diff --git a/README.md b/README.md index d1c97a4ac..37e0636ba 100644 --- a/README.md +++ b/README.md @@ -35,11 +35,11 @@ because of the PKCS#11 interface. SoftHSM depends on a cryptographic library, Botan or OpenSSL. Minimum required versions: -- Botan 1.10.0 +- Botan 2.0.0 - OpenSSL 1.0.0 -If you are using Botan, make sure that it has support for GNU MP (--with-gnump). -This will improve the performance when doing public key operations. +If you are using Botan, use at least version 2.6.0. This will improve +the performance when doing public key operations. The GNU Autotools (Autoconf, Automake, Libtool) are also required for building the software. It is also recommended to install pkg-config so that the diff --git a/aes_wrap_key_with_pad/README b/aes_wrap_key_with_pad/README deleted file mode 100644 index 883cbf42b..000000000 --- a/aes_wrap_key_with_pad/README +++ /dev/null @@ -1,7 +0,0 @@ -Here are the patches to add advanced AES key wrap *with pad*, aka RFC 5649, -to Botan (1.10, not 1.11 even it should be easy). -PS: standardized (and approved) under the KWP name in NIST SP 800-38F. - -OpenSSL added support for RFC 5649 in commit -d31fed73e25391cd71a0de488d88724db78f6f8a and it is waiting for nearest release. -Some distributions backported the interface, e.g. Fedora and RHEL. diff --git a/aes_wrap_key_with_pad/botan-diff b/aes_wrap_key_with_pad/botan-diff deleted file mode 100644 index bf031189a..000000000 --- a/aes_wrap_key_with_pad/botan-diff +++ /dev/null @@ -1,340 +0,0 @@ ---- src/constructs/rfc3394/rfc3394.h-dist 2013-11-10 17:06:11.000000000 +0100 -+++ src/constructs/rfc3394/rfc3394.h 2013-12-22 02:14:50.000000000 +0100 -@@ -27,6 +27,13 @@ - const SymmetricKey& kek, - Algorithm_Factory& af); - -+/* overload with an extra initial value */ -+ -+SecureVector BOTAN_DLL rfc3394_keywrap(const MemoryRegion& key, -+ const byte iv[8], -+ const SymmetricKey& kek, -+ Algorithm_Factory& af); -+ - /** - * Decrypt a key under a key encryption key using the algorithm - * described in RFC 3394 -@@ -40,6 +47,47 @@ - const SymmetricKey& kek, - Algorithm_Factory& af); - -+/* overload with an extra initial value */ -+ -+SecureVector BOTAN_DLL rfc3394_keyunwrap(const MemoryRegion& key, -+ const byte iv[8], -+ const SymmetricKey& kek, -+ Algorithm_Factory& af); -+ -+/* overload with an extra initial value and integrity check value */ -+ -+SecureVector BOTAN_DLL rfc3394_keyunwrap(const MemoryRegion& key, -+ const byte iv[8], -+ byte icv[8], -+ const SymmetricKey& kek, -+ Algorithm_Factory& af); -+ -+/** -+* Pad and encrypt a key under a key encryption key using the algorithm -+* described in RFC 5649 -+* -+* @param key the plaintext key to encrypt -+* @param kek the key encryption key -+* @param af an algorithm factory -+* @return key encrypted under kek -+*/ -+SecureVector BOTAN_DLL rfc5649_keywrap(const MemoryRegion& key, -+ const SymmetricKey& kek, -+ Algorithm_Factory& af); -+ -+/** -+* Decrypt and unpad a key under a key encryption key using the algorithm -+* described in RFC 5649 -+* -+* @param key the encrypted key to decrypt -+* @param kek the key encryption key -+* @param af an algorithm factory -+* @return key decrypted under kek -+*/ -+SecureVector BOTAN_DLL rfc5649_keyunwrap(const MemoryRegion& key, -+ const SymmetricKey& kek, -+ Algorithm_Factory& af); -+ - } - - #endif ---- src/constructs/rfc3394/rfc3394.cpp-dist 2013-11-10 17:06:11.000000000 +0100 -+++ src/constructs/rfc3394/rfc3394.cpp 2013-12-22 03:46:13.000000000 +0100 -@@ -30,12 +30,35 @@ - throw std::invalid_argument("Bad KEK length for NIST keywrap"); - } - -+BlockCipher* make_aesp(size_t keylength, -+ Algorithm_Factory& af) -+ { -+ if(keylength == 16) -+ return af.make_block_cipher("AES-128"); -+ else if(keylength == 24) -+ return af.make_block_cipher("AES-192"); -+ else if(keylength == 32) -+ return af.make_block_cipher("AES-256"); -+ else -+ throw std::invalid_argument("Bad KEK length for NIST keywrap with pad"); -+ } - } - - SecureVector rfc3394_keywrap(const MemoryRegion& key, - const SymmetricKey& kek, - Algorithm_Factory& af) - { -+ byte iv[8]; -+ for(size_t i = 0; i != 8; ++i) -+ iv[i] = 0xA6; -+ return rfc3394_keywrap(key, iv, kek, af); -+ } -+ -+SecureVector rfc3394_keywrap(const MemoryRegion& key, -+ const byte iv[8], -+ const SymmetricKey& kek, -+ Algorithm_Factory& af) -+ { - if(key.size() % 8 != 0) - throw std::invalid_argument("Bad input key size for NIST key wrap"); - -@@ -48,7 +71,7 @@ - SecureVector A(16); - - for(size_t i = 0; i != 8; ++i) -- A[i] = 0xA6; -+ A[i] = iv[i]; - - copy_mem(&R[8], key.begin(), key.size()); - -@@ -78,6 +101,29 @@ - const SymmetricKey& kek, - Algorithm_Factory& af) - { -+ byte iv[8]; -+ for(size_t i = 0; i != 8; ++i) -+ iv[i] = 0xA6; -+ return rfc3394_keyunwrap(key, iv, kek, af); -+ } -+ -+SecureVector rfc3394_keyunwrap(const MemoryRegion& key, -+ const byte iv[8], -+ const SymmetricKey& kek, -+ Algorithm_Factory& af) -+ { -+ byte icv[8]; -+ for(size_t i = 0; i != 8; ++i) -+ icv[i] = iv[i]; -+ return rfc3394_keyunwrap(key, iv, icv, kek, af); -+ } -+ -+SecureVector rfc3394_keyunwrap(const MemoryRegion& key, -+ const byte iv[8], -+ byte icv[8], -+ const SymmetricKey& kek, -+ Algorithm_Factory& af) -+ { - if(key.size() < 16 || key.size() % 8 != 0) - throw std::invalid_argument("Bad input key size for NIST key unwrap"); - -@@ -113,10 +159,107 @@ - } - } - -- if(load_be(&A[0], 0) != 0xA6A6A6A6A6A6A6A6) -- throw Integrity_Failure("NIST key unwrap failed"); -+ if(load_be(iv, 0) == load_be(icv, 0)) -+ { -+ if(load_be(&A[0], 0) != load_be(iv, 0)) -+ throw Integrity_Failure("NIST key unwrap failed"); -+ } -+ else -+ store_be(load_be(&A[0], 0), icv); - - return R; - } - -+SecureVector rfc5649_keywrap(const MemoryRegion& key, -+ const SymmetricKey& kek, -+ Algorithm_Factory& af) -+ { -+ const size_t len = key.size() + -+ (key.size() % 8 == 0 ? 0 : (8 - key.size() % 8)); -+ -+ u32bit aivh = 0xA65959A6; -+ byte ivh[4] = { 0 }; -+ store_be(aivh, ivh); -+ u32bit mli = key.size(); -+ byte ivl[4] = { 0 }; -+ store_be(mli, ivl); -+ -+ if(len == 8) -+ { -+ std::auto_ptr aes(make_aesp(kek.length(), af)); -+ aes->set_key(kek); -+ -+ SecureVector buf(16); -+ copy_mem(&buf[0], ivh, 4); -+ copy_mem(&buf[4], ivl, 4); -+ copy_mem(&buf[8], key.begin(), key.size()); -+ -+ aes->encrypt(&buf[0]); -+ -+ return buf; -+ } -+ else -+ { -+ MemoryVector buf(len); -+ copy_mem(&buf[0], key.begin(), key.size()); -+ byte iv[8] = { 0 }; -+ copy_mem(iv, ivh, 4); -+ copy_mem(&iv[4], ivl, 4); -+ return rfc3394_keywrap(buf, iv, kek, af); -+ } -+ } -+ -+SecureVector rfc5649_keyunwrap(const MemoryRegion& key, -+ const SymmetricKey& kek, -+ Algorithm_Factory& af) -+ { -+ if(key.size() < 16 || key.size() % 8 != 0) -+ throw std::invalid_argument("Bad input key size for NIST key unwrap with pad"); -+ -+ byte iv[8] = { 0 }; -+ SecureVector out; -+ -+ if(key.size() == 16) -+ { -+ std::auto_ptr aes(make_aesp(kek.length(), af)); -+ aes->set_key(kek); -+ -+ SecureVector buf(key); -+ -+ aes->decrypt(&buf[0]); -+ -+ copy_mem(iv, buf.begin(), 8); -+ out.resize(8); -+ copy_mem(&out[0], &buf[8], 8); -+ } -+ else -+ { -+ byte dummy[8] = { 1 }; -+ try -+ { -+ out = rfc3394_keyunwrap(key, dummy, iv, kek, af); -+ } -+ catch(...) -+ { -+ throw Integrity_Failure("NIST key unwrap with pad failed"); -+ } -+ } -+ -+ if(load_be(&iv[0], 0) != 0xA65959A6) -+ throw Integrity_Failure("NIST key unwrap with pad failed"); -+ -+ u32bit mli = load_be(iv, 1); -+ if(mli > out.size() || mli <= out.size() - 8) -+ throw Integrity_Failure("NIST key unwrap with pad failed"); -+ -+ size_t padlen = out.size() - mli; -+ byte zero[8] = { 0 }; -+ clear_mem(zero, 8); -+ if(padlen && !same_mem(zero, &out[mli], padlen)) -+ throw Integrity_Failure("NIST key unwrap with pad failed"); -+ -+ out.resize(mli); -+ return out; -+ } -+ - } ---- src/constructs/rfc3394/info.txt-dist 2013-11-10 17:06:11.000000000 +0100 -+++ src/constructs/rfc3394/info.txt 2013-12-22 00:42:08.000000000 +0100 -@@ -1 +1,2 @@ - define RFC3394_KEYWRAP -+define RFC5649_KEYWRAP ---- checks/validate.cpp-dist 2013-11-10 17:06:11.000000000 +0100 -+++ checks/validate.cpp 2013-12-22 02:15:12.000000000 +0100 -@@ -180,6 +180,68 @@ - return ok; - } - -+bool keywrap_withpad_test(const char* key_str, -+ const char* expected_str, -+ const char* kek_str) -+ { -+ std::cout << '.' << std::flush; -+ -+ bool ok = true; -+ -+#if defined(BOTAN_HAS_RFC5649_KEYWRAP) -+ try -+ { -+ SymmetricKey key(key_str); -+ SymmetricKey expected(expected_str); -+ SymmetricKey kek(kek_str); -+ -+ Algorithm_Factory& af = global_state().algorithm_factory(); -+ -+ SecureVector enc = rfc5649_keywrap(key.bits_of(), kek, af); -+ -+ if(enc != expected.bits_of()) -+ { -+ std::cout << "NIST key wrap encryption failure: " -+ << hex_encode(enc) << " != " << hex_encode(expected.bits_of()) << "\n"; -+ ok = false; -+ } -+ -+ SecureVector dec = rfc5649_keyunwrap(expected.bits_of(), kek, af); -+ -+ if(dec != key.bits_of()) -+ { -+ std::cout << "NIST key wrap decryption failure: " -+ << hex_encode(dec) << " != " << hex_encode(key.bits_of()) << "\n"; -+ ok = false; -+ } -+ } -+ catch(std::exception& e) -+ { -+ std::cout << e.what() << "\n"; -+ } -+#endif -+ -+ return ok; -+ } -+ -+bool test_keywrap_withpad() -+ { -+ std::cout << "Testing NIST keywrap with pad: " << std::flush; -+ -+ bool ok = true; -+ -+ ok &= keywrap_withpad_test("C37B7E6492584340BED12207808941155068F738", -+ "138BDEAA9B8FA7FC61F97742E72248EE5AE6AE5360D1AE6A5F54F373FA543B6A", -+ "5840DF6E29B02AF1AB493B705BF16EA1AE8338F4DCC176A8"); -+ -+ ok &= keywrap_withpad_test("466f7250617369", -+ "AFBEB0F07DFBF5419200F2CCB50BB24F", -+ "5840DF6E29B02AF1AB493B705BF16EA1AE8338F4DCC176A8"); -+ -+ std::cout << "\n"; -+ return ok; -+ } -+ - bool test_bcrypt(RandomNumberGenerator& rng) - { - #if defined(BOTAN_HAS_BCRYPT) -@@ -410,6 +472,12 @@ - errors++; - } - -+ if(should_pass && !test_keywrap_withpad()) -+ { -+ std::cout << "NIST keywrap with pad tests failed" << std::endl; -+ errors++; -+ } -+ - if(should_pass && !test_cryptobox(rng)) - { - std::cout << "Cryptobox tests failed" << std::endl; diff --git a/m4/acx_botan.m4 b/m4/acx_botan.m4 index 346a1800d..d863e42a2 100644 --- a/m4/acx_botan.m4 +++ b/m4/acx_botan.m4 @@ -15,17 +15,7 @@ AC_DEFUN([ACX_BOTAN],[ BOTAN_VERSION_MAJOR=2 BOTAN_VERSION_MINOR=0 ],[ - PKG_CHECK_MODULES([BOTAN], [botan-1.11 >= $1.$2.$3], [ - BOTAN_VERSION_MAJOR=1 - BOTAN_VERSION_MINOR=11 - ],[ - PKG_CHECK_MODULES([BOTAN], [botan-1.10 >= $1.$2.$3], [ - BOTAN_VERSION_MAJOR=1 - BOTAN_VERSION_MINOR=10 - ],[ - AC_MSG_ERROR([Cannot find Botan]) - ]) - ]) + AC_MSG_ERROR([Cannot find Botan]) ]) else BOTAN_VERSION_MAJOR=2 @@ -33,12 +23,6 @@ AC_DEFUN([ACX_BOTAN],[ if test -f "$BOTAN_PATH/include/botan-2/botan/version.h"; then BOTAN_VERSION_MAJOR=2 BOTAN_VERSION_MINOR=0 - elif test -f "$BOTAN_PATH/include/botan-1.11/botan/version.h"; then - BOTAN_VERSION_MAJOR=1 - BOTAN_VERSION_MINOR=11 - elif test -f "$BOTAN_PATH/include/botan-1.10/botan/version.h"; then - BOTAN_VERSION_MAJOR=1 - BOTAN_VERSION_MINOR=10 else AC_MSG_ERROR([Cannot find Botan includes]) fi @@ -74,11 +58,8 @@ AC_DEFUN([ACX_BOTAN],[ AC_LANG_PUSH([C++]) AC_LINK_IFELSE( [AC_LANG_PROGRAM( - [#include - #include ], - [using namespace Botan; - LibraryInitializer::initialize(); - #if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR($1,$2,$3) + [#include ], + [#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR($1,$2,$3) #error "Botan version too old"; #endif])], [AC_MSG_RESULT([checking for Botan >= v$1.$2.