32bit lifetime = 0); + u32bit lifetime); New_Session_Ticket(Record_Writer& writer, Handshake_Hash& hash); diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp index a2c0d01f8..3db517e56 100644 --- a/src/tls/tls_policy.cpp +++ b/src/tls/tls_policy.cpp @@ -51,9 +51,10 @@ std::vector Policy::allowed_key_exchange_methods() const //allowed.push_back("ECDHE_PSK"); //allowed.push_back("DHE_PSK"); //allowed.push_back("PSK"); + allowed.push_back("ECDH"); allowed.push_back("DH"); - allowed.push_back("RSA"); // RSA via server cert + allowed.push_back("RSA"); return allowed; } @@ -87,6 +88,11 @@ std::vector Policy::allowed_ecc_curves() const return curves; } +u32bit Policy::session_ticket_lifetime() const + { + return 86400; // 1 day + } + Protocol_Version Policy::min_version() const { return Protocol_Version::SSL_V3; @@ -199,13 +205,24 @@ std::vector Policy::ciphersuite_list(bool have_srp) const if(!suite.valid()) continue; // not a ciphersuite we know, skip - if(value_exists(ciphers, suite.cipher_algo()) && - value_exists(hashes, suite.mac_algo()) && - value_exists(kex, suite.kex_algo()) && - value_exists(sigs, suite.sig_algo())) + if(!value_exists(kex, suite.kex_algo())) + continue; // unsupported key exchange + + if(!value_exists(ciphers, suite.cipher_algo())) + continue; // unsupported cipher + + if(!value_exists(hashes, suite.mac_algo())) + continue; // unsupported MAC algo + + if(!value_exists(sigs, suite.sig_algo())) { - ciphersuites[suite] = i; + // allow if it's an empty sig algo and we want to use PSK + if(suite.sig_algo() != "" || !suite.psk_ciphersuite()) + continue; } + + // OK, allow it: + ciphersuites[suite] = i; } std::vector ciphersuite_codes; @@ -243,40 +260,6 @@ std::string Policy::choose_curve(const std::vector& curve_names) co return ""; // no shared curve } -/* -* Choose which ciphersuite to use -*/ -u16bit Policy::choose_suite(const std::vector& client_suites, - const std::vector& available_cert_types, - bool have_shared_ecc_curve, - bool have_srp) const - { - std::vector ciphersuites = ciphersuite_list(have_srp); - - for(size_t i = 0; i != ciphersuites.size(); ++i) - { - const u16bit suite_id = ciphersuites[i]; - Ciphersuite suite = Ciphersuite::by_id(suite_id); - - if(!have_shared_ecc_curve) - { - if(suite.kex_algo() == "ECDH" || suite.sig_algo() == "ECDSA") - continue; - } - - if(suite.sig_algo() != "" && - !value_exists(available_cert_types, suite.sig_algo())) - { - continue; - } - - if(value_exists(client_suites, suite_id)) - return suite_id; - } - - return 0; // no shared cipersuite - } - /* * Choose which compression algorithm to use */ diff --git a/src/tls/tls_policy.h b/src/tls/tls_policy.h index f53b9bab6..b12f07125 100644 --- a/src/tls/tls_policy.h +++ b/src/tls/tls_policy.h @@ -94,6 +94,13 @@ class BOTAN_DLL Policy */ virtual bool hide_unknown_users() const { return false; } + /** + * Return the allowed lifetime of a session ticket. If 0, session + * tickets do not expire until the session ticket key rolls over. + * Old session tickets cannot be used to resume as session. + */ + virtual u32bit session_ticket_lifetime() const; + /** * @return the minimum version that we are willing to negotiate */ diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 1f69d153e..43556e1bc 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -21,7 +21,8 @@ namespace { bool check_for_resume(Session& session_info, Session_Manager& session_manager, Credentials_Manager& credentials, - Client_Hello* client_hello) + Client_Hello* client_hello, + u32bit session_ticket_lifetime) { const MemoryVector& client_session_id = client_hello->session_id(); const MemoryVector& session_ticket = client_hello->session_ticket(); @@ -43,6 +44,10 @@ bool check_for_resume(Session& session_info, session_info = Session::decrypt( session_ticket, credentials.psk("tls-server", "session-ticket", "")); + + if(session_ticket_lifetime && + session_info.session_age() > session_ticket_lifetime) + return false; // ticket has expired } catch(...) { @@ -81,6 +86,43 @@ bool check_for_resume(Session& session_info, return true; } +/* +* Choose which ciphersuite to use +*/ +u16bit choose_ciphersuite( + const Policy& policy, + const std::map >& cert_chains, + const Client_Hello* client_hello) + { + const std::vector client_suites = client_hello->ciphersuites(); + const std::vector server_suites = policy.ciphersuite_list(false); + + const bool have_shared_ecc_curve = + (policy.choose_curve(client_hello->supported_ecc_curves()) != ""); + + // Ordering by our preferences rather than by clients + for(size_t i = 0; i != server_suites.size(); ++i) + { + const u16bit suite_id = server_suites[i]; + + if(!value_exists(client_suites, suite_id)) + continue; + + Ciphersuite suite = Ciphersuite::by_id(suite_id); + + if(!have_shared_ecc_curve && suite.ecc_ciphersuite()) + continue; + + if(cert_chains.count(suite.sig_algo()) == 0) + continue; + + return suite_id; + } + + throw TLS_Exception(Alert::HANDSHAKE_FAILURE, + "Can't agree on a ciphersuite with client"); + } + std::map > get_server_certs(const std::string& hostname, Credentials_Manager& creds) @@ -215,7 +257,8 @@ void Server::process_handshake_msg(Handshake_Type type, const bool resuming = check_for_resume(session_info, session_manager, creds, - state->client_hello); + state->client_hello, + policy.session_ticket_lifetime()); bool have_session_ticket_key = false; @@ -240,7 +283,9 @@ void Server::process_handshake_msg(Handshake_Type type, session_info.fragment_size(), secure_renegotiation.supported(), secure_renegotiation.for_server_hello(), - state->client_hello->supports_session_ticket() && have_session_ticket_key, + (state->client_hello->supports_session_ticket() && + state->client_hello->session_ticket().empty() && + have_session_ticket_key), state->client_hello->next_protocol_notification(), m_possible_protocols, rng); @@ -257,13 +302,12 @@ void Server::process_handshake_msg(Handshake_Type type, if(!handshake_fn(session_info)) { - if(state->server_hello->supports_session_ticket()) + session_manager.remove_entry(session_info.session_id()); + + if(state->server_hello->supports_session_ticket()) // send an empty ticket state->new_session_ticket = new New_Session_Ticket(writer, state->hash); - else - session_manager.remove_entry(session_info.session_id()); } - // FIXME: should only send a new ticket if we need too (eg old session) if(state->server_hello->supports_session_ticket() && !state->new_session_ticket) { try @@ -272,7 +316,8 @@ void Server::process_handshake_msg(Handshake_Type type, state->new_session_ticket = new New_Session_Ticket(writer, state->hash, - session_info.encrypt(ticket_key, rng)); + session_info.encrypt(ticket_key, rng), + policy.session_ticket_lifetime()); } catch(...) {} @@ -301,25 +346,17 @@ void Server::process_handshake_msg(Handshake_Type type, cert_chains = get_server_certs("", creds); } - std::vector available_cert_types; - - for(std::map >::const_iterator i = cert_chains.begin(); - i != cert_chains.end(); ++i) - { - if(!i->second.empty()) - available_cert_types.push_back(i->first); - } - state->server_hello = new Server_Hello( writer, state->hash, + rng.random_vec(32), // new session ID state->version(), - *(state->client_hello), - available_cert_types, - policy, - have_session_ticket_key, + choose_ciphersuite(policy, cert_chains, state->client_hello), + policy.choose_compression(state->client_hello->compression_methods()), + state->client_hello->fragment_size(), secure_renegotiation.supported(), secure_renegotiation.for_server_hello(), + state->client_hello->supports_session_ticket() && have_session_ticket_key, state->client_hello->next_protocol_notification(), m_possible_protocols, rng); @@ -505,7 +542,8 @@ void Server::process_handshake_msg(Handshake_Type type, state->new_session_ticket = new New_Session_Ticket(writer, state->hash, - session_info.encrypt(ticket_key, rng)); + session_info.encrypt(ticket_key, rng), + policy.session_ticket_lifetime()); } catch(...) {} } diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp index 2a532196d..0e8bf3051 100644 --- a/src/tls/tls_session.cpp +++ b/src/tls/tls_session.cpp @@ -131,6 +131,11 @@ std::string Session::PEM_encode() const return PEM_Code::encode(this->DER_encode(), "SSL SESSION"); } +u32bit Session::session_age() const + { + return (system_time() - m_start_time); + } + namespace { const u32bit SESSION_CRYPTO_MAGIC = 0x571B0E4E; diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h index 0c57201a4..9a3c242a8 100644 --- a/src/tls/tls_session.h +++ b/src/tls/tls_session.h @@ -176,6 +176,11 @@ class BOTAN_DLL Session */ u64bit start_time() const { return m_start_time; } + /** + * Return how long this session has existed (in seconds) + */ + u32bit session_age() const; + /** * Return the session ticket the server gave us */ diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp index 59fc75b9f..812525d69 100644 --- a/src/tls/tls_session_manager.cpp +++ b/src/tls/tls_session_manager.cpp @@ -16,16 +16,16 @@ namespace TLS { bool Session_Manager_In_Memory::load_from_session_str( const std::string& session_str, Session& session) { - std::map::iterator i = sessions.find(session_str); + std::map::iterator i = m_sessions.find(session_str); - if(i == sessions.end()) + if(i == m_sessions.end()) return false; // session has expired, remove it const u64bit now = system_time(); - if(i->second.start_time() + session_lifetime < now) + if(i->second.start_time() + session_lifetime() < now) { - sessions.erase(i); + m_sessions.erase(i); return false; } @@ -45,18 +45,18 @@ bool Session_Manager_In_Memory::load_from_host_info( std::map::iterator i; if(port > 0) - i = host_sessions.find(hostname + ":" + to_string(port)); + i = m_host_sessions.find(hostname + ":" + to_string(port)); else - i = host_sessions.find(hostname); + i = m_host_sessions.find(hostname); - if(i == host_sessions.end()) + if(i == m_host_sessions.end()) return false; if(load_from_session_str(i->second, session)) return true; - // was removed from sessions map, remove host_sessions entry - host_sessions.erase(i); + // was removed from m_sessions map, remove m_host_sessions entry + m_host_sessions.erase(i); return false; } @@ -65,30 +65,30 @@ void Session_Manager_In_Memory::remove_entry( const MemoryRegion& session_id) { std::map::iterator i = - sessions.find(hex_encode(session_id)); + m_sessions.find(hex_encode(session_id)); - if(i != sessions.end()) - sessions.erase(i); + if(i != m_sessions.end()) + m_sessions.erase(i); } void Session_Manager_In_Memory::save(const Session& session) { - if(max_sessions != 0) + if(m_max_sessions != 0) { /* This removes randomly based on ordering of session ids. Instead, remove oldest first? */ - while(sessions.size() >= max_sessions) - sessions.erase(sessions.begin()); + while(m_sessions.size() >= m_max_sessions) + m_sessions.erase(m_sessions.begin()); } const std::string session_id_str = hex_encode(session.session_id()); - sessions[session_id_str] = session; + m_sessions[session_id_str] = session; if(session.side() == CLIENT && session.sni_hostname() != "") - host_sessions[session.sni_hostname()] = session_id_str; + m_host_sessions[session.sni_hostname()] = session_id_str; } } diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h index c0a9996e3..3a39bf50e 100644 --- a/src/tls/tls_session_manager.h +++ b/src/tls/tls_session_manager.h @@ -63,6 +63,13 @@ class BOTAN_DLL Session_Manager */ virtual void save(const Session& session) = 0; + /** + * Return the allowed lifetime of a session; beyond this time, + * sessions are not resumed. Returns 0 if unknown/no explicit + * expiration policy. + */ + virtual u32bit session_lifetime() const = 0; + virtual ~Session_Manager() {} }; @@ -82,9 +89,9 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager * seconds have elapsed from initial handshake. */ Session_Manager_In_Memory(size_t max_sessions = 1000, - size_t session_lifetime = 7200) : - max_sessions(max_sessions), - session_lifetime(session_lifetime) + u32bit session_lifetime = 7200) : + m_max_sessions(max_sessions), + m_session_lifetime(session_lifetime) {} bool load_from_session_id(const MemoryRegion& session_id, @@ -97,14 +104,18 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager void save(const Session& session_data); + u32bit session_lifetime() const { return m_session_lifetime; } + private: bool load_from_session_str(const std::string& session_str, Session& session); - size_t max_sessions, session_lifetime; + size_t m_max_sessions; + + u32bit m_session_lifetime; - std::map sessions; // hex(session_id) -> session - std::map host_sessions; + std::map m_sessions; // hex(session_id) -> session + std::map m_host_sessions; }; } -- cgit v1.2.3 From 28c64de10a4a6621e79879fe3047983bb8da9904 Mon Sep 17 00:00:00 2001 From: lloyd Date: Wed, 25 Apr 2012 14:30:52 +0000 Subject: Huge pile of post merge fixups, mtn really fucked that merge --- doc/examples/GNUmakefile | 2 +- doc/examples/asio_tls_server.cpp | 44 ++--------------------- doc/examples/credentials.h | 2 +- doc/examples/tls_client.cpp | 4 +-- doc/examples/tls_server.cpp | 14 ++++---- src/build-data/cc/gcc.txt | 4 +-- src/constructs/srp6/srp6.cpp | 2 +- src/credentials/credentials_manager.cpp | 3 +- src/tls/c_hello.cpp | 7 ++-- src/tls/c_kex.cpp | 4 +-- src/tls/hello_verify.cpp | 2 +- src/tls/rec_read.cpp | 3 +- src/tls/s_kex.cpp | 10 +++--- src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp | 46 ++++++------------------- src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h | 6 ++-- src/tls/tls_alert.cpp | 3 +- src/tls/tls_channel.cpp | 9 +++-- src/tls/tls_channel.h | 10 +++--- src/tls/tls_ciphersuite.cpp | 3 +- src/tls/tls_client.cpp | 10 +++--- src/tls/tls_client.h | 10 +++--- src/tls/tls_extensions.cpp | 3 +- src/tls/tls_handshake_hash.cpp | 6 ++-- src/tls/tls_handshake_state.cpp | 7 ++-- src/tls/tls_handshake_state.h | 17 ++------- src/tls/tls_heartbeats.cpp | 2 +- src/tls/tls_record.h | 14 ++------ src/tls/tls_server.cpp | 12 +++---- src/tls/tls_server.h | 6 ++-- src/tls/tls_session.cpp | 23 +++++++------ src/tls/tls_session.h | 12 ++++--- src/tls/tls_session_manager.cpp | 30 ++++++++-------- src/tls/tls_session_manager.h | 10 +++--- 33 files changed, 130 insertions(+), 210 deletions(-) (limited to 'src/tls/tls_session_manager.cpp') diff --git a/doc/examples/GNUmakefile b/doc/examples/GNUmakefile index 1d4093fdb..fb2788218 100644 --- a/doc/examples/GNUmakefile +++ b/doc/examples/GNUmakefile @@ -1,7 +1,7 @@ BOTAN_CONFIG = botan-config -CXX = g++-4.7.0 +CXX = g++-4.6.0 CFLAGS = -O2 -ansi -std=c++0x -W -Wall -I../../build/include LIBS = -L../.. -lbotan-1.99 diff --git a/doc/examples/asio_tls_server.cpp b/doc/examples/asio_tls_server.cpp index e721d0455..0cf499e0a 100644 --- a/doc/examples/asio_tls_server.cpp +++ b/doc/examples/asio_tls_server.cpp @@ -1,7 +1,7 @@ #include #include #include - +#define _GLIBCXX_HAVE_GTHR_DEFAULT #include #include #include @@ -186,46 +186,6 @@ class tls_server_session : public boost::enable_shared_from_this m_outbox; }; -class Session_Manager_Locked : public Botan::TLS::Session_Manager - { - public: - bool load_from_session_id(const Botan::MemoryRegion& session_id, - Botan::TLS::Session& session) - { - boost::lock_guard lock(m_mutex); - return m_session_manager.load_from_session_id(session_id, session); - } - - bool load_from_host_info(const std::string& hostname, Botan::u16bit port, - Botan::TLS::Session& session) - { - boost::lock_guard lock(m_mutex); - return m_session_manager.load_from_host_info(hostname, port, session); - }; - - void remove_entry(const Botan::MemoryRegion& session_id) - { - boost::lock_guard lock(m_mutex); - m_session_manager.remove_entry(session_id); - } - - void save(const Botan::TLS::Session& session) - { - boost::lock_guard lock(m_mutex); - m_session_manager.save(session); - } - - Botan::u32bit session_lifetime() const - { - return m_session_manager.session_lifetime(); - } - - private: - boost::mutex m_mutex; - Botan::TLS::Session_Manager_In_Memory m_session_manager; - - }; - class tls_server { public: @@ -282,7 +242,7 @@ class tls_server tcp::acceptor m_acceptor; Botan::AutoSeeded_RNG m_rng; - Session_Manager_Locked m_session_manager; + Botan::TLS::Session_Manager_In_Memory m_session_manager; Botan::TLS::Policy m_policy; Credentials_Manager_Simple m_creds; }; diff --git a/doc/examples/credentials.h b/doc/examples/credentials.h index 65d34aeee..4e4427585 100644 --- a/doc/examples/credentials.h +++ b/doc/examples/credentials.h @@ -50,7 +50,7 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager std::vector certs; - try + if(type == "tls-server" && hostname == "localhost") { Botan::X509_Certificate testca("testCA.crt"); certs.push_back(testca); diff --git a/doc/examples/tls_client.cpp b/doc/examples/tls_client.cpp index a787af1fe..5de8a59ce 100644 --- a/doc/examples/tls_client.cpp +++ b/doc/examples/tls_client.cpp @@ -24,7 +24,7 @@ using namespace Botan; -using namespace std::tr1::placeholders; +using namespace std::placeholders; int connect_to_host(const std::string& host, u16bit port) { @@ -125,7 +125,7 @@ void doit(RandomNumberGenerator& rng, { int sockfd = connect_to_host(host, port); - TLS::Client client(std::tr1::bind(socket_write, sockfd, _1, _2), + TLS::Client client(std::bind(socket_write, sockfd, _1, _2), process_data, handshake_complete, session_manager, diff --git a/doc/examples/tls_server.cpp b/doc/examples/tls_server.cpp index 334d8f1fc..727f4c333 100644 --- a/doc/examples/tls_server.cpp +++ b/doc/examples/tls_server.cpp @@ -22,8 +22,8 @@ using namespace std::placeholders; class Blocking_TLS_Server { public: - Blocking_TLS_Server(std::tr1::function output_fn, - std::tr1::function input_fn, + Blocking_TLS_Server(std::function output_fn, + std::function input_fn, std::vector& protocols, TLS::Session_Manager& sessions, Credentials_Manager& creds, @@ -32,8 +32,8 @@ class Blocking_TLS_Server input_fn(input_fn), server( output_fn, - std::tr1::bind(&Blocking_TLS_Server::reader_fn, std::tr1::ref(*this), _1, _2, _3), - std::tr1::bind(&Blocking_TLS_Server::handshake_complete, std::tr1::ref(*this), _1), + std::bind(&Blocking_TLS_Server::reader_fn, std::ref(*this), _1, _2, _3), + std::bind(&Blocking_TLS_Server::handshake_complete, std::ref(*this), _1), sessions, creds, policy, @@ -131,7 +131,7 @@ class Blocking_TLS_Server read_queue.write(buf, buf_len); } - std::tr1::function input_fn; + std::function input_fn; TLS::Server server; SecureQueue read_queue; bool exit; @@ -179,8 +179,8 @@ int main(int argc, char* argv[]) printf("Got new connection\n"); Blocking_TLS_Server tls( - std::tr1::bind(&Socket::write, std::tr1::ref(sock), _1, _2), - std::tr1::bind(&Socket::read, std::tr1::ref(sock), _1, _2, true), + std::bind(&Socket::write, std::ref(sock), _1, _2), + std::bind(&Socket::read, std::ref(sock), _1, _2, true), protocols, sessions, creds, diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 835627eb0..d22ae6202 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -1,6 +1,6 @@ macro_name GCC -binary_name g++-4.7.0 +binary_name g++-4.6.0 compile_option "-c " output_to_option "-o " @@ -8,7 +8,7 @@ add_include_dir_option -I add_lib_dir_option -L add_lib_option -l -lang_flags "-D_REENTRANT -std=c++11" +lang_flags "-D_REENTRANT -std=c++0x" warning_flags "-W -Wall" maintainer_warning_flags "-Werror -Wall -Wextra -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wold-style-cast" diff --git a/src/constructs/srp6/srp6.cpp b/src/constructs/srp6/srp6.cpp index 9ce0d18be..0eccdc154 100644 --- a/src/constructs/srp6/srp6.cpp +++ b/src/constructs/srp6/srp6.cpp @@ -77,7 +77,7 @@ std::string srp6_group_identifier(const BigInt& N, const BigInt& g) */ try { - const std::string group_name = "modp/srp/" + to_string(N.bits()); + const std::string group_name = "modp/srp/" + std::to_string(N.bits()); DL_Group group(group_name); diff --git a/src/credentials/credentials_manager.cpp b/src/credentials/credentials_manager.cpp index 88b653df5..07d2979f9 100644 --- a/src/credentials/credentials_manager.cpp +++ b/src/credentials/credentials_manager.cpp @@ -125,7 +125,8 @@ void Credentials_Manager::verify_certificate_chain( } if(result != VERIFIED) - throw std::runtime_error("Certificate did not validate, code " + to_string(result)); + throw std::runtime_error("Certificate did not validate, code " + + std::to_string(result)); #else // New X.509 API diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp index 056a7550f..df3957a4b 100644 --- a/src/tls/c_hello.cpp +++ b/src/tls/c_hello.cpp @@ -11,7 +11,7 @@ #include #include #include -#include +#include namespace Botan { @@ -24,7 +24,10 @@ enum { MemoryVector make_hello_random(RandomNumberGenerator& rng) { MemoryVector buf(32); - const u32bit time32 = system_time(); + + const u32bit time32 = static_cast( + std::chrono::system_clock::to_time_t(std::chrono::system_clock::now())); + store_be(time32, buf); rng.randomize(&buf[4], buf.size() - 4); return buf; diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index 13925a482..f97081383 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -149,7 +149,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, const std::string name = Supported_Elliptic_Curves::curve_id_to_name(curve_id); if(name == "") - throw Decoding_Error("Server sent unknown named curve " + to_string(curve_id)); + throw Decoding_Error("Server sent unknown named curve " + std::to_string(curve_id)); EC_Group group(name); @@ -216,7 +216,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, if(peer_certs.empty()) throw Internal_Error("No certificate and no server key exchange"); - std::auto_ptr pub_key(peer_certs[0].subject_public_key()); + std::unique_ptr pub_key(peer_certs[0].subject_public_key()); if(const RSA_PublicKey* rsa_pub = dynamic_cast(pub_key.get())) { diff --git a/src/tls/hello_verify.cpp b/src/tls/hello_verify.cpp index c7aae94a1..e844d7f72 100644 --- a/src/tls/hello_verify.cpp +++ b/src/tls/hello_verify.cpp @@ -29,7 +29,7 @@ Hello_Verify_Request::Hello_Verify_Request(const MemoryVector& client_hell const std::string& client_identity, const SymmetricKey& secret_key) { - std::auto_ptr hmac(get_mac("HMAC(SHA-256)")); + std::unique_ptr hmac(get_mac("HMAC(SHA-256)")); hmac->set_key(secret_key); hmac->update_be(client_hello_bits.size()); diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp index 5d46ec1fa..b240f4703 100644 --- a/src/tls/rec_read.cpp +++ b/src/tls/rec_read.cpp @@ -220,7 +220,8 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, m_readbuf[0] != HEARTBEAT) { throw Unexpected_Message( - "Unknown record type " + to_string(m_readbuf[0]) + " from counterparty"); + "Unknown record type " + std::to_string(m_readbuf[0]) + + " from counterparty"); } const size_t record_len = make_u16bit(m_readbuf[3], m_readbuf[4]); diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp index 95518aa32..34cd872ac 100644 --- a/src/tls/s_kex.cpp +++ b/src/tls/s_kex.cpp @@ -48,7 +48,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, if(kex_algo == "DH" || kex_algo == "DHE_PSK") { - std::auto_ptr dh(new DH_PrivateKey(rng, policy.dh_group())); + std::unique_ptr dh(new DH_PrivateKey(rng, policy.dh_group())); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_p()), 2); append_tls_length_value(m_params, BigInt::encode(dh->get_domain().get_g()), 2); @@ -71,7 +71,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, EC_Group ec_group(curve_name); - std::auto_ptr ecdh(new ECDH_PrivateKey(rng, ec_group)); + std::unique_ptr ecdh(new ECDH_PrivateKey(rng, ec_group)); const std::string ecdh_domain_oid = ecdh->domain().get_oid(); const std::string domain = OIDS::lookup(OID(ecdh_domain_oid)); @@ -190,7 +190,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion& buf, if(name == "") throw Decoding_Error("Server_Key_Exchange: Server sent unknown named curve " + - to_string(curve_id)); + std::to_string(curve_id)); m_params.push_back(curve_type); m_params.push_back(get_byte(0, curve_id)); @@ -261,7 +261,7 @@ MemoryVector Server_Key_Exchange::serialize() const bool Server_Key_Exchange::verify(const X509_Certificate& cert, Handshake_State* state) const { - std::auto_ptr key(cert.subject_public_key()); + std::unique_ptr key(cert.subject_public_key()); std::pair format = state->understand_sig_format(key.get(), m_hash_algo, m_sig_algo, false); @@ -290,5 +290,3 @@ SRP6_Server_Session& Server_Key_Exchange::server_srp_params() } } - -} diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp index aa9385d70..f4d0e1034 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp +++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp @@ -9,9 +9,9 @@ #include #include #include -#include #include #include +#include #include @@ -47,6 +47,12 @@ class sqlite3_statement throw std::runtime_error("sqlite3_bind_int failed, code " + std::to_string(rc)); } + void bind(int column, std::chrono::system_clock::time_point time) + { + const int timeval = std::chrono::duration_cast(time.time_since_epoch()).count(); + bind(column, timeval); + } + void bind(int column, const MemoryRegion& val) { int rc = sqlite3_bind_blob(m_stmt, column, &val[0], val.size(), SQLITE_TRANSIENT); @@ -86,38 +92,6 @@ class sqlite3_statement {} } - std::pair get_blob(int column) - { - BOTAN_ASSERT(sqlite3_column_type(m_stmt, 0) == SQLITE_BLOB, - "Return value is a blob"); - - const void* session_blob = sqlite3_column_blob(m_stmt, column); - const int session_blob_size = sqlite3_column_bytes(m_stmt, column); - - BOTAN_ASSERT(session_blob_size >= 0, "Blob size is non-negative"); - - return std::make_pair(static_cast(session_blob), - static_cast(session_blob_size)); - } - - size_t get_size_t(int column) - { - BOTAN_ASSERT(sqlite3_column_type(m_stmt, column) == SQLITE_INTEGER, - "Return count is an integer"); - - const int sessions_int = sqlite3_column_int(m_stmt, column); - - BOTAN_ASSERT(sessions_int >= 0, "Expected size_t is non-negative"); - - return static_cast(sessions_int); - } - - void spin() - { - while(sqlite3_step(m_stmt) == SQLITE_ROW) - {} - } - int step() { return sqlite3_step(m_stmt); @@ -161,7 +135,7 @@ SymmetricKey derive_key(const std::string& passphrase, size_t iterations, size_t& check_val) { - std::auto_ptr pbkdf(get_pbkdf("PBKDF2(SHA-512)")); + std::unique_ptr pbkdf(get_pbkdf("PBKDF2(SHA-512)")); SecureVector x = pbkdf->derive_key(32 + 3, passphrase, @@ -178,7 +152,7 @@ Session_Manager_SQLite::Session_Manager_SQLite(const std::string& passphrase, RandomNumberGenerator& rng, const std::string& db_filename, size_t max_sessions, - u32bit session_lifetime) : + std::chrono::seconds session_lifetime) : m_rng(rng), m_max_sessions(max_sessions), m_session_lifetime(session_lifetime) @@ -355,7 +329,7 @@ void Session_Manager_SQLite::prune_session_cache() { sqlite3_statement remove_expired(m_db, "delete from tls_sessions where session_start <= ?1"); - remove_expired.bind(1, system_time() - m_session_lifetime); + remove_expired.bind(1, std::chrono::system_clock::now() - m_session_lifetime); remove_expired.spin(); diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h index 57e5a58f6..cac7affd0 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h +++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h @@ -36,7 +36,7 @@ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager RandomNumberGenerator& rng, const std::string& db_filename, size_t max_sessions = 1000, - u32bit session_lifetime = 7200); + std::chrono::seconds session_lifetime = std::chrono::seconds(7200)); ~Session_Manager_SQLite(); @@ -50,7 +50,7 @@ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager void save(const Session& session_data); - u32bit session_lifetime() const { return m_session_lifetime; } + std::chrono::seconds session_lifetime() const { return m_session_lifetime; } private: Session_Manager_SQLite(const Session_Manager_SQLite&); Session_Manager_SQLite& operator=(const Session_Manager_SQLite&); @@ -60,7 +60,7 @@ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager SymmetricKey m_session_key; RandomNumberGenerator& m_rng; size_t m_max_sessions; - u32bit m_session_lifetime; + std::chrono::seconds m_session_lifetime; class sqlite3* m_db; }; diff --git a/src/tls/tls_alert.cpp b/src/tls/tls_alert.cpp index 9b37a282f..dee082bac 100644 --- a/src/tls/tls_alert.cpp +++ b/src/tls/tls_alert.cpp @@ -114,10 +114,9 @@ std::string Alert::type_string() const * compiler can warn us that it is not included in the switch * statement. */ - return "unrecognized_alert_" + to_string(type()); + return "unrecognized_alert_" + std::to_string(type()); } - } } diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index 86d9db8bd..7a66eb946 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -16,9 +16,9 @@ namespace Botan { namespace TLS { -Channel::Channel(std::tr1::function socket_output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_complete) : +Channel::Channel(std::function socket_output_fn, + std::function proc_fn, + std::function handshake_complete) : proc_fn(proc_fn), handshake_fn(handshake_complete), writer(socket_output_fn), @@ -128,7 +128,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) } else throw Unexpected_Message("Unknown TLS message type " + - to_string(rec_type) + " received"); + std::to_string(rec_type) + " received"); } return 0; // on a record boundary @@ -324,4 +324,3 @@ void Channel::Secure_Renegotiation_State::update(Finished* client_finished, } -} diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index 257745d80..d1131460b 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -76,9 +76,9 @@ class BOTAN_DLL Channel */ std::vector peer_cert_chain() const { return peer_certs; } - Channel(std::tr1::function socket_output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_complete); + Channel(std::function socket_output_fn, + std::function proc_fn, + std::function handshake_complete); virtual ~Channel(); protected: @@ -99,8 +99,8 @@ class BOTAN_DLL Channel virtual void alert_notify(const Alert& alert) = 0; - std::tr1::function proc_fn; - std::tr1::function handshake_fn; + std::function proc_fn; + std::function handshake_fn; Record_Writer writer; Record_Reader reader; diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp index 798df0186..e3bda06e4 100644 --- a/src/tls/tls_ciphersuite.cpp +++ b/src/tls/tls_ciphersuite.cpp @@ -79,7 +79,7 @@ std::string Ciphersuite::to_string() const if(cipher_algo() == "3DES") out << "3DES_EDE"; else if(cipher_algo() == "Camellia") - out << "CAMELLIA_" << Botan::to_string(8*cipher_keylen()); + out << "CAMELLIA_" << std::to_string(8*cipher_keylen()); else out << replace_char(cipher_algo(), '-', '_'); @@ -102,4 +102,3 @@ std::string Ciphersuite::to_string() const } -} diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index 63d0ee148..dd17db2cf 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -18,15 +18,15 @@ namespace TLS { /* * TLS Client Constructor */ -Client::Client(std::tr1::function output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_fn, +Client::Client(std::function output_fn, + std::function proc_fn, + std::function handshake_fn, Session_Manager& session_manager, Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng, const std::string& hostname, - std::tr1::function)> next_protocol) : + std::function)> next_protocol) : Channel(output_fn, proc_fn, handshake_fn), policy(policy), rng(rng), @@ -314,7 +314,7 @@ void Client::process_handshake_msg(Handshake_Type type, throw TLS_Exception(Alert::BAD_CERTIFICATE, e.what()); } - std::auto_ptr peer_key(peer_certs[0].subject_public_key()); + std::unique_ptr peer_key(peer_certs[0].subject_public_key()); if(peer_key->algo_name() != state->suite.sig_algo()) throw TLS_Exception(Alert::ILLEGAL_PARAMETER, diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h index 4efe2a2df..297c5f611 100644 --- a/src/tls/tls_client.h +++ b/src/tls/tls_client.h @@ -42,16 +42,16 @@ class BOTAN_DLL Client : public Channel * called with the list of protocols the server advertised; * the client should return the protocol it would like to use. */ - Client(std::tr1::function socket_output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_complete, + Client(std::function socket_output_fn, + std::function proc_fn, + std::function handshake_complete, Session_Manager& session_manager, Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng, const std::string& servername = "", - std::tr1::function)> next_protocol = - std::tr1::function)>()); + std::function)> next_protocol = + std::function)>()); void renegotiate(bool force_full_renegotiation); private: diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp index f1361bbb9..6d69bfb9b 100644 --- a/src/tls/tls_extensions.cpp +++ b/src/tls/tls_extensions.cpp @@ -245,7 +245,8 @@ Maximum_Fragment_Length::Maximum_Fragment_Length(size_t max_fragment) else if(max_fragment == 4096) val = 4; else - throw std::invalid_argument("Bad setting " + to_string(max_fragment) + + throw std::invalid_argument("Bad setting " + + std::to_string(max_fragment) + " for maximum fragment size"); } diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp index d0c74136b..02516632e 100644 --- a/src/tls/tls_handshake_hash.cpp +++ b/src/tls/tls_handshake_hash.cpp @@ -35,7 +35,7 @@ SecureVector Handshake_Hash::final(Protocol_Version version, { Algorithm_Factory& af = global_state().algorithm_factory(); - std::auto_ptr hash; + std::unique_ptr hash; if(version == Protocol_Version::TLS_V10 || version == Protocol_Version::TLS_V11) { @@ -65,8 +65,8 @@ SecureVector Handshake_Hash::final_ssl3(const MemoryRegion& secret) Algorithm_Factory& af = global_state().algorithm_factory(); - std::auto_ptr md5(af.make_hash_function("MD5")); - std::auto_ptr sha1(af.make_hash_function("SHA-1")); + std::unique_ptr md5(af.make_hash_function("MD5")); + std::unique_ptr sha1(af.make_hash_function("SHA-1")); md5->update(data); sha1->update(data); diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index 1a55305e3..f5a9f899c 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -68,7 +68,8 @@ u32bit bitmask_for_handshake_type(Handshake_Type type) return 0; default: - throw Internal_Error("Unknown handshake type " + to_string(type)); + throw Internal_Error("Unknown handshake type " + + std::to_string(type)); } return 0; @@ -123,8 +124,8 @@ void Handshake_State::confirm_transition_to(Handshake_Type handshake_msg) if(!ok) throw Unexpected_Message("Unexpected state transition in handshake, got " + - to_string(handshake_msg) + " mask is " + - to_string(hand_expecting_mask)); + std::to_string(handshake_msg) + " mask is " + + std::to_string(hand_expecting_mask)); /* We don't know what to expect next, so force a call to set_expected_next; if it doesn't happen, the next transition diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h index ec4c2fea8..364c715f8 100644 --- a/src/tls/tls_handshake_state.h +++ b/src/tls/tls_handshake_state.h @@ -14,22 +14,9 @@ #include #include +#include #include -#if defined(BOTAN_USE_STD_TR1) - -#if defined(BOTAN_BUILD_COMPILER_IS_MSVC) - #include -#else - #include -#endif - -#elif defined(BOTAN_USE_BOOST_TR1) - #include -#else - #error "No TR1 library defined for use" -#endif - namespace Botan { class KDF; @@ -109,7 +96,7 @@ class Handshake_State /** * Used by client using NPN */ - std::tr1::function)> client_npn_cb; + std::function)> client_npn_cb; Handshake_Reader* handshake_reader() { return m_handshake_reader; } private: diff --git a/src/tls/tls_heartbeats.cpp b/src/tls/tls_heartbeats.cpp index a77d23534..059772d34 100644 --- a/src/tls/tls_heartbeats.cpp +++ b/src/tls/tls_heartbeats.cpp @@ -68,7 +68,7 @@ Heartbeat_Support_Indicator::Heartbeat_Support_Indicator(TLS_Data_Reader& reader if(code != 1 && code != 2) throw TLS_Exception(Alert::ILLEGAL_PARAMETER, - "Unknown heartbeat code " + to_string(code)); + "Unknown heartbeat code " + std::to_string(code)); m_peer_allowed_to_send = (code == 1); } diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h index 680ec8f7b..3b44ee1c6 100644 --- a/src/tls/tls_record.h +++ b/src/tls/tls_record.h @@ -22,16 +22,6 @@ namespace Botan { namespace TLS { -#elif defined(BOTAN_USE_BOOST_TR1) - #include -#else - #error "No TR1 library defined for use" -#endif - -namespace Botan { - -namespace TLS { - class Session_Keys; /** @@ -61,7 +51,7 @@ class BOTAN_DLL Record_Writer void set_maximum_fragment_size(size_t max_fragment); - Record_Writer(std::tr1::function output_fn); + Record_Writer(std::function output_fn); ~Record_Writer() { delete m_mac; } private: @@ -70,7 +60,7 @@ class BOTAN_DLL Record_Writer void send_record(byte type, const byte input[], size_t length); - std::tr1::function m_output_fn; + std::function m_output_fn; MemoryVector m_writebuf; diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 9da4ca3b8..1e8c73ec3 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -22,7 +22,7 @@ bool check_for_resume(Session& session_info, Session_Manager& session_manager, Credentials_Manager& credentials, Client_Hello* client_hello, - u32bit session_ticket_lifetime) + std::chrono::seconds session_ticket_lifetime) { const MemoryVector& client_session_id = client_hello->session_id(); const MemoryVector& session_ticket = client_hello->session_ticket(); @@ -45,7 +45,7 @@ bool check_for_resume(Session& session_info, session_ticket, credentials.psk("tls-server", "session-ticket", "")); - if(session_ticket_lifetime && + if(session_ticket_lifetime != std::chrono::seconds(0) && session_info.session_age() > session_ticket_lifetime) return false; // ticket has expired } @@ -184,9 +184,9 @@ get_server_certs(const std::string& hostname, /* * TLS Server Constructor */ -Server::Server(std::tr1::function output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_fn, +Server::Server(std::function output_fn, + std::function proc_fn, + std::function handshake_fn, Session_Manager& session_manager, Credentials_Manager& creds, const Policy& policy, @@ -302,7 +302,7 @@ void Server::process_handshake_msg(Handshake_Type type, session_manager, creds, state->client_hello, - policy.session_ticket_lifetime()); + std::chrono::seconds(policy.session_ticket_lifetime())); bool have_session_ticket_key = false; diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h index 6ade91afc..684021ebc 100644 --- a/src/tls/tls_server.h +++ b/src/tls/tls_server.h @@ -26,9 +26,9 @@ class BOTAN_DLL Server : public Channel /** * Server initialization */ - Server(std::tr1::function socket_output_fn, - std::tr1::function proc_fn, - std::tr1::function handshake_complete, + Server(std::function socket_output_fn, + std::function proc_fn, + std::function handshake_complete, Session_Manager& session_manager, Credentials_Manager& creds, const Policy& policy, diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp index 0e8bf3051..dac38e67b 100644 --- a/src/tls/tls_session.cpp +++ b/src/tls/tls_session.cpp @@ -10,7 +10,6 @@ #include #include #include -#include #include #include #include @@ -31,7 +30,7 @@ Session::Session(const MemoryRegion& session_identifier, const MemoryRegion& ticket, const std::string& sni_hostname, const std::string& srp_identifier) : - m_start_time(system_time()), + m_start_time(std::chrono::system_clock::now()), m_identifier(session_identifier), m_session_ticket(ticket), m_master_secret(master_secret), @@ -64,11 +63,13 @@ Session::Session(const byte ber[], size_t ber_len) MemoryVector peer_cert_bits; + size_t start_time = 0; + BER_Decoder(ber, ber_len) .start_cons(SEQUENCE) .decode_and_check(static_cast(TLS_SESSION_PARAM_STRUCT_VERSION), "Unknown version in session structure") - .decode_integer_type(m_start_time) + .decode_integer_type(start_time) .decode_integer_type(major_version) .decode_integer_type(minor_version) .decode(m_identifier, OCTET_STRING) @@ -86,6 +87,7 @@ Session::Session(const byte ber[], size_t ber_len) .verify_end(); m_version = Protocol_Version(major_version, minor_version); + m_start_time = std::chrono::system_clock::from_time_t(start_time); m_sni_hostname = sni_hostname_str.value(); m_srp_identifier = srp_identifier_str.value(); m_connection_side = static_cast(side_code); @@ -108,7 +110,7 @@ SecureVector Session::DER_encode() const return DER_Encoder() .start_cons(SEQUENCE) .encode(static_cast(TLS_SESSION_PARAM_STRUCT_VERSION)) - .encode(static_cast(m_start_time)) + .encode(static_cast(std::chrono::system_clock::to_time_t(m_start_time))) .encode(static_cast(m_version.major_version())) .encode(static_cast(m_version.minor_version())) .encode(m_identifier, OCTET_STRING) @@ -131,9 +133,10 @@ std::string Session::PEM_encode() const return PEM_Code::encode(this->DER_encode(), "SSL SESSION"); } -u32bit Session::session_age() const +std::chrono::seconds Session::session_age() const { - return (system_time() - m_start_time); + return std::chrono::duration_cast( + std::chrono::system_clock::now() - m_start_time); } namespace { @@ -155,7 +158,7 @@ MemoryVector Session::encrypt(const SymmetricKey& master_key, RandomNumberGenerator& rng) const { - std::auto_ptr kdf(get_kdf(SESSION_CRYPTO_KDF)); + std::unique_ptr kdf(get_kdf(SESSION_CRYPTO_KDF)); SymmetricKey cipher_key = kdf->derive_key(CIPHER_KEY_LENGTH, @@ -169,7 +172,7 @@ Session::encrypt(const SymmetricKey& master_key, InitializationVector cipher_iv(rng, 16); - std::auto_ptr mac(get_mac(SESSION_CRYPTO_MAC)); + std::unique_ptr mac(get_mac(SESSION_CRYPTO_MAC)); mac->set_key(mac_key); Pipe pipe(get_cipher(SESSION_CRYPTO_CIPHER, cipher_key, cipher_iv, ENCRYPTION)); @@ -203,14 +206,14 @@ Session Session::decrypt(const byte buf[], size_t buf_len, if(load_be(buf, 0) != SESSION_CRYPTO_MAGIC) throw Decoding_Error("Unknown header value in encrypted session"); - std::auto_ptr kdf(get_kdf(SESSION_CRYPTO_KDF)); + std::unique_ptr kdf(get_kdf(SESSION_CRYPTO_KDF)); SymmetricKey mac_key = kdf->derive_key(MAC_KEY_LENGTH, master_key.bits_of(), "tls.session.mac-key"); - std::auto_ptr mac(get_mac(SESSION_CRYPTO_MAC)); + std::unique_ptr mac(get_mac(SESSION_CRYPTO_MAC)); mac->set_key(mac_key); mac->update(&buf[0], buf_len - MAC_OUTPUT_LENGTH); diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h index 290ee6dcc..a2b341a30 100644 --- a/src/tls/tls_session.h +++ b/src/tls/tls_session.h @@ -14,6 +14,7 @@ #include #include #include +#include namespace Botan { @@ -30,7 +31,7 @@ class BOTAN_DLL Session * Uninitialized session */ Session() : - m_start_time(0), + m_start_time(std::chrono::system_clock::time_point::min()), m_version(), m_ciphersuite(0), m_compression_method(0), @@ -172,14 +173,15 @@ class BOTAN_DLL Session std::vector peer_certs() const { return m_peer_certs; } /** - * Get the time this session began (seconds since Epoch) + * Get the wall clock time this session began */ - u64bit start_time() const { return m_start_time; } + std::chrono::system_clock::time_point start_time() const + { return m_start_time; } /** * Return how long this session has existed (in seconds) */ - u32bit session_age() const; + std::chrono::seconds session_age() const; /** * Return the session ticket the server gave us @@ -189,7 +191,7 @@ class BOTAN_DLL Session private: enum { TLS_SESSION_PARAM_STRUCT_VERSION = 0x2994e300 }; - u64bit m_start_time; + std::chrono::system_clock::time_point m_start_time; MemoryVector m_identifier; MemoryVector m_session_ticket; // only used by client side diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp index 69823e8bd..d103df35f 100644 --- a/src/tls/tls_session_manager.cpp +++ b/src/tls/tls_session_manager.cpp @@ -18,7 +18,7 @@ bool Session_Manager_In_Memory::load_from_session_str( { // assert(lock is held) - auto i = sessions.find(session_str); + auto i = m_sessions.find(session_str); if(i == m_sessions.end()) return false; @@ -26,7 +26,7 @@ bool Session_Manager_In_Memory::load_from_session_str( // if session has expired, remove it const auto now = std::chrono::system_clock::now(); - if(i->second.start_time() + session_lifetime < now) + if(i->second.start_time() + session_lifetime() < now) { m_sessions.erase(i); return false; @@ -39,7 +39,7 @@ bool Session_Manager_In_Memory::load_from_session_str( bool Session_Manager_In_Memory::load_from_session_id( const MemoryRegion& session_id, Session& session) { - std::lock_guard lock(mutex); + std::lock_guard lock(m_mutex); return load_from_session_str(hex_encode(session_id), session); } @@ -47,23 +47,23 @@ bool Session_Manager_In_Memory::load_from_session_id( bool Session_Manager_In_Memory::load_from_host_info( const std::string& hostname, u16bit port, Session& session) { - std::lock_guard lock(mutex); + std::lock_guard lock(m_mutex); std::map::iterator i; if(port > 0) - i = host_sessions.find(hostname + ":" + std::to_string(port)); + i = m_host_sessions.find(hostname + ":" + std::to_string(port)); else - i = host_sessions.find(hostname); + i = m_host_sessions.find(hostname); - if(i == host_sessions.end()) + if(i == m_host_sessions.end()) return false; if(load_from_session_str(i->second, session)) return true; - // was removed from sessions map, remove host_sessions entry - host_sessions.erase(i); + // was removed from sessions map, remove m_host_sessions entry + m_host_sessions.erase(i); return false; } @@ -71,9 +71,9 @@ bool Session_Manager_In_Memory::load_from_host_info( void Session_Manager_In_Memory::remove_entry( const MemoryRegion& session_id) { - std::lock_guard lock(mutex); + std::lock_guard lock(m_mutex); - auto i = sessions.find(hex_encode(session_id)); + auto i = m_sessions.find(hex_encode(session_id)); if(i != m_sessions.end()) m_sessions.erase(i); @@ -81,9 +81,9 @@ void Session_Manager_In_Memory::remove_entry( void Session_Manager_In_Memory::save(const Session& session) { - std::lock_guard lock(mutex); + std::lock_guard lock(m_mutex); - if(max_sessions != 0) + if(m_max_sessions != 0) { /* This removes randomly based on ordering of session ids. @@ -95,10 +95,10 @@ void Session_Manager_In_Memory::save(const Session& session) const std::string session_id_str = hex_encode(session.session_id()); - sessions[session_id_str] = session; + m_sessions[session_id_str] = session; if(session.side() == CLIENT && session.sni_hostname() != "") - host_sessions[session.sni_hostname()] = session_id_str; + m_host_sessions[session.sni_hostname()] = session_id_str; } } diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h index 8a4f31b78..84d51406d 100644 --- a/src/tls/tls_session_manager.h +++ b/src/tls/tls_session_manager.h @@ -70,7 +70,7 @@ class BOTAN_DLL Session_Manager * sessions are not resumed. Returns 0 if unknown/no explicit * expiration policy. */ - virtual u32bit session_lifetime() const = 0; + virtual std::chrono::seconds session_lifetime() const = 0; virtual ~Session_Manager() {} }; @@ -89,7 +89,7 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager * seconds have elapsed from initial handshake. */ Session_Manager_In_Memory(size_t max_sessions = 1000, - u32bit session_lifetime = 7200) : + std::chrono::seconds session_lifetime = std::chrono::seconds(7200)) : m_max_sessions(max_sessions), m_session_lifetime(session_lifetime) {} @@ -104,15 +104,17 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager void save(const Session& session_data); - u32bit session_lifetime() const { return m_session_lifetime; } + std::chrono::seconds session_lifetime() const { return m_session_lifetime; } private: bool load_from_session_str(const std::string& session_str, Session& session); + std::mutex m_mutex; + size_t m_max_sessions; - u32bit m_session_lifetime; + std::chrono::seconds m_session_lifetime; std::map m_sessions; // hex(session_id) -> session std::map m_host_sessions; -- cgit v1.2.3 From c691561f3198f481c13457433efbccc1c9fcd898 Mon Sep 17 00:00:00 2001 From: lloyd Date: Fri, 18 May 2012 20:32:36 +0000 Subject: Fairly huge update that replaces the old secmem types with std::vector using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed. --- checks/common.h | 4 +- checks/cvc_tests.cpp | 30 +- checks/dolook.cpp | 10 +- checks/ec_tests.cpp | 118 +++---- checks/ecdh.cpp | 4 +- checks/ecdsa.cpp | 36 +-- checks/pk.cpp | 58 ++-- checks/pk_bench.cpp | 8 +- checks/validate.cpp | 8 +- checks/x509.cpp | 2 +- doc/examples/GNUmakefile | 4 +- doc/examples/asn1.cpp | 10 +- doc/examples/bzip.cpp | 15 +- doc/examples/credentials.h | 2 +- doc/examples/decrypt.cpp | 6 +- doc/examples/dh.cpp | 4 +- doc/examples/dsa_ver.cpp | 4 +- doc/examples/ecdsa.cpp | 2 +- doc/examples/encrypt.cpp | 6 +- doc/examples/encrypt2.cpp | 10 +- doc/examples/fpe.cpp | 6 +- doc/examples/keywrap.cpp | 4 +- doc/examples/new_engine.cpp | 2 +- doc/examples/pqg_gen.cpp | 6 +- doc/examples/read_ssh.cpp | 2 +- doc/examples/rng_test.cpp | 8 +- doc/examples/row_encryptor.cpp | 20 +- doc/examples/rsa_dec.cpp | 8 +- doc/examples/rsa_enc.cpp | 14 +- doc/examples/tls_client.cpp | 2 +- doc/examples/tss.cpp | 2 +- src/algo_base/buf_comp.h | 31 +- src/algo_base/symkey.cpp | 11 +- src/algo_base/symkey.h | 14 +- src/alloc/alloc_mmap/info.txt | 28 -- src/alloc/alloc_mmap/mmap_mem.cpp | 145 --------- src/alloc/alloc_mmap/mmap_mem.h | 32 -- src/alloc/allocate.h | 65 ---- src/alloc/info.txt | 1 - src/alloc/mem_pool/info.txt | 8 - src/alloc/mem_pool/mem_pool.cpp | 251 --------------- src/alloc/mem_pool/mem_pool.h | 74 ----- src/alloc/secmem.h | 411 ++++-------------------- src/alloc/system_alloc/defalloc.cpp | 103 ------ src/alloc/system_alloc/defalloc.h | 41 --- src/alloc/system_alloc/info.txt | 13 - src/asn1/alg_id.cpp | 4 +- src/asn1/alg_id.h | 6 +- src/asn1/asn1_att.cpp | 4 +- src/asn1/asn1_int.cpp | 4 +- src/asn1/asn1_int.h | 4 +- src/asn1/asn1_obj.h | 6 +- src/asn1/asn1_oid.cpp | 2 +- src/asn1/ber_dec.cpp | 85 ++++- src/asn1/ber_dec.h | 26 +- src/asn1/der_enc.cpp | 69 ++-- src/asn1/der_enc.h | 37 ++- src/asn1/x509_dn.cpp | 4 +- src/asn1/x509_dn.h | 4 +- src/block/aes/aes.cpp | 18 +- src/block/aes/aes.h | 12 +- src/block/aes_ni/aes_ni.h | 6 +- src/block/aes_ssse3/aes_ssse3.h | 6 +- src/block/block_cipher.h | 44 +++ src/block/blowfish/blowfish.cpp | 2 +- src/block/blowfish/blowfish.h | 6 +- src/block/camellia/camellia.cpp | 6 +- src/block/camellia/camellia.h | 6 +- src/block/cast/cast128.cpp | 8 +- src/block/cast/cast128.h | 6 +- src/block/cast/cast256.cpp | 2 +- src/block/cast/cast256.h | 4 +- src/block/des/des.h | 4 +- src/block/des/desx.h | 2 +- src/block/gost_28147/gost_28147.h | 6 +- src/block/idea/idea.h | 6 +- src/block/kasumi/kasumi.cpp | 2 +- src/block/kasumi/kasumi.h | 2 +- src/block/lion/lion.cpp | 4 +- src/block/lion/lion.h | 2 +- src/block/lubyrack/lubyrack.cpp | 4 +- src/block/lubyrack/lubyrack.h | 2 +- src/block/mars/mars.cpp | 2 +- src/block/mars/mars.h | 2 +- src/block/misty1/misty1.cpp | 2 +- src/block/misty1/misty1.h | 2 +- src/block/noekeon/noekeon.h | 6 +- src/block/noekeon_simd/noekeon_simd.cpp | 4 +- src/block/rc2/rc2.cpp | 2 +- src/block/rc2/rc2.h | 2 +- src/block/rc5/rc5.cpp | 2 +- src/block/rc5/rc5.h | 2 +- src/block/rc6/rc6.cpp | 2 +- src/block/rc6/rc6.h | 2 +- src/block/safer/safer_sk.cpp | 2 +- src/block/safer/safer_sk.h | 2 +- src/block/seed/seed.cpp | 2 +- src/block/seed/seed.h | 2 +- src/block/serpent/serpent.cpp | 2 +- src/block/serpent/serpent.h | 4 +- src/block/serpent_x86_32/serp_x86_32.cpp | 2 +- src/block/skipjack/skipjack.h | 2 +- src/block/square/square.cpp | 2 +- src/block/square/square.h | 4 +- src/block/tea/tea.h | 2 +- src/block/twofish/twofish.cpp | 2 +- src/block/twofish/twofish.h | 2 +- src/block/xtea/xtea.cpp | 2 +- src/block/xtea/xtea.h | 4 +- src/build-data/cc/gcc.txt | 2 +- src/cert/certstore/certstor.cpp | 8 +- src/cert/certstore/certstor.h | 8 +- src/cert/cvc/asn1_eac_tm.cpp | 8 +- src/cert/cvc/cvc_ado.cpp | 22 +- src/cert/cvc/cvc_ado.h | 8 +- src/cert/cvc/cvc_cert.cpp | 16 +- src/cert/cvc/cvc_cert.h | 4 +- src/cert/cvc/cvc_gen_cert.h | 28 +- src/cert/cvc/cvc_req.cpp | 2 +- src/cert/cvc/cvc_self.cpp | 20 +- src/cert/cvc/eac_asn_obj.h | 2 +- src/cert/cvc/eac_obj.h | 2 +- src/cert/cvc/ecdsa_sig.cpp | 14 +- src/cert/cvc/ecdsa_sig.h | 8 +- src/cert/cvc/signed_obj.cpp | 6 +- src/cert/cvc/signed_obj.h | 10 +- src/cert/pkcs10/pkcs10.cpp | 15 +- src/cert/pkcs10/pkcs10.h | 8 +- src/cert/x509ca/x509_ca.cpp | 92 +++--- src/cert/x509ca/x509_ca.h | 2 +- src/cert/x509cert/x509_ext.cpp | 60 ++-- src/cert/x509cert/x509_ext.h | 52 +-- src/cert/x509cert/x509_obj.cpp | 25 +- src/cert/x509cert/x509_obj.h | 18 +- src/cert/x509cert/x509cert.cpp | 20 +- src/cert/x509cert/x509cert.h | 9 +- src/cert/x509crl/crl_ent.h | 4 +- src/cert/x509crl/x509_crl.cpp | 8 +- src/cert/x509crl/x509_crl.h | 12 +- src/cert/x509self/x509self.cpp | 19 +- src/cert/x509store/x509stor.cpp | 16 +- src/cert/x509store/x509stor.h | 4 +- src/cms/cms_algo.cpp | 14 +- src/cms/cms_comp.cpp | 4 +- src/cms/cms_dalg.cpp | 10 +- src/cms/cms_dec.h | 2 +- src/cms/cms_ealg.cpp | 14 +- src/cms/cms_enc.cpp | 4 +- src/cms/cms_enc.h | 12 +- src/codec/base64/base64.cpp | 11 +- src/codec/base64/base64.h | 10 +- src/codec/hex/hex.cpp | 12 +- src/codec/hex/hex.h | 14 +- src/codec/openpgp/openpgp.cpp | 4 +- src/codec/openpgp/openpgp.h | 4 +- src/codec/pem/pem.cpp | 21 +- src/codec/pem/pem.h | 31 +- src/constructs/aont/package.cpp | 16 +- src/constructs/cryptobox/cryptobox.cpp | 12 +- src/constructs/fpe_fe1/fpe_fe1.cpp | 18 +- src/constructs/fpe_fe1/fpe_fe1.h | 4 +- src/constructs/rfc3394/rfc3394.cpp | 20 +- src/constructs/rfc3394/rfc3394.h | 4 +- src/constructs/srp6/srp6.cpp | 10 +- src/constructs/srp6/srp6.h | 4 +- src/constructs/srp6/srp6_files.cpp | 4 +- src/constructs/srp6/srp6_files.h | 6 +- src/constructs/tss/tss.cpp | 10 +- src/constructs/tss/tss.h | 4 +- src/credentials/credentials_manager.cpp | 2 +- src/credentials/credentials_manager.h | 2 +- src/engine/gnump/gmp_wrap.h | 2 +- src/engine/gnump/gnump_pk.cpp | 16 +- src/engine/openssl/bn_wrap.cpp | 4 +- src/engine/openssl/bn_wrap.h | 2 +- src/engine/openssl/ossl_bc.cpp | 2 +- src/engine/openssl/ossl_pk.cpp | 16 +- src/entropy/cryptoapi_rng/es_capi.cpp | 2 +- src/entropy/dev_random/dev_random.cpp | 2 +- src/entropy/egd/es_egd.cpp | 2 +- src/entropy/entropy_src.h | 4 +- src/entropy/proc_walk/es_ftw.cpp | 2 +- src/entropy/unix_procs/es_unix.cpp | 2 +- src/filters/algo_filt.cpp | 4 +- src/filters/buf_filt.h | 8 +- src/filters/bzip2/bzip2.h | 4 +- src/filters/codec_filt/b64_filt.h | 4 +- src/filters/codec_filt/hex_filt.h | 4 +- src/filters/data_src.cpp | 24 +- src/filters/data_src.h | 17 +- src/filters/fd_unix/fd_unix.cpp | 4 +- src/filters/filter.h | 20 +- src/filters/filters.h | 2 +- src/filters/modes/cbc/cbc.cpp | 18 +- src/filters/modes/cbc/cbc.h | 4 +- src/filters/modes/cfb/cfb.cpp | 2 +- src/filters/modes/cfb/cfb.h | 4 +- src/filters/modes/cts/cts.cpp | 16 +- src/filters/modes/cts/cts.h | 4 +- src/filters/modes/eax/eax.cpp | 4 +- src/filters/modes/eax/eax.h | 8 +- src/filters/modes/eax/eax_dec.cpp | 4 +- src/filters/modes/ecb/ecb.cpp | 8 +- src/filters/modes/ecb/ecb.h | 4 +- src/filters/modes/xts/xts.cpp | 10 +- src/filters/modes/xts/xts.h | 4 +- src/filters/pipe.cpp | 7 +- src/filters/pipe.h | 26 +- src/filters/pipe_io.cpp | 4 +- src/filters/pipe_rw.cpp | 16 +- src/filters/pk_filts/pk_filts.cpp | 9 +- src/filters/pk_filts/pk_filts.h | 10 +- src/filters/secqueue.cpp | 2 +- src/filters/zlib/zlib.h | 4 +- src/hash/bmw_512/bmw_512.h | 2 +- src/hash/comb4p/comb4p.cpp | 10 +- src/hash/gost_3411/gost_3411.cpp | 4 +- src/hash/gost_3411/gost_3411.h | 2 +- src/hash/has160/has160.h | 2 +- src/hash/keccak/keccak.cpp | 4 +- src/hash/keccak/keccak.h | 2 +- src/hash/md2/md2.h | 2 +- src/hash/md4/md4.h | 4 +- src/hash/md5/md5.h | 4 +- src/hash/mdx_hash/mdx_hash.h | 2 +- src/hash/rmd128/rmd128.h | 2 +- src/hash/rmd160/rmd160.h | 2 +- src/hash/sha1/sha160.h | 4 +- src/hash/sha2_32/sha2_32.cpp | 2 +- src/hash/sha2_32/sha2_32.h | 4 +- src/hash/sha2_64/sha2_64.cpp | 2 +- src/hash/sha2_64/sha2_64.h | 4 +- src/hash/skein/skein_512.cpp | 12 +- src/hash/skein/skein_512.h | 6 +- src/hash/tiger/tiger.cpp | 4 +- src/hash/tiger/tiger.h | 4 +- src/hash/whirlpool/whrlpool.h | 2 +- src/kdf/kdf.cpp | 23 +- src/kdf/kdf.h | 26 +- src/kdf/kdf1/kdf1.cpp | 2 +- src/kdf/kdf1/kdf1.h | 2 +- src/kdf/kdf2/kdf2.cpp | 6 +- src/kdf/kdf2/kdf2.h | 2 +- src/kdf/mgf1/mgf1.cpp | 2 +- src/kdf/prf_ssl3/prf_ssl3.cpp | 6 +- src/kdf/prf_ssl3/prf_ssl3.h | 2 +- src/kdf/prf_tls/prf_tls.cpp | 14 +- src/kdf/prf_tls/prf_tls.h | 4 +- src/kdf/prf_x942/prf_x942.cpp | 10 +- src/kdf/prf_x942/prf_x942.h | 2 +- src/libstate/info.txt | 1 - src/libstate/libstate.cpp | 72 ----- src/libstate/libstate.h | 19 -- src/mac/cbc_mac/cbc_mac.h | 2 +- src/mac/cmac/cmac.cpp | 4 +- src/mac/cmac/cmac.h | 4 +- src/mac/hmac/hmac.cpp | 2 +- src/mac/hmac/hmac.h | 2 +- src/mac/mac.cpp | 2 +- src/mac/ssl3mac/ssl3_mac.h | 2 +- src/mac/x919_mac/x919_mac.cpp | 2 +- src/mac/x919_mac/x919_mac.h | 2 +- src/math/bigint/big_code.cpp | 34 +- src/math/bigint/big_io.cpp | 2 +- src/math/bigint/big_ops2.cpp | 40 +-- src/math/bigint/big_ops3.cpp | 28 +- src/math/bigint/big_rand.cpp | 2 +- src/math/bigint/bigint.cpp | 8 - src/math/bigint/bigint.h | 64 +++- src/math/ec_gfp/point_gfp.cpp | 18 +- src/math/ec_gfp/point_gfp.h | 7 +- src/math/numbertheory/dsa_gen.cpp | 21 +- src/math/numbertheory/make_prm.cpp | 2 +- src/math/numbertheory/mp_numth.cpp | 10 +- src/math/numbertheory/numthry.h | 4 +- src/math/numbertheory/powm_mnt.cpp | 8 +- src/passhash/bcrypt/bcrypt.cpp | 14 +- src/passhash/passhash9/passhash9.cpp | 8 +- src/pbe/pbe.h | 2 +- src/pbe/pbes1/pbes1.cpp | 8 +- src/pbe/pbes1/pbes1.h | 4 +- src/pbe/pbes2/pbes2.cpp | 10 +- src/pbe/pbes2/pbes2.h | 4 +- src/pbkdf/pbkdf1/pbkdf1.cpp | 2 +- src/pbkdf/pbkdf2/pbkdf2.cpp | 8 +- src/pbkdf/pgps2k/pgp_s2k.cpp | 2 +- src/pk_pad/eme.cpp | 8 +- src/pk_pad/eme.h | 12 +- src/pk_pad/eme1/eme1.cpp | 11 +- src/pk_pad/eme1/eme1.h | 6 +- src/pk_pad/eme_pkcs/eme_pkcs.cpp | 8 +- src/pk_pad/eme_pkcs/eme_pkcs.h | 4 +- src/pk_pad/emsa.h | 8 +- src/pk_pad/emsa1/emsa1.cpp | 14 +- src/pk_pad/emsa1/emsa1.h | 6 +- src/pk_pad/emsa1_bsi/emsa1_bsi.cpp | 2 +- src/pk_pad/emsa1_bsi/emsa1_bsi.h | 2 +- src/pk_pad/emsa2/emsa2.cpp | 14 +- src/pk_pad/emsa2/emsa2.h | 8 +- src/pk_pad/emsa3/emsa3.cpp | 22 +- src/pk_pad/emsa3/emsa3.h | 16 +- src/pk_pad/emsa4/emsa4.cpp | 41 +-- src/pk_pad/emsa4/emsa4.h | 6 +- src/pk_pad/emsa_raw/emsa_raw.cpp | 10 +- src/pk_pad/emsa_raw/emsa_raw.h | 8 +- src/pk_pad/hash_id/hash_id.cpp | 43 ++- src/pk_pad/hash_id/hash_id.h | 2 +- src/pubkey/dh/dh.cpp | 10 +- src/pubkey/dh/dh.h | 10 +- src/pubkey/dl_algo/dl_algo.cpp | 10 +- src/pubkey/dl_algo/dl_algo.h | 8 +- src/pubkey/dl_group/dl_group.cpp | 14 +- src/pubkey/dl_group/dl_group.h | 5 +- src/pubkey/dlies/dlies.cpp | 27 +- src/pubkey/dlies/dlies.h | 13 +- src/pubkey/dsa/dsa.cpp | 6 +- src/pubkey/dsa/dsa.h | 6 +- src/pubkey/ec_group/ec_group.cpp | 18 +- src/pubkey/ec_group/ec_group.h | 4 +- src/pubkey/ecc_key/ecc_key.cpp | 10 +- src/pubkey/ecc_key/ecc_key.h | 10 +- src/pubkey/ecdh/ecdh.cpp | 2 +- src/pubkey/ecdh/ecdh.h | 12 +- src/pubkey/ecdsa/ecdsa.cpp | 4 +- src/pubkey/ecdsa/ecdsa.h | 6 +- src/pubkey/elgamal/elgamal.cpp | 10 +- src/pubkey/elgamal/elgamal.h | 8 +- src/pubkey/gost_3410/gost_3410.cpp | 20 +- src/pubkey/gost_3410/gost_3410.h | 8 +- src/pubkey/if_algo/if_algo.cpp | 10 +- src/pubkey/if_algo/if_algo.h | 8 +- src/pubkey/keypair/keypair.cpp | 12 +- src/pubkey/nr/nr.cpp | 12 +- src/pubkey/nr/nr.h | 8 +- src/pubkey/pk_algs.cpp | 4 +- src/pubkey/pk_algs.h | 4 +- src/pubkey/pk_keys.h | 6 +- src/pubkey/pk_ops.h | 10 +- src/pubkey/pkcs8.cpp | 18 +- src/pubkey/pkcs8.h | 4 +- src/pubkey/pubkey.cpp | 46 +-- src/pubkey/pubkey.h | 54 ++-- src/pubkey/rsa/rsa.cpp | 6 +- src/pubkey/rsa/rsa.h | 14 +- src/pubkey/rw/rw.cpp | 12 +- src/pubkey/rw/rw.h | 8 +- src/pubkey/x509_key.cpp | 8 +- src/pubkey/x509_key.h | 4 +- src/rng/hmac_rng/hmac_rng.cpp | 4 +- src/rng/hmac_rng/hmac_rng.h | 2 +- src/rng/randpool/randpool.cpp | 6 +- src/rng/randpool/randpool.h | 2 +- src/rng/rng.h | 4 +- src/rng/x931_rng/x931_rng.cpp | 2 +- src/rng/x931_rng/x931_rng.h | 2 +- src/stream/arc4/arc4.h | 4 +- src/stream/ctr/ctr.h | 2 +- src/stream/ofb/ofb.h | 2 +- src/stream/salsa20/salsa20.cpp | 2 +- src/stream/salsa20/salsa20.h | 4 +- src/stream/turing/turing.cpp | 4 +- src/stream/turing/turing.h | 8 +- src/stream/wid_wake/wid_wake.h | 8 +- src/tls/c_hello.cpp | 26 +- src/tls/c_kex.cpp | 26 +- src/tls/cert_req.cpp | 22 +- src/tls/cert_ver.cpp | 10 +- src/tls/finished.cpp | 14 +- src/tls/hello_verify.cpp | 10 +- src/tls/next_protocol.cpp | 6 +- src/tls/rec_read.cpp | 4 +- src/tls/rec_wri.cpp | 6 +- src/tls/s_hello.cpp | 16 +- src/tls/s_kex.cpp | 12 +- src/tls/session_ticket.cpp | 8 +- src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp | 10 +- src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h | 4 +- src/tls/tls_alert.cpp | 2 +- src/tls/tls_alert.h | 2 +- src/tls/tls_channel.cpp | 16 +- src/tls/tls_channel.h | 12 +- src/tls/tls_client.cpp | 6 +- src/tls/tls_client.h | 2 +- src/tls/tls_extensions.cpp | 34 +- src/tls/tls_extensions.h | 36 +-- src/tls/tls_handshake_hash.cpp | 10 +- src/tls/tls_handshake_hash.h | 15 +- src/tls/tls_handshake_reader.cpp | 4 +- src/tls/tls_handshake_reader.h | 4 +- src/tls/tls_handshake_state.cpp | 2 +- src/tls/tls_handshake_state.h | 4 +- src/tls/tls_heartbeats.cpp | 12 +- src/tls/tls_heartbeats.h | 8 +- src/tls/tls_messages.h | 121 +++---- src/tls/tls_reader.h | 35 +- src/tls/tls_record.h | 12 +- src/tls/tls_server.cpp | 12 +- src/tls/tls_server.h | 4 +- src/tls/tls_session.cpp | 26 +- src/tls/tls_session.h | 24 +- src/tls/tls_session_key.cpp | 6 +- src/tls/tls_session_key.h | 6 +- src/tls/tls_session_manager.cpp | 4 +- src/tls/tls_session_manager.h | 8 +- src/utils/datastor/datastor.cpp | 15 +- src/utils/datastor/datastor.h | 5 +- src/utils/xor_buf.h | 26 ++ src/wrap/python/python_botan.h | 2 +- src/wrap/python/rsa.cpp | 4 +- src/wrap/python/x509.cpp | 2 +- 410 files changed, 2250 insertions(+), 3046 deletions(-) delete mode 100644 src/alloc/alloc_mmap/info.txt delete mode 100644 src/alloc/alloc_mmap/mmap_mem.cpp delete mode 100644 src/alloc/alloc_mmap/mmap_mem.h delete mode 100644 src/alloc/allocate.h delete mode 100644 src/alloc/mem_pool/info.txt delete mode 100644 src/alloc/mem_pool/mem_pool.cpp delete mode 100644 src/alloc/mem_pool/mem_pool.h delete mode 100644 src/alloc/system_alloc/defalloc.cpp delete mode 100644 src/alloc/system_alloc/defalloc.h delete mode 100644 src/alloc/system_alloc/info.txt (limited to 'src/tls/tls_session_manager.cpp') diff --git a/checks/common.h b/checks/common.h index 33499a99d..05a6fb974 100644 --- a/checks/common.h +++ b/checks/common.h @@ -55,13 +55,13 @@ class Fixed_Output_RNG : public Botan::RandomNumberGenerator void clear() throw() {} - Fixed_Output_RNG(const Botan::SecureVector& in) + Fixed_Output_RNG(const Botan::secure_vector& in) { buf.insert(buf.end(), in.begin(), in.end()); } Fixed_Output_RNG(const std::string& in_str) { - Botan::SecureVector in = Botan::hex_decode(in_str); + Botan::secure_vector in = Botan::hex_decode(in_str); buf.insert(buf.end(), in.begin(), in.end()); } diff --git a/checks/cvc_tests.cpp b/checks/cvc_tests.cpp index ccda22cfc..9dc56610c 100644 --- a/checks/cvc_tests.cpp +++ b/checks/cvc_tests.cpp @@ -40,7 +40,7 @@ namespace { // helper functions void helper_write_file(EAC_Signed_Object const& to_write, std::string const& file_path) { - SecureVector sv = to_write.BER_encode(); + std::vector sv = to_write.BER_encode(); std::ofstream cert_file(file_path.c_str(), std::ios::binary); cert_file.write((char*)&sv[0], sv.size()); cert_file.close(); @@ -50,8 +50,8 @@ bool helper_files_equal(std::string const& file_path1, std::string const& file_p { std::ifstream cert_1_in(file_path1.c_str()); std::ifstream cert_2_in(file_path2.c_str()); - SecureVector sv1; - SecureVector sv2; + std::vector sv1; + std::vector sv2; if (!cert_1_in || !cert_2_in) { return false; @@ -94,7 +94,7 @@ void test_enc_gen_selfsigned(RandomNumberGenerator& rng) key.set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA); EAC1_1_CVC cert = CVC_EAC::create_self_signed_cert(key, opts, rng); - SecureVector der(cert.BER_encode()); + std::vector der(cert.BER_encode()); std::ofstream cert_file; cert_file.open(TEST_DATA_DIR "/my_cv_cert.ber", std::ios::binary); //cert_file << der; // this is bad !!! @@ -104,15 +104,15 @@ void test_enc_gen_selfsigned(RandomNumberGenerator& rng) EAC1_1_CVC cert_in(TEST_DATA_DIR "/my_cv_cert.ber"); CHECK(cert == cert_in); // encoding it again while it has no dp - SecureVector der2(cert_in.BER_encode()); + std::vector der2(cert_in.BER_encode()); std::ofstream cert_file2(TEST_DATA_DIR "/my_cv_cert2.ber", std::ios::binary); cert_file2.write((char*)&der2[0], der2.size()); cert_file2.close(); // read both and compare them std::ifstream cert_1_in(TEST_DATA_DIR "/my_cv_cert.ber"); std::ifstream cert_2_in(TEST_DATA_DIR "/my_cv_cert2.ber"); - SecureVector sv1; - SecureVector sv2; + std::vector sv1; + std::vector sv2; if (!cert_1_in || !cert_2_in) { CHECK_MESSAGE(false, "could not read certificate files"); @@ -203,7 +203,7 @@ void test_enc_gen_req(RandomNumberGenerator& rng) ECDSA_PrivateKey key(rng, dom_pars); key.set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA); EAC1_1_Req req = CVC_EAC::create_cvc_req(key, opts.chr, opts.hash_alg, rng); - SecureVector der(req.BER_encode()); + std::vector der(req.BER_encode()); std::ofstream req_file(TEST_DATA_DIR "/my_cv_req.ber", std::ios::binary); req_file.write((char*)&der[0], der.size()); req_file.close(); @@ -260,7 +260,7 @@ void test_cvc_ado_creation(RandomNumberGenerator& rng) req_key.set_parameter_encoding(EC_DOMPAR_ENC_IMPLICITCA); //EAC1_1_Req req = CVC_EAC::create_cvc_req(req_key, opts); EAC1_1_Req req = CVC_EAC::create_cvc_req(req_key, opts.chr, opts.hash_alg, rng); - SecureVector der(req.BER_encode()); + std::vector der(req.BER_encode()); std::ofstream req_file(TEST_DATA_DIR "/my_cv_req.ber", std::ios::binary); req_file.write((char*)&der[0], der.size()); req_file.close(); @@ -276,7 +276,7 @@ void test_cvc_ado_creation(RandomNumberGenerator& rng) CHECK_MESSAGE(ado.check_signature(ado_key), "failure