#
# patch "ChangeLog"
# from [d51be3f02c10d7d241c8c625bf80188ed1d2cf3a]
# to [63ca8aa381c45a76b68f6be63b6f4e99321839fa]
#
# patch "botan/mode_pad.h"
# from [bb98613742d08ce0d62663431409f83a2e94ad85]
# to [fabc318779665eefe72f430ba028ab05f12fcbe0]
#
# patch "constants.cc"
# from [dcbffe20599c26310957ee7c1310a44ae93dc2a0]
# to [ef822813b7d8f2f5acbceaf26baaa0ce321672da]
#
# patch "constants.hh"
# from [94b12534ecf00b0d10056ab3edf9fad2e38eb300]
# to [ee157877740baa3b5de03380e2bc5d7902766207]
#
# patch "hmac.cc"
# from [b3ff5a538eb8986fddf018c89f2352abc45e73dd]
# to [006266ad1f563121dcb9d3130459a5b6ba073c0e]
#
# patch "hmac.hh"
# from [1f62c61985e4369d1ee5a29c5b8e3525bc03ebfe]
# to [4b012fb5898d3f51103b7805053a4ed3d3da8677]
#
# patch "keys.cc"
# from [74a4180f91a62c68752d3103357dbb49e5397031]
# to [25b21dafac6dfc724af030bb11ed7a1d69d1333a]
#
# patch "transforms.cc"
# from [698eff689ec8b8a5061748488724b84385158ebb]
# to [d77bf924b7195f0556cde26404ac4120efc23273]
#
# patch "transforms.hh"
# from [2326f84b8d25e1aa67fadbe51faf237baf6916fb]
# to [c20250278e8f0c6d1d2f4ede542ed218d5ba57cd]
#
===============================================
--- ChangeLog d51be3f02c10d7d241c8c625bf80188ed1d2cf3a
+++ ChangeLog 63ca8aa381c45a76b68f6be63b6f4e99321839fa
@@ -1,3 +1,13 @@
+2005-07-08 Matt Johnston
+
+ * propagate mainline to botan branch
+
+ * constants.{cc,hh}: add sha1_digest_length as botan
+ doesn't provide a convenient definition.
+ * hmac.{cc,hh}: convert to use botan
+ * keys.cc (encrypt_rsa, decrypt_rsa): use botan
+ * transforms.{cc,hh}: use botan
+
2005-07-07 Nathaniel Smith
* ChangeLog: fixup formatting.
===============================================
--- botan/mode_pad.h bb98613742d08ce0d62663431409f83a2e94ad85
+++ botan/mode_pad.h fabc318779665eefe72f430ba028ab05f12fcbe0
@@ -17,6 +17,7 @@
class BlockCipherModePaddingMethod
{
public:
+ virtual ~BlockCipherModePaddingMethod() {}
virtual void pad(byte[], u32bit, u32bit) const = 0;
virtual u32bit unpad(const byte[], u32bit) const = 0;
virtual u32bit pad_bytes(u32bit, u32bit) const;
===============================================
--- constants.cc dcbffe20599c26310957ee7c1310a44ae93dc2a0
+++ constants.cc ef822813b7d8f2f5acbceaf26baaa0ce321672da
@@ -166,6 +166,8 @@
size_t const netsync_session_key_length_in_bytes = 20; // 160 bits
size_t const netsync_hmac_value_length_in_bytes = 20; // 160 bits
+ size_t const sha1_digest_length = 20; // 160 bits
+
std::string const & netsync_key_initializer = std::string(netsync_session_key_length_in_bytes, 0);
}
===============================================
--- constants.hh 94b12534ecf00b0d10056ab3edf9fad2e38eb300
+++ constants.hh ee157877740baa3b5de03380e2bc5d7902766207
@@ -127,6 +127,9 @@
// netsync HMAC value length
extern size_t const netsync_hmac_value_length_in_bytes;
+ // how long a sha1 digest should be
+ extern size_t const sha1_digest_length;
+
// netsync session key default initializer
extern std::string const & netsync_key_initializer;
===============================================
--- hmac.cc b3ff5a538eb8986fddf018c89f2352abc45e73dd
+++ hmac.cc 006266ad1f563121dcb9d3130459a5b6ba073c0e