$3 ... yes])], diff --git a/m4/acx_botan_aes_gcm.m4 b/m4/acx_botan_aes_gcm.m4 deleted file mode 100644 index 4873e307c..000000000 --- a/m4/acx_botan_aes_gcm.m4 +++ /dev/null @@ -1,43 +0,0 @@ -AC_DEFUN([ACX_BOTAN_AES_GCM],[ - AC_MSG_CHECKING(for Botan AES GCM support) - - tmp_CPPFLAGS=$CPPFLAGS - tmp_LIBS=$LIBS - - CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES" - LIBS="$CRYPTO_LIBS $LIBS" - - AC_LANG_PUSH([C++]) - AC_CACHE_VAL([acx_cv_lib_botan_aes_gcm_support],[ - acx_cv_lib_botan_aes_gcm_support=no - AC_COMPILE_IFELSE([ - AC_LANG_SOURCE([[ - #include - #include - int main() - { - using namespace Botan; - -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) - return 0; -#else -#error "Botan too old" -#endif - } - ]]) - ],[ - AC_MSG_RESULT([Found AES GCM]) - acx_cv_lib_botan_aes_gcm_support=yes - ],[ - AC_MSG_RESULT([Cannot find AES GCM support, upgrade to Botan >= v2.0.0]) - ]) - ]) - AC_LANG_POP([C++]) - if test "x$acx_cv_lib_botan_aes_gcm_support" = xyes; then - AC_DEFINE([WITH_AES_GCM], [1], - [Compile with AES GCM]) - fi - - CPPFLAGS=$tmp_CPPFLAGS - LIBS=$tmp_LIBS -]) diff --git a/m4/acx_botan_ecc.m4 b/m4/acx_botan_ecc.m4 index a45e0fe04..5e066831f 100644 --- a/m4/acx_botan_ecc.m4 +++ b/m4/acx_botan_ecc.m4 @@ -12,24 +12,17 @@ AC_DEFUN([ACX_BOTAN_ECC],[ acx_cv_lib_botan_ecc_support=no AC_RUN_IFELSE([ AC_LANG_SOURCE([[ - #include #include #include #include int main() { - Botan::LibraryInitializer::initialize(); const std::string name("secp256r1"); const Botan::OID oid(Botan::OIDS::lookup(name)); const Botan::EC_Group ecg(oid); try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) const std::vector der = ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); -#else - const Botan::SecureVector der = - ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); -#endif } catch(...) { return 1; } diff --git a/m4/acx_botan_eddsa.m4 b/m4/acx_botan_eddsa.m4 index 20dd92cab..5c0c2da8f 100644 --- a/m4/acx_botan_eddsa.m4 +++ b/m4/acx_botan_eddsa.m4 @@ -12,7 +12,6 @@ AC_DEFUN([ACX_BOTAN_EDDSA],[ acx_cv_lib_botan_eddsa_support=no AC_RUN_IFELSE([ AC_LANG_SOURCE([[ - #include #include #include int main() diff --git a/m4/acx_botan_gnump.m4 b/m4/acx_botan_gnump.m4 deleted file mode 100644 index 28272ab01..000000000 --- a/m4/acx_botan_gnump.m4 +++ /dev/null @@ -1,27 +0,0 @@ -AC_DEFUN([ACX_BOTAN_GNUMP],[ - tmp_CPPFLAGS=$CPPFLAGS - tmp_LIBS=$LIBS - - CPPFLAGS="$CPPFLAGS $BOTAN_CFLAGS" - LIBS="$LIBS $BOTAN_LIBS" - - AC_LANG_PUSH([C++]) - AC_LINK_IFELSE( - [AC_LANG_PROGRAM( - [#include ], - [#ifndef BOTAN_HAS_ENGINE_GNU_MP - #error "No GNU MP support"; - #endif])], - [AC_MSG_RESULT([checking for Botan GNU MP support... yes])], - [AC_MSG_RESULT([checking for Botan GNU MP support... no]) - AC_MSG_WARN([ -==================================================== -Botan has not been built with GNU MP (--with-gnump). -This will give negative impact on the performance. -====================================================])] - ) - AC_LANG_POP([C++]) - - CPPFLAGS=$tmp_CPPFLAGS - LIBS=$tmp_LIBS -]) diff --git a/m4/acx_botan_gost.m4 b/m4/acx_botan_gost.m4 index e50990254..6ce6d554b 100644 --- a/m4/acx_botan_gost.m4 +++ b/m4/acx_botan_gost.m4 @@ -12,24 +12,17 @@ AC_DEFUN([ACX_BOTAN_GOST],[ acx_cv_lib_botan_gost_support=no AC_RUN_IFELSE([ AC_LANG_SOURCE([[ - #include #include #include #include int main() { - Botan::LibraryInitializer::initialize(); const std::string name("gost_256A"); const Botan::OID oid(Botan::OIDS::lookup(name)); const Botan::EC_Group ecg(oid); try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) const std::vector der = ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); -#else - const Botan::SecureVector der = - ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); -#endif } catch(...) { return 1; } diff --git a/m4/acx_botan_rawpss.m4 b/m4/acx_botan_rawpss.m4 index 92b56ff53..75c901e3e 100644 --- a/m4/acx_botan_rawpss.m4 +++ b/m4/acx_botan_rawpss.m4 @@ -12,7 +12,6 @@ AC_DEFUN([ACX_BOTAN_RAWPSS],[ acx_cv_lib_botan_raw_pss_support=no AC_COMPILE_IFELSE([ AC_LANG_SOURCE([[ - #include #include int main() { diff --git a/m4/acx_botan_rfc5649.m4 b/m4/acx_botan_rfc5649.m4 index 25a3d2613..d968a70f3 100644 --- a/m4/acx_botan_rfc5649.m4 +++ b/m4/acx_botan_rfc5649.m4 @@ -12,23 +12,16 @@ AC_DEFUN([ACX_BOTAN_RFC5649],[ AC_LANG_PUSH([C++]) AC_LINK_IFELSE([ AC_LANG_SOURCE([[ - #include - #include + #include + #include #include int main() { using namespace Botan; - -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - secure_vector key(10); - SymmetricKey kek("AABB"); - secure_vector x = rfc5649_keywrap(key, kek); -#else - SecureVector key(10); - SymmetricKey kek("AABB"); - Algorithm_Factory& af = global_state().algorithm_factory(); - SecureVector x = rfc5649_keywrap(key, kek, af); -#endif + std::unique_ptr aes = BlockCipher::create_or_throw("AES-128"); + aes->set_key(std::vector(16)); + uint8_t input[4] = { 1,2,3,4 }; + std::vector wrapped = nist_key_wrap_padded(input, sizeof(input), *aes); return 1; } ]]) diff --git a/m4/acx_crypto_backend.m4 b/m4/acx_crypto_backend.m4 index 5e00098f5..8eefd6681 100644 --- a/m4/acx_crypto_backend.m4 +++ b/m4/acx_crypto_backend.m4 @@ -110,11 +110,6 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[ [1], [Compile with raw RSA PKCS PSS] ) - AC_DEFINE_UNQUOTED( - [WITH_AES_GCM], - [1], - [Compile with AES_GCM] - ) AC_DEFINE_UNQUOTED( [WITH_OPENSSL], [], @@ -124,7 +119,7 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[ elif test "x${crypto_backend}" = "xbotan"; then AC_MSG_RESULT(Botan) - ACX_BOTAN(1,10,0) + ACX_BOTAN(2,0,0) CRYPTO_INCLUDES=$BOTAN_CFLAGS CRYPTO_LIBS=$BOTAN_LIBS @@ -157,13 +152,8 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[ AC_MSG_ERROR([Botan does not support FIPS 140-2 mode]) fi - if test "x${BOTAN_VERSION_MAJOR}" = "x1" -a "x${BOTAN_VERSION_MINOR}" = "x10"; then - ACX_BOTAN_GNUMP - fi - ACX_BOTAN_RFC5649 ACX_BOTAN_RAWPSS - ACX_BOTAN_AES_GCM AC_DEFINE_UNQUOTED( [WITH_BOTAN], diff --git a/modules/CompilerOptions.cmake b/modules/CompilerOptions.cmake index 29a0ae511..56f5b9dc9 100644 --- a/modules/CompilerOptions.cmake +++ b/modules/CompilerOptions.cmake @@ -263,20 +263,7 @@ if(WITH_CRYPTO_BACKEND STREQUAL "botan") message(STATUS "Botan: Cannot find raw PSS support, upgrade to Botan >= v2.3.0") endif() - # acx_botan_aes_gcm.m4 - set(testfile ${CMAKE_SOURCE_DIR}/modules/tests/test_botan_aes_gcm.cpp) - try_run(RUN_AESGCM COMPILE_RESULT - "${CMAKE_BINARY_DIR}/prebuild_santity_tests" ${testfile} - LINK_LIBRARIES ${CRYPTO_LIBS} - CMAKE_FLAGS - "-DINCLUDE_DIRECTORIES=${CRYPTO_INCLUDES}" - ) - if(COMPILE_RESULT AND RUN_AESGCM EQUAL 0) - set(WITH_AES_GCM 1) - message(STATUS "Botan: Found AES GCM") - else() - message(STATUS "Botan: Cannot find AES GCM support, upgrade to Botan >= v2.0.0") - endif() + set(WITH_AES_GCM 1) # Restore flags set(CMAKE_CXX_FLAGS ${TMP_CXX_FLAGS}) diff --git a/modules/FindBotan.cmake b/modules/FindBotan.cmake index 6cb85a69d..233c53346 100644 --- a/modules/FindBotan.cmake +++ b/modules/FindBotan.cmake @@ -17,11 +17,11 @@ IF (NOT WIN32) # in the FIND_PATH() and FIND_LIBRARY() calls # also fills in BOTAN_DEFINITIONS, although that isn't normally useful FIND_PACKAGE(PkgConfig) - PKG_SEARCH_MODULE(PC_BOTAN botan-2 botan-1.11 botan-1.10) + PKG_SEARCH_MODULE(PC_BOTAN botan-2) SET(BOTAN_DEFINITIONS ${PC_BOTAN_CFLAGS}) ENDIF (NOT WIN32) -FIND_PATH(BOTAN_INCLUDE_DIR botan/botan.h +FIND_PATH(BOTAN_INCLUDE_DIR botan/version.h HINTS ${PC_BOTAN_INCLUDEDIR} ${PC_BOTAN_INCLUDE_DIRS} diff --git a/modules/tests/test_botan_aes_gcm.cpp b/modules/tests/test_botan_aes_gcm.cpp index 3769342ba..e81ea6a86 100644 --- a/modules/tests/test_botan_aes_gcm.cpp +++ b/modules/tests/test_botan_aes_gcm.cpp @@ -1,9 +1,6 @@ -#include #include int main() { - using namespace Botan; - #if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) return 0; #endif diff --git a/modules/tests/test_botan_ecc.cpp b/modules/tests/test_botan_ecc.cpp index cb1be2118..6d05fad40 100644 --- a/modules/tests/test_botan_ecc.cpp +++ b/modules/tests/test_botan_ecc.cpp @@ -1,21 +1,13 @@ -#include #include #include -#include int main() { - Botan::LibraryInitializer::initialize(); - const std::string name("secp256r1"); - const Botan::OID oid(Botan::OIDS::lookup(name)); - const Botan::EC_Group ecg(oid); try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + const std::string name("secp256r1"); + const Botan::OID oid(Botan::OIDS::lookup(name)); + const Botan::EC_Group ecg(oid); const std::vector der = ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); -#else - const Botan::SecureVector der = - ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); -#endif } catch(...) { return 1; } diff --git a/modules/tests/test_botan_ed25519.cpp b/modules/tests/test_botan_ed25519.cpp index 8ac4bac2b..8b4682475 100644 --- a/modules/tests/test_botan_ed25519.cpp +++ b/modules/tests/test_botan_ed25519.cpp @@ -1,4 +1,3 @@ -#include #include #include int main() diff --git a/modules/tests/test_botan_gost.cpp b/modules/tests/test_botan_gost.cpp index a141e4bc8..a9e1416c7 100644 --- a/modules/tests/test_botan_gost.cpp +++ b/modules/tests/test_botan_gost.cpp @@ -1,21 +1,14 @@ -#include #include #include #include int main() { - Botan::LibraryInitializer::initialize(); - const std::string name("gost_256A"); - const Botan::OID oid(Botan::OIDS::lookup(name)); - const Botan::EC_Group ecg(oid); try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) + const std::string name("gost_256A"); + const Botan::OID oid(Botan::OIDS::lookup(name)); + const Botan::EC_Group ecg(oid); const std::vector der = ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); -#else - const Botan::SecureVector der = - ecg.DER_encode(Botan::EC_DOMPAR_ENC_OID); -#endif } catch(...) { return 1; } diff --git a/modules/tests/test_botan_rawpss.cpp b/modules/tests/test_botan_rawpss.cpp index ba7ad011d..6639eced5 100644 --- a/modules/tests/test_botan_rawpss.cpp +++ b/modules/tests/test_botan_rawpss.cpp @@ -1,9 +1,6 @@ -#include #include int main() { - using namespace Botan; - #if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,3,0) return 0; #endif diff --git a/modules/tests/test_botan_rfc5649.cpp b/modules/tests/test_botan_rfc5649.cpp index 7f1fae437..bfe9c437a 100644 --- a/modules/tests/test_botan_rfc5649.cpp +++ b/modules/tests/test_botan_rfc5649.cpp @@ -1,19 +1,11 @@ -#include -#include #include int main() { using namespace Botan; -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - secure_vector key(10); - SymmetricKey kek("AABB"); - secure_vector x = rfc5649_keywrap(key, kek); +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,4,0) + return 0; #else - SecureVector key(10); - SymmetricKey kek("AABB"); - Algorithm_Factory& af = global_state().algorithm_factory(); - SecureVector x = rfc5649_keywrap(key, kek, af); -#endif return 0; +#endif } diff --git a/src/bin/keyconv/softhsm2-keyconv-botan.cpp b/src/bin/keyconv/softhsm2-keyconv-botan.cpp index cb5700f72..467983f11 100644 --- a/src/bin/keyconv/softhsm2-keyconv-botan.cpp +++ b/src/bin/keyconv/softhsm2-keyconv-botan.cpp @@ -40,7 +40,6 @@ #include #include -#include #include #include #include @@ -51,13 +50,11 @@ // Init Botan void crypto_init() { - Botan::LibraryInitializer::initialize(); } // Final Botan void crypto_final() { - Botan::LibraryInitializer::deinitialize(); } // Save the RSA key as a PKCS#8 file @@ -92,11 +89,7 @@ int save_rsa_pkcs8(char* out_path, char* file_pin, key_material_t* pkey) try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34) priv_key = new Botan::RSA_PrivateKey(bigP, bigQ, bigE, bigD, bigN); -#else - priv_key = new Botan::RSA_PrivateKey(*rng, bigP, bigQ, bigE, bigD, bigN); -#endif } catch(std::exception& e) { @@ -123,11 +116,7 @@ int save_rsa_pkcs8(char* out_path, char* file_pin, key_material_t* pkey) } else { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) priv_file << Botan::PKCS8::PEM_encode(*priv_key, *rng, file_pin, std::chrono::milliseconds(300), "PBE-PKCS5v15(MD5,DES/CBC)"); -#else - priv_file << Botan::PKCS8::PEM_encode(*priv_key, *rng, file_pin, "PBE-PKCS5v15(MD5,DES/CBC)"); -#endif } printf("The key has been written to %s\n", out_path); @@ -203,11 +192,7 @@ int save_dsa_pkcs8(char* out_path, char* file_pin, key_material_t* pkey) } else { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) priv_file << Botan::PKCS8::PEM_encode(*priv_key, *rng, file_pin, std::chrono::milliseconds(300), "PBE-PKCS5v15(MD5,DES/CBC)"); -#else - priv_file << Botan::PKCS8::PEM_encode(*priv_key, *rng, file_pin, "PBE-PKCS5v15(MD5,DES/CBC)"); -#endif } printf("The key has been written to %s\n", out_path); diff --git a/src/bin/util/softhsm2-util-botan.cpp b/src/bin/util/softhsm2-util-botan.cpp index c7b1da35e..790f5b3da 100644 --- a/src/bin/util/softhsm2-util-botan.cpp +++ b/src/bin/util/softhsm2-util-botan.cpp @@ -41,50 +41,21 @@ #include #include -#include +#include #include #include #include -#include #include #include -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,14) -#include -bool wasInitialized = false; -#endif - // Init Botan void crypto_init() { -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,14) - // The PKCS#11 library might be using Botan - // Check if it has already initialized Botan - if (Botan::Global_State_Management::global_state_exists()) - { - wasInitialized = true; - } - - if (!wasInitialized) - { - Botan::LibraryInitializer::initialize("thread_safe=true"); - } -#else - Botan::LibraryInitializer::initialize("thread_safe=true"); -#endif } // Final Botan void crypto_final() { -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,14) - if (!wasInitialized) - { - Botan::LibraryInitializer::deinitialize(); - } -#else - Botan::LibraryInitializer::deinitialize(); -#endif } // Import a aes secret key from given path @@ -249,7 +220,6 @@ Botan::Private_Key* crypto_read_file(char* filePath, char* filePIN) try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) if (filePIN == NULL) { pkey = Botan::PKCS8::load_key(std::string(filePath), *rng); @@ -258,16 +228,6 @@ Botan::Private_Key* crypto_read_file(char* filePath, char* filePIN) { pkey = Botan::PKCS8::load_key(std::string(filePath), *rng, std::string(filePIN)); } -#else - if (filePIN == NULL) - { - pkey = Botan::PKCS8::load_key(filePath, *rng); - } - else - { - pkey = Botan::PKCS8::load_key(filePath, *rng, filePIN); - } -#endif } catch (std::exception& e) { @@ -669,21 +629,15 @@ ecdsa_key_material_t* crypto_malloc_ecdsa(Botan::ECDSA_PrivateKey* ecdsa) return NULL; } -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) std::vector derEC = ecdsa->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); Botan::secure_vector derPoint; -#else - Botan::SecureVector derEC = ecdsa->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); - Botan::SecureVector derPoint; -#endif try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - Botan::secure_vector repr = Botan::EC2OSP(ecdsa->public_point(), - Botan::PointGFp::UNCOMPRESSED); +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,5,0) + std::vector repr = ecdsa->public_point().encode(Botan::PointGFp::UNCOMPRESSED); #else - Botan::SecureVector repr = Botan::EC2OSP(ecdsa->public_point(), + Botan::secure_vector repr = Botan::EC2OSP(ecdsa->public_point(), Botan::PointGFp::UNCOMPRESSED); #endif diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp index 7716e01ea..115c82095 100644 --- a/src/lib/SoftHSM.cpp +++ b/src/lib/SoftHSM.cpp @@ -715,9 +715,7 @@ void SoftHSM::prepareSupportedMecahnisms(std::mapulMinKeySize = 16; pInfo->ulMaxKeySize = 32; pInfo->flags = CKF_ENCRYPT | CKF_DECRYPT; @@ -2220,7 +2216,6 @@ CK_RV SoftHSM::SymEncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech iv.resize(16); memcpy(&iv[0], CK_AES_CTR_PARAMS_PTR(pMechanism->pParameter)->cb, 16); break; -#ifdef WITH_AES_GCM case CKM_AES_GCM: algo = SymAlgo::AES; mode = SymMode::GCM; @@ -2242,7 +2237,6 @@ CK_RV SoftHSM::SymEncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech } tagBytes = tagBytes / 8; break; -#endif default: return CKR_MECHANISM_INVALID; } @@ -2901,7 +2895,6 @@ CK_RV SoftHSM::SymDecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech iv.resize(16); memcpy(&iv[0], CK_AES_CTR_PARAMS_PTR(pMechanism->pParameter)->cb, 16); break; -#ifdef WITH_AES_GCM case CKM_AES_GCM: algo = SymAlgo::AES; mode = SymMode::GCM; @@ -2923,7 +2916,6 @@ CK_RV SoftHSM::SymDecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech } tagBytes = tagBytes / 8; break; -#endif default: return CKR_MECHANISM_INVALID; } diff --git a/src/lib/crypto/BotanAES.cpp b/src/lib/crypto/BotanAES.cpp index 0c67a0984..03223c3f6 100644 --- a/src/lib/crypto/BotanAES.cpp +++ b/src/lib/crypto/BotanAES.cpp @@ -36,8 +36,9 @@ #include #include -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,14) -#include +#ifdef HAVE_AES_KEY_WRAP_PAD + #include + #include #endif // Wrap/Unwrap keys @@ -70,28 +71,14 @@ bool BotanAES::wrapKey(const SymmetricKey* key, const SymWrap::Type mode, const return false; } -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - Botan::secure_vector data(in.size()); + Botan::secure_vector data(in.size()); memcpy(data.data(), in.const_byte_str(), in.size()); - Botan::secure_vector wrapped; -#else - Botan::MemoryVector data(in.size()); - memcpy(data.begin(), in.const_byte_str(), in.size()); - Botan::SecureVector wrapped; -#endif + Botan::secure_vector wrapped; Botan::SymmetricKey botanKey = Botan::SymmetricKey(key->getKeyBits().const_byte_str(), key->getKeyBits().size()); -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,14) - Botan::Algorithm_Factory& af = Botan::global_state().algorithm_factory(); - try - { - wrapped = Botan::rfc3394_keywrap(data, botanKey, af); - } -#else try { wrapped = Botan::rfc3394_keywrap(data, botanKey); } -#endif catch (...) { ERROR_MSG("AES key wrap failed"); @@ -99,55 +86,31 @@ bool BotanAES::wrapKey(const SymmetricKey* key, const SymWrap::Type mode, const return false; } out.resize(wrapped.size()); -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) memcpy(&out[0], wrapped.data(), out.size()); -#else - memcpy(&out[0], wrapped.begin(), out.size()); -#endif return true; } #ifdef HAVE_AES_KEY_WRAP_PAD else if (mode == SymWrap::AES_KEYWRAP_PAD) { - // RFC 5649 AES key wrap with pad -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - Botan::secure_vector data(in.size()); - memcpy(data.data(), in.const_byte_str(), in.size()); - Botan::secure_vector wrapped; -#else - Botan::MemoryVector data(in.size()); - memcpy(data.begin(), in.const_byte_str(), in.size()); - Botan::SecureVector wrapped; -#endif - Botan::SymmetricKey botanKey = Botan::SymmetricKey(key->getKeyBits().const_byte_str(), key->getKeyBits().size()); -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,14) - Botan::Algorithm_Factory& af = Botan::global_state().algorithm_factory(); try { - wrapped = Botan::rfc5649_keywrap(data, botanKey, af); + const std::string aes_name = "AES-" + std::to_string(key->getKeyBits().size()*8); + auto aes = Botan::BlockCipher::create_or_throw(aes_name); + aes->set_key(key->getKeyBits().const_byte_str(), key->getKeyBits().size()); + std::vector wrapped = Botan::nist_key_wrap_padded(in.const_byte_str(), in.size(), *aes); + out.resize(wrapped.size()); + memcpy(&out[0], wrapped.data(), out.size()); + return true; } -#else - try - { - wrapped = Botan::rfc5649_keywrap(data, botanKey); - } -#endif catch (...) { ERROR_MSG("AES key wrap failed"); return false; } - out.resize(wrapped.size()); -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - memcpy(&out[0], wrapped.data(), out.size()); -#else - memcpy(&out[0], wrapped.begin(), out.size()); -#endif - - return true; - } + return true; + } #endif else { @@ -186,28 +149,14 @@ bool BotanAES::unwrapKey(const SymmetricKey* key, const SymWrap::Type mode, cons return false; } -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - Botan::secure_vector wrapped(in.size()); + Botan::secure_vector wrapped(in.size()); memcpy(wrapped.data(), in.const_byte_str(), in.size()); - Botan::secure_vector unwrapped; -#else - Botan::MemoryVector wrapped(in.size()); - memcpy(wrapped.begin(), in.const_byte_str(), in.size()); - Botan::SecureVector unwrapped; -#endif + Botan::secure_vector unwrapped; Botan::SymmetricKey botanKey = Botan::SymmetricKey(key->getKeyBits().const_byte_str(), key->getKeyBits().size()); -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,14) - Botan::Algorithm_Factory& af = Botan::global_state().algorithm_factory(); - try - { - unwrapped = Botan::rfc3394_keyunwrap(wrapped, botanKey, af); - } -#else try { unwrapped = Botan::rfc3394_keyunwrap(wrapped, botanKey); } -#endif catch (...) { ERROR_MSG("AES key unwrap failed"); @@ -215,11 +164,7 @@ bool BotanAES::unwrapKey(const SymmetricKey* key, const SymWrap::Type mode, cons return false; } out.resize(unwrapped.size()); -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) memcpy(&out[0], unwrapped.data(), out.size()); -#else - memcpy(&out[0], unwrapped.begin(), out.size()); -#endif return true; } @@ -239,43 +184,23 @@ bool BotanAES::unwrapKey(const SymmetricKey* key, const SymWrap::Type mode, cons return false; } - -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - Botan::secure_vector wrapped(in.size()); - memcpy(wrapped.data(), in.const_byte_str(), in.size()); - Botan::secure_vector unwrapped; -#else - Botan::MemoryVector wrapped(in.size()); - memcpy(wrapped.begin(), in.const_byte_str(), in.size()); - Botan::SecureVector unwrapped; -#endif - Botan::SymmetricKey botanKey = Botan::SymmetricKey(key->getKeyBits().const_byte_str(), key->getKeyBits().size()); -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,14) - Botan::Algorithm_Factory& af = Botan::global_state().algorithm_factory(); - try - { - unwrapped = Botan::rfc5649_keyunwrap(wrapped, botanKey, af); - } -#else try { - unwrapped = Botan::rfc5649_keyunwrap(wrapped, botanKey); + const std::string aes_name = "AES-" + std::to_string(key->getKeyBits().size()*8); + auto aes = Botan::BlockCipher::create_or_throw(aes_name); + aes->set_key(key->getKeyBits().const_byte_str(), key->getKeyBits().size()); + auto wrapped = Botan::nist_key_unwrap_padded(in.const_byte_str(), in.size(), *aes); + out.resize(wrapped.size()); + memcpy(&out[0], wrapped.data(), out.size()); + return true; } -#endif catch (...) { ERROR_MSG("AES key unwrap failed"); return false; } - out.resize(unwrapped.size()); -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - memcpy(&out[0], unwrapped.data(), out.size()); -#else - memcpy(&out[0], unwrapped.begin(), out.size()); -#endif - - return true; + return true; } #endif else @@ -323,10 +248,8 @@ std::string BotanAES::getCipher() const case SymMode::ECB: mode = "ECB"; break; -#ifdef WITH_AES_GCM case SymMode::GCM: return algo + "/GCM(" + std::to_string(currentTagBytes) + ")"; -#endif default: ERROR_MSG("Invalid AES cipher mode %i", currentCipherMode); diff --git a/src/lib/crypto/BotanCryptoFactory.cpp b/src/lib/crypto/BotanCryptoFactory.cpp index 405570c1c..4ad743df8 100644 --- a/src/lib/crypto/BotanCryptoFactory.cpp +++ b/src/lib/crypto/BotanCryptoFactory.cpp @@ -57,33 +57,9 @@ #include "BotanEDDSA.h" #endif -#include - -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,14) -#include -#endif - // Constructor BotanCryptoFactory::BotanCryptoFactory() { -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,14) - wasInitialized = false; - - // Check if Botan has already been initialized - if (Botan::Global_State_Management::global_state_exists()) - { - wasInitialized = true; - } - - // Init the Botan crypto library - if (!wasInitialized) - { - Botan::LibraryInitializer::initialize("thread_safe=true"); - } -#else - Botan::LibraryInitializer::initialize("thread_safe=true"); -#endif - // Create mutex rngsMutex = MutexFactory::i()->getMutex(); } @@ -108,16 +84,6 @@ BotanCryptoFactory::~BotanCryptoFactory() // Delete the mutex MutexFactory::i()->recycleMutex(rngsMutex); - - // Deinitialize the Botan crypto lib -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,14) - if (!wasInitialized) - { - Botan::LibraryInitializer::deinitialize(); - } -#else - Botan::LibraryInitializer::deinitialize(); -#endif } // Return the one-and-only instance diff --git a/src/lib/crypto/BotanCryptoFactory.h b/src/lib/crypto/BotanCryptoFactory.h index df7556dd2..788ae373d 100644 --- a/src/lib/crypto/BotanCryptoFactory.h +++ b/src/lib/crypto/BotanCryptoFactory.h @@ -95,10 +95,6 @@ class BotanCryptoFactory : public CryptoFactory std::map rngs; #endif Mutex* rngsMutex; - -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,14) - bool wasInitialized; -#endif }; #endif // !