of ado verification after creation"); std::ofstream ado_file(TEST_DATA_DIR "/ado", std::ios::binary); - SecureVector ado_der(ado.BER_encode()); + std::vector ado_der(ado.BER_encode()); ado_file.write((char*)&ado_der[0], ado_der.size()); ado_file.close(); // read it again and check the signature @@ -332,7 +332,7 @@ void test_cvc_ado_comparison(RandomNumberGenerator& rng) CHECK_MESSAGE(ado != ado2, "ado's found to be equal where they are not"); // std::ofstream ado_file(TEST_DATA_DIR "/ado"); - // SecureVector ado_der(ado.BER_encode()); + // std::vector ado_der(ado.BER_encode()); // ado_file.write((char*)&ado_der[0], ado_der.size()); // ado_file.close(); // read it again and check the signature @@ -490,7 +490,7 @@ void test_cvc_chain(RandomNumberGenerator& rng) ASN1_Car car("DECVCA00001"); EAC1_1_CVC cvca_cert = DE_EAC::create_cvca(cvca_privk, hash, car, true, true, 12, rng); std::ofstream cvca_file(TEST_DATA_DIR "/cvc_chain_cvca.cer", std::ios::binary); - SecureVector cvca_sv = cvca_cert.BER_encode(); + std::vector cvca_sv = cvca_cert.BER_encode(); cvca_file.write((char*)&cvca_sv[0], cvca_sv.size()); cvca_file.close(); @@ -498,7 +498,7 @@ void test_cvc_chain(RandomNumberGenerator& rng) ASN1_Car car2("DECVCA00002"); EAC1_1_CVC cvca_cert2 = DE_EAC::create_cvca(cvca_privk2, hash, car2, true, true, 12, rng); EAC1_1_CVC link12 = DE_EAC::link_cvca(cvca_cert, cvca_privk, cvca_cert2, rng); - SecureVector link12_sv = link12.BER_encode(); + std::vector link12_sv = link12.BER_encode(); std::ofstream link12_file(TEST_DATA_DIR "/cvc_chain_link12.cer", std::ios::binary); link12_file.write((char*)&link12_sv[0], link12_sv.size()); link12_file.close(); @@ -514,7 +514,7 @@ void test_cvc_chain(RandomNumberGenerator& rng) ECDSA_PrivateKey dvca_priv_key(rng, dom_pars); EAC1_1_Req dvca_req = DE_EAC::create_cvc_req(dvca_priv_key, ASN1_Chr("DEDVCAEPASS"), hash, rng); std::ofstream dvca_file(TEST_DATA_DIR "/cvc_chain_dvca_req.cer", std::ios::binary); - SecureVector dvca_sv = dvca_req.BER_encode(); + std::vector dvca_sv = dvca_req.BER_encode(); dvca_file.write((char*)&dvca_sv[0], dvca_sv.size()); dvca_file.close(); @@ -528,7 +528,7 @@ void test_cvc_chain(RandomNumberGenerator& rng) ECDSA_PrivateKey dvca_priv_key2(rng, dom_pars); EAC1_1_Req dvca_req2 = DE_EAC::create_cvc_req(dvca_priv_key2, ASN1_Chr("DEDVCAEPASS"), hash, rng); std::ofstream dvca_file2(TEST_DATA_DIR "/cvc_chain_dvca_req2.cer", std::ios::binary); - SecureVector dvca_sv2 = dvca_req2.BER_encode(); + std::vector dvca_sv2 = dvca_req2.BER_encode(); dvca_file2.write((char*)&dvca_sv2[0], dvca_sv2.size()); dvca_file2.close(); EAC1_1_ADO dvca_ado2 = CVC_EAC::create_ado_req(dvca_priv_key, dvca_req2, diff --git a/checks/dolook.cpp b/checks/dolook.cpp index a8e08a96b..20e260f64 100644 --- a/checks/dolook.cpp +++ b/checks/dolook.cpp @@ -83,14 +83,14 @@ class PBKDF_Filter : public Filter pbkdf = algo; outlen = o; iterations = i; - salt = s.bits_of(); + salt = unlock(s.bits_of()); } ~PBKDF_Filter() { delete pbkdf; } private: std::string passphrase; PBKDF* pbkdf; - SecureVector salt; + std::vector salt; u32bit outlen, iterations; }; @@ -126,12 +126,12 @@ class KDF_Filter : public Filter { kdf = algo; outlen = o; - salt = s.bits_of(); + salt = unlock(s.bits_of()); } ~KDF_Filter() { delete kdf; } private: - SecureVector secret; - SecureVector salt; + std::vector secret; + std::vector salt; KDF* kdf; u32bit outlen; }; diff --git a/checks/ec_tests.cpp b/checks/ec_tests.cpp index e308a5291..39c32de37 100644 --- a/checks/ec_tests.cpp +++ b/checks/ec_tests.cpp @@ -76,10 +76,10 @@ void test_point_turn_on_sp_red_mul() std::string a_secp = "ffffffffffffffffffffffffffffffff7ffffffc"; std::string b_secp = "1c97befc54bd7a8b65acf89f81d4d4adc565fa45"; std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_p_secp = hex_decode(p_secp); - SecureVector sv_a_secp = hex_decode(a_secp); - SecureVector sv_b_secp = hex_decode(b_secp); - SecureVector sv_G_secp_comp = hex_decode(G_secp_comp); + secure_vector sv_p_secp = hex_decode(p_secp); + secure_vector sv_a_secp = hex_decode(a_secp); + secure_vector sv_b_secp = hex_decode(b_secp); + secure_vector sv_G_secp_comp = hex_decode(G_secp_comp); BigInt bi_p_secp = BigInt::decode(&sv_p_secp[0], sv_p_secp.size()); BigInt bi_a_secp = BigInt::decode(&sv_a_secp[0], sv_a_secp.size()); BigInt bi_b_secp = BigInt::decode(&sv_b_secp[0], sv_b_secp.size()); @@ -139,10 +139,10 @@ void test_coordinates() std::string a_secp = "ffffffffffffffffffffffffffffffff7ffffffc"; std::string b_secp = "1c97befc54bd7a8b65acf89f81d4d4adc565fa45"; std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); @@ -196,7 +196,7 @@ void test_point_mult () const CurveGFp& curve = secp160r1.get_curve(); std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_G_secp_comp = hex_decode(G_secp_comp); + secure_vector sv_G_secp_comp = hex_decode(G_secp_comp); PointGFp p_G = OS2ECP(sv_G_secp_comp, curve); BigInt d_U("0xaa374ffc3ce144e6b073307972cb6d57b2a4e982"); @@ -215,10 +215,10 @@ void test_point_negative() std::string a_secp = "ffffffffffffffffffffffffffffffff7ffffffc"; std::string b_secp = "1c97befc54bd7a8b65acf89f81d4d4adc565fa45"; std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); BigInt bi_b_secp = BigInt::decode ( &sv_b_secp[0], sv_b_secp.size() ); @@ -242,7 +242,7 @@ void test_zeropoint() std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp("0xffffffffffffffffffffffffffffffff7fffffff"); BigInt bi_a_secp("0xffffffffffffffffffffffffffffffff7ffffffc"); BigInt bi_b_secp("0x1c97befc54bd7a8b65acf89f81d4d4adc565fa45"); @@ -273,7 +273,7 @@ void test_zeropoint_enc_dec() CHECK_MESSAGE( p.is_zero(), "by constructor created zeropoint is no zeropoint!"); - SecureVector sv_p = EC2OSP(p, PointGFp::UNCOMPRESSED); + secure_vector sv_p = EC2OSP(p, PointGFp::UNCOMPRESSED); PointGFp p_encdec = OS2ECP(sv_p, curve); CHECK_MESSAGE( p == p_encdec, "encoded-decoded (uncompressed) point is not equal the original!"); @@ -291,7 +291,7 @@ void test_calc_with_zeropoint() std::cout << "." << std::flush; std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp("0xffffffffffffffffffffffffffffffff7fffffff"); BigInt bi_a_secp("0xffffffffffffffffffffffffffffffff7ffffffc"); BigInt bi_b_secp("0x1c97befc54bd7a8b65acf89f81d4d4adc565fa45"); @@ -327,10 +327,10 @@ void test_add_point() std::string a_secp = "ffffffffffffffffffffffffffffffff7ffffffc"; std::string b_secp = "1c97befc54bd7a8b65acf89f81d4d4adc565fa45"; std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); BigInt bi_b_secp = BigInt::decode ( &sv_b_secp[0], sv_b_secp.size() ); @@ -363,10 +363,10 @@ void test_sub_point() std::string a_secp = "ffffffffffffffffffffffffffffffff7ffffffc"; std::string b_secp = "1c97befc54bd7a8b65acf89f81d4d4adc565fa45"; std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); BigInt bi_b_secp = BigInt::decode ( &sv_b_secp[0], sv_b_secp.size() ); @@ -398,10 +398,10 @@ void test_mult_point() std::string a_secp = "ffffffffffffffffffffffffffffffff7ffffffc"; std::string b_secp = "1c97befc54bd7a8b65acf89f81d4d4adc565fa45"; std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); BigInt bi_b_secp = BigInt::decode ( &sv_b_secp[0], sv_b_secp.size() ); @@ -427,10 +427,10 @@ void test_basic_operations() std::string a_secp = "ffffffffffffffffffffffffffffffff7ffffffc"; std::string b_secp = "1c97befc54bd7a8b65acf89f81d4d4adc565fa45"; std::string G_secp_comp = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); BigInt bi_b_secp = BigInt::decode ( &sv_b_secp[0], sv_b_secp.size() ); @@ -490,10 +490,10 @@ void test_enc_dec_compressed_160() std::string G_secp_comp = "024A96B5688EF573284664698968C38BB913CBFC82"; std::string G_order_secp_comp = "0100000000000000000001F4C8F927AED3CA752257"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); @@ -502,7 +502,7 @@ void test_enc_dec_compressed_160() CurveGFp secp160r1(bi_p_secp, bi_a_secp, bi_b_secp); PointGFp p_G = OS2ECP ( sv_G_secp_comp, secp160r1 ); - SecureVector sv_result = EC2OSP(p_G, PointGFp::COMPRESSED); + secure_vector sv_result = EC2OSP(p_G, PointGFp::COMPRESSED); CHECK( sv_result == sv_G_secp_comp); } @@ -519,10 +519,10 @@ void test_enc_dec_compressed_256() std::string G_secp_comp = "036B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"; std::string G_order_secp_comp = "ffffffff00000000ffffffffffffffffBCE6FAADA7179E84F3B9CAC2FC632551"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); @@ -531,7 +531,7 @@ void test_enc_dec_compressed_256() CurveGFp secp160r1(bi_p_secp, bi_a_secp, bi_b_secp); PointGFp p_G = OS2ECP ( sv_G_secp_comp, secp160r1 ); - SecureVector sv_result = EC2OSP(p_G, PointGFp::COMPRESSED); + secure_vector sv_result = EC2OSP(p_G, PointGFp::COMPRESSED); CHECK( sv_result == sv_G_secp_comp); } @@ -550,10 +550,10 @@ void test_enc_dec_uncompressed_112() std::string G_secp_uncomp = "044BA30AB5E892B4E1649DD0928643ADCD46F5882E3747DEF36E956E97"; std::string G_order_secp_uncomp = "36DF0AAFD8B8D7597CA10520D04B"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_uncomp = hex_decode ( G_secp_uncomp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_uncomp = hex_decode ( G_secp_uncomp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); @@ -562,7 +562,7 @@ void test_enc_dec_uncompressed_112() CurveGFp secp160r1(bi_p_secp, bi_a_secp, bi_b_secp); PointGFp p_G = OS2ECP ( sv_G_secp_uncomp, secp160r1 ); - SecureVector sv_result = EC2OSP(p_G, PointGFp::UNCOMPRESSED); + secure_vector sv_result = EC2OSP(p_G, PointGFp::UNCOMPRESSED); CHECK( sv_result == sv_G_secp_uncomp); } @@ -579,10 +579,10 @@ void test_enc_dec_uncompressed_521() std::string G_secp_uncomp = "0400C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2ffA8DE3348B3C1856A429BF97E7E31C2E5BD66011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650"; std::string G_order_secp_uncomp = "01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_uncomp = hex_decode ( G_secp_uncomp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_uncomp = hex_decode ( G_secp_uncomp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); @@ -592,7 +592,7 @@ void test_enc_dec_uncompressed_521() PointGFp p_G = OS2ECP ( sv_G_secp_uncomp, secp160r1 ); - SecureVector sv_result = EC2OSP(p_G, PointGFp::UNCOMPRESSED); + secure_vector sv_result = EC2OSP(p_G, PointGFp::UNCOMPRESSED); std::string result = hex_encode(&sv_result[0], sv_result.size()); std::string exp_result = hex_encode(&sv_G_secp_uncomp[0], sv_G_secp_uncomp.size()); @@ -611,10 +611,10 @@ void test_enc_dec_uncompressed_521_prime_too_large() std::string G_secp_uncomp = "0400C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2ffA8DE3348B3C1856A429BF97E7E31C2E5BD66011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650"; std::string G_order_secp_uncomp = "01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409"; - SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_uncomp = hex_decode ( G_secp_uncomp ); + secure_vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_uncomp = hex_decode ( G_secp_uncomp ); BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_a_secp = BigInt::decode ( &sv_a_secp[0], sv_a_secp.size() ); @@ -648,7 +648,7 @@ void test_gfp_store_restore() PointGFp p = dom_pars.get_base_point(); //store point (to std::string) - SecureVector sv_mes = EC2OSP(p, PointGFp::COMPRESSED); + secure_vector sv_mes = EC2OSP(p, PointGFp::COMPRESSED); PointGFp new_p = OS2ECP(sv_mes, dom_pars.get_curve()); CHECK_MESSAGE( p == new_p, "original and restored point are different!"); @@ -662,7 +662,7 @@ void test_cdc_curve_33() std::string G_secp_uncomp = "04081523d03d4f12cd02879dea4bf6a4f3a7df26ed888f10c5b2235a1274c386a2f218300dee6ed217841164533bcdc903f07a096f9fbf4ee95bac098a111f296f5830fe5c35b3e344d5df3a2256985f64fbe6d0edcc4c61d18bef681dd399df3d0194c5a4315e012e0245ecea56365baa9e8be1f7"; - SecureVector sv_G_uncomp = hex_decode ( G_secp_uncomp ); + secure_vector sv_G_uncomp = hex_decode ( G_secp_uncomp ); BigInt bi_p_secp = BigInt("2117607112719756483104013348936480976596328609518055062007450442679169492999007105354629105748524349829824407773719892437896937279095106809"); BigInt bi_a_secp("0xa377dede6b523333d36c78e9b0eaa3bf48ce93041f6d4fc34014d08f6833807498deedd4290101c5866e8dfb589485d13357b9e78c2d7fbe9fe"); @@ -689,7 +689,7 @@ void test_more_zeropoint() // by Falko std::string G = "024a96b5688ef573284664698968c38bb913cbfc82"; - SecureVector sv_G_secp_comp = hex_decode ( G ); + secure_vector sv_G_secp_comp = hex_decode ( G ); BigInt bi_p("0xffffffffffffffffffffffffffffffff7fffffff"); BigInt bi_a("0xffffffffffffffffffffffffffffffff7ffffffc"); BigInt bi_b("0x1c97befc54bd7a8b65acf89f81d4d4adc565fa45"); diff --git a/checks/ecdh.cpp b/checks/ecdh.cpp index c641796d6..841bce55b 100644 --- a/checks/ecdh.cpp +++ b/checks/ecdh.cpp @@ -96,8 +96,8 @@ void test_ecdh_der_derivation(RandomNumberGenerator& rng) ECDH_PrivateKey private_a(rng, dom_pars); ECDH_PrivateKey private_b(rng, dom_pars); - MemoryVector key_a = private_a.public_value(); - MemoryVector key_b = private_b.public_value(); + std::vector key_a = private_a.public_value(); + std::vector key_b = private_b.public_value(); PK_Key_Agreement ka(private_a, "KDF2(SHA-1)"); PK_Key_Agreement kb(private_b, "KDF2(SHA-1)"); diff --git a/checks/ecdsa.cpp b/checks/ecdsa.cpp index 3110bf0fe..554f72dd7 100644 --- a/checks/ecdsa.cpp +++ b/checks/ecdsa.cpp @@ -32,7 +32,7 @@ using namespace Botan; namespace { -std::string to_hex(const SecureVector& bin) +std::string to_hex(const std::vector& bin) { return hex_encode(&bin[0], bin.size()); } @@ -54,7 +54,7 @@ void test_hash_larger_than_n(RandomNumberGenerator& rng) ECDSA_PrivateKey priv_key(rng, dom_pars); - SecureVector message(20); + std::vector message(20); for(size_t i = 0; i != message.size(); ++i) message[i] = i; @@ -64,14 +64,14 @@ void test_hash_larger_than_n(RandomNumberGenerator& rng) PK_Signer pk_signer_224(priv_key, "EMSA1_BSI(SHA-224)"); // Verify we can sign and verify with SHA-160 - SecureVector signature_160 = pk_signer_160.sign_message(message, rng); + std::vector signature_160 = pk_signer_160.sign_message(message, rng); CHECK(pk_verifier_160.verify_message(message, signature_160)); bool signature_failed = false; try { - SecureVector signature_224 = pk_signer_224.sign_message(message, rng); + std::vector signature_224 = pk_signer_224.sign_message(message, rng); } catch(Encoding_Error) { @@ -84,7 +84,7 @@ void test_hash_larger_than_n(RandomNumberGenerator& rng) // sign it with the normal EMSA1 PK_Signer pk_signer(priv_key, "EMSA1(SHA-224)"); - SecureVector signature = pk_signer.sign_message(message, rng); + std::vector signature = pk_signer.sign_message(message, rng); PK_Verifier pk_verifier(priv_key, "EMSA1_BSI(SHA-224)"); @@ -142,8 +142,8 @@ void test_sign_then_ver(RandomNumberGenerator& rng) PK_Signer signer(ecdsa, "EMSA1(SHA-1)"); - SecureVector msg = hex_decode("12345678901234567890abcdef12"); - SecureVector sig = signer.sign_message(msg, rng); + secure_vector msg = hex_decode("12345678901234567890abcdef12"); + std::vector sig = signer.sign_message(msg, rng); PK_Verifier verifier(ecdsa, "EMSA1(SHA-1)"); @@ -174,7 +174,7 @@ bool test_ec_sign(RandomNumberGenerator& rng) for(size_t i = 0; i != 256; ++i) signer.update(static_cast(i)); - SecureVector sig = signer.signature(rng); + std::vector sig = signer.signature(rng); for(u32bit i = 0; i != 256; ++i) verifier.update(static_cast(i)); @@ -267,11 +267,11 @@ void test_create_and_verify(RandomNumberGenerator& rng) std::string G_secp_comp = "04081523d03d4f12cd02879dea4bf6a4f3a7df26ed888f10c5b2235a1274c386a2f218300dee6ed217841164533bcdc903f07a096f9fbf4ee95bac098a111f296f5830fe5c35b3e344d5df3a2256985f64fbe6d0edcc4c61d18bef681dd399df3d0194c5a4315e012e0245ecea56365baa9e8be1f7"; std::string order_g = "0e1a16196e6000000000bc7f1618d867b15bb86474418f"; - // ::SecureVector sv_p_secp = hex_decode ( p_secp ); - SecureVector sv_a_secp = hex_decode ( a_secp ); - SecureVector sv_b_secp = hex_decode ( b_secp ); - SecureVector sv_G_secp_comp = hex_decode ( G_secp_comp ); - SecureVector sv_order_g = hex_decode ( order_g ); + // ::std::vector sv_p_secp = hex_decode ( p_secp ); + secure_vector sv_a_secp = hex_decode ( a_secp ); + secure_vector sv_b_secp = hex_decode ( b_secp ); + secure_vector sv_G_secp_comp = hex_decode ( G_secp_comp ); + secure_vector sv_order_g = hex_decode ( order_g ); // BigInt bi_p_secp = BigInt::decode ( &sv_p_secp[0], sv_p_secp.size() ); BigInt bi_p_secp("2117607112719756483104013348936480976596328609518055062007450442679169492999007105354629105748524349829824407773719892437896937279095106809"); @@ -343,8 +343,8 @@ void test_curve_registry(RandomNumberGenerator& rng) PK_Signer signer(ecdsa, "EMSA1(SHA-1)"); PK_Verifier verifier(ecdsa, "EMSA1(SHA-1)"); - SecureVector msg = hex_decode("12345678901234567890abcdef12"); - SecureVector sig = signer.sign_message(msg, rng); + secure_vector msg = hex_decode("12345678901234567890abcdef12"); + std::vector sig = signer.sign_message(msg, rng); if(!verifier.verify_message(msg, sig)) std::cout << "Failed testing ECDSA sig for curve " << oids[i] << "\n"; @@ -361,7 +361,7 @@ void test_read_pkcs8(RandomNumberGenerator& rng) { std::cout << "." << std::flush; - SecureVector msg = hex_decode("12345678901234567890abcdef12"); + secure_vector msg = hex_decode("12345678901234567890abcdef12"); try { @@ -371,7 +371,7 @@ void test_read_pkcs8(RandomNumberGenerator& rng) PK_Signer signer(*ecdsa, "EMSA1(SHA-1)"); - SecureVector sig = signer.sign_message(msg, rng); + std::vector sig = signer.sign_message(msg, rng); PK_Verifier verifier(*ecdsa, "EMSA1(SHA-1)"); @@ -393,7 +393,7 @@ void test_read_pkcs8(RandomNumberGenerator& rng) PK_Signer signer(*ecdsa_nodp, "EMSA1(SHA-1)"); PK_Verifier verifier(*ecdsa_nodp, "EMSA1(SHA-1)"); - SecureVector signature_nodp = signer.sign_message(msg, rng); + std::vector signature_nodp = signer.sign_message(msg, rng); CHECK_MESSAGE(verifier.verify_message(msg, signature_nodp), "generated signature could not be verified positively (no_dom)"); diff --git a/checks/pk.cpp b/checks/pk.cpp index e06efb3ea..261c5f78c 100644 --- a/checks/pk.cpp +++ b/checks/pk.cpp @@ -85,8 +85,8 @@ BigInt to_bigint(std::string input) input.length(), BigInt::Hexadecimal); } -void dump_data(const SecureVector& out, - const SecureVector& expected) +void dump_data(const std::vector& out, + const std::vector& expected) { Pipe pipe(new Hex_Encoder); @@ -142,11 +142,11 @@ void validate_save_and_load(const Private_Key* priv_key, } void validate_decryption(PK_Decryptor& d, const std::string& algo, - const SecureVector ctext, - const SecureVector ptext, + const std::vector ctext, + const std::vector ptext, bool& failure) { - SecureVector decrypted = d.decrypt(ctext); + std::vector decrypted = unlock(d.decrypt(ctext)); if(decrypted != ptext) { std::cout << "FAILED (decrypt): " << algo << std::endl; @@ -160,11 +160,11 @@ void validate_encryption(PK_Encryptor& e, PK_Decryptor& d, const std::string& random, const std::string& exp, bool& failure) { - SecureVector message = hex_decode(input); - SecureVector expected = hex_decode(exp); + std::vector message = unlock(hex_decode(input)); + std::vector expected = unlock(hex_decode(exp)); Fixed_Output_RNG rng(hex_decode(random)); - SecureVector out = e.encrypt(message, rng); + std::vector out = e.encrypt(message, rng); if(out != expected) { std::cout << "FAILED (encrypt): " << algo << std::endl; @@ -180,11 +180,11 @@ void validate_signature(PK_Verifier& v, PK_Signer& s, const std::string& algo, RandomNumberGenerator& rng, const std::string& exp, bool& failure) { - SecureVector message = hex_decode(input); + std::vector message = unlock(hex_decode(input)); - SecureVector expected = hex_decode(exp); + std::vector expected = unlock(hex_decode(exp)); - SecureVector sig = s.sign_message(message, rng); + std::vector sig = s.sign_message(message, rng); if(sig != expected) { @@ -220,18 +220,18 @@ void validate_signature(PK_Verifier& v, PK_Signer& s, const std::string& algo, } void validate_kas(PK_Key_Agreement& kas, const std::string& algo, - const SecureVector& pubkey, const std::string& output, + const std::vector& pubkey, const std::string& output, u32bit keylen, bool& failure) { - SecureVector expected = hex_decode(output); + secure_vector expected = hex_decode(output); - SecureVector got = kas.derive_key(keylen, - pubkey).bits_of(); + secure_vector got = kas.derive_key(keylen, + pubkey).bits_of(); if(got != expected) { std::cout << "FAILED: " << algo << std::endl; - dump_data(got, expected); + dump_data(unlock(got), unlock(expected)); failure = true; } } @@ -325,8 +325,8 @@ u32bit validate_elg_enc(const std::string& algo, validate_encryption(e, d, algo, str[4], str[5], str[6], failure); } else - validate_decryption(d, algo, hex_decode(str[5]), - hex_decode(str[4]), failure); + validate_decryption(d, algo, unlock(hex_decode(str[5])), + unlock(hex_decode(str[4])), failure); return (failure ? 1 : 0); #endif @@ -373,8 +373,8 @@ u32bit validate_rsa_ver(const std::string& algo, PK_Verifier v(key, emsa); - SecureVector msg = hex_decode(str[2]); - SecureVector sig = hex_decode(str[3]); + std::vector msg = unlock(hex_decode(str[2])); + std::vector sig = unlock(hex_decode(str[3])); bool passed = true; passed = v.verify_message(msg, sig); @@ -405,8 +405,8 @@ u32bit validate_rsa_ver_x509(const std::string& algo, PK_Verifier v(*rsakey, emsa); - SecureVector msg = hex_decode(str[1]); - SecureVector sig = hex_decode(str[2]); + std::vector msg = unlock(hex_decode(str[1])); + std::vector sig = unlock(hex_decode(str[2])); bool passed = v.verify_message(msg, sig); return (passed ? 0 : 1); @@ -429,8 +429,8 @@ u32bit validate_rw_ver(const std::string& algo, PK_Verifier v(key, emsa); - SecureVector msg = hex_decode(str[2]); - SecureVector sig = hex_decode(str[3]); + std::vector msg = unlock(hex_decode(str[2])); + std::vector sig = unlock(hex_decode(str[3])); bool passed = true; passed = v.verify_message(msg, sig); @@ -538,7 +538,7 @@ u32bit validate_gost_ver(const std::string& algo, EC_Group group(OIDS::lookup(str[0])); - PointGFp public_point = OS2ECP(hex_decode(str[1]), group.get_curve()); + PointGFp public_point = OS2ECP(unlock(hex_decode(str[1])), group.get_curve()); GOST_3410_PublicKey gost(group, public_point); @@ -546,8 +546,8 @@ u32bit validate_gost_ver(const std::string& algo, PK_Verifier v(gost, emsa); - SecureVector msg = hex_decode(str[2]); - SecureVector sig = hex_decode(str[3]); + std::vector msg = unlock(hex_decode(str[2])); + std::vector sig = unlock(hex_decode(str[3])); bool passed = v.verify_message(msg, sig); return (passed ? 0 : 1); @@ -578,8 +578,8 @@ u32bit validate_dsa_ver(const std::string& algo, PK_Verifier v(*dsakey, emsa); - SecureVector msg = hex_decode(str[1]); - SecureVector sig = hex_decode(str[2]); + std::vector msg = unlock(hex_decode(str[1])); + std::vector sig = unlock(hex_decode(str[2])); v.set_input_format(DER_SEQUENCE); bool passed = v.verify_message(msg, sig); diff --git a/checks/pk_bench.cpp b/checks/pk_bench.cpp index ab4702dba..8241ee5d1 100644 --- a/checks/pk_bench.cpp +++ b/checks/pk_bench.cpp @@ -104,7 +104,7 @@ void benchmark_enc_dec(PK_Encryptor& enc, PK_Decryptor& dec, RandomNumberGenerator& rng, u32bit runs, double seconds) { - SecureVector plaintext, ciphertext; + std::vector plaintext, ciphertext; for(u32bit i = 0; i != runs; ++i) { @@ -127,7 +127,7 @@ void benchmark_enc_dec(PK_Encryptor& enc, PK_Decryptor& dec, if(dec_timer.seconds() < seconds) { dec_timer.start(); - SecureVector plaintext_out = dec.decrypt(ciphertext); + std::vector plaintext_out = unlock(dec.decrypt(ciphertext)); dec_timer.stop(); if(plaintext_out != plaintext) @@ -143,7 +143,7 @@ void benchmark_sig_ver(PK_Verifier& ver, PK_Signer& sig, RandomNumberGenerator& rng, u32bit runs, double seconds) { - SecureVector message, signature, sig_random; + std::vector message, signature, sig_random; for(u32bit i = 0; i != runs; ++i) { @@ -171,7 +171,7 @@ void benchmark_sig_ver(PK_Verifier& ver, PK_Signer& sig, if((i % 100) == 0) { - sig_random = rng.random_vec(signature.size()); + sig_random = unlock(rng.random_vec(signature.size())); verify_timer.start(); const bool verified_bad = ver.verify_message(message, sig_random); diff --git a/checks/validate.cpp b/checks/validate.cpp index 2bb099030..c6a4a29d0 100644 --- a/checks/validate.cpp +++ b/checks/validate.cpp @@ -119,7 +119,7 @@ bool keywrap_test(const char* key_str, Algorithm_Factory& af = global_state().algorithm_factory(); - SecureVector enc = rfc3394_keywrap(key.bits_of(), kek, af); + secure_vector enc = rfc3394_keywrap(key.bits_of(), kek, af); if(enc != expected.bits_of()) { @@ -128,7 +128,7 @@ bool keywrap_test(const char* key_str, ok = false; } - SecureVector dec = rfc3394_keyunwrap(expected.bits_of(), kek, af); + secure_vector dec = rfc3394_keyunwrap(expected.bits_of(), kek, af); if(dec != key.bits_of()) { @@ -490,7 +490,7 @@ bool failed_test(const std::string& algo, pipe.append(test); pipe.append(new Botan::Hex_Encoder); - Botan::SecureVector data = Botan::hex_decode(in); + secure_vector data = Botan::hex_decode(in); const byte* data_ptr = &data[0]; // this can help catch errors with buffering, etc @@ -538,7 +538,7 @@ bool failed_test(const std::string& algo, size_t offset = random_word(rng, pipe.remaining() - 1); size_t length = random_word(rng, pipe.remaining() - offset); - Botan::SecureVector peekbuf(length); + std::vector peekbuf(length); pipe.peek(&peekbuf[0], peekbuf.size(), offset); output = pipe.read_all_as_string(); diff --git a/checks/x509.cpp b/checks/x509.cpp index 8c6cd8187..c3bf2353e 100644 --- a/checks/x509.cpp +++ b/checks/x509.cpp @@ -49,7 +49,7 @@ u64bit key_id(const Public_Key* key) pipe.write(key->x509_subject_public_key()); pipe.end_msg(); - SecureVector output = pipe.read_all(); + secure_vector output = pipe.read_all(); if(output.size() != 8) throw Internal_Error("Public_Key::key_id: Incorrect output size"); diff --git a/doc/examples/GNUmakefile b/doc/examples/GNUmakefile index fb2788218..b034cac78 100644 --- a/doc/examples/GNUmakefile +++ b/doc/examples/GNUmakefile @@ -1,7 +1,7 @@ BOTAN_CONFIG = botan-config -CXX = g++-4.6.0 +CXX = g++-4.8.0-r187608 CFLAGS = -O2 -ansi -std=c++0x -W -Wall -I../../build/include LIBS = -L../.. -lbotan-1.99 @@ -18,7 +18,7 @@ clean: $(CXX) $(CFLAGS) $? $(LIBS) -o $@ eax_test: eax_test.cpp - echo $(CXX) $(CFLAGS) $? $(LIBS) -lboost_regex -o $@ + $(CXX) $(CFLAGS) $? $(LIBS) -lboost_regex -o $@ asio_tls_server: asio_tls_server.cpp credentials.h $(CXX) $(CFLAGS) $< $(LIBS) -lboost_thread -lboost_system -o $@ diff --git a/doc/examples/asn1.cpp b/doc/examples/asn1.cpp index 866e57d75..d12ee1eec 100644 --- a/doc/examples/asn1.cpp +++ b/doc/examples/asn1.cpp @@ -72,8 +72,8 @@ void decode(BER_Decoder& decoder, size_t level) /* hack to insert the tag+length back in front of the stuff now that we've gotten the type info */ DER_Encoder encoder; - encoder.add_object(type_tag, class_tag, obj.value, obj.value.size()); - SecureVector bits = encoder.get_contents(); + encoder.add_object(type_tag, class_tag, obj.value); + secure_vector bits = encoder.get_contents(); BER_Decoder data(bits); @@ -143,7 +143,7 @@ void decode(BER_Decoder& decoder, size_t level) BigInt number; data.decode(number); - SecureVector rep; + std::vector rep; /* If it's small, it's probably a number, not a hash */ if(number.bits() <= 16) @@ -170,7 +170,7 @@ void decode(BER_Decoder& decoder, size_t level) } else if(type_tag == OCTET_STRING) { - SecureVector bits; + secure_vector bits; data.decode(bits, type_tag); bool not_text = false; @@ -184,7 +184,7 @@ void decode(BER_Decoder& decoder, size_t level) } else if(type_tag == BIT_STRING) { - SecureVector bits; + secure_vector bits; data.decode(bits, type_tag); std::vector bit_set; diff --git a/doc/examples/bzip.cpp b/doc/examples/bzip.cpp index 6137bb6af..74ba431ed 100644 --- a/doc/examples/bzip.cpp +++ b/doc/examples/bzip.cpp @@ -37,6 +37,7 @@ int main(int argc, char* argv[]) Botan::LibraryInitializer init; +#ifdef BOTAN_HAS_COMPRESSOR_BZIP2 std::vector files; bool decompress = false, small = false; int level = 9; @@ -60,18 +61,10 @@ int main(int argc, char* argv[]) try { Botan::Filter* bzip = 0; -#ifdef BOTAN_HAS_COMPRESSOR_BZIP2 if(decompress) bzip = new Botan::Bzip_Decompression(small); else bzip = new Botan::Bzip_Compression(level); -#endif - - if(!bzip) - { - std::cout << "Sorry, support for bzip2 not compiled into Botan\n"; - return 1; - } Botan::Pipe pipe(bzip); @@ -112,5 +105,11 @@ int main(int argc, char* argv[]) std::cout << "Exception caught: " << e.what() << std::endl; return 1; } +#else + + std::cout << "Sorry, support for bzip2 not compiled into Botan\n"; + +#endif + return 0; } diff --git a/doc/examples/credentials.h b/doc/examples/credentials.h index 4e4427585..2734b1649 100644 --- a/doc/examples/credentials.h +++ b/doc/examples/credentials.h @@ -97,7 +97,7 @@ class Credentials_Manager_Simple : public Botan::Credentials_Manager const std::string& identifier, std::string& group_id, Botan::BigInt& verifier, - Botan::MemoryRegion& salt, + std::vector& salt, bool generate_fake_on_unknown) { diff --git a/doc/examples/decrypt.cpp b/doc/examples/decrypt.cpp index ea510c5e9..42c4071c7 100644 --- a/doc/examples/decrypt.cpp +++ b/doc/examples/decrypt.cpp @@ -27,7 +27,7 @@ stderr so there is no confusion. using namespace Botan; -SecureVector b64_decode(const std::string&); +secure_vector b64_decode(const std::string&); int main(int argc, char* argv[]) { @@ -111,7 +111,7 @@ int main(int argc, char* argv[]) const u32bit PBKDF2_ITERATIONS = 8192; - SecureVector salt = b64_decode(salt_str); + secure_vector salt = b64_decode(salt_str); SymmetricKey bc_key = pbkdf->derive_key(key_len, "BLK" + passphrase, &salt[0], salt.size(), @@ -165,7 +165,7 @@ int main(int argc, char* argv[]) return 0; } -SecureVector b64_decode(const std::string& in) +secure_vector b64_decode(const std::string& in) { Pipe pipe(new Base64_Decoder); pipe.process_msg(in); diff --git a/doc/examples/dh.cpp b/doc/examples/dh.cpp index 8d163303a..d62d49f65 100644 --- a/doc/examples/dh.cpp +++ b/doc/examples/dh.cpp @@ -24,12 +24,12 @@ int main() DH_PrivateKey private_b(rng, shared_domain); // Alice sends to Bob her public key and a session parameter - MemoryVector public_a = private_a.public_value(); + std::vector public_a = private_a.public_value(); const std::string session_param = "Alice and Bob's shared session parameter"; // Bob sends his public key to Alice - MemoryVector public_b = private_b.public_value(); + std::vector public_b = private_b.public_value(); // Now Alice performs the key agreement operation PK_Key_Agreement ka_alice(private_a, "KDF2(SHA-256)"); diff --git a/doc/examples/dsa_ver.cpp b/doc/examples/dsa_ver.cpp index 9cb85740e..e6910a4e1 100644 --- a/doc/examples/dsa_ver.cpp +++ b/doc/examples/dsa_ver.cpp @@ -12,7 +12,7 @@ using namespace Botan; namespace { -SecureVector b64_decode(const std::string& in) +secure_vector b64_decode(const std::string& in) { Pipe pipe(new Base64_Decoder); pipe.process_msg(in); @@ -60,7 +60,7 @@ int main(int argc, char* argv[]) return 1; } - SecureVector sig = b64_decode(sigstr); + secure_vector sig = b64_decode(sigstr); PK_Verifier ver(*dsakey, "EMSA1(SHA-1)"); diff --git a/doc/examples/ecdsa.cpp b/doc/examples/ecdsa.cpp index 1607107eb..b0a66a888 100644 --- a/doc/examples/ecdsa.cpp +++ b/doc/examples/ecdsa.cpp @@ -40,7 +40,7 @@ int main() signer.update((const byte*)message, strlen(message)); - SecureVector sig = signer.signature(rng); + std::vector sig = signer.signature(rng); std::cout << sig.size() << "\n"; diff --git a/doc/examples/encrypt.cpp b/doc/examples/encrypt.cpp index 28017d875..158806936 100644 --- a/doc/examples/encrypt.cpp +++ b/doc/examples/encrypt.cpp @@ -33,7 +33,7 @@ you're encrypting is 1 Gb... you better have a lot of RAM. using namespace Botan; -std::string b64_encode(const SecureVector&); +std::string b64_encode(const secure_vector&); int main(int argc, char* argv[]) { @@ -128,7 +128,7 @@ int main(int argc, char* argv[]) std::auto_ptr pbkdf(get_pbkdf("PBKDF2(SHA-1)")); - SecureVector salt(8); + secure_vector salt(8); rng.randomize(&salt[0], salt.size()); const u32bit PBKDF2_ITERATIONS = 8192; @@ -185,7 +185,7 @@ int main(int argc, char* argv[]) return 0; } -std::string b64_encode(const SecureVector& in) +std::string b64_encode(const secure_vector& in) { Pipe pipe(new Base64_Encoder); pipe.process_msg(in); diff --git a/doc/examples/encrypt2.cpp b/doc/examples/encrypt2.cpp index 41f4fb478..c6c735af9 100644 --- a/doc/examples/encrypt2.cpp +++ b/doc/examples/encrypt2.cpp @@ -28,10 +28,10 @@ int main() const u32bit PBKDF2_ITERATIONS = 8192; - SecureVector salt(8); + secure_vector salt(8); rng.randomize(&salt[0], salt.size()); - SecureVector master_key = pbkdf2.derive_key(48, passphrase, + secure_vector master_key = pbkdf2.derive_key(48, passphrase, &salt[0], salt.size(), PBKDF2_ITERATIONS).bits_of(); @@ -55,12 +55,12 @@ int main() ) ); - outfile.write((const char*)salt.begin(), salt.size()); + outfile.write((const char*)&salt[0], salt.size()); pipe.start_msg(); infile >> pipe; pipe.end_msg(); - SecureVector hmac = pipe.read_all(1); - outfile.write((const char*)hmac.begin(), hmac.size()); + secure_vector hmac = pipe.read_all(1); + outfile.write((const char*)&hmac[0], hmac.size()); } diff --git a/doc/examples/fpe.cpp b/doc/examples/fpe.cpp index 029a761e7..8f5eaca9f 100644 --- a/doc/examples/fpe.cpp +++ b/doc/examples/fpe.cpp @@ -55,11 +55,11 @@ u64bit cc_derank(u64bit cc_number) /* * Use the SHA-1 hash of the account name or ID as a tweak */ -SecureVector sha1(const std::string& acct_name) +std::vector sha1(const std::string& acct_name) { SHA_160 hash; hash.update(acct_name); - return hash.final(); + return unlock(hash.final()); } u64bit encrypt_cc_number(u64bit cc_number, @@ -123,7 +123,7 @@ int main(int argc, char* argv[]) * In practice something like PBKDF2 with a salt and high iteration * count would be a good idea. */ - SymmetricKey key = sha1(passwd); + SymmetricKey key(sha1(passwd)); u64bit enc_cc = encrypt_cc_number(cc_number, key, acct_name); diff --git a/doc/examples/keywrap.cpp b/doc/examples/keywrap.cpp index 730bcb6c9..93cdbfb84 100644 --- a/doc/examples/keywrap.cpp +++ b/doc/examples/keywrap.cpp @@ -28,11 +28,11 @@ int main() Algorithm_Factory& af = global_state().algorithm_factory(); - SecureVector enc = rfc3394_keywrap(key.bits_of(), kek, af); + secure_vector enc = rfc3394_keywrap(key.bits_of(), kek, af); std::cout << "Encrypted: " << hex_encode(enc) << "\n"; - SecureVector dec = rfc3394_keyunwrap(enc, kek, af); + secure_vector dec = rfc3394_keyunwrap(enc, kek, af); std::cout << "Decrypted: " << hex_encode(dec) << "\n"; } diff --git a/doc/examples/new_engine.cpp b/doc/examples/new_engine.cpp index 42e5dbe33..7e51df2e2 100644 --- a/doc/examples/new_engine.cpp +++ b/doc/examples/new_engine.cpp @@ -43,7 +43,7 @@ class XOR_Cipher : public StreamCipher copy_mem(&mask[0], key, length); } - SecureVector mask; + secure_vector mask; u32bit mask_pos; }; diff --git a/doc/examples/pqg_gen.cpp b/doc/examples/pqg_gen.cpp index c033dac3b..b24c30844 100644 --- a/doc/examples/pqg_gen.cpp +++ b/doc/examples/pqg_gen.cpp @@ -13,7 +13,7 @@ #include #include -#include +#include #include #include using namespace Botan; @@ -94,9 +94,7 @@ bool check(RandomNumberGenerator& rng, //u32bit c = to_u32bit(inputs["c"]); - Pipe pipe(new Hex_Decoder); - pipe.process_msg(inputs["Seed"]); - SecureVector seed = pipe.read_all(); + std::vector seed = unlock(hex_decode(inputs["Seed"])); BigInt our_p, our_q; diff --git a/doc/examples/read_ssh.cpp b/doc/examples/read_ssh.cpp index f6299a29d..0392786a5 100644 --- a/doc/examples/read_ssh.cpp +++ b/doc/examples/read_ssh.cpp @@ -42,7 +42,7 @@ BigInt read_bigint(Pipe& pipe) { u32bit len = read_u32bit(pipe); - SecureVector buf(len); + secure_vector buf(len); pipe.read(&buf[0], len); return BigInt::decode(buf); } diff --git a/doc/examples/rng_test.cpp b/doc/examples/rng_test.cpp index c0d24fd80..385ac57f3 100644 --- a/doc/examples/rng_test.cpp +++ b/doc/examples/rng_test.cpp @@ -68,11 +68,11 @@ void x931_tests(std::vector > vecs, ANSI_X931_RNG prng(get_block_cipher(cipher), new Fixed_Output_RNG); - SecureVector x = hex_decode(input); - prng.add_entropy(x.begin(), x.size()); + secure_vector x = hex_decode(input); + prng.add_entropy(&x[0], x.size()); - SecureVector output(result.size() / 2); - prng.randomize(output, output.size()); + secure_vector output(result.size() / 2); + prng.randomize(&output[0], output.size()); if(hex_decode(result) != output) std::cout << "FAIL"; diff --git a/doc/examples/row_encryptor.cpp b/doc/examples/row_encryptor.cpp index 685850945..b512025b6 100644 --- a/doc/examples/row_encryptor.cpp +++ b/doc/examples/row_encryptor.cpp @@ -26,22 +26,22 @@ class Row_Encryptor RandomNumberGenerator& rng); Row_Encryptor(const std::string& passphrase, - const MemoryRegion& salt); + const std::vector& salt); std::string encrypt(const std::string& input, - const MemoryRegion& salt); + const std::vector& salt); std::string decrypt(const std::string& input, - const MemoryRegion& salt); + const std::vector& salt); - SecureVector get_pbkdf_salt() const { return pbkdf_salt; } + std::vector get_pbkdf_salt() const { return pbkdf_salt; } private: void init(const std::string& passphrase); Row_Encryptor(const Row_Encryptor&) {} Row_Encryptor& operator=(const Row_Encryptor&) { return (*this); } - SecureVector pbkdf_salt; + std::vector pbkdf_salt; Pipe enc_pipe, dec_pipe; EAX_Encryption* eax_enc; // owned by enc_pipe EAX_Decryption* eax_dec; // owned by dec_pipe; @@ -56,7 +56,7 @@ Row_Encryptor::Row_Encryptor(const std::string& passphrase, } Row_Encryptor::Row_Encryptor(const std::string& passphrase, - const MemoryRegion& salt) + const std::vector& salt) { pbkdf_salt = salt; init(passphrase); @@ -66,7 +66,7 @@ void Row_Encryptor::init(const std::string& passphrase) { std::auto_ptr pbkdf(get_pbkdf("PBKDF2(SHA-160)")); - SecureVector key = pbkdf->derive_key(32, passphrase, + secure_vector key = pbkdf->derive_key(32, passphrase, &pbkdf_salt[0], pbkdf_salt.size(), 10000).bits_of(); @@ -89,7 +89,7 @@ void Row_Encryptor::init(const std::string& passphrase) } std::string Row_Encryptor::encrypt(const std::string& input, - const MemoryRegion& salt) + const std::vector& salt) { eax_enc->set_iv(salt); enc_pipe.process_msg(input); @@ -97,7 +97,7 @@ std::string Row_Encryptor::encrypt(const std::string& input, } std::string Row_Encryptor::decrypt(const std::string& input, - const MemoryRegion& salt) + const std::vector& salt) { eax_dec->set_iv(salt); dec_pipe.process_msg(input); @@ -133,7 +133,7 @@ int main() } std::vector encrypted_values; - MemoryVector salt(4); // keep out of loop to avoid excessive dynamic allocation + std::vector salt(4); for(u32bit i = 0; i != original_inputs.size(); ++i) { diff --git a/doc/examples/rsa_dec.cpp b/doc/examples/rsa_dec.cpp index 9c470b8e9..98768cda7 100644 --- a/doc/examples/rsa_dec.cpp +++ b/doc/examples/rsa_dec.cpp @@ -20,7 +20,7 @@ same key format as that generated by rsa_kgen. #include using namespace Botan; -SecureVector b64_decode(const std::string&); +secure_vector b64_decode(const std::string&); SymmetricKey derive_key(const std::string&, const SymmetricKey&, u32bit); const std::string SUFFIX = ".enc"; @@ -73,11 +73,11 @@ int main(int argc, char* argv[]) std::string mac_str; std::getline(message, mac_str); - SecureVector enc_masterkey = b64_decode(enc_masterkey_str); + secure_vector enc_masterkey = b64_decode(enc_masterkey_str); PK_Decryptor_EME decryptor(*rsakey, "EME1(SHA-1)"); - SecureVector masterkey = decryptor.decrypt(enc_masterkey); + secure_vector masterkey = decryptor.decrypt(enc_masterkey); SymmetricKey cast_key = derive_key("CAST", masterkey, 16); InitializationVector iv = derive_key("IV", masterkey, 8); @@ -113,7 +113,7 @@ int main(int argc, char* argv[]) return 0; } -SecureVector b64_decode(const std::string& in) +secure_vector b64_decode(const std::string& in) { Pipe pipe(new Base64_Decoder); pipe.process_msg(in); diff --git a/doc/examples/rsa_enc.cpp b/doc/examples/rsa_enc.cpp index ac609c4b3..b8e5d874b 100644 --- a/doc/examples/rsa_enc.cpp +++ b/doc/examples/rsa_enc.cpp @@ -34,9 +34,10 @@ #include #include #include +#include + using namespace Botan; -std::string b64_encode(const SecureVector&); SymmetricKey derive_key(const std::string&, const SymmetricKey&, u32bit); int main(int argc, char* argv[]) @@ -98,10 +99,10 @@ int main(int argc, char* argv[]) SymmetricKey mac_key = derive_key("MAC", masterkey, 16); SymmetricKey iv = derive_key("IV", masterkey, 8); - SecureVector encrypted_key = + std::vector encrypted_key = encryptor.encrypt(masterkey.bits_of(), rng); - ciphertext << b64_encode(encrypted_key) << std::endl; + ciphertext << base64_encode(encrypted_key) << std::endl; Pipe pipe(new Fork( new Chain( @@ -135,13 +136,6 @@ int main(int argc, char* argv[]) return 0; } -std::string b64_encode(const SecureVector& in) - { - Pipe pipe(new Base64_Encoder); - pipe.process_msg(in); - return pipe.read_all_as_string(); - } - SymmetricKey derive_key(const std::string& param, const SymmetricKey& masterkey, u32bit outputlength) diff --git a/doc/examples/tls_client.cpp b/doc/examples/tls_client.cpp index 5de8a59ce..deb0ff460 100644 --- a/doc/examples/tls_client.cpp +++ b/doc/examples/tls_client.cpp @@ -168,7 +168,7 @@ void doit(RandomNumberGenerator& rng, continue; } - const size_t needed = client.received_data(buf, got); + client.received_data(buf, got); //std::cout << "Socket - got " << got << " bytes, need " << needed << "\n"; } else if(FD_ISSET(STDIN_FILENO, &readfds)) diff --git a/doc/examples/tss.cpp b/doc/examples/tss.cpp index 03d7699bf..aecf95796 100644 --- a/doc/examples/tss.cpp +++ b/doc/examples/tss.cpp @@ -11,7 +11,7 @@ namespace { -void print(const Botan::SecureVector& r) +void print(const Botan::secure_vector& r) { for(Botan::u32bit i = 0; i != r.size(); ++i) printf("%02X", r[i]); diff --git a/src/algo_base/buf_comp.h b/src/algo_base/buf_comp.h index 7838571e9..87b57d252 100644 --- a/src/algo_base/buf_comp.h +++ b/src/algo_base/buf_comp.h @@ -34,9 +34,18 @@ class BOTAN_DLL Buffered_Computation /** * Add new input to process. - * @param in the input to process as a MemoryRegion + * @param in the input to process as a secure_vector */ - void update(const MemoryRegion& in) + void update(const secure_vector& in) + { + add_data(&in[0], in.size()); + } + + /** + * Add new input to process. + * @param in the input to process as a std::vector + */ + void update(const std::vector& in) { add_data(&in[0], in.size()); } @@ -82,11 +91,11 @@ class BOTAN_DLL Buffered_Computation /** * Complete the computation and retrieve the * final result. - * @return SecureVector holding the result + * @return secure_vector holding the result */ - SecureVector final() + secure_vector final() { - SecureVector output(output_length()); + secure_vector output(output_length()); final_result(&output[0]); return output; } @@ -98,7 +107,7 @@ class BOTAN_DLL Buffered_Computation * @param length the length of the byte array * @result the result of the call to final() */ - SecureVector process(const byte in[], size_t length) + secure_vector process(const byte in[], size_t length) { add_data(in, length); return final(); @@ -110,7 +119,13 @@ class BOTAN_DLL Buffered_Computation * @param in the input to process * @result the result of the call to final() */ - SecureVector process(const MemoryRegion& in) + secure_vector process(const secure_vector& in) + { + add_data(&in[0], in.size()); + return final(); + } + + secure_vector process(const std::vector& in) { add_data(&in[0], in.size()); return final(); @@ -122,7 +137,7 @@ class BOTAN_DLL Buffered_Computation * @param in the input to process as a string * @result the result of the call to final() */ - SecureVector process(const std::string& in) + secure_vector process(const std::string& in) { update(in); return final(); diff --git a/src/algo_base/symkey.cpp b/src/algo_base/symkey.cpp index 5509b83bc..52b216361 100644 --- a/src/algo_base/symkey.cpp +++ b/src/algo_base/symkey.cpp @@ -40,10 +40,6 @@ OctetString::OctetString(const byte in[], size_t n) bits.assign(in, in + n); } -OctetString::OctetString(const MemoryRegion& b) : bits(b) - { - } - /* * Set the parity of each key byte to odd */ @@ -116,7 +112,7 @@ bool operator!=(const OctetString& s1, const OctetString& s2) */ OctetString operator+(const OctetString& k1, const OctetString& k2) { - SecureVector out; + secure_vector out; out += k1.bits_of(); out += k2.bits_of(); return OctetString(out); @@ -127,9 +123,10 @@ OctetString operator+(const OctetString& k1, const OctetString& k2) */ OctetString operator^(const OctetString& k1, const OctetString& k2) { - SecureVector ret(std::max(k1.length(), k2.length())); + secure_vector ret(std::max(k1.length(), k2.length())); + copy_mem(&ret[0], k1.begin(), k1.length()); - xor_buf(ret, k2.begin(), k2.length()); + xor_buf(&ret[0], k2.begin(), k2.length()); return OctetString(ret); } diff --git a/src/algo_base/symkey.h b/src/algo_base/symkey.h index 2ccc0b883..b47da8a69 100644 --- a/src/algo_base/symkey.h +++ b/src/algo_base/symkey.h @@ -25,9 +25,9 @@ class BOTAN_DLL OctetString size_t length() const { return bits.size(); } /** - * @return this object as a SecureVector + * @return this object as a secure_vector */ - SecureVector bits_of() const { return bits; } + secure_vector bits_of() const { return bits; } /** * @return start of this string @@ -80,9 +80,15 @@ class BOTAN_DLL OctetString * Create a new OctetString * @param in a bytestring */ - OctetString(const MemoryRegion& in); + OctetString(const secure_vector& in) : bits(in) {} + + /** + * Create a new OctetString + * @param in a bytestring + */ + OctetString(const std::vector& in) : bits(&in[0], &in[in.size()]) {} private: - SecureVector bits; + secure_vector bits; }; /** diff --git a/src/alloc/alloc_mmap/info.txt b/src/alloc/alloc_mmap/info.txt deleted file mode 100644 index 562277a37..000000000 --- a/src/alloc/alloc_mmap/info.txt +++ /dev/null @@ -1,28 +0,0 @@ -define ALLOC_MMAP - - -mmap_mem.cpp - - - -mmap_mem.h - - - -linux -freebsd -dragonfly -openbsd -netbsd -solaris -qnx -darwin -tru64 - -# Only without -ansi, otherwise can't get mkstemp -#cygwin - - - -mem_pool - diff --git a/src/alloc/alloc_mmap/mmap_mem.cpp b/src/alloc/alloc_mmap/mmap_mem.cpp deleted file mode 100644 index b90b6d5f7..000000000 --- a/src/alloc/alloc_mmap/mmap_mem.cpp +++ /dev/null @@ -1,145 +0,0 @@ -/* -* Memory Mapping Allocator -* (C) 1999-2010 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#ifndef MAP_FAILED - #define MAP_FAILED -1 -#endif - -namespace Botan { - -namespace { - -/* -* MemoryMapping_Allocator Exception -*/ -class BOTAN_DLL MemoryMapping_Failed : public Exception - { - public: - MemoryMapping_Failed(const std::string& msg) : - Exception("MemoryMapping_Allocator: " + msg) {} - }; - -} - -/* -* Memory Map a File into Memory -*/ -void* MemoryMapping_Allocator::alloc_block(size_t n) - { - class TemporaryFile - { - public: - int get_fd() const { return fd; } - - TemporaryFile(const std::string& base) - { - const std::string mkstemp_template = base + "XXXXXX"; - - std::vector filepath(mkstemp_template.begin(), - mkstemp_template.end()); - filepath.push_back(0); // add terminating NULL - - mode_t old_umask = ::umask(077); - fd = ::mkstemp(&filepath[0]); - ::umask(old_umask); - - if(fd == -1) - throw MemoryMapping_Failed("Temporary file allocation failed"); - - if(::unlink(&filepath[0]) != 0) - throw MemoryMapping_Failed("Could not unlink temporary file"); - } - - ~TemporaryFile() - { - /* - * We can safely close here, because post-mmap the file - * will continue to exist until the mmap is unmapped from - * our address space upon deallocation (or process exit). - */ - if(fd != -1 && ::close(fd) == -1) - throw MemoryMapping_Failed("Could not close file"); - } - private: - int fd; - }; - - TemporaryFile file("/tmp/botan_"); - - if(file.get_fd() == -1) - throw MemoryMapping_Failed("Could not create file"); - - std::vector zeros(4096); - - size_t remaining = n; - - while(remaining) - { - const size_t write_try = std::min(zeros.size(), remaining); - - ssize_t wrote_got = ::write(file.get_fd(), - &zeros[0], - write_try); - - if(wrote_got == -1 && errno != EINTR) - throw MemoryMapping_Failed("Could not write to file"); - - remaining -= wrote_got; - } - -#ifndef MAP_NOSYNC - #define MAP_NOSYNC 0 -#endif - - void* ptr = ::mmap(0, n, - PROT_READ | PROT_WRITE, - MAP_SHARED | MAP_NOSYNC, - file.get_fd(), 0); - - if(ptr == static_cast(MAP_FAILED)) - throw MemoryMapping_Failed("Could not map file"); - - return ptr; - } - -/* -* Remove a Memory Mapping -*/ -void MemoryMapping_Allocator::dealloc_block(void* ptr, size_t n) - { - if(ptr == nullptr) - return; - - const byte PATTERNS[] = { 0x00, 0xF5, 0x5A, 0xAF, 0x00 }; - - // The char* casts are for Solaris, args are void* on most other systems - - for(size_t i = 0; i != sizeof(PATTERNS); ++i) - { - std::memset(ptr, PATTERNS[i], n); - - if(::msync(static_cast(ptr), n, MS_SYNC)) - throw MemoryMapping_Failed("Sync operation failed"); - } - - if(::munmap(static_cast(ptr), n)) - throw MemoryMapping_Failed("Could not unmap file"); - } - -} diff --git a/src/alloc/alloc_mmap/mmap_mem.h b/src/alloc/alloc_mmap/mmap_mem.h deleted file mode 100644 index c9983ed23..000000000 --- a/src/alloc/alloc_mmap/mmap_mem.h +++ /dev/null @@ -1,32 +0,0 @@ -/* -* Memory Mapping Allocator -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_MMAP_ALLOCATOR_H__ -#define BOTAN_MMAP_ALLOCATOR_H__ - -#include - -namespace Botan { - -/** -* Allocator that uses memory maps backed by disk. We zeroize the map -* upon deallocation. If swap occurs, the VM will swap to the shared -* file backing rather than to a swap device, which means we know where -* it is and can zap it later. -*/ -class MemoryMapping_Allocator : public Pooling_Allocator - { - public: - std::string type() const { return "mmap"; } - private: - void* alloc_block(size_t); - void dealloc_block(void*, size_t); - }; - -} - -#endif diff --git a/src/alloc/allocate.h b/src/alloc/allocate.h deleted file mode 100644 index b8574be1e..000000000 --- a/src/alloc/allocate.h +++ /dev/null @@ -1,65 +0,0 @@ -/* -* Allocator -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_ALLOCATOR_H__ -#define BOTAN_ALLOCATOR_H__ - -#include -#include - -namespace Botan { - -/** -* Allocator Interface -*/ -class BOTAN_DLL Allocator - { - public: - /** - * Acquire a pointer to an allocator - * @param locking is true if the allocator should attempt to - * secure the memory (eg for using to store keys) - * @return pointer to an allocator; ownership remains with library, - * so do not delete - */ - static Allocator* get(bool locking); - - /** - * Allocate a block of memory - * @param n how many bytes to allocate - * @return pointer to n bytes of memory - */ - virtual void* allocate(size_t n) = 0; - - /** - * Deallocate memory allocated with allocate() - * @param ptr the pointer returned by allocate() - * @param n the size of the block pointed to by ptr - */ - virtual void deallocate(void* ptr, size_t n) = 0; - - /** - * @return name of this allocator type - */ - virtual std::string type() const = 0; - - /** - * Initialize the allocator - */ - virtual void init() {} - - /** - * Shutdown the allocator - */ - virtual void destroy() {} - - virtual ~Allocator() {} - }; - -} - -#endif diff --git a/src/alloc/info.txt b/src/alloc/info.txt index 40e7bacdf..0ab7fa768 100644 --- a/src/alloc/info.txt +++ b/src/alloc/info.txt @@ -1,4 +1,3 @@ -allocate.h secmem.h diff --git a/src/alloc/mem_pool/info.txt b/src/alloc/mem_pool/info.txt deleted file mode 100644 index f87ea4c4c..000000000 --- a/src/alloc/mem_pool/info.txt +++ /dev/null @@ -1,8 +0,0 @@ - - -mem_pool.cpp - - - -mem_pool.h - diff --git a/src/alloc/mem_pool/mem_pool.cpp b/src/alloc/mem_pool/mem_pool.cpp deleted file mode 100644 index 770622149..000000000 --- a/src/alloc/mem_pool/mem_pool.cpp +++ /dev/null @@ -1,251 +0,0 @@ -/* -* Pooling Allocator -* (C) 1999-2008 Jack Lloyd -* 2005 Matthew Gregan -* 2005-2006 Matt Johnston -* -* Distributed under the terms of the Botan license -*/ - -#include -#include -#include -#include -#include - -namespace Botan { - -/* -* Memory_Block Constructor -*/ -Pooling_Allocator::Memory_Block::Memory_Block(void* buf) - { - buffer = static_cast(buf); - bitmap = 0; - buffer_end = buffer + (BLOCK_SIZE * BITMAP_SIZE); - } - -/* -* See if ptr is contained by this block -*/ -bool Pooling_Allocator::Memory_Block::contains(void* ptr, - size_t length) const - { - return ((buffer <= ptr) && - (buffer_end >= static_cast(ptr) + length * BLOCK_SIZE)); - } - -/* -* Allocate some memory, if possible -*/ -byte* Pooling_Allocator::Memory_Block::alloc(size_t n) - { - if(n == 0 || n > BITMAP_SIZE) - return 0; - - if(n == BITMAP_SIZE) - { - if(bitmap) - return nullptr; - else - { - bitmap = ~bitmap; - return buffer; - } - } - - bitmap_type mask = (static_cast(1) << n) - 1; - size_t offset = 0; - - while(bitmap & mask) - { - mask <<= 1; - ++offset; - - if((bitmap & mask) == 0) - break; - if(mask >> 63) - break; - } - - if(bitmap & mask) - return nullptr; - - bitmap |= mask; - return buffer + offset * BLOCK_SIZE; - } - -/* -* Mark this memory as free, if we own it -*/ -void Pooling_Allocator::Memory_Block::free(void* ptr, size_t blocks) - { - clear_mem(static_cast(ptr), blocks * BLOCK_SIZE); - - const size_t offset = (static_cast(ptr) - buffer) / BLOCK_SIZE; - - if(offset == 0 && blocks == BITMAP_SIZE) - bitmap = ~bitmap; - else - { - for(size_t j = 0; j != blocks; ++j) - bitmap &= ~(static_cast(1) << (j+offset)); - } - } - -/* -* Pooling_Allocator Constructor -*/ -Pooling_Allocator::Pooling_Allocator() - { - last_used = blocks.begin(); - } - -/* -* Pooling_Allocator Destructor -*/ -Pooling_Allocator::~Pooling_Allocator() - { - if(blocks.size()) - throw Invalid_State("Pooling_Allocator: Never released memory"); - } - -/* -* Free all remaining memory -*/ -void Pooling_Allocator::destroy() - { - std::lock_guard lock(mutex); - - blocks.clear(); - - for(size_t j = 0; j != allocated.size(); ++j) - dealloc_block(allocated[j].first, allocated[j].second); - allocated.clear(); - } - -/* -* Allocation -*/ -void* Pooling_Allocator::allocate(size_t n) - { - const size_t BITMAP_SIZE = Memory_Block::bitmap_size(); - const size_t BLOCK_SIZE = Memory_Block::block_size(); - - std::lock_guard lock(mutex); - - if(n <= BITMAP_SIZE * BLOCK_SIZE) - { - const size_t block_no = round_up(n, BLOCK_SIZE) / BLOCK_SIZE; - - byte* mem = allocate_blocks(block_no); - if(mem) - return mem; - - get_more_core(BOTAN_MEM_POOL_CHUNK_SIZE); - - mem = allocate_blocks(block_no); - if(mem) - return mem; - - throw Memory_Exhaustion(); - } - - void* new_buf = alloc_block(n); - if(new_buf) - return new_buf; - - throw Memory_Exhaustion(); - } - -/* -* Deallocation -*/ -void Pooling_Allocator::deallocate(void* ptr, size_t n) - { - const size_t BITMAP_SIZE = Memory_Block::bitmap_size(); - const size_t BLOCK_SIZE = Memory_Block::block_size(); - - if(ptr == nullptr && n == 0) - return; - - std::lock_guard lock(mutex); - - if(n > BITMAP_SIZE * BLOCK_SIZE) - dealloc_block(ptr, n); - else - { - const size_t block_no = round_up(n, BLOCK_SIZE) / BLOCK_SIZE; - - auto i = std::lower_bound(blocks.begin(), blocks.end(), - Memory_Block(ptr)); - - if(i == blocks.end() || !i->contains(ptr, block_no)) - throw Invalid_State("Pointer released to the wrong allocator"); - - i->free(ptr, block_no); - } - } - -/* -* Try to get some memory from an existing block -*/ -byte* Pooling_Allocator::allocate_blocks(size_t n) - { - if(blocks.empty()) - return nullptr; - - auto i = last_used; - - do - { - byte* mem = i->alloc(n); - if(mem) - { - last_used = i; - return mem; - } - - ++i; - if(i == blocks.end()) - i = blocks.begin(); - } - while(i != last_used); - - return nullptr; - } - -/* -* Allocate more memory for the pool -*/ -void Pooling_Allocator::get_more_core(size_t in_bytes) - { - const size_t BITMAP_SIZE = Memory_Block::bitmap_size(); - const size_t BLOCK_SIZE = Memory_Block::block_size(); - - const size_t TOTAL_BLOCK_SIZE = BLOCK_SIZE * BITMAP_SIZE; - - // upper bound on allocation is 1 MiB - in_bytes = std::min(in_bytes, 1024 * 1024); - - const size_t in_blocks = round_up(in_bytes, BLOCK_SIZE) / TOTAL_BLOCK_SIZE; - const size_t to_allocate = in_blocks * TOTAL_BLOCK_SIZE; - - void* ptr = alloc_block(to_allocate); - if(ptr == nullptr) - throw Memory_Exhaustion(); - - allocated.push_back(std::make_pair(ptr, to_allocate)); - - for(size_t j = 0; j != in_blocks; ++j) - { - byte* byte_ptr = static_cast(ptr); - blocks.push_back(Memory_Block(byte_ptr + j * TOTAL_BLOCK_SIZE)); - } - - std::sort(blocks.begin(), blocks.end()); - last_used = std::lower_bound(blocks.begin(), blocks.end(), - Memory_Block(ptr)); - } - -} diff --git a/src/alloc/mem_pool/mem_pool.h b/src/alloc/mem_pool/mem_pool.h deleted file mode 100644 index f2225e573..000000000 --- a/src/alloc/mem_pool/mem_pool.h +++ /dev/null @@ -1,74 +0,0 @@ -/* -* Pooling Allocator -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_POOLING_ALLOCATOR_H__ -#define BOTAN_POOLING_ALLOCATOR_H__ - -#include -#include -#include -#include -#include - -namespace Botan { - -/** -* Pooling Allocator -*/ -class Pooling_Allocator : public Allocator - { - public: - void* allocate(size_t); - void deallocate(void*, size_t); - - void destroy(); - - Pooling_Allocator(); - ~Pooling_Allocator(); - private: - void get_more_core(size_t); - byte* allocate_blocks(size_t); - - virtual void* alloc_block(size_t) = 0; - virtual void dealloc_block(void*, size_t) = 0; - - class Memory_Block - { - public: - Memory_Block(void*); - - static size_t bitmap_size() { return BITMAP_SIZE; } - static size_t block_size() { return BLOCK_SIZE; } - - bool contains(void*, size_t) const; - byte* alloc(size_t); - void free(void*, size_t); - - bool operator<(const Memory_Block& other) const - { - if(buffer < other.buffer && other.buffer < buffer_end) - return false; - return (buffer < other.buffer); - } - private: - typedef u64bit bitmap_type; - static const size_t BITMAP_SIZE = 8 * sizeof(bitmap_type); - static const size_t BLOCK_SIZE = 64; - - bitmap_type bitmap; - byte* buffer, *buffer_end; - }; - - std::vector blocks; - std::vector::iterator last_used; - std::vector > allocated; - std::mutex mutex; - }; - -} - -#endif diff --git a/src/alloc/secmem.h b/src/alloc/secmem.h index e6b2b71ec..7c27c8d3b 100644 --- a/src/alloc/secmem.h +++ b/src/alloc/secmem.h @@ -1,6 +1,6 @@ /* * Secure Memory Buffers -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2007,2012 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -8,362 +8,87 @@ #ifndef BOTAN_SECURE_MEMORY_BUFFERS_H__ #define BOTAN_SECURE_MEMORY_BUFFERS_H__ -#include #include #include +extern void note_alloc(int n); + namespace Botan { -/** -* This class represents variable length memory buffers. -*/ template -class MemoryRegion +class secure_allocator { public: - /** - * Find out the size of the buffer, i.e. how many objects of type T it - * contains. - * @return size of the buffer - */ - size_t size() const { return used; } - - /** - * Find out whether this buffer is empty. - * @return true if the buffer is empty, false otherwise - */ - bool empty() const { return (used == 0); } - - /** - * Get a pointer to the first element in the buffer. - * @return pointer to the first element in the buffer - */ - operator T* () { return buf; } + typedef T value_type; - /** - * Get a constant pointer to the first element in the buffer. - * @return constant pointer to the first element in the buffer - */ - operator const T* () const { return buf; } + typedef T* pointer; + typedef const T* const_pointer; - /** - * Get a pointer to the first element in the buffer. - * @return pointer to the first element in the buffer - */ - T* begin() { return buf; } - - /** - * Get a constant pointer to the first element in the buffer. - * @return constant pointer to the first element in the buffer - */ - const T* begin() const { return buf; } - - /** - * Get a pointer to one past the last element in the buffer. - * @return pointer to one past the last element in the buffer - */ - T* end() { return (buf + size()); } - - /** - * Get a const pointer to one past the last element in the buffer. - * @return const pointer to one past the last element in the buffer - */ - const T* end() const { return (buf + size()); } - - /** - * Check two buffers for equality. - * @return true iff the content of both buffers is byte-wise equal - */ - bool operator==(const MemoryRegion& other) const - { - return (size() == other.size() && - same_mem(buf, other.buf, size())); - } + typedef T& reference; + typedef const T& const_reference; - /** - * Compare two buffers - * @return true iff this is ordered before other - */ - bool operator<(const MemoryRegion& other) const; + typedef std::size_t size_type; + typedef std::ptrdiff_t difference_type; - /** - * Check two buffers for inequality. - * @return false if the content of both buffers is byte-wise equal, true - * otherwise. - */ - bool operator!=(const MemoryRegion& other) const - { return (!(*this == other)); } + secure_allocator() noexcept {} - /** - * Copy the contents of another buffer into this buffer. - * The former contents of *this are discarded. - * @param other the buffer to copy the contents from. - * @return reference to *this - */ - MemoryRegion& operator=(const MemoryRegion& other) - { - if(this != &other) - { - this->resize(other.size()); - this->copy(&other[0], other.size()); - } - return (*this); - } + ~secure_allocator() noexcept {} - /** - * Copy the contents of an array of objects of type T into this buffer. - * The former contents of *this are discarded. - * The length of *this must be at least n, otherwise memory errors occur. - * @param in the array to copy the contents from - * @param n the length of in - */ + pointer address(reference x) const noexcept + { return std::addressof(x); } - void copy(const T in[], size_t n) - { - copy_mem(buf, in, std::min(n, size())); - } + const_pointer address(const_reference x) const noexcept + { return std::addressof(x); } - void assign(const T* start, const T* end) + pointer allocate(size_type n, const void* = 0) { - resize(end - start); - copy_mem(buf, start, (end - start)); + pointer p = new T[n]; + clear_mem(p, n); + note_alloc(sizeof(T)*n); + return p; } - /** - * Append a single element. - * @param x the element to append - */ - void push_back(T x) + void deallocate(pointer p, size_type n) { - resize(size() + 1); - buf[size()-1] = x; + clear_mem(p, n); + delete [] p; + note_alloc(-(int(n)*sizeof(T))); } - /** - * Reset this buffer to an empty buffer with size zero. - */ - void clear() { resize(0); } - - /** - * Inserts or erases elements at the end such that the size - * becomes n, leaving elements in the range 0...n unmodified if - * set or otherwise zero-initialized - * @param n length of the new buffer - */ - void resize(size_t n); - - /** - * Swap this buffer with another object. - */ - void swap(MemoryRegion& other); - - virtual ~MemoryRegion() { deallocate(buf, allocated); } - protected: - MemoryRegion() : buf(0), used(0), allocated(0), alloc(0) {} - - /** - * Copy constructor - * @param other the other region to copy - */ - MemoryRegion(const MemoryRegion& other) : - buf(0), - used(0), - allocated(0), - alloc(other.alloc) + size_type max_size() const noexcept { - resize(other.size()); - copy(&other[0], other.size()); + return static_cast(-1) / sizeof(T); } - /** - * @param locking should we use a locking allocator - * @param length the initial length to use - */ - void init(bool locking, size_t length = 0) - { alloc = Allocator::get(locking); resize(length); } - - private: - T* allocate(size_t n) - { - return static_cast(alloc->allocate(sizeof(T)*n)); - } + template + void + construct(U* p, Args&&... args) + { ::new((void *)p) U(std::forward(args)...); } - void deallocate(T* p, size_t n) - { if(alloc && p && n) alloc->deallocate(p, sizeof(T)*n); } + template void destroy(U* p) { p->~U(); } - T* buf; - size_t used; - size_t allocated; - Allocator* alloc; }; -/* -* Change the size of the buffer -*/ -template -void MemoryRegion::resize(size_t n) - { - if(n <= allocated) - { - size_t zap = std::min(used, n); - clear_mem(buf + zap, allocated - zap); - used = n; - } - else - { - T* new_buf = allocate(n); - copy_mem(new_buf, buf, used); - deallocate(buf, allocated); - buf = new_buf; - allocated = used = n; - } - } - -/* -* Compare this buffer with another one -*/ -template -bool MemoryRegion::operator<(const MemoryRegion& other) const - { - const size_t min_size = std::min(size(), other.size()); +template inline bool +operator==(const secure_allocator&, const secure_allocator&) + { return true; } - // This should probably be rewritten to run in constant time - for(size_t i = 0; i != min_size; ++i) - { - if(buf[i] < other[i]) - return true; - if(buf[i] > other[i]) - return false; - } +template inline bool +operator!