@@ -1,7 +1,6 @@
#include
-#include "cryptopp/hmac.h"
-#include "cryptopp/sha.h"
+#include "botan/botan.h"
#include "sanity.hh"
#include "hmac.hh"
@@ -9,15 +8,15 @@
#include "constants.hh"
chained_hmac::chained_hmac(netsync_session_key const & session_key) :
- key(session_key)
+ key(session_key), hmac_length(constants::sha1_digest_length)
{
- I(hmac_length == CryptoPP::SHA::DIGESTSIZE);
- memset(chain_val, 0, sizeof(chain_val));
+ chain_val.assign(hmac_length, 0x00);
}
void
chained_hmac::set_key(netsync_session_key const & session_key)
{
+ P(F("setkey here, size %d\n") % session_key().size());
key = session_key;
}
@@ -30,15 +29,14 @@
I(pos + n <= str.size());
- CryptoPP::HMAC
- hmac(reinterpret_cast(key().data()),
- constants::netsync_session_key_length_in_bytes);
- hmac.Update(reinterpret_cast(chain_val),
- sizeof(chain_val));
- hmac.Update(reinterpret_cast(str.data() + pos),
- n);
- hmac.Final(reinterpret_cast(chain_val));
-
- std::string out(chain_val, sizeof(chain_val));
- return out;
+ Botan::Pipe p(new Botan::MAC_Filter("HMAC(SHA-1)", key(), key().size()));
+ p.start_msg();
+ p.write(chain_val);
+ p.write(reinterpret_cast(str.data() + pos), n);
+ p.end_msg();
+
+ chain_val = p.read_all_as_string();
+ I(chain_val.size() == constants::sha1_digest_length);
+
+ return chain_val;
}
===============================================
--- hmac.hh 1f62c61985e4369d1ee5a29c5b8e3525bc03ebfe
+++ hmac.hh 4b012fb5898d3f51103b7805053a4ed3d3da8677
@@ -1,12 +1,10 @@
#ifndef __HMAC_HH__
#define __HMAC_HH__
#include
-#include "cryptopp/hmac.h"
-#include "cryptopp/sha.h"
-
#include "vocab.hh"
+#include "constants.hh"
struct chained_hmac
{
@@ -16,11 +14,11 @@
std::string process(std::string const & str, size_t pos = 0,
size_t n = std::string::npos);
- static size_t const hmac_length = CryptoPP::SHA::DIGESTSIZE;
+ size_t const hmac_length;
private:
netsync_session_key key;
- char chain_val[hmac_length];
+ std::string chain_val;
};
===============================================
--- keys.cc 74a4180f91a62c68752d3103357dbb49e5397031
+++ keys.cc 25b21dafac6dfc724af030bb11ed7a1d69d1333a
@@ -355,24 +355,23 @@
std::string const & plaintext,
rsa_oaep_sha_data & ciphertext)
{
- AutoSeededRandomPool rng(blocking_rng(lua));
-
rsa_pub_key pub;
decode_base64(pub_encoded, pub);
- SecByteBlock pub_block;
- pub_block.Assign(reinterpret_cast(pub().data()), pub().size());
- StringSource keysource(pub_block.data(), pub_block.size(), true);
+ SecureVector pub_block;
+ pub_block.set(reinterpret_cast(pub().data()), pub().size());
- shared_ptr encryptor;
- encryptor = shared_ptr
- (new RSAES_OAEP_SHA_Encryptor(keysource));
+ shared_ptr x509_key = shared_ptr(X509::load_key(pub_block));
+ shared_ptr pub_key = shared_dynamic_cast(x509_key);
+ if (!pub_key)
+ throw informative_failure("Failed to get RSA encrypting key");
- string ciphertext_string;
- StringSource tmp(plaintext, true,
- encryptor->CreateEncryptionFilter
- (rng, new StringSink(ciphertext_string)));
+ shared_ptr encryptor;
+ encryptor = shared_ptr(get_pk_encryptor(*pub_key, "EME(SHA-1)"));
- ciphertext = rsa_oaep_sha_data(ciphertext_string);