_SOFTHSM_V2_BOTANCRYPTOFACTORY_H diff --git a/src/lib/crypto/BotanDH.cpp b/src/lib/crypto/BotanDH.cpp index 5adc239e8..82b7aec05 100644 --- a/src/lib/crypto/BotanDH.cpp +++ b/src/lib/crypto/BotanDH.cpp @@ -191,12 +191,8 @@ bool BotanDH::deriveKey(SymmetricKey **ppSymmetricKey, PublicKey* publicKey, Pri Botan::SymmetricKey sk; try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,33) BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); Botan::PK_Key_Agreement ka(*priv->impl, *rng->getRNG(), "Raw"); -#else - Botan::PK_Key_Agreement ka(*priv->impl, "Raw"); -#endif sk = ka.derive_key(0, pub->public_value()); } catch (std::exception& e) diff --git a/src/lib/crypto/BotanDHPrivateKey.cpp b/src/lib/crypto/BotanDHPrivateKey.cpp index cb7a53089..35574db74 100644 --- a/src/lib/crypto/BotanDHPrivateKey.cpp +++ b/src/lib/crypto/BotanDHPrivateKey.cpp @@ -43,57 +43,29 @@ #include #include -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) -std::vector BotanDH_PrivateKey::public_value() const +std::vector BotanDH_PrivateKey::public_value() const { return impl->public_value(); } -#else -Botan::MemoryVector BotanDH_PrivateKey::public_value() const -{ - return impl->public_value(); -} -#endif // Redefine of DH_PrivateKey constructor with the correct format -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) BotanDH_PrivateKey::BotanDH_PrivateKey( const Botan::AlgorithmIdentifier& alg_id, - const Botan::secure_vector& key_bits, + const Botan::secure_vector& key_bits, Botan::RandomNumberGenerator& rng) : Botan::DL_Scheme_PrivateKey(alg_id, key_bits, Botan::DL_Group::PKCS3_DH_PARAMETERS) { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,27) impl = new Botan::DH_PrivateKey(rng, m_group, m_x); -#else - impl = new Botan::DH_PrivateKey(rng, group, x); -#endif -} -#else -BotanDH_PrivateKey::BotanDH_PrivateKey( - const Botan::AlgorithmIdentifier& alg_id, - const Botan::MemoryRegion& key_bits, - Botan::RandomNumberGenerator& rng) : - Botan::DL_Scheme_PrivateKey(alg_id, key_bits, Botan::DL_Group::PKCS3_DH_PARAMETERS) -{ - impl = new Botan::DH_PrivateKey(rng, group, x); } -#endif BotanDH_PrivateKey::BotanDH_PrivateKey(Botan::RandomNumberGenerator& rng, const Botan::DL_Group& grp, const Botan::BigInt& x_arg) { impl = new Botan::DH_PrivateKey(rng, grp, x_arg); -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,27) m_group = grp; m_x = x_arg; m_y = impl->get_y(); -#else - group = grp; - x = x_arg; - y = impl->get_y(); -#endif } BotanDH_PrivateKey::~BotanDH_PrivateKey() @@ -183,10 +155,9 @@ ByteString BotanDHPrivateKey::PKCS8Encode() if (dh == NULL) return der; // Force PKCS3_DH_PARAMETERS for p, g and no q. const size_t PKCS8_VERSION = 0; -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) - const std::vector parameters = dh->impl->get_domain().DER_encode(Botan::DL_Group::PKCS3_DH_PARAMETERS); + const std::vector parameters = dh->impl->get_domain().DER_encode(Botan::DL_Group::PKCS3_DH_PARAMETERS); const Botan::AlgorithmIdentifier alg_id(dh->impl->get_oid(), parameters); - const Botan::secure_vector ber = + const Botan::secure_vector ber = Botan::DER_Encoder() .start_cons(Botan::SEQUENCE) .encode(PKCS8_VERSION) @@ -194,29 +165,6 @@ ByteString BotanDHPrivateKey::PKCS8Encode() .encode(dh->impl->private_key_bits(), Botan::OCTET_STRING) .end_cons() .get_contents(); -#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - const std::vector parameters = dh->impl->get_domain().DER_encode(Botan::DL_Group::PKCS3_DH_PARAMETERS); - const Botan::AlgorithmIdentifier alg_id(dh->impl->get_oid(), parameters); - const Botan::secure_vector ber = - Botan::DER_Encoder() - .start_cons(Botan::SEQUENCE) - .encode(PKCS8_VERSION) - .encode(alg_id) - .encode(dh->impl->pkcs8_private_key(), Botan::OCTET_STRING) - .end_cons() - .get_contents(); -#else - const Botan::MemoryVector parameters = dh->impl->get_domain().DER_encode(Botan::DL_Group::PKCS3_DH_PARAMETERS); - const Botan::AlgorithmIdentifier alg_id(dh->impl->get_oid(), parameters); - const Botan::SecureVector ber = - Botan::DER_Encoder() - .start_cons(Botan::SEQUENCE) - .encode(PKCS8_VERSION) - .encode(alg_id) - .encode(dh->impl->pkcs8_private_key(), Botan::OCTET_STRING) - .end_cons() - .get_contents(); -#endif der.resize(ber.size()); memcpy(&der[0], &ber[0], ber.size()); return der; @@ -227,11 +175,7 @@ bool BotanDHPrivateKey::PKCS8Decode(const ByteString& ber) { Botan::DataSource_Memory source(ber.const_byte_str(), ber.size()); if (source.end_of_data()) return false; -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - Botan::secure_vector keydata; -#else - Botan::SecureVector keydata; -#endif + Botan::secure_vector keydata; Botan::AlgorithmIdentifier alg_id; BotanDH_PrivateKey* key = NULL; try diff --git a/src/lib/crypto/BotanDHPrivateKey.h b/src/lib/crypto/BotanDHPrivateKey.h index 5991c217c..8da0d23df 100644 --- a/src/lib/crypto/BotanDHPrivateKey.h +++ b/src/lib/crypto/BotanDHPrivateKey.h @@ -43,22 +43,12 @@ class BotanDH_PrivateKey : public Botan::DH_PublicKey, public virtual Botan::DL_Scheme_PrivateKey { public: -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - std::vector public_value() const; -#else - Botan::MemoryVector public_value() const; -#endif + std::vector public_value() const; // Constructors -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) BotanDH_PrivateKey(const Botan::AlgorithmIdentifier& alg_id, - const Botan::secure_vector& key_bits, + const Botan::secure_vector& key_bits, Botan::RandomNumberGenerator& rng); -#else - BotanDH_PrivateKey(const Botan::AlgorithmIdentifier& alg_id, - const Botan::MemoryRegion& key_bits, - Botan::RandomNumberGenerator& rng); -#endif BotanDH_PrivateKey(Botan::RandomNumberGenerator& rng, const Botan::DL_Group& grp, diff --git a/src/lib/crypto/BotanDSA.cpp b/src/lib/crypto/BotanDSA.cpp index ab3aa0154..a26001b47 100644 --- a/src/lib/crypto/BotanDSA.cpp +++ b/src/lib/crypto/BotanDSA.cpp @@ -42,7 +42,6 @@ #include #include #include -#include #include // Constructor @@ -96,13 +95,8 @@ bool BotanDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign, try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,33) BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); signer = new Botan::PK_Signer(*botanKey, *rng->getRNG(), emsa); -#else - signer = new Botan::PK_Signer(*botanKey, emsa); -#endif - // Should we add DISABLE_FAULT_PROTECTION? Makes this operation faster. } catch (...) { @@ -112,11 +106,7 @@ bool BotanDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign, } // Perform the signature operation -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - std::vector signResult; -#else - Botan::SecureVector signResult; -#endif + std::vector signResult; try { BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); @@ -134,11 +124,7 @@ bool BotanDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign, // Return the result signature.resize(signResult.size()); -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) memcpy(&signature[0], signResult.data(), signResult.size()); -#else - memcpy(&signature[0], signResult.begin(), signResult.size()); -#endif delete signer; signer = NULL; @@ -208,13 +194,8 @@ bool BotanDSA::signInit(PrivateKey* privateKey, const AsymMech::Type mechanism, try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,33) BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); signer = new Botan::PK_Signer(*botanKey, *rng->getRNG(), emsa); -#else - signer = new Botan::PK_Signer(*botanKey, emsa); -#endif - // Should we add DISABLE_FAULT_PROTECTION? Makes this operation faster. } catch (...) { @@ -268,11 +249,7 @@ bool BotanDSA::signFinal(ByteString& signature) } // Perform the signature operation -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - std::vector signResult; -#else - Botan::SecureVector signResult; -#endif + std::vector signResult; try { BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); @@ -290,11 +267,7 @@ bool BotanDSA::signFinal(ByteString& signature) // Return the result signature.resize(signResult.size()); -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) memcpy(&signature[0], signResult.data(), signResult.size()); -#else - memcpy(&signature[0], signResult.begin(), signResult.size()); -#endif delete signer; signer = NULL; diff --git a/src/lib/crypto/BotanDSAPrivateKey.cpp b/src/lib/crypto/BotanDSAPrivateKey.cpp index a7f1c9b98..894db3c9e 100644 --- a/src/lib/crypto/BotanDSAPrivateKey.cpp +++ b/src/lib/crypto/BotanDSAPrivateKey.cpp @@ -137,11 +137,7 @@ ByteString BotanDSAPrivateKey::PKCS8Encode() ByteString der; createBotanKey(); if (dsa == NULL) return der; -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - const Botan::secure_vector ber = Botan::PKCS8::BER_encode(*dsa); -#else - const Botan::SecureVector ber = Botan::PKCS8::BER_encode(*dsa); -#endif + const auto ber = Botan::PKCS8::BER_encode(*dsa); der.resize(ber.size()); memcpy(&der[0], &ber[0], ber.size()); return der; @@ -152,11 +148,7 @@ bool BotanDSAPrivateKey::PKCS8Decode(const ByteString& ber) { Botan::DataSource_Memory source(ber.const_byte_str(), ber.size()); if (source.end_of_data()) return false; -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - Botan::secure_vector keydata; -#else - Botan::SecureVector keydata; -#endif + Botan::secure_vector keydata; Botan::AlgorithmIdentifier alg_id; Botan::DSA_PrivateKey* key = NULL; try @@ -177,12 +169,7 @@ bool BotanDSAPrivateKey::PKCS8Decode(const ByteString& ber) return false; } -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34) key = new Botan::DSA_PrivateKey(alg_id, keydata); -#else - BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); - key = new Botan::DSA_PrivateKey(alg_id, keydata, *rng->getRNG()); -#endif if (key == NULL) return false; setFromBotan(key); diff --git a/src/lib/crypto/BotanECDH.cpp b/src/lib/crypto/BotanECDH.cpp index 274173455..8f45f43a5 100644 --- a/src/lib/crypto/BotanECDH.cpp +++ b/src/lib/crypto/BotanECDH.cpp @@ -181,12 +181,8 @@ bool BotanECDH::deriveKey(SymmetricKey **ppSymmetricKey, PublicKey* publicKey, P Botan::SymmetricKey sk; try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,33) BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); Botan::PK_Key_Agreement ka(*priv, *rng->getRNG(), "Raw"); -#else - Botan::PK_Key_Agreement ka(*priv, "Raw"); -#endif sk = ka.derive_key(0, pub->public_value()); } catch (...) diff --git a/src/lib/crypto/BotanECDHPrivateKey.cpp b/src/lib/crypto/BotanECDHPrivateKey.cpp index 043e6e108..09a7981ef 100644 --- a/src/lib/crypto/BotanECDHPrivateKey.cpp +++ b/src/lib/crypto/BotanECDHPrivateKey.cpp @@ -132,10 +132,9 @@ ByteString BotanECDHPrivateKey::PKCS8Encode() // No OID for ECDH const Botan::OID oid("1.2.840.10045.2.1"); // Force EC_DOMPAR_ENC_OID -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) - const