=(const secure_allocator&, const secure_allocator&) + { return false; } - // First min_size bytes are equal, shorter is first - return (size() < other.size()); - } +template using secure_vector = std::vector>; -/* -* Swap this buffer with another one -*/ template -void MemoryRegion::swap(MemoryRegion& x) +std::vector unlock(const secure_vector& in) { - std::swap(buf, x.buf); - std::swap(used, x.used); - std::swap(allocated, x.allocated); - std::swap(alloc, x.alloc); + std::vector out(in.size()); + copy_mem(&out[0], &in[0], in.size()); + return out; } -/** -* This class represents variable length buffers that do not -* make use of memory locking. -*/ -template -class MemoryVector : public MemoryRegion - { - public: - /** - * Copy the contents of another buffer into this buffer. - * @param in the buffer to copy the contents from - * @return reference to *this - */ - MemoryVector& operator=(const MemoryRegion& in) - { - if(this != &in) - { - this->resize(in.size()); - this->copy(&in[0], in.size()); - } - return (*this); - } - - /** - * Create a buffer of the specified length. - * @param n the length of the buffer to create. - */ - MemoryVector(size_t n = 0) { this->init(false, n); } - - /** - * Create a buffer with the specified contents. - * @param in the array containing the data to be initially copied - * into the newly created buffer - * @param n the size of the arry in - */ - MemoryVector(const T in[], size_t n) - { - this->init(false); - this->resize(n); - this->copy(in, n); - } - - /** - * Copy constructor. - */ - MemoryVector(const MemoryRegion& in) - { - this->init(false); - this->resize(in.size()); - this->copy(&in[0], in.size()); - } - }; - -/** -* This class represents variable length buffers using the operating -* systems capability to lock memory, i.e. keeping it from being -* swapped out to disk. In this way, a security hole allowing attackers -* to find swapped out secret keys is closed. -*/ -template -class SecureVector : public MemoryRegion - { - public: - /** - * Copy the contents of another buffer into this buffer. - * @param other the buffer to copy the contents from - * @return reference to *this - */ - SecureVector& operator=(const MemoryRegion& other) - { - if(this != &other) - { - this->resize(other.size()); - this->copy(&other[0], other.size()); - } - return (*this); - } - - /** - * Create a buffer of the specified length. - * @param n the length of the buffer to create. - */ - SecureVector(size_t n = 0) { this->init(true, n); } - - /** - * Create a buffer with the specified contents. - * @param in the array containing the data to be initially copied - * into the newly created buffer - * @param n the size of the array in - */ - SecureVector(const T in[], size_t n) - { - this->init(true); - this->resize(n); - this->copy(&in[0], n); - } - - /** - * Create a buffer with contents specified contents. - * @param in the buffer holding the contents that will be - * copied into the newly created buffer. - */ - SecureVector(const MemoryRegion& in) - { - this->init(true); - this->resize(in.size()); - this->copy(&in[0], in.size()); - } - }; - -template -size_t buffer_insert(MemoryRegion& buf, +template +size_t buffer_insert(std::vector& buf, size_t buf_offset, const T input[], size_t input_length) @@ -373,19 +98,20 @@ size_t buffer_insert(MemoryRegion& buf, return to_copy; } -template -size_t buffer_insert(MemoryRegion& buf, +template +size_t buffer_insert(std::vector& buf, size_t buf_offset, - const MemoryRegion& input) + const std::vector& input) { const size_t to_copy = std::min(input.size(), buf.size() - buf_offset); copy_mem(&buf[buf_offset], &input[0], to_copy); return to_copy; } -template -MemoryRegion& operator+=(MemoryRegion& out, - const MemoryRegion& in) +template +std::vector& +operator+=(std::vector& out, + const std::vector& in) { const size_t copy_offset = out.size(); out.resize(out.size() + in.size()); @@ -393,17 +119,16 @@ MemoryRegion& operator+=(MemoryRegion& out, return out; } -template -MemoryRegion& operator+=(MemoryRegion& out, - T in) +template +std::vector& operator+=(std::vector& out, T in) { out.push_back(in); return out; } -template -MemoryRegion& operator+=(MemoryRegion& out, - const std::pair& in) +template +std::vector& operator+=(std::vector& out, + const std::pair& in) { const size_t copy_offset = out.size(); out.resize(out.size() + in.second); @@ -411,9 +136,9 @@ MemoryRegion& operator+=(MemoryRegion& out, return out; } -template -MemoryRegion& operator+=(MemoryRegion& out, - const std::pair& in) +template +std::vector& operator+=(std::vector& out, + const std::pair& in) { const size_t copy_offset = out.size(); out.resize(out.size() + in.second); @@ -425,22 +150,12 @@ MemoryRegion& operator+=(MemoryRegion& out, * Zeroise the values; length remains unchanged * @param vec the vector to zeroise */ -template -void zeroise(MemoryRegion& vec) +template +void zeroise(std::vector& vec) { clear_mem(&vec[0], vec.size()); } } -namespace std { - -template -inline void swap(Botan::MemoryRegion& x, Botan::MemoryRegion& y) - { - x.swap(y); - } - -} - #endif diff --git a/src/alloc/system_alloc/defalloc.cpp b/src/alloc/system_alloc/defalloc.cpp deleted file mode 100644 index 8e178bb14..000000000 --- a/src/alloc/system_alloc/defalloc.cpp +++ /dev/null @@ -1,103 +0,0 @@ -/* -* Basic Allocators -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include -#include -#include -#include -#include - -namespace Botan { - -namespace { - -/* -* Perform Memory Allocation -*/ -void* do_malloc(size_t n, bool do_lock) - { - void* ptr = std::malloc(n); - - if(!ptr) - return 0; - - if(do_lock) - lock_mem(ptr, n); - - std::memset(ptr, 0, n); - return ptr; - } - -/* -* Perform Memory Deallocation -*/ -void do_free(void* ptr, size_t n, bool do_lock) - { - if(!ptr) - return; - - std::memset(ptr, 0, n); - if(do_lock) - unlock_mem(ptr, n); - - std::free(ptr); - } - -} - -/* -* Malloc_Allocator's Allocation -*/ -void* Malloc_Allocator::allocate(size_t n) - { - void* ptr = do_malloc(n, false); - if(!ptr) - throw Memory_Exhaustion(); - return ptr; - } - -/* -* Malloc_Allocator's Deallocation -*/ -void Malloc_Allocator::deallocate(void* ptr, size_t n) - { - do_free(ptr, n, false); - } - -/* -* Locking_Allocator's Allocation -*/ -void* Locking_Allocator::alloc_block(size_t n) - { - return do_malloc(n, true); - } - -/* -* Locking_Allocator's Deallocation -*/ -void Locking_Allocator::dealloc_block(void* ptr, size_t n) - { - do_free(ptr, n, true); - } - -/* -* Get an allocator -*/ -Allocator* Allocator::get(bool locking) - { - std::string type = ""; - if(!locking) - type = "malloc"; - - Allocator* alloc = global_state().get_allocator(type); - if(alloc) - return alloc; - - throw Internal_Error("Couldn't find an allocator to use in get_allocator"); - } - -} diff --git a/src/alloc/system_alloc/defalloc.h b/src/alloc/system_alloc/defalloc.h deleted file mode 100644 index c4b90d081..000000000 --- a/src/alloc/system_alloc/defalloc.h +++ /dev/null @@ -1,41 +0,0 @@ -/* -* Basic Allocators -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_BASIC_ALLOC_H__ -#define BOTAN_BASIC_ALLOC_H__ - -#include - -namespace Botan { - -/** -* Allocator using malloc -*/ -class Malloc_Allocator : public Allocator - { - public: - void* allocate(size_t); - void deallocate(void*, size_t); - - std::string type() const { return "malloc"; } - }; - -/** -* Allocator using malloc plus locking -*/ -class Locking_Allocator : public Pooling_Allocator - { - public: - std::string type() const { return "locking"; } - private: - void* alloc_block(size_t); - void dealloc_block(void*, size_t); - }; - -} - -#endif diff --git a/src/alloc/system_alloc/info.txt b/src/alloc/system_alloc/info.txt deleted file mode 100644 index 87de0cb67..000000000 --- a/src/alloc/system_alloc/info.txt +++ /dev/null @@ -1,13 +0,0 @@ - - -defalloc.cpp - - - -defalloc.h - - - -libstate -mem_pool - diff --git a/src/asn1/alg_id.cpp b/src/asn1/alg_id.cpp index 665e42fb3..c4c6b6e24 100644 --- a/src/asn1/alg_id.cpp +++ b/src/asn1/alg_id.cpp @@ -16,7 +16,7 @@ namespace Botan { * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id, - const MemoryRegion& param) + const std::vector& param) { oid = alg_id; parameters = param; @@ -26,7 +26,7 @@ AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id, * Create an AlgorithmIdentifier */ AlgorithmIdentifier::AlgorithmIdentifier(const std::string& alg_id, - const MemoryRegion& param) + const std::vector& param) { oid = OIDS::lookup(alg_id); parameters = param; diff --git a/src/asn1/alg_id.h b/src/asn1/alg_id.h index 417a71b30..1ec6b62d3 100644 --- a/src/asn1/alg_id.h +++ b/src/asn1/alg_id.h @@ -29,11 +29,11 @@ class BOTAN_DLL AlgorithmIdentifier : public ASN1_Object AlgorithmIdentifier(const OID&, Encoding_Option); AlgorithmIdentifier(const std::string&, Encoding_Option); - AlgorithmIdentifier(const OID&, const MemoryRegion&); - AlgorithmIdentifier(const std::string&, const MemoryRegion&); + AlgorithmIdentifier(const OID&, const std::vector&); + AlgorithmIdentifier(const std::string&, const std::vector&); OID oid; - SecureVector parameters; + std::vector parameters; }; /* diff --git a/src/asn1/asn1_att.cpp b/src/asn1/asn1_att.cpp index c8d771e25..c0adae643 100644 --- a/src/asn1/asn1_att.cpp +++ b/src/asn1/asn1_att.cpp @@ -15,7 +15,7 @@ namespace Botan { /* * Create an Attribute */ -Attribute::Attribute(const OID& attr_oid, const MemoryRegion& attr_value) +Attribute::Attribute(const OID& attr_oid, const std::vector& attr_value) { oid = attr_oid; parameters = attr_value; @@ -25,7 +25,7 @@ Attribute::Attribute(const OID& attr_oid, const MemoryRegion& attr_value) * Create an Attribute */ Attribute::Attribute(const std::string& attr_oid, - const MemoryRegion& attr_value) + const std::vector& attr_value) { oid = OIDS::lookup(attr_oid); parameters = attr_value; diff --git a/src/asn1/asn1_int.cpp b/src/asn1/asn1_int.cpp index bb4a3ecf7..ff8eba54e 100644 --- a/src/asn1/asn1_int.cpp +++ b/src/asn1/asn1_int.cpp @@ -31,13 +31,13 @@ namespace ASN1 { /* * Put some arbitrary bytes into a SEQUENCE */ -SecureVector put_in_sequence(const MemoryRegion& contents) +std::vector put_in_sequence(const std::vector& contents) { return DER_Encoder() .start_cons(SEQUENCE) .raw_bytes(contents) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* diff --git a/src/asn1/asn1_int.h b/src/asn1/asn1_int.h index 25b3cf100..37edc4e3c 100644 --- a/src/asn1/asn1_int.h +++ b/src/asn1/asn1_int.h @@ -80,7 +80,7 @@ class BOTAN_DLL BER_Object void assert_is_a(ASN1_Tag, ASN1_Tag); ASN1_Tag type_tag, class_tag; - SecureVector value; + secure_vector value; }; /* @@ -90,7 +90,7 @@ class DataSource; namespace ASN1 { -SecureVector put_in_sequence(const MemoryRegion& val); +std::vector put_in_sequence(const std::vector& val); std::string to_string(const BER_Object& obj); /** diff --git a/src/asn1/asn1_obj.h b/src/asn1/asn1_obj.h index 3cd8422e6..cee5a18ed 100644 --- a/src/asn1/asn1_obj.h +++ b/src/asn1/asn1_obj.h @@ -29,11 +29,11 @@ class BOTAN_DLL Attribute : public ASN1_Object void decode_from(class BER_Decoder& from); OID oid; - MemoryVector parameters; + std::vector parameters; Attribute() {} - Attribute(const OID&, const MemoryRegion&); - Attribute(const std::string&, const MemoryRegion&); + Attribute(const OID&, const std::vector&); + Attribute(const std::string&, const std::vector&); }; /** diff --git a/src/asn1/asn1_oid.cpp b/src/asn1/asn1_oid.cpp index 750eb90f7..009b1c2fc 100644 --- a/src/asn1/asn1_oid.cpp +++ b/src/asn1/asn1_oid.cpp @@ -129,7 +129,7 @@ void OID::encode_into(DER_Encoder& der) const if(id.size() < 2) throw Invalid_Argument("OID::encode_into: OID is invalid"); - MemoryVector encoding; + std::vector encoding; encoding.push_back(40 * id[0] + id[1]); for(size_t i = 2; i != id.size(); ++i) diff --git a/src/asn1/ber_dec.cpp b/src/asn1/ber_dec.cpp index 3754bb158..ea0a380d4 100644 --- a/src/asn1/ber_dec.cpp +++ b/src/asn1/ber_dec.cpp @@ -99,7 +99,7 @@ size_t decode_length(DataSource* ber) */ size_t find_eoc(DataSource* ber) { - SecureVector buffer(DEFAULT_BUFFERSIZE), data; + secure_vector buffer(DEFAULT_BUFFERSIZE), data; while(true) { @@ -171,7 +171,16 @@ BER_Decoder& BER_Decoder::verify_end() /* * Save all the bytes remaining in the source */ -BER_Decoder& BER_Decoder::raw_bytes(MemoryRegion& out) +BER_Decoder& BER_Decoder::raw_bytes(secure_vector& out) + { + out.clear(); + byte buf; + while(source->read_byte(buf)) + out.push_back(buf); + return (*this); + } + +BER_Decoder& BER_Decoder::raw_bytes(std::vector& out) { out.clear(); byte buf; @@ -212,7 +221,10 @@ BER_Object BER_Decoder::get_next_object() size_t length = decode_length(source); next.value.resize(length); if(source->read(&next.value[0], length) != length) + { + abort(); throw BER_Decoding_Error("Value truncated"); + } if(next.type_tag == EOC && next.class_tag == UNIVERSAL) return get_next_object(); @@ -281,7 +293,7 @@ BER_Decoder::BER_Decoder(const byte data[], size_t length) /* * BER_Decoder Constructor */ -BER_Decoder::BER_Decoder(const MemoryRegion& data) +BER_Decoder::BER_Decoder(const secure_vector& data) { source = new DataSource_Memory(data); owns = true; @@ -289,6 +301,17 @@ BER_Decoder::BER_Decoder(const MemoryRegion& data) parent = 0; } +/* +* BER_Decoder Constructor +*/ +BER_Decoder::BER_Decoder(const std::vector& data) + { + source = new DataSource_Memory(&data[0], data.size()); + owns = true; + pushed.type_tag = pushed.class_tag = NO_OBJECT; + parent = 0; + } + /* * BER_Decoder Copy Constructor */ @@ -362,7 +385,7 @@ BER_Decoder& BER_Decoder::decode(BigInt& out) BER_Decoder& BER_Decoder::decode_octet_string_bigint(BigInt& out) { - SecureVector out_vec; + secure_vector out_vec; decode(out_vec, OCTET_STRING); out = BigInt::decode(&out_vec[0], out_vec.size()); return (*this); @@ -462,7 +485,15 @@ BER_Decoder& BER_Decoder::decode(BigInt& out, /* * BER decode a BIT STRING or OCTET STRING */ -BER_Decoder& BER_Decoder::decode(MemoryRegion& out, ASN1_Tag real_type) +BER_Decoder& BER_Decoder::decode(secure_vector& out, ASN1_Tag real_type) + { + return decode(out, real_type, real_type, UNIVERSAL); + } + +/* +* BER decode a BIT STRING or OCTET STRING +*/ +BER_Decoder& BER_Decoder::decode(std::vector& out, ASN1_Tag real_type) { return decode(out, real_type, real_type, UNIVERSAL); } @@ -470,7 +501,7 @@ BER_Decoder& BER_Decoder::decode(MemoryRegion& out, ASN1_Tag real_type) /* * BER decode a BIT STRING or OCTET STRING */ -BER_Decoder& BER_Decoder::decode(MemoryRegion& buffer, +BER_Decoder& BER_Decoder::decode(secure_vector& buffer, ASN1_Tag real_type, ASN1_Tag type_tag, ASN1_Tag class_tag) { @@ -493,10 +524,50 @@ BER_Decoder& BER_Decoder::decode(MemoryRegion& buffer, return (*this); } +BER_Decoder& BER_Decoder::decode(std::vector& buffer, + ASN1_Tag real_type, + ASN1_Tag type_tag, ASN1_Tag class_tag) + { + if(real_type != OCTET_STRING && real_type != BIT_STRING) + throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type); + + BER_Object obj = get_next_object(); + obj.assert_is_a(type_tag, class_tag); + + if(real_type == OCTET_STRING) + buffer = unlock(obj.value); + else + { + if(obj.value[0] >= 8) + throw BER_Decoding_Error("Bad number of unused bits in BIT STRING"); + + buffer.resize(obj.value.size() - 1); + copy_mem(&buffer[0], &obj.value[1], obj.value.size() - 1); + } + return (*this); + } + /* * Decode an OPTIONAL string type */ -BER_Decoder& BER_Decoder::decode_optional_string(MemoryRegion& out, +BER_Decoder& BER_Decoder::decode_optional_string(secure_vector& out, + ASN1_Tag real_type, + u16bit type_no) + { + BER_Object obj = get_next_object(); + + ASN1_Tag type_tag = static_cast(type_no); + + out.clear(); + push_back(obj); + + if(obj.type_tag == type_tag && obj.class_tag == CONTEXT_SPECIFIC) + decode(out, real_type, type_tag, CONTEXT_SPECIFIC); + + return (*this); + } + +BER_Decoder& BER_Decoder::decode_optional_string(std::vector& out, ASN1_Tag real_type, u16bit type_no) { diff --git a/src/asn1/ber_dec.h b/src/asn1/ber_dec.h index 87039ed93..6b010fcc4 100644 --- a/src/asn1/ber_dec.h +++ b/src/asn1/ber_dec.h @@ -29,13 +29,15 @@ class BOTAN_DLL BER_Decoder BER_Decoder start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag = UNIVERSAL); BER_Decoder& end_cons(); - BER_Decoder& raw_bytes(MemoryRegion& v); + BER_Decoder& raw_bytes(secure_vector& v); + BER_Decoder& raw_bytes(std::vector& v); BER_Decoder& decode_null(); BER_Decoder& decode(bool& v); BER_Decoder& decode(size_t& v); BER_Decoder& decode(class BigInt& v); - BER_Decoder& decode(MemoryRegion& v, ASN1_Tag type_tag); + BER_Decoder& decode(std::vector& v, ASN1_Tag type_tag); + BER_Decoder& decode(secure_vector& v, ASN1_Tag type_tag); BER_Decoder& decode(bool& v, ASN1_Tag type_tag, @@ -49,7 +51,12 @@ class BOTAN_DLL BER_Decoder ASN1_Tag type_tag, ASN1_Tag class_tag = CONTEXT_SPECIFIC); - BER_Decoder& decode(MemoryRegion& v, + BER_Decoder& decode(std::vector& v, + ASN1_Tag real_type, + ASN1_Tag type_tag, + ASN1_Tag class_tag = CONTEXT_SPECIFIC); + + BER_Decoder& decode(secure_vector& v, ASN1_Tag real_type, ASN1_Tag type_tag, ASN1_Tag class_tag = CONTEXT_SPECIFIC); @@ -99,15 +106,24 @@ class BOTAN_DLL BER_Decoder return (*this); } - BER_Decoder& decode_optional_string(MemoryRegion& out, + BER_Decoder& decode_optional_string(std::vector& out, + ASN1_Tag real_type, + u16bit type_no); + + BER_Decoder& decode_optional_string(secure_vector& out, ASN1_Tag real_type, u16bit type_no); BER_Decoder& operator=(const BER_Decoder&) = delete; BER_Decoder(DataSource&); + BER_Decoder(const byte[], size_t); - BER_Decoder(const MemoryRegion&); + + BER_Decoder(const secure_vector&); + + BER_Decoder(const std::vector& vec); + BER_Decoder(const BER_Decoder&); ~BER_Decoder(); private: diff --git a/src/asn1/der_enc.cpp b/src/asn1/der_enc.cpp index d19e434f0..ea9dfe9f8 100644 --- a/src/asn1/der_enc.cpp +++ b/src/asn1/der_enc.cpp @@ -20,13 +20,13 @@ namespace { /* * DER encode an ASN.1 type tag */ -SecureVector encode_tag(ASN1_Tag type_tag, ASN1_Tag class_tag) +secure_vector encode_tag(ASN1_Tag type_tag, ASN1_Tag class_tag) { if((class_tag | 0xE0) != 0xE0) throw Encoding_Error("DER_Encoder: Invalid class tag " + std::to_string(class_tag)); - SecureVector encoded_tag; + secure_vector encoded_tag; if(type_tag <= 30) encoded_tag.push_back(static_cast(type_tag | class_tag)); else @@ -46,9 +46,9 @@ SecureVector encode_tag(ASN1_Tag type_tag, ASN1_Tag class_tag) /* * DER encode an ASN.1 length field */ -SecureVector encode_length(size_t length) +secure_vector encode_length(size_t length) { - SecureVector encoded_length; + secure_vector encoded_length; if(length <= 127) encoded_length.push_back(static_cast(length)); else @@ -68,7 +68,7 @@ SecureVector encode_length(size_t length) /* * Return the encoded SEQUENCE/SET */ -SecureVector DER_Encoder::DER_Sequence::get_contents() +secure_vector DER_Encoder::DER_Sequence::get_contents() { const ASN1_Tag real_class_tag = ASN1_Tag(class_tag | CONSTRUCTED); @@ -80,7 +80,7 @@ SecureVector DER_Encoder::DER_Sequence::get_contents() set_contents.clear(); } - SecureVector result; + secure_vector result; result += encode_tag(type_tag, real_class_tag); result += encode_length(contents.size()); result += contents; @@ -95,7 +95,7 @@ SecureVector DER_Encoder::DER_Sequence::get_contents() void DER_Encoder::DER_Sequence::add_bytes(const byte data[], size_t length) { if(type_tag == SET) - set_contents.push_back(SecureVector(data, length)); + set_contents.push_back(secure_vector(data, data + length)); else contents += std::make_pair(data, length); } @@ -119,12 +119,12 @@ DER_Encoder::DER_Sequence::DER_Sequence(ASN1_Tag t1, ASN1_Tag t2) : /* * Return the encoded contents */ -SecureVector DER_Encoder::get_contents() +secure_vector DER_Encoder::get_contents() { if(subsequences.size() != 0) throw Invalid_State("DER_Encoder: Sequence hasn't been marked done"); - SecureVector output; + secure_vector output; std::swap(output, contents); return output; } @@ -147,7 +147,7 @@ DER_Encoder& DER_Encoder::end_cons() if(subsequences.empty()) throw Invalid_State("DER_Encoder::end_cons: No such sequence"); - SecureVector seq = subsequences[subsequences.size()-1].get_contents(); + secure_vector seq = subsequences[subsequences.size()-1].get_contents(); subsequences.pop_back(); raw_bytes(seq); return (*this); @@ -177,7 +177,12 @@ DER_Encoder& DER_Encoder::end_explicit() /* * Write raw bytes into the stream */ -DER_Encoder& DER_Encoder::raw_bytes(const MemoryRegion& val) +DER_Encoder& DER_Encoder::raw_bytes(const secure_vector& val) + { + return raw_bytes(&val[0], val.size()); + } + +DER_Encoder& DER_Encoder::raw_bytes(const std::vector& val) { return raw_bytes(&val[0], val.size()); } @@ -230,7 +235,17 @@ DER_Encoder& DER_Encoder::encode(const BigInt& n) /* * DER encode an OCTET STRING or BIT STRING */ -DER_Encoder& DER_Encoder::encode(const MemoryRegion& bytes, +DER_Encoder& DER_Encoder::encode(const secure_vector& bytes, + ASN1_Tag real_type) + { + return encode(&bytes[0], bytes.size(), + real_type, real_type, UNIVERSAL); + } + +/* +* DER encode an OCTET STRING or BIT STRING +*/ +DER_Encoder& DER_Encoder::encode(const std::vector& bytes, ASN1_Tag real_type) { return encode(&bytes[0], bytes.size(), @@ -275,7 +290,7 @@ DER_Encoder& DER_Encoder::encode(const BigInt& n, return add_object(type_tag, class_tag, 0); bool extra_zero = (n.bits() % 8 == 0); - SecureVector contents(extra_zero + n.bytes()); + secure_vector contents(extra_zero + n.bytes()); BigInt::encode(&contents[extra_zero], n); if(n < 0) { @@ -292,7 +307,18 @@ DER_Encoder& DER_Encoder::encode(const BigInt& n, /* * DER encode an OCTET STRING or BIT STRING */ -DER_Encoder& DER_Encoder::encode(const MemoryRegion& bytes, +DER_Encoder& DER_Encoder::encode(const secure_vector& bytes, + ASN1_Tag real_type, + ASN1_Tag type_tag, ASN1_Tag class_tag) + { + return encode(&bytes[0], bytes.size(), + real_type, type_tag, class_tag); + } + +/* +* DER encode an OCTET STRING or BIT STRING +*/ +DER_Encoder& DER_Encoder::encode(const std::vector& bytes, ASN1_Tag real_type, ASN1_Tag type_tag, ASN1_Tag class_tag) { @@ -312,7 +338,7 @@ DER_Encoder& DER_Encoder::encode(const byte bytes[], size_t length, if(real_type == BIT_STRING) { - SecureVector encoded; + secure_vector encoded; encoded.push_back(0); encoded += std::make_pair(bytes, length); return add_object(type_tag, class_tag, encoded); @@ -346,7 +372,7 @@ DER_Encoder& DER_Encoder::encode(const ASN1_Object& obj) DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, const byte rep[], size_t length) { - SecureVector buffer; + secure_vector buffer; buffer += encode_tag(type_tag, class_tag); buffer += encode_length(length); buffer += std::make_pair(rep, length); @@ -354,17 +380,6 @@ DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, return raw_bytes(buffer); } -/* -* Write the encoding of the byte(s) -*/ -DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, - const MemoryRegion& rep_buf) - { - const byte* rep = &rep_buf[0]; - const size_t rep_len = rep_buf.size(); - return add_object(type_tag, class_tag, rep, rep_len); - } - /* * Write the encoding of the byte(s) */ diff --git a/src/asn1/der_enc.h b/src/asn1/der_enc.h index 183e43b80..adab02247 100644 --- a/src/asn1/der_enc.h +++ b/src/asn1/der_enc.h @@ -22,7 +22,10 @@ class ASN1_Object; class BOTAN_DLL DER_Encoder { public: - SecureVector get_contents(); + secure_vector get_contents(); + + std::vector get_contents_unlocked() + { return unlock(get_contents()); } DER_Encoder& start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag = UNIVERSAL); @@ -32,13 +35,15 @@ class BOTAN_DLL DER_Encoder DER_Encoder& end_explicit(); DER_Encoder& raw_bytes(const byte val[], size_t len); - DER_Encoder& raw_bytes(const MemoryRegion& val); + DER_Encoder& raw_bytes(const secure_vector& val); + DER_Encoder& raw_bytes(const std::vector& val); DER_Encoder& encode_null(); DER_Encoder& encode(bool b); DER_Encoder& encode(size_t s); DER_Encoder& encode(const BigInt& n); - DER_Encoder& encode(const MemoryRegion& v, ASN1_Tag real_type); + DER_Encoder& encode(const secure_vector& v, ASN1_Tag real_type); + DER_Encoder& encode(const std::vector& v, ASN1_Tag real_type); DER_Encoder& encode(const byte val[], size_t len, ASN1_Tag real_type); DER_Encoder& encode(bool b, @@ -53,7 +58,12 @@ class BOTAN_DLL DER_Encoder ASN1_Tag type_tag, ASN1_Tag class_tag = CONTEXT_SPECIFIC); - DER_Encoder& encode(const MemoryRegion& v, + DER_Encoder& encode(const std::vector& v, + ASN1_Tag real_type, + ASN1_Tag type_tag, + ASN1_Tag class_tag = CONTEXT_SPECIFIC); + + DER_Encoder& encode(const secure_vector& v, ASN1_Tag real_type, ASN1_Tag type_tag, ASN1_Tag class_tag = CONTEXT_SPECIFIC); @@ -86,7 +96,16 @@ class BOTAN_DLL DER_Encoder const byte rep[], size_t length); DER_Encoder& add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, - const MemoryRegion& rep); + const std::vector& rep) + { + return add_object(type_tag, class_tag, &rep[0], rep.size()); + } + + DER_Encoder& add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, + const secure_vector& rep) + { + return add_object(type_tag, class_tag, &rep[0], rep.size()); + } DER_Encoder& add_object(ASN1_Tag type_tag, ASN1_Tag class_tag, const std::string& str); @@ -99,16 +118,16 @@ class BOTAN_DLL DER_Encoder { public: ASN1_Tag tag_of() const; - SecureVector get_contents(); + secure_vector get_contents(); void add_bytes(const byte[], size_t); DER_Sequence(ASN1_Tag, ASN1_Tag); private: ASN1_Tag type_tag, class_tag; - SecureVector contents; - std::vector< SecureVector > set_contents; + secure_vector contents; + std::vector< secure_vector > set_contents; }; - SecureVector contents; + secure_vector contents; std::vector subsequences; }; diff --git a/src/asn1/x509_dn.cpp b/src/asn1/x509_dn.cpp index 984645cfe..8504bed16 100644 --- a/src/asn1/x509_dn.cpp +++ b/src/asn1/x509_dn.cpp @@ -106,7 +106,7 @@ std::vector X509_DN::get_attribute(const std::string& attr) const /* * Return the BER encoded data, if any */ -MemoryVector X509_DN::get_bits() const +std::vector X509_DN::get_bits() const { return dn_bits; } @@ -247,7 +247,7 @@ void X509_DN::encode_into(DER_Encoder& der) const */ void X509_DN::decode_from(BER_Decoder& source) { - MemoryVector bits; + std::vector bits; source.start_cons(SEQUENCE) .raw_bytes(bits) diff --git a/src/asn1/x509_dn.h b/src/asn1/x509_dn.h index 3f63eb49c..a7b2b24d3 100644 --- a/src/asn1/x509_dn.h +++ b/src/asn1/x509_dn.h @@ -34,14 +34,14 @@ class BOTAN_DLL X509_DN : public ASN1_Object static std::string deref_info_field(const std::string&); - MemoryVector get_bits() const; + std::vector get_bits() const; X509_DN(); X509_DN(const std::multimap&); X509_DN(const std::multimap&); private: std::multimap dn_info; - MemoryVector dn_bits; + std::vector dn_bits; }; bool BOTAN_DLL operator==(const X509_DN&, const X509_DN&); diff --git a/src/block/aes/aes.cpp b/src/block/aes/aes.cpp index 5f47762a8..42db7abae 100644 --- a/src/block/aes/aes.cpp +++ b/src/block/aes/aes.cpp @@ -414,8 +414,8 @@ const u32bit TD[1024] = { */ void aes_encrypt_n(const byte in[], byte out[], size_t blocks, - const MemoryRegion& EK, - const MemoryRegion& ME) + const secure_vector& EK, + const secure_vector& ME) { const size_t BLOCK_SIZE = 16; @@ -525,8 +525,8 @@ void aes_encrypt_n(const byte in[], byte out[], * AES Decryption */ void aes_decrypt_n(const byte in[], byte out[], size_t blocks, - const MemoryRegion& DK, - const MemoryRegion& MD) + const secure_vector& DK, + const secure_vector& MD) { const size_t BLOCK_SIZE = 16; @@ -606,10 +606,10 @@ void aes_decrypt_n(const byte in[], byte out[], size_t blocks, } void aes_key_schedule(const byte key[], size_t length, - MemoryRegion& EK, - MemoryRegion& DK, - MemoryRegion& ME, - MemoryRegion& MD) + secure_vector& EK, + secure_vector& DK, + secure_vector& ME, + secure_vector& MD) { static const u32bit RC[10] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, @@ -617,7 +617,7 @@ void aes_key_schedule(const byte key[], size_t length, const size_t rounds = (length / 4) + 6; - SecureVector XEK(length + 32), XDK(length + 32); + secure_vector XEK(length + 32), XDK(length + 32); const size_t X = length / 4; for(size_t i = 0; i != X; ++i) diff --git a/src/block/aes/aes.h b/src/block/aes/aes.h index a165f83b5..f6f683bf9 100644 --- a/src/block/aes/aes.h +++ b/src/block/aes/aes.h @@ -30,8 +30,8 @@ class BOTAN_DLL AES_128 : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte key[], size_t length); - SecureVector EK, DK; - SecureVector ME, MD; + secure_vector EK, DK; + secure_vector ME, MD; }; /** @@ -52,8 +52,8 @@ class BOTAN_DLL AES_192 : public Block_Cipher_Fixed_Params<16, 24> private: void key_schedule(const byte key[], size_t length); - SecureVector EK, DK; - SecureVector ME, MD; + secure_vector EK, DK; + secure_vector ME, MD; }; /** @@ -74,8 +74,8 @@ class BOTAN_DLL AES_256 : public Block_Cipher_Fixed_Params<16, 32> private: void key_schedule(const byte key[], size_t length); - SecureVector EK, DK; - SecureVector ME, MD; + secure_vector EK, DK; + secure_vector ME, MD; }; } diff --git a/src/block/aes_ni/aes_ni.h b/src/block/aes_ni/aes_ni.h index ae9e5b3f4..4844b7fe8 100644 --- a/src/block/aes_ni/aes_ni.h +++ b/src/block/aes_ni/aes_ni.h @@ -31,7 +31,7 @@ class BOTAN_DLL AES_128_NI : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; /** @@ -53,7 +53,7 @@ class BOTAN_DLL AES_192_NI : public Block_Cipher_Fixed_Params<16, 24> private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; /** @@ -75,7 +75,7 @@ class BOTAN_DLL AES_256_NI : public Block_Cipher_Fixed_Params<16, 32> private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; } diff --git a/src/block/aes_ssse3/aes_ssse3.h b/src/block/aes_ssse3/aes_ssse3.h index 686b7999f..3d7c16f42 100644 --- a/src/block/aes_ssse3/aes_ssse3.h +++ b/src/block/aes_ssse3/aes_ssse3.h @@ -29,7 +29,7 @@ class BOTAN_DLL AES_128_SSSE3 : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; /** @@ -49,7 +49,7 @@ class BOTAN_DLL AES_192_SSSE3 : public Block_Cipher_Fixed_Params<16, 24> private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; /** @@ -69,7 +69,7 @@ class BOTAN_DLL AES_256_SSSE3 : public Block_Cipher_Fixed_Params<16, 32> private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; } diff --git a/src/block/block_cipher.h b/src/block/block_cipher.h index 8e820fc5a..4a07bb048 100644 --- a/src/block/block_cipher.h +++ b/src/block/block_cipher.h @@ -73,6 +73,50 @@ class BOTAN_DLL BlockCipher : public SymmetricAlgorithm */ void decrypt(byte block[]) const { decrypt_n(block, block, 1); } + /** + * Encrypt one or more blocks + * @param block the input/output buffer (multiple of block_size()) + */ + template + void encrypt(std::vector& block) const + { + return encrypt_n(&block[0], &block[0], block.size() / block_size()); + } + + /** + * Decrypt one or more blocks + * @param block the input/output buffer (multiple of block_size()) + */ + template + void decrypt(std::vector& block) const + { + return decrypt_n(&block[0], &block[0], block.size() / block_size()); + } + + /** + * Encrypt one or more blocks + * @param in the input buffer (multiple of block_size()) + * @param out the output buffer (same size as in) + */ + template + void encrypt(const std::vector& in, + std::vector& out) const + { + return encrypt_n(&in[0], &out[0], in.size() / block_size()); + } + + /** + * Decrypt one or more blocks + * @param in the input buffer (multiple of block_size()) + * @param out the output buffer (same size as in) + */ + template + void decrypt(const std::vector& in, + std::vector& out) const + { + return decrypt_n(&in[0], &out[0], in.size() / block_size()); + } + /** * Encrypt one or more blocks * @param in the input buffer (multiple of block_size()) diff --git a/src/block/blowfish/blowfish.cpp b/src/block/blowfish/blowfish.cpp index b6319eec0..9f5ac1724 100644 --- a/src/block/blowfish/blowfish.cpp +++ b/src/block/blowfish/blowfish.cpp @@ -143,7 +143,7 @@ void Blowfish::eks_key_schedule(const byte key[], size_t length, /* * Generate one of the Sboxes */ -void Blowfish::generate_sbox(MemoryRegion& box, +void Blowfish::generate_sbox(secure_vector& box, u32bit& L, u32bit& R, const byte salt[16], size_t salt_off) const diff --git a/src/block/blowfish/blowfish.h b/src/block/blowfish/blowfish.h index 13706d21e..5bec4b231 100644 --- a/src/block/blowfish/blowfish.h +++ b/src/block/blowfish/blowfish.h @@ -39,7 +39,7 @@ class BOTAN_DLL Blowfish : public Block_Cipher_Fixed_Params<8, 1, 56> size_t key_length, const byte salt[16]); - void generate_sbox(MemoryRegion& box, + void generate_sbox(secure_vector& box, u32bit& L, u32bit& R, const byte salt[16], size_t salt_off) const; @@ -47,8 +47,8 @@ class BOTAN_DLL Blowfish : public Block_Cipher_Fixed_Params<8, 1, 56> static const u32bit P_INIT[18]; static const u32bit S_INIT[1024]; - SecureVector S; - SecureVector P; + secure_vector S; + secure_vector P; }; } diff --git a/src/block/camellia/camellia.cpp b/src/block/camellia/camellia.cpp index 7b85b1aca..bea5d4c51 100644 --- a/src/block/camellia/camellia.cpp +++ b/src/block/camellia/camellia.cpp @@ -116,7 +116,7 @@ inline u64bit FLINV(u64bit v, u64bit K) * Camellia Encryption */ void encrypt(const byte in[], byte out[], size_t blocks, - const SecureVector& SK, const size_t rounds) + const secure_vector& SK, const size_t rounds) { for(size_t i = 0; i != blocks; ++i) { @@ -160,7 +160,7 @@ void encrypt(const byte in[], byte out[], size_t blocks, * Camellia Decryption */ void decrypt(const byte in[], byte out[], size_t blocks, - const SecureVector& SK, const size_t rounds) + const secure_vector& SK, const size_t rounds) { for(size_t i = 0; i != blocks; ++i) { @@ -213,7 +213,7 @@ u64bit left_rot_lo(u64bit h, u64bit l, size_t shift) /* * Camellia Key Schedule */ -void key_schedule(SecureVector& SK, const byte key[], size_t length) +void key_schedule(secure_vector& SK, const byte key[], size_t length) { const u64bit Sigma1 = 0xA09E667F3BCC908B; const u64bit Sigma2 = 0xB67AE8584CAA73B2; diff --git a/src/block/camellia/camellia.h b/src/block/camellia/camellia.h index 9ce305983..4db115f2c 100644 --- a/src/block/camellia/camellia.h +++ b/src/block/camellia/camellia.h @@ -27,7 +27,7 @@ class BOTAN_DLL Camellia_128 : public Block_Cipher_Fixed_Params<16, 16> private: void key_schedule(const byte key[], size_t length); - SecureVector SK; + secure_vector SK; }; /** @@ -45,7 +45,7 @@ class BOTAN_DLL Camellia_192 : public Block_Cipher_Fixed_Params<16, 24> private: void key_schedule(const byte key[], size_t length); - SecureVector SK; + secure_vector SK; }; /** @@ -63,7 +63,7 @@ class BOTAN_DLL Camellia_256 : public Block_Cipher_Fixed_Params<16, 32> private: void key_schedule(const byte key[], size_t length); - SecureVector SK; + secure_vector SK; }; } diff --git a/src/block/cast/cast128.cpp b/src/block/cast/cast128.cpp index 24469e025..8fae4040d 100644 --- a/src/block/cast/cast128.cpp +++ b/src/block/cast/cast128.cpp @@ -119,7 +119,7 @@ void CAST_128::decrypt_n(const byte in[], byte out[], size_t blocks) const void CAST_128::key_schedule(const byte key[], size_t length) { clear(); - SecureVector X(4); + secure_vector X(4); for(size_t j = 0; j != length; ++j) X[j/4] = (X[j/4] << 8) + key[j]; @@ -133,8 +133,8 @@ void CAST_128::key_schedule(const byte key[], size_t length) /* * S-Box Based Key Expansion */ -void CAST_128::cast_ks(MemoryRegion& K, - MemoryRegion& X) +void CAST_128::cast_ks(secure_vector& K, + secure_vector& X) { class ByteReader { @@ -145,7 +145,7 @@ void CAST_128::cast_ks(MemoryRegion& K, const u32bit* X; }; - SecureVector Z(4); + secure_vector Z(4); ByteReader x(&X[0]), z(&Z[0]); Z[0] = X[0] ^ S5[x(13)] ^ S6[x(15)] ^ S7[x(12)] ^ S8[x(14)] ^ S7[x( 8)]; diff --git a/src/block/cast/cast128.h b/src/block/cast/cast128.h index 10c646c94..15efc8132 100644 --- a/src/block/cast/cast128.h +++ b/src/block/cast/cast128.h @@ -29,15 +29,15 @@ class BOTAN_DLL CAST_128 : public Block_Cipher_Fixed_Params<8, 11, 16> private: void key_schedule(const byte[], size_t); - static void cast_ks(MemoryRegion& ks, - MemoryRegion& user_key); + static void cast_ks(secure_vector& ks, + secure_vector& user_key); static const u32bit S5[256]; static const u32bit S6[256]; static const u32bit S7[256]; static const u32bit S8[256]; - SecureVector MK, RK; + secure_vector MK, RK; }; extern const u32bit CAST_SBOX1[256]; diff --git a/src/block/cast/cast256.cpp b/src/block/cast/cast256.cpp index 8be0a8dd6..00e0fbd30 100644 --- a/src/block/cast/cast256.cpp +++ b/src/block/cast/cast256.cpp @@ -138,7 +138,7 @@ void CAST_256::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void CAST_256::key_schedule(const byte key[], size_t length) { - SecureVector K(8); + secure_vector K(8); for(size_t j = 0; j != length; ++j) K[j/4] = (K[j/4] << 8) + key[j]; diff --git a/src/block/cast/cast256.h b/src/block/cast/cast256.h index 2f2beef47..11c5117a3 100644 --- a/src/block/cast/cast256.h +++ b/src/block/cast/cast256.h @@ -32,8 +32,8 @@ class BOTAN_DLL CAST_256 : public Block_Cipher_Fixed_Params<16, 4, 32, 4> static const u32bit KEY_MASK[192]; static const byte KEY_ROT[32]; - SecureVector MK; - SecureVector RK; + secure_vector MK; + secure_vector RK; }; extern const u32bit CAST_SBOX1[256]; diff --git a/src/block/des/des.h b/src/block/des/des.h index db5a375e0..711efb16d 100644 --- a/src/block/des/des.h +++ b/src/block/des/des.h @@ -29,7 +29,7 @@ class BOTAN_DLL DES : public Block_Cipher_Fixed_Params<8, 8> private: void key_schedule(const byte[], size_t); - SecureVector round_key; + secure_vector round_key; }; /** @@ -49,7 +49,7 @@ class BOTAN_DLL TripleDES : public Block_Cipher_Fixed_Params<8, 16, 24, 8> private: void key_schedule(const byte[], size_t); - SecureVector round_key; + secure_vector round_key; }; /* diff --git a/src/block/des/desx.h b/src/block/des/desx.h index 993eca86b..1fe8b000c 100644 --- a/src/block/des/desx.h +++ b/src/block/des/desx.h @@ -28,7 +28,7 @@ class BOTAN_DLL DESX : public Block_Cipher_Fixed_Params<8, 24> DESX() : K1(8), K2(8) {} private: void key_schedule(const byte[], size_t); - SecureVector K1, K2; + secure_vector K1, K2; DES des; }; diff --git a/src/block/gost_28147/gost_28147.h b/src/block/gost_28147/gost_28147.h index bc26da774..a4a13b827 100644 --- a/src/block/gost_28147/gost_28147.h +++ b/src/block/gost_28147/gost_28147.h @@ -65,13 +65,13 @@ class BOTAN_DLL GOST_28147_89 : public Block_Cipher_Fixed_Params<8, 32> */ GOST_28147_89(const GOST_28147_89_Params& params); private: - GOST_28147_89(const SecureVector& other_SBOX) : + GOST_28147_89(const secure_vector& other_SBOX) : SBOX(other_SBOX), EK(8) {} void key_schedule(const byte[], size_t); - SecureVector SBOX; - SecureVector EK; + secure_vector SBOX; + secure_vector EK; }; } diff --git a/src/block/idea/idea.h b/src/block/idea/idea.h index 42fa60c47..f3f0ce1bc 100644 --- a/src/block/idea/idea.h +++ b/src/block/idea/idea.h @@ -30,16 +30,16 @@ class BOTAN_DLL IDEA : public Block_Cipher_Fixed_Params<8, 16> /** * @return const reference to encryption subkeys */ - const SecureVector& get_EK() const { return EK; } + const secure_vector& get_EK() const { return EK; } /** * @return const reference to decryption subkeys */ - const SecureVector& get_DK() const { return DK; } + const secure_vector& get_DK() const { return DK; } private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; } diff --git a/src/block/kasumi/kasumi.cpp b/src/block/kasumi/kasumi.cpp index a57c0396a..d3894789d 100644 --- a/src/block/kasumi/kasumi.cpp +++ b/src/block/kasumi/kasumi.cpp @@ -204,7 +204,7 @@ void KASUMI::key_schedule(const byte key[], size_t) static const u16bit RC[] = { 0x0123, 0x4567, 0x89AB, 0xCDEF, 0xFEDC, 0xBA98, 0x7654, 0x3210 }; - SecureVector K(16); + secure_vector K(16); for(size_t i = 0; i != 8; ++i) { K[i] = load_be(key, i); diff --git a/src/block/kasumi/kasumi.h b/src/block/kasumi/kasumi.h index 7871aa170..f3dd7e0c7 100644 --- a/src/block/kasumi/kasumi.h +++ b/src/block/kasumi/kasumi.h @@ -29,7 +29,7 @@ class BOTAN_DLL KASUMI : public Block_Cipher_Fixed_Params<8, 16> private: void key_schedule(const byte[], size_t); - SecureVector EK; + secure_vector EK; }; } diff --git a/src/block/lion/lion.cpp b/src/block/lion/lion.cpp index 4a9e8b901..778b55be0 100644 --- a/src/block/lion/lion.cpp +++ b/src/block/lion/lion.cpp @@ -16,7 +16,7 @@ namespace Botan { */ void Lion::encrypt_n(const byte in[], byte out[], size_t blocks) const { - SecureVector buffer_vec(LEFT_SIZE); + secure_vector buffer_vec(LEFT_SIZE); byte* buffer = &buffer_vec[0]; for(size_t i = 0; i != blocks; ++i) @@ -43,7 +43,7 @@ void Lion::encrypt_n(const byte in[], byte out[], size_t blocks) const */ void Lion::decrypt_n(const byte in[], byte out[], size_t blocks) const { - SecureVector buffer_vec(LEFT_SIZE); + secure_vector buffer_vec(LEFT_SIZE); byte* buffer = &buffer_vec[0]; for(size_t i = 0; i != blocks; ++i) diff --git a/src/block/lion/lion.h b/src/block/lion/lion.h index 5076f4461..d016c0e82 100644 --- a/src/block/lion/lion.h +++ b/src/block/lion/lion.h @@ -56,7 +56,7 @@ class BOTAN_DLL Lion : public BlockCipher HashFunction* hash; StreamCipher* cipher; - SecureVector key1, key2; + secure_vector key1, key2; }; } diff --git a/src/block/lubyrack/lubyrack.cpp b/src/block/lubyrack/lubyrack.cpp index ef4a11e9d..2fe4c87bf 100644 --- a/src/block/lubyrack/lubyrack.cpp +++ b/src/block/lubyrack/lubyrack.cpp @@ -17,7 +17,7 @@ void LubyRackoff::encrypt_n(const byte in[], byte out[], size_t blocks) const { const size_t len = hash->output_length(); - SecureVector buffer_vec(len); + secure_vector buffer_vec(len); byte* buffer = &buffer_vec[0]; for(size_t i = 0; i != blocks; ++i) @@ -54,7 +54,7 @@ void LubyRackoff::decrypt_n(const byte in[], byte out[], size_t blocks) const { const size_t len = hash->output_length(); - SecureVector buffer_vec(len); + secure_vector buffer_vec(len); byte* buffer = &buffer_vec[0]; for(size_t i = 0; i != blocks; ++i) diff --git a/src/block/lubyrack/lubyrack.h b/src/block/lubyrack/lubyrack.h index 81dddf579..e28c60be7 100644 --- a/src/block/lubyrack/lubyrack.h +++ b/src/block/lubyrack/lubyrack.h @@ -42,7 +42,7 @@ class BOTAN_DLL LubyRackoff : public BlockCipher void key_schedule(const byte[], size_t); HashFunction* hash; - SecureVector K1, K2; + secure_vector K1, K2; }; } diff --git a/src/block/mars/mars.cpp b/src/block/mars/mars.cpp index 171ce2945..64ece83ab 100644 --- a/src/block/mars/mars.cpp +++ b/src/block/mars/mars.cpp @@ -320,7 +320,7 @@ void MARS::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void MARS::key_schedule(const byte key[], size_t length) { - SecureVector T(15); + secure_vector T(15); for(size_t i = 0; i != length / 4; ++i) T[i] = load_le(key, i); diff --git a/src/block/mars/mars.h b/src/block/mars/mars.h index 5ca05f886..fc732ae10 100644 --- a/src/block/mars/mars.h +++ b/src/block/mars/mars.h @@ -29,7 +29,7 @@ class BOTAN_DLL MARS : public Block_Cipher_Fixed_Params<16, 16, 32, 4> private: void key_schedule(const byte[], size_t); - SecureVector EK; + secure_vector EK; }; } diff --git a/src/block/misty1/misty1.cpp b/src/block/misty1/misty1.cpp index 77d1047b1..64298ee92 100644 --- a/src/block/misty1/misty1.cpp +++ b/src/block/misty1/misty1.cpp @@ -204,7 +204,7 @@ void MISTY1::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void MISTY1::key_schedule(const byte key[], size_t length) { - SecureVector KS(32); + secure_vector KS(32); for(size_t i = 0; i != length / 2; ++i) KS[i] = load_be(key, i); diff --git a/src/block/misty1/misty1.h b/src/block/misty1/misty1.h index 14d8a2958..a4bfa14b3 100644 --- a/src/block/misty1/misty1.h +++ b/src/block/misty1/misty1.h @@ -33,7 +33,7 @@ class BOTAN_DLL MISTY1 : public Block_Cipher_Fixed_Params<8, 16> private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; } diff --git a/src/block/noekeon/noekeon.h b/src/block/noekeon/noekeon.h index 7c5c73dcb..8bcff64c9 100644 --- a/src/block/noekeon/noekeon.h +++ b/src/block/noekeon/noekeon.h @@ -35,16 +35,16 @@ class BOTAN_DLL Noekeon : public Block_Cipher_Fixed_Params<16, 16> /** * @return const reference to encryption subkeys */ - const SecureVector& get_EK() const { return EK; } + const secure_vector& get_EK() const { return EK; } /** * @return const reference to decryption subkeys */ - const SecureVector& get_DK() const { return DK; } + const secure_vector& get_DK() const { return DK; } private: void key_schedule(const byte[], size_t); - SecureVector EK, DK; + secure_vector EK, DK; }; } diff --git a/src/block/noekeon_simd/noekeon_simd.cpp b/src/block/noekeon_simd/noekeon_simd.cpp index b2beafc82..2a4c1fd74 100644 --- a/src/block/noekeon_simd/noekeon_simd.cpp +++ b/src/block/noekeon_simd/noekeon_simd.cpp @@ -65,7 +65,7 @@ namespace Botan { */ void Noekeon_SIMD::encrypt_n(const byte in[], byte out[], size_t blocks) const { - const SecureVector& EK = this->get_EK(); + const secure_vector& EK = this->get_EK(); SIMD_32 K0 = SIMD_32(EK[0]); SIMD_32 K1 = SIMD_32(EK[1]); @@ -122,7 +122,7 @@ void Noekeon_SIMD::encrypt_n(const byte in[], byte out[], size_t blocks) const */ void Noekeon_SIMD::decrypt_n(const byte in[], byte out[], size_t blocks) const { - const SecureVector& DK = this->get_DK(); + const secure_vector& DK = this->get_DK(); SIMD_32 K0 = SIMD_32(DK[0]); SIMD_32 K1 = SIMD_32(DK[1]); diff --git a/src/block/rc2/rc2.cpp b/src/block/rc2/rc2.cpp index 071e4e209..98e76ecfc 100644 --- a/src/block/rc2/rc2.cpp +++ b/src/block/rc2/rc2.cpp @@ -124,7 +124,7 @@ void RC2::key_schedule(const byte key[], size_t length) 0xC5, 0xF3, 0xDB, 0x47, 0xE5, 0xA5, 0x9C, 0x77, 0x0A, 0xA6, 0x20, 0x68, 0xFE, 0x7F, 0xC1, 0xAD }; - SecureVector L(128); + secure_vector L(128); copy_mem(&L[0], key, length); for(size_t i = length; i != 128; ++i) diff --git a/src/block/rc2/rc2.h b/src/block/rc2/rc2.h index 1ebad1e73..dc78b06fc 100644 --- a/src/block/rc2/rc2.h +++ b/src/block/rc2/rc2.h @@ -36,7 +36,7 @@ class BOTAN_DLL RC2 : public Block_Cipher_Fixed_Params<8, 1, 32> private: void key_schedule(const byte[], size_t); - SecureVector K; + secure_vector K; }; } diff --git a/src/block/rc5/rc5.cpp b/src/block/rc5/rc5.cpp index 981f73564..1ac421996 100644 --- a/src/block/rc5/rc5.cpp +++ b/src/block/rc5/rc5.cpp @@ -95,7 +95,7 @@ void RC5::key_schedule(const byte key[], size_t length) for(size_t i = 1; i != S.size(); ++i) S[i] = S[i-1] + 0x9E3779B9; - SecureVector K(8); + secure_vector K(8); for(s32bit i = length-1; i >= 0; --i) K[i/4] = (K[i/4] << 8) + key[i]; diff --git a/src/block/rc5/rc5.h b/src/block/rc5/rc5.h index c69705471..bf059a996 100644 --- a/src/block/rc5/rc5.h +++ b/src/block/rc5/rc5.h @@ -35,7 +35,7 @@ class BOTAN_DLL RC5 : public Block_Cipher_Fixed_Params<8, 1, 32> void key_schedule(const byte[], size_t); - SecureVector S; + secure_vector S; }; } diff --git a/src/block/rc6/rc6.cpp b/src/block/rc6/rc6.cpp index 53ca5a7a2..42d00878f 100644 --- a/src/block/rc6/rc6.cpp +++ b/src/block/rc6/rc6.cpp @@ -120,7 +120,7 @@ void RC6::key_schedule(const byte key[], size_t length) for(size_t i = 1; i != S.size(); ++i) S[i] = S[i-1] + 0x9E3779B9; - SecureVector K(8); + secure_vector K(8); for(s32bit i = length-1; i >= 0; --i) K[i/4] = (K[i/4] << 8) + key[i]; diff --git a/src/block/rc6/rc6.h b/src/block/rc6/rc6.h index af7b62316..d3270daf7 100644 --- a/src/block/rc6/rc6.h +++ b/src/block/rc6/rc6.h @@ -29,7 +29,7 @@ class BOTAN_DLL RC6 : public Block_Cipher_Fixed_Params<16, 1, 32> private: void key_schedule(const byte[], size_t); - SecureVector S; + secure_vector S; }; } diff --git a/src/block/safer/safer_sk.cpp b/src/block/safer/safer_sk.cpp index 5275a0781..f5fe4edd7 100644 --- a/src/block/safer/safer_sk.cpp +++ b/src/block/safer/safer_sk.cpp @@ -208,7 +208,7 @@ void SAFER_SK::key_schedule(const byte key[], size_t) 0x07, 0x08, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x11, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; - SecureVector KB(18); + secure_vector KB(18); for(size_t i = 0; i != 8; ++i) { diff --git a/src/block/safer/safer_sk.h b/src/block/safer/safer_sk.h index 564ea5c50..cf8ad90f7 100644 --- a/src/block/safer/safer_sk.h +++ b/src/block/safer/safer_sk.h @@ -34,7 +34,7 @@ class BOTAN_DLL SAFER_SK : public Block_Cipher_Fixed_Params<8, 16> size_t get_rounds() const { return (EK.size() - 8) / 16; } void key_schedule(const byte[], size_t); - SecureVector EK; + secure_vector EK; }; } diff --git a/src/block/seed/seed.cpp b/src/block/seed/seed.cpp index 408220013..40deb18bc 100644 --- a/src/block/seed/seed.cpp +++ b/src/block/seed/seed.cpp @@ -111,7 +111,7 @@ void SEED::key_schedule(const byte key[], size_t) 0x779B99E3, 0xEF3733C6, 0xDE6E678D, 0xBCDCCF1B }; - SecureVector WK(4); + secure_vector WK(4); for(size_t i = 0; i != 4; ++i) WK[i] = load_be(key, i); diff --git a/src/block/seed/seed.h b/src/block/seed/seed.h index 979312930..d5476de82 100644 --- a/src/block/seed/seed.h +++ b/src/block/seed/seed.h @@ -37,7 +37,7 @@ class BOTAN_DLL SEED : public Block_Cipher_Fixed_Params<16, 16> static const u32bit S0[256], S1[256], S2[256], S3[256]; }; - SecureVector K; + secure_vector K; }; } diff --git a/src/block/serpent/serpent.cpp b/src/block/serpent/serpent.cpp index b1e632c29..0f0a4fd63 100644 --- a/src/block/serpent/serpent.cpp +++ b/src/block/serpent/serpent.cpp @@ -358,7 +358,7 @@ void Serpent::key_schedule(const byte key[], size_t length) { const u32bit PHI = 0x9E3779B9; - SecureVector W(140); + secure_vector W(140); for(size_t i = 0; i != length / 4; ++i) W[i] = load_le(key, i); diff --git a/src/block/serpent/serpent.h b/src/block/serpent/serpent.h index df3f039aa..6191e50d7 100644 --- a/src/block/serpent/serpent.h +++ b/src/block/serpent/serpent.h @@ -31,7 +31,7 @@ class BOTAN_DLL Serpent : public Block_Cipher_Fixed_Params<16, 16, 32, 8> * For use by subclasses using SIMD, asm, etc * @return const reference to the key schedule */ - const SecureVector& get_round_keys() const + const secure_vector& get_round_keys() const { return round_key; } /** @@ -45,7 +45,7 @@ class BOTAN_DLL Serpent : public Block_Cipher_Fixed_Params<16, 16, 32, 8> private: void key_schedule(const byte key[], size_t length); - SecureVector round_key; + secure_vector round_key; }; } diff --git a/src/block/serpent_x86_32/serp_x86_32.cpp b/src/block/serpent_x86_32/serp_x86_32.cpp index 4cefe1d65..9566ed8a6 100644 --- a/src/block/serpent_x86_32/serp_x86_32.cpp +++ b/src/block/serpent_x86_32/serp_x86_32.cpp @@ -72,7 +72,7 @@ void Serpent_X86_32::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void Serpent_X86_32::key_schedule(const byte key[], size_t length) { - SecureVector W(140); + secure_vector W(140); for(size_t i = 0; i != length / 4; ++i) W[i] = load_le(key, i); W[length / 4] |= u32bit(1) << ((length%4)*8); diff --git a/src/block/skipjack/skipjack.h b/src/block/skipjack/skipjack.h index 051d35351..9abd10d47 100644 --- a/src/block/skipjack/skipjack.h +++ b/src/block/skipjack/skipjack.h @@ -29,7 +29,7 @@ class BOTAN_DLL Skipjack : public Block_Cipher_Fixed_Params<8, 10> private: void key_schedule(const byte[], size_t); - SecureVector FTAB; + secure_vector FTAB; }; } diff --git a/src/block/square/square.cpp b/src/block/square/square.cpp index ff98c040e..bb9132e10 100644 --- a/src/block/square/square.cpp +++ b/src/block/square/square.cpp @@ -142,7 +142,7 @@ void Square::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void Square::key_schedule(const byte key[], size_t) { - SecureVector XEK(36), XDK(36); + secure_vector XEK(36), XDK(36); for(size_t i = 0; i != 4; ++i) XEK[i] = load_be(key, i); diff --git a/src/block/square/square.h b/src/block/square/square.h index 5147c0383..f40ad0e31 100644 --- a/src/block/square/square.h +++ b/src/block/square/square.h @@ -45,8 +45,8 @@ class BOTAN_DLL Square : public Block_Cipher_Fixed_Params<16, 16> static const u32bit TD2[256]; static const u32bit TD3[256]; - SecureVector EK, DK; - SecureVector ME, MD; + secure_vector EK, DK; + secure_vector ME, MD; }; } diff --git a/src/block/tea/tea.h b/src/block/tea/tea.h index 0290b112f..5d418e084 100644 --- a/src/block/tea/tea.h +++ b/src/block/tea/tea.h @@ -28,7 +28,7 @@ class BOTAN_DLL TEA : public Block_Cipher_Fixed_Params<8, 16> TEA() : K(4) {} private: void key_schedule(const byte[], size_t); - SecureVector K; + secure_vector K; }; } diff --git a/src/block/twofish/twofish.cpp b/src/block/twofish/twofish.cpp index c0735e202..d0a4213fb 100644 --- a/src/block/twofish/twofish.cpp +++ b/src/block/twofish/twofish.cpp @@ -121,7 +121,7 @@ void Twofish::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void Twofish::key_schedule(const byte key[], size_t length) { - SecureVector S(16); + secure_vector S(16); for(size_t i = 0; i != length; ++i) rs_mul(&S[4*(i/8)], key[i], i); diff --git a/src/block/twofish/twofish.h b/src/block/twofish/twofish.h index 7594bdcfd..cd84c6fe0 100644 --- a/src/block/twofish/twofish.h +++ b/src/block/twofish/twofish.h @@ -41,7 +41,7 @@ class BOTAN_DLL Twofish : public Block_Cipher_Fixed_Params<16, 16, 32, 8> static const byte EXP_TO_POLY[255]; static const byte POLY_TO_EXP[255]; - SecureVector SB, RK; + secure_vector SB, RK; }; } diff --git a/src/block/xtea/xtea.cpp b/src/block/xtea/xtea.cpp index 597eedd07..29287e5a0 100644 --- a/src/block/xtea/xtea.cpp +++ b/src/block/xtea/xtea.cpp @@ -123,7 +123,7 @@ void XTEA::decrypt_n(const byte in[], byte out[], size_t blocks) const */ void XTEA::key_schedule(const byte key[], size_t) { - SecureVector UK(4); + secure_vector UK(4); for(size_t i = 0; i != 4; ++i) UK[i] = load_be(key, i); diff --git a/src/block/xtea/xtea.h b/src/block/xtea/xtea.h index 985e9d6d1..2bf544696 100644 --- a/src/block/xtea/xtea.h +++ b/src/block/xtea/xtea.h @@ -30,11 +30,11 @@ class BOTAN_DLL XTEA : public Block_Cipher_Fixed_Params<8, 16> /** * @return const reference to the key schedule */ - const SecureVector& get_EK() const { return EK; } + const secure_vector& get_EK() const { return EK; } private: void key_schedule(const byte[], size_t); - SecureVector EK; + secure_vector EK; }; } diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index d22ae6202..f3babb394 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -1,6 +1,6 @@ macro_name GCC -binary_name g++-4.6.0 +binary_name g++-4.8.0-r187608 compile_option "-c " output_to_option "-o " diff --git a/src/cert/certstore/certstor.cpp b/src/cert/certstore/certstor.cpp index 3cba2f39e..9c383d9e8 100644 --- a/src/cert/certstore/certstor.cpp +++ b/src/cert/certstore/certstor.cpp @@ -28,7 +28,7 @@ void Certificate_Store_Memory::add_certificate(const X509_Certificate& cert) std::vector Certificate_Store_Memory::find_cert_by_subject_and_key_id( const X509_DN& subject_dn, - const MemoryRegion& key_id) const + const std::vector& key_id) const { std::vector result; @@ -37,7 +37,7 @@ Certificate_Store_Memory::find_cert_by_subject_and_key_id( // Only compare key ids if set in both call and in the cert if(key_id.size()) { - MemoryVector skid = certs[i].subject_key_id(); + std::vector skid = certs[i].subject_key_id(); if(skid.size() && skid != key_id) // no match continue; @@ -74,7 +74,7 @@ void Certificate_Store_Memory::add_crl(const X509_CRL& crl) std::vector Certificate_Store_Memory::find_crl_by_subject_and_key_id( const X509_DN& issuer_dn, - const MemoryRegion& key_id) const + const std::vector& key_id) const { std::vector result; @@ -83,7 +83,7 @@ Certificate_Store_Memory::find_crl_by_subject_and_key_id( // Only compare key ids if set in both call and in the CRL if(key_id.size()) { - MemoryVector akid = crls[i].authority_key_id(); + std::vector akid = crls[i].authority_key_id(); if(akid.size() && akid != key_id) // no match continue; diff --git a/src/cert/certstore/certstor.h b/src/cert/certstore/certstor.h index 374013984..a0526e1a6 100644 --- a/src/cert/certstore/certstor.h +++ b/src/cert/certstore/certstor.h @@ -39,7 +39,7 @@ class BOTAN_DLL Certificate_Store virtual std::vector find_cert_by_subject_and_key_id( const X509_DN& subject_dn, - const MemoryRegion& key_id) const = 0; + const std::vector& key_id) const = 0; /** * Find CRLs by the DN and key id of the issuer @@ -47,7 +47,7 @@ class BOTAN_DLL Certificate_Store virtual std::vector find_crl_by_subject_and_key_id( const X509_DN& issuer_dn, - const MemoryRegion& key_id) const = 0; + const std::vector& key_id) const = 0; }; /** @@ -64,11 +64,11 @@ class BOTAN_DLL Certificate_Store_Memory : public Certificate_Store std::vector find_cert_by_subject_and_key_id( const X509_DN& subject_dn, - const MemoryRegion& key_id) const; + const std::vector& key_id) const; std::vector find_crl_by_subject_and_key_id( const X509_DN& issuer_dn, - const MemoryRegion& key_id) const; + const std::vector& key_id) const; Certificate_Store_Memory() {} private: diff --git a/src/cert/cvc/asn1_eac_tm.cpp b/src/cert/cvc/asn1_eac_tm.cpp index 12221b582..a3a4d043d 100644 --- a/src/cert/cvc/asn1_eac_tm.cpp +++ b/src/cert/cvc/asn1_eac_tm.cpp @@ -18,9 +18,9 @@ namespace Botan { namespace { -SecureVector enc_two_digit(u32bit in) +secure_vector enc_two_digit(u32bit in) { - SecureVector result; + secure_vector result; in %= 100; if(in < 10) result.push_back(0x00); @@ -281,9 +281,9 @@ void EAC_Time::decode_from(BER_Decoder& source) /* * make the value an octet string for encoding */ -SecureVector EAC_Time::encoded_eac_time() const +secure_vector EAC_Time::encoded_eac_time() const { - SecureVector result; + secure_vector result; result += enc_two_digit(year); result += enc_two_digit(month); result += enc_two_digit(day); diff --git a/src/cert/cvc/cvc_ado.cpp b/src/cert/cvc/cvc_ado.cpp index 38f51e8dc..f224d15b9 100644 --- a/src/cert/cvc/cvc_ado.cpp +++ b/src/cert/cvc/cvc_ado.cpp @@ -26,7 +26,7 @@ EAC1_1_ADO::EAC1_1_ADO(const std::string& in) void EAC1_1_ADO::force_decode() { - SecureVector inner_cert; + secure_vector inner_cert; BER_Decoder(tbs_bits) .start_cons(ASN1_Tag(33)) .raw_bytes(inner_cert) @@ -34,7 +34,7 @@ void EAC1_1_ADO::force_decode() .decode(m_car) .verify_end(); - SecureVector req_bits = DER_Encoder() + secure_vector req_bits = DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) .raw_bytes(inner_cert) .end_cons() @@ -45,11 +45,11 @@ void EAC1_1_ADO::force_decode() sig_algo = m_req.sig_algo; } -MemoryVector EAC1_1_ADO::make_signed(PK_Signer& signer, - const MemoryRegion& tbs_bits, +std::vector EAC1_1_ADO::make_signed(PK_Signer& signer, + const secure_vector& tbs_bits, RandomNumberGenerator& rng) { - SecureVector concat_sig = signer.sign_message(tbs_bits, rng); + secure_vector concat_sig = signer.sign_message(tbs_bits, rng); return DER_Encoder() .start_cons(ASN1_Tag(7), APPLICATION) @@ -65,11 +65,11 @@ ASN1_Car EAC1_1_ADO::get_car() const } void EAC1_1_ADO::decode_info(DataSource& source, - SecureVector & res_tbs_bits, + secure_vector & res_tbs_bits, ECDSA_Signature & res_sig) { - SecureVector concat_sig; - SecureVector cert_inner_bits; + secure_vector concat_sig; + secure_vector cert_inner_bits; ASN1_Car car; BER_Decoder(source) @@ -81,7 +81,7 @@ void EAC1_1_ADO::decode_info(DataSource& source, .decode(concat_sig, OCTET_STRING, ASN1_Tag(55), APPLICATION) .end_cons(); - SecureVector enc_cert = DER_Encoder() + secure_vector enc_cert = DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) .raw_bytes(cert_inner_bits) .end_cons() @@ -97,7 +97,7 @@ void EAC1_1_ADO::encode(Pipe& out, X509_Encoding encoding) const if(encoding == PEM) throw Invalid_Argument("EAC1_1_ADO::encode() cannot PEM encode an EAC object"); - SecureVector concat_sig( + secure_vector concat_sig( EAC1_1_obj::m_sig.get_concatenation()); out.write(DER_Encoder() @@ -108,7 +108,7 @@ void EAC1_1_ADO::encode(Pipe& out, X509_Encoding encoding) const .get_contents()); } -SecureVector EAC1_1_ADO::tbs_data() const +secure_vector EAC1_1_ADO::tbs_data() const { return tbs_bits; } diff --git a/src/cert/cvc/cvc_ado.h b/src/cert/cvc/cvc_ado.h index 65a39fd91..81b89ea00 100644 --- a/src/cert/cvc/cvc_ado.h +++ b/src/cert/cvc/cvc_ado.h @@ -43,9 +43,9 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj * @param tbs_bits the TBS data to sign * @param rng a random number generator */ - static MemoryVector make_signed( + static std::vector make_signed( PK_Signer& signer, - const MemoryRegion& tbs_bits, + const secure_vector& tbs_bits, RandomNumberGenerator& rng); /** @@ -73,7 +73,7 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj * Get the TBS data of this CVC ADO request. * @result the TBS data */ - SecureVector tbs_data() const; + secure_vector tbs_data() const; virtual ~EAC1_1_ADO() {} private: @@ -82,7 +82,7 @@ class BOTAN_DLL EAC1_1_ADO : public EAC1_1_obj void force_decode(); static void decode_info(DataSource& source, - SecureVector & res_tbs_bits, + secure_vector & res_tbs_bits, ECDSA_Signature & res_sig); }; diff --git a/src/cert/cvc/cvc_cert.cpp b/src/cert/cvc/cvc_cert.cpp index 54f72ecfc..12558bb80 100644 --- a/src/cert/cvc/cvc_cert.cpp +++ b/src/cert/cvc/cvc_cert.cpp @@ -33,8 +33,8 @@ u32bit EAC1_1_CVC::get_chat_value() const */ void EAC1_1_CVC::force_decode() { - SecureVector enc_pk; - SecureVector enc_chat_val; + secure_vector enc_pk; + secure_vector enc_chat_val; size_t cpi; BER_Decoder tbs_cert(tbs_bits); tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION) @@ -88,7 +88,7 @@ bool EAC1_1_CVC::operator==(EAC1_1_CVC const& rhs) const && get_concat_sig() == rhs.get_concat_sig()); } -ECDSA_PublicKey* decode_eac1_1_key(const MemoryRegion&, +ECDSA_PublicKey* decode_eac1_1_key(const secure_vector&, AlgorithmIdentifier&) { throw Internal_Error("decode_eac1_1_key: Unimplemented"); @@ -96,7 +96,7 @@ ECDSA_PublicKey* decode_eac1_1_key(const MemoryRegion&, } EAC1_1_CVC make_cvc_cert(PK_Signer& signer, - MemoryRegion const& public_key, + secure_vector const& public_key, ASN1_Car const& car, ASN1_Chr const& chr, byte holder_auth_templ, @@ -105,12 +105,12 @@ EAC1_1_CVC make_cvc_cert(PK_Signer& signer, RandomNumberGenerator& rng) { OID chat_oid(OIDS::lookup("CertificateHolderAuthorizationTemplate")); - MemoryVector enc_chat_val; + std::vector enc_chat_val; enc_chat_val.push_back(holder_auth_templ); - MemoryVector enc_cpi; + std::vector enc_cpi; enc_cpi.push_back(0x00); - MemoryVector tbs = DER_Encoder() + std::vector tbs = DER_Encoder() .encode(enc_cpi, OCTET_STRING, ASN1_Tag(41), APPLICATION) // cpi .encode(car) .raw_bytes(public_key) @@ -123,7 +123,7 @@ EAC1_1_CVC make_cvc_cert(PK_Signer& signer, .encode(cex) .get_contents(); - MemoryVector signed_cert = + std::vector signed_cert = EAC1_1_CVC::make_signed(signer, EAC1_1_CVC::build_cert_body(tbs), rng); diff --git a/src/cert/cvc/cvc_cert.h b/src/cert/cvc/cvc_cert.h index 69d0d824a..20370e64b 100644 --- a/src/cert/cvc/cvc_cert.h +++ b/src/cert/cvc/cvc_cert.h @@ -96,7 +96,7 @@ inline bool operator!