+ SecureVector ct;
+ ct = encryptor->encrypt(
+ reinterpret_cast(plaintext.data()), plaintext.size());
+ ciphertext = rsa_oaep_sha_data(string(reinterpret_cast(ct.begin()), ct.size()));
}
void decrypt_rsa(lua_hooks & lua,
@@ -381,26 +380,26 @@
rsa_oaep_sha_data const & ciphertext,
std::string & plaintext)
{
- AutoSeededRandomPool rng(blocking_rng(lua));
arc4 decoded_key;
- SecByteBlock decrypted_key;
- SecByteBlock phrase;
- shared_ptr decryptor;
+ SecureVector decrypted_key;
+ SecureVector phrase;
+ shared_ptr decryptor;
+ shared_ptr pkcs8_key;
for (int i = 0; i < 3; i++)
{
bool force = false;
decode_base64(priv, decoded_key);
- decrypted_key.Assign(reinterpret_cast(decoded_key().data()),
+ decrypted_key.set(reinterpret_cast(decoded_key().data()),
decoded_key().size());
get_passphrase(lua, id, phrase, false, force);
+ do_arc4(phrase, decrypted_key);
try
{
- do_arc4(phrase, decrypted_key);
- StringSource keysource(decrypted_key.data(), decrypted_key.size(), true);
- decryptor = shared_ptr
- (new RSAES_OAEP_SHA_Decryptor(keysource));
+ Pipe p;
+ p.process_msg(decrypted_key);
+ pkcs8_key = shared_ptr(PKCS8::load_key(p));
}
catch (...)
{
@@ -413,9 +412,15 @@
}
}
- StringSource tmp(ciphertext(), true,
- decryptor->CreateDecryptionFilter
- (rng, new StringSink(plaintext)));
+ shared_ptr priv_key = shared_dynamic_cast(pkcs8_key);
+ if (!priv_key)
+ throw informative_failure("Failed to get RSA decrypting key");
+ decryptor = shared_ptr(get_pk_decryptor(*priv_key, "EME1(SHA-1)"));
+
+ SecureVector plain;
+ plain = decryptor->decrypt(
+ reinterpret_cast(ciphertext().data()), ciphertext().size());
+ plaintext = string(reinterpret_cast(plain.begin()), plain.size());
}
void
===============================================
--- transforms.cc 698eff689ec8b8a5061748488724b84385158ebb
+++ transforms.cc d77bf924b7195f0556cde26404ac4120efc23273
@@ -159,12 +159,10 @@
string tmp;
tmp.reserve(in().size()); // FIXME: do some benchmarking and make this a constant::
- CryptoPP::StringSource
- str(in(), true,
- new CryptoPP::Gzip(
- new CryptoPP::Base64Encoder(
- new CryptoPP::StringSink(tmp))));
- out.swap(tmp);
+ Botan::Pipe pipe(new Botan::Gzip_Compression(), new Botan::Base64_Encoder);
+ pipe.process_msg(in());
+ tmp = pipe.read_all_as_string();
+ out = tmp;
}
template
@@ -173,13 +171,11 @@
string tmp;
tmp.reserve(in().size()); // FIXME: do some benchmarking and make this a constant::
- CryptoPP::StringSource
- str(in(), true,
- new CryptoPP::Base64Decoder(
- new CryptoPP::Gunzip(
- new CryptoPP::StringSink(tmp))));
+ Botan::Pipe pipe(new Botan::Base64_Decoder(), new Botan::Gzip_Decompression());
+ pipe.process_msg(in());
+ tmp = pipe.read_all_as_string();
- out.swap(tmp);
+ out = tmp;
}
// specialise them
===============================================
--- transforms.hh 2326f84b8d25e1aa67fadbe51faf237baf6916fb
+++ transforms.hh c20250278e8f0c6d1d2f4ede542ed218d5ba57cd
@@ -76,7 +76,7 @@
// string variant for netsync
template
void encode_gzip(std::string const & in, gzip & out)
-{ out = xform(in); }
+{ out = xform(in); }
// both at once (this is relatively common)