std::vector parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); + const std::vector parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); const Botan::AlgorithmIdentifier alg_id(oid, parameters); - const Botan::secure_vector ber = + const Botan::secure_vector ber = Botan::DER_Encoder() .start_cons(Botan::SEQUENCE) .encode(PKCS8_VERSION) @@ -143,29 +142,6 @@ ByteString BotanECDHPrivateKey::PKCS8Encode() .encode(eckey->private_key_bits(), Botan::OCTET_STRING) .end_cons() .get_contents(); -#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - const std::vector parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); - const Botan::AlgorithmIdentifier alg_id(oid, parameters); - const Botan::secure_vector ber = - Botan::DER_Encoder() - .start_cons(Botan::SEQUENCE) - .encode(PKCS8_VERSION) - .encode(alg_id) - .encode(eckey->pkcs8_private_key(), Botan::OCTET_STRING) - .end_cons() - .get_contents(); -#else - const Botan::MemoryVector parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); - const Botan::AlgorithmIdentifier alg_id(oid, parameters); - const Botan::SecureVector ber = - Botan::DER_Encoder() - .start_cons(Botan::SEQUENCE) - .encode(PKCS8_VERSION) - .encode(alg_id) - .encode(eckey->pkcs8_private_key(), Botan::OCTET_STRING) - .end_cons() - .get_contents(); -#endif der.resize(ber.size()); memcpy(&der[0], &ber[0], ber.size()); return der; @@ -176,11 +152,7 @@ bool BotanECDHPrivateKey::PKCS8Decode(const ByteString& ber) { Botan::DataSource_Memory source(ber.const_byte_str(), ber.size()); if (source.end_of_data()) return false; -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - Botan::secure_vector keydata; -#else - Botan::SecureVector keydata; -#endif + Botan::secure_vector keydata; Botan::AlgorithmIdentifier alg_id; const Botan::OID oid("1.2.840.10045.2.1"); Botan::ECDH_PrivateKey* key = NULL; @@ -195,8 +167,7 @@ bool BotanECDHPrivateKey::PKCS8Decode(const ByteString& ber) .end_cons(); if (keydata.empty()) throw Botan::Decoding_Error("PKCS #8 private key decoding failed"); - // Botan defines == but not != ?! - if (!(alg_id.oid == oid)) + if (alg_id.oid != oid) { ERROR_MSG("Decoded private key not ECDH"); diff --git a/src/lib/crypto/BotanECDSA.cpp b/src/lib/crypto/BotanECDSA.cpp index 06b7a0f33..2e8416428 100644 --- a/src/lib/crypto/BotanECDSA.cpp +++ b/src/lib/crypto/BotanECDSA.cpp @@ -97,13 +97,8 @@ bool BotanECDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign, try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,33) BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); signer = new Botan::PK_Signer(*botanKey, *rng->getRNG(), emsa); -#else - signer = new Botan::PK_Signer(*botanKey, emsa); -#endif - // Should we add DISABLE_FAULT_PROTECTION? Makes this operation faster. } catch (...) { @@ -113,11 +108,7 @@ bool BotanECDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign, } // Perform the signature operation -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - std::vector signResult; -#else - Botan::SecureVector signResult; -#endif + std::vector signResult; try { BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); @@ -135,11 +126,7 @@ bool BotanECDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign, // Return the result signature.resize(signResult.size()); -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) memcpy(&signature[0], signResult.data(), signResult.size()); -#else - memcpy(&signature[0], signResult.begin(), signResult.size()); -#endif delete signer; signer = NULL; diff --git a/src/lib/crypto/BotanECDSAPrivateKey.cpp b/src/lib/crypto/BotanECDSAPrivateKey.cpp index a276cb056..ac398ccdb 100644 --- a/src/lib/crypto/BotanECDSAPrivateKey.cpp +++ b/src/lib/crypto/BotanECDSAPrivateKey.cpp @@ -130,10 +130,9 @@ ByteString BotanECDSAPrivateKey::PKCS8Encode() if (eckey == NULL) return der; // Force EC_DOMPAR_ENC_OID const size_t PKCS8_VERSION = 0; -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) - const std::vector parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); + const std::vector parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters); - const Botan::secure_vector ber = + const Botan::secure_vector ber = Botan::DER_Encoder() .start_cons(Botan::SEQUENCE) .encode(PKCS8_VERSION) @@ -141,29 +140,6 @@ ByteString BotanECDSAPrivateKey::PKCS8Encode() .encode(eckey->private_key_bits(), Botan::OCTET_STRING) .end_cons() .get_contents(); -#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - const std::vector parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); - const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters); - const Botan::secure_vector ber = - Botan::DER_Encoder() - .start_cons(Botan::SEQUENCE) - .encode(PKCS8_VERSION) - .encode(alg_id) - .encode(eckey->pkcs8_private_key(), Botan::OCTET_STRING) - .end_cons() - .get_contents(); -#else - const Botan::MemoryVector parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); - const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters); - const Botan::SecureVector ber = - Botan::DER_Encoder() - .start_cons(Botan::SEQUENCE) - .encode(PKCS8_VERSION) - .encode(alg_id) - .encode(eckey->pkcs8_private_key(), Botan::OCTET_STRING) - .end_cons() - .get_contents(); -#endif der.resize(ber.size()); memcpy(&der[0], &ber[0], ber.size()); return der; @@ -174,11 +150,7 @@ bool BotanECDSAPrivateKey::PKCS8Decode(const ByteString& ber) { Botan::DataSource_Memory source(ber.const_byte_str(), ber.size()); if (source.end_of_data()) return false; -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - Botan::secure_vector keydata; -#else - Botan::SecureVector keydata; -#endif + Botan::secure_vector keydata; Botan::AlgorithmIdentifier alg_id; Botan::ECDSA_PrivateKey* key = NULL; try diff --git a/src/lib/crypto/BotanEDDSA.cpp b/src/lib/crypto/BotanEDDSA.cpp index f5c7bd5b5..9ea855179 100644 --- a/src/lib/crypto/BotanEDDSA.cpp +++ b/src/lib/crypto/BotanEDDSA.cpp @@ -106,7 +106,6 @@ bool BotanEDDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign, { BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); signer = new Botan::PK_Signer(*botanKey, *rng->getRNG(), emsa); - // Should we add DISABLE_FAULT_PROTECTION? Makes this operation faster. } catch (...) { @@ -116,7 +115,7 @@ bool BotanEDDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign, } // Perform the signature operation - std::vector signResult; + std::vector signResult; try { BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); diff --git a/src/lib/crypto/BotanEDPrivateKey.cpp b/src/lib/crypto/BotanEDPrivateKey.cpp index bef9e7b68..81b84c7e0 100644 --- a/src/lib/crypto/BotanEDPrivateKey.cpp +++ b/src/lib/crypto/BotanEDPrivateKey.cpp @@ -43,7 +43,6 @@ #include #include #include -#include #include #include #include @@ -152,7 +151,7 @@ ByteString BotanEDPrivateKey::PKCS8Encode() ByteString der; createBotanKey(); if (edkey == NULL) return der; - const Botan::secure_vector ber = Botan::PKCS8::BER_encode(*edkey); + const Botan::secure_vector ber = Botan::PKCS8::BER_encode(*edkey); der.resize(ber.size()); memcpy(&der[0], &ber[0], ber.size()); return der; @@ -163,7 +162,7 @@ bool BotanEDPrivateKey::PKCS8Decode(const ByteString& ber) { Botan::DataSource_Memory source(ber.const_byte_str(), ber.size()); if (source.end_of_data()) return false; - Botan::secure_vector keydata; + Botan::secure_vector keydata; Botan::AlgorithmIdentifier alg_id; Botan::Private_Key* key = NULL; try diff --git a/src/lib/crypto/BotanGOST.cpp b/src/lib/crypto/BotanGOST.cpp index ab02d543a..4ae0d13b9 100644 --- a/src/lib/crypto/BotanGOST.cpp +++ b/src/lib/crypto/BotanGOST.cpp @@ -114,13 +114,8 @@ bool BotanGOST::signInit(PrivateKey* privateKey, const AsymMech::Type mechanism, try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,33) BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); signer = new Botan::PK_Signer(*botanKey, *rng->getRNG(), emsa); -#else - signer = new Botan::PK_Signer(*botanKey, emsa); -#endif - // Should we add DISABLE_FAULT_PROTECTION? Makes this operation faster. } catch (...) { @@ -174,11 +169,7 @@ bool BotanGOST::signFinal(ByteString& signature) } // Perform the signature operation -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - std::vector signResult; -#else - Botan::SecureVector signResult; -#endif + std::vector signResult; try { BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); @@ -196,11 +187,7 @@ bool BotanGOST::signFinal(ByteString& signature) // Return the result signature.resize(signResult.size()); -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) memcpy(&signature[0], signResult.data(), signResult.size()); -#else - memcpy(&signature[0], signResult.begin(), signResult.size()); -#endif delete signer; signer = NULL; diff --git a/src/lib/crypto/BotanGOSTPrivateKey.cpp b/src/lib/crypto/BotanGOSTPrivateKey.cpp index e5bb3b460..295fc812d 100644 --- a/src/lib/crypto/BotanGOSTPrivateKey.cpp +++ b/src/lib/crypto/BotanGOSTPrivateKey.cpp @@ -161,10 +161,9 @@ ByteString BotanGOSTPrivateKey::PKCS8Encode() if (eckey == NULL) return der; // Force EC_DOMPAR_ENC_OID const size_t PKCS8_VERSION = 0; -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) - const std::vector parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); - const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters); - const Botan::secure_vector ber = + const std::vector parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); + const Botan::AlgorithmIdentifier alg_id(Botan::OIDS::lookup("GOST-34.10"), parameters); + const Botan::secure_vector ber = Botan::DER_Encoder() .start_cons(Botan::SEQUENCE) .encode(PKCS8_VERSION) @@ -172,29 +171,6 @@ ByteString BotanGOSTPrivateKey::PKCS8Encode() .encode(eckey->private_key_bits(), Botan::OCTET_STRING) .end_cons() .get_contents(); -#elif BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - const std::vector parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); - const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters); - const Botan::secure_vector ber = - Botan::DER_Encoder() - .start_cons(Botan::SEQUENCE) - .encode(PKCS8_VERSION) - .encode(alg_id) - .encode(eckey->pkcs8_private_key(), Botan::OCTET_STRING) - .end_cons() - .get_contents(); -#else - const Botan::MemoryVector parameters = eckey->domain().DER_encode(Botan::EC_DOMPAR_ENC_OID); - const Botan::AlgorithmIdentifier alg_id(eckey->get_oid(), parameters); - const Botan::SecureVector ber = - Botan::DER_Encoder() - .start_cons(Botan::SEQUENCE) - .encode(PKCS8_VERSION) - .encode(alg_id) - .encode(eckey->pkcs8_private_key(), Botan::OCTET_STRING) - .end_cons() - .get_contents(); -#endif der.resize(ber.size()); memcpy(&der[0], &ber[0], ber.size()); return der; @@ -205,11 +181,7 @@ bool BotanGOSTPrivateKey::PKCS8Decode(const ByteString& ber) { Botan::DataSource_Memory source(ber.const_byte_str(), ber.size()); if (source.end_of_data()) return false; -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - Botan::secure_vector keydata; -#else - Botan::SecureVector keydata; -#endif + Botan::secure_vector keydata; Botan::AlgorithmIdentifier alg_id; Botan::GOST_3410_PrivateKey* key = NULL; try diff --git a/src/lib/crypto/BotanGOSTR3411.cpp b/src/lib/crypto/BotanGOSTR3411.cpp index 344cdcd37..0955d17dd 100644 --- a/src/lib/crypto/BotanGOSTR3411.cpp +++ b/src/lib/crypto/BotanGOSTR3411.cpp @@ -33,15 +33,14 @@ #include "config.h" #ifdef WITH_GOST #include "BotanGOSTR3411.h" -#include int BotanGOSTR3411::getHashSize() { return 32; } -Botan::HashFunction* BotanGOSTR3411::getHash() const +const char* BotanGOSTR3411::getHashName() const { - return new Botan::GOST_34_11(); + return "GOST-34.11"; } #endif diff --git a/src/lib/crypto/BotanGOSTR3411.h b/src/lib/crypto/BotanGOSTR3411.h index b0ee374d1..08e1735ee 100644 --- a/src/lib/crypto/BotanGOSTR3411.h +++ b/src/lib/crypto/BotanGOSTR3411.h @@ -41,7 +41,7 @@ class BotanGOSTR3411 : public BotanHashAlgorithm { virtual int getHashSize(); protected: - virtual Botan::HashFunction* getHash() const; + virtual const char* getHashName() const; }; #endif // !