=(EAC1_1_CVC const& lhs, EAC1_1_CVC const& rhs) * @param rng a random number generator */ EAC1_1_CVC BOTAN_DLL make_cvc_cert(PK_Signer& signer, - const MemoryRegion& public_key, + const secure_vector& public_key, ASN1_Car const& car, ASN1_Chr const& chr, byte holder_auth_templ, @@ -107,7 +107,7 @@ EAC1_1_CVC BOTAN_DLL make_cvc_cert(PK_Signer& signer, /** * Decode an EAC encoding ECDSA key */ -BOTAN_DLL ECDSA_PublicKey* decode_eac1_1_key(const MemoryRegion& enc_key, +BOTAN_DLL ECDSA_PublicKey* decode_eac1_1_key(const secure_vector& enc_key, AlgorithmIdentifier& sig_algo); } diff --git a/src/cert/cvc/cvc_gen_cert.h b/src/cert/cvc/cvc_gen_cert.h index ad61b85bf..a272e316f 100644 --- a/src/cert/cvc/cvc_gen_cert.h +++ b/src/cert/cvc/cvc_gen_cert.h @@ -56,14 +56,14 @@ class EAC1_1_gen_CVC : public EAC1_1_obj // CRTP continuation from EAC1 * Get the to-be-signed (TBS) data of this object. * @result the TBS data of this object */ - SecureVector tbs_data() const; + secure_vector tbs_data() const; /** * Build the DER encoded certifcate body of an object * @param tbs the data to be signed * @result the correctly encoded body of the object */ - static SecureVector build_cert_body(MemoryRegion const& tbs); + static secure_vector build_cert_body(secure_vector const& tbs); /** * Create a signed generalized CVC object. @@ -72,9 +72,9 @@ class EAC1_1_gen_CVC : public EAC1_1_obj // CRTP continuation from EAC1 * @param rng a random number generator * @result the DER encoded signed generalized CVC object */ - static MemoryVector make_signed( + static std::vector make_signed( PK_Signer& signer, - const MemoryRegion& tbs_bits, + const secure_vector& tbs_bits, RandomNumberGenerator& rng); EAC1_1_gen_CVC() { m_pk = 0; } @@ -88,7 +88,7 @@ class EAC1_1_gen_CVC : public EAC1_1_obj // CRTP continuation from EAC1 bool self_signed; static void decode_info(DataSource& source, - SecureVector & res_tbs_bits, + secure_vector & res_tbs_bits, ECDSA_Signature & res_sig); }; @@ -104,12 +104,12 @@ template bool EAC1_1_gen_CVC::is_self_signed() const } template -MemoryVector EAC1_1_gen_CVC::make_signed( +std::vector EAC1_1_gen_CVC::make_signed( PK_Signer& signer, - const MemoryRegion& tbs_bits, + const secure_vector& tbs_bits, RandomNumberGenerator& rng) // static { - SecureVector concat_sig = signer.sign_message(tbs_bits, rng); + secure_vector concat_sig = signer.sign_message(tbs_bits, rng); return DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) @@ -125,7 +125,7 @@ Public_Key* EAC1_1_gen_CVC::subject_public_key() const return new ECDSA_PublicKey(*m_pk); } -template SecureVector EAC1_1_gen_CVC::build_cert_body(MemoryRegion const& tbs) +template secure_vector EAC1_1_gen_CVC::build_cert_body(secure_vector const& tbs) { return DER_Encoder() .start_cons(ASN1_Tag(78), APPLICATION) @@ -133,15 +133,15 @@ template SecureVector EAC1_1_gen_CVC::build_cer .end_cons().get_contents(); } -template SecureVector EAC1_1_gen_CVC::tbs_data() const +template secure_vector EAC1_1_gen_CVC::tbs_data() const { return build_cert_body(EAC1_1_obj::tbs_bits); } template void EAC1_1_gen_CVC::encode(Pipe& out, X509_Encoding encoding) const { - SecureVector concat_sig(EAC1_1_obj::m_sig.get_concatenation()); - SecureVector der = DER_Encoder() + secure_vector concat_sig(EAC1_1_obj::m_sig.get_concatenation()); + secure_vector der = DER_Encoder() .start_cons(ASN1_Tag(33), APPLICATION) .start_cons(ASN1_Tag(78), APPLICATION) .raw_bytes(EAC1_1_obj::tbs_bits) @@ -159,10 +159,10 @@ template void EAC1_1_gen_CVC::encode(Pipe& out, X509_ template void EAC1_1_gen_CVC::decode_info( DataSource& source, - SecureVector & res_tbs_bits, + secure_vector & res_tbs_bits, ECDSA_Signature & res_sig) { - SecureVector concat_sig; + secure_vector concat_sig; BER_Decoder(source) .start_cons(ASN1_Tag(33)) .start_cons(ASN1_Tag(78)) diff --git a/src/cert/cvc/cvc_req.cpp b/src/cert/cvc/cvc_req.cpp index ad9e2f4ca..bd7dee3fa 100644 --- a/src/cert/cvc/cvc_req.cpp +++ b/src/cert/cvc/cvc_req.cpp @@ -19,7 +19,7 @@ bool EAC1_1_Req::operator==(EAC1_1_Req const& rhs) const void EAC1_1_Req::force_decode() { - SecureVector enc_pk; + secure_vector enc_pk; BER_Decoder tbs_cert(tbs_bits); size_t cpi; tbs_cert.decode(cpi, ASN1_Tag(41), APPLICATION) diff --git a/src/cert/cvc/cvc_self.cpp b/src/cert/cvc/cvc_self.cpp index 61a1e7b64..e692bc9b8 100644 --- a/src/cert/cvc/cvc_self.cpp +++ b/src/cert/cvc/cvc_self.cpp @@ -34,7 +34,7 @@ void encode_eac_bigint(DER_Encoder& der, const BigInt& x, ASN1_Tag tag) der.encode(BigInt::encode_1363(x, x.bytes()), OCTET_STRING, tag); } -MemoryVector eac_1_1_encoding(const EC_PublicKey* key, +std::vector eac_1_1_encoding(const EC_PublicKey* key, const OID& sig_algo) { if(key->domain_format() == EC_DOMPAR_ENC_OID) @@ -106,7 +106,7 @@ EAC1_1_CVC create_self_signed_cert(Private_Key const& key, PK_Signer signer(*priv_key, padding_and_hash); - MemoryVector enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); + std::vector enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); return make_cvc_cert(signer, enc_public_key, @@ -133,17 +133,17 @@ EAC1_1_Req create_cvc_req(Private_Key const& key, PK_Signer signer(*priv_key, padding_and_hash); - MemoryVector enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); + std::vector enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); - MemoryVector enc_cpi; + std::vector enc_cpi; enc_cpi.push_back(0x00); - MemoryVector tbs = DER_Encoder() + std::vector tbs = DER_Encoder() .encode(enc_cpi, OCTET_STRING, ASN1_Tag(41), APPLICATION) .raw_bytes(enc_public_key) .encode(chr) .get_contents(); - MemoryVector signed_cert = + std::vector signed_cert = EAC1_1_gen_CVC::make_signed(signer, EAC1_1_gen_CVC::build_cert_body(tbs), rng); @@ -166,10 +166,10 @@ EAC1_1_ADO create_ado_req(Private_Key const& key, std::string padding_and_hash = padding_and_hash_from_oid(req.signature_algorithm().oid); PK_Signer signer(*priv_key, padding_and_hash); - SecureVector tbs_bits = req.BER_encode(); + secure_vector tbs_bits = req.BER_encode(); tbs_bits += DER_Encoder().encode(car).get_contents(); - MemoryVector signed_cert = + std::vector signed_cert = EAC1_1_ADO::make_signed(signer, tbs_bits, rng); DataSource_Memory source(signed_cert); @@ -235,7 +235,7 @@ EAC1_1_CVC link_cvca(EAC1_1_CVC const& signer, ECDSA_PublicKey* subj_pk = dynamic_cast(pk.get()); subj_pk->set_parameter_encoding(EC_DOMPAR_ENC_EXPLICIT); - MemoryVector enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); + std::vector enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); return make_cvc_cert(pk_signer, enc_public_key, signer.get_car(), @@ -309,7 +309,7 @@ EAC1_1_CVC sign_request(EAC1_1_CVC const& signer_cert, // (IS cannot sign certificates) } - MemoryVector enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); + std::vector enc_public_key = eac_1_1_encoding(priv_key, sig_algo.oid); return make_cvc_cert(pk_signer, enc_public_key, ASN1_Car(signer_cert.get_chr().iso_8859()), diff --git a/src/cert/cvc/eac_asn_obj.h b/src/cert/cvc/eac_asn_obj.h index 54a9f1517..9937abb01 100644 --- a/src/cert/cvc/eac_asn_obj.h +++ b/src/cert/cvc/eac_asn_obj.h @@ -98,7 +98,7 @@ class BOTAN_DLL EAC_Time : public ASN1_Object virtual ~EAC_Time() {} private: - SecureVector encoded_eac_time() const; + secure_vector encoded_eac_time() const; bool passes_sanity_check() const; u32bit year, month, day; ASN1_Tag tag; diff --git a/src/cert/cvc/eac_obj.h b/src/cert/cvc/eac_obj.h index eb6db3369..39f34b874 100644 --- a/src/cert/cvc/eac_obj.h +++ b/src/cert/cvc/eac_obj.h @@ -24,7 +24,7 @@ class EAC1_1_obj : public EAC_Signed_Object * Return the signature as a concatenation of the encoded parts. * @result the concatenated signature */ - SecureVector get_concat_sig() const + secure_vector get_concat_sig() const { return m_sig.get_concatenation(); } bool check_signature(class Public_Key& key) const diff --git a/src/cert/cvc/ecdsa_sig.cpp b/src/cert/cvc/ecdsa_sig.cpp index e8fd7f051..91166ad79 100644 --- a/src/cert/cvc/ecdsa_sig.cpp +++ b/src/cert/cvc/ecdsa_sig.cpp @@ -10,7 +10,7 @@ namespace Botan { -ECDSA_Signature::ECDSA_Signature(const MemoryRegion& ber) +ECDSA_Signature::ECDSA_Signature(const secure_vector& ber) { BER_Decoder(ber) .start_cons(SEQUENCE) @@ -20,7 +20,7 @@ ECDSA_Signature::ECDSA_Signature(const MemoryRegion& ber) .verify_end(); } -MemoryVector ECDSA_Signature::DER_encode() const +std::vector ECDSA_Signature::DER_encode() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -30,20 +30,20 @@ MemoryVector ECDSA_Signature::DER_encode() const .get_contents(); } -MemoryVector ECDSA_Signature::get_concatenation() const +std::vector ECDSA_Signature::get_concatenation() const { // use the larger const size_t enc_len = m_r > m_s ? m_r.bytes() : m_s.bytes(); - SecureVector sv_r = BigInt::encode_1363(m_r, enc_len); - SecureVector sv_s = BigInt::encode_1363(m_s, enc_len); + secure_vector sv_r = BigInt::encode_1363(m_r, enc_len); + secure_vector sv_s = BigInt::encode_1363(m_s, enc_len); - SecureVector result(sv_r); + secure_vector result(sv_r); result += sv_s; return result; } -ECDSA_Signature decode_concatenation(const MemoryRegion& concat) +ECDSA_Signature decode_concatenation(const secure_vector& concat) { if(concat.size() % 2 != 0) throw Invalid_Argument("Erroneous length of signature"); diff --git a/src/cert/cvc/ecdsa_sig.h b/src/cert/cvc/ecdsa_sig.h index a92052470..a92d5078c 100644 --- a/src/cert/cvc/ecdsa_sig.h +++ b/src/cert/cvc/ecdsa_sig.h @@ -27,7 +27,7 @@ class BOTAN_DLL ECDSA_Signature ECDSA_Signature(const BigInt& r, const BigInt& s) : m_r(r), m_s(s) {} - ECDSA_Signature(const MemoryRegion& ber); + ECDSA_Signature(const secure_vector& ber); const BigInt& get_r() const { return m_r; } const BigInt& get_s() const { return m_s; } @@ -35,9 +35,9 @@ class BOTAN_DLL ECDSA_Signature /** * return the r||s */ - MemoryVector get_concatenation() const; + std::vector get_concatenation() const; - MemoryVector DER_encode() const; + std::vector DER_encode() const; bool operator==(const ECDSA_Signature& other) const { @@ -54,7 +54,7 @@ inline bool operator!=(const ECDSA_Signature& lhs, const ECDSA_Signature& rhs) return !(lhs == rhs); } -ECDSA_Signature decode_concatenation(const MemoryRegion& concatenation); +ECDSA_Signature decode_concatenation(const secure_vector& concatenation); } diff --git a/src/cert/cvc/signed_obj.cpp b/src/cert/cvc/signed_obj.cpp index d6aa2f02b..4f04cd72e 100644 --- a/src/cert/cvc/signed_obj.cpp +++ b/src/cert/cvc/signed_obj.cpp @@ -16,7 +16,7 @@ namespace Botan { /* * Return a BER encoded X.509 object */ -SecureVector EAC_Signed_Object::BER_encode() const +secure_vector EAC_Signed_Object::BER_encode() const { Pipe ber; ber.start_msg(); @@ -46,7 +46,7 @@ AlgorithmIdentifier EAC_Signed_Object::signature_algorithm() const } bool EAC_Signed_Object::check_signature(Public_Key& pub_key, - const MemoryRegion& sig) const + const secure_vector& sig) const { try { @@ -62,7 +62,7 @@ bool EAC_Signed_Object::check_signature(Public_Key& pub_key, Signature_Format format = (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; - SecureVector to_sign = tbs_data(); + secure_vector to_sign = tbs_data(); PK_Verifier verifier(pub_key, padding, format); return verifier.verify_message(to_sign, sig); diff --git a/src/cert/cvc/signed_obj.h b/src/cert/cvc/signed_obj.h index 0c0fb30af..eb0e11848 100644 --- a/src/cert/cvc/signed_obj.h +++ b/src/cert/cvc/signed_obj.h @@ -26,7 +26,7 @@ class BOTAN_DLL EAC_Signed_Object * Get the TBS (to-be-signed) data in this object. * @return DER encoded TBS data of this object */ - virtual SecureVector tbs_data() const = 0; + virtual secure_vector tbs_data() const = 0; /** * Get the signature of this object as a concatenation, i.e. if the @@ -39,7 +39,7 @@ class BOTAN_DLL EAC_Signed_Object NOTE: this is here only because abstract signature objects have not yet been introduced */ - virtual SecureVector get_concat_sig() const = 0; + virtual secure_vector get_concat_sig() const = 0; /** * Get the signature algorithm identifier used to sign this object. @@ -55,7 +55,7 @@ class BOTAN_DLL EAC_Signed_Object * associated with this public key */ bool check_signature(class Public_Key& key, - const MemoryRegion& sig) const; + const secure_vector& sig) const; /** * Write this object DER encoded into a specified pipe. @@ -69,7 +69,7 @@ class BOTAN_DLL EAC_Signed_Object * BER encode this object. * @return result containing the BER representation of this object. */ - SecureVector BER_encode() const; + secure_vector BER_encode() const; /** * PEM encode this object. @@ -83,7 +83,7 @@ class BOTAN_DLL EAC_Signed_Object EAC_Signed_Object() {} AlgorithmIdentifier sig_algo; - SecureVector tbs_bits; + secure_vector tbs_bits; std::string PEM_label_pref; std::vector PEM_labels_allowed; private: diff --git a/src/cert/pkcs10/pkcs10.cpp b/src/cert/pkcs10/pkcs10.cpp index 870a4d3a1..c67f74142 100644 --- a/src/cert/pkcs10/pkcs10.cpp +++ b/src/cert/pkcs10/pkcs10.cpp @@ -34,6 +34,15 @@ PKCS10_Request::PKCS10_Request(const std::string& in) : do_decode(); } +/* +* PKCS10_Request Constructor +*/ +PKCS10_Request::PKCS10_Request(const std::vector& in) : + X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST") + { + do_decode(); + } + /* * Deocde the CertificateRequestInfo */ @@ -59,7 +68,7 @@ void PKCS10_Request::force_decode() info.add("X509.Certificate.public_key", PEM_Code::encode( - ASN1::put_in_sequence(public_key.value), + ASN1::put_in_sequence(unlock(public_key.value)), "PUBLIC KEY" ) ); @@ -136,10 +145,10 @@ X509_DN PKCS10_Request::subject_dn() const /* * Return the public key of the requestor */ -MemoryVector PKCS10_Request::raw_public_key() const +std::vector PKCS10_Request::raw_public_key() const { DataSource_Memory source(info.get1("X509.Certificate.public_key")); - return PEM_Code::decode_check_label(source, "PUBLIC KEY"); + return unlock(PEM_Code::decode_check_label(source, "PUBLIC KEY")); } /* diff --git a/src/cert/pkcs10/pkcs10.h b/src/cert/pkcs10/pkcs10.h index bd01fb6b5..1ab0af7c7 100644 --- a/src/cert/pkcs10/pkcs10.h +++ b/src/cert/pkcs10/pkcs10.h @@ -32,7 +32,7 @@ class BOTAN_DLL PKCS10_Request : public X509_Object * Get the raw DER encoded public key. * @return raw DER encoded public key */ - MemoryVector raw_public_key() const; + std::vector raw_public_key() const; /** * Get the subject DN. @@ -90,6 +90,12 @@ class BOTAN_DLL PKCS10_Request : public X509_Object * encoded request file */ PKCS10_Request(const std::string& filename); + + /** + * Create a PKCS#10 Request from binary data. + * @param vec a std::vector containing the DER value + */ + PKCS10_Request(const std::vector& vec); private: void force_decode(); void handle_attribute(const Attribute&); diff --git a/src/cert/x509ca/x509_ca.cpp b/src/cert/x509ca/x509_ca.cpp index 37b4f44b4..4012a873b 100644 --- a/src/cert/x509ca/x509_ca.cpp +++ b/src/cert/x509ca/x509_ca.cpp @@ -86,7 +86,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, X509_Certificate X509_CA::make_cert(PK_Signer* signer, RandomNumberGenerator& rng, const AlgorithmIdentifier& sig_algo, - const MemoryRegion& pub_key, + const std::vector& pub_key, const X509_Time& not_before, const X509_Time& not_after, const X509_DN& issuer_dn, @@ -98,35 +98,35 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer, BigInt serial_no(rng, SERIAL_BITS); - DataSource_Memory source(X509_Object::make_signed(signer, rng, sig_algo, - DER_Encoder().start_cons(SEQUENCE) - .start_explicit(0) - .encode(X509_CERT_VERSION-1) - .end_explicit() + const std::vector cert = X509_Object::make_signed( + signer, rng, sig_algo, + DER_Encoder().start_cons(SEQUENCE) + .start_explicit(0) + .encode(X509_CERT_VERSION-1) + .end_explicit() - .encode(serial_no) + .encode(serial_no) - .encode(sig_algo) - .encode(issuer_dn) + .encode(sig_algo) + .encode(issuer_dn) - .start_cons(SEQUENCE) - .encode(not_before) - .encode(not_after) - .end_cons() + .start_cons(SEQUENCE) + .encode(not_before) + .encode(not_after) + .end_cons() - .encode(subject_dn) - .raw_bytes(pub_key) + .encode(subject_dn) + .raw_bytes(pub_key) - .start_explicit(3) - .start_cons(SEQUENCE) - .encode(extensions) - .end_cons() - .end_explicit() - .end_cons() - .get_contents() - )); + .start_explicit(3) + .start_cons(SEQUENCE) + .encode(extensions) + .end_cons() + .end_explicit() + .end_cons() + .get_contents()); - return X509_Certificate(source); + return X509_Certificate(cert); } /* @@ -176,29 +176,29 @@ X509_CRL X509_CA::make_crl(const std::vector& revoked, new Cert_Extension::Authority_Key_ID(cert.subject_key_id())); extensions.add(new Cert_Extension::CRL_Number(crl_number)); - DataSource_Memory source(X509_Object::make_signed(signer, rng, ca_sig_algo, - DER_Encoder().start_cons(SEQUENCE) - .encode(X509_CRL_VERSION-1) - .encode(ca_sig_algo) - .encode(cert.issuer_dn()) - .encode(X509_Time(current_time)) - .encode(X509_Time(expire_time)) - .encode_if(revoked.size() > 0, - DER_Encoder() - .start_cons(SEQUENCE) - .encode_list(revoked) - .end_cons() - ) - .start_explicit(0) - .start_cons(SEQUENCE) - .encode(extensions) - .end_cons() - .end_explicit() - .end_cons() - .get_contents() - )); + const std::vector crl = X509_Object::make_signed( + signer, rng, ca_sig_algo, + DER_Encoder().start_cons(SEQUENCE) + .encode(X509_CRL_VERSION-1) + .encode(ca_sig_algo) + .encode(cert.issuer_dn()) + .encode(X509_Time(current_time)) + .encode(X509_Time(expire_time)) + .encode_if(revoked.size() > 0, + DER_Encoder() + .start_cons(SEQUENCE) + .encode_list(revoked) + .end_cons() + ) + .start_explicit(0) + .start_cons(SEQUENCE) + .encode(extensions) + .end_cons() + .end_explicit() + .end_cons() + .get_contents()); - return X509_CRL(source); + return X509_CRL(crl); } /* diff --git a/src/cert/x509ca/x509_ca.h b/src/cert/x509ca/x509_ca.h index 7aca26d03..d37b02eaf 100644 --- a/src/cert/x509ca/x509_ca.h +++ b/src/cert/x509ca/x509_ca.h @@ -82,7 +82,7 @@ class BOTAN_DLL X509_CA static X509_Certificate make_cert(PK_Signer* signer, RandomNumberGenerator& rng, const AlgorithmIdentifier& sig_algo, - const MemoryRegion& pub_key, + const std::vector& pub_key, const X509_Time& not_before, const X509_Time& not_after, const X509_DN& issuer_dn, diff --git a/src/cert/x509cert/x509_ext.cpp b/src/cert/x509cert/x509_ext.cpp index 6e0befaf3..873de4264 100644 --- a/src/cert/x509cert/x509_ext.cpp +++ b/src/cert/x509cert/x509_ext.cpp @@ -114,7 +114,7 @@ void Extensions::decode_from(BER_Decoder& from_source) while(sequence.more_items()) { OID oid; - MemoryVector value; + std::vector value; bool critical; sequence.start_cons(SEQUENCE) @@ -176,7 +176,7 @@ size_t Basic_Constraints::get_path_limit() const /* * Encode the extension */ -MemoryVector Basic_Constraints::encode_inner() const +std::vector Basic_Constraints::encode_inner() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -186,13 +186,13 @@ MemoryVector Basic_Constraints::encode_inner() const .encode_optional(path_limit, NO_CERT_PATH_LIMIT) ) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void Basic_Constraints::decode_inner(const MemoryRegion& in) +void Basic_Constraints::decode_inner(const std::vector& in) { BER_Decoder(in) .start_cons(SEQUENCE) @@ -217,14 +217,14 @@ void Basic_Constraints::contents_to(Data_Store& subject, Data_Store&) const /* * Encode the extension */ -MemoryVector Key_Usage::encode_inner() const +std::vector Key_Usage::encode_inner() const { if(constraints == NO_CONSTRAINTS) throw Encoding_Error("Cannot encode zero usage constraints"); const size_t unused_bits = low_bit(constraints) - 1; - MemoryVector der; + std::vector der; der.push_back(BIT_STRING); der.push_back(2 + ((unused_bits < 8) ? 1 : 0)); der.push_back(unused_bits % 8); @@ -238,7 +238,7 @@ MemoryVector Key_Usage::encode_inner() const /* * Decode the extension */ -void Key_Usage::decode_inner(const MemoryRegion& in) +void Key_Usage::decode_inner(const std::vector& in) { BER_Decoder ber(in); @@ -274,15 +274,15 @@ void Key_Usage::contents_to(Data_Store& subject, Data_Store&) const /* * Encode the extension */ -MemoryVector Subject_Key_ID::encode_inner() const +std::vector Subject_Key_ID::encode_inner() const { - return DER_Encoder().encode(key_id, OCTET_STRING).get_contents(); + return DER_Encoder().encode(key_id, OCTET_STRING).get_contents_unlocked(); } /* * Decode the extension */ -void Subject_Key_ID::decode_inner(const MemoryRegion& in) +void Subject_Key_ID::decode_inner(const std::vector& in) { BER_Decoder(in).decode(key_id, OCTET_STRING).verify_end(); } @@ -298,28 +298,28 @@ void Subject_Key_ID::contents_to(Data_Store& subject, Data_Store&) const /* * Subject_Key_ID Constructor */ -Subject_Key_ID::Subject_Key_ID(const MemoryRegion& pub_key) +Subject_Key_ID::Subject_Key_ID(const std::vector& pub_key) { SHA_160 hash; - key_id = hash.process(pub_key); + key_id = unlock(hash.process(pub_key)); } /* * Encode the extension */ -MemoryVector Authority_Key_ID::encode_inner() const +std::vector Authority_Key_ID::encode_inner() const { return DER_Encoder() .start_cons(SEQUENCE) .encode(key_id, OCTET_STRING, ASN1_Tag(0), CONTEXT_SPECIFIC) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void Authority_Key_ID::decode_inner(const MemoryRegion& in) +void Authority_Key_ID::decode_inner(const std::vector& in) { BER_Decoder(in) .start_cons(SEQUENCE) @@ -338,15 +338,15 @@ void Authority_Key_ID::contents_to(Data_Store&, Data_Store& issuer) const /* * Encode the extension */ -MemoryVector Alternative_Name::encode_inner() const +std::vector Alternative_Name::encode_inner() const { - return DER_Encoder().encode(alt_name).get_contents(); + return DER_Encoder().encode(alt_name).get_contents_unlocked(); } /* * Decode the extension */ -void Alternative_Name::decode_inner(const MemoryRegion& in) +void Alternative_Name::decode_inner(const std::vector& in) { BER_Decoder(in).decode(alt_name); } @@ -404,19 +404,19 @@ Issuer_Alternative_Name::Issuer_Alternative_Name(const AlternativeName& name) : /* * Encode the extension */ -MemoryVector Extended_Key_Usage::encode_inner() const +std::vector Extended_Key_Usage::encode_inner() const { return DER_Encoder() .start_cons(SEQUENCE) .encode_list(oids) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void Extended_Key_Usage::decode_inner(const MemoryRegion& in) +void Extended_Key_Usage::decode_inner(const std::vector& in) { BER_Decoder(in) .start_cons(SEQUENCE) @@ -467,7 +467,7 @@ class Policy_Information : public ASN1_Object /* * Encode the extension */ -MemoryVector Certificate_Policies::encode_inner() const +std::vector Certificate_Policies::encode_inner() const { std::vector policies; @@ -478,13 +478,13 @@ MemoryVector Certificate_Policies::encode_inner() const .start_cons(SEQUENCE) .encode_list(policies) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void Certificate_Policies::decode_inner(const MemoryRegion& in) +void Certificate_Policies::decode_inner(const std::vector& in) { std::vector policies; @@ -530,15 +530,15 @@ CRL_Number* CRL_Number::copy() const /* * Encode the extension */ -MemoryVector CRL_Number::encode_inner() const +std::vector CRL_Number::encode_inner() const { - return DER_Encoder().encode(crl_number).get_contents(); + return DER_Encoder().encode(crl_number).get_contents_unlocked(); } /* * Decode the extension */ -void CRL_Number::decode_inner(const MemoryRegion& in) +void CRL_Number::decode_inner(const std::vector& in) { BER_Decoder(in).decode(crl_number); } @@ -554,17 +554,17 @@ void CRL_Number::contents_to(Data_Store& info, Data_Store&) const /* * Encode the extension */ -MemoryVector CRL_ReasonCode::encode_inner() const +std::vector CRL_ReasonCode::encode_inner() const { return DER_Encoder() .encode(static_cast(reason), ENUMERATED, UNIVERSAL) - .get_contents(); + .get_contents_unlocked(); } /* * Decode the extension */ -void CRL_ReasonCode::decode_inner(const MemoryRegion& in) +void CRL_ReasonCode::decode_inner(const std::vector& in) { size_t reason_code = 0; BER_Decoder(in).decode(reason_code, ENUMERATED, UNIVERSAL); diff --git a/src/cert/x509cert/x509_ext.h b/src/cert/x509cert/x509_ext.h index 8799c5921..ee0e66959 100644 --- a/src/cert/x509cert/x509_ext.h +++ b/src/cert/x509cert/x509_ext.h @@ -56,8 +56,8 @@ class BOTAN_DLL Certificate_Extension protected: friend class Extensions; virtual bool should_encode() const { return true; } - virtual MemoryVector encode_inner() const = 0; - virtual void decode_inner(const MemoryRegion&) = 0; + virtual std::vector encode_inner() const = 0; + virtual void decode_inner(const std::vector&) = 0; }; /** @@ -107,8 +107,8 @@ class BOTAN_DLL Basic_Constraints : public Certificate_Extension std::string config_id() const { return "basic_constraints"; } std::string oid_name() const { return "X509v3.BasicConstraints"; } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; bool is_ca; @@ -131,8 +131,8 @@ class BOTAN_DLL Key_Usage : public Certificate_Extension std::string oid_name() const { return "X509v3.KeyUsage"; } bool should_encode() const { return (constraints != NO_CONSTRAINTS); } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; Key_Constraints constraints; @@ -147,19 +147,19 @@ class BOTAN_DLL Subject_Key_ID : public Certificate_Extension Subject_Key_ID* copy() const { return new Subject_Key_ID(key_id); } Subject_Key_ID() {} - Subject_Key_ID(const MemoryRegion&); + Subject_Key_ID(const std::vector&); - MemoryVector get_key_id() const { return key_id; } + std::vector get_key_id() const { return key_id; } private: std::string config_id() const { return "subject_key_id"; } std::string oid_name() const { return "X509v3.SubjectKeyIdentifier"; } bool should_encode() const { return (key_id.size() > 0); } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; - MemoryVector key_id; + std::vector key_id; }; /** @@ -171,19 +171,19 @@ class BOTAN_DLL Authority_Key_ID : public Certificate_Extension Authority_Key_ID* copy() const { return new Authority_Key_ID(key_id); } Authority_Key_ID() {} - Authority_Key_ID(const MemoryRegion& k) : key_id(k) {} + Authority_Key_ID(const std::vector& k) : key_id(k) {} - MemoryVector get_key_id() const { return key_id; } + std::vector get_key_id() const { return key_id; } private: std::string config_id() const { return "authority_key_id"; } std::string oid_name() const { return "X509v3.AuthorityKeyIdentifier"; } bool should_encode() const { return (key_id.size() > 0); } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; - MemoryVector key_id; + std::vector key_id; }; /** @@ -204,8 +204,8 @@ class BOTAN_DLL Alternative_Name : public Certificate_Extension std::string oid_name() const { return oid_name_str; } bool should_encode() const { return alt_name.has_items(); } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; std::string config_name_str, oid_name_str; @@ -253,8 +253,8 @@ class BOTAN_DLL Extended_Key_Usage : public Certificate_Extension std::string oid_name() const { return "X509v3.ExtendedKeyUsage"; } bool should_encode() const { return (oids.size() > 0); } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; std::vector oids; @@ -278,8 +278,8 @@ class BOTAN_DLL Certificate_Policies : public Certificate_Extension std::string oid_name() const { return "X509v3.CertificatePolicies"; } bool should_encode() const { return (oids.size() > 0); } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; std::vector oids; @@ -302,8 +302,8 @@ class BOTAN_DLL CRL_Number : public Certificate_Extension std::string oid_name() const { return "X509v3.CRLNumber"; } bool should_encode() const { return has_value; } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; bool has_value; @@ -326,8 +326,8 @@ class BOTAN_DLL CRL_ReasonCode : public Certificate_Extension std::string oid_name() const { return "X509v3.ReasonCode"; } bool should_encode() const { return (reason != UNSPECIFIED); } - MemoryVector encode_inner() const; - void decode_inner(const MemoryRegion&); + std::vector encode_inner() const; + void decode_inner(const std::vector&); void contents_to(Data_Store&, Data_Store&) const; CRL_Code reason; diff --git a/src/cert/x509cert/x509_obj.cpp b/src/cert/x509cert/x509_obj.cpp index eff8e2543..5de4049ba 100644 --- a/src/cert/x509cert/x509_obj.cpp +++ b/src/cert/x509cert/x509_obj.cpp @@ -27,7 +27,7 @@ X509_Object::X509_Object(DataSource& stream, const std::string& labels) } /* -* Createa a generic X.509 object +* Create a generic X.509 object */ X509_Object::X509_Object(const std::string& file, const std::string& labels) { @@ -35,6 +35,15 @@ X509_Object::X509_Object(const std::string& file, const std::string& labels) init(stream, labels); } +/* +* Create a generic X.509 object +*/ +X509_Object::X509_Object(const std::vector& vec, const std::string& labels) + { + DataSource_Memory stream(&vec[0], vec.size()); + init(stream, labels); + } + /* * Read a PEM or BER X.509 object */ @@ -97,7 +106,7 @@ void X509_Object::encode(Pipe& out, X509_Encoding encoding) const /* * Return a BER encoded X.509 object */ -MemoryVector X509_Object::BER_encode() const +std::vector X509_Object::BER_encode() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -107,7 +116,7 @@ MemoryVector X509_Object::BER_encode() const .encode(sig_algo) .encode(sig, BIT_STRING) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* @@ -121,7 +130,7 @@ std::string X509_Object::PEM_encode() const /* * Return the TBS data */ -MemoryVector X509_Object::tbs_data() const +std::vector X509_Object::tbs_data() const { return ASN1::put_in_sequence(tbs_bits); } @@ -129,7 +138,7 @@ MemoryVector X509_Object::tbs_data() const /* * Return the signature of this object */ -MemoryVector X509_Object::signature() const +std::vector X509_Object::signature() const { return sig; } @@ -201,10 +210,10 @@ bool X509_Object::check_signature(Public_Key& pub_key) const /* * Apply the X.509 SIGNED macro */ -MemoryVector X509_Object::make_signed(PK_Signer* signer, +std::vector X509_Object::make_signed(PK_Signer* signer, RandomNumberGenerator& rng, const AlgorithmIdentifier& algo, - const MemoryRegion& tbs_bits) + const secure_vector& tbs_bits) { return DER_Encoder() .start_cons(SEQUENCE) @@ -212,7 +221,7 @@ MemoryVector X509_Object::make_signed(PK_Signer* signer, .encode(algo) .encode(signer->sign_message(tbs_bits, rng), BIT_STRING) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* diff --git a/src/cert/x509cert/x509_obj.h b/src/cert/x509cert/x509_obj.h index 570b00f51..26c9e22bf 100644 --- a/src/cert/x509cert/x509_obj.h +++ b/src/cert/x509cert/x509_obj.h @@ -27,12 +27,12 @@ class BOTAN_DLL X509_Object * The underlying data that is to be or was signed * @return data that is or was signed */ - MemoryVector tbs_data() const; + std::vector tbs_data() const; /** * @return signature on tbs_data() */ - MemoryVector signature() const; + std::vector signature() const; /** * @return signature algorithm that was used to generate signature @@ -52,10 +52,10 @@ class BOTAN_DLL X509_Object * @param tbs the tbs bits to be signed * @return signed X509 object */ - static MemoryVector make_signed(class PK_Signer* signer, - RandomNumberGenerator& rng, - const AlgorithmIdentifier& alg_id, - const MemoryRegion& tbs); + static std::vector make_signed(class PK_Signer* signer, + RandomNumberGenerator& rng, + const AlgorithmIdentifier& alg_id, + const secure_vector& tbs); /** * Check the signature on this data @@ -75,7 +75,7 @@ class BOTAN_DLL X509_Object /** * @return BER encoding of this */ - MemoryVector BER_encode() const; + std::vector BER_encode() const; /** * @return PEM encoding of this @@ -95,15 +95,17 @@ class BOTAN_DLL X509_Object protected: X509_Object(DataSource& src, const std::string& pem_labels); X509_Object(const std::string& file, const std::string& pem_labels); + X509_Object(const std::vector& vec, const std::string& labels); void do_decode(); X509_Object() {} AlgorithmIdentifier sig_algo; - MemoryVector tbs_bits, sig; + std::vector tbs_bits, sig; private: virtual void force_decode() = 0; void init(DataSource&, const std::string&); void decode_info(DataSource&); + std::vector PEM_labels_allowed; std::string PEM_label_pref; }; diff --git a/src/cert/x509cert/x509cert.cpp b/src/cert/x509cert/x509cert.cpp index 4cff28c39..8dc4b8b0c 100644 --- a/src/cert/x509cert/x509cert.cpp +++ b/src/cert/x509cert/x509cert.cpp @@ -57,6 +57,16 @@ X509_Certificate::X509_Certificate(const std::string& in) : do_decode(); } +/* +* X509_Certificate Constructor +*/ +X509_Certificate::X509_Certificate(const std::vector& in) : + X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") + { + self_signed = false; + do_decode(); + } + /* * Decode the TBSCertificate data */ @@ -97,7 +107,7 @@ void X509_Certificate::force_decode() throw BER_Bad_Tag("X509_Certificate: Unexpected tag for public key", public_key.type_tag, public_key.class_tag); - MemoryVector v2_issuer_key_id, v2_subject_key_id; + std::vector v2_issuer_key_id, v2_subject_key_id; tbs_cert.decode_optional_string(v2_issuer_key_id, BIT_STRING, 1); tbs_cert.decode_optional_string(v2_subject_key_id, BIT_STRING, 2); @@ -129,7 +139,7 @@ void X509_Certificate::force_decode() subject.add("X509.Certificate.public_key", PEM_Code::encode( - ASN1::put_in_sequence(public_key.value), + ASN1::put_in_sequence(unlock(public_key.value)), "PUBLIC KEY" ) ); @@ -243,7 +253,7 @@ std::vector X509_Certificate::policies() const /* * Return the authority key id */ -MemoryVector X509_Certificate::authority_key_id() const +std::vector X509_Certificate::authority_key_id() const { return issuer.get1_memvec("X509v3.AuthorityKeyIdentifier"); } @@ -251,7 +261,7 @@ MemoryVector X509_Certificate::authority_key_id() const /* * Return the subject key id */ -MemoryVector X509_Certificate::subject_key_id() const +std::vector X509_Certificate::subject_key_id() const { return subject.get1_memvec("X509v3.SubjectKeyIdentifier"); } @@ -259,7 +269,7 @@ MemoryVector X509_Certificate::subject_key_id() const /* * Return the certificate serial number */ -MemoryVector X509_Certificate::serial_number() const +std::vector X509_Certificate::serial_number() const { return subject.get1_memvec("X509.Certificate.serial"); } diff --git a/src/cert/x509cert/x509cert.h b/src/cert/x509cert/x509cert.h index 26c57e524..87a8069d6 100644 --- a/src/cert/x509cert/x509cert.h +++ b/src/cert/x509cert/x509cert.h @@ -85,19 +85,19 @@ class BOTAN_DLL X509_Certificate : public X509_Object * Get the serial number of this certificate. * @return certificates serial number */ - MemoryVector serial_number() const; + std::vector serial_number() const; /** * Get the DER encoded AuthorityKeyIdentifier of this certificate. * @return DER encoded AuthorityKeyIdentifier */ - MemoryVector authority_key_id() const; + std::vector authority_key_id() const; /** * Get the DER encoded SubjectKeyIdentifier of this certificate. * @return DER encoded SubjectKeyIdentifier */ - MemoryVector subject_key_id() const; + std::vector subject_key_id() const; /** * Check whether this certificate is self signed. @@ -176,6 +176,9 @@ class BOTAN_DLL X509_Certificate : public X509_Object * @param filename the name of the certificate file */ X509_Certificate(const std::string& filename); + + X509_Certificate(const std::vector& in); + private: void force_decode(); friend class X509_CA; diff --git a/src/cert/x509crl/crl_ent.h b/src/cert/x509crl/crl_ent.h index b3e696a86..f80fbb862 100644 --- a/src/cert/x509crl/crl_ent.h +++ b/src/cert/x509crl/crl_ent.h @@ -25,7 +25,7 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object * Get the serial number of the certificate associated with this entry. * @return certificate's serial number */ - MemoryVector serial_number() const { return serial; } + std::vector serial_number() const { return serial; } /** * Get the revocation date of the certificate associated with this entry @@ -54,7 +54,7 @@ class BOTAN_DLL CRL_Entry : public ASN1_Object private: bool throw_on_unknown_critical; - MemoryVector serial; + std::vector serial; X509_Time time; CRL_Code reason; }; diff --git a/src/cert/x509crl/x509_crl.cpp b/src/cert/x509crl/x509_crl.cpp index 72da81fce..7b0d03453 100644 --- a/src/cert/x509crl/x509_crl.cpp +++ b/src/cert/x509crl/x509_crl.cpp @@ -32,6 +32,12 @@ X509_CRL::X509_CRL(const std::string& in, bool touc) : do_decode(); } +X509_CRL::X509_CRL(const std::vector& in, bool touc) : + X509_Object(in, "CRL/X509 CRL"), throw_on_unknown_critical(touc) + { + do_decode(); + } + /* * Decode the TBSCertList data */ @@ -115,7 +121,7 @@ X509_DN X509_CRL::issuer_dn() const /* * Return the key identifier of the issuer */ -MemoryVector X509_CRL::authority_key_id() const +std::vector X509_CRL::authority_key_id() const { return info.get1_memvec("X509v3.AuthorityKeyIdentifier"); } diff --git a/src/cert/x509crl/x509_crl.h b/src/cert/x509crl/x509_crl.h index c2b3c4f5c..37076169e 100644 --- a/src/cert/x509crl/x509_crl.h +++ b/src/cert/x509crl/x509_crl.h @@ -45,7 +45,7 @@ class BOTAN_DLL X509_CRL : public X509_Object * Get the AuthorityKeyIdentifier of this CRL. * @return this CRLs AuthorityKeyIdentifier */ - MemoryVector authority_key_id() const; + std::vector authority_key_id() const; /** * Get the serial number of this CRL. @@ -81,6 +81,16 @@ class BOTAN_DLL X509_CRL : public X509_Object */ X509_CRL(const std::string& filename, bool throw_on_unknown_critical = false); + + /** + * Construct a CRL from a binary vector + * @param vec the binary (DER) representation of the CRL + * @param throw_on_unknown_critical should we throw an exception + * if an unknown CRL extension marked as critical is encountered. + */ + X509_CRL(const std::vector& vec, + bool throw_on_unknown_critical = false); + private: void force_decode(); diff --git a/src/cert/x509self/x509self.cpp b/src/cert/x509self/x509self.cpp index c100ee825..c13772382 100644 --- a/src/cert/x509self/x509self.cpp +++ b/src/cert/x509self/x509self.cpp @@ -53,7 +53,7 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, opts.sanity_check(); - MemoryVector pub_key = X509::BER_encode(key); + std::vector pub_key = X509::BER_encode(key); std::unique_ptr signer(choose_sig_format(key, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); @@ -99,7 +99,7 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, opts.sanity_check(); - MemoryVector pub_key = X509::BER_encode(key); + std::vector pub_key = X509::BER_encode(key); std::unique_ptr signer(choose_sig_format(key, hash_fn, sig_algo)); load_info(opts, subject_dn, subject_alt); @@ -134,7 +134,7 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, tbs_req.encode( Attribute("PKCS9.ChallengePassword", - DER_Encoder().encode(challenge).get_contents() + DER_Encoder().encode(challenge).get_contents_unlocked() ) ); } @@ -145,20 +145,17 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, .start_cons(SEQUENCE) .encode(extensions) .end_cons() - .get_contents() + .get_contents_unlocked() ) ) .end_explicit() .end_cons(); - DataSource_Memory source( - X509_Object::make_signed(signer.get(), - rng, - sig_algo, - tbs_req.get_contents()) - ); + const std::vector req = + X509_Object::make_signed(signer.get(), rng, sig_algo, + tbs_req.get_contents()); - return PKCS10_Request(source); + return PKCS10_Request(req); } } diff --git a/src/cert/x509store/x509stor.cpp b/src/cert/x509store/x509stor.cpp index a635b3930..ccce9abce 100644 --- a/src/cert/x509store/x509stor.cpp +++ b/src/cert/x509store/x509stor.cpp @@ -36,8 +36,8 @@ s32bit validity_check(const X509_Time& start, const X509_Time& end, /* * Compare the value of unique ID fields */ -bool compare_ids(const MemoryVector& id1, - const MemoryVector& id2) +bool compare_ids(const std::vector& id1, + const std::vector& id2) { if(!id1.size() || !id2.size()) return true; @@ -136,10 +136,10 @@ bool X509_Store::CRL_Data::operator<(const X509_Store::CRL_Data& other) const if(*this == other) return false; - const MemoryVector& serial1 = serial; - const MemoryVector& key_id1 = auth_key_id; - const MemoryVector& serial2 = other.serial; - const MemoryVector& key_id2 = other.auth_key_id; + const std::vector& serial1 = serial; + const std::vector& key_id1 = auth_key_id; + const std::vector& serial2 = other.serial; + const std::vector& key_id2 = other.auth_key_id; if(compare_ids(key_id1, key_id2) == false) { @@ -252,7 +252,7 @@ X509_Code X509_Store::validate_cert(const X509_Certificate& cert, * Find this certificate */ size_t X509_Store::find_cert(const X509_DN& subject_dn, - const MemoryRegion& subject_key_id) const + const std::vector& subject_key_id) const { for(size_t j = 0; j != certs.size(); ++j) { @@ -270,7 +270,7 @@ size_t X509_Store::find_cert(const X509_DN& subject_dn, size_t X509_Store::find_parent_of(const X509_Certificate& cert) { const X509_DN issuer_dn = cert.issuer_dn(); - const MemoryVector auth_key_id = cert.authority_key_id(); + const std::vector auth_key_id = cert.authority_key_id(); size_t index = find_cert(issuer_dn, auth_key_id); diff --git a/src/cert/x509store/x509stor.h b/src/cert/x509store/x509stor.h index 532db6190..3945f9fd3 100644 --- a/src/cert/x509store/x509stor.h +++ b/src/cert/x509store/x509stor.h @@ -87,7 +87,7 @@ class BOTAN_DLL X509_Store { public: X509_DN issuer; - MemoryVector serial, auth_key_id; + std::vector serial, auth_key_id; bool operator==(const CRL_Data&) const; bool operator!=(const CRL_Data&) const; bool operator<(const CRL_Data&) const; @@ -112,7 +112,7 @@ class BOTAN_DLL X509_Store static X509_Code check_sig(const X509_Object&, Public_Key*); - size_t find_cert(const X509_DN&, const MemoryRegion&) const; + size_t find_cert(const X509_DN&, const std::vector&) const; X509_Code check_sig(const Cert_Info&, const Cert_Info&) const; void recompute_revoked_info() const; diff --git a/src/cms/cms_algo.cpp b/src/cms/cms_algo.cpp index 3c245cc6f..6d768306b 100644 --- a/src/cms/cms_algo.cpp +++ b/src/cms/cms_algo.cpp @@ -23,10 +23,10 @@ namespace { /* * Wrap a key as specified in RFC 3217 */ -SecureVector do_rfc3217_wrap(RandomNumberGenerator& rng, +secure_vector do_rfc3217_wrap(RandomNumberGenerator& rng, const std::string& cipher_name, const SymmetricKey& kek, - const SecureVector& input) + const secure_vector& input) { class Flip_Bytes : public Filter { @@ -44,9 +44,9 @@ SecureVector do_rfc3217_wrap(RandomNumberGenerator& rng, buf.clear(); } - Flip_Bytes(const SecureVector& prefix) : buf(prefix) {} + Flip_Bytes(const secure_vector& prefix) : buf(prefix) {} private: - SecureVector buf; + secure_vector buf; }; Algorithm_Factory& af = global_state().algorithm_factory(); @@ -78,7 +78,7 @@ SecureVector do_rfc3217_wrap(RandomNumberGenerator& rng, /* * Wrap a CEK with a KEK */ -SecureVector CMS_Encoder::wrap_key(RandomNumberGenerator& rng, +secure_vector CMS_Encoder::wrap_key(RandomNumberGenerator& rng, const std::string& cipher, const SymmetricKey& cek, const SymmetricKey& kek) @@ -98,7 +98,7 @@ SecureVector CMS_Encoder::wrap_key(RandomNumberGenerator& rng, if(kek.length() != 16) throw Encoding_Error("CMS: 128-bit KEKs must be used with " + cipher); - SecureVector lcekpad; + secure_vector lcekpad; lcekpad.push_back(static_cast(cek.length())); lcekpad += cek.bits_of(); while(lcekpad.size() % 8) @@ -113,7 +113,7 @@ SecureVector CMS_Encoder::wrap_key(RandomNumberGenerator& rng, /* * Encode the parameters for an encryption algo */ -SecureVector CMS_Encoder::encode_params(const std::string& cipher, +secure_vector CMS_Encoder::encode_params(const std::string& cipher, const SymmetricKey& key, const InitializationVector& iv) { diff --git a/src/cms/cms_comp.cpp b/src/cms/cms_comp.cpp index 3d9108e13..8ff46acea 100644 --- a/src/cms/cms_comp.cpp +++ b/src/cms/cms_comp.cpp @@ -37,13 +37,13 @@ void CMS_Encoder::compress(const std::string& algo) Pipe pipe(compressor); pipe.process_msg(data); - SecureVector compressed = pipe.read_all(); + secure_vector compressed = pipe.read_all(); DER_Encoder encoder; encoder.start_cons(SEQUENCE). encode(static_cast(0)). encode(AlgorithmIdentifier("Compression." + algo, - MemoryVector())). + std::vector())). raw_bytes(make_econtent(compressed, type)). end_cons(); diff --git a/src/cms/cms_dalg.cpp b/src/cms/cms_dalg.cpp index 9fb5a29f2..96bdd5be3 100644 --- a/src/cms/cms_dalg.cpp +++ b/src/cms/cms_dalg.cpp @@ -20,7 +20,7 @@ namespace { /* * Compute the hash of some content */ -SecureVector hash_of(const SecureVector& content, +secure_vector hash_of(const secure_vector& content, const AlgorithmIdentifier& hash_algo, std::string& hash_name) { @@ -106,11 +106,11 @@ void read_orig_info(BER_Decoder& info, X509_Store& store) /* * Decode any Attributes, and check type */ -SecureVector decode_attributes(BER_Decoder& ber, const OID& type, +secure_vector decode_attributes(BER_Decoder& ber, const OID& type, bool& bad_attributes) { BER_Object obj = ber.get_next_object(); - SecureVector digest; + secure_vector digest; bool got_digest = false; bool got_content_type = false; @@ -178,7 +178,7 @@ void CMS_Decoder::decode_layer() { size_t version; AlgorithmIdentifier hash_algo; - SecureVector digest; + secure_vector digest; BER_Decoder hash_info = decoder.start_cons(SEQUENCE); @@ -213,7 +213,7 @@ void CMS_Decoder::decode_layer() while(signer_infos.more_items()) { AlgorithmIdentifier sig_algo, hash_algo; - SecureVector signature, digest; + secure_vector signature, digest; size_t version; BER_Decoder signer_info = BER::get_subsequence(signer_infos); diff --git a/src/cms/cms_dec.h b/src/cms/cms_dec.h index 8aa5c0edb..8c2057c2a 100644 --- a/src/cms/cms_dec.h +++ b/src/cms/cms_dec.h @@ -52,7 +52,7 @@ class BOTAN_DLL CMS_Decoder std::vector keys; OID type, next_type; - SecureVector data; + secure_vector data; Status status; std::string info; }; diff --git a/src/cms/cms_ealg.cpp b/src/cms/cms_ealg.cpp index 2acffa5f7..4c3fd98fc 100644 --- a/src/cms/cms_ealg.cpp +++ b/src/cms/cms_ealg.cpp @@ -53,7 +53,7 @@ DER_Encoder& encode_si(DER_Encoder& der, const X509_Certificate& cert, /* * Compute the hash of some content */ -SecureVector hash_of(const SecureVector& content, +secure_vector hash_of(const secure_vector& content, const std::string& hash_name) { Algorithm_Factory& af = global_state().algorithm_factory(); @@ -64,11 +64,11 @@ SecureVector hash_of(const SecureVector& content, /* * Encode Attributes containing info on content */ -SecureVector encode_attr(const SecureVector& data, +secure_vector encode_attr(const secure_vector& data, const std::string& type, const std::string& hash) { - SecureVector digest = hash_of(data, hash); + secure_vector digest = hash_of(data, hash); DER_Encoder encoder; encoder.encode(OIDS::lookup(type)); @@ -198,7 +198,7 @@ void CMS_Encoder::encrypt(RandomNumberGenerator& rng, const std::string cipher = choose_algo(user_cipher, "TripleDES"); SymmetricKey cek = setup_key(rng, cipher); - SecureVector kek_id; // FIXME: ? + secure_vector kek_id; // FIXME: ? DER_Encoder encoder; @@ -244,7 +244,7 @@ void CMS_Encoder::encrypt(RandomNumberGenerator&, /* * Encrypt the content with the chosen key/cipher */ -SecureVector CMS_Encoder::do_encrypt(RandomNumberGenerator& rng, +secure_vector CMS_Encoder::do_encrypt(RandomNumberGenerator& rng, const SymmetricKey& key, const std::string& cipher_name) { @@ -297,9 +297,9 @@ void CMS_Encoder::sign(const X509_Certificate& cert, AlgorithmIdentifier sig_algo(OIDS::lookup(key.algo_name() + "/" + padding), AlgorithmIdentifier::USE_NULL_PARAM); - SecureVector signed_attr = encode_attr(data, type, hash); + secure_vector signed_attr = encode_attr(data, type, hash); signer.update(signed_attr); - SecureVector signature = signer.signature(rng); + secure_vector signature = signer.signature(rng); signed_attr[0] = 0xA0; const size_t SI_VERSION = cert.subject_key_id().size() ? 3 : 1; diff --git a/src/cms/cms_enc.cpp b/src/cms/cms_enc.cpp index 1a45a6a46..58d7cabb6 100644 --- a/src/cms/cms_enc.cpp +++ b/src/cms/cms_enc.cpp @@ -36,7 +36,7 @@ void CMS_Encoder::set_data(const std::string& str) /* * Finalize and return the CMS encoded data */ -SecureVector CMS_Encoder::get_contents() +secure_vector CMS_Encoder::get_contents() { DER_Encoder encoder; @@ -72,7 +72,7 @@ std::string CMS_Encoder::PEM_contents() /* * Make an EncapsulatedContentInfo */ -SecureVector CMS_Encoder::make_econtent(const SecureVector& data, +secure_vector CMS_Encoder::make_econtent(const secure_vector& data, const std::string& type) { return DER_Encoder().start_cons(SEQUENCE). diff --git a/src/cms/cms_enc.h b/src/cms/cms_enc.h index 5dca838dd..c86dbe58e 100644 --- a/src/cms/cms_enc.h +++ b/src/cms/cms_enc.h @@ -47,7 +47,7 @@ class BOTAN_DLL CMS_Encoder void compress(const std::string&); static bool can_compress_with(const std::string&); - SecureVector get_contents(); + secure_vector get_contents(); std::string PEM_contents(); void set_data(const std::string&); @@ -65,25 +65,25 @@ class BOTAN_DLL CMS_Encoder const X509_Certificate&, Public_Key*, const std::string&); - SecureVector do_encrypt(RandomNumberGenerator& rng, + secure_vector do_encrypt(RandomNumberGenerator& rng, const SymmetricKey&, const std::string&); - static SecureVector make_econtent(const SecureVector&, + static secure_vector make_econtent(const secure_vector&, const std::string&); static SymmetricKey setup_key(RandomNumberGenerator& rng, const std::string&); - static SecureVector wrap_key(RandomNumberGenerator& rng, + static secure_vector wrap_key(RandomNumberGenerator& rng, const std::string&, const SymmetricKey&, const SymmetricKey&); - static SecureVector encode_params(const std::string&, + static secure_vector encode_params(const std::string&, const SymmetricKey&, const InitializationVector&); - SecureVector data; + secure_vector data; std::string type; }; diff --git a/src/codec/base64/base64.cpp b/src/codec/base64/base64.cpp index 6a53a7a9a..719a3e8fa 100644 --- a/src/codec/base64/base64.cpp +++ b/src/codec/base64/base64.cpp @@ -92,11 +92,6 @@ std::string base64_encode(const byte input[], return output; } -std::string base64_encode(const MemoryRegion& input) - { - return base64_encode(&input[0], input.size()); - } - size_t base64_decode(byte output[], const char input[], size_t input_length, @@ -226,11 +221,11 @@ size_t base64_decode(byte output[], return base64_decode(output, &input[0], input.length(), ignore_ws); } -SecureVector base64_decode(const char input[], +secure_vector base64_decode(const char input[], size_t input_length, bool ignore_ws) { - SecureVector bin((round_up(input_length, 4) * 3) / 4); + secure_vector bin((round_up(input_length, 4) * 3) / 4); size_t written = base64_decode(&bin[0], input, @@ -241,7 +236,7 @@ SecureVector base64_decode(const char input[], return bin; } -SecureVector base64_decode(const std::string& input, +secure_vector base64_decode(const std::string& input, bool ignore_ws) { return base64_decode(&input[0], input.size(), ignore_ws); diff --git a/src/codec/base64/base64.h b/src/codec/base64/base64.h index 23a2558bd..9ea4143b7 100644 --- a/src/codec/base64/base64.h +++ b/src/codec/base64/base64.h @@ -46,7 +46,11 @@ std::string BOTAN_DLL base64_encode(const byte input[], * @param input some input * @return base64adecimal representation of input */ -std::string BOTAN_DLL base64_encode(const MemoryRegion& input); +template +std::string base64_encode(const std::vector& input) + { + return base64_encode(&input[0], input.size()); + } /** * Perform base64 decoding @@ -104,7 +108,7 @@ size_t BOTAN_DLL base64_decode(byte output[], exception if whitespace is encountered * @return decoded base64 output */ -SecureVector BOTAN_DLL base64_decode(const char input[], +secure_vector BOTAN_DLL base64_decode(const char input[], size_t input_length, bool ignore_ws = true); @@ -115,7 +119,7 @@ SecureVector BOTAN_DLL base64_decode(const char input[], exception if whitespace is encountered * @return decoded base64 output */ -SecureVector BOTAN_DLL base64_decode(const std::string& input, +secure_vector BOTAN_DLL base64_decode(const std::string& input, bool ignore_ws = true); } diff --git a/src/codec/hex/hex.cpp b/src/codec/hex/hex.cpp index 41ba1298d..1fd32e2ed 100644 --- a/src/codec/hex/hex.cpp +++ b/src/codec/hex/hex.cpp @@ -34,12 +34,6 @@ void hex_encode(char output[], } } -std::string hex_encode(const MemoryRegion& input, - bool uppercase) - { - return hex_encode(&input[0], input.size(), uppercase); - } - std::string hex_encode(const byte input[], size_t input_length, bool uppercase) @@ -165,11 +159,11 @@ size_t hex_decode(byte output[], return hex_decode(output, &input[0], input.length(), ignore_ws); } -SecureVector hex_decode(const char input[], +secure_vector hex_decode(const char input[], size_t input_length, bool ignore_ws) { - SecureVector bin(1 + input_length / 2); + secure_vector bin(1 + input_length / 2); size_t written = hex_decode(&bin[0], input, @@ -180,7 +174,7 @@ SecureVector hex_decode(const char input[], return bin; } -SecureVector hex_decode(const std::string& input, +secure_vector hex_decode(const std::string& input, bool ignore_ws) { return hex_decode(&input[0], input.size(), ignore_ws); diff --git a/src/codec/hex/hex.h b/src/codec/hex/hex.h index 40930e808..bdb5e5365 100644 --- a/src/codec/hex/hex.h +++ b/src/codec/hex/hex.h @@ -42,8 +42,12 @@ std::string BOTAN_DLL hex_encode(const byte input[], * @param uppercase should output be upper or lower case? * @return hexadecimal representation of input */ -std::string BOTAN_DLL hex_encode(const MemoryRegion& input, - bool uppercase = true); +template +std::string hex_encode(const std::vector& input, + bool uppercase = true) + { + return hex_encode(&input[0], input.size(), uppercase); + } /** * Perform hex decoding @@ -98,7 +102,7 @@ size_t BOTAN_DLL hex_decode(byte output[], exception if whitespace is encountered * @return decoded hex output */ -SecureVector BOTAN_DLL hex_decode(const char input[], +secure_vector BOTAN_DLL hex_decode(const char input[], size_t input_length, bool ignore_ws = true); @@ -109,8 +113,8 @@ SecureVector BOTAN_DLL hex_decode(const char input[], exception if whitespace is encountered * @return decoded hex output */ -SecureVector BOTAN_DLL hex_decode(const std::string& input, - bool ignore_ws = true); +secure_vector BOTAN_DLL hex_decode(const std::string& input, + bool ignore_ws = true); } diff --git a/src/codec/openpgp/openpgp.cpp b/src/codec/openpgp/openpgp.cpp index ab9673689..fe6ac6edf 100644 --- a/src/codec/openpgp/openpgp.cpp +++ b/src/codec/openpgp/openpgp.cpp @@ -67,7 +67,7 @@ std::string PGP_encode(const byte input[], size_t length, /* * OpenPGP Base64 decoding */ -SecureVector PGP_decode(DataSource& source, +secure_vector PGP_decode(DataSource& source, std::string& label, std::map& headers) { @@ -186,7 +186,7 @@ SecureVector PGP_decode(DataSource& source, /* * OpenPGP Base64 decoding */ -SecureVector PGP_decode(DataSource& source, std::string& label) +secure_vector PGP_decode(DataSource& source, std::string& label) { std::map ignored; return PGP_decode(source, label, ignored); diff --git a/src/codec/openpgp/openpgp.h b/src/codec/openpgp/openpgp.h index 0cd77d53a..de56155f2 100644 --- a/src/codec/openpgp/openpgp.h +++ b/src/codec/openpgp/openpgp.h @@ -42,7 +42,7 @@ BOTAN_DLL std::string PGP_encode( * @param headers is set to any headers * @return decoded output as raw binary */ -BOTAN_DLL SecureVector PGP_decode( +BOTAN_DLL secure_vector PGP_decode( DataSource& source, std::string& label, std::map& headers); @@ -52,7 +52,7 @@ BOTAN_DLL SecureVector PGP_decode( * @param label is set to the human-readable label * @return decoded output as raw binary */ -BOTAN_DLL SecureVector PGP_decode( +BOTAN_DLL secure_vector PGP_decode( DataSource& source, std::string& label); diff --git a/src/codec/pem/pem.cpp b/src/codec/pem/pem.cpp index 52a22d8ef..03ec33440 100644 --- a/src/codec/pem/pem.cpp +++ b/src/codec/pem/pem.cpp @@ -27,23 +27,14 @@ std::string encode(const byte der[], size_t length, const std::string& label, return (PEM_HEADER + pipe.read_all_as_string() + PEM_TRAILER); } -/* -* PEM encode BER/DER-encoded objects -*/ -std::string encode(const MemoryRegion& data, const std::string& label, - size_t width) - { - return encode(&data[0], data.size(), label, width); - } - /* * Decode PEM down to raw BER/DER */ -SecureVector decode_check_label(DataSource& source, +secure_vector decode_check_label(DataSource& source, const std::string& label_want) { std::string label_got; - SecureVector ber = decode(source, label_got); + secure_vector ber = decode(source, label_got); if(label_got != label_want) throw Decoding_Error("PEM: Label mismatch, wanted " + label_want + ", got " + label_got); @@ -53,7 +44,7 @@ SecureVector decode_check_label(DataSource& source, /* * Decode PEM down to raw BER/DER */ -SecureVector decode(DataSource& source, std::string& label) +secure_vector decode(DataSource& source, std::string& label) { const size_t RANDOM_CHAR_LIMIT = 8; @@ -110,14 +101,14 @@ SecureVector decode(DataSource& source, std::string& label) return base64.read_all(); } -SecureVector decode_check_label(const std::string& pem, +secure_vector decode_check_label(const std::string& pem, const std::string& label_want) { DataSource_Memory src(pem); return decode_check_label(src, label_want); } -SecureVector decode(const std::string& pem, std::string& label) +secure_vector decode(const std::string& pem, std::string& label) { DataSource_Memory src(pem); return decode(src, label); @@ -131,7 +122,7 @@ bool matches(DataSource& source, const std::string& extra, { const std::string PEM_HEADER = "-----BEGIN " + extra; - SecureVector search_buf(search_range); + secure_vector search_buf(search_range); size_t got = source.peek(&search_buf[0], search_buf.size(), 0); if(got < PEM_HEADER.length()) diff --git a/src/codec/pem/pem.h b/src/codec/pem/pem.h index 10267f029..6c33c642d 100644 --- a/src/codec/pem/pem.h +++ b/src/codec/pem/pem.h @@ -17,37 +17,50 @@ namespace PEM_Code { /** * Encode some binary data in PEM format */ -BOTAN_DLL std::string encode(const byte der[], - size_t der_len, +BOTAN_DLL std::string encode(const byte data[], + size_t data_len, const std::string& label, size_t line_width = 64); /** * Encode some binary data in PEM format */ -BOTAN_DLL std::string encode(const MemoryRegion& der, - const std::string& label, - size_t line_width = 64); +inline std::string encode(const std::vector& data, + const std::string& label, + size_t line_width = 64) + { + return encode(&data[0], data.size(), label, line_width); + } + +/** +* Encode some binary data in PEM format +*/ +inline std::string encode(const secure_vector& data, + const std::string& label, + size_t line_width = 64) + { + return encode(&data[0], data.size(), label, line_width); + } /** * Decode PEM data * @param label is set to the PEM label found for later inspection */ -BOTAN_DLL SecureVector decode(DataSource& pem, +BOTAN_DLL secure_vector decode(DataSource& pem, std::string& label); /** * Decode PEM data * @param label is set to the PEM label found for later inspection */ -BOTAN_DLL SecureVector decode(const std::string& pem, +BOTAN_DLL secure_vector decode(const std::string& pem, std::string& label); /** * Decode PEM data * @param label is what we expect the label to be */ -BOTAN_DLL SecureVector decode_check_label( +BOTAN_DLL secure_vector decode_check_label( DataSource& pem, const std::string& label); @@ -55,7 +68,7 @@ BOTAN_DLL SecureVector decode_check_label( * Decode PEM data * @param label is what we expect the label to be */ -BOTAN_DLL SecureVector decode_check_label( +BOTAN_DLL secure_vector decode_check_label( const std::string& pem, const std::string& label); diff --git a/src/constructs/aont/package.cpp b/src/constructs/aont/package.cpp index 4d46f6b61..1adee90e8 100644 --- a/src/constructs/aont/package.cpp +++ b/src/constructs/aont/package.cpp @@ -37,7 +37,7 @@ void aont_package(RandomNumberGenerator& rng, // Set K0 (the all zero key) cipher->set_key(SymmetricKey(all_zeros)); - SecureVector buf(BLOCK_SIZE); + secure_vector buf(BLOCK_SIZE); const size_t blocks = (input_len + BLOCK_SIZE - 1) / BLOCK_SIZE; @@ -57,13 +57,13 @@ void aont_package(RandomNumberGenerator& rng, for(size_t j = 0; j != sizeof(i); ++j) buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i); - cipher->encrypt(buf); + cipher->encrypt(&buf[0]); - xor_buf(final_block, buf, BLOCK_SIZE); + xor_buf(&final_block[0], &buf[0], BLOCK_SIZE); } // XOR the random package key into the final block - xor_buf(final_block, package_key.begin(), BLOCK_SIZE); + xor_buf(&final_block[0], package_key.begin(), BLOCK_SIZE); } void aont_unpackage(BlockCipher* cipher, @@ -83,8 +83,8 @@ void aont_unpackage(BlockCipher* cipher, cipher->set_key(SymmetricKey(all_zeros)); - SecureVector package_key(BLOCK_SIZE); - SecureVector buf(BLOCK_SIZE); + secure_vector package_key(BLOCK_SIZE); + secure_vector buf(BLOCK_SIZE); // Copy the package key (masked with the block hashes) copy_mem(&package_key[0], @@ -105,9 +105,9 @@ void aont_unpackage(BlockCipher* cipher, for(size_t j = 0; j != sizeof(i); ++j) buf[BLOCK_SIZE - 1 - j] ^= get_byte(sizeof(i)-1-j, i); - cipher->encrypt(buf); + cipher->encrypt(&buf[0]); - xor_buf(&package_key[0], buf, BLOCK_SIZE); + xor_buf(&package_key[0], &buf[0], BLOCK_SIZE); } Pipe pipe(new StreamCipher_Filter(new CTR_BE(cipher), package_key)); diff --git a/src/constructs/cryptobox/cryptobox.cpp b/src/constructs/cryptobox/cryptobox.cpp index ab263c3e9..bb7bf353c 100644 --- a/src/constructs/cryptobox/cryptobox.cpp +++ b/src/constructs/cryptobox/cryptobox.cpp @@ -44,7 +44,7 @@ std::string encrypt(const byte input[], size_t input_len, const std::string& passphrase, RandomNumberGenerator& rng) { - SecureVector pbkdf_salt(PBKDF_SALT_LEN); + secure_vector pbkdf_salt(PBKDF_SALT_LEN); rng.randomize(&pbkdf_salt[0], pbkdf_salt.size()); PKCS5_PBKDF2 pbkdf(new HMAC(new SHA_512)); @@ -79,10 +79,10 @@ std::string encrypt(const byte input[], size_t input_len, */ const size_t ciphertext_len = pipe.remaining(0); - SecureVector out_buf(VERSION_CODE_LEN + - PBKDF_SALT_LEN + - MAC_OUTPUT_LEN + - ciphertext_len); + std::vector out_buf(VERSION_CODE_LEN + + PBKDF_SALT_LEN + + MAC_OUTPUT_LEN + + ciphertext_len); for(size_t i = 0; i != VERSION_CODE_LEN; ++i) out_buf[i] = get_byte(i, CRYPTOBOX_VERSION_CODE); @@ -100,7 +100,7 @@ std::string decrypt(const byte input[], size_t input_len, const std::string& passphrase) { DataSource_Memory input_src(input, input_len); - SecureVector ciphertext = + secure_vector ciphertext = PEM_Code::decode_check_label(input_src, "BOTAN CRYPTOBOX MESSAGE"); diff --git a/src/constructs/fpe_fe1/fpe_fe1.cpp b/src/constructs/fpe_fe1/fpe_fe1.cpp index 91d328c17..b22d3a8df 100644 --- a/src/constructs/fpe_fe1/fpe_fe1.cpp +++ b/src/constructs/fpe_fe1/fpe_fe1.cpp @@ -84,7 +84,7 @@ class FPE_Encryptor public: FPE_Encryptor(const SymmetricKey& key, const BigInt& n, - const MemoryRegion& tweak); + const std::vector& tweak); ~FPE_Encryptor() { delete mac; } @@ -92,17 +92,17 @@ class FPE_Encryptor private: MessageAuthenticationCode* mac; - SecureVector mac_n_t; + std::vector mac_n_t; }; FPE_Encryptor::FPE_Encryptor(const SymmetricKey& key, const BigInt& n, - const MemoryRegion& tweak) + const std::vector& tweak) { mac = new HMAC(new SHA_256); mac->set_key(key); - SecureVector n_bin = BigInt::encode(n); + std::vector n_bin = BigInt::encode(n); if(n_bin.size() > MAX_N_BYTES) throw std::runtime_error("N is too large for FPE encryption"); @@ -113,12 +113,12 @@ FPE_Encryptor::FPE_Encryptor(const SymmetricKey& key, mac->update_be(static_cast(tweak.size())); mac->update(&tweak[0], tweak.size()); - mac_n_t = mac->final(); + mac_n_t = unlock(mac->final()); } BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R) { - SecureVector r_bin = BigInt::encode(R); + secure_vector r_bin = BigInt::encode_locked(R); mac->update(mac_n_t); mac->update_be(static_cast(round_no)); @@ -126,7 +126,7 @@ BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R) mac->update_be(static_cast(r_bin.size())); mac->update(&r_bin[0], r_bin.size()); - SecureVector X = mac->final(); + secure_vector X = mac->final(); return BigInt(&X[0], X.size()); } @@ -137,7 +137,7 @@ BigInt FPE_Encryptor::operator()(size_t round_no, const BigInt& R) */ BigInt fe1_encrypt(const BigInt& n, const BigInt& X0, const SymmetricKey& key, - const MemoryRegion& tweak) + const std::vector& tweak) { FPE_Encryptor F(key, n, tweak); @@ -165,7 +165,7 @@ BigInt fe1_encrypt(const BigInt& n, const BigInt& X0, */ BigInt fe1_decrypt(const BigInt& n, const BigInt& X0, const SymmetricKey& key, - const MemoryRegion& tweak) + const std::vector& tweak) { FPE_Encryptor F(key, n, tweak); diff --git a/src/constructs/fpe_fe1/fpe_fe1.h b/src/constructs/fpe_fe1/fpe_fe1.h index da9a6bcb6..66e7f1cfa 100644 --- a/src/constructs/fpe_fe1/fpe_fe1.h +++ b/src/constructs/fpe_fe1/fpe_fe1.h @@ -24,7 +24,7 @@ namespace FPE { */ BigInt BOTAN_DLL fe1_encrypt(const BigInt& n, const BigInt& X, const SymmetricKey& key, - const MemoryRegion& tweak); + const std::vector& tweak); /** * Decrypt X from and onto the group Z_n using key and tweak @@ -35,7 +35,7 @@ BigInt BOTAN_DLL fe1_encrypt(const BigInt& n, const BigInt& X, */ BigInt BOTAN_DLL fe1_decrypt(const BigInt& n, const BigInt& X, const SymmetricKey& key, - const MemoryRegion& tweak); + const std::vector& tweak); } diff --git a/src/constructs/rfc3394/rfc3394.cpp b/src/constructs/rfc3394/rfc3394.cpp index db6420ff3..cfe95f40b 100644 --- a/src/constructs/rfc3394/rfc3394.cpp +++ b/src/constructs/rfc3394/rfc3394.cpp @@ -32,9 +32,9 @@ BlockCipher* make_aes(size_t keylength, } -SecureVector rfc3394_keywrap(const MemoryRegion& key, - const SymmetricKey& kek, - Algorithm_Factory& af) +secure_vector rfc3394_keywrap(const secure_vector& key, + const SymmetricKey& kek, + Algorithm_Factory& af) { if(key.size() % 8 != 0) throw std::invalid_argument("Bad input key size for NIST key wrap"); @@ -44,13 +44,13 @@ SecureVector rfc3394_keywrap(const MemoryRegion& key, const size_t n = key.size() / 8; - SecureVector R((n + 1) * 8); - SecureVector A(16); + secure_vector R((n + 1) * 8); + secure_vector A(16); for(size_t i = 0; i != 8; ++i) A[i] = 0xA6; - copy_mem(&R[8], key.begin(), key.size()); + copy_mem(&R[8], &key[0], key.size()); for(size_t j = 0; j <= 5; ++j) { @@ -74,7 +74,7 @@ SecureVector rfc3394_keywrap(const MemoryRegion& key, return R; } -SecureVector rfc3394_keyunwrap(const MemoryRegion& key, +secure_vector rfc3394_keyunwrap(const secure_vector& key, const SymmetricKey& kek, Algorithm_Factory& af) { @@ -86,13 +86,13 @@ SecureVector rfc3394_keyunwrap(const MemoryRegion& key, const size_t n = (key.size() - 8) / 8; - SecureVector R(n * 8); - SecureVector A(16); + secure_vector R(n * 8); + secure_vector A(16); for(size_t i = 0; i != 8; ++i) A[i] = key[i]; - copy_mem(&R[0], key.begin() + 8, key.size() - 8); + copy_mem(&R[0], &key[8], key.size() - 8); for(size_t j = 0; j <= 5; ++j) { diff --git a/src/constructs/rfc3394/rfc3394.h b/src/constructs/rfc3394/rfc3394.h index 645586ee2..febd5207e 100644 --- a/src/constructs/rfc3394/rfc3394.h +++ b/src/constructs/rfc3394/rfc3394.h @@ -23,7 +23,7 @@ class Algorithm_Factory; * @param af an algorithm factory * @return key encrypted under kek */ -SecureVector BOTAN_DLL rfc3394_keywrap(const MemoryRegion& key, +secure_vector BOTAN_DLL rfc3394_keywrap(const secure_vector& key, const SymmetricKey& kek, Algorithm_Factory& af); @@ -36,7 +36,7 @@ SecureVector BOTAN_DLL rfc3394_keywrap(const MemoryRegion& key, * @param af an algorithm factory * @return key decrypted under kek */ -SecureVector BOTAN_DLL rfc3394_keyunwrap(const MemoryRegion& key, +secure_vector BOTAN_DLL rfc3394_keyunwrap(const secure_vector& key, const SymmetricKey& kek, Algorithm_Factory& af); diff --git a/src/constructs/srp6/srp6.cpp b/src/constructs/srp6/srp6.cpp index 0eccdc154..569454350 100644 --- a/src/constructs/srp6/srp6.cpp +++ b/src/constructs/srp6/srp6.cpp @@ -48,7 +48,7 @@ BigInt hash_seq(const std::string& hash_id, BigInt compute_x(const std::string& hash_id, const std::string& identifier, const std::string& password, - const MemoryRegion& salt) + const std::vector& salt) { std::unique_ptr hash_fn( global_state().algorithm_factory().make_hash_function(hash_id)); @@ -57,12 +57,12 @@ BigInt compute_x(const std::string& hash_id, hash_fn->update(":"); hash_fn->update(password); - SecureVector inner_h = hash_fn->final(); + secure_vector inner_h = hash_fn->final(); hash_fn->update(salt); hash_fn->update(inner_h); - SecureVector outer_h = hash_fn->final(); + secure_vector outer_h = hash_fn->final(); return BigInt::decode(outer_h); } @@ -97,7 +97,7 @@ srp6_client_agree(const std::string& identifier, const std::string& password, const std::string& group_id, const std::string& hash_id, - const MemoryRegion& salt, + const std::vector& salt, const BigInt& B, RandomNumberGenerator& rng) { @@ -129,7 +129,7 @@ srp6_client_agree(const std::string& identifier, BigInt generate_srp6_verifier(const std::string& identifier, const std::string& password, - const MemoryRegion& salt, + const std::vector& salt, const std::string& group_id, const std::string& hash_id) { diff --git a/src/constructs/srp6/srp6.h b/src/constructs/srp6/srp6.h index 4fd127c70..b34253d7a 100644 --- a/src/constructs/srp6/srp6.h +++ b/src/constructs/srp6/srp6.h @@ -33,7 +33,7 @@ BOTAN_DLL srp6_client_agree(const std::string& username, const std::string& password, const std::string& group_id, const std::string& hash_id, - const MemoryRegion& salt, + const std::vector& salt, const BigInt& B, RandomNumberGenerator& rng); @@ -45,7 +45,7 @@ BOTAN_DLL srp6_client_agree(const std::string& username, */ BigInt BOTAN_DLL generate_srp6_verifier(const std::string& identifier, const std::string& password, - const MemoryRegion& salt, + const std::vector& salt, const std::string& group_id, const std::string& hash_id); diff --git a/src/constructs/srp6/srp6_files.cpp b/src/constructs/srp6/srp6_files.cpp index bc321745f..4df2986f3 100644 --- a/src/constructs/srp6/srp6_files.cpp +++ b/src/constructs/srp6/srp6_files.cpp @@ -31,7 +31,7 @@ SRP6_Authenticator_File::SRP6_Authenticator_File(const std::string& filename) std::string username = parts[0]; BigInt v = BigInt::decode(base64_decode(parts[1])); - MemoryVector salt = base64_decode(parts[2]); + std::vector salt = unlock(base64_decode(parts[2])); BigInt