_SOFTHSM_V2_BOTANGOSTR3411_H diff --git a/src/lib/crypto/BotanHashAlgorithm.cpp b/src/lib/crypto/BotanHashAlgorithm.cpp index 9630dfc3c..67d9c6a92 100644 --- a/src/lib/crypto/BotanHashAlgorithm.cpp +++ b/src/lib/crypto/BotanHashAlgorithm.cpp @@ -32,7 +32,7 @@ #include "config.h" #include "BotanHashAlgorithm.h" -#include +#include // Base constructor BotanHashAlgorithm::BotanHashAlgorithm() @@ -59,7 +59,7 @@ bool BotanHashAlgorithm::hashInit() { if (hash == NULL) { - hash = getHash(); + hash = Botan::HashFunction::create_or_throw(getHashName()).release(); } else { diff --git a/src/lib/crypto/BotanHashAlgorithm.h b/src/lib/crypto/BotanHashAlgorithm.h index dde82dbd0..91c510592 100644 --- a/src/lib/crypto/BotanHashAlgorithm.h +++ b/src/lib/crypto/BotanHashAlgorithm.h @@ -53,7 +53,7 @@ class BotanHashAlgorithm : public HashAlgorithm virtual int getHashSize() = 0; protected: - virtual Botan::HashFunction* getHash() const = 0; + virtual const char* getHashName() const = 0; private: // Current hashing context diff --git a/src/lib/crypto/BotanMAC.h b/src/lib/crypto/BotanMAC.h index 4db9aee7f..9f7151782 100644 --- a/src/lib/crypto/BotanMAC.h +++ b/src/lib/crypto/BotanMAC.h @@ -35,7 +35,6 @@ #include "config.h" #include "BotanMacAlgorithm.h" -#include #include class BotanHMACMD5 : public BotanMacAlgorithm diff --git a/src/lib/crypto/BotanMD5.cpp b/src/lib/crypto/BotanMD5.cpp index 382f53d98..cbe1c6785 100644 --- a/src/lib/crypto/BotanMD5.cpp +++ b/src/lib/crypto/BotanMD5.cpp @@ -32,14 +32,13 @@ #include "config.h" #include "BotanMD5.h" -#include int BotanMD5::getHashSize() { return 16; } -Botan::HashFunction* BotanMD5::getHash() const +const char* BotanMD5::getHashName() const { - return new Botan::MD5(); + return "MD5"; } diff --git a/src/lib/crypto/BotanMD5.h b/src/lib/crypto/BotanMD5.h index 654201991..831f5af30 100644 --- a/src/lib/crypto/BotanMD5.h +++ b/src/lib/crypto/BotanMD5.h @@ -41,7 +41,7 @@ class BotanMD5 : public BotanHashAlgorithm { virtual int getHashSize(); protected: - virtual Botan::HashFunction* getHash() const; + virtual const char* getHashName() const; }; #endif // !_SOFTHSM_V2_BOTANMD5_H diff --git a/src/lib/crypto/BotanMacAlgorithm.cpp b/src/lib/crypto/BotanMacAlgorithm.cpp index 6c863f7ee..2ec34e3ec 100644 --- a/src/lib/crypto/BotanMacAlgorithm.cpp +++ b/src/lib/crypto/BotanMacAlgorithm.cpp @@ -38,11 +38,7 @@ #include #include -#include #include -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,26) -#include -#endif // Constructor BotanMacAlgorithm::BotanMacAlgorithm() @@ -82,11 +78,7 @@ bool BotanMacAlgorithm::signInit(const SymmetricKey* key) // Allocate the context try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,26) - mac = Botan::MessageAuthenticationCode::create(macName).release(); -#else - mac = Botan::get_mac(macName); -#endif + mac = Botan::MessageAuthenticationCode::create_or_throw(macName).release(); mac->set_key(key->getKeyBits().const_byte_str(), key->getKeyBits().size()); } catch (std::exception &e) @@ -147,11 +139,7 @@ bool BotanMacAlgorithm::signFinal(ByteString& signature) } // Perform the signature operation -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - Botan::secure_vector signResult; -#else - Botan::SecureVector signResult; -#endif + Botan::secure_vector signResult; try { signResult = mac->final(); @@ -168,11 +156,7 @@ bool BotanMacAlgorithm::signFinal(ByteString& signature) // Return the result signature.resize(signResult.size()); -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) memcpy(&signature[0], signResult.data(), signResult.size()); -#else - memcpy(&signature[0], signResult.begin(), signResult.size()); -#endif delete mac; mac = NULL; @@ -205,11 +189,7 @@ bool BotanMacAlgorithm::verifyInit(const SymmetricKey* key) // Allocate the context try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,26) - mac = Botan::MessageAuthenticationCode::create(macName).release(); -#else - mac = Botan::get_mac(macName); -#endif + mac = Botan::MessageAuthenticationCode::create_or_throw(macName).release(); mac->set_key(key->getKeyBits().const_byte_str(), key->getKeyBits().size()); } catch (std::exception &e) @@ -270,11 +250,7 @@ bool BotanMacAlgorithm::verifyFinal(ByteString& signature) } // Perform the verify operation -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - Botan::secure_vector macResult; -#else - Botan::SecureVector macResult; -#endif + Botan::secure_vector macResult; try { macResult = mac->final(); @@ -302,9 +278,5 @@ bool BotanMacAlgorithm::verifyFinal(ByteString& signature) delete mac; mac = NULL; -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - return memcmp(&signature[0], macResult.data(), macResult.size()) == 0; -#else - return memcmp(&signature[0], macResult.begin(), macResult.size()) == 0; -#endif + return Botan::same_mem(&signature[0], macResult.data(), macResult.size()); } diff --git a/src/lib/crypto/BotanRNG.cpp b/src/lib/crypto/BotanRNG.cpp index fa6509dfd..74bc4c324 100644 --- a/src/lib/crypto/BotanRNG.cpp +++ b/src/lib/crypto/BotanRNG.cpp @@ -32,31 +32,18 @@ #include "config.h" #include "BotanRNG.h" - -#include - -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,14) -#include -#else #include -#endif // Base constructor BotanRNG::BotanRNG() { -#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,11,14) - rng = &Botan::global_state().global_rng(); -#else rng = new Botan::AutoSeeded_RNG(); -#endif } // Destructor BotanRNG::~BotanRNG() { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,14) delete rng; -#endif } // Generate random data @@ -74,10 +61,6 @@ bool BotanRNG::generateRandom(ByteString& data, const size_t len) void BotanRNG::seed(ByteString& seedData) { rng->add_entropy(seedData.byte_str(), seedData.size()); - // add_entropy will make sure the RNG is reseed so we do not need to call it. - // Made this change bacuase of API changes in Botan 1.11.31, - // but the statement above is also true for Botan 1.10. - // rng->reseed(seedData.size()); } // Get the RNG diff --git a/src/lib/crypto/BotanRSA.cpp b/src/lib/crypto/BotanRSA.cpp index 2fbb4e2e8..3ed450ef0 100644 --- a/src/lib/crypto/BotanRSA.cpp +++ b/src/lib/crypto/BotanRSA.cpp @@ -106,13 +106,8 @@ bool BotanRSA::sign(PrivateKey* privateKey, const ByteString& dataToSign, try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,33) BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); signer = new Botan::PK_Signer(*botanKey, *rng->getRNG(), emsa); -#else - signer = new Botan::PK_Signer(*botanKey, emsa); -#endif - // Should we add DISABLE_FAULT_PROTECTION? Makes this operation faster. } catch (...) { @@ -122,11 +117,7 @@ bool BotanRSA::sign(PrivateKey* privateKey, const ByteString& dataToSign, } // Perform the signature operation -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - std::vector signResult; -#else - Botan::SecureVector signResult; -#endif + std::vector signResult; try { BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); @@ -144,11 +135,7 @@ bool BotanRSA::sign(PrivateKey* privateKey, const ByteString& dataToSign, // Return the result signature.resize(signResult.size()); -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) memcpy(&signature[0], signResult.data(), signResult.size()); -#else - memcpy(&signature[0], signResult.begin(), signResult.size()); -#endif delete signer; signer = NULL; @@ -336,13 +323,8 @@ bool BotanRSA::signInit(PrivateKey* privateKey, const AsymMech::Type mechanism, try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,33) BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); signer = new Botan::PK_Signer(*botanKey, *rng->getRNG(), emsa); -#else - signer = new Botan::PK_Signer(*botanKey, emsa); -#endif - // Should we add DISABLE_FAULT_PROTECTION? Makes this operation faster. } catch (...) { @@ -396,11 +378,7 @@ bool BotanRSA::signFinal(ByteString& signature) } // Perform the signature operation -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - std::vector signResult; -#else - Botan::SecureVector signResult; -#endif + std::vector signResult; try { BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); @@ -418,11 +396,7 @@ bool BotanRSA::signFinal(ByteString& signature) // Return the result signature.resize(signResult.size()); -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) memcpy(&signature[0], signResult.data(), signResult.size()); -#else - memcpy(&signature[0], signResult.begin(), signResult.size()); -#endif delete signer; signer = NULL; @@ -812,12 +786,8 @@ bool BotanRSA::encrypt(PublicKey* publicKey, const ByteString& data, Botan::PK_Encryptor_EME* encryptor = NULL; try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,33) BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); encryptor = new Botan::PK_Encryptor_EME(*botanKey, *rng->getRNG(), eme); -#else - encryptor = new Botan::PK_Encryptor_EME(*botanKey, eme); -#endif } catch (...) { @@ -827,11 +797,7 @@ bool BotanRSA::encrypt(PublicKey* publicKey, const ByteString& data, } // Perform the encryption operation -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - std::vector encResult; -#else - Botan::SecureVector encResult; -#endif + std::vector encResult; try { BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); @@ -848,11 +814,7 @@ bool BotanRSA::encrypt(PublicKey* publicKey, const ByteString& data, // Return the result encryptedData.resize(encResult.size()); -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) memcpy(&encryptedData[0], encResult.data(), encResult.size()); -#else - memcpy(&encryptedData[0], encResult.begin(), encResult.size()); -#endif delete encryptor; @@ -903,12 +865,8 @@ bool BotanRSA::decrypt(PrivateKey* privateKey, const ByteString& encryptedData, Botan::PK_Decryptor_EME* decryptor = NULL; try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,33) BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); decryptor = new Botan::PK_Decryptor_EME(*botanKey, *rng->getRNG(), eme); -#else - decryptor = new Botan::PK_Decryptor_EME(*botanKey, eme); -#endif } catch (...) { @@ -918,11 +876,7 @@ bool BotanRSA::decrypt(PrivateKey* privateKey, const ByteString& encryptedData, } // Perform the decryption operation -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - Botan::secure_vector decResult; -#else - Botan::SecureVector decResult; -#endif + Botan::secure_vector decResult; try { decResult = decryptor->decrypt(encryptedData.const_byte_str(), encryptedData.size()); @@ -943,20 +897,12 @@ bool BotanRSA::decrypt(PrivateKey* privateKey, const ByteString& encryptedData, int modSize = pk->getN().size(); int decSize = decResult.size(); data.resize(modSize); -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) memcpy(&data[0] + modSize - decSize, decResult.data(), decSize); -#else - memcpy(&data[0] + modSize - decSize, decResult.begin(), decSize); -#endif } else { data.resize(decResult.size()); -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) memcpy(&data[0], decResult.data(), decResult.size()); -#else - memcpy(&data[0], decResult.begin(), decResult.size()); -#endif } delete decryptor; diff --git a/src/lib/crypto/BotanRSAPrivateKey.cpp b/src/lib/crypto/BotanRSAPrivateKey.cpp index f600230a4..293566c24 100644 --- a/src/lib/crypto/BotanRSAPrivateKey.cpp +++ b/src/lib/crypto/BotanRSAPrivateKey.cpp @@ -190,11 +190,7 @@ ByteString BotanRSAPrivateKey::PKCS8Encode() ByteString der; createBotanKey(); if (rsa == NULL) return der; -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - const Botan::secure_vector ber = Botan::PKCS8::BER_encode(*rsa); -#else - const Botan::SecureVector ber = Botan::PKCS8::BER_encode(*rsa); -#endif + const auto ber = Botan::PKCS8::BER_encode(*rsa); der.resize(ber.size()); memcpy(&der[0], &ber[0], ber.size()); return der; @@ -205,11 +201,7 @@ bool BotanRSAPrivateKey::PKCS8Decode(const ByteString& ber) { Botan::DataSource_Memory source(ber.const_byte_str(), ber.size()); if (source.end_of_data()) return false; -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - Botan::secure_vector keydata; -#else - Botan::SecureVector keydata; -#endif + Botan::secure_vector keydata; Botan::AlgorithmIdentifier alg_id; Botan::RSA_PrivateKey* key = NULL; try @@ -230,12 +222,7 @@ bool BotanRSAPrivateKey::PKCS8Decode(const ByteString& ber) return false; } -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34) key = new Botan::RSA_PrivateKey(alg_id, keydata); -#else - BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); - key = new Botan::RSA_PrivateKey(alg_id, keydata, *rng->getRNG()); -#endif if (key == NULL) return false; setFromBotan(key); @@ -279,22 +266,12 @@ void BotanRSAPrivateKey::createBotanKey() try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,34) rsa = new Botan::RSA_PrivateKey( BotanUtil::byteString2bigInt(p), BotanUtil::byteString2bigInt(q), BotanUtil::byteString2bigInt(e), BotanUtil::byteString2bigInt(d), BotanUtil::byteString2bigInt(n)); -#else - BotanRNG* rng = (BotanRNG*)BotanCryptoFactory::i()->getRNG(); - rsa = new Botan::RSA_PrivateKey(*rng->getRNG(), - BotanUtil::byteString2bigInt(p), - BotanUtil::byteString2bigInt(q), - BotanUtil::byteString2bigInt(e), - BotanUtil::byteString2bigInt(d), - BotanUtil::byteString2bigInt(n)); -#endif } catch (...) { diff --git a/src/lib/crypto/BotanSHA1.cpp b/src/lib/crypto/BotanSHA1.cpp index 35846eca6..d039b1327 100644 --- a/src/lib/crypto/BotanSHA1.cpp +++ b/src/lib/crypto/BotanSHA1.cpp @@ -32,14 +32,13 @@ #include "config.h" #include "BotanSHA1.h" -#include int BotanSHA1::getHashSize() { return 20; } -Botan::HashFunction* BotanSHA1::getHash() const +const char* BotanSHA1::getHashName() const { - return new Botan::SHA_160(); + return "SHA-1"; } diff --git a/src/lib/crypto/BotanSHA1.h b/src/lib/crypto/BotanSHA1.h index ca336b05d..4208c0642 100644 --- a/src/lib/crypto/BotanSHA1.h +++ b/src/lib/crypto/BotanSHA1.h @@ -41,7 +41,7 @@ class BotanSHA1 : public BotanHashAlgorithm { virtual int getHashSize(); protected: - virtual Botan::HashFunction* getHash() const; + virtual const char* getHashName() const; }; #endif // !_SOFTHSM_V2_BOTANSHA1_H diff --git a/src/lib/crypto/BotanSHA224.cpp b/src/lib/crypto/BotanSHA224.cpp index f1d226811..8e2387ebf 100644 --- a/src/lib/crypto/BotanSHA224.cpp +++ b/src/lib/crypto/BotanSHA224.cpp @@ -32,14 +32,13 @@ #include "config.h" #include "BotanSHA224.h" -#include int BotanSHA224::getHashSize() { return 28; } -Botan::HashFunction* BotanSHA224::getHash() const +const char* BotanSHA224::getHashName() const { - return new Botan::SHA_224(); + return "SHA-224"; } diff --git a/src/lib/crypto/BotanSHA224.h b/src/lib/crypto/BotanSHA224.h index 61fe16c59..97bf441a5 100644 --- a/src/lib/crypto/BotanSHA224.h +++ b/src/lib/crypto/BotanSHA224.h @@ -41,7 +41,7 @@ class BotanSHA224 : public BotanHashAlgorithm { virtual int getHashSize(); protected: - virtual Botan::HashFunction* getHash() const; + virtual const char* getHashName() const; }; #endif // !_SOFTHSM_V2_BOTANSHA224_H diff --git a/src/lib/crypto/BotanSHA256.cpp b/src/lib/crypto/BotanSHA256.cpp index 878deceec..5df4f2ed4 100644 --- a/src/lib/crypto/BotanSHA256.cpp +++ b/src/lib/crypto/BotanSHA256.cpp @@ -1,6 +1,6 @@ /* * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) - * All rights reserved. +n * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -32,14 +32,13 @@ #include "config.h" #include "BotanSHA256.h" -#include int BotanSHA256::getHashSize() { return 32; } -Botan::HashFunction* BotanSHA256::getHash() const +const char* BotanSHA256::getHashName() const { - return new Botan::SHA_256(); + return "SHA-256"; } diff --git a/src/lib/crypto/BotanSHA256.h b/src/lib/crypto/BotanSHA256.h index 5561f3c75..a0e6fe63d 100644 --- a/src/lib/crypto/BotanSHA256.h +++ b/src/lib/crypto/BotanSHA256.h @@ -41,7 +41,7 @@ class BotanSHA256 : public BotanHashAlgorithm { virtual int getHashSize(); protected: - virtual Botan::HashFunction* getHash() const; + virtual const char* getHashName() const; }; #endif // !_SOFTHSM_V2_BOTANSHA256_H diff --git a/src/lib/crypto/BotanSHA384.cpp b/src/lib/crypto/BotanSHA384.cpp index b7a1e09d9..4a372451e 100644 --- a/src/lib/crypto/BotanSHA384.cpp +++ b/src/lib/crypto/BotanSHA384.cpp @@ -32,14 +32,13 @@ #include "config.h" #include "BotanSHA384.h" -#include int BotanSHA384::getHashSize() { return 48; } -Botan::HashFunction* BotanSHA384::getHash() const +const char* BotanSHA384::getHashName() const { - return new Botan::SHA_384(); + return "SHA-384"; } diff --git a/src/lib/crypto/BotanSHA384.h b/src/lib/crypto/BotanSHA384.h index 5cf5d9873..4af0984b1 100644 --- a/src/lib/crypto/BotanSHA384.h +++ b/src/lib/crypto/BotanSHA384.h @@ -41,7 +41,7 @@ class BotanSHA384 : public BotanHashAlgorithm { virtual int getHashSize(); protected: - virtual Botan::HashFunction* getHash() const; + virtual const char* getHashName() const; }; #endif // !_SOFTHSM_V2_BOTANSHA384_H diff --git a/src/lib/crypto/BotanSHA512.cpp b/src/lib/crypto/BotanSHA512.cpp index b7aa45943..45b3a027f 100644 --- a/src/lib/crypto/BotanSHA512.cpp +++ b/src/lib/crypto/BotanSHA512.cpp @@ -32,14 +32,13 @@ #include "config.h" #include "BotanSHA512.h" -#include int BotanSHA512::getHashSize() { return 64; } -Botan::HashFunction* BotanSHA512::getHash() const +const char* BotanSHA512::getHashName() const { - return new Botan::SHA_512(); + return "SHA-512"; } diff --git a/src/lib/crypto/BotanSHA512.h b/src/lib/crypto/BotanSHA512.h index d72416e33..adae4c07e 100644 --- a/src/lib/crypto/BotanSHA512.h +++ b/src/lib/crypto/BotanSHA512.h @@ -41,7 +41,7 @@ class BotanSHA512 : public BotanHashAlgorithm { virtual int getHashSize(); protected: - virtual Botan::HashFunction* getHash() const; + virtual const char* getHashName() const; }; #endif // !_SOFTHSM_V2_BOTANSHA512_H diff --git a/src/lib/crypto/BotanSymmetricAlgorithm.cpp b/src/lib/crypto/BotanSymmetricAlgorithm.cpp index 3f138921b..55b4cda29 100644 --- a/src/lib/crypto/BotanSymmetricAlgorithm.cpp +++ b/src/lib/crypto/BotanSymmetricAlgorithm.cpp @@ -39,22 +39,41 @@ #include #include -#include #include +#include +#include -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,14) -#include -#endif - -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) #include "Botan_ecb.h" -#include -#endif -#ifdef WITH_AES_GCM -#include +#if BOTAN_VERSION_CODE <= BOTAN_VERSION_CODE_FOR(2,11,0) + #include #endif +std::vector split_on_delim(const std::string& str, char delim) +{ + std::vector elems; + if(str.empty()) return elems; + + std::string substr; + for (auto i = str.begin(); i != str.end(); ++i) + { + if (*i == delim) + { + if (!substr.empty()) + elems.push_back(substr); + substr.clear(); + } + else + substr += *i; + } + + if (!substr.empty()) + elems.push_back(substr); + + return elems; +} + + // Constructor BotanSymmetricAlgorithm::BotanSymmetricAlgorithm() { @@ -151,28 +170,23 @@ bool BotanSymmetricAlgorithm::encryptInit(const SymmetricKey* key, const SymMode Botan::SymmetricKey botanKey = Botan::SymmetricKey(key->getKeyBits().const_byte_str(), key->getKeyBits().size()); if (mode == SymMode::ECB) { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) // ECB cipher mode was dropped in Botan 2.0 - const std::vector algo_parts = Botan::split_on(cipherName, '/'); + const std::vector algo_parts = split_on_delim(cipherName, '/'); const std::string cipher_name = algo_parts[0]; - Botan::BlockCipherModePaddingMethod* pad; + bool with_pkcs7_padding; if (algo_parts.size() == 3 && algo_parts[2] == "PKCS7") { - pad = new Botan::PKCS7_Padding(); + with_pkcs7_padding = true; } else { - pad = new Botan::Null_Padding(); + with_pkcs7_padding = false; } std::unique_ptr bc(Botan::BlockCipher::create(cipher_name)); - Botan::Keyed_Filter* cipher = new Botan::Cipher_Mode_Filter(new Botan::ECB_Encryption(bc.release(),pad)); + Botan::Keyed_Filter* cipher = new Botan::Cipher_Mode_Filter(new Botan::ECB_Encryption(bc.release(), with_pkcs7_padding)); cipher->set_key(botanKey); cryption = new Botan::Pipe(cipher); -#else - cryption = new Botan::Pipe(Botan::get_cipher(cipherName, botanKey, Botan::ENCRYPTION)); -#endif } -#ifdef WITH_AES_GCM else if (mode == SymMode::GCM) { Botan::AEAD_Mode* aead = Botan::get_aead(cipherName, Botan::ENCRYPTION); @@ -184,7 +198,6 @@ bool BotanSymmetricAlgorithm::encryptInit(const SymmetricKey* key, const SymMode filter->set_iv(botanIV); cryption = new Botan::Pipe(filter); } -#endif else { Botan::InitializationVector botanIV = Botan::InitializationVector(IV.const_byte_str(), IV.size()); @@ -392,28 +405,23 @@ bool BotanSymmetricAlgorithm::decryptInit(const SymmetricKey* key, const SymMode Botan::SymmetricKey botanKey = Botan::SymmetricKey(key->getKeyBits().const_byte_str(), key->getKeyBits().size()); if (mode == SymMode::ECB) { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) // ECB cipher mode was dropped in Botan 2.0 - const std::vector algo_parts = Botan::split_on(cipherName, '/'); + const std::vector algo_parts = split_on_delim(cipherName, '/'); const std::string cipher_name = algo_parts[0]; - Botan::BlockCipherModePaddingMethod* pad; + bool with_pkcs7_padding; if (algo_parts.size() == 3 && algo_parts[2] == "PKCS7") { - pad = new Botan::PKCS7_Padding(); + with_pkcs7_padding = true; } else { - pad = new Botan::Null_Padding(); + with_pkcs7_padding = false; } std::unique_ptr bc(Botan::BlockCipher::create(cipher_name)); - Botan::Keyed_Filter* cipher = new Botan::Cipher_Mode_Filter(new Botan::ECB_Decryption(bc.release(),pad)); + Botan::Keyed_Filter* cipher = new Botan::Cipher_Mode_Filter(new Botan::ECB_Decryption(bc.release(),with_pkcs7_padding)); cipher->set_key(botanKey); cryption = new Botan::Pipe(cipher); -#else - cryption = new Botan::Pipe(Botan::get_cipher(cipherName, botanKey, Botan::DECRYPTION)); -#endif } -#ifdef WITH_AES_GCM else if (mode == SymMode::GCM) { Botan::AEAD_Mode* aead = Botan::get_aead(cipherName, Botan::DECRYPTION); @@ -425,7 +433,6 @@ bool BotanSymmetricAlgorithm::decryptInit(const SymmetricKey* key, const SymMode filter->set_iv(botanIV); cryption = new Botan::Pipe(filter); } -#endif else { Botan::InitializationVector botanIV = Botan::InitializationVector(IV.const_byte_str(), IV.size()); diff --git a/src/lib/crypto/BotanUtil.cpp b/src/lib/crypto/BotanUtil.cpp index c623fedf4..888a33d2a 100644 --- a/src/lib/crypto/BotanUtil.cpp +++ b/src/lib/crypto/BotanUtil.cpp @@ -81,24 +81,16 @@ Botan::BigInt BotanUtil::byteString2bigInt(const ByteString& byteString) // Convert a Botan EC group to a ByteString ByteString BotanUtil::ecGroup2ByteString(const Botan::EC_Group& ecGroup) { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - std::vector der = ecGroup.DER_encode(Botan::EC_DOMPAR_ENC_OID); -#else - Botan::SecureVector der = ecGroup.DER_encode(Botan::EC_DOMPAR_ENC_OID); -#endif + std::vector der = ecGroup.DER_encode(Botan::EC_DOMPAR_ENC_OID); return ByteString(&der[0], der.size()); } // Convert a ByteString to a Botan EC group Botan::EC_Group BotanUtil::byteString2ECGroup(const ByteString& byteString) { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - std::vector der(byteString.size()); + std::vector der(byteString.size()); memcpy(&der[0], byteString.const_byte_str(), byteString.size()); return Botan::EC_Group(der); -#else - return