group_id_idx = BigInt::decode(base64_decode(parts[3])); std::string group_id; @@ -51,7 +51,7 @@ SRP6_Authenticator_File::SRP6_Authenticator_File(const std::string& filename) bool SRP6_Authenticator_File::lookup_user(const std::string& username, BigInt& v, - MemoryRegion& salt, + std::vector& salt, std::string& group_id) const { std::map::const_iterator i = entries.find(username); diff --git a/src/constructs/srp6/srp6_files.h b/src/constructs/srp6/srp6_files.h index 4e3293423..4e0d3ff02 100644 --- a/src/constructs/srp6/srp6_files.h +++ b/src/constructs/srp6/srp6_files.h @@ -28,7 +28,7 @@ class BOTAN_DLL SRP6_Authenticator_File bool lookup_user(const std::string& username, BigInt& v, - MemoryRegion& salt, + std::vector& salt, std::string& group_id) const; private: struct SRP6_Data @@ -36,12 +36,12 @@ class BOTAN_DLL SRP6_Authenticator_File SRP6_Data() {} SRP6_Data(const BigInt& v, - const MemoryRegion& salt, + const std::vector& salt, const std::string& group_id) : v(v), salt(salt), group_id(group_id) {} BigInt v; - MemoryVector salt; + std::vector salt; std::string group_id; }; diff --git a/src/constructs/tss/tss.cpp b/src/constructs/tss/tss.cpp index cc34216f3..e002084a1 100644 --- a/src/constructs/tss/tss.cpp +++ b/src/constructs/tss/tss.cpp @@ -150,7 +150,7 @@ RTSS_Share::split(byte M, byte N, shares[i].contents.push_back(i+1); // secret = S || H(S) - SecureVector secret(S, S_len); + secure_vector secret(S, S + S_len); secret += hash.process(S, S_len); for(size_t i = 0; i != secret.size(); ++i) @@ -178,7 +178,7 @@ RTSS_Share::split(byte M, byte N, return shares; } -SecureVector +secure_vector RTSS_Share::reconstruct(const std::vector& shares) { const size_t RTSS_HEADER_SIZE = 20; @@ -211,7 +211,7 @@ RTSS_Share::reconstruct(const std::vector& shares) throw Decoding_Error("Bad RTSS length field in header"); std::vector V(shares.size()); - SecureVector secret; + secure_vector secret; for(size_t i = RTSS_HEADER_SIZE + 1; i != shares[0].size(); ++i) { @@ -250,13 +250,13 @@ RTSS_Share::reconstruct(const std::vector& shares) throw Decoding_Error("Bad length in RTSS output"); hash->update(&secret[0], secret_len); - SecureVector hash_check = hash->final(); + secure_vector hash_check = hash->final(); if(!same_mem(&hash_check[0], &secret[secret_len], hash->output_length())) throw Decoding_Error("RTSS hash check failed"); - return SecureVector(&secret[0], secret_len); + return secure_vector(&secret[0], &secret[secret_len]); } } diff --git a/src/constructs/tss/tss.h b/src/constructs/tss/tss.h index 297c65971..4664af317 100644 --- a/src/constructs/tss/tss.h +++ b/src/constructs/tss/tss.h @@ -38,7 +38,7 @@ class BOTAN_DLL RTSS_Share /** * @param shares the list of shares */ - static SecureVector + static secure_vector reconstruct(const std::vector& shares); RTSS_Share() {} @@ -68,7 +68,7 @@ class BOTAN_DLL RTSS_Share */ bool initialized() const { return (contents.size() > 0); } private: - SecureVector contents; + secure_vector contents; }; } diff --git a/src/credentials/credentials_manager.cpp b/src/credentials/credentials_manager.cpp index 07d2979f9..6013fe4ea 100644 --- a/src/credentials/credentials_manager.cpp +++ b/src/credentials/credentials_manager.cpp @@ -54,7 +54,7 @@ bool Credentials_Manager::srp_verifier(const std::string&, const std::string&, std::string&, BigInt&, - MemoryRegion&, + std::vector&, bool) { return false; diff --git a/src/credentials/credentials_manager.h b/src/credentials/credentials_manager.h index 67da07eec..57ebd8b38 100644 --- a/src/credentials/credentials_manager.h +++ b/src/credentials/credentials_manager.h @@ -81,7 +81,7 @@ class BOTAN_DLL Credentials_Manager const std::string& identifier, std::string& group_name, BigInt& verifier, - MemoryRegion& salt, + std::vector& salt, bool generate_fake_on_unknown); /** diff --git a/src/engine/gnump/gmp_wrap.h b/src/engine/gnump/gmp_wrap.h index fc7aa856e..0a786f3ee 100644 --- a/src/engine/gnump/gmp_wrap.h +++ b/src/engine/gnump/gmp_wrap.h @@ -25,7 +25,7 @@ class GMP_MPZ void encode(byte[], size_t) const; size_t bytes() const; - SecureVector to_bytes() const + secure_vector to_bytes() const { return BigInt::encode(to_bigint()); } GMP_MPZ& operator=(const GMP_MPZ&); diff --git a/src/engine/gnump/gnump_pk.cpp b/src/engine/gnump/gnump_pk.cpp index 25735fe55..b2a2f9352 100644 --- a/src/engine/gnump/gnump_pk.cpp +++ b/src/engine/gnump/gnump_pk.cpp @@ -38,7 +38,7 @@ class GMP_DH_KA_Operation : public PK_Ops::Key_Agreement GMP_DH_KA_Operation(const DH_PrivateKey& dh) : x(dh.get_x()), p(dh.group_p()) {} - SecureVector agree(const byte w[], size_t w_len) + secure_vector agree(const byte w[], size_t w_len) { GMP_MPZ z(w, w_len); mpz_powm(z.value, z.value, x.value, p.value); @@ -66,14 +66,14 @@ class GMP_DSA_Signature_Operation : public PK_Ops::Signature size_t message_part_size() const { return (q_bits + 7) / 8; } size_t max_input_bits() const { return q_bits; } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: const GMP_MPZ x, p, q, g; size_t q_bits; }; -SecureVector +secure_vector GMP_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -104,7 +104,7 @@ GMP_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, if(mpz_cmp_ui(r.value, 0) == 0 || mpz_cmp_ui(s.value, 0) == 0) throw Internal_Error("GMP_DSA_Op::sign: r or s was zero"); - SecureVector output(2*q_bytes); + secure_vector output(2*q_bytes); r.encode(output, q_bytes); s.encode(output + q_bytes, q_bytes); return output; @@ -192,7 +192,7 @@ class GMP_RSA_Private_Operation : public PK_Ops::Signature, size_t max_input_bits() const { return (n_bits - 1); } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator&) { BigInt m(msg, msg_len); @@ -200,7 +200,7 @@ class GMP_RSA_Private_Operation : public PK_Ops::Signature, return BigInt::encode_1363(x, (n_bits + 7) / 8); } - SecureVector decrypt(const byte msg[], size_t msg_len) + secure_vector decrypt(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); return BigInt::encode(private_op(m)); @@ -238,14 +238,14 @@ class GMP_RSA_Public_Operation : public PK_Ops::Verification, size_t max_input_bits() const { return (n.bits() - 1); } bool with_recovery() const { return true; } - SecureVector encrypt(const byte msg[], size_t msg_len, + secure_vector encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector verify_mr(const byte msg[], size_t msg_len) + secure_vector verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); return BigInt::encode(public_op(m)); diff --git a/src/engine/openssl/bn_wrap.cpp b/src/engine/openssl/bn_wrap.cpp index 779956824..0ac31f61b 100644 --- a/src/engine/openssl/bn_wrap.cpp +++ b/src/engine/openssl/bn_wrap.cpp @@ -15,7 +15,7 @@ namespace Botan { OSSL_BN::OSSL_BN(const BigInt& in) { value = BN_new(); - SecureVector encoding = BigInt::encode(in); + secure_vector encoding = BigInt::encode(in); if(in != 0) BN_bin2bn(encoding, encoding.size(), value); } @@ -75,7 +75,7 @@ size_t OSSL_BN::bytes() const */ BigInt OSSL_BN::to_bigint() const { - SecureVector out(bytes()); + secure_vector out(bytes()); BN_bn2bin(value, out); return BigInt::decode(out); } diff --git a/src/engine/openssl/bn_wrap.h b/src/engine/openssl/bn_wrap.h index c5c07a35c..177dbd8c7 100644 --- a/src/engine/openssl/bn_wrap.h +++ b/src/engine/openssl/bn_wrap.h @@ -25,7 +25,7 @@ class OSSL_BN void encode(byte[], size_t) const; size_t bytes() const; - SecureVector to_bytes() const + secure_vector to_bytes() const { return BigInt::encode(to_bigint()); } OSSL_BN& operator=(const OSSL_BN&); diff --git a/src/engine/openssl/ossl_bc.cpp b/src/engine/openssl/ossl_bc.cpp index 36f78205f..d419f56be 100644 --- a/src/engine/openssl/ossl_bc.cpp +++ b/src/engine/openssl/ossl_bc.cpp @@ -123,7 +123,7 @@ void EVP_BlockCipher::decrypt_n(const byte in[], byte out[], */ void EVP_BlockCipher::key_schedule(const byte key[], size_t length) { - SecureVector full_key(key, length); + secure_vector full_key(key, length); if(cipher_name == "TripleDES" && length == 16) { diff --git a/src/engine/openssl/ossl_pk.cpp b/src/engine/openssl/ossl_pk.cpp index 23ae6b25d..2557ec297 100644 --- a/src/engine/openssl/ossl_pk.cpp +++ b/src/engine/openssl/ossl_pk.cpp @@ -36,7 +36,7 @@ class OSSL_DH_KA_Operation : public PK_Ops::Key_Agreement OSSL_DH_KA_Operation(const DH_PrivateKey& dh) : x(dh.get_x()), p(dh.group_p()) {} - SecureVector agree(const byte w[], size_t w_len) + secure_vector agree(const byte w[], size_t w_len) { OSSL_BN i(w, w_len), r; BN_mod_exp(r.value, i.value, x.value, p.value, ctx.value); @@ -65,7 +65,7 @@ class OSSL_DSA_Signature_Operation : public PK_Ops::Signature size_t message_part_size() const { return (q_bits + 7) / 8; } size_t max_input_bits() const { return q_bits; } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: const OSSL_BN x, p, q, g; @@ -73,7 +73,7 @@ class OSSL_DSA_Signature_Operation : public PK_Ops::Signature size_t q_bits; }; -SecureVector +secure_vector OSSL_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -103,7 +103,7 @@ OSSL_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, if(BN_is_zero(r.value) || BN_is_zero(s.value)) throw Internal_Error("OpenSSL_DSA_Op::sign: r or s was zero"); - SecureVector output(2*q_bytes); + secure_vector output(2*q_bytes); r.encode(output, q_bytes); s.encode(output + q_bytes, q_bytes); return output; @@ -191,7 +191,7 @@ class OSSL_RSA_Private_Operation : public PK_Ops::Signature, size_t max_input_bits() const { return (n_bits - 1); } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator&) { BigInt m(msg, msg_len); @@ -199,7 +199,7 @@ class OSSL_RSA_Private_Operation : public PK_Ops::Signature, return BigInt::encode_1363(x, (n_bits + 7) / 8); } - SecureVector decrypt(const byte msg[], size_t msg_len) + secure_vector decrypt(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); return BigInt::encode(private_op(m)); @@ -237,14 +237,14 @@ class OSSL_RSA_Public_Operation : public PK_Ops::Verification, size_t max_input_bits() const { return (n.bits() - 1); } bool with_recovery() const { return true; } - SecureVector encrypt(const byte msg[], size_t msg_len, + secure_vector encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector verify_mr(const byte msg[], size_t msg_len) + secure_vector verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); return BigInt::encode(public_op(m)); diff --git a/src/entropy/cryptoapi_rng/es_capi.cpp b/src/entropy/cryptoapi_rng/es_capi.cpp index c9069ce65..a706b4d5c 100644 --- a/src/entropy/cryptoapi_rng/es_capi.cpp +++ b/src/entropy/cryptoapi_rng/es_capi.cpp @@ -55,7 +55,7 @@ class CSP_Handle */ void Win32_CAPI_EntropySource::poll(Entropy_Accumulator& accum) { - MemoryRegion& io_buffer = accum.get_io_buffer(32); + secure_vector& io_buffer = accum.get_io_buffer(32); for(size_t i = 0; i != prov_types.size(); ++i) { diff --git a/src/entropy/dev_random/dev_random.cpp b/src/entropy/dev_random/dev_random.cpp index 9e4f0b373..d92176ce9 100644 --- a/src/entropy/dev_random/dev_random.cpp +++ b/src/entropy/dev_random/dev_random.cpp @@ -111,7 +111,7 @@ void Device_EntropySource::poll(Entropy_Accumulator& accum) accum.desired_remaining_bits() / ENTROPY_BITS_PER_BYTE, 32); const size_t read_wait_ms = std::max(go_get, 100); - MemoryRegion& io_buffer = accum.get_io_buffer(go_get); + secure_vector& io_buffer = accum.get_io_buffer(go_get); for(size_t i = 0; i != devices.size(); ++i) { diff --git a/src/entropy/egd/es_egd.cpp b/src/entropy/egd/es_egd.cpp index e0ebf9509..d8dbecd44 100644 --- a/src/entropy/egd/es_egd.cpp +++ b/src/entropy/egd/es_egd.cpp @@ -139,7 +139,7 @@ void EGD_EntropySource::poll(Entropy_Accumulator& accum) { size_t go_get = std::min(accum.desired_remaining_bits() / 8, 32); - MemoryRegion& io_buffer = accum.get_io_buffer(go_get); + secure_vector& io_buffer = accum.get_io_buffer(go_get); for(size_t i = 0; i != sockets.size(); ++i) { diff --git a/src/entropy/entropy_src.h b/src/entropy/entropy_src.h index 3f15b5907..e130574f4 100644 --- a/src/entropy/entropy_src.h +++ b/src/entropy/entropy_src.h @@ -35,7 +35,7 @@ class BOTAN_DLL Entropy_Accumulator * @param size requested size for the I/O buffer * @return cached I/O buffer for repeated polls */ - MemoryRegion& get_io_buffer(size_t size) + secure_vector& get_io_buffer(size_t size) { io_buffer.resize(size); return io_buffer; } /** @@ -87,7 +87,7 @@ class BOTAN_DLL Entropy_Accumulator private: virtual void add_bytes(const byte bytes[], size_t length) = 0; - SecureVector io_buffer; + secure_vector io_buffer; size_t entropy_goal; double collected_bits; }; diff --git a/src/entropy/proc_walk/es_ftw.cpp b/src/entropy/proc_walk/es_ftw.cpp index 407034891..d65aadfb1 100644 --- a/src/entropy/proc_walk/es_ftw.cpp +++ b/src/entropy/proc_walk/es_ftw.cpp @@ -151,7 +151,7 @@ void FTW_EntropySource::poll(Entropy_Accumulator& accum) if(!dir) dir = new Directory_Walker(path); - MemoryRegion& io_buffer = accum.get_io_buffer(4096); + secure_vector& io_buffer = accum.get_io_buffer(4096); for(size_t i = 0; i != MAX_FILES_READ_PER_POLL; ++i) { diff --git a/src/entropy/unix_procs/es_unix.cpp b/src/entropy/unix_procs/es_unix.cpp index b989e0213..9ec5f7148 100644 --- a/src/entropy/unix_procs/es_unix.cpp +++ b/src/entropy/unix_procs/es_unix.cpp @@ -93,7 +93,7 @@ void Unix_EntropySource::poll(Entropy_Accumulator& accum) const size_t MINIMAL_WORKING = 16; - MemoryRegion& io_buffer = accum.get_io_buffer(DEFAULT_BUFFERSIZE); + secure_vector& io_buffer = accum.get_io_buffer(DEFAULT_BUFFERSIZE); for(size_t i = 0; i != sources.size(); i++) { diff --git a/src/filters/algo_filt.cpp b/src/filters/algo_filt.cpp index 337733b5f..dbc46c7e6 100644 --- a/src/filters/algo_filt.cpp +++ b/src/filters/algo_filt.cpp @@ -92,7 +92,7 @@ Hash_Filter::Hash_Filter(const std::string& algo_spec, */ void Hash_Filter::end_msg() { - SecureVector output = hash->final(); + secure_vector output = hash->final(); if(OUTPUT_LENGTH) send(output, std::min(OUTPUT_LENGTH, output.size())); else @@ -125,7 +125,7 @@ MAC_Filter::MAC_Filter(const std::string& mac_name, const SymmetricKey& key, */ void MAC_Filter::end_msg() { - SecureVector output = mac->final(); + secure_vector output = mac->final(); if(OUTPUT_LENGTH) send(output, std::min(OUTPUT_LENGTH, output.size())); else diff --git a/src/filters/buf_filt.h b/src/filters/buf_filt.h index 87180e3e1..9a3fc9a2b 100644 --- a/src/filters/buf_filt.h +++ b/src/filters/buf_filt.h @@ -27,6 +27,12 @@ class BOTAN_DLL Buffered_Filter */ void write(const byte in[], size_t length); + template + void write(const std::vector& in, size_t length) + { + write(&in[0], length); + } + /** * Finish a message, emitting to buffered_block and buffered_final * Will throw an exception if less than final_minimum bytes were @@ -78,7 +84,7 @@ class BOTAN_DLL Buffered_Filter private: size_t main_block_mod, final_minimum; - SecureVector buffer; + secure_vector buffer; size_t buffer_pos; }; diff --git a/src/filters/bzip2/bzip2.h b/src/filters/bzip2/bzip2.h index b3b222eb2..2505cf54e 100644 --- a/src/filters/bzip2/bzip2.h +++ b/src/filters/bzip2/bzip2.h @@ -33,7 +33,7 @@ class BOTAN_DLL Bzip_Compression : public Filter void clear(); const size_t level; - SecureVector buffer; + secure_vector buffer; class Bzip_Stream* bz; }; @@ -55,7 +55,7 @@ class BOTAN_DLL Bzip_Decompression : public Filter void clear(); const bool small_mem; - SecureVector buffer; + secure_vector buffer; class Bzip_Stream* bz; bool no_writes; }; diff --git a/src/filters/codec_filt/b64_filt.h b/src/filters/codec_filt/b64_filt.h index afff53f30..dcb3cdbd5 100644 --- a/src/filters/codec_filt/b64_filt.h +++ b/src/filters/codec_filt/b64_filt.h @@ -47,7 +47,7 @@ class BOTAN_DLL Base64_Encoder : public Filter const size_t line_length; const bool trailing_newline; - MemoryVector in, out; + std::vector in, out; size_t position, out_position; }; @@ -79,7 +79,7 @@ class BOTAN_DLL Base64_Decoder : public Filter Base64_Decoder(Decoder_Checking checking = NONE); private: const Decoder_Checking checking; - MemoryVector in, out; + std::vector in, out; size_t position; }; diff --git a/src/filters/codec_filt/hex_filt.h b/src/filters/codec_filt/hex_filt.h index 0dc38c804..dbe6b9bae 100644 --- a/src/filters/codec_filt/hex_filt.h +++ b/src/filters/codec_filt/hex_filt.h @@ -49,7 +49,7 @@ class BOTAN_DLL Hex_Encoder : public Filter const Case casing; const size_t line_length; - MemoryVector in, out; + std::vector in, out; size_t position, counter; }; @@ -72,7 +72,7 @@ class BOTAN_DLL Hex_Decoder : public Filter Hex_Decoder(Decoder_Checking checking = NONE); private: const Decoder_Checking checking; - MemoryVector in, out; + std::vector in, out; size_t position; }; diff --git a/src/filters/data_src.cpp b/src/filters/data_src.cpp index da67baa98..4980507ca 100644 --- a/src/filters/data_src.cpp +++ b/src/filters/data_src.cpp @@ -74,29 +74,13 @@ bool DataSource_Memory::end_of_data() const return (offset == source.size()); } -/* -* DataSource_Memory Constructor -*/ -DataSource_Memory::DataSource_Memory(const byte in[], size_t length) : - source(in, length) - { - offset = 0; - } - -/* -* DataSource_Memory Constructor -*/ -DataSource_Memory::DataSource_Memory(const MemoryRegion& in) : - source(in) - { - offset = 0; - } - /* * DataSource_Memory Constructor */ DataSource_Memory::DataSource_Memory(const std::string& in) : - source(reinterpret_cast(in.data()), in.length()) + source(reinterpret_cast(in.data()), + reinterpret_cast(in.data()) + in.length()), + offset(0) { offset = 0; } @@ -127,7 +111,7 @@ size_t DataSource_Stream::peek(byte out[], size_t length, size_t offset) const if(offset) { - SecureVector buf(offset); + secure_vector buf(offset); source.read(reinterpret_cast(&buf[0]), buf.size()); if(source.bad()) throw Stream_IO_Error("DataSource_Stream::peek: Source failure"); diff --git a/src/filters/data_src.h b/src/filters/data_src.h index d2d51fe23..62bdacd33 100644 --- a/src/filters/data_src.h +++ b/src/filters/data_src.h @@ -106,15 +106,24 @@ class BOTAN_DLL DataSource_Memory : public DataSource * @param in the byte array to read from * @param length the length of the byte array */ - DataSource_Memory(const byte in[], size_t length); + DataSource_Memory(const byte in[], size_t length) : + source(in, in + length), offset(0) {} /** - * Construct a memory source that reads from a MemoryRegion + * Construct a memory source that reads from a secure_vector * @param in the MemoryRegion to read from */ - DataSource_Memory(const MemoryRegion& in); + DataSource_Memory(const secure_vector& in) : + source(in), offset(0) {} + + /** + * Construct a memory source that reads from a std::vector + * @param in the MemoryRegion to read from + */ + DataSource_Memory(const std::vector& in) : + source(&in[0], &in[in.size()]), offset(0) {} private: - SecureVector source; + secure_vector source; size_t offset; }; diff --git a/src/filters/fd_unix/fd_unix.cpp b/src/filters/fd_unix/fd_unix.cpp index 3a9253b5e..dc6fbe696 100644 --- a/src/filters/fd_unix/fd_unix.cpp +++ b/src/filters/fd_unix/fd_unix.cpp @@ -16,7 +16,7 @@ namespace Botan { */ int operator<<(int fd, Pipe& pipe) { - SecureVector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(DEFAULT_BUFFERSIZE); while(pipe.remaining()) { size_t got = pipe.read(&buffer[0], buffer.size()); @@ -38,7 +38,7 @@ int operator<<(int fd, Pipe& pipe) */ int operator>>(int fd, Pipe& pipe) { - SecureVector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(DEFAULT_BUFFERSIZE); while(true) { ssize_t ret = read(fd, &buffer[0], buffer.size()); diff --git a/src/filters/filter.h b/src/filters/filter.h index b62846075..f59677528 100644 --- a/src/filters/filter.h +++ b/src/filters/filter.h @@ -65,13 +65,27 @@ class BOTAN_DLL Filter /** * @param in some input for the filter */ - void send(const MemoryRegion& in) { send(&in[0], in.size()); } + void send(const secure_vector& in) { send(&in[0], in.size()); } + + /** + * @param in some input for the filter + */ + void send(const std::vector& in) { send(&in[0], in.size()); } + + /** + * @param in some input for the filter + * @param length the number of bytes of in to send + */ + void send(const secure_vector& in, size_t length) + { + send(&in[0], length); + } /** * @param in some input for the filter * @param length the number of bytes of in to send */ - void send(const MemoryRegion& in, size_t length) + void send(const std::vector& in, size_t length) { send(&in[0], length); } @@ -120,7 +134,7 @@ class BOTAN_DLL Filter void set_next(Filter* filters[], size_t count); Filter* get_next() const; - SecureVector write_queue; + secure_vector write_queue; std::vector next; size_t port_num, filter_owns; diff --git a/src/filters/filters.h b/src/filters/filters.h index b409e78f5..08b505bc0 100644 --- a/src/filters/filters.h +++ b/src/filters/filters.h @@ -94,7 +94,7 @@ class BOTAN_DLL StreamCipher_Filter : public Keyed_Filter ~StreamCipher_Filter() { delete cipher; } private: - SecureVector buffer; + secure_vector buffer; StreamCipher* cipher; }; diff --git a/src/filters/modes/cbc/cbc.cpp b/src/filters/modes/cbc/cbc.cpp index b464d075f..00518fc86 100644 --- a/src/filters/modes/cbc/cbc.cpp +++ b/src/filters/modes/cbc/cbc.cpp @@ -65,9 +65,9 @@ void CBC_Encryption::buffered_block(const byte input[], size_t length) for(size_t i = 0; i != blocks; ++i) { - xor_buf(state, input + i * cipher->block_size(), state.size()); + xor_buf(&state[0], input + i * cipher->block_size(), state.size()); cipher->encrypt(state); - send(state, state.size()); + send(state); } } @@ -91,13 +91,13 @@ void CBC_Encryption::end_msg() { size_t last_block = current_position() % cipher->block_size(); - SecureVector padding(cipher->block_size()); - padder->pad(padding, padding.size(), last_block); + std::vector padding(cipher->block_size()); + padder->pad(&padding[0], padding.size(), last_block); size_t pad_bytes = padder->pad_bytes(cipher->block_size(), last_block); if(pad_bytes) - Buffered_Filter::write(padding, pad_bytes); + Buffered_Filter::write(&padding[0], pad_bytes); Buffered_Filter::end_msg(); } @@ -170,7 +170,7 @@ void CBC_Decryption::buffered_block(const byte input[], size_t length) cipher->decrypt_n(input, &temp[0], to_proc); - xor_buf(temp, state, cipher->block_size()); + xor_buf(&temp[0], &state[0], cipher->block_size()); for(size_t i = 1; i < to_proc; ++i) xor_buf(&temp[i * cipher->block_size()], @@ -202,9 +202,9 @@ void CBC_Decryption::buffered_final(const byte input[], size_t length) input += extra_blocks * cipher->block_size(); - cipher->decrypt(input, temp); - xor_buf(temp, state, cipher->block_size()); - send(temp, padder->unpad(temp, cipher->block_size())); + cipher->decrypt(&input[0], &temp[0]); + xor_buf(&temp[0], &state[0], cipher->block_size()); + send(&temp[0], padder->unpad(&temp[0], cipher->block_size())); copy_mem(&state[0], input, state.size()); // save for IV chaining } diff --git a/src/filters/modes/cbc/cbc.h b/src/filters/modes/cbc/cbc.h index d828f53a6..4fd0f7d66 100644 --- a/src/filters/modes/cbc/cbc.h +++ b/src/filters/modes/cbc/cbc.h @@ -52,7 +52,7 @@ class BOTAN_DLL CBC_Encryption : public Keyed_Filter, BlockCipher* cipher; const BlockCipherModePaddingMethod* padder; - SecureVector state; + secure_vector state; }; /** @@ -92,7 +92,7 @@ class BOTAN_DLL CBC_Decryption : public Keyed_Filter, BlockCipher* cipher; const BlockCipherModePaddingMethod* padder; - SecureVector state, temp; + secure_vector state, temp; }; } diff --git a/src/filters/modes/cfb/cfb.cpp b/src/filters/modes/cfb/cfb.cpp index 9aa6f6159..2b7cca84a 100644 --- a/src/filters/modes/cfb/cfb.cpp +++ b/src/filters/modes/cfb/cfb.cpp @@ -61,7 +61,7 @@ void CFB_Encryption::set_iv(const InitializationVector& iv) zeroise(buffer); position = 0; - cipher->encrypt(state, buffer); + cipher->encrypt(&state[0], &buffer[0]); } /* diff --git a/src/filters/modes/cfb/cfb.h b/src/filters/modes/cfb/cfb.h index 64eb1e832..212ac76da 100644 --- a/src/filters/modes/cfb/cfb.h +++ b/src/filters/modes/cfb/cfb.h @@ -43,7 +43,7 @@ class BOTAN_DLL CFB_Encryption : public Keyed_Filter void write(const byte[], size_t); BlockCipher* cipher; - SecureVector buffer, state; + secure_vector buffer, state; size_t position, feedback; }; @@ -77,7 +77,7 @@ class BOTAN_DLL CFB_Decryption : public Keyed_Filter void write(const byte[], size_t); BlockCipher* cipher; - SecureVector buffer, state; + secure_vector buffer, state; size_t position, feedback; }; diff --git a/src/filters/modes/cts/cts.cpp b/src/filters/modes/cts/cts.cpp index 694d7d524..f77a28dd5 100644 --- a/src/filters/modes/cts/cts.cpp +++ b/src/filters/modes/cts/cts.cpp @@ -56,7 +56,7 @@ void CTS_Encryption::set_iv(const InitializationVector& iv) */ void CTS_Encryption::encrypt(const byte block[]) { - xor_buf(state, block, cipher->block_size()); + xor_buf(&state[0], &block[0], cipher->block_size()); cipher->encrypt(state); send(state, cipher->block_size()); } @@ -105,7 +105,7 @@ void CTS_Encryption::end_msg() xor_buf(state, buffer, cipher->block_size()); cipher->encrypt(state); - SecureVector cn = state; + secure_vector cn = state; clear_mem(&buffer[position], buffer.size() - position); encrypt(&buffer[cipher->block_size()]); send(cn, position - cipher->block_size()); @@ -177,7 +177,7 @@ void CTS_Decryption::write(const byte input[], size_t length) if(length == 0) return; - decrypt(buffer); + decrypt(&buffer[0]); if(length > cipher->block_size()) { decrypt(&buffer[cipher->block_size()]); @@ -203,17 +203,17 @@ void CTS_Decryption::write(const byte input[], size_t length) */ void CTS_Decryption::end_msg() { - cipher->decrypt(buffer, temp); - xor_buf(temp, &buffer[cipher->block_size()], position - cipher->block_size()); + cipher->decrypt(&buffer[0], &temp[0]); + xor_buf(&temp[0], &buffer[cipher->block_size()], position - cipher->block_size()); - SecureVector xn = temp; + secure_vector xn = temp; copy_mem(&buffer[position], &xn[position - cipher->block_size()], buffer.size() - position); - cipher->decrypt(&buffer[cipher->block_size()], temp); - xor_buf(temp, state, cipher->block_size()); + cipher->decrypt(&buffer[cipher->block_size()], &temp[0]); + xor_buf(&temp[0], &state[0], cipher->block_size()); send(temp, cipher->block_size()); send(xn, position - cipher->block_size()); } diff --git a/src/filters/modes/cts/cts.h b/src/filters/modes/cts/cts.h index 8e19073f4..ac296316f 100644 --- a/src/filters/modes/cts/cts.h +++ b/src/filters/modes/cts/cts.h @@ -44,7 +44,7 @@ class BOTAN_DLL CTS_Encryption : public Keyed_Filter void encrypt(const byte[]); BlockCipher* cipher; - SecureVector buffer, state; + secure_vector buffer, state; size_t position; }; @@ -79,7 +79,7 @@ class BOTAN_DLL CTS_Decryption : public Keyed_Filter void decrypt(const byte[]); BlockCipher* cipher; - SecureVector buffer, state, temp; + secure_vector buffer, state, temp; size_t position; }; diff --git a/src/filters/modes/eax/eax.cpp b/src/filters/modes/eax/eax.cpp index 791286cc6..fb75d73fd 100644 --- a/src/filters/modes/eax/eax.cpp +++ b/src/filters/modes/eax/eax.cpp @@ -19,7 +19,7 @@ namespace { /* * EAX MAC-based PRF */ -SecureVector eax_prf(byte tag, size_t BLOCK_SIZE, +secure_vector eax_prf(byte tag, size_t BLOCK_SIZE, MessageAuthenticationCode* mac, const byte in[], size_t length) { @@ -131,7 +131,7 @@ void EAX_Encryption::write(const byte input[], size_t length) */ void EAX_Encryption::end_msg() { - SecureVector data_mac = cmac->final(); + secure_vector data_mac = cmac->final(); xor_buf(data_mac, nonce_mac, data_mac.size()); xor_buf(data_mac, header_mac, data_mac.size()); diff --git a/src/filters/modes/eax/eax.h b/src/filters/modes/eax/eax.h index e8efb9398..d78287521 100644 --- a/src/filters/modes/eax/eax.h +++ b/src/filters/modes/eax/eax.h @@ -81,17 +81,17 @@ class BOTAN_DLL EAX_Base : public Keyed_Filter /** * The MAC of the nonce */ - SecureVector nonce_mac; + secure_vector nonce_mac; /** * The MAC of the header */ - SecureVector header_mac; + secure_vector header_mac; /** * A buffer for CTR mode encryption */ - SecureVector ctr_buf; + secure_vector ctr_buf; }; /** @@ -151,7 +151,7 @@ class BOTAN_DLL EAX_Decryption : public EAX_Base void do_write(const byte[], size_t); void end_msg(); - SecureVector queue; + secure_vector queue; size_t queue_start, queue_end; }; diff --git a/src/filters/modes/eax/eax_dec.cpp b/src/filters/modes/eax/eax_dec.cpp index d14ba5e70..a2675cac0 100644 --- a/src/filters/modes/eax/eax_dec.cpp +++ b/src/filters/modes/eax/eax_dec.cpp @@ -62,7 +62,7 @@ void EAX_Decryption::write(const byte input[], size_t length) if(queue_start + TAG_SIZE == queue_end && queue_start >= queue.size() / 2) { - SecureVector queue_data(TAG_SIZE); + secure_vector queue_data(TAG_SIZE); copy_mem(&queue_data[0], &queue[queue_start], TAG_SIZE); copy_mem(&queue[0], &queue_data[0], TAG_SIZE); queue_start = 0; @@ -100,7 +100,7 @@ void EAX_Decryption::end_msg() if((queue_end - queue_start) != TAG_SIZE) throw Decoding_Error(name() + ": Message authentication failure"); - SecureVector data_mac = cmac->final(); + secure_vector data_mac = cmac->final(); for(size_t j = 0; j != TAG_SIZE; ++j) if(queue[queue_start+j] != (data_mac[j] ^ nonce_mac[j] ^ header_mac[j])) diff --git a/src/filters/modes/ecb/ecb.cpp b/src/filters/modes/ecb/ecb.cpp index 9115d6362..d36d2350b 100644 --- a/src/filters/modes/ecb/ecb.cpp +++ b/src/filters/modes/ecb/ecb.cpp @@ -70,8 +70,8 @@ void ECB_Encryption::end_msg() { size_t last_block = current_position() % cipher->block_size(); - SecureVector padding(cipher->block_size()); - padder->pad(padding, padding.size(), last_block); + secure_vector padding(cipher->block_size()); + padder->pad(&padding[0], padding.size(), last_block); size_t pad_bytes = padder->pad_bytes(cipher->block_size(), last_block); @@ -203,8 +203,8 @@ void ECB_Decryption::buffered_final(const byte input[], size_t length) input += extra_blocks * cipher->block_size(); - cipher->decrypt(input, temp); - send(temp, padder->unpad(temp, cipher->block_size())); + cipher->decrypt(input, &temp[0]); + send(&temp[0], padder->unpad(&temp[0], cipher->block_size())); } } diff --git a/src/filters/modes/ecb/ecb.h b/src/filters/modes/ecb/ecb.h index 94cff1f52..e6476ab5d 100644 --- a/src/filters/modes/ecb/ecb.h +++ b/src/filters/modes/ecb/ecb.h @@ -46,7 +46,7 @@ class BOTAN_DLL ECB_Encryption : public Keyed_Filter, BlockCipher* cipher; BlockCipherModePaddingMethod* padder; - SecureVector temp; + secure_vector temp; }; /** @@ -80,7 +80,7 @@ class BOTAN_DLL ECB_Decryption : public Keyed_Filter, BlockCipher* cipher; BlockCipherModePaddingMethod* padder; - SecureVector temp; + secure_vector temp; }; } diff --git a/src/filters/modes/xts/xts.cpp b/src/filters/modes/xts/xts.cpp index 42b1f2bf0..e29ef6b98 100644 --- a/src/filters/modes/xts/xts.cpp +++ b/src/filters/modes/xts/xts.cpp @@ -136,7 +136,7 @@ void XTS_Encryption::buffered_block(const byte input[], size_t length) const size_t blocks_in_tweak = tweak.size() / cipher->block_size(); size_t blocks = length / cipher->block_size(); - SecureVector temp(tweak.size()); + secure_vector temp(tweak.size()); while(blocks) { @@ -194,7 +194,7 @@ void XTS_Encryption::buffered_final(const byte input[], size_t length) input += leftover_blocks; length -= leftover_blocks; - SecureVector temp(input, length); + secure_vector temp(input, input + length); xor_buf(temp, tweak, cipher->block_size()); cipher->encrypt(temp); @@ -311,7 +311,7 @@ void XTS_Decryption::buffered_block(const byte input[], size_t input_length) const size_t blocks_in_tweak = tweak.size() / cipher->block_size(); size_t blocks = input_length / cipher->block_size(); - SecureVector temp(tweak.size()); + secure_vector temp(tweak.size()); while(blocks) { @@ -365,8 +365,8 @@ void XTS_Decryption::buffered_final(const byte input[], size_t length) input += leftover_blocks; length -= leftover_blocks; - SecureVector temp(input, length); - SecureVector tweak_copy(&tweak[0], cipher->block_size()); + secure_vector temp(input, input + length); + secure_vector tweak_copy(&tweak[0], &tweak[cipher->block_size()]); poly_double(&tweak_copy[0], cipher->block_size()); diff --git a/src/filters/modes/xts/xts.h b/src/filters/modes/xts/xts.h index 52db9bcfc..d4801cd37 100644 --- a/src/filters/modes/xts/xts.h +++ b/src/filters/modes/xts/xts.h @@ -48,7 +48,7 @@ class BOTAN_DLL XTS_Encryption : public Keyed_Filter, BlockCipher* cipher; BlockCipher* cipher2; - SecureVector tweak; + secure_vector tweak; }; /** @@ -85,7 +85,7 @@ class BOTAN_DLL XTS_Decryption : public Keyed_Filter, BlockCipher* cipher; BlockCipher* cipher2; - SecureVector tweak; + secure_vector tweak; }; } diff --git a/src/filters/pipe.cpp b/src/filters/pipe.cpp index 2c5e07589..6664098b3 100644 --- a/src/filters/pipe.cpp +++ b/src/filters/pipe.cpp @@ -124,7 +124,12 @@ void Pipe::process_msg(const byte input[], size_t length) /* * Process a full message at once */ -void Pipe::process_msg(const MemoryRegion& input) +void Pipe::process_msg(const secure_vector& input) + { + process_msg(&input[0], input.size()); + } + +void Pipe::process_msg(const std::vector& input) { process_msg(&input[0], input.size()); } diff --git a/src/filters/pipe.h b/src/filters/pipe.h index 6df518d3e..e53f0d508 100644 --- a/src/filters/pipe.h +++ b/src/filters/pipe.h @@ -66,9 +66,17 @@ class BOTAN_DLL Pipe : public DataSource /** * Write input to the pipe, i.e. to its first filter. - * @param in the MemoryRegion containing the data to write + * @param in the secure_vector containing the data to write */ - void write(const MemoryRegion& in); + void write(const secure_vector& in) + { write(&in[0], in.size()); } + + /** + * Write input to the pipe, i.e. to its first filter. + * @param in the std::vector containing the data to write + */ + void write(const std::vector& in) + { write(&in[0], in.size()); } /** * Write input to the pipe, i.e. to its first filter. @@ -97,9 +105,15 @@ class BOTAN_DLL Pipe : public DataSource /** * Perform start_msg(), write() and end_msg() sequentially. - * @param in the MemoryRegion containing the data to write + * @param in the secure_vector containing the data to write + */ + void process_msg(const secure_vector& in); + + /** + * Perform start_msg(), write() and end_msg() sequentially. + * @param in the secure_vector containing the data to write */ - void process_msg(const MemoryRegion& in); + void process_msg(const std::vector& in); /** * Perform start_msg(), write() and end_msg() sequentially. @@ -157,9 +171,9 @@ class BOTAN_DLL Pipe : public DataSource /** * Read the full contents of the pipe. * @param msg the number identifying the message to read from - * @return SecureVector holding the contents of the pipe + * @return secure_vector holding the contents of the pipe */ - SecureVector read_all(message_id msg = DEFAULT_MESSAGE); + secure_vector read_all(message_id msg = DEFAULT_MESSAGE); /** * Read the full contents of the pipe. diff --git a/src/filters/pipe_io.cpp b/src/filters/pipe_io.cpp index 9dd0ad0bb..a549eaee8 100644 --- a/src/filters/pipe_io.cpp +++ b/src/filters/pipe_io.cpp @@ -15,7 +15,7 @@ namespace Botan { */ std::ostream& operator<<(std::ostream& stream, Pipe& pipe) { - SecureVector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(DEFAULT_BUFFERSIZE); while(stream.good() && pipe.remaining()) { size_t got = pipe.read(&buffer[0], buffer.size()); @@ -31,7 +31,7 @@ std::ostream& operator<<(std::ostream& stream, Pipe& pipe) */ std::istream& operator>>(std::istream& stream, Pipe& pipe) { - SecureVector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(DEFAULT_BUFFERSIZE); while(stream.good()) { stream.read(reinterpret_cast(&buffer[0]), buffer.size()); diff --git a/src/filters/pipe_rw.cpp b/src/filters/pipe_rw.cpp index 90af9ed34..8a713ea8d 100644 --- a/src/filters/pipe_rw.cpp +++ b/src/filters/pipe_rw.cpp @@ -38,14 +38,6 @@ void Pipe::write(const byte input[], size_t length) pipe->write(input, length); } -/* -* Write into a Pipe -*/ -void Pipe::write(const MemoryRegion& input) - { - write(&input[0], input.size()); - } - /* * Write a string into a Pipe */ @@ -67,7 +59,7 @@ void Pipe::write(byte input) */ void Pipe::write(DataSource& source) { - SecureVector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(DEFAULT_BUFFERSIZE); while(!source.end_of_data()) { size_t got = source.read(&buffer[0], buffer.size()); @@ -102,10 +94,10 @@ size_t Pipe::read(byte& out, message_id msg) /* * Return all data in the pipe */ -SecureVector Pipe::read_all(message_id msg) +secure_vector Pipe::read_all(message_id msg) { msg = ((msg != DEFAULT_MESSAGE) ? msg : default_msg()); - SecureVector buffer(remaining(msg)); + secure_vector buffer(remaining(msg)); size_t got = read(&buffer[0], buffer.size(), msg); buffer.resize(got); return buffer; @@ -117,7 +109,7 @@ SecureVector Pipe::read_all(message_id msg) std::string Pipe::read_all_as_string(message_id msg) { msg = ((msg != DEFAULT_MESSAGE) ? msg : default_msg()); - SecureVector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(DEFAULT_BUFFERSIZE); std::string str; str.reserve(remaining(msg)); diff --git a/src/filters/pk_filts/pk_filts.cpp b/src/filters/pk_filts/pk_filts.cpp index d843d711c..45fcc18b8 100644 --- a/src/filters/pk_filts/pk_filts.cpp +++ b/src/filters/pk_filts/pk_filts.cpp @@ -83,14 +83,13 @@ void PK_Verifier_Filter::end_msg() */ void PK_Verifier_Filter::set_signature(const byte sig[], size_t length) { - signature.resize(length); - copy_mem(&signature[0], sig, length); + signature.assign(sig, sig + length); } /* * Set the signature to check */ -void PK_Verifier_Filter::set_signature(const MemoryRegion& sig) +void PK_Verifier_Filter::set_signature(const secure_vector& sig) { signature = sig; } @@ -100,7 +99,7 @@ void PK_Verifier_Filter::set_signature(const MemoryRegion& sig) */ PK_Verifier_Filter::PK_Verifier_Filter(PK_Verifier* v, const byte sig[], size_t length) : - verifier(v), signature(sig, length) + verifier(v), signature(sig, sig + length) { } @@ -108,7 +107,7 @@ PK_Verifier_Filter::PK_Verifier_Filter(PK_Verifier* v, const byte sig[], * PK_Verifier_Filter Constructor */ PK_Verifier_Filter::PK_Verifier_Filter(PK_Verifier* v, - const MemoryRegion& sig) : + const secure_vector& sig) : verifier(v), signature(sig) { } diff --git a/src/filters/pk_filts/pk_filts.h b/src/filters/pk_filts/pk_filts.h index dd67e389b..cc1c2220d 100644 --- a/src/filters/pk_filts/pk_filts.h +++ b/src/filters/pk_filts/pk_filts.h @@ -28,7 +28,7 @@ class BOTAN_DLL PK_Encryptor_Filter : public Filter private: PK_Encryptor* cipher; RandomNumberGenerator& rng; - SecureVector buffer; + secure_vector buffer; }; /** @@ -43,7 +43,7 @@ class BOTAN_DLL PK_Decryptor_Filter : public Filter ~PK_Decryptor_Filter() { delete cipher; } private: PK_Decryptor* cipher; - SecureVector buffer; + secure_vector buffer; }; /** @@ -75,15 +75,15 @@ class BOTAN_DLL PK_Verifier_Filter : public Filter void end_msg(); void set_signature(const byte[], size_t); - void set_signature(const MemoryRegion&); + void set_signature(const secure_vector&); PK_Verifier_Filter(PK_Verifier* v) : verifier(v) {} PK_Verifier_Filter(PK_Verifier*, const byte[], size_t); - PK_Verifier_Filter(PK_Verifier*, const MemoryRegion&); + PK_Verifier_Filter(PK_Verifier*, const secure_vector&); ~PK_Verifier_Filter() { delete verifier; } private: PK_Verifier* verifier; - SecureVector signature; + secure_vector signature; }; } diff --git a/src/filters/secqueue.cpp b/src/filters/secqueue.cpp index f65aff2a9..63d4f88d3 100644 --- a/src/filters/secqueue.cpp +++ b/src/filters/secqueue.cpp @@ -50,7 +50,7 @@ class SecureQueueNode private: friend class SecureQueue; SecureQueueNode* next; - SecureVector buffer; + secure_vector buffer; size_t start, end; }; diff --git a/src/filters/zlib/zlib.h b/src/filters/zlib/zlib.h index 60117f2bc..c4d21a250 100644 --- a/src/filters/zlib/zlib.h +++ b/src/filters/zlib/zlib.h @@ -45,7 +45,7 @@ class BOTAN_DLL Zlib_Compression : public Filter const size_t level; const bool raw_deflate; - SecureVector buffer; + secure_vector buffer; class Zlib_Stream* zlib; }; @@ -68,7 +68,7 @@ class BOTAN_DLL Zlib_Decompression : public Filter const bool raw_deflate; - SecureVector buffer; + secure_vector buffer; class Zlib_Stream* zlib; bool no_writes; }; diff --git a/src/hash/bmw_512/bmw_512.h b/src/hash/bmw_512/bmw_512.h index 474b607bb..b9ea63578 100644 --- a/src/hash/bmw_512/bmw_512.h +++ b/src/hash/bmw_512/bmw_512.h @@ -30,7 +30,7 @@ class BOTAN_DLL BMW_512 : public MDx_HashFunction void compress_n(const byte input[], size_t blocks); void copy_out(byte output[]); - SecureVector H, M, Q; + secure_vector H, M, Q; }; } diff --git a/src/hash/comb4p/comb4p.cpp b/src/hash/comb4p/comb4p.cpp index 1ea64a5cb..7aec5972e 100644 --- a/src/hash/comb4p/comb4p.cpp +++ b/src/hash/comb4p/comb4p.cpp @@ -13,8 +13,8 @@ namespace Botan { namespace { -void comb4p_round(MemoryRegion& out, - const MemoryRegion& in, +void comb4p_round(secure_vector& out, + const secure_vector& in, byte round_no, HashFunction* h1, HashFunction* h2) @@ -25,7 +25,7 @@ void comb4p_round(MemoryRegion& out, h1->update(&in[0], in.size()); h2->update(&in[0], in.size()); - SecureVector h_buf = h1->final(); + secure_vector h_buf = h1->final(); xor_buf(&out[0], &h_buf[0], std::min(out.size(), h_buf.size())); h_buf = h2->final(); @@ -78,8 +78,8 @@ void Comb4P::add_data(const byte input[], size_t length) void Comb4P::final_result(byte out[]) { - SecureVector h1 = hash1->final(); - SecureVector h2 = hash2->final(); + secure_vector h1 = hash1->final(); + secure_vector h2 = hash2->final(); // First round xor_buf(&h1[0], &h2[0], std::min(h1.size(), h2.size())); diff --git a/src/hash/gost_3411/gost_3411.cpp b/src/hash/gost_3411/gost_3411.cpp index 6e56c2b97..eb889c0a5 100644 --- a/src/hash/gost_3411/gost_3411.cpp +++ b/src/hash/gost_3411/gost_3411.cpp @@ -225,11 +225,11 @@ void GOST_34_11::final_result(byte out[]) compress_n(&buffer[0], 1); } - SecureVector length_buf(32); + secure_vector length_buf(32); const u64bit bit_count = count * 8; store_le(bit_count, &length_buf[0]); - SecureVector sum_buf = sum; + secure_vector sum_buf = sum; compress_n(&length_buf[0], 1); compress_n(&sum_buf[0], 1); diff --git a/src/hash/gost_3411/gost_3411.h b/src/hash/gost_3411/gost_3411.h index fbbcb7a89..5437ca4d8 100644 --- a/src/hash/gost_3411/gost_3411.h +++ b/src/hash/gost_3411/gost_3411.h @@ -34,7 +34,7 @@ class BOTAN_DLL GOST_34_11 : public HashFunction void final_result(byte[]); GOST_28147_89 cipher; - SecureVector buffer, sum, hash; + secure_vector buffer, sum, hash; size_t position; u64bit count; }; diff --git a/src/hash/has160/has160.h b/src/hash/has160/has160.h index d32361601..9947d9580 100644 --- a/src/hash/has160/has160.h +++ b/src/hash/has160/has160.h @@ -31,7 +31,7 @@ class BOTAN_DLL HAS_160 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector X, digest; + secure_vector X, digest; }; } diff --git a/src/hash/keccak/keccak.cpp b/src/hash/keccak/keccak.cpp index 107055509..e34c0fd43 100644 --- a/src/hash/keccak/keccak.cpp +++ b/src/hash/keccak/keccak.cpp @@ -178,12 +178,12 @@ void Keccak_1600::add_data(const byte input[], size_t length) void Keccak_1600::final_result(byte output[]) { - MemoryVector padding(bitrate / 8 - S_pos); + std::vector padding(bitrate / 8 - S_pos); padding[0] = 0x01; padding[padding.size()-1] |= 0x80; - add_data(padding, padding.size()); + add_data(&padding[0], padding.size()); /* * We never have to run the permutation again because we only support diff --git a/src/hash/keccak/keccak.h b/src/hash/keccak/keccak.h index 17ae632ba..e91a04d32 100644 --- a/src/hash/keccak/keccak.h +++ b/src/hash/keccak/keccak.h @@ -38,7 +38,7 @@ class BOTAN_DLL Keccak_1600 : public HashFunction void final_result(byte out[]); size_t output_bits, bitrate; - SecureVector S; + secure_vector S; size_t S_pos; }; diff --git a/src/hash/md2/md2.h b/src/hash/md2/md2.h index 84e0323f7..032d8a8e0 100644 --- a/src/hash/md2/md2.h +++ b/src/hash/md2/md2.h @@ -32,7 +32,7 @@ class BOTAN_DLL MD2 : public HashFunction void hash(const byte[]); void final_result(byte[]); - SecureVector X, checksum, buffer; + secure_vector X, checksum, buffer; size_t position; }; diff --git a/src/hash/md4/md4.h b/src/hash/md4/md4.h index d37dbe3b2..750be0fe7 100644 --- a/src/hash/md4/md4.h +++ b/src/hash/md4/md4.h @@ -33,12 +33,12 @@ class BOTAN_DLL MD4 : public MDx_HashFunction /** * The message buffer, exposed for use by subclasses (x86 asm) */ - SecureVector M; + secure_vector M; /** * The digest value, exposed for use by subclasses (x86 asm) */ - SecureVector digest; + secure_vector digest; }; } diff --git a/src/hash/md5/md5.h b/src/hash/md5/md5.h index 92c023c92..bc90df0af 100644 --- a/src/hash/md5/md5.h +++ b/src/hash/md5/md5.h @@ -33,12 +33,12 @@ class BOTAN_DLL MD5 : public MDx_HashFunction /** * The message buffer, exposed for use by subclasses (x86 asm) */ - SecureVector M; + secure_vector M; /** * The digest value, exposed for use by subclasses (x86 asm) */ - SecureVector digest; + secure_vector digest; }; } diff --git a/src/hash/mdx_hash/mdx_hash.h b/src/hash/mdx_hash/mdx_hash.h index ed3381605..14d3c27a0 100644 --- a/src/hash/mdx_hash/mdx_hash.h +++ b/src/hash/mdx_hash/mdx_hash.h @@ -55,7 +55,7 @@ class BOTAN_DLL MDx_HashFunction : public HashFunction */ virtual void write_count(byte out[]); private: - SecureVector buffer; + secure_vector buffer; u64bit count; size_t position; diff --git a/src/hash/rmd128/rmd128.h b/src/hash/rmd128/rmd128.h index d64cf3c84..e37666a27 100644 --- a/src/hash/rmd128/rmd128.h +++ b/src/hash/rmd128/rmd128.h @@ -30,7 +30,7 @@ class BOTAN_DLL RIPEMD_128 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector M, digest; + secure_vector M, digest; }; } diff --git a/src/hash/rmd160/rmd160.h b/src/hash/rmd160/rmd160.h index 5df4ad490..0e43fed9a 100644 --- a/src/hash/rmd160/rmd160.h +++ b/src/hash/rmd160/rmd160.h @@ -30,7 +30,7 @@ class BOTAN_DLL RIPEMD_160 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector M, digest; + secure_vector M, digest; }; } diff --git a/src/hash/sha1/sha160.h b/src/hash/sha1/sha160.h index c3b264861..e2a81808d 100644 --- a/src/hash/sha1/sha160.h +++ b/src/hash/sha1/sha160.h @@ -47,12 +47,12 @@ class BOTAN_DLL SHA_160 : public MDx_HashFunction /** * The digest value, exposed for use by subclasses (asm, SSE2) */ - SecureVector digest; + secure_vector digest; /** * The message buffer, exposed for use by subclasses (asm, SSE2) */ - SecureVector W; + secure_vector W; }; } diff --git a/src/hash/sha2_32/sha2_32.cpp b/src/hash/sha2_32/sha2_32.cpp index 6dd780e64..cffc8bd2a 100644 --- a/src/hash/sha2_32/sha2_32.cpp +++ b/src/hash/sha2_32/sha2_32.cpp @@ -50,7 +50,7 @@ inline u32bit sigma(u32bit X, u32bit rot1, u32bit rot2, u32bit shift) /* * SHA-224 / SHA-256 compression function */ -void compress(MemoryRegion& digest, +void compress(secure_vector& digest, const byte input[], size_t blocks) { u32bit A = digest[0], B = digest[1], C = digest[2], diff --git a/src/hash/sha2_32/sha2_32.h b/src/hash/sha2_32/sha2_32.h index 807b979d1..ccb8e07f2 100644 --- a/src/hash/sha2_32/sha2_32.h +++ b/src/hash/sha2_32/sha2_32.h @@ -31,7 +31,7 @@ class BOTAN_DLL SHA_224 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector digest; + secure_vector digest; }; /** @@ -52,7 +52,7 @@ class BOTAN_DLL SHA_256 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector digest; + secure_vector digest; }; } diff --git a/src/hash/sha2_64/sha2_64.cpp b/src/hash/sha2_64/sha2_64.cpp index 3026c3a39..8dcb4684e 100644 --- a/src/hash/sha2_64/sha2_64.cpp +++ b/src/hash/sha2_64/sha2_64.cpp @@ -49,7 +49,7 @@ inline u64bit sigma(u64bit X, u32bit rot1, u32bit rot2, u32bit shift) /* * SHA-{384,512} Compression Function */ -void compress(MemoryRegion& digest, +void compress(secure_vector& digest, const byte input[], size_t blocks) { u64bit A = digest[0], B = digest[1], C = digest[2], diff --git a/src/hash/sha2_64/sha2_64.h b/src/hash/sha2_64/sha2_64.h index 124d4bbfb..58b154170 100644 --- a/src/hash/sha2_64/sha2_64.h +++ b/src/hash/sha2_64/sha2_64.h @@ -30,7 +30,7 @@ class BOTAN_DLL SHA_384 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector digest; + secure_vector digest; }; /** @@ -51,7 +51,7 @@ class BOTAN_DLL SHA_512 : public MDx_HashFunction void compress_n(const byte[], size_t blocks); void copy_out(byte[]); - SecureVector digest; + secure_vector digest; }; } diff --git a/src/hash/skein/skein_512.cpp b/src/hash/skein/skein_512.cpp index 2458bf5f0..28c2aa38b 100644 --- a/src/hash/skein/skein_512.cpp +++ b/src/hash/skein/skein_512.cpp @@ -27,8 +27,8 @@ enum type_code { SKEIN_OUTPUT = 63 }; -void ubi_512(MemoryRegion& H, - MemoryRegion& T, +void ubi_512(secure_vector& H, + secure_vector& T, const byte msg[], size_t msg_len) { do @@ -125,7 +125,7 @@ void ubi_512(MemoryRegion& H, } while(msg_len); } -void reset_tweak(MemoryRegion& T, +void reset_tweak(secure_vector& T, type_code type, bool final) { T[0] = 0; @@ -135,8 +135,8 @@ void reset_tweak(MemoryRegion& T, (static_cast(final) << 63); } -void initial_block(MemoryRegion& H, - MemoryRegion& T, +void initial_block(secure_vector& H, + secure_vector& T, size_t output_bits, const std::string& personalization) { @@ -245,7 +245,7 @@ void Skein_512::final_result(byte out[]) size_t out_bytes = output_bits / 8; - SecureVector H_out(9); + secure_vector H_out(9); while(out_bytes) { diff --git a/src/hash/skein/skein_512.h b/src/hash/skein/skein_512.h index 8605e5991..e0abc06ae 100644 --- a/src/hash/skein/skein_512.h +++ b/src/hash/skein/skein_512.h @@ -41,9 +41,9 @@ class BOTAN_DLL Skein_512 : public HashFunction std::string personalization; size_t output_bits; - SecureVector H; - SecureVector T; - SecureVector buffer; + secure_vector H; + secure_vector T; + secure_vector buffer; size_t buf_pos; }; diff --git a/src/hash/tiger/tiger.cpp b/src/hash/tiger/tiger.cpp index daa0939b9..57250d6f5 100644 --- a/src/hash/tiger/tiger.cpp +++ b/src/hash/tiger/tiger.cpp @@ -17,7 +17,7 @@ namespace { /* * Tiger Mixing Function */ -inline void mix(MemoryRegion& X) +inline void mix(secure_vector& X) { X[0] -= X[7] ^ 0xA5A5A5A5A5A5A5A5; X[1] ^= X[0]; @@ -83,7 +83,7 @@ void Tiger::copy_out(byte output[]) * Tiger Pass */ void Tiger::pass(u64bit& A, u64bit& B, u64bit& C, - const MemoryRegion& X, + const secure_vector& X, byte mul) { C ^= X[0]; diff --git a/src/hash/tiger/tiger.h b/src/hash/tiger/tiger.h index 09c9947fb..70c70958b 100644 --- a/src/hash/tiger/tiger.h +++ b/src/hash/tiger/tiger.h @@ -38,7 +38,7 @@ class BOTAN_DLL Tiger : public MDx_HashFunction void copy_out(byte[]); static void pass(u64bit& A, u64bit& B, u64bit& C, - const MemoryRegion& M, + const secure_vector& M, byte mul); static const u64bit SBOX1[256]; @@ -46,7 +46,7 @@ class BOTAN_DLL Tiger : public MDx_HashFunction static const u64bit SBOX3[256]; static const u64bit SBOX4[256]; - SecureVector X, digest; + secure_vector X, digest; const size_t hash_len, passes; }; diff --git a/src/hash/whirlpool/whrlpool.h b/src/hash/whirlpool/whrlpool.h index ab7a78bc8..d4ad805e1 100644 --- a/src/hash/whirlpool/whrlpool.h +++ b/src/hash/whirlpool/whrlpool.h @@ -39,7 +39,7 @@ class BOTAN_DLL Whirlpool : public MDx_HashFunction static const u64bit C6[256]; static const u64bit C7[256]; - SecureVector M, digest; + secure_vector M, digest; }; } diff --git a/src/kdf/kdf.cpp b/src/kdf/kdf.cpp index 6281f753c..88cbd5b99 100644 --- a/src/kdf/kdf.cpp +++ b/src/kdf/kdf.cpp @@ -12,8 +12,8 @@ namespace Botan { /* * Derive a key */ -SecureVector KDF::derive_key(size_t key_len, - const MemoryRegion& secret, +secure_vector KDF::derive_key(size_t key_len, + const secure_vector& secret, const std::string& salt) const { return derive_key(key_len, &secret[0], secret.size(), @@ -24,8 +24,8 @@ SecureVector KDF::derive_key(size_t key_len, /* * Derive a key */ -SecureVector KDF::derive_key(size_t key_len, - const MemoryRegion& secret, +secure_vector KDF::derive_key(size_t key_len, + const secure_vector& secret, const byte salt[], size_t salt_len) const { return derive_key(key_len, &secret[0], secret.size(), @@ -35,18 +35,7 @@ SecureVector KDF::derive_key(size_t key_len, /* * Derive a key */ -SecureVector KDF::derive_key(size_t key_len, - const MemoryRegion& secret, - const MemoryRegion& salt) const - { - return derive_key(key_len, &secret[0], secret.size(), - &salt[0], salt.size()); - } - -/* -* Derive a key -*/ -SecureVector KDF::derive_key(size_t key_len, +secure_vector KDF::derive_key(size_t key_len, const byte secret[], size_t secret_len, const std::string& salt) const { @@ -58,7 +47,7 @@ SecureVector KDF::derive_key(size_t key_len, /* * Derive a key */ -SecureVector KDF::derive_key(size_t key_len, +secure_vector KDF::derive_key(size_t key_len, const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const { diff --git a/src/kdf/kdf.h b/src/kdf/kdf.h index 3ec912cfe..e158df0ae 100644 --- a/src/kdf/kdf.h +++ b/src/kdf/kdf.h @@ -26,8 +26,8 @@ class BOTAN_DLL KDF : public Algorithm * @param secret the secret input * @param salt a diversifier */ - SecureVector derive_key(size_t key_len, - const MemoryRegion& secret, + secure_vector derive_key(size_t key_len, + const secure_vector& secret, const std::string& salt = "") const; /** @@ -36,9 +36,15 @@ class BOTAN_DLL KDF : public Algorithm * @param secret the secret input * @param salt a diversifier */ - SecureVector derive_key(size_t key_len, - const MemoryRegion& secret, - const MemoryRegion& salt) const; + template + secure_vector derive_key(size_t key_len, + const std::vector& secret, + const std::vector& salt) const + { + return derive_key(key_len, &secret[0], secret.size(), + &salt[0], salt.size()); + + } /** * Derive a key @@ -47,8 +53,8 @@ class BOTAN_DLL KDF : public Algorithm * @param salt a diversifier * @param salt_len size of salt in bytes */ - SecureVector derive_key(size_t key_len, - const MemoryRegion& secret, + secure_vector derive_key(size_t key_len, + const secure_vector& secret, const byte salt[], size_t salt_len) const; @@ -59,7 +65,7 @@ class BOTAN_DLL KDF : public Algorithm * @param secret_len size of secret in bytes * @param salt a diversifier */ - SecureVector derive_key(size_t key_len, + secure_vector derive_key(size_t key_len, const byte secret[], size_t secret_len, const std::string& salt = "") const; @@ -72,7 +78,7 @@ class BOTAN_DLL KDF : public Algorithm * @param salt a diversifier * @param salt_len size of salt in bytes */ - SecureVector derive_key(size_t key_len, + secure_vector derive_key(size_t key_len, const byte secret[], size_t secret_len, const byte salt[], @@ -82,7 +88,7 @@ class BOTAN_DLL KDF : public Algorithm virtual KDF* clone() const = 0; private: - virtual SecureVector + virtual secure_vector derive(size_t key_len, const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const = 0; diff --git a/src/kdf/kdf1/kdf1.cpp b/src/kdf/kdf1/kdf1.cpp index f3e4e208f..f00f71010 100644 --- a/src/kdf/kdf1/kdf1.cpp +++ b/src/kdf/kdf1/kdf1.cpp @@ -12,7 +12,7 @@ namespace Botan { /* * KDF1 Key Derivation Mechanism */ -SecureVector KDF1::derive(size_t, +secure_vector KDF1::derive(size_t, const byte secret[], size_t secret_len, const byte P[], size_t P_len) const { diff --git a/src/kdf/kdf1/kdf1.h b/src/kdf/kdf1/kdf1.h index f627235be..6a14d2995 100644 --- a/src/kdf/kdf1/kdf1.h +++ b/src/kdf/kdf1/kdf1.h @@ -19,7 +19,7 @@ namespace Botan { class BOTAN_DLL KDF1 : public KDF { public: - SecureVector derive(size_t, + secure_vector derive(size_t, const byte secret[], size_t secret_len, const byte P[], size_t P_len) const; diff --git a/src/kdf/kdf2/kdf2.cpp b/src/kdf/kdf2/kdf2.cpp index 51b9e41ea..39a929b58 100644 --- a/src/kdf/kdf2/kdf2.cpp +++ b/src/kdf/kdf2/kdf2.cpp @@ -12,11 +12,11 @@ namespace Botan { /* * KDF2 Key Derivation Mechanism */ -SecureVector KDF2::derive(size_t out_len, +secure_vector KDF2::derive(size_t out_len, const byte secret[], size_t secret_len, const byte P[], size_t P_len) const { - SecureVector output; + secure_vector output; u32bit counter = 1; while(out_len && counter) @@ -25,7 +25,7 @@ SecureVector KDF2::derive(size_t out_len, hash->update_be(counter); hash->update(P, P_len); - SecureVector hash_result = hash->final(); + secure_vector hash_result = hash->final(); size_t added = std::min(hash_result.size(), out_len); output += std::make_pair(&hash_result[0], added); diff --git a/src/kdf/kdf2/kdf2.h b/src/kdf/kdf2/kdf2.h index e85fe6d1c..e33939df9 100644 --- a/src/kdf/kdf2/kdf2.h +++ b/src/kdf/kdf2/kdf2.h @@ -19,7 +19,7 @@ namespace Botan { class BOTAN_DLL KDF2 : public KDF { public: - SecureVector derive(size_t, const byte[], size_t, + secure_vector derive(size_t, const byte[], size_t, const byte[], size_t) const; std::string name() const { return "KDF2(" + hash->name() + ")"; } diff --git a/src/kdf/mgf1/mgf1.cpp b/src/kdf/mgf1/mgf1.cpp index 7d949c2b8..e0433a02f 100644 --- a/src/kdf/mgf1/mgf1.cpp +++ b/src/kdf/mgf1/mgf1.cpp @@ -25,7 +25,7 @@ void MGF1::mask(const byte in[], size_t in_len, byte out[], { hash->update(in, in_len); hash->update_be(counter); - SecureVector buffer = hash->final(); + secure_vector buffer = hash->final(); size_t xored = std::min(buffer.size(), out_len); xor_buf(out, &buffer[0], xored); diff --git a/src/kdf/prf_ssl3/prf_ssl3.cpp b/src/kdf/prf_ssl3/prf_ssl3.cpp index 72cf023e2..8475bf40a 100644 --- a/src/kdf/prf_ssl3/prf_ssl3.cpp +++ b/src/kdf/prf_ssl3/prf_ssl3.cpp @@ -33,11 +33,11 @@ OctetString next_hash(size_t where, size_t want, sha1.update(static_cast(ASCII_A_CHAR + where)); sha1.update(secret, secret_len); sha1.update(seed, seed_len); - SecureVector sha1_hash = sha1.final(); + secure_vector sha1_hash = sha1.final(); md5.update(secret, secret_len); md5.update(sha1_hash); - SecureVector md5_hash = md5.final(); + secure_vector md5_hash = md5.final(); return OctetString(&md5_hash[0], want); } @@ -47,7 +47,7 @@ OctetString next_hash(size_t where, size_t want, /* * SSL3 PRF */ -SecureVector SSL3_PRF::derive(size_t key_len, +secure_vector SSL3_PRF::derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const { diff --git a/src/kdf/prf_ssl3/prf_ssl3.h b/src/kdf/prf_ssl3/prf_ssl3.h index b07454be2..bae8badb8 100644 --- a/src/kdf/prf_ssl3/prf_ssl3.h +++ b/src/kdf/prf_ssl3/prf_ssl3.h @@ -18,7 +18,7 @@ namespace Botan { class BOTAN_DLL SSL3_PRF : public KDF { public: - SecureVector derive(size_t, const byte[], size_t, + secure_vector derive(size_t, const byte[], size_t, const byte[], size_t) const; std::string name() const { return "SSL3-PRF"; } diff --git a/src/kdf/prf_tls/prf_tls.cpp b/src/kdf/prf_tls/prf_tls.cpp index 1236e13c7..006b418c9 100644 --- a/src/kdf/prf_tls/prf_tls.cpp +++ b/src/kdf/prf_tls/prf_tls.cpp @@ -18,7 +18,7 @@ namespace { /* * TLS PRF P_hash function */ -void P_hash(MemoryRegion& output, +void P_hash(secure_vector& output, MessageAuthenticationCode* mac, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) @@ -34,7 +34,7 @@ void P_hash(MemoryRegion& output, " bytes is too long for the PRF"); } - SecureVector A(seed, seed_len); + secure_vector A(seed, seed + seed_len); size_t offset = 0; @@ -47,7 +47,7 @@ void P_hash(MemoryRegion& output, mac->update(A); mac->update(seed, seed_len); - SecureVector block = mac->final(); + secure_vector block = mac->final(); xor_buf(&output[offset], &block[0], this_block_len); offset += this_block_len; @@ -74,11 +74,11 @@ TLS_PRF::~TLS_PRF() /* * TLS PRF */ -SecureVector TLS_PRF::derive(size_t key_len, +secure_vector TLS_PRF::derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const { - SecureVector output(key_len); + secure_vector output(key_len); size_t S1_len = (secret_len + 1) / 2, S2_len = (secret_len + 1) / 2; @@ -103,11 +103,11 @@ TLS_12_PRF::~TLS_12_PRF() delete hmac; } -SecureVector TLS_12_PRF::derive(size_t key_len, +secure_vector TLS_12_PRF::derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const { - SecureVector output(key_len); + secure_vector output(key_len); P_hash(output, hmac, secret, secret_len, seed, seed_len); diff --git a/src/kdf/prf_tls/prf_tls.h b/src/kdf/prf_tls/prf_tls.h index 5237f17c0..fce11eae0 100644 --- a/src/kdf/prf_tls/prf_tls.h +++ b/src/kdf/prf_tls/prf_tls.h @@ -20,7 +20,7 @@ namespace Botan { class BOTAN_DLL TLS_PRF : public KDF { public: - SecureVector derive(size_t key_len, + secure_vector derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const; @@ -40,7 +40,7 @@ class BOTAN_DLL TLS_PRF : public KDF class BOTAN_DLL TLS_12_PRF : public KDF { public: - SecureVector derive(size_t key_len, + secure_vector derive(size_t key_len, const byte secret[], size_t secret_len, const byte seed[], size_t seed_len) const; diff --git a/src/kdf/prf_x942/prf_x942.cpp b/src/kdf/prf_x942/prf_x942.cpp index fc31effe4..149be163f 100644 --- a/src/kdf/prf_x942/prf_x942.cpp +++ b/src/kdf/prf_x942/prf_x942.cpp @@ -20,11 +20,11 @@ namespace { /* * Encode an integer as an OCTET STRING */ -MemoryVector encode_x942_int(u32bit n) +std::vector encode_x942_int(u32bit n) { byte n_buf[4] = { 0 }; store_be(n, n_buf); - return DER_Encoder().encode(n_buf, 4, OCTET_STRING).get_contents(); + return DER_Encoder().encode(n_buf, 4, OCTET_STRING).get_contents_unlocked(); } } @@ -32,14 +32,14 @@ MemoryVector encode_x942_int(u32bit n) /* * X9.42 PRF */ -SecureVector X942_PRF::derive(size_t key_len, +secure_vector X942_PRF::derive(size_t key_len, const byte secret[], size_t secret_len, const byte salt[], size_t salt_len) const { SHA_160 hash; const OID kek_algo(key_wrap_oid); - SecureVector key; + secure_vector key; u32bit counter = 1; while(key.size() != key_len && counter) @@ -68,7 +68,7 @@ SecureVector X942_PRF::derive(size_t key_len, .end_cons().get_contents() ); - SecureVector digest = hash.final(); + secure_vector digest = hash.final(); const size_t needed = std::min(digest.size(), key_len - key.size()); key += std::make_pair(&digest[0], needed); diff --git a/src/kdf/prf_x942/prf_x942.h b/src/kdf/prf_x942/prf_x942.h index e6093eda6..f86b1bdd5 100644 --- a/src/kdf/prf_x942/prf_x942.h +++ b/src/kdf/prf_x942/prf_x942.h @@ -18,7 +18,7 @@ namespace Botan { class BOTAN_DLL X942_PRF : public KDF { public: - SecureVector derive(size_t, const byte[], size_t, + secure_vector derive(size_t, const byte[], size_t, const byte[], size_t) const; std::string name() const { return "X942_PRF(" + key_wrap_oid + ")"; } diff --git a/src/libstate/info.txt b/src/libstate/info.txt index ef0c9a47e..0e523e601 100644 --- a/src/libstate/info.txt +++ b/src/libstate/info.txt @@ -45,5 +45,4 @@ rng sha2_32 sha2_64 stream -system_alloc diff --git a/src/libstate/libstate.cpp b/src/libstate/libstate.cpp index 588c5db1b..eafa6dbb0 100644 --- a/src/libstate/libstate.cpp +++ b/src/libstate/libstate.cpp @@ -9,7 +9,6 @@ #include #include #include -#include #include #include #include @@ -19,10 +18,6 @@ #include #endif -#if defined(BOTAN_HAS_ALLOC_MMAP) - #include -#endif - #if defined(BOTAN_HAS_ENGINE_ASSEMBLER) #include #endif @@ -45,53 +40,6 @@ namespace Botan { -/* -* Get an allocator by its name -*/ -Allocator* Library_State::get_allocator(const std::string& type) - { - std::lock_guard lock(allocator_lock); - - if(type != "") - return search_map(alloc_factory, type, 0); - - if(!cached_default_allocator) - { - cached_default_allocator = - search_map(alloc_factory, - default_allocator_name, 0); - } - - return cached_default_allocator; - } - -/* -* Create a new name to object mapping -*/ -void Library_State::add_allocator(Allocator* allocator) - { - std::lock_guard lock(allocator_lock); - - allocator->init(); - - allocators.push_back(allocator); - alloc_factory[allocator->type()] = allocator; - } - -/* -* Set the default allocator type -*/ -void Library_State::set_default_allocator(const std::string& type) - { - if(type == "") - return; - - std::lock_guard lock(allocator_lock); - - default_allocator_name = type; - cached_default_allocator = 0; - } - /* * Get a configuration value */ @@ -184,16 +132,6 @@ void Library_State::initialize() if(m_algorithm_factory) throw Invalid_State("Library_State has already been initialized"); - cached_default_allocator = 0; - default_allocator_name = has_mlock() ? "locking" : "malloc"; - - add_allocator(new Malloc_Allocator); - add_allocator(new Locking_Allocator); - -#if defined(BOTAN_HAS_ALLOC_MMAP) - add_allocator(new MemoryMapping_Allocator); -#endif - load_default_config(); m_algorithm_factory = new Algorithm_Factory(); @@ -230,7 +168,6 @@ void Library_State::initialize() */ Library_State::Library_State() { - cached_default_allocator = 0; m_algorithm_factory = 0; global_rng_ptr = 0; @@ -246,15 +183,6 @@ Library_State::~Library_State() delete global_rng_ptr; global_rng_ptr = 0; - - - cached_default_allocator = 0; - - for(size_t i = 0; i != allocators.size(); ++i) - { - allocators[i]->destroy(); - delete allocators[i]; - } } } diff --git a/src/libstate/libstate.h b/src/libstate/libstate.h index 49908a1e3..b260a5bb9 100644 --- a/src/libstate/libstate.h +++ b/src/libstate/libstate.h @@ -9,7 +9,6 @@ #define BOTAN_LIB_STATE_H__ #include -#include #include #include @@ -44,18 +43,6 @@ class BOTAN_DLL Library_State */ RandomNumberGenerator& global_rng(); - /** - * @param name the name of the allocator - * @return allocator matching this name, or NULL - */ - Allocator* get_allocator(const std::string& name = ""); - - /** - * Add a new allocator to the list of available ones - * @param alloc the allocator to add - */ - void add_allocator(Allocator* alloc); - /** * Set the default allocator * @param name the name of the allocator to use as the default @@ -121,12 +108,6 @@ class BOTAN_DLL Library_State std::mutex config_lock; std::map config; - std::mutex allocator_lock; - std::string default_allocator_name; - std::map alloc_factory; - mutable Allocator* cached_default_allocator; - std::vector allocators; - Algorithm_Factory* m_algorithm_factory; }; diff --git a/src/mac/cbc_mac/cbc_mac.h b/src/mac/cbc_mac/cbc_mac.h index 5cc8adc67..be25718d9 100644 --- a/src/mac/cbc_mac/cbc_mac.h +++ b/src/mac/cbc_mac/cbc_mac.h @@ -40,7 +40,7 @@ class BOTAN_DLL CBC_MAC : public MessageAuthenticationCode void key_schedule(const byte[], size_t); BlockCipher* e; - SecureVector state; + secure_vector state; size_t position; }; diff --git a/src/mac/cmac/cmac.cpp b/src/mac/cmac/cmac.cpp index 7cd53f578..00120cf14 100644 --- a/src/mac/cmac/cmac.cpp +++ b/src/mac/cmac/cmac.cpp @@ -13,12 +13,12 @@ namespace Botan { /* * Perform CMAC's multiplication in GF(2^n) */ -SecureVector CMAC::poly_double(const MemoryRegion& in, +secure_vector CMAC::poly_double(const secure_vector& in, byte polynomial) { const byte poly_xor = (in[0] & 0x80) ? polynomial : 0; - SecureVector out = in; + secure_vector out = in; byte carry = 0; for(size_t i = out.size(); i != 0; --i) diff --git a/src/mac/cmac/cmac.h b/src/mac/cmac/cmac.h index 98634bdb7..3e75d3951 100644 --- a/src/mac/cmac/cmac.h +++ b/src/mac/cmac/cmac.h @@ -35,7 +35,7 @@ class BOTAN_DLL CMAC : public MessageAuthenticationCode * @param in the input * @param polynomial the byte value of the polynomial */ - static SecureVector poly_double(const MemoryRegion& in, + static secure_vector poly_double(const secure_vector& in, byte polynomial); /** @@ -49,7 +49,7 @@ class BOTAN_DLL CMAC : public MessageAuthenticationCode void key_schedule(const byte[], size_t); BlockCipher* e; - SecureVector buffer, state, B, P; + secure_vector buffer, state, B, P; size_t position; byte polynomial; }; diff --git a/src/mac/hmac/hmac.cpp b/src/mac/hmac/hmac.cpp index fc35e26ea..61cb262d0 100644 --- a/src/mac/hmac/hmac.cpp +++ b/src/mac/hmac/hmac.cpp @@ -42,7 +42,7 @@ void HMAC::key_schedule(const byte key[], size_t length) if(length > hash->hash_block_size()) { - SecureVector hmac_key = hash->process(key, length); + secure_vector hmac_key = hash->process(key, length); xor_buf(i_key, hmac_key, hmac_key.size()); xor_buf(o_key, hmac_key, hmac_key.size()); } diff --git a/src/mac/hmac/hmac.h b/src/mac/hmac/hmac.h index 9de1bc7b5..cb5bd6917 100644 --- a/src/mac/hmac/hmac.h +++ b/src/mac/hmac/hmac.h @@ -41,7 +41,7 @@ class BOTAN_DLL HMAC : public MessageAuthenticationCode void key_schedule(const byte[], size_t); HashFunction* hash; - SecureVector i_key, o_key; + secure_vector i_key, o_key; }; } diff --git a/src/mac/mac.cpp b/src/mac/mac.cpp index 2ef4ab64c..094aa1b4a 100644 --- a/src/mac/mac.cpp +++ b/src/mac/mac.cpp @@ -15,7 +15,7 @@ namespace Botan { */ bool MessageAuthenticationCode::verify_mac(const byte mac[], size_t length) { - SecureVector our_mac = final(); + secure_vector our_mac = final(); if(our_mac.size() != length) return false; diff --git a/src/mac/ssl3mac/ssl3_mac.h b/src/mac/ssl3mac/ssl3_mac.h index a85a78263..d23ac023c 100644 --- a/src/mac/ssl3mac/ssl3_mac.h +++ b/src/mac/ssl3mac/ssl3_mac.h @@ -41,7 +41,7 @@ class BOTAN_DLL SSL3_MAC : public MessageAuthenticationCode void key_schedule(const byte[], size_t); HashFunction* hash; - SecureVector i_key, o_key; + secure_vector i_key, o_key; }; } diff --git a/src/mac/x919_mac/x919_mac.cpp b/src/mac/x919_mac/x919_mac.cpp index fcbe77537..faf6138ef 100644 --- a/src/mac/x919_mac/x919_mac.cpp +++ b/src/mac/x919_mac/x919_mac.cpp @@ -44,7 +44,7 @@ void ANSI_X919_MAC::final_result(byte mac[]) { if(position) e->encrypt(state); - d->decrypt(state, mac); + d->decrypt(&state[0], mac); e->encrypt(mac); zeroise(state); position = 0; diff --git a/src/mac/x919_mac/x919_mac.h b/src/mac/x919_mac/x919_mac.h index 58a005e0b..4b5e63b33 100644 --- a/src/mac/x919_mac/x919_mac.h +++ b/src/mac/x919_mac/x919_mac.h @@ -41,7 +41,7 @@ class BOTAN_DLL ANSI_X919_MAC : public MessageAuthenticationCode BlockCipher* e; BlockCipher* d; - SecureVector state; + secure_vector state; size_t position; }; diff --git a/src/math/bigint/big_code.cpp b/src/math/bigint/big_code.cpp index 28614c9f1..a55ec662e 100644 --- a/src/math/bigint/big_code.cpp +++ b/src/math/bigint/big_code.cpp @@ -21,7 +21,7 @@ void BigInt::encode(byte output[], const BigInt& n, Base base) n.binary_encode(output); else if(base == Hexadecimal) { - SecureVector binary(n.encoded_size(Binary)); + secure_vector binary(n.encoded_size(Binary)); n.binary_encode(&binary[0]); hex_encode(reinterpret_cast(output), @@ -61,9 +61,23 @@ void BigInt::encode(byte output[], const BigInt& n, Base base) /* * Encode a BigInt */ -SecureVector BigInt::encode(const BigInt& n, Base base) +std::vector BigInt::encode(const BigInt& n, Base base) { - SecureVector output(n.encoded_size(base)); + std::vector output(n.encoded_size(base)); + encode(&output[0], n, base); + if(base != Binary) + for(size_t j = 0; j != output.size(); ++j) + if(output[j] == 0) + output[j] = '0'; + return output; + } + +/* +* Encode a BigInt +*/ +secure_vector BigInt::encode_locked(const BigInt& n, Base base) + { + secure_vector output(n.encoded_size(base)); encode(&output[0], n, base); if(base != Binary) for(size_t j = 0; j != output.size(); ++j) @@ -75,7 +89,7 @@ SecureVector BigInt::encode(const BigInt& n, Base base) /* * Encode a BigInt, with leading 0s if needed */ -SecureVector BigInt::encode_1363(const BigInt& n, size_t bytes) +secure_vector BigInt::encode_1363(const BigInt& n, size_t bytes) { const size_t n_bytes = n.bytes(); if(n_bytes > bytes) @@ -83,19 +97,11 @@ SecureVector BigInt::encode_1363(const BigInt& n, size_t bytes) const size_t leading_0s = bytes - n_bytes; - SecureVector output(bytes); + secure_vector output(bytes); encode(&output[leading_0s], n, Binary); return output; } -/* -* Decode a BigInt -*/ -BigInt BigInt::decode(const MemoryRegion& buf, Base base) - { - return BigInt::decode(&buf[0], buf.size(), base); - } - /* * Decode a BigInt */ @@ -106,7 +112,7 @@ BigInt BigInt::decode(const byte buf[], size_t length, Base base) r.binary_decode(buf, length); else if(base == Hexadecimal) { - SecureVector binary; + secure_vector binary; if(length % 2) { diff --git a/src/math/bigint/big_io.cpp b/src/math/bigint/big_io.cpp index 70e4a464a..130a98a3b 100644 --- a/src/math/bigint/big_io.cpp +++ b/src/math/bigint/big_io.cpp @@ -27,7 +27,7 @@ std::ostream& operator<<(std::ostream& stream, const BigInt& n) { if(n < 0) stream.write("-", 1); - SecureVector buffer = BigInt::encode(n, base); + const std::vector buffer = BigInt::encode(n, base); size_t skip = 0; while(buffer[skip] == '0' && skip < buffer.size()) ++skip; diff --git a/src/math/bigint/big_ops2.cpp b/src/math/bigint/big_ops2.cpp index ff5cc7922..ea2bdc961 100644 --- a/src/math/bigint/big_ops2.cpp +++ b/src/math/bigint/big_ops2.cpp @@ -23,15 +23,15 @@ BigInt& BigInt::operator+=(const BigInt& y) grow_to(reg_size); if(sign() == y.sign()) - bigint_add2(get_reg(), reg_size - 1, y.data(), y_sw); + bigint_add2(data(), reg_size - 1, y.data(), y_sw); else { s32bit relative_size = bigint_cmp(data(), x_sw, y.data(), y_sw); if(relative_size < 0) { - SecureVector z(reg_size - 1); - bigint_sub3(z, y.data(), reg_size - 1, data(), x_sw); + secure_vector z(reg_size - 1); + bigint_sub3(&z[0], y.data(), reg_size - 1, data(), x_sw); copy_mem(®[0], &z[0], z.size()); set_sign(y.sign()); } @@ -41,7 +41,7 @@ BigInt& BigInt::operator+=(const BigInt& y) set_sign(Positive); } else if(relative_size > 0) - bigint_sub2(get_reg(), x_sw, y.data(), y_sw); + bigint_sub2(data(), x_sw, y.data(), y_sw); } return (*this); @@ -62,9 +62,9 @@ BigInt& BigInt::operator-=(const BigInt& y) if(relative_size < 0) { if(sign() == y.sign()) - bigint_sub2_rev(get_reg(), y.data(), y_sw); + bigint_sub2_rev(data(), y.data(), y_sw); else - bigint_add2(get_reg(), reg_size - 1, y.data(), y_sw); + bigint_add2(data(), reg_size - 1, y.data(), y_sw); set_sign(y.reverse_sign()); } @@ -76,14 +76,14 @@ BigInt& BigInt::operator-=(const BigInt& y) set_sign(Positive); } else - bigint_shl1(get_reg(), x_sw, 0, 1); + bigint_shl1(data(), x_sw, 0, 1); } else if(relative_size > 0) { if(sign() == y.sign()) - bigint_sub2(get_reg(), x_sw, y.data(), y_sw); + bigint_sub2(data(), x_sw, y.data(), y_sw); else - bigint_add2(get_reg(), reg_size - 1, y.data(), y_sw); + bigint_add2(data(), reg_size - 1, y.data(), y_sw); } return (*this); @@ -105,22 +105,22 @@ BigInt& BigInt::operator*=(const BigInt& y) else if(x_sw == 1 && y_sw) { grow_to(y_sw + 2); - bigint_linmul3(get_reg(), y.data(), y_sw, word_at(0)); + bigint_linmul3(data(), y.data(), y_sw, word_at(0)); } else if(y_sw == 1 && x_sw) { grow_to(x_sw + 2); - bigint_linmul2(get_reg(), x_sw, y.word_at(0)); + bigint_linmul2(data(), x_sw, y.word_at(0)); } else { grow_to(size() + y.size()); - SecureVector z(data(), x_sw); - SecureVector workspace(size()); + secure_vector z(data(), data() + x_sw); + secure_vector workspace(size()); - bigint_mul(get_reg(), size(), workspace, - z, z.size(), x_sw, + bigint_mul(data(), size(), &workspace[0], + &z[0], z.size(), x_sw, y.data(), y.size(), y_sw); } @@ -159,7 +159,7 @@ word BigInt::operator%=(word mod) word result = (word_at(0) & (mod - 1)); clear(); grow_to(2); - get_reg()[0] = result; + reg[0] = result; return result; } @@ -171,9 +171,9 @@ word BigInt::operator%=(word mod) grow_to(2); if(remainder && sign() == BigInt::Negative) - get_reg()[0] = mod - remainder; + reg[0] = mod - remainder; else - get_reg()[0] = remainder; + reg[0] = remainder; set_sign(BigInt::Positive); @@ -192,7 +192,7 @@ BigInt& BigInt::operator<<=(size_t shift) words = sig_words(); grow_to(words + shift_words + (shift_bits ? 1 : 0)); - bigint_shl1(get_reg(), words, shift_words, shift_bits); + bigint_shl1(data(), words, shift_words, shift_bits); } return (*this); @@ -208,7 +208,7 @@ BigInt& BigInt::operator>>=(size_t shift) const size_t shift_words = shift / MP_WORD_BITS, shift_bits = shift % MP_WORD_BITS; - bigint_shr1(get_reg(), sig_words(), shift_words, shift_bits); + bigint_shr1(data(), sig_words(), shift_words, shift_bits); if(is_zero()) set_sign(Positive); diff --git a/src/math/bigint/big_ops3.cpp b/src/math/bigint/big_ops3.cpp index 52472bc52..a33b32bb7 100644 --- a/src/math/bigint/big_ops3.cpp +++ b/src/math/bigint/big_ops3.cpp @@ -23,20 +23,20 @@ BigInt operator+(const BigInt& x, const BigInt& y) BigInt z(x.sign(), std::max(x_sw, y_sw) + 1); if((x.sign() == y.sign())) - bigint_add3(z.get_reg(), x.data(), x_sw, y.data(), y_sw); + bigint_add3(z.data(), x.data(), x_sw, y.data(), y_sw); else { s32bit relative_size = bigint_cmp(x.data(), x_sw, y.data(), y_sw); if(relative_size < 0) { - bigint_sub3(z.get_reg(), y.data(), y_sw, x.data(), x_sw); + bigint_sub3(z.data(), y.data(), y_sw, x.data(), x_sw); z.set_sign(y.sign()); } else if(relative_size == 0) z.set_sign(BigInt::Positive); else if(relative_size > 0) - bigint_sub3(z.get_reg(), x.data(), x_sw, y.data(), y_sw); + bigint_sub3(z.data(), x.data(), x_sw, y.data(), y_sw); } return z; @@ -56,22 +56,22 @@ BigInt operator-(const BigInt& x, const BigInt& y) if(relative_size < 0) { if(x.sign() == y.sign()) - bigint_sub3(z.get_reg(), y.data(), y_sw, x.data(), x_sw); + bigint_sub3(z.data(), y.data(), y_sw, x.data(), x_sw); else - bigint_add3(z.get_reg(), x.data(), x_sw, y.data(), y_sw); + bigint_add3(z.data(), x.data(), x_sw, y.data(), y_sw); z.set_sign(y.reverse_sign()); } else if(relative_size == 0) { if(x.sign() != y.sign()) - bigint_shl2(z.get_reg(), x.data(), x_sw, 0, 1); + bigint_shl2(z.data(), x.data(), x_sw, 0, 1); } else if(relative_size > 0) { if(x.sign() == y.sign()) - bigint_sub3(z.get_reg(), x.data(), x_sw, y.data(), y_sw); + bigint_sub3(z.data(), x.data(), x_sw, y.data(), y_sw); else - bigint_add3(z.get_reg(), x.data(), x_sw, y.data(), y_sw); + bigint_add3(z.data(), x.data(), x_sw, y.data(), y_sw); z.set_sign(x.sign()); } return z; @@ -87,13 +87,13 @@ BigInt operator*(const BigInt& x, const BigInt& y) BigInt z(BigInt::Positive, x.size() + y.size()); if(x_sw == 1 && y_sw) - bigint_linmul3(z.get_reg(), y.data(), y_sw, x.word_at(0)); + bigint_linmul3(z.data(), y.data(), y_sw, x.word_at(0)); else if(y_sw == 1 && x_sw) - bigint_linmul3(z.get_reg(), x.data(), x_sw, y.word_at(0)); + bigint_linmul3(z.data(), x.data(), x_sw, y.word_at(0)); else if(x_sw && y_sw) { - SecureVector workspace(z.size()); - bigint_mul(z.get_reg(), z.size(), workspace, + secure_vector workspace(z.size()); + bigint_mul(z.data(), z.size(), &workspace[0], x.data(), x.size(), x_sw, y.data(), y.size(), y_sw); } @@ -164,7 +164,7 @@ BigInt operator<<(const BigInt& x, size_t shift) const size_t x_sw = x.sig_words(); BigInt y(x.sign(), x_sw + shift_words + (shift_bits ? 1 : 0)); - bigint_shl2(y.get_reg(), x.data(), x_sw, shift_words, shift_bits); + bigint_shl2(y.data(), x.data(), x_sw, shift_words, shift_bits); return y; } @@ -183,7 +183,7 @@ BigInt operator>>(const BigInt& x, size_t shift) x_sw = x.sig_words(); BigInt y(x.sign(), x_sw - shift_words); - bigint_shr2(y.get_reg(), x.data(), x_sw, shift_words, shift_bits); + bigint_shr2(y.data(), x.data(), x_sw, shift_words, shift_bits); return y; } diff --git a/src/math/bigint/big_rand.cpp b/src/math/bigint/big_rand.cpp index 7cddb2de0..a6776a296 100644 --- a/src/math/bigint/big_rand.cpp +++ b/src/math/bigint/big_rand.cpp @@ -35,7 +35,7 @@ void BigInt::randomize(RandomNumberGenerator& rng, clear(); else { - SecureVector array = rng.random_vec((bitsize + 7) / 8); + secure_vector array = rng.random_vec((bitsize + 7) / 8); if(bitsize % 8) array[0] &= 0xFF >> (8 - (bitsize % 8)); diff --git a/src/math/bigint/bigint.cpp b/src/math/bigint/bigint.cpp index df4414aba..5029c01f8 100644 --- a/src/math/bigint/bigint.cpp +++ b/src/math/bigint/bigint.cpp @@ -345,12 +345,4 @@ void BigInt::binary_decode(const byte buf[], size_t length) reg[length / WORD_BYTES] = (reg[length / WORD_BYTES] << 8) | buf[i]; } -/* -* Set this number to the value in buf -*/ -void BigInt::binary_decode(const MemoryRegion& buf) - { - binary_decode(buf, buf.size()); - } - } diff --git a/src/math/bigint/bigint.h b/src/math/bigint/bigint.h index 57aa84528..98b98bd6f 100644 --- a/src/math/bigint/bigint.h +++ b/src/math/bigint/bigint.h @@ -309,6 +309,13 @@ class BOTAN_DLL BigInt */ size_t bits() const; + /** + * Return a pointer to the big integer word register + * @result a pointer to the start of the internal register of + * the integer value + */ + word* data() { return ®[0]; } + /** * Return a pointer to the big integer word register * @result a pointer to the start of the internal register of @@ -318,18 +325,18 @@ class BOTAN_DLL BigInt /** * return a reference to the internal register containing the value - * @result a reference to the word-array (SecureVector) + * @result a reference to the word-array (secure_vector) * with the internal register value (containing the integer * value) */ - SecureVector& get_reg() { return reg; } + secure_vector& get_reg() { return reg; } /** * return a const reference to the internal register containing the value - * @result a const reference to the word-array (SecureVector) + * @result a const reference to the word-array (secure_vector) * with the internal register value (containing the integer value) */ - const SecureVector& get_reg() const { return reg; } + const secure_vector& get_reg() const { return reg; } /** * Assign using a plain word array @@ -369,10 +376,13 @@ class BOTAN_DLL BigInt void binary_decode(const byte buf[], size_t length); /** - * Read integer value from a byte array (MemoryRegion) + * Read integer value from a byte array (secure_vector) * @param buf the array to load from */ - void binary_decode(const MemoryRegion& buf); + void binary_decode(const secure_vector& buf) + { + binary_decode(&buf[0], buf.size()); + } /** * @param base the base to measure the size for @@ -391,12 +401,21 @@ class BOTAN_DLL BigInt const BigInt& max); /** - * Encode the integer value from a BigInt to a SecureVector of bytes + * Encode the integer value from a BigInt to a std::vector of bytes + * @param n the BigInt to use as integer source + * @param base number-base of resulting byte array representation + * @result secure_vector of bytes containing the integer with given base + */ + static std::vector encode(const BigInt& n, Base base = Binary); + + /** + * Encode the integer value from a BigInt to a secure_vector of bytes * @param n the BigInt to use as integer source * @param base number-base of resulting byte array representation - * @result SecureVector of bytes containing the integer with given base + * @result secure_vector of bytes containing the integer with given base */ - static SecureVector encode(const BigInt& n, Base base = Binary); + static secure_vector encode_locked(const BigInt& n, + Base base = Binary); /** * Encode the integer value from a BigInt to a byte array @@ -423,16 +442,31 @@ class BOTAN_DLL BigInt * @param base number-base of the integer in buf * @result BigInt representing the integer in the byte array */ - static BigInt decode(const MemoryRegion& buf, - Base base = Binary); + static BigInt decode(const secure_vector& buf, + Base base = Binary) + { + return BigInt::decode(&buf[0], buf.size(), base); + } + + /** + * Create a BigInt from an integer in a byte array + * @param buf the binary value to load + * @param base number-base of the integer in buf + * @result BigInt representing the integer in the byte array + */ + static BigInt decode(const std::vector& buf, + Base base = Binary) + { + return BigInt::decode(&buf[0], buf.size(), base); + } /** * Encode a BigInt to a byte array according to IEEE 1363 * @param n the BigInt to encode - * @param bytes the length of the resulting SecureVector - * @result a SecureVector containing the encoded BigInt + * @param bytes the length of the resulting secure_vector + * @result a secure_vector containing the encoded BigInt */ - static SecureVector encode_1363(const BigInt& n, size_t bytes); + static secure_vector encode_1363(const BigInt& n, size_t bytes); /** * Swap this value with another @@ -528,7 +562,7 @@ class BOTAN_DLL BigInt */ BigInt& operator=(const BigInt&) = default; private: - SecureVector reg; + secure_vector reg; Sign signedness; }; diff --git a/src/math/ec_gfp/point_gfp.cpp b/src/math/ec_gfp/point_gfp.cpp index 7ac6b4141..ec6fed4a1 100644 --- a/src/math/ec_gfp/point_gfp.cpp +++ b/src/math/ec_gfp/point_gfp.cpp @@ -45,7 +45,7 @@ void PointGFp::monty_mult(BigInt& z, const BigInt& x, const BigInt& y) const const size_t p_size = curve.get_p_words(); const word p_dash = curve.get_p_dash(); - SecureVector& z_reg = z.get_reg(); + secure_vector& z_reg = z.get_reg(); z_reg.resize(2*p_size+1); zeroise(z_reg); @@ -71,7 +71,7 @@ void PointGFp::monty_sqr(BigInt& z, const BigInt& x) const const size_t p_size = curve.get_p_words(); const word p_dash = curve.get_p_dash(); - SecureVector& z_reg = z.get_reg(); + secure_vector& z_reg = z.get_reg(); z_reg.resize(2*p_size+1); zeroise(z_reg); @@ -479,22 +479,22 @@ bool PointGFp::operator==(const PointGFp& other) const } // encoding and decoding -SecureVector EC2OSP(const PointGFp& point, byte format) +secure_vector EC2OSP(const PointGFp& point, byte format) { if(point.is_zero()) - return SecureVector(1); // single 0 byte + return secure_vector(1); // single 0 byte const size_t p_bytes = point.get_curve().get_p().bytes(); BigInt x = point.get_affine_x(); BigInt y = point.get_affine_y(); - SecureVector bX = BigInt::encode_1363(x, p_bytes); - SecureVector bY = BigInt::encode_1363(y, p_bytes); + secure_vector bX = BigInt::encode_1363(x, p_bytes); + secure_vector bY = BigInt::encode_1363(y, p_bytes); if(format == PointGFp::UNCOMPRESSED) { - SecureVector result; + secure_vector result; result.push_back(0x04); result += bX; @@ -504,7 +504,7 @@ SecureVector EC2OSP(const PointGFp& point, byte format) } else if(format == PointGFp::COMPRESSED) { - SecureVector result; + secure_vector result; result.push_back(0x02 | static_cast(y.get_bit(0))); result += bX; @@ -513,7 +513,7 @@ SecureVector EC2OSP(const PointGFp& point, byte format) } else if(format == PointGFp::HYBRID) { - SecureVector result; + secure_vector result; result.push_back(0x06 | static_cast(y.get_bit(0))); result += bX; diff --git a/src/math/ec_gfp/point_gfp.h b/src/math/ec_gfp/point_gfp.h index 546a8dd6f..017f66e1c 100644 --- a/src/math/ec_gfp/point_gfp.h +++ b/src/math/ec_gfp/point_gfp.h @@ -245,7 +245,7 @@ class BOTAN_DLL PointGFp CurveGFp curve; BigInt coord_x, coord_y, coord_z; - mutable SecureVector ws; // workspace for Montgomery + mutable secure_vector ws; // workspace for Montgomery }; // relational operators @@ -278,12 +278,13 @@ inline PointGFp operator*(const PointGFp& point, const BigInt& scalar) } // encoding and decoding -SecureVector BOTAN_DLL EC2OSP(const PointGFp& point, byte format); +secure_vector BOTAN_DLL EC2OSP(const PointGFp& point, byte format); PointGFp BOTAN_DLL OS2ECP(const byte data[], size_t data_len, const CurveGFp& curve); -inline PointGFp OS2ECP(const MemoryRegion& data, const CurveGFp& curve) +template +PointGFp OS2ECP(const std::vector& data, const CurveGFp& curve) { return OS2ECP(&data[0], data.size(), curve); } } diff --git a/src/math/numbertheory/dsa_gen.cpp b/src/math/numbertheory/dsa_gen.cpp index 612370804..d30a08f1a 100644 --- a/src/math/numbertheory/dsa_gen.cpp +++ b/src/math/numbertheory/dsa_gen.cpp @@ -42,7 +42,7 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, Algorithm_Factory& af, BigInt& p, BigInt& q, size_t pbits, size_t qbits, - const MemoryRegion& seed_c) + const std::vector& seed_c) { if(!fips186_3_valid_size(pbits, qbits)) throw Invalid_Argument( @@ -62,9 +62,9 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, class Seed { public: - Seed(const MemoryRegion& s) : seed(s) {} + Seed(const std::vector& s) : seed(s) {} - operator MemoryRegion& () { return seed; } + operator std::vector& () { return seed; } Seed& operator++() { @@ -74,7 +74,7 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, return (*this); } private: - SecureVector seed; + std::vector seed; }; Seed seed(seed_c); @@ -90,7 +90,7 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, b = (pbits-1) % (HASH_SIZE * 8); BigInt X; - SecureVector V(HASH_SIZE * (n+1)); + std::vector V(HASH_SIZE * (n+1)); for(size_t j = 0; j != 4096; ++j) { @@ -116,14 +116,15 @@ bool generate_dsa_primes(RandomNumberGenerator& rng, /* * Generate DSA Primes */ -SecureVector generate_dsa_primes(RandomNumberGenerator& rng, - Algorithm_Factory& af, - BigInt& p, BigInt& q, - size_t pbits, size_t qbits) +std::vector generate_dsa_primes(RandomNumberGenerator& rng, + Algorithm_Factory& af, + BigInt& p, BigInt& q, + size_t pbits, size_t qbits) { while(true) { - SecureVector seed = rng.random_vec(qbits / 8); + std::vector seed(qbits / 8); + rng.randomize(&seed[0], seed.size()); if(generate_dsa_primes(rng, af, p, q, pbits, qbits, seed)) return seed; diff --git a/src/math/numbertheory/make_prm.cpp b/src/math/numbertheory/make_prm.cpp index 1e8d11000..dc94420ab 100644 --- a/src/math/numbertheory/make_prm.cpp +++ b/src/math/numbertheory/make_prm.cpp @@ -48,7 +48,7 @@ BigInt random_prime(RandomNumberGenerator& rng, p += (modulo - p % modulo) + equiv; const size_t sieve_size = std::min(bits / 2, PRIME_TABLE_SIZE); - SecureVector sieve(sieve_size); + secure_vector sieve(sieve_size); for(size_t j = 0; j != sieve.size(); ++j) sieve[j] = p % PRIMES[j]; diff --git a/src/math/numbertheory/mp_numth.cpp b/src/math/numbertheory/mp_numth.cpp index 23623b5f0..b10fe2639 100644 --- a/src/math/numbertheory/mp_numth.cpp +++ b/src/math/numbertheory/mp_numth.cpp @@ -20,9 +20,9 @@ BigInt square(const BigInt& x) const size_t x_sw = x.sig_words(); BigInt z(BigInt::Positive, round_up(2*x_sw, 16)); - SecureVector workspace(z.size()); + secure_vector workspace(z.size()); - bigint_sqr(z.get_reg(), z.size(), workspace, + bigint_sqr(z.data(), z.size(), &workspace[0], x.data(), x.size(), x_sw); return z; } @@ -44,13 +44,13 @@ BigInt mul_add(const BigInt& a, const BigInt& b, const BigInt& c) const size_t c_sw = c.sig_words(); BigInt r(sign, std::max(a.size() + b.size(), c_sw) + 1); - SecureVector workspace(r.size()); + secure_vector workspace(r.size()); - bigint_mul(r.get_reg(), r.size(), workspace, + bigint_mul(r.data(), r.size(), &workspace[0], a.data(), a.size(), a_sw, b.data(), b.size(), b_sw); const size_t r_size = std::max(r.sig_words(), c_sw); - bigint_add2(r.get_reg(), r_size, c.data(), c_sw); + bigint_add2(r.data(), r_size, c.data(), c_sw); return r; } diff --git a/src/math/numbertheory/numthry.h b/src/math/numbertheory/numthry.h index 750fbc78e..d21635f34 100644 --- a/src/math/numbertheory/numthry.h +++ b/src/math/numbertheory/numthry.h @@ -189,7 +189,7 @@ class Algorithm_Factory; * @param qbits how long q will be in bits * @return random seed used to generate this parameter set */ -SecureVector BOTAN_DLL +std::vector BOTAN_DLL generate_dsa_primes(RandomNumberGenerator& rng, Algorithm_Factory& af, BigInt& p_out, BigInt& q_out, @@ -212,7 +212,7 @@ generate_dsa_primes(RandomNumberGenerator& rng, Algorithm_Factory& af, BigInt& p_out, BigInt& q_out, size_t pbits, size_t qbits, - const MemoryRegion& seed); + const std::vector& seed); /** * The size of the PRIMES[] array diff --git a/src/math/numbertheory/powm_mnt.cpp b/src/math/numbertheory/powm_mnt.cpp index 8993f4ba9..0db5455a7 100644 --- a/src/math/numbertheory/powm_mnt.cpp +++ b/src/math/numbertheory/powm_mnt.cpp @@ -29,8 +29,8 @@ void Montgomery_Exponentiator::set_base(const BigInt& base) g.resize((1 << window_bits) - 1); - SecureVector z(2 * (mod_words + 1)); - SecureVector workspace(z.size()); + secure_vector z(2 * (mod_words + 1)); + secure_vector workspace(z.size()); g[0] = (base >= modulus) ? (base % modulus) : base; @@ -69,8 +69,8 @@ BigInt Montgomery_Exponentiator::execute() const const size_t exp_nibbles = (exp_bits + window_bits - 1) / window_bits; BigInt x = R_mod; - SecureVector z(2 * (mod_words + 1)); - SecureVector workspace(2 * (mod_words + 1)); + secure_vector z(2 * (mod_words + 1)); + secure_vector workspace(2 * (mod_words + 1)); for(size_t i = exp_nibbles; i > 0; --i) { diff --git a/src/passhash/bcrypt/bcrypt.cpp b/src/passhash/bcrypt/bcrypt.cpp index b0d654717..eeb99399f 100644 --- a/src/passhash/bcrypt/bcrypt.cpp +++ b/src/passhash/bcrypt/bcrypt.cpp @@ -54,7 +54,7 @@ std::string bcrypt_base64_encode(const byte input[], size_t length) return b64; } -MemoryVector bcrypt_base64_decode(std::string input) +std::vector bcrypt_base64_decode(std::string input) { const byte OPENBSD_BASE64_SUB[256] = { 0x00, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, @@ -84,11 +84,11 @@ MemoryVector bcrypt_base64_decode(std::string input) for(size_t i = 0; i != input.size(); ++i) input[i] = OPENBSD_BASE64_SUB[static_cast(input[i])]; - return base64_decode(input); + return unlock(base64_decode(input)); } std::string make_bcrypt(const std::string& pass, - const MemoryRegion& salt, + const std::vector& salt, u16bit work_factor) { const byte magic[24] = { @@ -97,14 +97,14 @@ std::string make_bcrypt(const std::string& pass, 0x63, 0x72, 0x79, 0x44, 0x6F, 0x75, 0x62, 0x74 }; - MemoryVector ctext(magic, 24); + std::vector ctext(magic, magic + sizeof(magic)); Blowfish blowfish; // Include the trailing NULL byte blowfish.eks_key_schedule(reinterpret_cast(pass.c_str()), pass.length() + 1, - salt, + &salt[0], work_factor); for(size_t i = 0; i != 64; ++i) @@ -127,7 +127,7 @@ std::string generate_bcrypt(const std::string& pass, RandomNumberGenerator& rng, u16bit work_factor) { - return make_bcrypt(pass, rng.random_vec(16), work_factor); + return make_bcrypt(pass, unlock(rng.random_vec(16)), work_factor); } bool check_bcrypt(const std::string& pass, const std::string& hash) @@ -141,7 +141,7 @@ bool check_bcrypt(const std::string& pass, const std::string& hash) const u16bit workfactor = to_u32bit(hash.substr(4, 2)); - MemoryVector salt = bcrypt_base64_decode(hash.substr(7, 22)); + std::vector salt = bcrypt_base64_decode(hash.substr(7, 22)); const std::string compare = make_bcrypt(pass, salt, workfactor); diff --git a/src/passhash/passhash9/passhash9.cpp b/src/passhash/passhash9/passhash9.cpp index 43bfdd36e..cbfe668f1 100644 --- a/src/passhash/passhash9/passhash9.cpp +++ b/src/passhash/passhash9/passhash9.cpp @@ -59,12 +59,12 @@ std::string generate_passhash9(const std::string& pass, PKCS5_PBKDF2 kdf(prf); // takes ownership of pointer - SecureVector salt(SALT_BYTES); + secure_vector salt(SALT_BYTES); rng.randomize(&salt[0], salt.size()); const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor; - SecureVector pbkdf2_output = + secure_vector pbkdf2_output = kdf.derive_key(PASSHASH9_PBKDF_OUTPUT_LEN, pass, &salt[0], salt.size(), @@ -105,7 +105,7 @@ bool check_passhash9(const std::string& pass, const std::string& hash) pipe.write(hash.c_str() + MAGIC_PREFIX.size()); pipe.end_msg(); - SecureVector bin = pipe.read_all(); + secure_vector bin = pipe.read_all(); if(bin.size() != BINARY_LENGTH) return false; @@ -125,7 +125,7 @@ bool check_passhash9(const std::string& pass, const std::string& hash) PKCS5_PBKDF2 kdf(pbkdf_prf); // takes ownership of pointer - SecureVector cmp = kdf.derive_key( + secure_vector cmp = kdf.derive_key( PASSHASH9_PBKDF_OUTPUT_LEN, pass, &bin[ALGID_BYTES + WORKFACTOR_BYTES], SALT_BYTES, diff --git a/src/pbe/pbe.h b/src/pbe/pbe.h index 9add98872..975f3e6c7 100644 --- a/src/pbe/pbe.h +++ b/src/pbe/pbe.h @@ -37,7 +37,7 @@ class BOTAN_DLL PBE : public Filter * DER encode the params (the number of iterations and the salt value) * @return encoded params */ - virtual MemoryVector encode_params() const = 0; + virtual std::vector encode_params() const = 0; /** * Decode params and use them inside this Filter. diff --git a/src/pbe/pbes1/pbes1.cpp b/src/pbe/pbes1/pbes1.cpp index ec5ebb253..0e5e8284c 100644 --- a/src/pbe/pbes1/pbes1.cpp +++ b/src/pbe/pbes1/pbes1.cpp @@ -65,7 +65,7 @@ void PBE_PKCS5v15::flush_pipe(bool safe_to_skip) if(safe_to_skip && pipe.remaining() < 64) return; - SecureVector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(DEFAULT_BUFFERSIZE); while(pipe.remaining()) { size_t got = pipe.read(&buffer[0], buffer.size()); @@ -80,7 +80,7 @@ void PBE_PKCS5v15::set_key(const std::string& passphrase) { PKCS5_PBKDF1 pbkdf(hash_function->clone()); - SecureVector key_and_iv = pbkdf.derive_key(16, passphrase, + secure_vector key_and_iv = pbkdf.derive_key(16, passphrase, &salt[0], salt.size(), iterations).bits_of(); @@ -102,14 +102,14 @@ void PBE_PKCS5v15::new_params(RandomNumberGenerator& rng) /* * Encode PKCS#5 PBES1 parameters */ -MemoryVector PBE_PKCS5v15::encode_params() const +std::vector PBE_PKCS5v15::encode_params() const { return DER_Encoder() .start_cons(SEQUENCE) .encode(salt, OCTET_STRING) .encode(iterations) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* diff --git a/src/pbe/pbes1/pbes1.h b/src/pbe/pbes1/pbes1.h index e10cbbb53..bbdbd5b9d 100644 --- a/src/pbe/pbes1/pbes1.h +++ b/src/pbe/pbes1/pbes1.h @@ -40,7 +40,7 @@ class BOTAN_DLL PBE_PKCS5v15 : public PBE private: void set_key(const std::string&); void new_params(RandomNumberGenerator& rng); - MemoryVector encode_params() const; + std::vector encode_params() const; void decode_params(DataSource&); OID get_oid() const; @@ -50,7 +50,7 @@ class BOTAN_DLL PBE_PKCS5v15 : public PBE BlockCipher* block_cipher; HashFunction* hash_function; - SecureVector salt, key, iv; + secure_vector salt, key, iv; size_t iterations; Pipe pipe; }; diff --git a/src/pbe/pbes2/pbes2.cpp b/src/pbe/pbes2/pbes2.cpp index 85afe6ffe..384fc3d90 100644 --- a/src/pbe/pbes2/pbes2.cpp +++ b/src/pbe/pbes2/pbes2.cpp @@ -72,7 +72,7 @@ void PBE_PKCS5v20::flush_pipe(bool safe_to_skip) if(safe_to_skip && pipe.remaining() < 64) return; - SecureVector buffer(DEFAULT_BUFFERSIZE); + secure_vector buffer(DEFAULT_BUFFERSIZE); while(pipe.remaining()) { size_t got = pipe.read(&buffer[0], buffer.size()); @@ -107,7 +107,7 @@ void PBE_PKCS5v20::new_params(RandomNumberGenerator& rng) /* * Encode PKCS#5 PBES2 parameters */ -MemoryVector PBE_PKCS5v20::encode_params() const +std::vector PBE_PKCS5v20::encode_params() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -119,18 +119,18 @@ MemoryVector PBE_PKCS5v20::encode_params() const .encode(iterations) .encode(key_length) .end_cons() - .get_contents() + .get_contents_unlocked() ) ) .encode( AlgorithmIdentifier(block_cipher->name() + "/CBC", DER_Encoder() .encode(iv, OCTET_STRING) - .get_contents() + .get_contents_unlocked() ) ) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* diff --git a/src/pbe/pbes2/pbes2.h b/src/pbe/pbes2/pbes2.h index 7b82980e5..5593c9091 100644 --- a/src/pbe/pbes2/pbes2.h +++ b/src/pbe/pbes2/pbes2.h @@ -49,7 +49,7 @@ class BOTAN_DLL PBE_PKCS5v20 : public PBE private: void set_key(const std::string&); void new_params(RandomNumberGenerator& rng); - MemoryVector encode_params() const; + std::vector encode_params() const; void decode_params(DataSource&); OID get_oid() const; @@ -58,7 +58,7 @@ class BOTAN_DLL PBE_PKCS5v20 : public PBE Cipher_Dir direction; BlockCipher* block_cipher; HashFunction* hash_function; - SecureVector salt, key, iv; + secure_vector salt, key, iv; size_t iterations, key_length; Pipe pipe; }; diff --git a/src/pbkdf/pbkdf1/pbkdf1.cpp b/src/pbkdf/pbkdf1/pbkdf1.cpp index 16de435e9..7f0939b8f 100644 --- a/src/pbkdf/pbkdf1/pbkdf1.cpp +++ b/src/pbkdf/pbkdf1/pbkdf1.cpp @@ -26,7 +26,7 @@ OctetString PKCS5_PBKDF1::derive_key(size_t key_len, hash->update(passphrase); hash->update(salt, salt_size); - SecureVector key = hash->final(); + secure_vector key = hash->final(); for(size_t j = 1; j != iterations; ++j) { diff --git a/src/pbkdf/pbkdf2/pbkdf2.cpp b/src/pbkdf/pbkdf2/pbkdf2.cpp index 39d53d417..699ce7c6b 100644 --- a/src/pbkdf/pbkdf2/pbkdf2.cpp +++ b/src/pbkdf/pbkdf2/pbkdf2.cpp @@ -33,11 +33,11 @@ OctetString PKCS5_PBKDF2::derive_key(size_t key_len, std::to_string(passphrase.length())); } - SecureVector key(key_len); + secure_vector key(key_len); byte* T = &key[0]; - SecureVector U(mac->output_length()); + secure_vector U(mac->output_length()); u32bit counter = 1; while(key_len) @@ -48,13 +48,13 @@ OctetString PKCS5_PBKDF2::derive_key(size_t key_len, mac->update_be(counter); mac->final(&U[0]); - xor_buf(T, U, T_size); + xor_buf(T, &U[0], T_size); for(size_t j = 1; j != iterations; ++j) { mac->update(U); mac->final(&U[0]); - xor_buf(T, U, T_size); + xor_buf(T, &U[0], T_size); } key_len -= T_size; diff --git a/src/pbkdf/pgps2k/pgp_s2k.cpp b/src/pbkdf/pgps2k/pgp_s2k.cpp index 4ee4c6bd9..6f6de58e2 100644 --- a/src/pbkdf/pgps2k/pgp_s2k.cpp +++ b/src/pbkdf/pgps2k/pgp_s2k.cpp @@ -17,7 +17,7 @@ OctetString OpenPGP_S2K::derive_key(size_t key_len, const byte salt_buf[], size_t salt_size, size_t iterations) const { - SecureVector key(key_len), hash_buf; + secure_vector key(key_len), hash_buf; size_t pass = 0, generated = 0, total_size = passphrase.size() + salt_size; diff --git a/src/pk_pad/eme.cpp b/src/pk_pad/eme.cpp index cfdaa240d..f90239d8c 100644 --- a/src/pk_pad/eme.cpp +++ b/src/pk_pad/eme.cpp @@ -12,7 +12,7 @@ namespace Botan { /* * Encode a message */ -SecureVector EME::encode(const byte msg[], size_t msg_len, +secure_vector EME::encode(const byte msg[], size_t msg_len, size_t key_bits, RandomNumberGenerator& rng) const { @@ -22,7 +22,7 @@ SecureVector EME::encode(const byte msg[], size_t msg_len, /* * Encode a message */ -SecureVector EME::encode(const MemoryRegion& msg, +secure_vector EME::encode(const secure_vector& msg, size_t key_bits, RandomNumberGenerator& rng) const { @@ -32,7 +32,7 @@ SecureVector EME::encode(const MemoryRegion& msg, /* * Decode a message */ -SecureVector EME::decode(const byte msg[], size_t msg_len, +secure_vector EME::decode(const byte msg[], size_t msg_len, size_t key_bits) const { return unpad(msg, msg_len, key_bits); @@ -41,7 +41,7 @@ SecureVector EME::decode(const byte msg[], size_t msg_len, /* * Decode a message */ -SecureVector EME::decode(const MemoryRegion& msg, +secure_vector EME::decode(const secure_vector& msg, size_t key_bits) const { return unpad(&msg[0], msg.size(), key_bits); diff --git a/src/pk_pad/eme.h b/src/pk_pad/eme.h index 4e89ef9d3..6f8acaa23 100644 --- a/src/pk_pad/eme.h +++ b/src/pk_pad/eme.h @@ -34,7 +34,7 @@ class BOTAN_DLL EME * @param rng a random number generator * @return encoded plaintext */ - SecureVector encode(const byte in[], + secure_vector encode(const byte in[], size_t in_length, size_t key_length, RandomNumberGenerator& rng) const; @@ -46,7 +46,7 @@ class BOTAN_DLL EME * @param rng a random number generator * @return encoded plaintext */ - SecureVector encode(const MemoryRegion& in, + secure_vector encode(const secure_vector& in, size_t key_length, RandomNumberGenerator& rng) const; @@ -57,7 +57,7 @@ class BOTAN_DLL EME * @param key_length length of the key in bits * @return plaintext */ - SecureVector decode(const byte in[], + secure_vector decode(const byte in[], size_t in_length, size_t key_length) const; @@ -67,7 +67,7 @@ class BOTAN_DLL EME * @param key_length length of the key in bits * @return plaintext */ - SecureVector decode(const MemoryRegion& in, + secure_vector decode(const secure_vector& in, size_t key_length) const; virtual ~EME() {} @@ -80,7 +80,7 @@ class BOTAN_DLL EME * @param rng a random number generator * @return encoded plaintext */ - virtual SecureVector pad(const byte in[], + virtual secure_vector pad(const byte in[], size_t in_length, size_t key_length, RandomNumberGenerator& rng) const = 0; @@ -92,7 +92,7 @@ class BOTAN_DLL EME * @param key_length length of the key in bits * @return plaintext */ - virtual SecureVector unpad(const byte in[], + virtual secure_vector unpad(const byte in[], size_t in_length, size_t key_length) const = 0; }; diff --git a/src/pk_pad/eme1/eme1.cpp b/src/pk_pad/eme1/eme1.cpp index 69251605f..57275d4f9 100644 --- a/src/pk_pad/eme1/eme1.cpp +++ b/src/pk_pad/eme1/eme1.cpp @@ -15,7 +15,7 @@ namespace Botan { /* * EME1 Pad Operation */ -SecureVector EME1::pad(const byte in[], size_t in_length, +secure_vector EME1::pad(const byte in[], size_t in_length, size_t key_length, RandomNumberGenerator& rng) const { @@ -24,7 +24,7 @@ SecureVector EME1::pad(const byte in[], size_t in_length, if(in_length > key_length - 2*Phash.size() - 1) throw Invalid_Argument("EME1: Input is too large"); - SecureVector out(key_length); + secure_vector out(key_length); rng.randomize(&out[0], Phash.size()); @@ -44,7 +44,7 @@ SecureVector EME1::pad(const byte in[], size_t in_length, /* * EME1 Unpad Operation */ -SecureVector EME1::unpad(const byte in[], size_t in_length, +secure_vector EME1::unpad(const byte in[], size_t in_length, size_t key_length) const { /* @@ -65,7 +65,7 @@ SecureVector EME1::unpad(const byte in[], size_t in_length, if(in_length > key_length) in_length = 0; - SecureVector input(key_length); + secure_vector input(key_length); buffer_insert(input, key_length - in_length, in, in_length); mgf->mask(&input[Phash.size()], input.size() - Phash.size(), @@ -104,8 +104,7 @@ SecureVector EME1::unpad(const byte in[], size_t in_length, if(bad_input) throw Decoding_Error("Invalid EME1 encoding"); - return SecureVector(input + delim_idx + 1, - input.size() - delim_idx - 1); + return secure_vector(&input[delim_idx + 1], &input[input.size()]); } /* diff --git a/src/pk_pad/eme1/eme1.h b/src/pk_pad/eme1/eme1.h index 0d0223de0..eb6fc6bf5 100644 --- a/src/pk_pad/eme1/eme1.h +++ b/src/pk_pad/eme1/eme1.h @@ -30,11 +30,11 @@ class BOTAN_DLL EME1 : public EME ~EME1() { delete mgf; } private: - SecureVector pad(const byte[], size_t, size_t, + secure_vector pad(const byte[], size_t, size_t, RandomNumberGenerator&) const; - SecureVector unpad(const byte[], size_t, size_t) const; + secure_vector unpad(const byte[], size_t, size_t) const; - SecureVector Phash; + secure_vector Phash; MGF* mgf; }; diff --git a/src/pk_pad/eme_pkcs/eme_pkcs.cpp b/src/pk_pad/eme_pkcs/eme_pkcs.cpp index a217d6d03..0e7d1fc30 100644 --- a/src/pk_pad/eme_pkcs/eme_pkcs.cpp +++ b/src/pk_pad/eme_pkcs/eme_pkcs.cpp @@ -12,7 +12,7 @@ namespace Botan { /* * PKCS1 Pad Operation */ -SecureVector EME_PKCS1v15::pad(const byte in[], size_t inlen, +secure_vector EME_PKCS1v15::pad(const byte in[], size_t inlen, size_t olen, RandomNumberGenerator& rng) const { @@ -23,7 +23,7 @@ SecureVector EME_PKCS1v15::pad(const byte in[], size_t inlen, if(inlen > olen - 10) throw Encoding_Error("PKCS1: Input is too large"); - SecureVector out(olen); + secure_vector out(olen); out[0] = 0x02; for(size_t j = 1; j != olen - inlen - 1; ++j) @@ -37,7 +37,7 @@ SecureVector EME_PKCS1v15::pad(const byte in[], size_t inlen, /* * PKCS1 Unpad Operation */ -SecureVector EME_PKCS1v15::unpad(const byte in[], size_t inlen, +secure_vector EME_PKCS1v15::unpad(const byte in[], size_t inlen, size_t key_len) const { if(inlen != key_len / 8 || inlen < 10 || in[0] != 0x02) @@ -53,7 +53,7 @@ SecureVector EME_PKCS1v15::unpad(const byte in[], size_t inlen, if(seperator < 9) throw Decoding_Error("PKCS1::unpad"); - return SecureVector(in + seperator + 1, inlen - seperator - 1); + return secure_vector(&in[seperator + 1], &in[inlen]); } /* diff --git a/src/pk_pad/eme_pkcs/eme_pkcs.h b/src/pk_pad/eme_pkcs/eme_pkcs.h index 4c4614bda..2808e18d6 100644 --- a/src/pk_pad/eme_pkcs/eme_pkcs.h +++ b/src/pk_pad/eme_pkcs/eme_pkcs.h @@ -20,9 +20,9 @@ class BOTAN_DLL EME_PKCS1v15 : public EME public: size_t maximum_input_size(size_t) const; private: - SecureVector pad(const byte[], size_t, size_t, + secure_vector pad(const byte[], size_t, size_t, RandomNumberGenerator&) const; - SecureVector unpad(const byte[], size_t, size_t) const; + secure_vector unpad(const byte[], size_t, size_t) const; }; } diff --git a/src/pk_pad/emsa.h b/src/pk_pad/emsa.h index e943fc5eb..821ca782f 100644 --- a/src/pk_pad/emsa.h +++ b/src/pk_pad/emsa.h @@ -29,7 +29,7 @@ class BOTAN_DLL EMSA /** * @return raw hash */ - virtual SecureVector raw_data() = 0; + virtual secure_vector raw_data() = 0; /** * Return the encoding of a message @@ -38,7 +38,7 @@ class BOTAN_DLL EMSA * @param rng a random number generator * @return encoded signature */ - virtual SecureVector encoding_of(const MemoryRegion& msg, + virtual secure_vector encoding_of(const secure_vector& msg, size_t output_bits, RandomNumberGenerator& rng) = 0; @@ -49,8 +49,8 @@ class BOTAN_DLL EMSA * @param key_bits the size of the key in bits * @return true if coded is a valid encoding of raw, otherwise false */ - virtual bool verify(const MemoryRegion& coded, - const MemoryRegion& raw, + virtual bool verify(const secure_vector& coded, + const secure_vector& raw, size_t key_bits) = 0; virtual ~EMSA() {} }; diff --git a/src/pk_pad/emsa1/emsa1.cpp b/src/pk_pad/emsa1/emsa1.cpp index ba861898a..7f9a1885f 100644 --- a/src/pk_pad/emsa1/emsa1.cpp +++ b/src/pk_pad/emsa1/emsa1.cpp @@ -11,7 +11,7 @@ namespace Botan { namespace { -SecureVector emsa1_encoding(const MemoryRegion& msg, +secure_vector emsa1_encoding(const secure_vector& msg, size_t output_bits) { if(8*msg.size() <= output_bits) @@ -20,7 +20,7 @@ SecureVector emsa1_encoding(const MemoryRegion& msg, size_t shift = 8*msg.size() - output_bits; size_t byte_shift = shift / 8, bit_shift = shift % 8; - SecureVector digest(msg.size() - byte_shift); + secure_vector digest(msg.size() - byte_shift); for(size_t j = 0; j != msg.size() - byte_shift; ++j) digest[j] = msg[j]; @@ -51,7 +51,7 @@ void EMSA1::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector EMSA1::raw_data() +secure_vector EMSA1::raw_data() { return hash->final(); } @@ -59,7 +59,7 @@ SecureVector EMSA1::raw_data() /* * EMSA1 Encode Operation */ -SecureVector EMSA1::encoding_of(const MemoryRegion& msg, +secure_vector EMSA1::encoding_of(const secure_vector& msg, size_t output_bits, RandomNumberGenerator&) { @@ -71,14 +71,14 @@ SecureVector EMSA1::encoding_of(const MemoryRegion& msg, /* * EMSA1 Decode/Verify Operation */ -bool EMSA1::verify(const MemoryRegion& coded, - const MemoryRegion& raw, size_t key_bits) +bool EMSA1::verify(const secure_vector& coded, + const secure_vector& raw, size_t key_bits) { try { if(raw.size() != hash->output_length()) throw Encoding_Error("EMSA1::encoding_of: Invalid size for input"); - SecureVector our_coding = emsa1_encoding(raw, key_bits); + secure_vector our_coding = emsa1_encoding(raw, key_bits); if(our_coding == coded) return true; if(our_coding[0] != 0) return false; diff --git a/src/pk_pad/emsa1/emsa1.h b/src/pk_pad/emsa1/emsa1.h index 120cb0cd3..f84ca5ae7 100644 --- a/src/pk_pad/emsa1/emsa1.h +++ b/src/pk_pad/emsa1/emsa1.h @@ -32,12 +32,12 @@ class BOTAN_DLL EMSA1 : public EMSA const HashFunction* hash_ptr() const { return hash; } private: void update(const byte[], size_t); - SecureVector raw_data(); + secure_vector raw_data(); - SecureVector encoding_of(const MemoryRegion&, size_t, + secure_vector encoding_of(const secure_vector&, size_t, RandomNumberGenerator& rng); - bool verify(const MemoryRegion&, const MemoryRegion&, + bool verify(const secure_vector&, const secure_vector&, size_t); HashFunction* hash; diff --git a/src/pk_pad/emsa1_bsi/emsa1_bsi.cpp b/src/pk_pad/emsa1_bsi/emsa1_bsi.cpp index bbcc5aae7..9096edfbf 100644 --- a/src/pk_pad/emsa1_bsi/emsa1_bsi.cpp +++ b/src/pk_pad/emsa1_bsi/emsa1_bsi.cpp @@ -13,7 +13,7 @@ namespace Botan { /* * EMSA1 BSI Encode Operation */ -SecureVector EMSA1_BSI::encoding_of(const MemoryRegion& msg, +secure_vector EMSA1_BSI::encoding_of(const secure_vector& msg, size_t output_bits, RandomNumberGenerator&) { diff --git a/src/pk_pad/emsa1_bsi/emsa1_bsi.h b/src/pk_pad/emsa1_bsi/emsa1_bsi.h index 51ed6bc00..1b90f48df 100644 --- a/src/pk_pad/emsa1_bsi/emsa1_bsi.h +++ b/src/pk_pad/emsa1_bsi/emsa1_bsi.h @@ -26,7 +26,7 @@ class BOTAN_DLL EMSA1_BSI : public EMSA1 */ EMSA1_BSI(HashFunction* hash) : EMSA1(hash) {} private: - SecureVector encoding_of(const MemoryRegion&, size_t, + secure_vector encoding_of(const secure_vector&, size_t, RandomNumberGenerator& rng); }; diff --git a/src/pk_pad/emsa2/emsa2.cpp b/src/pk_pad/emsa2/emsa2.cpp index 50ea7dbe3..d299ddacd 100644 --- a/src/pk_pad/emsa2/emsa2.cpp +++ b/src/pk_pad/emsa2/emsa2.cpp @@ -15,9 +15,9 @@ namespace { /* * EMSA2 Encode Operation */ -SecureVector emsa2_encoding(const MemoryRegion& msg, +secure_vector emsa2_encoding(const secure_vector& msg, size_t output_bits, - const MemoryRegion& empty_hash, + const secure_vector& empty_hash, byte hash_id) { const size_t HASH_SIZE = empty_hash.size(); @@ -34,7 +34,7 @@ SecureVector emsa2_encoding(const MemoryRegion& msg, if(empty_hash[j] != msg[j]) empty = false; - SecureVector output(output_length); + secure_vector output(output_length); output[0] = (empty ? 0x4B : 0x6B); output[output_length - 3 - HASH_SIZE] = 0xBA; @@ -59,7 +59,7 @@ void EMSA2::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector EMSA2::raw_data() +secure_vector EMSA2::raw_data() { return hash->final(); } @@ -67,7 +67,7 @@ SecureVector EMSA2::raw_data() /* * EMSA2 Encode Operation */ -SecureVector EMSA2::encoding_of(const MemoryRegion& msg, +secure_vector EMSA2::encoding_of(const secure_vector& msg, size_t output_bits, RandomNumberGenerator&) { @@ -77,8 +77,8 @@ SecureVector EMSA2::encoding_of(const MemoryRegion& msg, /* * EMSA2 Verify Operation */ -bool EMSA2::verify(const MemoryRegion& coded, - const MemoryRegion& raw, +bool EMSA2::verify(const secure_vector& coded, + const secure_vector& raw, size_t key_bits) { try diff --git a/src/pk_pad/emsa2/emsa2.h b/src/pk_pad/emsa2/emsa2.h index 9e0fa6a95..fb0cecb21 100644 --- a/src/pk_pad/emsa2/emsa2.h +++ b/src/pk_pad/emsa2/emsa2.h @@ -27,15 +27,15 @@ class BOTAN_DLL EMSA2 : public EMSA ~EMSA2() { delete hash; } private: void update(const byte[], size_t); - SecureVector raw_data(); + secure_vector raw_data(); - SecureVector encoding_of(const MemoryRegion&, size_t, + secure_vector encoding_of(const secure_vector&, size_t, RandomNumberGenerator& rng); - bool verify(const MemoryRegion&, const MemoryRegion&, + bool verify(const secure_vector&, const secure_vector&, size_t); - SecureVector empty_hash; + secure_vector empty_hash; HashFunction* hash; byte hash_id; }; diff --git a/src/pk_pad/emsa3/emsa3.cpp b/src/pk_pad/emsa3/emsa3.cpp index 6532bafd4..493140a63 100644 --- a/src/pk_pad/emsa3/emsa3.cpp +++ b/src/pk_pad/emsa3/emsa3.cpp @@ -15,7 +15,7 @@ namespace { /* * EMSA3 Encode Operation */ -SecureVector emsa3_encoding(const MemoryRegion& msg, +secure_vector emsa3_encoding(const secure_vector& msg, size_t output_bits, const byte hash_id[], size_t hash_id_length) @@ -24,7 +24,7 @@ SecureVector emsa3_encoding(const MemoryRegion& msg, if(output_length < hash_id_length + msg.size() + 10) throw Encoding_Error("emsa3_encoding: Output length is too small"); - SecureVector T(output_length); + secure_vector T(output_length); const size_t P_LENGTH = output_length - msg.size() - hash_id_length - 2; T[0] = 0x01; @@ -48,7 +48,7 @@ void EMSA3::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector EMSA3::raw_data() +secure_vector EMSA3::raw_data() { return hash->final(); } @@ -56,7 +56,7 @@ SecureVector EMSA3::raw_data() /* * EMSA3 Encode Operation */ -SecureVector EMSA3::encoding_of(const MemoryRegion& msg, +secure_vector EMSA3::encoding_of(const secure_vector& msg, size_t output_bits, RandomNumberGenerator&) { @@ -70,8 +70,8 @@ SecureVector EMSA3::encoding_of(const MemoryRegion& msg, /* * Default signature decoding */ -bool EMSA3::verify(const MemoryRegion& coded, - const MemoryRegion& raw, +bool EMSA3::verify(const secure_vector& coded, + const secure_vector& raw, size_t key_bits) { if(raw.size() != hash->output_length()) @@ -115,9 +115,9 @@ void EMSA3_Raw::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector EMSA3_Raw::raw_data() +secure_vector EMSA3_Raw::raw_data() { - SecureVector ret; + secure_vector ret; std::swap(ret, message); return ret; } @@ -125,7 +125,7 @@ SecureVector EMSA3_Raw::raw_data() /* * EMSA3_Raw Encode Operation */ -SecureVector EMSA3_Raw::encoding_of(const MemoryRegion& msg, +secure_vector EMSA3_Raw::encoding_of(const secure_vector& msg, size_t output_bits, RandomNumberGenerator&) { @@ -135,8 +135,8 @@ SecureVector EMSA3_Raw::encoding_of(const MemoryRegion& msg, /* * Default signature decoding */ -bool EMSA3_Raw::verify(const MemoryRegion& coded, - const MemoryRegion& raw, +bool EMSA3_Raw::verify(const secure_vector& coded, + const secure_vector& raw, size_t key_bits) { try diff --git a/src/pk_pad/emsa3/emsa3.h b/src/pk_pad/emsa3/emsa3.h index 5faf9d7e5..9fbda67ee 100644 --- a/src/pk_pad/emsa3/emsa3.h +++ b/src/pk_pad/emsa3/emsa3.h @@ -29,16 +29,16 @@ class BOTAN_DLL EMSA3 : public EMSA void update(const byte[], size_t); - SecureVector raw_data(); + secure_vector raw_data(); - SecureVector encoding_of(const MemoryRegion&, size_t, + secure_vector encoding_of(const secure_vector&, size_t, RandomNumberGenerator& rng); - bool verify(const MemoryRegion&, const MemoryRegion&, + bool verify(const secure_vector&, const secure_vector&, size_t); private: HashFunction* hash; - SecureVector hash_id; + std::vector hash_id; }; /** @@ -51,16 +51,16 @@ class BOTAN_DLL EMSA3_Raw : public EMSA public: void update(const byte[], size_t); - SecureVector raw_data(); + secure_vector raw_data(); - SecureVector encoding_of(const MemoryRegion&, size_t, + secure_vector encoding_of(const secure_vector&, size_t, RandomNumberGenerator& rng); - bool verify(const MemoryRegion&, const MemoryRegion&, + bool verify(const secure_vector&, const secure_vector&, size_t); private: - SecureVector message; + secure_vector message; }; } diff --git a/src/pk_pad/emsa4/emsa4.cpp b/src/pk_pad/emsa4/emsa4.cpp index d05e4a5b5..c8b8cbc6a 100644 --- a/src/pk_pad/emsa4/emsa4.cpp +++ b/src/pk_pad/emsa4/emsa4.cpp @@ -22,7 +22,7 @@ void EMSA4::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector EMSA4::raw_data() +secure_vector EMSA4::raw_data() { return hash->final(); } @@ -30,7 +30,7 @@ SecureVector EMSA4::raw_data() /* * EMSA4 Encode Operation */ -SecureVector EMSA4::encoding_of(const MemoryRegion& msg, +secure_vector EMSA4::encoding_of(const secure_vector& msg, size_t output_bits, RandomNumberGenerator& rng) { @@ -43,19 +43,19 @@ SecureVector EMSA4::encoding_of(const MemoryRegion& msg, const size_t output_length = (output_bits + 7) / 8; - SecureVector salt = rng.random_vec(SALT_SIZE); + secure_vector salt = rng.random_vec(SALT_SIZE); for(size_t j = 0; j != 8; ++j) hash->update(0); hash->update(msg); - hash->update(salt, SALT_SIZE); - SecureVector H = hash->final(); + hash->update(salt); + secure_vector H = hash->final(); - SecureVector EM(output_length); + secure_vector EM(output_length); EM[output_length - HASH_SIZE - SALT_SIZE - 2] = 0x01; buffer_insert(EM, output_length - 1 - HASH_SIZE - SALT_SIZE, salt); - mgf->mask(H, HASH_SIZE, EM, output_length - HASH_SIZE - 1); + mgf->mask(&H[0], HASH_SIZE, &EM[0], output_length - HASH_SIZE - 1); EM[0] &= 0xFF >> (8 * ((output_bits + 7) / 8) - output_bits); buffer_insert(EM, output_length - 1 - HASH_SIZE, H); EM[output_length-1] = 0xBC; @@ -66,8 +66,8 @@ SecureVector EMSA4::encoding_of(const MemoryRegion& msg, /* * EMSA4 Decode/Verify Operation */ -bool EMSA4::verify(const MemoryRegion& const_coded, - const MemoryRegion& raw, size_t key_bits) +bool EMSA4::verify(const secure_vector& const_coded, + const secure_vector& raw, size_t key_bits) { const size_t HASH_SIZE = hash->output_length(); const size_t KEY_BYTES = (key_bits + 7) / 8; @@ -84,10 +84,10 @@ bool EMSA4::verify(const MemoryRegion& const_coded, if(const_coded[const_coded.size()-1] != 0xBC) return false; - SecureVector coded = const_coded; + secure_vector coded = const_coded; if(coded.size() < KEY_BYTES) { - SecureVector temp(KEY_BYTES); + secure_vector temp(KEY_BYTES); buffer_insert(temp, KEY_BYTES - coded.size(), coded); coded = temp; } @@ -96,14 +96,17 @@ bool EMSA4::verify(const MemoryRegion& const_coded, if(TOP_BITS > 8 - high_bit(coded[0])) return false; - SecureVector DB(&coded[0], coded.size() - HASH_SIZE - 1); - SecureVector H(&coded[coded.size() - HASH_SIZE - 1], HASH_SIZE); + byte* DB = &coded[0]; + const size_t DB_size = coded.size() - HASH_SIZE - 1; + + const byte* H = &coded[DB_size]; + const size_t H_size = HASH_SIZE; - mgf->mask(H, H.size(), DB, coded.size() - H.size() - 1); + mgf->mask(&H[0], H_size, &DB[0], DB_size); DB[0] &= 0xFF >> TOP_BITS; size_t salt_offset = 0; - for(size_t j = 0; j != DB.size(); ++j) + for(size_t j = 0; j != DB_size; ++j) { if(DB[j] == 0x01) { salt_offset = j + 1; break; } @@ -113,15 +116,13 @@ bool EMSA4::verify(const MemoryRegion& const_coded, if(salt_offset == 0) return false; - SecureVector salt(&DB[salt_offset], DB.size() - salt_offset); - for(size_t j = 0; j != 8; ++j) hash->update(0); hash->update(raw); - hash->update(salt); - SecureVector H2 = hash->final(); + hash->update(&DB[salt_offset], DB_size - salt_offset); + secure_vector H2 = hash->final(); - return (H == H2); + return same_mem(&H[0], &H2[0], HASH_SIZE); } /* diff --git a/src/pk_pad/emsa4/emsa4.h b/src/pk_pad/emsa4/emsa4.h index bd8b32ca1..44bf5a429 100644 --- a/src/pk_pad/emsa4/emsa4.h +++ b/src/pk_pad/emsa4/emsa4.h @@ -34,11 +34,11 @@ class BOTAN_DLL EMSA4 : public EMSA ~EMSA4() { delete hash; delete mgf; } private: void update(const byte[], size_t); - SecureVector raw_data(); + secure_vector raw_data(); - SecureVector encoding_of(const MemoryRegion&, size_t, + secure_vector encoding_of(const secure_vector&, size_t, RandomNumberGenerator& rng); - bool verify(const MemoryRegion&, const MemoryRegion&, + bool verify(const secure_vector&, const secure_vector&, size_t); size_t SALT_SIZE; diff --git a/src/pk_pad/emsa_raw/emsa_raw.cpp b/src/pk_pad/emsa_raw/emsa_raw.cpp index d0f3918dd..cb0f99e9c 100644 --- a/src/pk_pad/emsa_raw/emsa_raw.cpp +++ b/src/pk_pad/emsa_raw/emsa_raw.cpp @@ -20,9 +20,9 @@ void EMSA_Raw::update(const byte input[], size_t length) /* * Return the raw (unencoded) data */ -SecureVector EMSA_Raw::raw_data() +secure_vector EMSA_Raw::raw_data() { - SecureVector output; + secure_vector output; std::swap(message, output); return output; } @@ -30,7 +30,7 @@ SecureVector EMSA_Raw::raw_data() /* * EMSA-Raw Encode Operation */ -SecureVector EMSA_Raw::encoding_of(const MemoryRegion& msg, +secure_vector EMSA_Raw::encoding_of(const secure_vector& msg, size_t, RandomNumberGenerator&) { @@ -40,8 +40,8 @@ SecureVector EMSA_Raw::encoding_of(const MemoryRegion& msg, /* * EMSA-Raw Verify Operation */ -bool EMSA_Raw::verify(const MemoryRegion& coded, - const MemoryRegion& raw, +bool EMSA_Raw::verify(const secure_vector& coded, + const secure_vector& raw, size_t) { if(coded.size() == raw.size()) diff --git a/src/pk_pad/emsa_raw/emsa_raw.h b/src/pk_pad/emsa_raw/emsa_raw.h index 2ccd076f2..8ab763575 100644 --- a/src/pk_pad/emsa_raw/emsa_raw.h +++ b/src/pk_pad/emsa_raw/emsa_raw.h @@ -20,14 +20,14 @@ class BOTAN_DLL EMSA_Raw : public EMSA { private: void update(const byte[], size_t); - SecureVector raw_data(); + secure_vector raw_data(); - SecureVector encoding_of(const MemoryRegion&, size_t, + secure_vector encoding_of(const secure_vector&, size_t, RandomNumberGenerator&); - bool verify(const MemoryRegion&, const MemoryRegion&, + bool verify(const secure_vector&, const secure_vector&, size_t); - SecureVector message; + secure_vector message; }; } diff --git a/src/pk_pad/hash_id/hash_id.cpp b/src/pk_pad/hash_id/hash_id.cpp index 74653cb83..a60e53352 100644 --- a/src/pk_pad/hash_id/hash_id.cpp +++ b/src/pk_pad/hash_id/hash_id.cpp @@ -57,32 +57,51 @@ const byte TIGER_PKCS_ID[] = { /* * HashID as specified by PKCS */ -MemoryVector pkcs_hash_id(const std::string& name) +std::vector pkcs_hash_id(const std::string& name) { // Special case for SSL/TLS RSA signatures if(name == "Parallel(MD5,SHA-160)") - return MemoryVector(); + return std::vector(); if(name == "MD2") - return MemoryVector(MD2_PKCS_ID, sizeof(MD2_PKCS_ID)); + return std::vector(MD2_PKCS_ID, + MD2_PKCS_ID + sizeof(MD2_PKCS_ID)); + if(name == "MD5") - return MemoryVector(MD5_PKCS_ID, sizeof(MD5_PKCS_ID)); + return std::vector(MD5_PKCS_ID, + MD5_PKCS_ID + sizeof(MD5_PKCS_ID)); + if(name == "RIPEMD-128") - return MemoryVector(RIPEMD_128_PKCS_ID, sizeof(RIPEMD_128_PKCS_ID)); + return std::vector(RIPEMD_128_PKCS_ID, + RIPEMD_128_PKCS_ID + sizeof(RIPEMD_128_PKCS_ID)); + if(name == "RIPEMD-160") - return MemoryVector(RIPEMD_160_PKCS_ID, sizeof(RIPEMD_160_PKCS_ID)); + return std::vector(RIPEMD_160_PKCS_ID, + RIPEMD_160_PKCS_ID + sizeof(RIPEMD_160_PKCS_ID)); + if(name == "SHA-160") - return MemoryVector(SHA_160_PKCS_ID, sizeof(SHA_160_PKCS_ID)); + return std::vector(SHA_160_PKCS_ID, + SHA_160_PKCS_ID + sizeof(SHA_160_PKCS_ID)); + if(name == "SHA-224") - return MemoryVector(SHA_224_PKCS_ID, sizeof(SHA_224_PKCS_ID)); + return std::vector(SHA_224_PKCS_ID, + SHA_224_PKCS_ID + sizeof(SHA_224_PKCS_ID)); + if(name == "SHA-256") - return MemoryVector(SHA_256_PKCS_ID, sizeof(SHA_256_PKCS_ID)); + return std::vector(SHA_256_PKCS_ID, + SHA_256_PKCS_ID + sizeof(SHA_256_PKCS_ID)); + if(name == "SHA-384") - return MemoryVector(SHA_384_PKCS_ID, sizeof(SHA_384_PKCS_ID)); + return std::vector(SHA_384_PKCS_ID, + SHA_384_PKCS_ID + sizeof(SHA_384_PKCS_ID)); + if(name == "SHA-512") - return MemoryVector(SHA_512_PKCS_ID, sizeof(SHA_512_PKCS_ID)); + return std::vector(SHA_512_PKCS_ID, + SHA_512_PKCS_ID + sizeof(SHA_512_PKCS_ID)); + if(name == "Tiger(24,3)") - return MemoryVector(TIGER_PKCS_ID, sizeof(TIGER_PKCS_ID)); + return std::vector(TIGER_PKCS_ID, + TIGER_PKCS_ID + sizeof(TIGER_PKCS_ID)); throw Invalid_Argument("No PKCS #1 identifier for " + name); } diff --git a/src/pk_pad/hash_id/hash_id.h b/src/pk_pad/hash_id/hash_id.h index 909cc6b19..070e7ddb9 100644 --- a/src/pk_pad/hash_id/hash_id.h +++ b/src/pk_pad/hash_id/hash_id.h @@ -20,7 +20,7 @@ namespace Botan { * @return byte sequence identifying the hash * @throw Invalid_Argument if the hash has no known PKCS #1 hash id */ -BOTAN_DLL MemoryVector pkcs_hash_id(const std::string& hash_name); +BOTAN_DLL std::vector pkcs_hash_id(const std::string& hash_name); /** * Return the IEEE 1363 hash identifier diff --git a/src/pubkey/dh/dh.cpp b/src/pubkey/dh/dh.cpp index d58fece12..04941af73 100644 --- a/src/pubkey/dh/dh.cpp +++ b/src/pubkey/dh/dh.cpp @@ -24,9 +24,9 @@ DH_PublicKey::DH_PublicKey(const DL_Group& grp, const BigInt& y1) /* * Return the public value for key agreement */ -MemoryVector DH_PublicKey::public_value() const +std::vector DH_PublicKey::public_value() const { - return BigInt::encode_1363(y, group_p().bytes()); + return unlock(BigInt::encode_1363(y, group_p().bytes())); } /* @@ -58,7 +58,7 @@ DH_PrivateKey::DH_PrivateKey(RandomNumberGenerator& rng, * Load a DH private key */ DH_PrivateKey::DH_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_42) { @@ -71,7 +71,7 @@ DH_PrivateKey::DH_PrivateKey(const AlgorithmIdentifier& alg_id, /* * Return the public value for key agreement */ -MemoryVector DH_PrivateKey::public_value() const +std::vector DH_PrivateKey::public_value() const { return DH_PublicKey::public_value(); } @@ -83,7 +83,7 @@ DH_KA_Operation::DH_KA_Operation(const DH_PrivateKey& dh) : blinder = Blinder(k, powermod_x_p(inverse_mod(k, p)), p); } -SecureVector DH_KA_Operation::agree(const byte w[], size_t w_len) +secure_vector DH_KA_Operation::agree(const byte w[], size_t w_len) { BigInt input = BigInt::decode(w, w_len); diff --git a/src/pubkey/dh/dh.h b/src/pubkey/dh/dh.h index 497238417..bf02ffdb9 100644 --- a/src/pubkey/dh/dh.h +++ b/src/pubkey/dh/dh.h @@ -23,13 +23,13 @@ class BOTAN_DLL DH_PublicKey : public virtual DL_Scheme_PublicKey public: std::string algo_name() const { return "DH"; } - MemoryVector public_value() const; + std::vector public_value() const; size_t max_input_bits() const { return group_p().bits(); } DL_Group::Format group_format() const { return DL_Group::ANSI_X9_42; } DH_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : DL_Scheme_PublicKey(alg_id, key_bits, DL_Group::ANSI_X9_42) {} /** @@ -50,7 +50,7 @@ class BOTAN_DLL DH_PrivateKey : public DH_PublicKey, public virtual DL_Scheme_PrivateKey { public: - MemoryVector public_value() const; + std::vector public_value() const; /** * Load a DH private key @@ -59,7 +59,7 @@ class BOTAN_DLL DH_PrivateKey : public DH_PublicKey, * @param rng a random number generator */ DH_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng); /** @@ -80,7 +80,7 @@ class BOTAN_DLL DH_KA_Operation : public PK_Ops::Key_Agreement public: DH_KA_Operation(const DH_PrivateKey& key); - SecureVector agree(const byte w[], size_t w_len); + secure_vector agree(const byte w[], size_t w_len); private: const BigInt& p; diff --git a/src/pubkey/dl_algo/dl_algo.cpp b/src/pubkey/dl_algo/dl_algo.cpp index 8e326ef6a..1034a3252 100644 --- a/src/pubkey/dl_algo/dl_algo.cpp +++ b/src/pubkey/dl_algo/dl_algo.cpp @@ -18,13 +18,13 @@ AlgorithmIdentifier DL_Scheme_PublicKey::algorithm_identifier() const group.DER_encode(group_format())); } -MemoryVector DL_Scheme_PublicKey::x509_subject_public_key() const +std::vector DL_Scheme_PublicKey::x509_subject_public_key() const { - return DER_Encoder().encode(y).get_contents(); + return DER_Encoder().encode(y).get_contents_unlocked(); } DL_Scheme_PublicKey::DL_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, DL_Group::Format format) { DataSource_Memory source(alg_id.parameters); @@ -33,13 +33,13 @@ DL_Scheme_PublicKey::DL_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, BER_Decoder(key_bits).decode(y); } -MemoryVector DL_Scheme_PrivateKey::pkcs8_private_key() const +secure_vector DL_Scheme_PrivateKey::pkcs8_private_key() const { return DER_Encoder().encode(x).get_contents(); } DL_Scheme_PrivateKey::DL_Scheme_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, DL_Group::Format format) { DataSource_Memory source(alg_id.parameters); diff --git a/src/pubkey/dl_algo/dl_algo.h b/src/pubkey/dl_algo/dl_algo.h index 2cc632caa..af2806b02 100644 --- a/src/pubkey/dl_algo/dl_algo.h +++ b/src/pubkey/dl_algo/dl_algo.h @@ -24,7 +24,7 @@ class BOTAN_DLL DL_Scheme_PublicKey : public virtual Public_Key AlgorithmIdentifier algorithm_identifier() const; - MemoryVector x509_subject_public_key() const; + std::vector x509_subject_public_key() const; /** * Get the DL domain parameters of this key. @@ -62,7 +62,7 @@ class BOTAN_DLL DL_Scheme_PublicKey : public virtual Public_Key virtual DL_Group::Format group_format() const = 0; DL_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, DL_Group::Format group_format); protected: @@ -94,10 +94,10 @@ class BOTAN_DLL DL_Scheme_PrivateKey : public virtual DL_Scheme_PublicKey, */ const BigInt& get_x() const { return x; } - MemoryVector pkcs8_private_key() const; + secure_vector pkcs8_private_key() const; DL_Scheme_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, DL_Group::Format group_format); protected: diff --git a/src/pubkey/dl_group/dl_group.cpp b/src/pubkey/dl_group/dl_group.cpp index 3904841ba..93bbcbb2d 100644 --- a/src/pubkey/dl_group/dl_group.cpp +++ b/src/pubkey/dl_group/dl_group.cpp @@ -90,7 +90,8 @@ DL_Group::DL_Group(RandomNumberGenerator& rng, * DL_Group Constructor */ DL_Group::DL_Group(RandomNumberGenerator& rng, - const MemoryRegion& seed, size_t pbits, size_t qbits) + const std::vector& seed, + size_t pbits, size_t qbits) { if(!generate_dsa_primes(rng, global_state().algorithm_factory(), @@ -202,7 +203,7 @@ const BigInt& DL_Group::get_q() const /* * DER encode the parameters */ -SecureVector DL_Group::DER_encode(Format format) const +std::vector DL_Group::DER_encode(Format format) const { init_check(); @@ -217,7 +218,7 @@ SecureVector DL_Group::DER_encode(Format format) const .encode(q) .encode(g) .end_cons() - .get_contents(); + .get_contents_unlocked(); } else if(format == ANSI_X9_42) { @@ -227,7 +228,7 @@ SecureVector DL_Group::DER_encode(Format format) const .encode(g) .encode(q) .end_cons() - .get_contents(); + .get_contents_unlocked(); } else if(format == PKCS_3) { @@ -236,7 +237,7 @@ SecureVector DL_Group::DER_encode(Format format) const .encode(p) .encode(g) .end_cons() - .get_contents(); + .get_contents_unlocked(); } throw Invalid_Argument("Unknown DL_Group encoding " + std::to_string(format)); @@ -247,7 +248,8 @@ SecureVector DL_Group::DER_encode(Format format) const */ std::string DL_Group::PEM_encode(Format format) const { - SecureVector encoding = DER_encode(format); + const std::vector encoding = DER_encode(format); + if(format == PKCS_3) return PEM_Code::encode(encoding, "DH