Botan::EC_Group(Botan::MemoryVector(byteString.const_byte_str(), byteString.size())); -#endif } // Convert a Botan EC point to a ByteString @@ -108,14 +100,12 @@ ByteString BotanUtil::ecPoint2ByteString(const Botan::PointGFp& ecPoint) try { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - Botan::secure_vector repr = Botan::EC2OSP(ecPoint, Botan::PointGFp::UNCOMPRESSED); - Botan::secure_vector der; +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,5,0) + const std::vector repr = ecPoint.encode(Botan::PointGFp::UNCOMPRESSED); #else - Botan::SecureVector repr = Botan::EC2OSP(ecPoint, Botan::PointGFp::UNCOMPRESSED); - Botan::SecureVector der; + const Botan::secure_vector repr = Botan::EC2OSP(ecPoint, Botan::PointGFp::UNCOMPRESSED); #endif - + Botan::secure_vector der; der = Botan::DER_Encoder() .encode(repr, Botan::OCTET_STRING) @@ -133,15 +123,15 @@ ByteString BotanUtil::ecPoint2ByteString(const Botan::PointGFp& ecPoint) // Convert a ByteString to a Botan EC point Botan::PointGFp BotanUtil::byteString2ECPoint(const ByteString& byteString, const Botan::EC_Group& ecGroup) { -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,11,0) - std::vector repr; -#else - Botan::SecureVector repr; -#endif + std::vector repr; Botan::BER_Decoder(byteString.const_byte_str(), byteString.size()) .decode(repr, Botan::OCTET_STRING) .verify_end(); +#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,5,0) + return ecGroup.OS2ECP(&repr[0], repr.size()); +#else return Botan::OS2ECP(&repr[0], repr.size(), ecGroup.get_curve()); +#endif } #endif @@ -149,7 +139,7 @@ Botan::PointGFp BotanUtil::byteString2ECPoint(const ByteString& byteString, cons // Convert a Botan OID to a ByteString ByteString BotanUtil::oid2ByteString(const Botan::OID& oid) { - const Botan::secure_vector& der = Botan::DER_Encoder().encode(oid).get_contents(); + const Botan::secure_vector der = Botan::DER_Encoder().encode(oid).get_contents(); return ByteString(&der[0], der.size()); } diff --git a/src/lib/crypto/Botan_ecb.cpp b/src/lib/crypto/Botan_ecb.cpp index 9fe4a7c70..8773aeb2c 100644 --- a/src/lib/crypto/Botan_ecb.cpp +++ b/src/lib/crypto/Botan_ecb.cpp @@ -7,24 +7,19 @@ */ #include -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) + // ECB cipher mode was dropped in Botan 2.0.0 // so including this code in SoftHSM for continued support // for e.g. CKA_VALUE_CHECK #include "Botan_ecb.h" -#include "Botan_rounding.h" namespace Botan { -ECB_Mode::ECB_Mode(BlockCipher* cipher, BlockCipherModePaddingMethod* padding) : +ECB_Mode::ECB_Mode(BlockCipher* cipher, bool with_pkcs7_padding) : m_cipher(cipher), - m_padding(padding) + m_with_pkcs7_padding(with_pkcs7_padding) { - if(!m_padding->valid_blocksize(cipher->block_size())) - throw Invalid_Argument("Padding " + m_padding->name() + - " cannot be used with " + - cipher->name() + "/ECB"); } void ECB_Mode::clear() @@ -40,7 +35,13 @@ void ECB_Mode::reset() std::string ECB_Mode::name() const { - return cipher().name() + "/ECB/" + padding().name(); + std::string name = cipher().name(); + name += "/ECB/"; + if(m_with_pkcs7_padding) + name += "PKCS7"; + else + name += "NoPadding"; + return name; } size_t ECB_Mode::update_granularity() const @@ -79,6 +80,19 @@ size_t ECB_Encryption::minimum_final_size() const return 0; } +namespace { + +inline size_t round_up(size_t n, size_t align_to) + { + BOTAN_ASSERT(align_to != 0, "align_to must not be 0"); + + if(n % align_to) + n += align_to - (n % align_to); + return n; + } + +} + size_t ECB_Encryption::output_length(size_t input_length) const { if(input_length == 0) @@ -105,7 +119,13 @@ void ECB_Encryption::finish(secure_vector& buffer, size_t offset) const size_t bytes_in_final_block = sz % BS; - padding().add_padding(buffer, bytes_in_final_block, BS); + if(with_pkcs7_padding()) + { + const uint8_t pad_value = static_cast(BS - bytes_in_final_block); + + for(size_t i = 0; i != pad_value; ++i) + buffer.push_back(pad_value); + } if(buffer.size() % BS) throw Encoding_Error("Did not pad to full block size in " + name()); @@ -132,6 +152,24 @@ size_t ECB_Decryption::process(uint8_t buf[], size_t sz) return sz; } +namespace { + +size_t pkcs7_unpad(const byte block[], size_t size) + { + size_t position = block[size-1]; + + if(position > size) + throw Decoding_Error("Bad PKCS7 padding"); + + for(size_t j = size-position; j != size-1; ++j) + if(block[j] != position) + throw Decoding_Error("Bad PKCS7 padding"); + + return (size-position); + } + +} + void ECB_Decryption::finish(secure_vector& buffer, size_t offset) { BOTAN_ASSERT(buffer.size() >= offset, "Offset is sane"); @@ -144,10 +182,11 @@ void ECB_Decryption::finish(secure_vector& buffer, size_t offset) update(buffer, offset); - const size_t pad_bytes = BS - padding().unpad(&buffer[buffer.size()-BS], BS); - buffer.resize(buffer.size() - pad_bytes); // remove padding + if(with_pkcs7_padding()) + { + const size_t pad_bytes = BS - pkcs7_unpad(&buffer[buffer.size()-BS], BS); + buffer.resize(buffer.size() - pad_bytes); // remove padding + } } } - -#endif diff --git a/src/lib/crypto/Botan_ecb.h b/src/lib/crypto/Botan_ecb.h index 1712083bd..36b12a633 100644 --- a/src/lib/crypto/Botan_ecb.h +++ b/src/lib/crypto/Botan_ecb.h @@ -6,18 +6,16 @@ * Botan is released under the Simplified BSD License (see license.txt) */ -#ifndef BOTAN_MODE_ECB_H__ -#define BOTAN_MODE_ECB_H__ +#ifndef SOFTHSM_BOTAN_MODE_ECB_H_ +#define SOFTHSM_BOTAN_MODE_ECB_H_ #include -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) // ECB cipher mode was dropped in Botan 2.0.0 // so including this code in SoftHSM for continued support // for e.g. CKA_VALUE_CHECK #include #include -#include namespace Botan { @@ -42,18 +40,18 @@ class BOTAN_DLL ECB_Mode : public Cipher_Mode void reset() override; protected: - ECB_Mode(BlockCipher* cipher, BlockCipherModePaddingMethod* padding); + ECB_Mode(BlockCipher* cipher, bool with_pkcs7_padding); const BlockCipher& cipher() const { return *m_cipher; } - const BlockCipherModePaddingMethod& padding() const { return *m_padding; } + bool with_pkcs7_padding() const { return m_with_pkcs7_padding; } private: void start_msg(const byte nonce[], size_t nonce_len) override; void key_schedule(const byte key[], size_t length) override; std::unique_ptr m_cipher; - std::unique_ptr m_padding; + bool m_with_pkcs7_padding; }; /** @@ -64,10 +62,9 @@ class BOTAN_DLL ECB_Encryption final : public ECB_Mode public: /** * @param cipher block cipher to use - * @param padding padding method to use */ - ECB_Encryption(BlockCipher* cipher, BlockCipherModePaddingMethod* padding) : - ECB_Mode(cipher, padding) {} + ECB_Encryption(BlockCipher* cipher, bool with_pkcs7_padding) : + ECB_Mode(cipher, with_pkcs7_padding) {} size_t process(uint8_t buf[], size_t size) override; @@ -88,8 +85,8 @@ class BOTAN_DLL ECB_Decryption final : public ECB_Mode * @param cipher block cipher to use * @param padding padding method to use */ - ECB_Decryption(BlockCipher* cipher, BlockCipherModePaddingMethod* padding) : - ECB_Mode(cipher, padding) {} + ECB_Decryption(BlockCipher* cipher, bool with_pkcs7_padding) : + ECB_Mode(cipher, with_pkcs7_padding) {} size_t process(uint8_t buf[], size_t size) override; @@ -103,5 +100,3 @@ class BOTAN_DLL ECB_Decryption final : public ECB_Mode } #endif - -#endif diff --git a/src/lib/crypto/Botan_rounding.h b/src/lib/crypto/Botan_rounding.h deleted file mode 100644 index fbad3aec0..000000000 --- a/src/lib/crypto/Botan_rounding.h +++ /dev/null @@ -1,68 +0,0 @@ -/* -* Integer Rounding Functions -* (C) 1999-2007 Jack Lloyd -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ - -#ifndef BOTAN_ROUNDING_H__ -#define BOTAN_ROUNDING_H__ - -#include -#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(2,0,0) -// ECB cipher mode was dropped in Botan 2.0.0 -// so including this code in SoftHSM for continued support -// for e.g. CKA_VALUE_CHECK - -#include -#include - -namespace Botan { - -/** -* Round up -* @param n a non-negative integer -* @param align_to the alignment boundary -* @return n rounded up to a multiple of align_to -*/ -inline size_t round_up(size_t n, size_t align_to) - { - BOTAN_ASSERT(align_to != 0, "align_to must not be 0"); - - if(n % align_to) - n += align_to - (n % align_to); - return n; - } - -/** -* Round down -* @param n an integer -* @param align_to the alignment boundary -* @return n rounded down to a multiple of align_to -*/ -template -inline T round_down(T n, T align_to) - { - if(align_to == 0) - return n; - - return (n - (n % align_to)); - } - -/** -* Clamp -*/ -inline size_t clamp(size_t n, size_t lower_bound, size_t upper_bound) - { - if(n < lower_bound) - return lower_bound; - if(n > upper_bound) - return upper_bound; - return n; - } - -} - -#endif - -#endif diff --git a/src/lib/crypto/test/AESTests.cpp b/src/lib/crypto/test/AESTests.cpp index 008560fe9..58d58af54 100644 --- a/src/lib/crypto/test/AESTests.cpp +++ b/src/lib/crypto/test/AESTests.cpp @@ -769,7 +769,6 @@ void AESTests::testCTR() } } -#ifdef WITH_AES_GCM void AESTests::testGCM() { // Test vectors from NIST via Botan @@ -1094,7 +1093,6 @@ void AESTests::testGCM() CPPUNIT_ASSERT(shsmPlainText == plainText); } } -#endif void AESTests::testWrap(const char testKeK[][128], const char testKey[][128], const char testCt[][128], const int testCnt, SymWrap::Type mode) { diff --git a/src/lib/crypto/test/AESTests.h b/src/lib/crypto/test/AESTests.h index 3a50b119a..a0c29dc28 100644 --- a/src/lib/crypto/test/AESTests.h +++ b/src/lib/crypto/test/AESTests.h @@ -43,9 +43,7 @@ class AESTests : public CppUnit::TestFixture CPPUNIT_TEST(testCBC); CPPUNIT_TEST(testECB); CPPUNIT_TEST(testCTR); -#ifdef WITH_AES_GCM CPPUNIT_TEST(testGCM); -#endif #ifdef HAVE_AES_KEY_WRAP CPPUNIT_TEST(testWrapWoPad); #endif @@ -59,9 +57,7 @@ class AESTests : public CppUnit::TestFixture void testCBC(); void testECB(); void testCTR(); -#ifdef WITH_AES_GCM void testGCM(); -#endif void testWrapWoPad(); void testWrapPad(); diff --git a/src/lib/data_mgr/ByteString.cpp b/src/lib/data_mgr/ByteString.cpp index c477aab37..8052a8353 100644 --- a/src/lib/data_mgr/ByteString.cpp +++ b/src/lib/data_mgr/ByteString.cpp @@ -111,6 +111,12 @@ ByteString::ByteString(const ByteString& in) this->byteString = in.byteString; } +ByteString& ByteString::operator=(const ByteString& in) +{ + this->byteString = in.byteString; + return (*this); +} + // Append data ByteString& ByteString::operator+=(const ByteString& append) { diff --git a/src/lib/data_mgr/ByteString.h b/src/lib/data_mgr/ByteString.h index 2c2ef33a5..c832ac25b 100644 --- a/src/lib/data_mgr/ByteString.h +++ b/src/lib/data_mgr/ByteString.h @@ -110,6 +110,9 @@ class ByteString // XORing ByteString& operator^=(const ByteString& rhs); + // Assignment + ByteString& operator=(const ByteString& in); + // Serialisation/deserialisation virtual ByteString serialise() const; diff --git a/src/lib/test/SymmetricAlgorithmTests.cpp b/src/lib/test/SymmetricAlgorithmTests.cpp index 2042eb81d..2b40d7d50 100644 --- a/src/lib/test/SymmetricAlgorithmTests.cpp +++ b/src/lib/test/SymmetricAlgorithmTests.cpp @@ -747,11 +747,9 @@ void SymmetricAlgorithmTests::testAesEncryptDecrypt() encryptDecrypt(CKM_AES_CTR,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1); encryptDecrypt(CKM_AES_CTR,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1); encryptDecrypt(CKM_AES_CTR,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); -#ifdef WITH_AES_GCM encryptDecrypt(CKM_AES_GCM,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST-1); encryptDecrypt(CKM_AES_GCM,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST+1); encryptDecrypt(CKM_AES_GCM,blockSize,hSessionRO,hKey,blockSize*NR_OF_BLOCKS_IN_TEST); -#endif } void SymmetricAlgorithmTests::testAesWrapUnwrap()