PARAMETERS"); else if(format == ANSI_X9_57) diff --git a/src/pubkey/dl_group/dl_group.h b/src/pubkey/dl_group/dl_group.h index bfc2c04e5..aa90388ae 100644 --- a/src/pubkey/dl_group/dl_group.h +++ b/src/pubkey/dl_group/dl_group.h @@ -77,7 +77,7 @@ class BOTAN_DLL DL_Group * @param format the encoding format * @return string holding the DER encoded group */ - SecureVector DER_encode(Format format) const; + std::vector DER_encode(Format format) const; /** * Decode a DER/BER encoded group into this instance. @@ -131,7 +131,8 @@ class BOTAN_DLL DL_Group * @param pbits the desired bit size of the prime p * @param qbits the desired bit size of the prime q. */ - DL_Group(RandomNumberGenerator& rng, const MemoryRegion& seed, + DL_Group(RandomNumberGenerator& rng, + const std::vector& seed, size_t pbits = 1024, size_t qbits = 0); /** diff --git a/src/pubkey/dlies/dlies.cpp b/src/pubkey/dlies/dlies.cpp index 80dde048b..715b55a36 100644 --- a/src/pubkey/dlies/dlies.cpp +++ b/src/pubkey/dlies/dlies.cpp @@ -34,19 +34,19 @@ DLIES_Encryptor::~DLIES_Encryptor() /* * DLIES Encryption */ -SecureVector DLIES_Encryptor::enc(const byte in[], size_t length, - RandomNumberGenerator&) const +std::vector DLIES_Encryptor::enc(const byte in[], size_t length, + RandomNumberGenerator&) const { if(length > maximum_input_size()) throw Invalid_Argument("DLIES: Plaintext too large"); if(other_key.empty()) throw Invalid_State("DLIES: The other key was never set"); - SecureVector out(my_key.size() + length + mac->output_length()); + secure_vector out(my_key.size() + length + mac->output_length()); buffer_insert(out, 0, my_key); buffer_insert(out, my_key.size(), in, length); - SecureVector vz = my_key; + secure_vector vz(my_key.begin(), my_key.end()); vz += ka.derive_key(0, other_key).bits_of(); const size_t K_LENGTH = length + mac_keylen; @@ -65,13 +65,13 @@ SecureVector DLIES_Encryptor::enc(const byte in[], size_t length, mac->final(C + length); - return out; + return unlock(out); } /* * Set the other parties public key */ -void DLIES_Encryptor::set_other_key(const MemoryRegion& ok) +void DLIES_Encryptor::set_other_key(const std::vector& ok) { other_key = ok; } @@ -108,18 +108,21 @@ DLIES_Decryptor::~DLIES_Decryptor() /* * DLIES Decryption */ -SecureVector DLIES_Decryptor::dec(const byte msg[], size_t length) const +secure_vector DLIES_Decryptor::dec(const byte msg[], size_t length) const { if(length < my_key.size() + mac->output_length()) throw Decoding_Error("DLIES decryption: ciphertext is too short"); const size_t CIPHER_LEN = length - my_key.size() - mac->output_length(); - SecureVector v(msg, my_key.size()); - SecureVector C(msg + my_key.size(), CIPHER_LEN); - SecureVector T(msg + my_key.size() + CIPHER_LEN, mac->output_length()); + std::vector v(msg, msg + my_key.size()); - SecureVector vz(msg, my_key.size()); + secure_vector C(msg + my_key.size(), msg + my_key.size() + CIPHER_LEN); + + secure_vector T(msg + my_key.size() + CIPHER_LEN, + msg + my_key.size() + CIPHER_LEN + mac->output_length()); + + secure_vector vz(msg, msg + my_key.size()); vz += ka.derive_key(0, v).bits_of(); const size_t K_LENGTH = C.size() + mac_keylen; @@ -131,7 +134,7 @@ SecureVector DLIES_Decryptor::dec(const byte msg[], size_t length) const mac->update(C); for(size_t j = 0; j != 8; ++j) mac->update(0); - SecureVector T2 = mac->final(); + secure_vector T2 = mac->final(); if(T != T2) throw Decoding_Error("DLIES: message authentication failed"); diff --git a/src/pubkey/dlies/dlies.h b/src/pubkey/dlies/dlies.h index 8e5c05852..9739afeb2 100644 --- a/src/pubkey/dlies/dlies.h +++ b/src/pubkey/dlies/dlies.h @@ -27,13 +27,14 @@ class BOTAN_DLL DLIES_Encryptor : public PK_Encryptor ~DLIES_Encryptor(); - void set_other_key(const MemoryRegion&); + void set_other_key(const std::vector&); private: - SecureVector enc(const byte[], size_t, - RandomNumberGenerator&) const; + std::vector enc(const byte[], size_t, + RandomNumberGenerator&) const; + size_t maximum_input_size() const; - SecureVector other_key, my_key; + std::vector other_key, my_key; PK_Key_Agreement ka; KDF* kdf; @@ -55,9 +56,9 @@ class BOTAN_DLL DLIES_Decryptor : public PK_Decryptor ~DLIES_Decryptor(); private: - SecureVector dec(const byte[], size_t) const; + secure_vector dec(const byte[], size_t) const; - SecureVector my_key; + std::vector my_key; PK_Key_Agreement ka; KDF* kdf; diff --git a/src/pubkey/dsa/dsa.cpp b/src/pubkey/dsa/dsa.cpp index c3b4f260b..5d56d6b89 100644 --- a/src/pubkey/dsa/dsa.cpp +++ b/src/pubkey/dsa/dsa.cpp @@ -42,7 +42,7 @@ DSA_PrivateKey::DSA_PrivateKey(RandomNumberGenerator& rng, } DSA_PrivateKey::DSA_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { @@ -73,7 +73,7 @@ DSA_Signature_Operation::DSA_Signature_Operation(const DSA_PrivateKey& dsa) : { } -SecureVector +secure_vector DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -97,7 +97,7 @@ DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, s = mod_q.multiply(s, mul_add(x, r, i)); } - SecureVector output(2*q.bytes()); + secure_vector output(2*q.bytes()); r.binary_encode(&output[output.size() / 2 - r.bytes()]); s.binary_encode(&output[output.size() - s.bytes()]); return output; diff --git a/src/pubkey/dsa/dsa.h b/src/pubkey/dsa/dsa.h index a41a8432c..7d51cfdd0 100644 --- a/src/pubkey/dsa/dsa.h +++ b/src/pubkey/dsa/dsa.h @@ -29,7 +29,7 @@ class BOTAN_DLL DSA_PublicKey : public virtual DL_Scheme_PublicKey size_t max_input_bits() const { return group_q().bits(); } DSA_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : DL_Scheme_PublicKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { } @@ -47,7 +47,7 @@ class BOTAN_DLL DSA_PrivateKey : public DSA_PublicKey, { public: DSA_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng); DSA_PrivateKey(RandomNumberGenerator& rng, @@ -69,7 +69,7 @@ class BOTAN_DLL DSA_Signature_Operation : public PK_Ops::Signature size_t message_part_size() const { return q.bytes(); } size_t max_input_bits() const { return q.bits(); } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: const BigInt& q; diff --git a/src/pubkey/ec_group/ec_group.cpp b/src/pubkey/ec_group/ec_group.cpp index fe4fae885..88c4616a4 100644 --- a/src/pubkey/ec_group/ec_group.cpp +++ b/src/pubkey/ec_group/ec_group.cpp @@ -37,8 +37,8 @@ EC_Group::EC_Group(const std::string& str) { DataSource_Memory input(str); - SecureVector ber = - PEM_Code::decode_check_label(input, "EC PARAMETERS"); + std::vector ber = + unlock(PEM_Code::decode_check_label(input, "EC PARAMETERS")); *this = EC_Group(ber); } @@ -48,7 +48,7 @@ EC_Group::EC_Group(const std::string& str) } } -EC_Group::EC_Group(const MemoryRegion& ber_data) +EC_Group::EC_Group(const std::vector& ber_data) { BER_Decoder ber(ber_data); BER_Object obj = ber.get_next_object(); @@ -64,7 +64,7 @@ EC_Group::EC_Group(const MemoryRegion& ber_data) else if(obj.type_tag == SEQUENCE) { BigInt p, a, b; - SecureVector sv_base_point; + std::vector sv_base_point; BER_Decoder(ber_data) .start_cons(SEQUENCE) @@ -91,7 +91,7 @@ EC_Group::EC_Group(const MemoryRegion& ber_data) throw Decoding_Error("Unexpected tag while decoding ECC domain params"); } -SecureVector +std::vector EC_Group::DER_encode(EC_Group_Encoding form) const { if(form == EC_DOMPAR_ENC_EXPLICIT) @@ -118,19 +118,19 @@ EC_Group::DER_encode(EC_Group_Encoding form) const .encode(order) .encode(cofactor) .end_cons() - .get_contents(); + .get_contents_unlocked(); } else if(form == EC_DOMPAR_ENC_OID) - return DER_Encoder().encode(get_oid()).get_contents(); + return DER_Encoder().encode(get_oid()).get_contents_unlocked(); else if(form == EC_DOMPAR_ENC_IMPLICITCA) - return DER_Encoder().encode_null().get_contents(); + return DER_Encoder().encode_null().get_contents_unlocked(); else throw Internal_Error("EC_Group::DER_encode: Unknown encoding"); } std::string EC_Group::PEM_encode() const { - SecureVector der = DER_encode(EC_DOMPAR_ENC_EXPLICIT); + const std::vector der = DER_encode(EC_DOMPAR_ENC_EXPLICIT); return PEM_Code::encode(der, "EC PARAMETERS"); } diff --git a/src/pubkey/ec_group/ec_group.h b/src/pubkey/ec_group/ec_group.h index dadc9fba3..756c158dc 100644 --- a/src/pubkey/ec_group/ec_group.h +++ b/src/pubkey/ec_group/ec_group.h @@ -54,7 +54,7 @@ class BOTAN_DLL EC_Group * Decode a BER encoded ECC domain parameter set * @param ber_encoding the bytes of the BER encoding */ - EC_Group(const MemoryRegion& ber_encoding); + EC_Group(const std::vector& ber_encoding); /** * Create an EC domain by OID (or throw if unknown) @@ -74,7 +74,7 @@ class BOTAN_DLL EC_Group * @param form of encoding to use * @returns bytes encododed as DER */ - SecureVector DER_encode(EC_Group_Encoding form) const; + std::vector DER_encode(EC_Group_Encoding form) const; /** * Return the PEM encoding (always in explicit form) diff --git a/src/pubkey/ecc_key/ecc_key.cpp b/src/pubkey/ecc_key/ecc_key.cpp index 991446f07..ead129ec6 100644 --- a/src/pubkey/ecc_key/ecc_key.cpp +++ b/src/pubkey/ecc_key/ecc_key.cpp @@ -28,7 +28,7 @@ EC_PublicKey::EC_PublicKey(const EC_Group& dom_par, } EC_PublicKey::EC_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) + const secure_vector& key_bits) { domain_params = EC_Group(alg_id.parameters); domain_encoding = EC_DOMPAR_ENC_EXPLICIT; @@ -47,9 +47,9 @@ AlgorithmIdentifier EC_PublicKey::algorithm_identifier() const return AlgorithmIdentifier(get_oid(), DER_domain()); } -MemoryVector EC_PublicKey::x509_subject_public_key() const +std::vector EC_PublicKey::x509_subject_public_key() const { - return EC2OSP(public_point(), PointGFp::COMPRESSED); + return unlock(EC2OSP(public_point(), PointGFp::COMPRESSED)); } void EC_PublicKey::set_parameter_encoding(EC_Group_Encoding form) @@ -96,7 +96,7 @@ EC_PrivateKey::EC_PrivateKey(RandomNumberGenerator& rng, "ECC private key was not on the curve"); } -MemoryVector EC_PrivateKey::pkcs8_private_key() const +secure_vector EC_PrivateKey::pkcs8_private_key() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -108,7 +108,7 @@ MemoryVector EC_PrivateKey::pkcs8_private_key() const } EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) + const secure_vector& key_bits) { domain_params = EC_Group(alg_id.parameters); domain_encoding = EC_DOMPAR_ENC_EXPLICIT; diff --git a/src/pubkey/ecc_key/ecc_key.h b/src/pubkey/ecc_key/ecc_key.h index cccc8d53c..76a63a7e4 100644 --- a/src/pubkey/ecc_key/ecc_key.h +++ b/src/pubkey/ecc_key/ecc_key.h @@ -34,7 +34,7 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key const PointGFp& pub_point); EC_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits); + const secure_vector& key_bits); /** * Get the public point of this key. @@ -46,7 +46,7 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key AlgorithmIdentifier algorithm_identifier() const; - MemoryVector x509_subject_public_key() const; + std::vector x509_subject_public_key() const; bool check_key(RandomNumberGenerator& rng, bool strong) const; @@ -69,7 +69,7 @@ class BOTAN_DLL EC_PublicKey : public virtual Public_Key * Return the DER encoding of this keys domain in whatever format * is preset for this particular key */ - MemoryVector DER_domain() const + std::vector DER_domain() const { return domain().DER_encode(domain_format()); } /** @@ -98,9 +98,9 @@ class BOTAN_DLL EC_PrivateKey : public virtual EC_PublicKey, const BigInt& private_key); EC_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits); + const secure_vector& key_bits); - MemoryVector pkcs8_private_key() const; + secure_vector pkcs8_private_key() const; /** * Get the private key value of this key object. diff --git a/src/pubkey/ecdh/ecdh.cpp b/src/pubkey/ecdh/ecdh.cpp index 656644370..511dd0678 100644 --- a/src/pubkey/ecdh/ecdh.cpp +++ b/src/pubkey/ecdh/ecdh.cpp @@ -20,7 +20,7 @@ ECDH_KA_Operation::ECDH_KA_Operation(const ECDH_PrivateKey& key) : key.private_value(); } -SecureVector ECDH_KA_Operation::agree(const byte w[], size_t w_len) +secure_vector ECDH_KA_Operation::agree(const byte w[], size_t w_len) { PointGFp point = OS2ECP(w, w_len, curve); diff --git a/src/pubkey/ecdh/ecdh.h b/src/pubkey/ecdh/ecdh.h index 6fe0697bf..0c5d4e010 100644 --- a/src/pubkey/ecdh/ecdh.h +++ b/src/pubkey/ecdh/ecdh.h @@ -23,7 +23,7 @@ class BOTAN_DLL ECDH_PublicKey : public virtual EC_PublicKey public: ECDH_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : EC_PublicKey(alg_id, key_bits) {} /** @@ -52,8 +52,8 @@ class BOTAN_DLL ECDH_PublicKey : public virtual EC_PublicKey /** * @return public point value */ - MemoryVector public_value() const - { return EC2OSP(public_point(), PointGFp::UNCOMPRESSED); } + std::vector public_value() const + { return unlock(EC2OSP(public_point(), PointGFp::UNCOMPRESSED)); } protected: ECDH_PublicKey() {} @@ -69,7 +69,7 @@ class BOTAN_DLL ECDH_PrivateKey : public ECDH_PublicKey, public: ECDH_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : EC_PrivateKey(alg_id, key_bits) {} /** @@ -83,7 +83,7 @@ class BOTAN_DLL ECDH_PrivateKey : public ECDH_PublicKey, const BigInt& x = 0) : EC_PrivateKey(rng, domain, x) {} - MemoryVector public_value() const + std::vector public_value() const { return ECDH_PublicKey::public_value(); } }; @@ -95,7 +95,7 @@ class BOTAN_DLL ECDH_KA_Operation : public PK_Ops::Key_Agreement public: ECDH_KA_Operation(const ECDH_PrivateKey& key); - SecureVector agree(const byte w[], size_t w_len); + secure_vector agree(const byte w[], size_t w_len); private: const CurveGFp& curve; const BigInt& cofactor; diff --git a/src/pubkey/ecdsa/ecdsa.cpp b/src/pubkey/ecdsa/ecdsa.cpp index 5c45c5ed3..6ff082649 100644 --- a/src/pubkey/ecdsa/ecdsa.cpp +++ b/src/pubkey/ecdsa/ecdsa.cpp @@ -32,7 +32,7 @@ ECDSA_Signature_Operation::ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecd { } -SecureVector +secure_vector ECDSA_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -56,7 +56,7 @@ ECDSA_Signature_Operation::sign(const byte msg[], size_t msg_len, s = mod_order.multiply(inverse_mod(k, order), mul_add(x, r, m)); } - SecureVector output(2*order.bytes()); + secure_vector output(2*order.bytes()); r.binary_encode(&output[output.size() / 2 - r.bytes()]); s.binary_encode(&output[output.size() - s.bytes()]); return output; diff --git a/src/pubkey/ecdsa/ecdsa.h b/src/pubkey/ecdsa/ecdsa.h index f0834abd8..e37fa1562 100644 --- a/src/pubkey/ecdsa/ecdsa.h +++ b/src/pubkey/ecdsa/ecdsa.h @@ -33,7 +33,7 @@ class BOTAN_DLL ECDSA_PublicKey : public virtual EC_PublicKey EC_PublicKey(dom_par, public_point) {} ECDSA_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : EC_PublicKey(alg_id, key_bits) {} /** @@ -72,7 +72,7 @@ class BOTAN_DLL ECDSA_PrivateKey : public ECDSA_PublicKey, * @param key_bits PKCS #8 structure */ ECDSA_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : EC_PrivateKey(alg_id, key_bits) {} /** @@ -97,7 +97,7 @@ class BOTAN_DLL ECDSA_Signature_Operation : public PK_Ops::Signature public: ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecdsa); - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); size_t message_parts() const { return 2; } diff --git a/src/pubkey/elgamal/elgamal.cpp b/src/pubkey/elgamal/elgamal.cpp index 6d15aed79..3988f3155 100644 --- a/src/pubkey/elgamal/elgamal.cpp +++ b/src/pubkey/elgamal/elgamal.cpp @@ -44,7 +44,7 @@ ElGamal_PrivateKey::ElGamal_PrivateKey(RandomNumberGenerator& rng, } ElGamal_PrivateKey::ElGamal_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_42) { @@ -76,7 +76,7 @@ ElGamal_Encryption_Operation::ElGamal_Encryption_Operation(const ElGamal_PublicK mod_p = Modular_Reducer(p); } -SecureVector +secure_vector ElGamal_Encryption_Operation::encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -92,7 +92,7 @@ ElGamal_Encryption_Operation::encrypt(const byte msg[], size_t msg_len, BigInt a = powermod_g_p(k); BigInt b = mod_p.multiply(m, powermod_y_p(k)); - SecureVector output(2*p.bytes()); + secure_vector output(2*p.bytes()); a.binary_encode(&output[p.bytes() - a.bytes()]); b.binary_encode(&output[output.size() / 2 + (p.bytes() - b.bytes())]); return output; @@ -109,7 +109,7 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private blinder = Blinder(k, powermod_x_p(k), p); } -SecureVector +secure_vector ElGamal_Decryption_Operation::decrypt(const byte msg[], size_t msg_len) { const BigInt& p = mod_p.get_modulus(); @@ -129,7 +129,7 @@ ElGamal_Decryption_Operation::decrypt(const byte msg[], size_t msg_len) BigInt r = mod_p.multiply(b, inverse_mod(powermod_x_p(a), p)); - return BigInt::encode(blinder.unblind(r)); + return BigInt::encode_locked(blinder.unblind(r)); } } diff --git a/src/pubkey/elgamal/elgamal.h b/src/pubkey/elgamal/elgamal.h index 383a4160b..957aa4656 100644 --- a/src/pubkey/elgamal/elgamal.h +++ b/src/pubkey/elgamal/elgamal.h @@ -28,7 +28,7 @@ class BOTAN_DLL ElGamal_PublicKey : public virtual DL_Scheme_PublicKey size_t max_input_bits() const { return (group_p().bits() - 1); } ElGamal_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : DL_Scheme_PublicKey(alg_id, key_bits, DL_Group::ANSI_X9_42) {} @@ -47,7 +47,7 @@ class BOTAN_DLL ElGamal_PrivateKey : public ElGamal_PublicKey, bool check_key(RandomNumberGenerator& rng, bool) const; ElGamal_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng); ElGamal_PrivateKey(RandomNumberGenerator& rng, @@ -65,7 +65,7 @@ class BOTAN_DLL ElGamal_Encryption_Operation : public PK_Ops::Encryption ElGamal_Encryption_Operation(const ElGamal_PublicKey& key); - SecureVector encrypt(const byte msg[], size_t msg_len, + secure_vector encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: @@ -83,7 +83,7 @@ class BOTAN_DLL ElGamal_Decryption_Operation : public PK_Ops::Decryption ElGamal_Decryption_Operation(const ElGamal_PrivateKey& key); - SecureVector decrypt(const byte msg[], size_t msg_len); + secure_vector decrypt(const byte msg[], size_t msg_len); private: Fixed_Exponent_Power_Mod powermod_x_p; Modular_Reducer mod_p; diff --git a/src/pubkey/gost_3410/gost_3410.cpp b/src/pubkey/gost_3410/gost_3410.cpp index f97f83aa0..289cdcac4 100644 --- a/src/pubkey/gost_3410/gost_3410.cpp +++ b/src/pubkey/gost_3410/gost_3410.cpp @@ -14,7 +14,7 @@ namespace Botan { -MemoryVector GOST_3410_PublicKey::x509_subject_public_key() const +std::vector GOST_3410_PublicKey::x509_subject_public_key() const { // Trust CryptoPro to come up with something obnoxious const BigInt x = public_point().get_affine_x(); @@ -22,7 +22,7 @@ MemoryVector GOST_3410_PublicKey::x509_subject_public_key() const size_t part_size = std::max(x.bytes(), y.bytes()); - MemoryVector bits(2*part_size); + std::vector bits(2*part_size); x.binary_encode(&bits[part_size - x.bytes()]); y.binary_encode(&bits[2*part_size - y.bytes()]); @@ -34,22 +34,22 @@ MemoryVector GOST_3410_PublicKey::x509_subject_public_key() const std::swap(bits[part_size+i], bits[2*part_size-1-i]); } - return DER_Encoder().encode(bits, OCTET_STRING).get_contents(); + return DER_Encoder().encode(bits, OCTET_STRING).get_contents_unlocked(); } AlgorithmIdentifier GOST_3410_PublicKey::algorithm_identifier() const { - MemoryVector params = + std::vector params = DER_Encoder().start_cons(SEQUENCE) .encode(OID(domain().get_oid())) .end_cons() - .get_contents(); + .get_contents_unlocked(); return AlgorithmIdentifier(get_oid(), params); } GOST_3410_PublicKey::GOST_3410_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) + const secure_vector& key_bits) { OID ecc_param_id; @@ -58,7 +58,7 @@ GOST_3410_PublicKey::GOST_3410_PublicKey(const AlgorithmIdentifier& alg_id, domain_params = EC_Group(ecc_param_id); - SecureVector bits; + secure_vector bits; BER_Decoder(key_bits).decode(bits, OCTET_STRING); const size_t part_size = bits.size() / 2; @@ -83,7 +83,7 @@ namespace { BigInt decode_le(const byte msg[], size_t msg_len) { - SecureVector msg_le(msg, msg_len); + secure_vector msg_le(msg, msg + msg_len); for(size_t i = 0; i != msg_le.size() / 2; ++i) std::swap(msg_le[i], msg_le[msg_le.size()-1-i]); @@ -102,7 +102,7 @@ GOST_3410_Signature_Operation::GOST_3410_Signature_Operation( { } -SecureVector +secure_vector GOST_3410_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -129,7 +129,7 @@ GOST_3410_Signature_Operation::sign(const byte msg[], size_t msg_len, if(r == 0 || s == 0) throw Invalid_State("GOST 34.10: r == 0 || s == 0"); - SecureVector output(2*order.bytes()); + secure_vector output(2*order.bytes()); s.binary_encode(&output[output.size() / 2 - s.bytes()]); r.binary_encode(&output[output.size() - r.bytes()]); return output; diff --git a/src/pubkey/gost_3410/gost_3410.h b/src/pubkey/gost_3410/gost_3410.h index 7b638d7b5..6b1506b10 100644 --- a/src/pubkey/gost_3410/gost_3410.h +++ b/src/pubkey/gost_3410/gost_3410.h @@ -35,7 +35,7 @@ class BOTAN_DLL GOST_3410_PublicKey : public virtual EC_PublicKey * Construct from X.509 algorithm id and subject public key bits */ GOST_3410_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits); + const secure_vector& key_bits); /** * Get this keys algorithm name. @@ -45,7 +45,7 @@ class BOTAN_DLL GOST_3410_PublicKey : public virtual EC_PublicKey AlgorithmIdentifier algorithm_identifier() const; - MemoryVector x509_subject_public_key() const; + std::vector x509_subject_public_key() const; /** * Get the maximum number of bits allowed to be fed to this key. @@ -73,7 +73,7 @@ class BOTAN_DLL GOST_3410_PrivateKey : public GOST_3410_PublicKey, public: GOST_3410_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : EC_PrivateKey(alg_id, key_bits) {} /** @@ -103,7 +103,7 @@ class BOTAN_DLL GOST_3410_Signature_Operation : public PK_Ops::Signature size_t message_part_size() const { return order.bytes(); } size_t max_input_bits() const { return order.bits(); } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: diff --git a/src/pubkey/if_algo/if_algo.cpp b/src/pubkey/if_algo/if_algo.cpp index 6e75bc276..f044afd03 100644 --- a/src/pubkey/if_algo/if_algo.cpp +++ b/src/pubkey/if_algo/if_algo.cpp @@ -18,18 +18,18 @@ AlgorithmIdentifier IF_Scheme_PublicKey::algorithm_identifier() const AlgorithmIdentifier::USE_NULL_PARAM); } -MemoryVector IF_Scheme_PublicKey::x509_subject_public_key() const +std::vector IF_Scheme_PublicKey::x509_subject_public_key() const { return DER_Encoder() .start_cons(SEQUENCE) .encode(n) .encode(e) .end_cons() - .get_contents(); + .get_contents_unlocked(); } IF_Scheme_PublicKey::IF_Scheme_PublicKey(const AlgorithmIdentifier&, - const MemoryRegion& key_bits) + const secure_vector& key_bits) { BER_Decoder(key_bits) .start_cons(SEQUENCE) @@ -49,7 +49,7 @@ bool IF_Scheme_PublicKey::check_key(RandomNumberGenerator&, bool) const return true; } -MemoryVector IF_Scheme_PrivateKey::pkcs8_private_key() const +secure_vector IF_Scheme_PrivateKey::pkcs8_private_key() const { return DER_Encoder() .start_cons(SEQUENCE) @@ -68,7 +68,7 @@ MemoryVector IF_Scheme_PrivateKey::pkcs8_private_key() const IF_Scheme_PrivateKey::IF_Scheme_PrivateKey(RandomNumberGenerator& rng, const AlgorithmIdentifier&, - const MemoryRegion& key_bits) + const secure_vector& key_bits) { BER_Decoder(key_bits) .start_cons(SEQUENCE) diff --git a/src/pubkey/if_algo/if_algo.h b/src/pubkey/if_algo/if_algo.h index b6683d30e..5c95aecd1 100644 --- a/src/pubkey/if_algo/if_algo.h +++ b/src/pubkey/if_algo/if_algo.h @@ -22,7 +22,7 @@ class BOTAN_DLL IF_Scheme_PublicKey : public virtual Public_Key { public: IF_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits); + const secure_vector& key_bits); IF_Scheme_PublicKey(const BigInt& n, const BigInt& e) : n(n), e(e) {} @@ -31,7 +31,7 @@ class BOTAN_DLL IF_Scheme_PublicKey : public virtual Public_Key AlgorithmIdentifier algorithm_identifier() const; - MemoryVector x509_subject_public_key() const; + std::vector x509_subject_public_key() const; /** * @return public modulus @@ -67,7 +67,7 @@ class BOTAN_DLL IF_Scheme_PrivateKey : public virtual IF_Scheme_PublicKey, IF_Scheme_PrivateKey(RandomNumberGenerator& rng, const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits); + const secure_vector& key_bits); bool check_key(RandomNumberGenerator& rng, bool) const; @@ -93,7 +93,7 @@ class BOTAN_DLL IF_Scheme_PrivateKey : public virtual IF_Scheme_PublicKey, const BigInt& get_d1() const { return d1; } const BigInt& get_d2() const { return d2; } - MemoryVector pkcs8_private_key() const; + secure_vector pkcs8_private_key() const; protected: IF_Scheme_PrivateKey() {} diff --git a/src/pubkey/keypair/keypair.cpp b/src/pubkey/keypair/keypair.cpp index 857a5328a..a8631062d 100644 --- a/src/pubkey/keypair/keypair.cpp +++ b/src/pubkey/keypair/keypair.cpp @@ -29,14 +29,14 @@ bool encryption_consistency_check(RandomNumberGenerator& rng, if(encryptor.maximum_input_size() == 0) return true; - SecureVector plaintext = - rng.random_vec(encryptor.maximum_input_size() - 1); + std::vector plaintext = + unlock(rng.random_vec(encryptor.maximum_input_size() - 1)); - SecureVector ciphertext = encryptor.encrypt(plaintext, rng); + std::vector ciphertext = encryptor.encrypt(plaintext, rng); if(ciphertext == plaintext) return false; - SecureVector decrypted = decryptor.decrypt(ciphertext); + std::vector decrypted = unlock(decryptor.decrypt(ciphertext)); return (plaintext == decrypted); } @@ -51,9 +51,9 @@ bool signature_consistency_check(RandomNumberGenerator& rng, PK_Signer signer(key, padding); PK_Verifier verifier(key, padding); - SecureVector message = rng.random_vec(16); + std::vector message = unlock(rng.random_vec(16)); - SecureVector signature; + std::vector signature; try { diff --git a/src/pubkey/nr/nr.cpp b/src/pubkey/nr/nr.cpp index 7490e1b64..87cf3d038 100644 --- a/src/pubkey/nr/nr.cpp +++ b/src/pubkey/nr/nr.cpp @@ -13,7 +13,7 @@ namespace Botan { NR_PublicKey::NR_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : DL_Scheme_PublicKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { } @@ -49,7 +49,7 @@ NR_PrivateKey::NR_PrivateKey(RandomNumberGenerator& rng, } NR_PrivateKey::NR_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng) : DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_57) { @@ -80,7 +80,7 @@ NR_Signature_Operation::NR_Signature_Operation(const NR_PrivateKey& nr) : { } -SecureVector +secure_vector NR_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -104,7 +104,7 @@ NR_Signature_Operation::sign(const byte msg[], size_t msg_len, d = mod_q.reduce(k - x * c); } - SecureVector output(2*q.bytes()); + secure_vector output(2*q.bytes()); c.binary_encode(&output[output.size() / 2 - c.bytes()]); d.binary_encode(&output[output.size() - d.bytes()]); return output; @@ -119,7 +119,7 @@ NR_Verification_Operation::NR_Verification_Operation(const NR_PublicKey& nr) : mod_q = Modular_Reducer(nr.group_q()); } -SecureVector +secure_vector NR_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) { const BigInt& q = mod_q.get_modulus(); @@ -137,7 +137,7 @@ NR_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) BigInt g_d = powermod_g_p(d); BigInt i = mod_p.multiply(g_d, future_y_c.get()); - return BigInt::encode(mod_q.reduce(c - i)); + return BigInt::encode_locked(mod_q.reduce(c - i)); } } diff --git a/src/pubkey/nr/nr.h b/src/pubkey/nr/nr.h index 0d426fb3a..5be336a21 100644 --- a/src/pubkey/nr/nr.h +++ b/src/pubkey/nr/nr.h @@ -30,7 +30,7 @@ class BOTAN_DLL NR_PublicKey : public virtual DL_Scheme_PublicKey size_t max_input_bits() const { return (group_q().bits() - 1); } NR_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits); + const secure_vector& key_bits); NR_PublicKey(const DL_Group& group, const BigInt& pub_key); protected: @@ -47,7 +47,7 @@ class BOTAN_DLL NR_PrivateKey : public NR_PublicKey, bool check_key(RandomNumberGenerator& rng, bool strong) const; NR_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng); NR_PrivateKey(RandomNumberGenerator& rng, @@ -67,7 +67,7 @@ class BOTAN_DLL NR_Signature_Operation : public PK_Ops::Signature size_t message_part_size() const { return q.bytes(); } size_t max_input_bits() const { return (q.bits() - 1); } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: const BigInt& q; @@ -90,7 +90,7 @@ class BOTAN_DLL NR_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return true; } - SecureVector verify_mr(const byte msg[], size_t msg_len); + secure_vector verify_mr(const byte msg[], size_t msg_len); private: const BigInt& q; const BigInt& y; diff --git a/src/pubkey/pk_algs.cpp b/src/pubkey/pk_algs.cpp index 9b3218ac4..863eb57e4 100644 --- a/src/pubkey/pk_algs.cpp +++ b/src/pubkey/pk_algs.cpp @@ -47,7 +47,7 @@ namespace Botan { Public_Key* make_public_key(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) + const secure_vector& key_bits) { const std::string alg_name = OIDS::lookup(alg_id.oid); if(alg_name == "") @@ -102,7 +102,7 @@ Public_Key* make_public_key(const AlgorithmIdentifier& alg_id, } Private_Key* make_private_key(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng) { const std::string alg_name = OIDS::lookup(alg_id.oid); diff --git a/src/pubkey/pk_algs.h b/src/pubkey/pk_algs.h index a1e65cb3d..d8f24a1b8 100644 --- a/src/pubkey/pk_algs.h +++ b/src/pubkey/pk_algs.h @@ -13,10 +13,10 @@ namespace Botan { Public_Key* make_public_key(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits); + const secure_vector& key_bits); Private_Key* make_private_key(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng); } diff --git a/src/pubkey/pk_keys.h b/src/pubkey/pk_keys.h index 770949b59..a3b693956 100644 --- a/src/pubkey/pk_keys.h +++ b/src/pubkey/pk_keys.h @@ -69,7 +69,7 @@ class BOTAN_DLL Public_Key /** * @return X.509 subject key encoding for this key object */ - virtual MemoryVector x509_subject_public_key() const = 0; + virtual std::vector x509_subject_public_key() const = 0; virtual ~Public_Key() {} protected: @@ -89,7 +89,7 @@ class BOTAN_DLL Private_Key : public virtual Public_Key /** * @return PKCS #8 private key encoding for this key object */ - virtual MemoryVector pkcs8_private_key() const = 0; + virtual secure_vector pkcs8_private_key() const = 0; /** * @return PKCS #8 AlgorithmIdentifier for this key @@ -121,7 +121,7 @@ class BOTAN_DLL PK_Key_Agreement_Key : public virtual Private_Key /* * @return public component of this key */ - virtual MemoryVector public_value() const = 0; + virtual std::vector public_value() const = 0; virtual ~PK_Key_Agreement_Key() {} }; diff --git a/src/pubkey/pk_ops.h b/src/pubkey/pk_ops.h index 51543cd33..8a08ef430 100644 --- a/src/pubkey/pk_ops.h +++ b/src/pubkey/pk_ops.h @@ -23,7 +23,7 @@ class BOTAN_DLL Encryption public: virtual size_t max_input_bits() const = 0; - virtual SecureVector encrypt(const byte msg[], size_t msg_len, + virtual secure_vector encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) = 0; virtual ~Encryption() {} @@ -37,7 +37,7 @@ class BOTAN_DLL Decryption public: virtual size_t max_input_bits() const = 0; - virtual SecureVector decrypt(const byte msg[], + virtual secure_vector decrypt(const byte msg[], size_t msg_len) = 0; virtual ~Decryption() {} @@ -73,7 +73,7 @@ class BOTAN_DLL Signature * @param msg_len the length of msg in bytes * @param rng a random number generator */ - virtual SecureVector sign(const byte msg[], size_t msg_len, + virtual secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) = 0; virtual ~Signature() {} @@ -130,7 +130,7 @@ class BOTAN_DLL Verification * @param msg_len the length of msg in bytes * @returns recovered message */ - virtual SecureVector verify_mr(const byte[], + virtual secure_vector verify_mr(const byte[], size_t) { throw Invalid_State("Message recovery not supported"); @@ -151,7 +151,7 @@ class BOTAN_DLL Key_Agreement * @param w_len the length of w in bytes * @returns the agreed key */ - virtual SecureVector agree(const byte w[], size_t w_len) = 0; + virtual secure_vector agree(const byte w[], size_t w_len) = 0; virtual ~Key_Agreement() {} }; diff --git a/src/pubkey/pkcs8.cpp b/src/pubkey/pkcs8.cpp index 57bb5c1e2..baf6d1250 100644 --- a/src/pubkey/pkcs8.cpp +++ b/src/pubkey/pkcs8.cpp @@ -24,10 +24,10 @@ namespace { /* * Get info from an EncryptedPrivateKeyInfo */ -SecureVector PKCS8_extract(DataSource& source, +secure_vector PKCS8_extract(DataSource& source, AlgorithmIdentifier& pbe_alg_id) { - SecureVector key_data; + secure_vector key_data; BER_Decoder(source) .start_cons(SEQUENCE) @@ -41,13 +41,13 @@ SecureVector PKCS8_extract(DataSource& source, /* * PEM decode and/or decrypt a private key */ -SecureVector PKCS8_decode( +secure_vector PKCS8_decode( DataSource& source, std::function ()> get_passphrase, AlgorithmIdentifier& pk_alg_id) { AlgorithmIdentifier pbe_alg_id; - SecureVector key_data, key; + secure_vector key_data, key; bool is_encrypted = true; try { @@ -71,9 +71,9 @@ SecureVector PKCS8_decode( if(key_data.empty()) throw PKCS8_Exception("No key data found"); } - catch(Decoding_Error) + catch(Decoding_Error& e) { - throw Decoding_Error("PKCS #8 private key decoding failed"); + throw Decoding_Error("PKCS #8 private key decoding failed: " + std::string(e.what())); } if(!is_encrypted) @@ -131,7 +131,7 @@ SecureVector PKCS8_decode( /* * BER encode a PKCS #8 private key, unencrypted */ -SecureVector BER_encode(const Private_Key& key) +secure_vector BER_encode(const Private_Key& key) { const size_t PKCS8_VERSION = 0; @@ -155,7 +155,7 @@ std::string PEM_encode(const Private_Key& key) /* * BER encode a PKCS #8 private key, encrypted */ -SecureVector BER_encode(const Private_Key& key, +secure_vector BER_encode(const Private_Key& key, RandomNumberGenerator& rng, const std::string& pass, const std::string& pbe_algo) @@ -203,7 +203,7 @@ Private_Key* load_key(DataSource& source, std::function ()> get_pass) { AlgorithmIdentifier alg_id; - SecureVector pkcs8_key = PKCS8_decode(source, get_pass, alg_id); + secure_vector pkcs8_key = PKCS8_decode(source, get_pass, alg_id); const std::string alg_name = OIDS::lookup(alg_id.oid); if(alg_name == "" || alg_name == alg_id.oid.as_string()) diff --git a/src/pubkey/pkcs8.h b/src/pubkey/pkcs8.h index d573fb460..fae1633a8 100644 --- a/src/pubkey/pkcs8.h +++ b/src/pubkey/pkcs8.h @@ -32,7 +32,7 @@ namespace PKCS8 { * @param key the private key to encode * @return BER encoded key */ -BOTAN_DLL SecureVector BER_encode(const Private_Key& key); +BOTAN_DLL secure_vector BER_encode(const Private_Key& key); /** * Get a string containing a PEM encoded private key. @@ -51,7 +51,7 @@ BOTAN_DLL std::string PEM_encode(const Private_Key& key); default will be chosen. * @return encrypted key in binary BER form */ -BOTAN_DLL SecureVector BER_encode(const Private_Key& key, +BOTAN_DLL secure_vector BER_encode(const Private_Key& key, RandomNumberGenerator& rng, const std::string& pass, const std::string& pbe_algo = ""); diff --git a/src/pubkey/pubkey.cpp b/src/pubkey/pubkey.cpp index d0b74071c..370eeddbf 100644 --- a/src/pubkey/pubkey.cpp +++ b/src/pubkey/pubkey.cpp @@ -44,27 +44,27 @@ PK_Encryptor_EME::PK_Encryptor_EME(const Public_Key& key, /* * Encrypt a message */ -SecureVector +std::vector PK_Encryptor_EME::enc(const byte in[], size_t length, RandomNumberGenerator& rng) const { if(eme) { - SecureVector encoded = + secure_vector encoded = eme->encode(in, length, op->max_input_bits(), rng); if(8*(encoded.size() - 1) + high_bit(encoded[0]) > op->max_input_bits()) throw Invalid_Argument("PK_Encryptor_EME: Input is too large"); - return op->encrypt(&encoded[0], encoded.size(), rng); + return unlock(op->encrypt(&encoded[0], encoded.size(), rng)); } else { if(8*(length - 1) + high_bit(in[0]) > op->max_input_bits()) throw Invalid_Argument("PK_Encryptor_EME: Input is too large"); - return op->encrypt(&in[0], length, rng); + return unlock(op->encrypt(&in[0], length, rng)); } } @@ -104,11 +104,11 @@ PK_Decryptor_EME::PK_Decryptor_EME(const Private_Key& key, /* * Decrypt a message */ -SecureVector PK_Decryptor_EME::dec(const byte msg[], - size_t length) const +secure_vector PK_Decryptor_EME::dec(const byte msg[], + size_t length) const { try { - SecureVector decrypted = op->decrypt(msg, length); + secure_vector decrypted = op->decrypt(msg, length); if(eme) return eme->decode(decrypted, op->max_input_bits()); else @@ -156,7 +156,7 @@ PK_Signer::PK_Signer(const Private_Key& key, /* * Sign a message */ -SecureVector PK_Signer::sign_message(const byte msg[], size_t length, +std::vector PK_Signer::sign_message(const byte msg[], size_t length, RandomNumberGenerator& rng) { update(msg, length); @@ -174,16 +174,16 @@ void PK_Signer::update(const byte in[], size_t length) /* * Check the signature we just created, to help prevent fault attacks */ -bool PK_Signer::self_test_signature(const MemoryRegion& msg, - const MemoryRegion& sig) const +bool PK_Signer::self_test_signature(const std::vector& msg, + const std::vector& sig) const { if(!verify_op) return true; // checking disabled, assume ok if(verify_op->with_recovery()) { - SecureVector recovered = - verify_op->verify_mr(&sig[0], sig.size()); + std::vector recovered = + unlock(verify_op->verify_mr(&sig[0], sig.size())); if(msg.size() > recovered.size()) { @@ -206,13 +206,13 @@ bool PK_Signer::self_test_signature(const MemoryRegion& msg, /* * Create a signature */ -SecureVector PK_Signer::signature(RandomNumberGenerator& rng) +std::vector PK_Signer::signature(RandomNumberGenerator& rng) { - SecureVector encoded = emsa->encoding_of(emsa->raw_data(), - op->max_input_bits(), - rng); + std::vector encoded = unlock(emsa->encoding_of(emsa->raw_data(), + op->max_input_bits(), + rng)); - SecureVector plain_sig = op->sign(&encoded[0], encoded.size(), rng); + std::vector plain_sig = unlock(op->sign(&encoded[0], encoded.size(), rng)); BOTAN_ASSERT(self_test_signature(encoded, plain_sig), "PK_Signer consistency check failed"); @@ -234,7 +234,7 @@ SecureVector PK_Signer::signature(RandomNumberGenerator& rng) .start_cons(SEQUENCE) .encode_list(sig_parts) .end_cons() - .get_contents(); + .get_contents_unlocked(); } else throw Encoding_Error("PK_Signer: Unknown signature format " + @@ -307,7 +307,7 @@ bool PK_Verifier::check_signature(const byte sig[], size_t length) BER_Decoder ber_sig = decoder.start_cons(SEQUENCE); size_t count = 0; - SecureVector real_sig; + std::vector real_sig; while(ber_sig.more_items()) { BigInt sig_part; @@ -332,19 +332,19 @@ bool PK_Verifier::check_signature(const byte sig[], size_t length) /* * Verify a signature */ -bool PK_Verifier::validate_signature(const MemoryRegion& msg, +bool PK_Verifier::validate_signature(const secure_vector& msg, const byte sig[], size_t sig_len) { if(op->with_recovery()) { - SecureVector output_of_key = op->verify_mr(sig, sig_len); + secure_vector output_of_key = op->verify_mr(sig, sig_len); return emsa->verify(output_of_key, msg, op->max_input_bits()); } else { Null_RNG rng; - SecureVector encoded = + secure_vector encoded = emsa->encoding_of(msg, op->max_input_bits(), rng); return op->verify(&encoded[0], encoded.size(), sig, sig_len); @@ -377,7 +377,7 @@ SymmetricKey PK_Key_Agreement::derive_key(size_t key_len, const byte in[], size_t in_len, const byte params[], size_t params_len) const { - SecureVector z = op->agree(in, in_len); + secure_vector z = op->agree(in, in_len); if(!kdf) return z; diff --git a/src/pubkey/pubkey.h b/src/pubkey/pubkey.h index cd813dc65..5013a1ed1 100644 --- a/src/pubkey/pubkey.h +++ b/src/pubkey/pubkey.h @@ -45,7 +45,7 @@ class BOTAN_DLL PK_Encryptor * @param rng the random number source to use * @return encrypted message */ - SecureVector encrypt(const byte in[], size_t length, + std::vector encrypt(const byte in[], size_t length, RandomNumberGenerator& rng) const { return enc(in, length, rng); @@ -57,8 +57,9 @@ class BOTAN_DLL PK_Encryptor * @param rng the random number source to use * @return encrypted message */ - SecureVector encrypt(const MemoryRegion& in, - RandomNumberGenerator& rng) const + template + std::vector encrypt(const std::vector& in, + RandomNumberGenerator& rng) const { return enc(&in[0], in.size(), rng); } @@ -75,7 +76,7 @@ class BOTAN_DLL PK_Encryptor PK_Encryptor(const PK_Encryptor&) {} PK_Encryptor& operator=(const PK_Encryptor&) { return *this; } - virtual SecureVector enc(const byte[], size_t, + virtual std::vector enc(const byte[], size_t, RandomNumberGenerator&) const = 0; }; @@ -91,7 +92,7 @@ class BOTAN_DLL PK_Decryptor * @param length the length of the above byte array * @return decrypted message */ - SecureVector decrypt(const byte in[], size_t length) const + secure_vector decrypt(const byte in[], size_t length) const { return dec(in, length); } @@ -101,7 +102,8 @@ class BOTAN_DLL PK_Decryptor * @param in the ciphertext * @return decrypted message */ - SecureVector decrypt(const MemoryRegion& in) const + template + secure_vector decrypt(const std::vector& in) const { return dec(&in[0], in.size()); } @@ -112,7 +114,7 @@ class BOTAN_DLL PK_Decryptor PK_Decryptor(const PK_Decryptor&) {} PK_Decryptor& operator=(const PK_Decryptor&) { return *this; } - virtual SecureVector dec(const byte[], size_t) const = 0; + virtual secure_vector dec(const byte[], size_t) const = 0; }; /** @@ -130,7 +132,7 @@ class BOTAN_DLL PK_Signer * @param rng the rng to use * @return signature */ - SecureVector sign_message(const byte in[], size_t length, + std::vector sign_message(const byte in[], size_t length, RandomNumberGenerator& rng); /** @@ -139,8 +141,12 @@ class BOTAN_DLL PK_Signer * @param rng the rng to use * @return signature */ - SecureVector sign_message(const MemoryRegion& in, - RandomNumberGenerator& rng) + std::vector sign_message(const std::vector& in, + RandomNumberGenerator& rng) + { return sign_message(&in[0], in.size(), rng); } + + std::vector sign_message(const secure_vector& in, + RandomNumberGenerator& rng) { return sign_message(&in[0], in.size(), rng); } /** @@ -160,7 +166,7 @@ class BOTAN_DLL PK_Signer * Add a message part. * @param in the message part to add */ - void update(const MemoryRegion& in) { update(&in[0], in.size()); } + void update(const std::vector& in) { update(&in[0], in.size()); } /** * Get the signature of the so far processed message (provided by the @@ -168,7 +174,7 @@ class BOTAN_DLL PK_Signer * @param rng the rng to use * @return signature of the total message */ - SecureVector signature(RandomNumberGenerator& rng); + std::vector signature(RandomNumberGenerator& rng); /** * Set the output format of the signature. @@ -191,8 +197,8 @@ class BOTAN_DLL PK_Signer ~PK_Signer() { delete op; delete verify_op; delete emsa; } private: - bool self_test_signature(const MemoryRegion& msg, - const MemoryRegion& sig) const; + bool self_test_signature(const std::vector& msg, + const std::vector& sig) const; PK_Signer(const PK_Signer&) {} PK_Signer& operator=(const PK_Signer&) { return *this; } @@ -227,8 +233,9 @@ class BOTAN_DLL PK_Verifier * @param sig the signature * @return true if the signature is valid */ - bool verify_message(const MemoryRegion& msg, - const MemoryRegion& sig) + template + bool verify_message(const std::vector& msg, + const std::vector& sig) { return verify_message(&msg[0], msg.size(), &sig[0], sig.size()); @@ -254,7 +261,7 @@ class BOTAN_DLL PK_Verifier * signature to be verified. * @param in the new message part */ - void update(const MemoryRegion& in) + void update(const std::vector& in) { update(&in[0], in.size()); } /** @@ -272,7 +279,8 @@ class BOTAN_DLL PK_Verifier * @param sig the signature to be verified * @return true if the signature is valid, false otherwise */ - bool check_signature(const MemoryRegion& sig) + template + bool check_signature(const std::vector& sig) { return check_signature(&sig[0], sig.size()); } @@ -298,7 +306,7 @@ class BOTAN_DLL PK_Verifier PK_Verifier(const PK_Verifier&) {} PK_Verifier& operator=(const PK_Verifier&) { return *this; } - bool validate_signature(const MemoryRegion& msg, + bool validate_signature(const secure_vector& msg, const byte sig[], size_t sig_len); PK_Ops::Verification* op; @@ -336,7 +344,7 @@ class BOTAN_DLL PK_Key_Agreement * @param params_len the length of params in bytes */ SymmetricKey derive_key(size_t key_len, - const MemoryRegion& in, + const std::vector& in, const byte params[], size_t params_len) const { @@ -367,7 +375,7 @@ class BOTAN_DLL PK_Key_Agreement * @param params extra derivation params */ SymmetricKey derive_key(size_t key_len, - const MemoryRegion& in, + const std::vector& in, const std::string& params = "") const { return derive_key(key_len, &in[0], in.size(), @@ -410,7 +418,7 @@ class BOTAN_DLL PK_Encryptor_EME : public PK_Encryptor ~PK_Encryptor_EME() { delete op; delete eme; } private: - SecureVector enc(const byte[], size_t, + std::vector enc(const byte[], size_t, RandomNumberGenerator& rng) const; PK_Ops::Encryption* op; @@ -433,7 +441,7 @@ class BOTAN_DLL PK_Decryptor_EME : public PK_Decryptor ~PK_Decryptor_EME() { delete op; delete eme; } private: - SecureVector dec(const byte[], size_t) const; + secure_vector dec(const byte[], size_t) const; PK_Ops::Decryption* op; const EME* eme; diff --git a/src/pubkey/rsa/rsa.cpp b/src/pubkey/rsa/rsa.cpp index 2da366699..22474d7d5 100644 --- a/src/pubkey/rsa/rsa.cpp +++ b/src/pubkey/rsa/rsa.cpp @@ -88,7 +88,7 @@ BigInt RSA_Private_Operation::private_op(const BigInt& m) const return mul_add(j1, q, j2); } -SecureVector +secure_vector RSA_Private_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator&) { @@ -105,7 +105,7 @@ RSA_Private_Operation::sign(const byte msg[], size_t msg_len, /* * RSA Decryption Operation */ -SecureVector +secure_vector RSA_Private_Operation::decrypt(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); @@ -114,7 +114,7 @@ RSA_Private_Operation::decrypt(const byte msg[], size_t msg_len) BOTAN_ASSERT(m == powermod_e_n(x), "RSA private op failed consistency check"); - return BigInt::encode(x); + return BigInt::encode_locked(x); } } diff --git a/src/pubkey/rsa/rsa.h b/src/pubkey/rsa/rsa.h index dddecdbed..0942d92ad 100644 --- a/src/pubkey/rsa/rsa.h +++ b/src/pubkey/rsa/rsa.h @@ -24,7 +24,7 @@ class BOTAN_DLL RSA_PublicKey : public virtual IF_Scheme_PublicKey std::string algo_name() const { return "RSA"; } RSA_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : IF_Scheme_PublicKey(alg_id, key_bits) {} @@ -51,7 +51,7 @@ class BOTAN_DLL RSA_PrivateKey : public RSA_PublicKey, bool check_key(RandomNumberGenerator& rng, bool) const; RSA_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng) : IF_Scheme_PrivateKey(rng, alg_id, key_bits) {} @@ -94,10 +94,10 @@ class BOTAN_DLL RSA_Private_Operation : public PK_Ops::Signature, size_t max_input_bits() const { return (n.bits() - 1); } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); - SecureVector decrypt(const byte msg[], size_t msg_len); + secure_vector decrypt(const byte msg[], size_t msg_len); private: BigInt private_op(const BigInt& m) const; @@ -124,17 +124,17 @@ class BOTAN_DLL RSA_Public_Operation : public PK_Ops::Verification, size_t max_input_bits() const { return (n.bits() - 1); } bool with_recovery() const { return true; } - SecureVector encrypt(const byte msg[], size_t msg_len, + secure_vector encrypt(const byte msg[], size_t msg_len, RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector verify_mr(const byte msg[], size_t msg_len) + secure_vector verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); - return BigInt::encode(public_op(m)); + return BigInt::encode_locked(public_op(m)); } private: diff --git a/src/pubkey/rw/rw.cpp b/src/pubkey/rw/rw.cpp index dab84b59f..c41b18101 100644 --- a/src/pubkey/rw/rw.cpp +++ b/src/pubkey/rw/rw.cpp @@ -70,7 +70,7 @@ RW_Signature_Operation::RW_Signature_Operation(const RW_PrivateKey& rw) : { } -SecureVector +secure_vector RW_Signature_Operation::sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng) { @@ -101,7 +101,7 @@ RW_Signature_Operation::sign(const byte msg[], size_t msg_len, return BigInt::encode_1363(r, n.bytes()); } -SecureVector +secure_vector RW_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) { BigInt m(msg, msg_len); @@ -111,15 +111,15 @@ RW_Verification_Operation::verify_mr(const byte msg[], size_t msg_len) BigInt r = powermod_e_n(m); if(r % 16 == 12) - return BigInt::encode(r); + return BigInt::encode_locked(r); if(r % 8 == 6) - return BigInt::encode(2*r); + return BigInt::encode_locked(2*r); r = n - r; if(r % 16 == 12) - return BigInt::encode(r); + return BigInt::encode_locked(r); if(r % 8 == 6) - return BigInt::encode(2*r); + return BigInt::encode_locked(2*r); throw Invalid_Argument("RW signature verification: Invalid signature"); } diff --git a/src/pubkey/rw/rw.h b/src/pubkey/rw/rw.h index b8d92eb3a..1e918e70c 100644 --- a/src/pubkey/rw/rw.h +++ b/src/pubkey/rw/rw.h @@ -24,7 +24,7 @@ class BOTAN_DLL RW_PublicKey : public virtual IF_Scheme_PublicKey std::string algo_name() const { return "RW"; } RW_PublicKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits) : + const secure_vector& key_bits) : IF_Scheme_PublicKey(alg_id, key_bits) {} @@ -44,7 +44,7 @@ class BOTAN_DLL RW_PrivateKey : public RW_PublicKey, { public: RW_PrivateKey(const AlgorithmIdentifier& alg_id, - const MemoryRegion& key_bits, + const secure_vector& key_bits, RandomNumberGenerator& rng) : IF_Scheme_PrivateKey(rng, alg_id, key_bits) {} @@ -69,7 +69,7 @@ class BOTAN_DLL RW_Signature_Operation : public PK_Ops::Signature size_t max_input_bits() const { return (n.bits() - 1); } - SecureVector sign(const byte msg[], size_t msg_len, + secure_vector sign(const byte msg[], size_t msg_len, RandomNumberGenerator& rng); private: const BigInt& n; @@ -95,7 +95,7 @@ class BOTAN_DLL RW_Verification_Operation : public PK_Ops::Verification size_t max_input_bits() const { return (n.bits() - 1); } bool with_recovery() const { return true; } - SecureVector verify_mr(const byte msg[], size_t msg_len); + secure_vector verify_mr(const byte msg[], size_t msg_len); private: const BigInt& n; diff --git a/src/pubkey/x509_key.cpp b/src/pubkey/x509_key.cpp index 4714b1285..1b0ce46b3 100644 --- a/src/pubkey/x509_key.cpp +++ b/src/pubkey/x509_key.cpp @@ -18,14 +18,14 @@ namespace Botan { namespace X509 { -MemoryVector BER_encode(const Public_Key& key) +std::vector BER_encode(const Public_Key& key) { return DER_Encoder() .start_cons(SEQUENCE) .encode(key.algorithm_identifier()) .encode(key.x509_subject_public_key(), BIT_STRING) .end_cons() - .get_contents(); + .get_contents_unlocked(); } /* @@ -44,7 +44,7 @@ Public_Key* load_key(DataSource& source) { try { AlgorithmIdentifier alg_id; - MemoryVector key_bits; + secure_vector key_bits; if(ASN1::maybe_BER(source) && !PEM_Code::matches(source)) { @@ -92,7 +92,7 @@ Public_Key* load_key(const std::string& fsname) /* * Extract a public key and return it */ -Public_Key* load_key(const MemoryRegion& mem) +Public_Key* load_key(const secure_vector& mem) { DataSource_Memory source(mem); return X509::load_key(source); diff --git a/src/pubkey/x509_key.h b/src/pubkey/x509_key.h index 3fdee8cde..9d4c883a1 100644 --- a/src/pubkey/x509_key.h +++ b/src/pubkey/x509_key.h @@ -26,7 +26,7 @@ namespace X509 { * @param key the public key to encode * @return BER encoding of this key */ -BOTAN_DLL MemoryVector BER_encode(const Public_Key& key); +BOTAN_DLL std::vector BER_encode(const Public_Key& key); /** * PEM encode a public key into a string. @@ -54,7 +54,7 @@ BOTAN_DLL Public_Key* load_key(const std::string& filename); * @param enc the memory region containing the DER or PEM encoded key * @return new public key object */ -BOTAN_DLL Public_Key* load_key(const MemoryRegion& enc); +BOTAN_DLL Public_Key* load_key(const secure_vector& enc); /** * Copy a key. diff --git a/src/rng/hmac_rng/hmac_rng.cpp b/src/rng/hmac_rng/hmac_rng.cpp index 311942c19..da7535b18 100644 --- a/src/rng/hmac_rng/hmac_rng.cpp +++ b/src/rng/hmac_rng/hmac_rng.cpp @@ -15,7 +15,7 @@ namespace Botan { namespace { void hmac_prf(MessageAuthenticationCode* prf, - MemoryRegion& K, + secure_vector& K, u32bit& counter, const std::string& label) { @@ -200,7 +200,7 @@ HMAC_RNG::HMAC_RNG(MessageAuthenticationCode* extractor_mac, the estimated entropy counter is high enough. That variable is only set when a reseeding is performed. */ - MemoryVector prf_key(extractor->output_length()); + secure_vector prf_key(extractor->output_length()); prf->set_key(prf_key); /* diff --git a/src/rng/hmac_rng/hmac_rng.h b/src/rng/hmac_rng/hmac_rng.h index fc6a14f3a..1e70c00a7 100644 --- a/src/rng/hmac_rng/hmac_rng.h +++ b/src/rng/hmac_rng/hmac_rng.h @@ -51,7 +51,7 @@ class BOTAN_DLL HMAC_RNG : public RandomNumberGenerator std::vector entropy_sources; bool seeded; - SecureVector K, io_buffer; + secure_vector K, io_buffer; size_t user_input_len; u32bit counter; }; diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp index 51354db12..ef55f3975 100644 --- a/src/rng/randpool/randpool.cpp +++ b/src/rng/randpool/randpool.cpp @@ -56,7 +56,7 @@ void Randpool::update_buffer() mac->update(static_cast(GEN_OUTPUT)); mac->update(counter); - SecureVector mac_val = mac->final(); + secure_vector mac_val = mac->final(); for(size_t i = 0; i != mac_val.size(); ++i) buffer[i % buffer.size()] ^= mac_val[i]; @@ -112,7 +112,7 @@ void Randpool::reseed(size_t poll_bits) } } - SecureVector mac_val = mac->final(); + secure_vector mac_val = mac->final(); xor_buf(pool, mac_val, mac_val.size()); mix_pool(); @@ -126,7 +126,7 @@ void Randpool::reseed(size_t poll_bits) */ void Randpool::add_entropy(const byte input[], size_t length) { - SecureVector mac_val = mac->process(input, length); + secure_vector mac_val = mac->process(input, length); xor_buf(pool, mac_val, mac_val.size()); mix_pool(); diff --git a/src/rng/randpool/randpool.h b/src/rng/randpool/randpool.h index ed224221c..64572bcfb 100644 --- a/src/rng/randpool/randpool.h +++ b/src/rng/randpool/randpool.h @@ -52,7 +52,7 @@ class BOTAN_DLL Randpool : public RandomNumberGenerator MessageAuthenticationCode* mac; std::vector entropy_sources; - SecureVector pool, buffer, counter; + secure_vector pool, buffer, counter; bool seeded; }; diff --git a/src/rng/rng.h b/src/rng/rng.h index c078ef08f..12b423e7c 100644 --- a/src/rng/rng.h +++ b/src/rng/rng.h @@ -37,9 +37,9 @@ class BOTAN_DLL RandomNumberGenerator * @param bytes number of bytes in the result * @return randomized vector of length bytes */ - SecureVector random_vec(size_t bytes) + secure_vector random_vec(size_t bytes) { - SecureVector output(bytes); + secure_vector output(bytes); randomize(&output[0], output.size()); return output; } diff --git a/src/rng/x931_rng/x931_rng.cpp b/src/rng/x931_rng/x931_rng.cpp index ac77b4344..7562c7ad5 100644 --- a/src/rng/x931_rng/x931_rng.cpp +++ b/src/rng/x931_rng/x931_rng.cpp @@ -40,7 +40,7 @@ void ANSI_X931_RNG::update_buffer() { const size_t BLOCK_SIZE = cipher->block_size(); - SecureVector DT = prng->random_vec(BLOCK_SIZE); + secure_vector DT = prng->random_vec(BLOCK_SIZE); cipher->encrypt(DT); xor_buf(&R[0], &V[0], &DT[0], BLOCK_SIZE); diff --git a/src/rng/x931_rng/x931_rng.h b/src/rng/x931_rng/x931_rng.h index 41fa9328b..c8a1b8707 100644 --- a/src/rng/x931_rng/x931_rng.h +++ b/src/rng/x931_rng/x931_rng.h @@ -42,7 +42,7 @@ class BOTAN_DLL ANSI_X931_RNG : public RandomNumberGenerator BlockCipher* cipher; RandomNumberGenerator* prng; - SecureVector V, R; + secure_vector V, R; size_t position; }; diff --git a/src/stream/arc4/arc4.h b/src/stream/arc4/arc4.h index e3df97f83..8f8de87b6 100644 --- a/src/stream/arc4/arc4.h +++ b/src/stream/arc4/arc4.h @@ -44,9 +44,9 @@ class BOTAN_DLL ARC4 : public StreamCipher const size_t SKIP; byte X, Y; - SecureVector state; + secure_vector state; - SecureVector buffer; + secure_vector buffer; size_t position; }; diff --git a/src/stream/ctr/ctr.h b/src/stream/ctr/ctr.h index 64b43b0f5..9f391da7e 100644 --- a/src/stream/ctr/ctr.h +++ b/src/stream/ctr/ctr.h @@ -48,7 +48,7 @@ class BOTAN_DLL CTR_BE : public StreamCipher void increment_counter(); BlockCipher* permutation; - SecureVector counter, buffer; + secure_vector counter, buffer; size_t position; }; diff --git a/src/stream/ofb/ofb.h b/src/stream/ofb/ofb.h index c4d8b2601..9d4fd882f 100644 --- a/src/stream/ofb/ofb.h +++ b/src/stream/ofb/ofb.h @@ -47,7 +47,7 @@ class BOTAN_DLL OFB : public StreamCipher void key_schedule(const byte key[], size_t key_len); BlockCipher* permutation; - SecureVector buffer; + secure_vector buffer; size_t position; }; diff --git a/src/stream/salsa20/salsa20.cpp b/src/stream/salsa20/salsa20.cpp index 7d062befe..65ee3d758 100644 --- a/src/stream/salsa20/salsa20.cpp +++ b/src/stream/salsa20/salsa20.cpp @@ -193,7 +193,7 @@ void Salsa20::set_iv(const byte iv[], size_t length) state[8] = load_le(iv, 2); state[9] = load_le(iv, 3); - SecureVector hsalsa(8); + secure_vector hsalsa(8); hsalsa20(&hsalsa[0], &state[0]); state[ 1] = hsalsa[0]; diff --git a/src/stream/salsa20/salsa20.h b/src/stream/salsa20/salsa20.h index d9645015f..ac2a9b33a 100644 --- a/src/stream/salsa20/salsa20.h +++ b/src/stream/salsa20/salsa20.h @@ -38,8 +38,8 @@ class BOTAN_DLL Salsa20 : public StreamCipher private: void key_schedule(const byte key[], size_t key_len); - SecureVector state; - SecureVector buffer; + secure_vector state; + secure_vector buffer; size_t position; }; diff --git a/src/stream/turing/turing.cpp b/src/stream/turing/turing.cpp index 697c660ed..c455185b0 100644 --- a/src/stream/turing/turing.cpp +++ b/src/stream/turing/turing.cpp @@ -17,7 +17,7 @@ namespace { /* * Perform an N-way PHT */ -inline void PHT(MemoryRegion& B) +inline void PHT(secure_vector& B) { u32bit sum = 0; for(size_t i = 0; i < B.size() - 1; ++i) @@ -284,7 +284,7 @@ void Turing::set_iv(const byte iv[], size_t length) if(!valid_iv_length(length)) throw Invalid_IV_Length(name(), length); - SecureVector IV(length / 4); + secure_vector IV(length / 4); for(size_t i = 0; i != length; ++i) IV[i/4] = (IV[i/4] << 8) + iv[i]; diff --git a/src/stream/turing/turing.h b/src/stream/turing/turing.h index aff314080..84bfbe9c0 100644 --- a/src/stream/turing/turing.h +++ b/src/stream/turing/turing.h @@ -45,10 +45,10 @@ class BOTAN_DLL Turing : public StreamCipher static const u32bit Q_BOX[256]; static const byte SBOX[256]; - SecureVector S0, S1, S2, S3; - SecureVector R; - SecureVector K; - SecureVector buffer; + secure_vector S0, S1, S2, S3; + secure_vector R; + secure_vector K; + secure_vector buffer; size_t position; }; diff --git a/src/stream/wid_wake/wid_wake.h b/src/stream/wid_wake/wid_wake.h index 05842a574..ca8d9a316 100644 --- a/src/stream/wid_wake/wid_wake.h +++ b/src/stream/wid_wake/wid_wake.h @@ -45,10 +45,10 @@ class BOTAN_DLL WiderWake_41_BE : public StreamCipher void generate(size_t); - SecureVector T; - SecureVector state; - SecureVector t_key; - SecureVector buffer; + secure_vector T; + secure_vector state; + secure_vector t_key; + secure_vector buffer; size_t position; }; diff --git a/src/tls/c_hello.cpp b/src/tls/c_hello.cpp index df3957a4b..e63dc91ba 100644 --- a/src/tls/c_hello.cpp +++ b/src/tls/c_hello.cpp @@ -21,14 +21,14 @@ enum { TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF }; -MemoryVector make_hello_random(RandomNumberGenerator& rng) +std::vector make_hello_random(RandomNumberGenerator& rng) { - MemoryVector buf(32); + std::vector buf(32); const u32bit time32 = static_cast( std::chrono::system_clock::to_time_t(std::chrono::system_clock::now())); - store_be(time32, buf); + store_be(time32, &buf[0]); rng.randomize(&buf[4], buf.size() - 4); return buf; } @@ -44,7 +44,7 @@ Hello_Request::Hello_Request(Record_Writer& writer) /* * Deserialize a Hello Request message */ -Hello_Request::Hello_Request(const MemoryRegion& buf) +Hello_Request::Hello_Request(const std::vector& buf) { if(buf.size()) throw Decoding_Error("Bad Hello_Request, has non-zero size"); @@ -53,9 +53,9 @@ Hello_Request::Hello_Request(const MemoryRegion& buf) /* * Serialize a Hello Request message */ -MemoryVector Hello_Request::serialize() const +std::vector Hello_Request::serialize() const { - return MemoryVector(); + return std::vector(); } /* @@ -65,7 +65,7 @@ Client_Hello::Client_Hello(Record_Writer& writer, Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const MemoryRegion& reneg_info, + const std::vector& reneg_info, bool next_protocol, const std::string& hostname, const std::string& srp_identifier) : @@ -101,7 +101,7 @@ Client_Hello::Client_Hello(Record_Writer& writer, Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const MemoryRegion& reneg_info, + const std::vector& reneg_info, const Session& session, bool next_protocol) : m_version(session.version()), @@ -140,7 +140,7 @@ Client_Hello::Client_Hello(Record_Writer& writer, /* * Read a counterparty client hello */ -Client_Hello::Client_Hello(const MemoryRegion& buf, Handshake_Type type) +Client_Hello::Client_Hello(const std::vector& buf, Handshake_Type type) { m_next_protocol = false; m_secure_renegotiation = false; @@ -158,9 +158,9 @@ Client_Hello::Client_Hello(const MemoryRegion& buf, Handshake_Type type) /* * Serialize a Client Hello message */ -MemoryVector Client_Hello::serialize() const +std::vector Client_Hello::serialize() const { - MemoryVector buf; + std::vector buf; buf.push_back(m_version.major_version()); buf.push_back(m_version.minor_version()); @@ -202,7 +202,7 @@ MemoryVector Client_Hello::serialize() const return buf; } -void Client_Hello::deserialize_sslv2(const MemoryRegion& buf) +void Client_Hello::deserialize_sslv2(const std::vector& buf) { if(buf.size() < 12 || buf[0] != 1) throw Decoding_Error("Client_Hello: SSLv2 hello corrupted"); @@ -243,7 +243,7 @@ void Client_Hello::deserialize_sslv2(const MemoryRegion& buf) /* * Deserialize a Client Hello message */ -void Client_Hello::deserialize(const MemoryRegion& buf) +void Client_Hello::deserialize(const std::vector& buf) { if(buf.size() == 0) throw Decoding_Error("Client_Hello: Packet corrupted"); diff --git a/src/tls/c_kex.cpp b/src/tls/c_kex.cpp index f97081383..5ff9ec1ce 100644 --- a/src/tls/c_kex.cpp +++ b/src/tls/c_kex.cpp @@ -26,7 +26,7 @@ namespace TLS { namespace { -SecureVector strip_leading_zeros(const MemoryRegion& input) +secure_vector strip_leading_zeros(const secure_vector& input) { size_t leading_zeros = 0; @@ -37,8 +37,8 @@ SecureVector strip_leading_zeros(const MemoryRegion& input) ++leading_zeros; } - SecureVector output(&input[leading_zeros], - input.size() - leading_zeros); + secure_vector output(&input[leading_zeros], + &input[input.size()-1]); return output; } @@ -76,7 +76,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, SymmetricKey psk = creds.psk("tls-client", hostname, psk_identity); - MemoryVector zeros(psk.length()); + std::vector zeros(psk.length()); append_tls_length_value(pre_master, zeros, 2); append_tls_length_value(pre_master, psk.bits_of(), 2); @@ -124,7 +124,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, PK_Key_Agreement ka(priv_key, "Raw"); - SecureVector dh_secret = strip_leading_zeros( + secure_vector dh_secret = strip_leading_zeros( ka.derive_key(0, counterparty_key.public_value()).bits_of()); if(kex_algo == "DH") @@ -153,7 +153,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, EC_Group group(name); - MemoryVector ecdh_key = reader.get_range(1, 1, 255); + std::vector ecdh_key = reader.get_range(1, 1, 255); ECDH_PublicKey counterparty_key(group, OS2ECP(ecdh_key, group.get_curve())); @@ -161,7 +161,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, PK_Key_Agreement ka(priv_key, "Raw"); - SecureVector ecdh_secret = ka.derive_key(0, counterparty_key.public_value()).bits_of(); + secure_vector ecdh_secret = ka.derive_key(0, counterparty_key.public_value()).bits_of(); if(kex_algo == "ECDH") pre_master = ecdh_secret; @@ -177,7 +177,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, { const BigInt N = BigInt::decode(reader.get_range(2, 1, 65535)); const BigInt g = BigInt::decode(reader.get_range(2, 1, 65535)); - MemoryVector salt = reader.get_range(1, 1, 255); + std::vector salt = reader.get_range(1, 1, 255); const BigInt B = BigInt::decode(reader.get_range(2, 1, 65535)); const std::string srp_group = srp6_group_identifier(N, g); @@ -228,7 +228,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, PK_Encryptor_EME encryptor(*rsa_pub, "PKCS1v15"); - MemoryVector encrypted_key = encryptor.encrypt(pre_master, rng); + std::vector encrypted_key = encryptor.encrypt(pre_master, rng); if(state->version() == Protocol_Version::SSL_V3) key_material = encrypted_key; // no length field @@ -247,7 +247,7 @@ Client_Key_Exchange::Client_Key_Exchange(Record_Writer& writer, /* * Read a Client Key Exchange message */ -Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion& contents, +Client_Key_Exchange::Client_Key_Exchange(const std::vector& contents, const Handshake_State* state, Credentials_Manager& creds, const Policy& policy, @@ -326,7 +326,7 @@ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion& contents, if(kex_algo == "PSK") { - MemoryVector zeros(psk.length()); + std::vector zeros(psk.length()); append_tls_length_value(pre_master, zeros, 2); append_tls_length_value(pre_master, psk.bits_of(), 2); } @@ -352,14 +352,14 @@ Client_Key_Exchange::Client_Key_Exchange(const MemoryRegion& contents, { PK_Key_Agreement ka(*ka_key, "Raw"); - MemoryVector client_pubkey; + std::vector client_pubkey; if(ka_key->algo_name() == "DH") client_pubkey = reader.get_range(2, 0, 65535); else client_pubkey = reader.get_range(1, 0, 255); - SecureVector shared_secret = ka.derive_key(0, client_pubkey).bits_of(); + secure_vector shared_secret = ka.derive_key(0, client_pubkey).bits_of(); if(ka_key->algo_name() == "DH") shared_secret = strip_leading_zeros(shared_secret); diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp index 1b686c1c4..6ec5339bb 100644 --- a/src/tls/cert_req.cpp +++ b/src/tls/cert_req.cpp @@ -80,7 +80,7 @@ Certificate_Req::Certificate_Req(Record_Writer& writer, /** * Deserialize a Certificate Request message */ -Certificate_Req::Certificate_Req(const MemoryRegion& buf, +Certificate_Req::Certificate_Req(const std::vector& buf, Protocol_Version version) { if(buf.size() < 4) @@ -141,9 +141,9 @@ Certificate_Req::Certificate_Req(const MemoryRegion& buf, /** * Serialize a Certificate Request message */ -MemoryVector Certificate_Req::serialize() const +std::vector Certificate_Req::serialize() const { - MemoryVector buf; + std::vector buf; std::vector cert_types; @@ -155,7 +155,7 @@ MemoryVector Certificate_Req::serialize() const if(!m_supported_algos.empty()) buf += Signature_Algorithms(m_supported_algos).serialize(); - MemoryVector encoded_names; + std::vector encoded_names; for(size_t i = 0; i != names.size(); ++i) { @@ -184,7 +184,7 @@ Certificate::Certificate(Record_Writer& writer, /** * Deserialize a Certificate message */ -Certificate::Certificate(const MemoryRegion& buf) +Certificate::Certificate(const std::vector& buf) { if(buf.size() < 3) throw Decoding_Error("Certificate: Message malformed"); @@ -196,14 +196,14 @@ Certificate::Certificate(const MemoryRegion& buf) const byte* certs = &buf[3]; - while(certs != buf.end()) + while(size_t remaining_bytes = &buf[buf.size()] - certs) { - if(buf.end() - certs < 3) + if(remaining_bytes < 3) throw Decoding_Error("Certificate: Message malformed"); const size_t cert_size = make_u32bit(0, certs[0], certs[1], certs[2]); - if(buf.end() - certs < (3 + cert_size)) + if(remaining_bytes < (3 + cert_size)) throw Decoding_Error("Certificate: Message malformed"); DataSource_Memory cert_buf(&certs[3], cert_size); @@ -216,13 +216,13 @@ Certificate::Certificate(const MemoryRegion& buf) /** * Serialize a Certificate message */ -MemoryVector Certificate::serialize() const +std::vector Certificate::serialize() const { - MemoryVector buf(3); + std::vector buf(3); for(size_t i = 0; i != m_certs.size(); ++i) { - MemoryVector raw_cert = m_certs[i].BER_encode(); + std::vector raw_cert = m_certs[i].BER_encode(); const size_t cert_size = raw_cert.size(); for(size_t i = 0; i != 3; ++i) buf.push_back(get_byte(i+1, cert_size)); diff --git a/src/tls/cert_ver.cpp b/src/tls/cert_ver.cpp index 0a377b35f..e6d90b060 100644 --- a/src/tls/cert_ver.cpp +++ b/src/tls/cert_ver.cpp @@ -33,7 +33,7 @@ Certificate_Verify::Certificate_Verify(Record_Writer& writer, if(state->version() == Protocol_Version::SSL_V3) { - SecureVector md5_sha = state->hash.final_ssl3( + secure_vector md5_sha = state->hash.final_ssl3( state->keys.master_secret()); if(priv_key->algo_name() == "DSA") @@ -52,7 +52,7 @@ Certificate_Verify::Certificate_Verify(Record_Writer& writer, /* * Deserialize a Certificate Verify message */ -Certificate_Verify::Certificate_Verify(const MemoryRegion& buf, +Certificate_Verify::Certificate_Verify(const std::vector& buf, Protocol_Version version) { TLS_Data_Reader reader(buf); @@ -69,9 +69,9 @@ Certificate_Verify::Certificate_Verify(const MemoryRegion& buf, /* * Serialize a Certificate Verify message */ -MemoryVector Certificate_Verify::serialize() const +std::vector Certificate_Verify::serialize() const { - MemoryVector buf; + std::vector buf; if(hash_algo != "" && sig_algo != "") { @@ -102,7 +102,7 @@ bool Certificate_Verify::verify(const X509_Certificate& cert, if(state->version() == Protocol_Version::SSL_V3) { - SecureVector md5_sha = state->hash.final_ssl3( + secure_vector md5_sha = state->hash.final_ssl3( state->keys.master_secret()); return verifier.verify_message(&md5_sha[16], md5_sha.size()-16, diff --git a/src/tls/finished.cpp b/src/tls/finished.cpp index bb6e8d20e..c8ae4a343 100644 --- a/src/tls/finished.cpp +++ b/src/tls/finished.cpp @@ -18,7 +18,7 @@ namespace { /* * Compute the verify_data */ -MemoryVector finished_compute_verify(Handshake_State* state, +std::vector finished_compute_verify(Handshake_State* state, Connection_Side side) { if(state->version() == Protocol_Version::SSL_V3) @@ -28,14 +28,14 @@ MemoryVector finished_compute_verify(Handshake_State* state, Handshake_Hash hash = state->hash; // don't modify state - MemoryVector ssl3_finished; + std::vector ssl3_finished; if(side == CLIENT) hash.update(SSL_CLIENT_LABEL, sizeof(SSL_CLIENT_LABEL)); else hash.update(SSL_SERVER_LABEL, sizeof(SSL_SERVER_LABEL)); - return hash.final_ssl3(state->keys.master_secret()); + return unlock(hash.final_ssl3(state->keys.master_secret())); } else { @@ -49,7 +49,7 @@ MemoryVector finished_compute_verify(Handshake_State* state, std::unique_ptr prf(state->protocol_specific_prf()); - MemoryVector input; + std::vector input; if(side == CLIENT) input += std::make_pair(TLS_CLIENT_LABEL, sizeof(TLS_CLIENT_LABEL)); else @@ -57,7 +57,7 @@ MemoryVector finished_compute_verify(Handshake_State* state, input += state->hash.final(state->version(), state->suite.mac_algo()); - return prf->derive_key(12, state->keys.master_secret(), input); + return unlock(prf->derive_key(12, state->keys.master_secret(), input)); } } @@ -77,7 +77,7 @@ Finished::Finished(Record_Writer& writer, /* * Serialize a Finished message */ -MemoryVector Finished::serialize() const +std::vector Finished::serialize() const { return verification_data; } @@ -85,7 +85,7 @@ MemoryVector Finished::serialize() const /* * Deserialize a Finished message */ -Finished::Finished(const MemoryRegion& buf) +Finished::Finished(const std::vector& buf) { verification_data = buf; } diff --git a/src/tls/hello_verify.cpp b/src/tls/hello_verify.cpp index e844d7f72..c77076e4c 100644 --- a/src/tls/hello_verify.cpp +++ b/src/tls/hello_verify.cpp @@ -13,7 +13,7 @@ namespace Botan { namespace TLS { -Hello_Verify_Request::Hello_Verify_Request(const MemoryRegion& buf) +Hello_Verify_Request::Hello_Verify_Request(const std::vector& buf) { if(buf.size() < 3) throw Decoding_Error("Hello verify request too small"); @@ -25,7 +25,7 @@ Hello_Verify_Request::Hello_Verify_Request(const MemoryRegion& buf) copy_mem(&m_cookie[0], &buf[2], buf.size() - 2); } -Hello_Verify_Request::Hello_Verify_Request(const MemoryVector& client_hello_bits, +Hello_Verify_Request::Hello_Verify_Request(const std::vector& client_hello_bits, const std::string& client_identity, const SymmetricKey& secret_key) { @@ -37,10 +37,10 @@ Hello_Verify_Request::Hello_Verify_Request(const MemoryVector& client_hell hmac->update_be(client_identity.size()); hmac->update(client_identity); - m_cookie = hmac->final(); + m_cookie = unlock(hmac->final()); } -MemoryVector Hello_Verify_Request::serialize() const +std::vector Hello_Verify_Request::serialize() const { /* DTLS 1.2 server implementations SHOULD use DTLS version 1.0 regardless of the version of TLS that is expected to be @@ -49,7 +49,7 @@ MemoryVector Hello_Verify_Request::serialize() const Protocol_Version format_version(Protocol_Version::TLS_V11); - MemoryVector bits; + std::vector bits; bits.push_back(format_version.major_version()); bits.push_back(format_version.minor_version()); bits += m_cookie; diff --git a/src/tls/next_protocol.cpp b/src/tls/next_protocol.cpp index 17b77fb6e..adf9acbe9 100644 --- a/src/tls/next_protocol.cpp +++ b/src/tls/next_protocol.cpp @@ -22,7 +22,7 @@ Next_Protocol::Next_Protocol(Record_Writer& writer, hash.update(writer.send(*this)); } -Next_Protocol::Next_Protocol(const MemoryRegion& buf) +Next_Protocol::Next_Protocol(const std::vector& buf) { TLS_Data_Reader reader(buf); @@ -31,9 +31,9 @@ Next_Protocol::Next_Protocol(const MemoryRegion& buf) reader.get_range_vector(1, 0, 255); // padding, ignored } -MemoryVector Next_Protocol::serialize() const +std::vector Next_Protocol::serialize() const { - MemoryVector buf; + std::vector buf; append_tls_length_value(buf, reinterpret_cast(m_protocol.data()), diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp index b240f4703..4a1d6aac1 100644 --- a/src/tls/rec_read.cpp +++ b/src/tls/rec_read.cpp @@ -165,7 +165,7 @@ size_t Record_Reader::fill_buffer_to(const byte*& input, size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, size_t& consumed, byte& msg_type, - MemoryVector& msg) + std::vector& msg) { const byte* input = &input_array[0]; @@ -333,7 +333,7 @@ size_t Record_Reader::add_input(const byte input_array[], size_t input_sz, ++m_seq_no; - m_mac->final(m_macbuf); + m_mac->final(&m_macbuf[0]); const size_t mac_offset = record_len - (m_macbuf.size() + pad_size); diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp index 3a54d7931..63383f85e 100644 --- a/src/tls/rec_wri.cpp +++ b/src/tls/rec_wri.cpp @@ -146,10 +146,10 @@ void Record_Writer::activate(Connection_Side side, throw Invalid_Argument("Record_Writer: Unknown hash " + mac_algo); } -MemoryVector Record_Writer::send(Handshake_Message& msg) +std::vector Record_Writer::send(Handshake_Message& msg) { - const MemoryVector buf = msg.serialize(); - MemoryVector send_buf(4); + const std::vector buf = msg.serialize(); + std::vector send_buf(4); const size_t buf_size = buf.size(); diff --git a/src/tls/s_hello.cpp b/src/tls/s_hello.cpp index 1244dd2d8..d4cc4a1ab 100644 --- a/src/tls/s_hello.cpp +++ b/src/tls/s_hello.cpp @@ -21,13 +21,13 @@ namespace TLS { */ Server_Hello::Server_Hello(Record_Writer& writer, Handshake_Hash& hash, - const MemoryRegion& session_id, + const std::vector& session_id, Protocol_Version ver, u16bit ciphersuite, byte compression, size_t max_fragment_size, bool client_has_secure_renegotiation, - const MemoryRegion& reneg_info, + const std::vector& reneg_info, bool offer_session_ticket, bool client_has_npn, const std::vector& next_protocols, @@ -53,7 +53,7 @@ Server_Hello::Server_Hello(Record_Writer& writer, /* * Deserialize a Server Hello message */ -Server_Hello::Server_Hello(const MemoryRegion& buf) +Server_Hello::Server_Hello(const std::vector& buf) { m_secure_renegotiation = false; m_supports_session_ticket = false; @@ -118,9 +118,9 @@ Server_Hello::Server_Hello(const MemoryRegion& buf) /* * Serialize a Server Hello message */ -MemoryVector Server_Hello::serialize() const +std::vector Server_Hello::serialize() const { - MemoryVector buf; + std::vector buf; buf.push_back(m_version.major_version()); buf.push_back(m_version.minor_version()); @@ -167,7 +167,7 @@ Server_Hello_Done::Server_Hello_Done(Record_Writer& writer, /* * Deserialize a Server Hello Done message */ -Server_Hello_Done::Server_Hello_Done(const MemoryRegion& buf) +Server_Hello_Done::Server_Hello_Done(const std::vector& buf) { if(buf.size()) throw Decoding_Error("Server_Hello_Done: Must be empty, and is not"); @@ -176,9 +176,9 @@ Server_Hello_Done::Server_Hello_Done(const MemoryRegion& buf) /* * Serialize a Server Hello Done message */ -MemoryVector Server_Hello_Done::serialize() const +std::vector Server_Hello_Done::serialize() const { - return MemoryVector(); + return std::vector(); } } diff --git a/src/tls/s_kex.cpp b/src/tls/s_kex.cpp index 34cd872ac..d28b44857 100644 --- a/src/tls/s_kex.cpp +++ b/src/tls/s_kex.cpp @@ -95,7 +95,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, std::string group_id; BigInt v; - MemoryVector salt; + std::vector salt; const bool found = creds.srp_verifier("tls-server", hostname, srp_identifier, @@ -142,7 +142,7 @@ Server_Key_Exchange::Server_Key_Exchange(Record_Writer& writer, /** * Deserialize a Server Key Exchange message */ -Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion& buf, +Server_Key_Exchange::Server_Key_Exchange(const std::vector& buf, const std::string& kex_algo, const std::string& sig_algo, Protocol_Version version) : @@ -186,7 +186,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion& buf, const std::string name = Supported_Elliptic_Curves::curve_id_to_name(curve_id); - MemoryVector ecdh_key = reader.get_range(1, 1, 255); + std::vector ecdh_key = reader.get_range(1, 1, 255); if(name == "") throw Decoding_Error("Server_Key_Exchange: Server sent unknown named curve " + @@ -203,7 +203,7 @@ Server_Key_Exchange::Server_Key_Exchange(const MemoryRegion& buf, const BigInt N = BigInt::decode(reader.get_range(2, 1, 65535)); const BigInt g = BigInt::decode(reader.get_range(2, 1, 65535)); - MemoryVector salt = reader.get_range(1, 1, 255); + std::vector salt = reader.get_range(1, 1, 255); const BigInt B = BigInt::decode(reader.get_range(2, 1, 65535)); append_tls_length_value(m_params, BigInt::encode(N), 2); @@ -236,9 +236,9 @@ Server_Key_Exchange::~Server_Key_Exchange() /** * Serialize a Server Key Exchange message */ -MemoryVector Server_Key_Exchange::serialize() const +std::vector Server_Key_Exchange::serialize() const { - MemoryVector buf = params(); + std::vector buf = params(); if(m_signature.size()) { diff --git a/src/tls/session_ticket.cpp b/src/tls/session_ticket.cpp index 273996a16..8cee2a454 100644 --- a/src/tls/session_ticket.cpp +++ b/src/tls/session_ticket.cpp @@ -17,7 +17,7 @@ namespace TLS { New_Session_Ticket::New_Session_Ticket(Record_Writer& writer, Handshake_Hash& hash, - const MemoryRegion& ticket, + const std::vector& ticket, u32bit lifetime) : m_ticket_lifetime_hint(lifetime), m_ticket(ticket) @@ -32,7 +32,7 @@ New_Session_Ticket::New_Session_Ticket(Record_Writer& writer, hash.update(writer.send(*this)); } -New_Session_Ticket::New_Session_Ticket(const MemoryRegion& buf) : +New_Session_Ticket::New_Session_Ticket(const std::vector& buf) : m_ticket_lifetime_hint(0) { if(buf.size() < 6) @@ -44,9 +44,9 @@ New_Session_Ticket::New_Session_Ticket(const MemoryRegion& buf) : m_ticket = reader.get_range(2, 0, 65535); } -MemoryVector New_Session_Ticket::serialize() const +std::vector New_Session_Ticket::serialize() const { - MemoryVector buf(4); + std::vector buf(4); store_be(m_ticket_lifetime_hint, &buf[0]); append_tls_length_value(buf, m_ticket, 2); return buf; diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp index f4d0e1034..b6aaa3498 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp +++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.cpp @@ -53,7 +53,7 @@ class sqlite3_statement bind(column, timeval); } - void bind(int column, const MemoryRegion& val) + void bind(int column, const std::vector& val) { int rc = sqlite3_bind_blob(m_stmt, column, &val[0], val.size(), SQLITE_TRANSIENT); if(rc != SQLITE_OK) @@ -137,7 +137,7 @@ SymmetricKey derive_key(const std::string& passphrase, { std::unique_ptr pbkdf(get_pbkdf("PBKDF2(SHA-512)")); - SecureVector x = pbkdf->derive_key(32 + 3, + std::vector x = pbkdf->derive_key(32 + 3, passphrase, salt, salt_len, iterations).bits_of(); @@ -217,7 +217,7 @@ Session_Manager_SQLite::Session_Manager_SQLite(const std::string& passphrase, // new database case - MemoryVector salt = rng.random_vec(16); + std::vector salt = rng.random_vec(16); const size_t iterations = 64 * 1024; size_t check_val = 0; @@ -240,7 +240,7 @@ Session_Manager_SQLite::~Session_Manager_SQLite() sqlite3_close(m_db); } -bool Session_Manager_SQLite::load_from_session_id(const MemoryRegion& session_id, +bool Session_Manager_SQLite::load_from_session_id(const std::vector& session_id, Session& session) { sqlite3_statement stmt(m_db, "select session from tls_sessions where session_id = ?1"); @@ -300,7 +300,7 @@ bool Session_Manager_SQLite::load_from_host_info(const std::string& hostname, return false; } -void Session_Manager_SQLite::remove_entry(const MemoryRegion& session_id) +void Session_Manager_SQLite::remove_entry(const std::vector& session_id) { sqlite3_statement stmt(m_db, "delete from tls_sessions where session_id = ?1"); diff --git a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h index cac7affd0..923915496 100644 --- a/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h +++ b/src/tls/sessions_sqlite/tls_sqlite_sess_mgr.h @@ -40,13 +40,13 @@ class BOTAN_DLL Session_Manager_SQLite : public Session_Manager ~Session_Manager_SQLite(); - bool load_from_session_id(const MemoryRegion& session_id, + bool load_from_session_id(const std::vector& session_id, Session& session); bool load_from_host_info(const std::string& hostname, u16bit port, Session& session); - void remove_entry(const MemoryRegion& session_id); + void remove_entry(const std::vector& session_id); void save(const Session& session_data); diff --git a/src/tls/tls_alert.cpp b/src/tls/tls_alert.cpp index dee082bac..5bc2e7484 100644 --- a/src/tls/tls_alert.cpp +++ b/src/tls/tls_alert.cpp @@ -12,7 +12,7 @@ namespace Botan { namespace TLS { -Alert::Alert(const MemoryRegion& buf) +Alert::Alert(const std::vector& buf) { if(buf.size() != 2) throw Decoding_Error("Alert: Bad size " + std::to_string(buf.size()) + diff --git a/src/tls/tls_alert.h b/src/tls/tls_alert.h index 3dfff3d29..b3001f259 100644 --- a/src/tls/tls_alert.h +++ b/src/tls/tls_alert.h @@ -82,7 +82,7 @@ class BOTAN_DLL Alert * Deserialize an Alert message * @param buf the serialized alert */ - Alert(const MemoryRegion& buf); + Alert(const std::vector& buf); Alert(Type alert_type, bool is_fatal = false) : fatal(is_fatal), type_code(alert_type) {} diff --git a/src/tls/tls_channel.cpp b/src/tls/tls_channel.cpp index 7a66eb946..ff6722b5e 100644 --- a/src/tls/tls_channel.cpp +++ b/src/tls/tls_channel.cpp @@ -43,7 +43,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) while(buf_size) { byte rec_type = CONNECTION_CLOSED; - MemoryVector record; + std::vector record; size_t consumed = 0; const size_t needed = reader.add_input(buf, buf_size, @@ -67,12 +67,12 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) { Heartbeat_Message heartbeat(record); - const MemoryRegion& payload = heartbeat.payload(); + const std::vector& payload = heartbeat.payload(); if(heartbeat.is_request() && !state) { Heartbeat_Message response(Heartbeat_Message::RESPONSE, - payload, payload.size()); + &payload[0], payload.size()); writer.send(HEARTBEAT, response.contents()); } @@ -159,7 +159,7 @@ size_t Channel::received_data(const byte buf[], size_t buf_size) * Split up and process handshake messages */ void Channel::read_handshake(byte rec_type, - const MemoryRegion& rec_buf) + const std::vector& rec_buf) { if(rec_type == HANDSHAKE) { @@ -178,7 +178,7 @@ void Channel::read_handshake(byte rec_type, { if(state->handshake_reader()->have_full_record()) { - std::pair > msg = + std::pair > msg = state->handshake_reader()->get_next_record(); process_handshake_msg(msg.first, msg.second); } @@ -188,7 +188,7 @@ void Channel::read_handshake(byte rec_type, else if(rec_type == CHANGE_CIPHER_SPEC) { if(state->handshake_reader()->empty() && rec_buf.size() == 1 && rec_buf[0] == 1) - process_handshake_msg(HANDSHAKE_CCS, MemoryVector()); + process_handshake_msg(HANDSHAKE_CCS, std::vector()); else throw Decoding_Error("Malformed ChangeCipherSpec message"); } @@ -259,7 +259,7 @@ void Channel::Secure_Renegotiation_State::update(Client_Hello* client_hello) if(client_hello->secure_renegotiation()) { - const MemoryVector& data = client_hello->renegotiation_info(); + const std::vector& data = client_hello->renegotiation_info(); if(initial_handshake) { @@ -294,7 +294,7 @@ void Channel::Secure_Renegotiation_State::update(Server_Hello* server_hello) if(secure_renegotiation) { - const MemoryVector& data = server_hello->renegotiation_info(); + const std::vector& data = server_hello->renegotiation_info(); if(initial_handshake) { diff --git a/src/tls/tls_channel.h b/src/tls/tls_channel.h index d1131460b..46dafc416 100644 --- a/src/tls/tls_channel.h +++ b/src/tls/tls_channel.h @@ -92,10 +92,10 @@ class BOTAN_DLL Channel void send_alert(const Alert& alert); virtual void read_handshake(byte rec_type, - const MemoryRegion& rec_buf); + const std::vector& rec_buf); virtual void process_handshake_msg(Handshake_Type type, - const MemoryRegion& contents) = 0; + const std::vector& contents) = 0; virtual void alert_notify(const Alert& alert) = 0; @@ -122,12 +122,12 @@ class BOTAN_DLL Channel void update(class Finished* client_finished, class Finished* server_finished); - const MemoryVector& for_client_hello() const + const std::vector& for_client_hello() const { return client_verify; } - MemoryVector for_server_hello() const + std::vector for_server_hello() const { - MemoryVector buf = client_verify; + std::vector buf = client_verify; buf += server_verify; return buf; } @@ -137,7 +137,7 @@ class BOTAN_DLL Channel private: bool initial_handshake; bool secure_renegotiation; - MemoryVector client_verify, server_verify; + std::vector client_verify, server_verify; }; Secure_Renegotiation_State secure_renegotiation; diff --git a/src/tls/tls_client.cpp b/src/tls/tls_client.cpp index dd17db2cf..feb9ef85f 100644 --- a/src/tls/tls_client.cpp +++ b/src/tls/tls_client.cpp @@ -141,7 +141,7 @@ void Client::alert_notify(const Alert& alert) * Process a handshake message */ void Client::process_handshake_msg(Handshake_Type type, - const MemoryRegion& contents) + const std::vector& contents) { if(state == 0) throw Unexpected_Message("Unexpected handshake message from server"); @@ -446,9 +446,9 @@ void Client::process_handshake_msg(Handshake_Type type, secure_renegotiation.update(state->client_finished, state->server_finished); - MemoryVector session_id = state->server_hello->session_id(); + std::vector session_id = state->server_hello->session_id(); - const MemoryRegion& session_ticket = state->session_ticket(); + const std::vector& session_ticket = state->session_ticket(); if(session_id.empty() && !session_ticket.empty()) session_id = make_hello_random(rng); diff --git a/src/tls/tls_client.h b/src/tls/tls_client.h index 297c5f611..2844780bd 100644 --- a/src/tls/tls_client.h +++ b/src/tls/tls_client.h @@ -56,7 +56,7 @@ class BOTAN_DLL Client : public Channel void renegotiate(bool force_full_renegotiation); private: void process_handshake_msg(Handshake_Type type, - const MemoryRegion& contents); + const std::vector& contents) override; void alert_notify(const Alert& alert); diff --git a/src/tls/tls_extensions.cpp b/src/tls/tls_extensions.cpp index 6d69bfb9b..0f4e3176e 100644 --- a/src/tls/tls_extensions.cpp +++ b/src/tls/tls_extensions.cpp @@ -81,9 +81,9 @@ Extensions::Extensions(TLS_Data_Reader& reader) } } -MemoryVector Extensions::serialize() const +std::vector Extensions::serialize() const { - MemoryVector buf(2); // 2 bytes for length field + std::vector buf(2); // 2 bytes for length field for(std::map::const_iterator i = extensions.begin(); i != extensions.end(); ++i) @@ -93,7 +93,7 @@ MemoryVector Extensions::serialize() const const u16bit extn_code = i->second->type(); - MemoryVector extn_val = i->second->serialize(); + std::vector extn_val = i->second->serialize(); buf.push_back(get_byte(0, extn_code)); buf.push_back(get_byte(1, extn_code)); @@ -111,7 +111,7 @@ MemoryVector Extensions::serialize() const // avoid sending a completely empty extensions block if(buf.size() == 2) - return MemoryVector(); + return std::vector(); return buf; } @@ -159,9 +159,9 @@ Server_Name_Indicator::Server_Name_Indicator(TLS_Data_Reader& reader, } } -MemoryVector Server_Name_Indicator::serialize() const +std::vector Server_Name_Indicator::serialize() const { - MemoryVector buf; + std::vector buf; size_t name_len = sni_host_name.size(); @@ -188,9 +188,9 @@ SRP_Identifier::SRP_Identifier(TLS_Data_Reader& reader, throw Decoding_Error("Bad encoding for SRP identifier extension"); } -MemoryVector SRP_Identifier::serialize() const +std::vector SRP_Identifier::serialize() const { - MemoryVector buf; + std::vector buf; const byte* srp_bytes = reinterpret_cast(srp_identifier.data()); @@ -209,9 +209,9 @@ Renegotation_Extension::Renegotation_Extension(TLS_Data_Reader& reader, throw Decoding_Error("Bad encoding for secure renegotiation extn"); } -MemoryVector Renegotation_Extension::serialize() const +std::vector Renegotation_Extension::serialize() const { - MemoryVector buf; + std::vector buf; append_tls_length_value(buf, reneg_data, 1); return buf; } @@ -279,9 +279,9 @@ Next_Protocol_Notification::Next_Protocol_Notification(TLS_Data_Reader& reader, } } -MemoryVector Next_Protocol_Notification::serialize() const +std::vector Next_Protocol_Notification::serialize() const { - MemoryVector buf; + std::vector buf; for(size_t i = 0; i != m_protocols.size(); ++i) { @@ -356,9 +356,9 @@ u16bit Supported_Elliptic_Curves::name_to_curve_id(const std::string& name) throw Invalid_Argument("name_to_curve_id unknown name " + name); } -MemoryVector Supported_Elliptic_Curves::serialize() const +std::vector Supported_Elliptic_Curves::serialize() const { - MemoryVector buf(2); + std::vector buf(2); for(size_t i = 0; i != m_curves.size(); ++i) { @@ -466,9 +466,9 @@ byte Signature_Algorithms::sig_algo_code(const std::string& name) throw Internal_Error("Unknown sig ID " + name + " for signature_algorithms"); } -MemoryVector Signature_Algorithms::serialize() const +std::vector Signature_Algorithms::serialize() const { - MemoryVector buf(2); + std::vector buf(2); for(size_t i = 0; i != m_supported_algos.size(); ++i) { @@ -516,7 +516,7 @@ Signature_Algorithms::Signature_Algorithms(TLS_Data_Reader& reader, Session_Ticket::Session_Ticket(TLS_Data_Reader& reader, u16bit extension_size) { - m_ticket = reader.get_elem >(extension_size); + m_ticket = reader.get_elem >(extension_size); } } diff --git a/src/tls/tls_extensions.h b/src/tls/tls_extensions.h index 3fe3f7399..885851c95 100644 --- a/src/tls/tls_extensions.h +++ b/src/tls/tls_extensions.h @@ -49,7 +49,7 @@ class Extension public: virtual Handshake_Extension_Type type() const = 0; - virtual MemoryVector serialize() const = 0; + virtual std::vector serialize() const = 0; virtual bool empty() const = 0; @@ -75,7 +75,7 @@ class Server_Name_Indicator : public Extension std::string host_name() const { return sni_host_name; } - MemoryVector serialize() const; + std::vector serialize() const; bool empty() const { return sni_host_name == ""; } private: @@ -101,7 +101,7 @@ class SRP_Identifier : public Extension std::string identifier() const { return srp_identifier; } - MemoryVector serialize() const; + std::vector serialize() const; bool empty() const { return srp_identifier == ""; } private: @@ -121,20 +121,20 @@ class Renegotation_Extension : public Extension Renegotation_Extension() {} - Renegotation_Extension(const MemoryRegion& bits) : + Renegotation_Extension(const std::vector& bits) : reneg_data(bits) {} Renegotation_Extension(TLS_Data_Reader& reader, u16bit extension_size); - const MemoryVector& renegotiation_info() const + const std::vector& renegotiation_info() const { return reneg_data; } - MemoryVector serialize() const; + std::vector serialize() const; bool empty() const { return false; } // always send this private: - MemoryVector reneg_data; + std::vector reneg_data; }; /** @@ -152,9 +152,9 @@ class Maximum_Fragment_Length : public Extension size_t fragment_size() const; - MemoryVector serialize() const + std::vector serialize() const { - return MemoryVector(&val, 1); + return std::vector(1, val); } /** @@ -204,7 +204,7 @@ class Next_Protocol_Notification : public Extension Next_Protocol_Notification(TLS_Data_Reader& reader, u16bit extension_size); - MemoryVector serialize() const; + std::vector serialize() const; bool empty() const { return false; } private: @@ -219,7 +219,7 @@ class Session_Ticket : public Extension Handshake_Extension_Type type() const { return static_type(); } - const MemoryVector& contents() const { return m_ticket; } + const std::vector& contents() const { return m_ticket; } /** * Create empty extension, used by both client and server @@ -229,7 +229,7 @@ class Session_Ticket : public Extension /** * Extension with ticket, used by client */ - Session_Ticket(const MemoryRegion& session_ticket) : + Session_Ticket(const std::vector& session_ticket) : m_ticket(session_ticket) {} /** @@ -237,11 +237,11 @@ class Session_Ticket : public Extension */ Session_Ticket(TLS_Data_Reader& reader, u16bit extension_size); - MemoryVector serialize() const { return m_ticket; } + std::vector serialize() const { return m_ticket; } bool empty() const { return false; } private: - MemoryVector m_ticket; + std::vector m_ticket; }; /** @@ -260,7 +260,7 @@ class Supported_Elliptic_Curves : public Extension const std::vector& curves() const { return m_curves; } - MemoryVector serialize() const; + std::vector serialize() const; Supported_Elliptic_Curves(const std::vector& curves) : m_curves(curves) {} @@ -296,7 +296,7 @@ class Signature_Algorithms : public Extension return m_supported_algos; } - MemoryVector serialize() const; + std::vector serialize() const; bool empty() const { return false; } @@ -322,7 +322,7 @@ class Heartbeat_Support_Indicator : public Extension bool peer_allowed_to_send() const { return m_peer_allowed_to_send; } - MemoryVector serialize() const; + std::vector serialize() const; bool empty() const { return false; } @@ -360,7 +360,7 @@ class Extensions extensions[extn->type()] = extn; } - MemoryVector serialize() const; + std::vector serialize() const; Extensions() {} diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp index 02516632e..df956e7bb 100644 --- a/src/tls/tls_handshake_hash.cpp +++ b/src/tls/tls_handshake_hash.cpp @@ -16,7 +16,7 @@ namespace Botan { namespace TLS { void Handshake_Hash::update(Handshake_Type handshake_type, - const MemoryRegion& handshake_msg) + const std::vector& handshake_msg) { update(static_cast(handshake_type)); @@ -30,7 +30,7 @@ void Handshake_Hash::update(Handshake_Type handshake_type, /** * Return a TLS Handshake Hash */ -SecureVector Handshake_Hash::final(Protocol_Version version, +secure_vector Handshake_Hash::final(Protocol_Version version, const std::string& mac_algo) { Algorithm_Factory& af = global_state().algorithm_factory(); @@ -59,7 +59,7 @@ SecureVector Handshake_Hash::final(Protocol_Version version, /** * Return a SSLv3 Handshake Hash */ -SecureVector Handshake_Hash::final_ssl3(const MemoryRegion& secret) +secure_vector Handshake_Hash::final_ssl3(const secure_vector& secret) { const byte PAD_INNER = 0x36, PAD_OUTER = 0x5C; @@ -79,7 +79,7 @@ SecureVector Handshake_Hash::final_ssl3(const MemoryRegion& secret) for(size_t i = 0; i != 40; ++i) sha1->update(PAD_INNER); - SecureVector inner_md5 = md5->final(), inner_sha1 = sha1->final(); + secure_vector inner_md5 = md5->final(), inner_sha1 = sha1->final(); md5->update(secret); sha1->update(secret); @@ -92,7 +92,7 @@ SecureVector Handshake_Hash::final_ssl3(const MemoryRegion& secret) md5->update(inner_md5); sha1->update(inner_sha1); - SecureVector output; + secure_vector output; output += md5->final(); output += sha1->final(); return output; diff --git a/src/tls/tls_handshake_hash.h b/src/tls/tls_handshake_hash.h index c13f97aa8..02943977f 100644 --- a/src/tls/tls_handshake_hash.h +++ b/src/tls/tls_handshake_hash.h @@ -27,25 +27,28 @@ class Handshake_Hash void update(const byte in[], size_t length) { data += std::make_pair(in, length); } - void update(const MemoryRegion& in) + void update(const secure_vector& in) + { data += in; } + + void update(const std::vector& in) { data += in; } void update(byte in) { data.push_back(in); } void update(Handshake_Type handshake_type, - const MemoryRegion& handshake_msg); + const std::vector& handshake_msg); - SecureVector final(Protocol_Version version, + secure_vector final(Protocol_Version version, const std::string& mac_algo); - SecureVector final_ssl3(const MemoryRegion& master_secret); + secure_vector final_ssl3(const secure_vector& master_secret); - const SecureVector& get_contents() const + const secure_vector& get_contents() const { return data; } private: - SecureVector data; + secure_vector data; }; } diff --git a/src/tls/tls_handshake_reader.cpp b/src/tls/tls_handshake_reader.cpp index 8278a2296..a3fe48f71 100644 --- a/src/tls/tls_handshake_reader.cpp +++ b/src/tls/tls_handshake_reader.cpp @@ -38,7 +38,7 @@ bool Stream_Handshake_Reader::have_full_record() const return false; } -std::pair > Stream_Handshake_Reader::get_next_record() +std::pair > Stream_Handshake_Reader::get_next_record() { if(m_queue.size() >= 4) { @@ -50,7 +50,7 @@ std::pair > Stream_Handshake_Reader::get_next if(m_queue.size() >= length + 4) { Handshake_Type type = static_cast(head[0]); - MemoryVector contents(length); + std::vector contents(length); m_queue.read(head, 4); // discard m_queue.read(&contents[0], contents.size()); diff --git a/src/tls/tls_handshake_reader.h b/src/tls/tls_handshake_reader.h index 06a273ced..618e1878a 100644 --- a/src/tls/tls_handshake_reader.h +++ b/src/tls/tls_handshake_reader.h @@ -29,7 +29,7 @@ class Handshake_Reader virtual bool have_full_record() const = 0; - virtual std::pair > get_next_record() = 0; + virtual std::pair > get_next_record() = 0; virtual ~Handshake_Reader() {} }; @@ -46,7 +46,7 @@ class Stream_Handshake_Reader : public Handshake_Reader bool have_full_record() const; - std::pair > get_next_record(); + std::pair > get_next_record(); private: SecureQueue m_queue; }; diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp index f5a9f899c..b8f3125c8 100644 --- a/src/tls/tls_handshake_state.cpp +++ b/src/tls/tls_handshake_state.cpp @@ -154,7 +154,7 @@ std::string Handshake_State::srp_identifier() const return ""; } -const MemoryRegion& Handshake_State::session_ticket() const +const std::vector& Handshake_State::session_ticket() const { if(new_session_ticket && !new_session_ticket->ticket().empty()) return new_session_ticket->ticket(); diff --git a/src/tls/tls_handshake_state.h b/src/tls/tls_handshake_state.h index 364c715f8..ef8b4ee8f 100644 --- a/src/tls/tls_handshake_state.h +++ b/src/tls/tls_handshake_state.h @@ -37,7 +37,7 @@ class Handshake_State void confirm_transition_to(Handshake_Type handshake_msg); void set_expected_next(Handshake_Type handshake_msg); - const MemoryRegion& session_ticket() const; + const std::vector& session_ticket() const; std::pair understand_sig_format(const Public_Key* key, @@ -86,7 +86,7 @@ class Handshake_State /* * Only used by clients for session resumption */ - SecureVector resume_master_secret; + secure_vector resume_master_secret; /* * diff --git a/src/tls/tls_heartbeats.cpp b/src/tls/tls_heartbeats.cpp index 059772d34..8c129858e 100644 --- a/src/tls/tls_heartbeats.cpp +++ b/src/tls/tls_heartbeats.cpp @@ -14,7 +14,7 @@ namespace Botan { namespace TLS { -Heartbeat_Message::Heartbeat_Message(const MemoryRegion& buf) +Heartbeat_Message::Heartbeat_Message(const std::vector& buf) { TLS_Data_Reader reader(buf); @@ -35,13 +35,13 @@ Heartbeat_Message::Heartbeat_Message(Type type, const byte payload[], size_t payload_len) : m_type(type), - m_payload(payload, payload_len) + m_payload(payload, payload + payload_len) { } -MemoryVector Heartbeat_Message::contents() const +std::vector Heartbeat_Message::contents() const { - MemoryVector send_buf(3 + m_payload.size() + 16); + std::vector send_buf(3 + m_payload.size() + 16); send_buf[0] = m_type; send_buf[1] = get_byte(0, m_payload.size()); send_buf[2] = get_byte(1, m_payload.size()); @@ -51,9 +51,9 @@ MemoryVector Heartbeat_Message::contents() const return send_buf; } -MemoryVector Heartbeat_Support_Indicator::serialize() const +std::vector Heartbeat_Support_Indicator::serialize() const { - MemoryVector heartbeat(1); + std::vector heartbeat(1); heartbeat[0] = (m_peer_allowed_to_send ? 1 : 2); return heartbeat; } diff --git a/src/tls/tls_heartbeats.h b/src/tls/tls_heartbeats.h index 4fa49501b..f3cc9ec68 100644 --- a/src/tls/tls_heartbeats.h +++ b/src/tls/tls_heartbeats.h @@ -19,18 +19,18 @@ class Heartbeat_Message public: enum Type { REQUEST = 1, RESPONSE = 2 }; - MemoryVector contents() const; + std::vector contents() const; - const MemoryRegion& payload() const { return m_payload; } + const std::vector& payload() const { return m_payload; } bool is_request() const { return m_type == REQUEST; } - Heartbeat_Message(const MemoryRegion& buf); + Heartbeat_Message(const std::vector& buf); Heartbeat_Message(Type type, const byte payload[], size_t payload_len); private: Type m_type; - MemoryVector m_payload; + std::vector m_payload; }; } diff --git a/src/tls/tls_messages.h b/src/tls/tls_messages.h index d9146dda1..e3bdaa6a0 100644 --- a/src/tls/tls_messages.h +++ b/src/tls/tls_messages.h @@ -34,7 +34,7 @@ class Record_Reader; class Handshake_Message { public: - virtual MemoryVector serialize() const = 0; + virtual std::vector serialize() const = 0; virtual Handshake_Type type() const = 0; Handshake_Message() {} @@ -44,7 +44,7 @@ class Handshake_Message Handshake_Message& operator=(const Handshake_Message&) { return (*this); } }; -MemoryVector make_hello_random(RandomNumberGenerator& rng); +std::vector make_hello_random(RandomNumberGenerator& rng); /** * DTLS Hello Verify Request @@ -52,18 +52,18 @@ MemoryVector make_hello_random(RandomNumberGenerator& rng); class Hello_Verify_Request : public Handshake_Message { public: - MemoryVector serialize() const; + std::vector serialize() const; Handshake_Type type() const { return HELLO_VERIFY_REQUEST; } - MemoryVector cookie() const { return m_cookie; } + std::vector cookie() const { return m_cookie; } - Hello_Verify_Request(const MemoryRegion& buf); + Hello_Verify_Request(const std::vector& buf); - Hello_Verify_Request(const MemoryVector& client_hello_bits, + Hello_Verify_Request(const std::vector& client_hello_bits, const std::string& client_identity, const SymmetricKey& secret_key); private: - MemoryVector m_cookie; + std::vector m_cookie; }; /** @@ -76,7 +76,7 @@ class Client_Hello : public Handshake_Message Protocol_Version version() const { return m_version; } - const MemoryVector& session_id() const { return m_session_id; } + const std::vector& session_id() const { return m_session_id; } const std::vector >& supported_algos() const { return m_supported_algos; } @@ -87,7 +87,7 @@ class Client_Hello : public Handshake_Message std::vector ciphersuites() const { return m_suites; } std::vector compression_methods() const { return m_comp_methods; } - const MemoryVector& random() const { return m_random; } + const std::vector& random() const { return m_random; } std::string sni_hostname() const { return m_hostname; } @@ -95,7 +95,7 @@ class Client_Hello : public Handshake_Message bool secure_renegotiation() const { return m_secure_renegotiation; } - const MemoryVector& renegotiation_info() + const std::vector& renegotiation_info() { return m_renegotiation_info; } bool offered_suite(u16bit ciphersuite) const; @@ -106,7 +106,7 @@ class Client_Hello : public Handshake_Message bool supports_session_ticket() const { return m_supports_session_ticket; } - const MemoryRegion& session_ticket() const + const std::vector& session_ticket() const { return m_session_ticket; } bool supports_heartbeats() const { return m_supports_heartbeats; } @@ -117,7 +117,7 @@ class Client_Hello : public Handshake_Message Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const MemoryRegion& reneg_info, + const std::vector& reneg_info, bool next_protocol = false, const std::string& hostname = "", const std::string& srp_identifier = ""); @@ -126,20 +126,20 @@ class Client_Hello : public Handshake_Message Handshake_Hash& hash, const Policy& policy, RandomNumberGenerator& rng, - const MemoryRegion& reneg_info, + const std::vector& reneg_info, const Session& resumed_session, bool next_protocol = false); - Client_Hello(const MemoryRegion& buf, + Client_Hello(const std::vector& buf, Handshake_Type type); private: - MemoryVector serialize() const; - void deserialize(const MemoryRegion& buf); - void deserialize_sslv2(const MemoryRegion& buf); + std::vector serialize() const; + void deserialize(const std::vector& buf); + void deserialize_sslv2(const std::vector& buf); Protocol_Version m_version; - MemoryVector m_session_id, m_random; + std::vector m_session_id, m_random; std::vector m_suites; std::vector m_comp_methods; std::string m_hostname; @@ -148,13 +148,13 @@ class Client_Hello : public Handshake_Message size_t m_fragment_size; bool m_secure_renegotiation; - MemoryVector m_renegotiation_info; + std::vector m_renegotiation_info; std::vector > m_supported_algos; std::vector m_supported_curves; bool m_supports_session_ticket; - MemoryVector m_session_ticket; + std::vector m_session_ticket; bool m_supports_heartbeats; bool m_peer_can_send_heartbeats; @@ -170,9 +170,9 @@ class Server_Hello : public Handshake_Message Protocol_Version version() { return m_version; } - const MemoryVector& random() const { return m_random; } + const std::vector& random() const { return m_random; } - const MemoryVector& session_id() const { return m_session_id; } + const std::vector& session_id() const { return m_session_id; } u16bit ciphersuite() const { return m_ciphersuite; } @@ -189,7 +189,7 @@ class Server_Hello : public Handshake_Message size_t fragment_size() const { return m_fragment_size; } - const MemoryVector& renegotiation_info() + const std::vector& renegotiation_info() { return m_renegotiation_info; } bool supports_heartbeats() const { return m_supports_heartbeats; } @@ -198,31 +198,31 @@ class Server_Hello : public Handshake_Message Server_Hello(Record_Writer& writer, Handshake_Hash& hash, - const MemoryRegion& session_id, + const std::vector& session_id, Protocol_Version ver, u16bit ciphersuite, byte compression, size_t max_fragment_size, bool client_has_secure_renegotiation, - const MemoryRegion& reneg_info, + const std::vector& reneg_info, bool offer_session_ticket, bool client_has_npn, const std::vector& next_protocols, bool client_has_heartbeat, RandomNumberGenerator& rng); - Server_Hello(const MemoryRegion& buf); + Server_Hello(const std::vector& buf); private: - MemoryVector serialize() const; + std::vector serialize() const; Protocol_Version m_version; - MemoryVector m_session_id, m_random; + std::vector m_session_id, m_random; u16bit m_ciphersuite; byte m_comp_method; size_t m_fragment_size; bool m_secure_renegotiation; - MemoryVector m_renegotiation_info; + std::vector m_renegotiation_info; bool m_next_protocol; std::vector m_next_protocols; @@ -240,7 +240,7 @@ class Client_Key_Exchange : public Handshake_Message public: Handshake_Type type() const { return CLIENT_KEX; } - const SecureVector& pre_master_secret() const + const secure_vector& pre_master_secret() const { return pre_master; } Client_Key_Exchange(Record_Writer& output, @@ -250,16 +250,17 @@ class Client_Key_Exchange : public Handshake_Message const std::string& hostname, RandomNumberGenerator& rng); - Client_Key_Exchange(const MemoryRegion& buf, + Client_Key_Exchange(const std::vector& buf, const Handshake_State* state, Credentials_Manager& creds, const Policy& policy, RandomNumberGenerator& rng); private: - MemoryVector serialize() const { return key_material; } + std::vector serialize() const { return key_material; } - SecureVector key_material, pre_master; + std::vector key_material; + secure_vector pre_master; }; /** @@ -278,9 +279,9 @@ class Certificate : public Handshake_Message Handshake_Hash& hash, const std::vector& certs); - Certificate(const MemoryRegion& buf); + Certificate(const std::vector& buf); private: - MemoryVector serialize() const; + std::vector serialize() const; std::vector m_certs; }; @@ -307,10 +308,10 @@ class Certificate_Req : public Handshake_Message const std::vector& allowed_cas, Protocol_Version version); - Certificate_Req(const MemoryRegion& buf, + Certificate_Req(const std::vector& buf, Protocol_Version version); private: - MemoryVector serialize() const; + std::vector serialize() const; std::vector names; std::vector cert_key_types; @@ -339,14 +340,14 @@ class Certificate_Verify : public Handshake_Message RandomNumberGenerator& rng, const Private_Key* key); - Certificate_Verify(const MemoryRegion& buf, + Certificate_Verify(const std::vector& buf, Protocol_Version version); private: - MemoryVector serialize() const; + std::vector serialize() const; std::string sig_algo; // sig algo used to create signature std::string hash_algo; // hash used to create signature - MemoryVector signature; + std::vector signature; }; /** @@ -357,7 +358,7 @@ class Finished : public Handshake_Message public: Handshake_Type type() const { return FINISHED; } - MemoryVector verify_data() const + std::vector verify_data() const { return verification_data; } bool verify(Handshake_State* state, @@ -367,12 +368,12 @@ class Finished : public Handshake_Message Handshake_State* state, Connection_Side side); - Finished(const MemoryRegion& buf); + Finished(const std::vector& buf); private: - MemoryVector serialize() const; + std::vector serialize() const; Connection_Side side; - MemoryVector verification_data; + std::vector verification_data; }; /** @@ -384,9 +385,9 @@ class Hello_Request : public Handshake_Message Handshake_Type type() const { return HELLO_REQUEST; } Hello_Request(Record_Writer& writer); - Hello_Request(const MemoryRegion& buf); + Hello_Request(const std::vector& buf); private: - MemoryVector serialize() const; + std::vector serialize() const; }; /** @@ -397,7 +398,7 @@ class Server_Key_Exchange : public Handshake_Message public: Handshake_Type type() const { return SERVER_KEX; } - const MemoryVector& params() const { return m_params; } + const std::vector& params() const { return m_params; } bool verify(const X509_Certificate& cert, Handshake_State* state) const; @@ -415,23 +416,23 @@ class Server_Key_Exchange : public Handshake_Message RandomNumberGenerator& rng, const Private_Key* signing_key = 0); - Server_Key_Exchange(const MemoryRegion& buf, + Server_Key_Exchange(const std::vector& buf, const std::string& kex_alg, const std::string& sig_alg, Protocol_Version version); ~Server_Key_Exchange(); private: - MemoryVector serialize() const; + std::vector serialize() const; Private_Key* m_kex_key; SRP6_Server_Session* m_srp_params; - MemoryVector m_params; + std::vector m_params; std::string m_sig_algo; // sig algo used to create signature std::string m_hash_algo; // hash used to create signature - MemoryVector m_signature; + std::vector m_signature; }; /** @@ -443,9 +444,9 @@ class Server_Hello_Done : public Handshake_Message Handshake_Type type() const { return SERVER_HELLO_DONE; } Server_Hello_Done(Record_Writer& writer, Handshake_Hash& hash); - Server_Hello_Done(const MemoryRegion& buf); + Server_Hello_Done(const std::vector& buf); private: - MemoryVector serialize() const; + std::vector serialize() const; }; /** @@ -462,9 +463,9 @@ class Next_Protocol : public Handshake_Message Handshake_Hash& hash, const std::string& protocol); - Next_Protocol(const MemoryRegion& buf); + Next_Protocol(const std::vector& buf); private: - MemoryVector serialize() const; + std::vector serialize() const; std::string m_protocol; }; @@ -475,22 +476,22 @@ class New_Session_Ticket : public Handshake_Message Handshake_Type type() const { return NEW_SESSION_TICKET; } u32bit ticket_lifetime_hint() const { return m_ticket_lifetime_hint; } - const MemoryVector& ticket() const { return m_ticket; } + const std::vector& ticket() const { return m_ticket; } New_Session_Ticket(Record_Writer& writer, Handshake_Hash& hash, - const MemoryRegion& ticket, + const std::vector& ticket, u32bit lifetime); New_Session_Ticket(Record_Writer& writer, Handshake_Hash& hash); - New_Session_Ticket(const MemoryRegion& buf); + New_Session_Ticket(const std::vector& buf); private: - MemoryVector serialize() const; + std::vector serialize() const; u32bit m_ticket_lifetime_hint; - MemoryVector m_ticket; + std::vector m_ticket; }; } diff --git a/src/tls/tls_reader.h b/src/tls/tls_reader.h index bf8098bed..7440e16b7 100644 --- a/src/tls/tls_reader.h +++ b/src/tls/tls_reader.h @@ -25,7 +25,7 @@ namespace TLS { class TLS_Data_Reader { public: - TLS_Data_Reader(const MemoryRegion& buf_in) : + TLS_Data_Reader(const std::vector& buf_in) : buf(buf_in), offset(0) {} void assert_done() const @@ -91,14 +91,14 @@ class TLS_Data_Reader } template - SecureVector get_range(size_t len_bytes, + std::vector get_range(size_t len_bytes, size_t min_elems, size_t max_elems) { const size_t num_elems = get_num_elems(len_bytes, sizeof(T), min_elems, max_elems); - return get_elem >(num_elems); + return get_elem >(num_elems); } template @@ -123,9 +123,9 @@ class TLS_Data_Reader } template - SecureVector get_fixed(size_t size) + std::vector get_fixed(size_t size) { - return get_elem >(size); + return get_elem >(size); } private: @@ -169,15 +169,15 @@ class TLS_Data_Reader } } - const MemoryRegion& buf; + const std::vector& buf; size_t offset; }; /** * Helper function for encoding length-tagged vectors */ -template -void append_tls_length_value(MemoryRegion& buf, +template +void append_tls_length_value(std::vector& buf, const T* vals, size_t vals_size, size_t tag_size) @@ -200,26 +200,19 @@ void append_tls_length_value(MemoryRegion& buf, buf.push_back(get_byte(j, vals[i])); } -template -void append_tls_length_value(MemoryRegion& buf, - const MemoryRegion& vals, +template +void append_tls_length_value(std::vector& buf, + const std::vector& vals, size_t tag_size) { append_tls_length_value(buf, &vals[0], vals.size(), tag_size); } -template -void append_tls_length_value(MemoryRegion& buf, - const std::vector& vals, +template +void append_tls_length_value(std::vector& buf, + const std::string& str, size_t tag_size) { - append_tls_length_value(buf, &vals[0], vals.size(), tag_size); - } - -inline void append_tls_length_value(MemoryRegion& buf, - const std::string& str, - size_t tag_size) - { append_tls_length_value(buf, reinterpret_cast(&str[0]), str.size(), diff --git a/src/tls/tls_record.h b/src/tls/tls_record.h index 3b44ee1c6..a92dcbe9d 100644 --- a/src/tls/tls_record.h +++ b/src/tls/tls_record.h @@ -33,10 +33,10 @@ class BOTAN_DLL Record_Writer void send(byte type, const byte input[], size_t length); void send(byte type, byte val) { send(type, &val, 1); } - void send(byte type, const MemoryRegion& input) + void send(byte type, const std::vector& input) { send(type, &input[0], input.size()); } - MemoryVector send(class Handshake_Message& msg); + std::vector send(class Handshake_Message& msg); void send_alert(const Alert& alert); @@ -62,7 +62,7 @@ class BOTAN_DLL Record_Writer std::function m_output_fn; - MemoryVector m_writebuf; + std::vector m_writebuf; Pipe m_cipher; MessageAuthenticationCode* m_mac; @@ -93,7 +93,7 @@ class BOTAN_DLL Record_Reader size_t add_input(const byte input[], size_t input_size, size_t& input_consumed, byte& msg_type, - MemoryVector& msg); + std::vector& msg); void activate(Connection_Side side, const Ciphersuite& suite, @@ -118,8 +118,8 @@ class BOTAN_DLL Record_Reader size_t& input_consumed, size_t desired); - MemoryVector m_readbuf; - MemoryVector m_macbuf; + std::vector m_readbuf; + std::vector m_macbuf; size_t m_readbuf_pos; Pipe m_cipher; diff --git a/src/tls/tls_server.cpp b/src/tls/tls_server.cpp index 1e8c73ec3..7c2c4d323 100644 --- a/src/tls/tls_server.cpp +++ b/src/tls/tls_server.cpp @@ -24,8 +24,8 @@ bool check_for_resume(Session& session_info, Client_Hello* client_hello, std::chrono::seconds session_ticket_lifetime) { - const MemoryVector& client_session_id = client_hello->session_id(); - const MemoryVector& session_ticket = client_hello->session_ticket(); + const std::vector& client_session_id = client_hello->session_id(); + const std::vector& session_ticket = client_hello->session_ticket(); if(session_ticket.empty()) { @@ -232,7 +232,7 @@ void Server::alert_notify(const Alert& alert) * Split up and process handshake messages */ void Server::read_handshake(byte rec_type, - const MemoryRegion& rec_buf) + const std::vector& rec_buf) { if(rec_type == HANDSHAKE && !state) { @@ -247,7 +247,7 @@ void Server::read_handshake(byte rec_type, * Process a handshake message */ void Server::process_handshake_msg(Handshake_Type type, - const MemoryRegion& contents) + const std::vector& contents) { if(state == 0) throw Unexpected_Message("Unexpected handshake message from client"); @@ -396,7 +396,7 @@ void Server::process_handshake_msg(Handshake_Type type, state->server_hello = new Server_Hello( writer, state->hash, - rng.random_vec(32), // new session ID + unlock(rng.random_vec(32)), // new session ID state->version(), choose_ciphersuite(policy, creds, cert_chains, state->client_hello), choose_compression(policy, state->client_hello->compression_methods()), @@ -569,7 +569,7 @@ void Server::process_handshake_msg(Handshake_Type type, secure_renegotiation.supported(), state->server_hello->fragment_size(), peer_certs, - MemoryVector(), + std::vector(), m_hostname, state->srp_identifier() ); diff --git a/src/tls/tls_server.h b/src/tls/tls_server.h index 684021ebc..441e03eb2 100644 --- a/src/tls/tls_server.h +++ b/src/tls/tls_server.h @@ -51,9 +51,9 @@ class BOTAN_DLL Server : public Channel { return m_next_protocol; } private: - void read_handshake(byte, const MemoryRegion&); + void read_handshake(byte, const std::vector&); - void process_handshake_msg(Handshake_Type, const MemoryRegion&); + void process_handshake_msg(Handshake_Type, const std::vector&); void alert_notify(const Alert& alert); diff --git a/src/tls/tls_session.cpp b/src/tls/tls_session.cpp index dac38e67b..d2aae9a7e 100644 --- a/src/tls/tls_session.cpp +++ b/src/tls/tls_session.cpp @@ -18,8 +18,8 @@ namespace Botan { namespace TLS { -Session::Session(const MemoryRegion& session_identifier, - const MemoryRegion& master_secret, +Session::Session(const std::vector& session_identifier, + const secure_vector& master_secret, Protocol_Version version, u16bit ciphersuite, byte compression_method, @@ -27,7 +27,7 @@ Session::Session(const MemoryRegion& session_identifier, bool secure_renegotiation_supported, size_t fragment_size, const std::vector& certs, - const MemoryRegion& ticket, + const std::vector& ticket, const std::string& sni_hostname, const std::string& srp_identifier) : m_start_time(std::chrono::system_clock::now()), @@ -48,7 +48,7 @@ Session::Session(const MemoryRegion& session_identifier, Session::Session(const std::string& pem) { - SecureVector der = PEM_Code::decode_check_label(pem, "SSL SESSION"); + secure_vector der = PEM_Code::decode_check_label(pem, "SSL SESSION"); *this = Session(&der[0], der.size()); } @@ -61,7 +61,7 @@ Session::Session(const byte ber[], size_t ber_len) byte major_version = 0, minor_version = 0; - MemoryVector peer_cert_bits; + std::vector peer_cert_bits; size_t start_time = 0; @@ -94,16 +94,16 @@ Session::Session(const byte ber[], size_t ber_len) if(!peer_cert_bits.empty()) { - DataSource_Memory certs(peer_cert_bits); + DataSource_Memory certs(&peer_cert_bits[0], peer_cert_bits.size()); while(!certs.end_of_data()) m_peer_certs.push_back(X509_Certificate(certs)); } } -SecureVector Session::DER_encode() const +secure_vector Session::DER_encode() const { - MemoryVector peer_cert_bits; + std::vector peer_cert_bits; for(size_t i = 0; i != m_peer_certs.size(); ++i) peer_cert_bits += m_peer_certs[i].BER_encode(); @@ -154,7 +154,7 @@ const size_t MAC_OUTPUT_LENGTH = 32; } -MemoryVector +std::vector Session::encrypt(const SymmetricKey& master_key, RandomNumberGenerator& rng) const { @@ -177,9 +177,9 @@ Session::encrypt(const SymmetricKey& master_key, Pipe pipe(get_cipher(SESSION_CRYPTO_CIPHER, cipher_key, cipher_iv, ENCRYPTION)); pipe.process_msg(this->DER_encode()); - MemoryVector ctext = pipe.read_all(0); + secure_vector ctext = pipe.read_all(0); - MemoryVector out(MAGIC_LENGTH); + std::vector out(MAGIC_LENGTH); store_be(SESSION_CRYPTO_MAGIC, &out[0]); out += cipher_iv.bits_of(); out += ctext; @@ -217,7 +217,7 @@ Session Session::decrypt(const byte buf[], size_t buf_len, mac->set_key(mac_key); mac->update(&buf[0], buf_len - MAC_OUTPUT_LENGTH); - MemoryVector computed_mac = mac->final(); + secure_vector computed_mac = mac->final(); if(!same_mem(&buf[buf_len - MAC_OUTPUT_LENGTH], &computed_mac[0], computed_mac.size())) throw Decoding_Error("MAC verification failed for encrypted session"); @@ -234,7 +234,7 @@ Session Session::decrypt(const byte buf[], size_t buf_len, Pipe pipe(get_cipher(SESSION_CRYPTO_CIPHER, cipher_key, cipher_iv, DECRYPTION)); pipe.process_msg(&buf[CTEXT_OFFSET], buf_len - (MAC_OUTPUT_LENGTH + CTEXT_OFFSET)); - SecureVector ber = pipe.read_all(); + secure_vector ber = pipe.read_all(); return Session(&ber[0], ber.size()); } diff --git a/src/tls/tls_session.h b/src/tls/tls_session.h index a2b341a30..2c474bc6a 100644 --- a/src/tls/tls_session.h +++ b/src/tls/tls_session.h @@ -43,8 +43,8 @@ class BOTAN_DLL Session /** * New session (sets session start time) */ - Session(const MemoryRegion& session_id, - const MemoryRegion& master_secret, + Session(const std::vector& session_id, + const secure_vector& master_secret, Protocol_Version version, u16bit ciphersuite, byte compression_method, @@ -52,7 +52,7 @@ class BOTAN_DLL Session bool secure_renegotiation_supported, size_t fragment_size, const std::vector& peer_certs, - const MemoryRegion& session_ticket, + const std::vector& session_ticket, const std::string& sni_hostname = "", const std::string& srp_identifier = ""); @@ -71,12 +71,12 @@ class BOTAN_DLL Session * @warning if the master secret is compromised so is the * session traffic */ - SecureVector DER_encode() const; + secure_vector DER_encode() const; /** * Encrypt a session (useful for serialization or session tickets) */ - MemoryVector encrypt(const SymmetricKey& key, + std::vector encrypt(const SymmetricKey& key, RandomNumberGenerator& rng) const; @@ -95,7 +95,7 @@ class BOTAN_DLL Session * @param ctext the ciphertext returned by encrypt * @param key the same key used by the encrypting side */ - static inline Session decrypt(const MemoryRegion& ctext, + static inline Session decrypt(const std::vector& ctext, const SymmetricKey& key) { return Session::decrypt(&ctext[0], ctext.size(), key); @@ -147,13 +147,13 @@ class BOTAN_DLL Session /** * Get the saved master secret */ - const SecureVector& master_secret() const + const secure_vector& master_secret() const { return m_master_secret; } /** * Get the session identifier */ - const MemoryVector& session_id() const + const std::vector& session_id() const { return m_identifier; } /** @@ -186,16 +186,16 @@ class BOTAN_DLL Session /** * Return the session ticket the server gave us */ - const MemoryVector& session_ticket() const { return m_session_ticket; } + const std::vector& session_ticket() const { return m_session_ticket; } private: enum { TLS_SESSION_PARAM_STRUCT_VERSION = 0x2994e300 }; std::chrono::system_clock::time_point m_start_time; - MemoryVector m_identifier; - MemoryVector m_session_ticket; // only used by client side - SecureVector m_master_secret; + std::vector m_identifier; + std::vector m_session_ticket; // only used by client side + secure_vector m_master_secret; Protocol_Version m_version; u16bit m_ciphersuite; diff --git a/src/tls/tls_session_key.cpp b/src/tls/tls_session_key.cpp index 4d7603ce1..0cd74a63a 100644 --- a/src/tls/tls_session_key.cpp +++ b/src/tls/tls_session_key.cpp @@ -19,7 +19,7 @@ namespace TLS { * Session_Keys Constructor */ Session_Keys::Session_Keys(Handshake_State* state, - const MemoryRegion& pre_master_secret, + const secure_vector& pre_master_secret, bool resuming) { const size_t mac_keylen = output_length_of(state->suite.mac_algo()); @@ -45,7 +45,7 @@ Session_Keys::Session_Keys(Handshake_State* state, } else { - SecureVector salt; + secure_vector salt; if(state->version() != Protocol_Version::SSL_V3) salt += std::make_pair(MASTER_SECRET_MAGIC, sizeof(MASTER_SECRET_MAGIC)); @@ -56,7 +56,7 @@ Session_Keys::Session_Keys(Handshake_State* state, master_sec = prf->derive_key(48, pre_master_secret, salt); } - SecureVector salt; + secure_vector salt; if(state->version() != Protocol_Version::SSL_V3) salt += std::make_pair(KEY_GEN_MAGIC, sizeof(KEY_GEN_MAGIC)); salt += state->server_hello->random(); diff --git a/src/tls/tls_session_key.h b/src/tls/tls_session_key.h index 25de56aea..0021694e3 100644 --- a/src/tls/tls_session_key.h +++ b/src/tls/tls_session_key.h @@ -31,16 +31,16 @@ class Session_Keys InitializationVector client_iv() const { return c_iv; } InitializationVector server_iv() const { return s_iv; } - const SecureVector& master_secret() const { return master_sec; } + const secure_vector& master_secret() const { return master_sec; } Session_Keys() {} Session_Keys(class Handshake_State* state, - const MemoryRegion& pre_master, + const secure_vector& pre_master, bool resuming); private: - SecureVector master_sec; + secure_vector master_sec; SymmetricKey c_cipher, s_cipher, c_mac, s_mac; InitializationVector c_iv, s_iv; }; diff --git a/src/tls/tls_session_manager.cpp b/src/tls/tls_session_manager.cpp index d103df35f..72eb83c21 100644 --- a/src/tls/tls_session_manager.cpp +++ b/src/tls/tls_session_manager.cpp @@ -37,7 +37,7 @@ bool Session_Manager_In_Memory::load_from_session_str( } bool Session_Manager_In_Memory::load_from_session_id( - const MemoryRegion& session_id, Session& session) + const std::vector& session_id, Session& session) { std::lock_guard lock(m_mutex); @@ -69,7 +69,7 @@ bool Session_Manager_In_Memory::load_from_host_info( } void Session_Manager_In_Memory::remove_entry( - const MemoryRegion& session_id) + const std::vector& session_id) { std::lock_guard lock(m_mutex); diff --git a/src/tls/tls_session_manager.h b/src/tls/tls_session_manager.h index 84d51406d..fa1ecae39 100644 --- a/src/tls/tls_session_manager.h +++ b/src/tls/tls_session_manager.h @@ -36,7 +36,7 @@ class BOTAN_DLL Session_Manager or not modified if not found * @return true if session was modified */ - virtual bool load_from_session_id(const MemoryRegion& session_id, + virtual bool load_from_session_id(const std::vector& session_id, Session& session) = 0; /** @@ -53,7 +53,7 @@ class BOTAN_DLL Session_Manager /** * Remove this session id from the cache, if it exists */ - virtual void remove_entry(const MemoryRegion& session_id) = 0; + virtual void remove_entry(const std::vector& session_id) = 0; /** * Save a session on a best effort basis; the manager may not in @@ -94,13 +94,13 @@ class BOTAN_DLL Session_Manager_In_Memory : public Session_Manager m_session_lifetime(session_lifetime) {} - bool load_from_session_id(const MemoryRegion& session_id, + bool load_from_session_id(const std::vector& session_id, Session& session); bool load_from_host_info(const std::string& hostname, u16bit port, Session& session); - void remove_entry(const MemoryRegion& session_id); + void remove_entry(const std::vector& session_id); void save(const Session& session_data); diff --git a/src/utils/datastor/datastor.cpp b/src/utils/datastor/datastor.cpp index 363136c69..d65b3f1ac 100644 --- a/src/utils/datastor/datastor.cpp +++ b/src/utils/datastor/datastor.cpp @@ -72,21 +72,21 @@ std::string Data_Store::get1(const std::string& key) const } /* -* Get a single MemoryVector atom +* Get a single std::vector atom */ -MemoryVector +std::vector Data_Store::get1_memvec(const std::string& key) const { std::vector vals = get(key); if(vals.empty()) - return MemoryVector(); + return std::vector(); if(vals.size() > 1) throw Invalid_State("Data_Store::get1_memvec: Multiple values for " + key); - return hex_decode(vals[0]); + return unlock(hex_decode(vals[0])); } /* @@ -125,7 +125,12 @@ void Data_Store::add(const std::string& key, u32bit val) /* * Insert a single key and value */ -void Data_Store::add(const std::string& key, const MemoryRegion& val) +void Data_Store::add(const std::string& key, const secure_vector& val) + { + add(key, hex_encode(&val[0], val.size())); + } + +void Data_Store::add(const std::string& key, const std::vector& val) { add(key, hex_encode(&val[0], val.size())); } diff --git a/src/utils/datastor/datastor.h b/src/utils/datastor/datastor.h index 26a0d418c..b471f85e1 100644 --- a/src/utils/datastor/datastor.h +++ b/src/utils/datastor/datastor.h @@ -35,7 +35,7 @@ class BOTAN_DLL Data_Store std::string get1(const std::string&) const; - MemoryVector get1_memvec(const std::string&) const; + std::vector get1_memvec(const std::string&) const; u32bit get1_u32bit(const std::string&, u32bit = 0) const; bool has_value(const std::string&) const; @@ -43,7 +43,8 @@ class BOTAN_DLL Data_Store void add(const std::multimap&); void add(const std::string&, const std::string&); void add(const std::string&, u32bit); - void add(const std::string&, const MemoryRegion&); + void add(const std::string&, const secure_vector&); + void add(const std::string&, const std::vector&); private: std::multimap contents; }; diff --git a/src/utils/xor_buf.h b/src/utils/xor_buf.h index 3c96dea70..b67d84c50 100644 --- a/src/utils/xor_buf.h +++ b/src/utils/xor_buf.h @@ -9,6 +9,7 @@ #define BOTAN_XOR_BUF_H__ #include +#include namespace Botan { @@ -70,6 +71,31 @@ inline void xor_buf(byte out[], out[i] = in[i] ^ in2[i]; } +template +void xor_buf(std::vector& out, + const std::vector& in, + size_t n) + { + xor_buf(&out[0], &in[0], n); + } + +template +void xor_buf(std::vector& out, + const byte* in, + size_t n) + { + xor_buf(&out[0], in, n); + } + +template +void xor_buf(std::vector& out, + const byte* in, + const std::vector& in2, + size_t n) + { + xor_buf(&out[0], &in[0], &in2[0], n); + } + } #endif diff --git a/src/wrap/python/python_botan.h b/src/wrap/python/python_botan.h index ac0a17d7f..03bdd9156 100644 --- a/src/wrap/python/python_botan.h +++ b/src/wrap/python/python_botan.h @@ -34,7 +34,7 @@ inline std::string make_string(const byte input[], u32bit length) return std::string((const char*)input, length); } -inline std::string make_string(const MemoryRegion& in) +inline std::string make_string(const secure_vector& in) { return make_string(in.begin(), in.size()); } diff --git a/src/wrap/python/rsa.cpp b/src/wrap/python/rsa.cpp index dc6053503..3ff1edb07 100644 --- a/src/wrap/python/rsa.cpp +++ b/src/wrap/python/rsa.cpp @@ -40,7 +40,7 @@ class Py_RSA_PrivateKey std::string to_ber() const { - SecureVector bits = PKCS8::BER_encode(*rsa_key); + secure_vector bits = PKCS8::BER_encode(*rsa_key); return std::string(reinterpret_cast(&bits[0]), bits.size()); @@ -140,7 +140,7 @@ class Py_RSA_PublicKey std::string to_ber() const { - SecureVector bits = X509::BER_encode(*rsa_key); + secure_vector bits = X509::BER_encode(*rsa_key); return std::string(reinterpret_cast(&bits[0]), bits.size()); diff --git a/src/wrap/python/x509.cpp b/src/wrap/python/x509.cpp index 4c248890d..0a29ad83a 100644 --- a/src/wrap/python/x509.cpp +++ b/src/wrap/python/x509.cpp @@ -63,7 +63,7 @@ void export_x509() { vector_to_list(); vector_to_list(); - memvec_to_hexstr >(); + memvec_to_hexstr >(); python::class_ ("X509_Certificate", python::init()) -- cgit v1.2.3