From 08f1409ebd0a83a14a15f02f9b548546a247b35b Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Sat, 4 Mar 2023 12:12:16 -0500 Subject: [PATCH] Remove the RNG argument from PK_KEM_Encryptor It was entirely unused by all algorithms --- src/cli/speed.cpp | 2 +- src/lib/pubkey/kyber/kyber_common/kyber.cpp | 8 ++++---- src/lib/pubkey/kyber/kyber_common/kyber.h | 2 +- src/lib/pubkey/mce/mceliece.h | 3 +-- src/lib/pubkey/mce/mceliece_key.cpp | 3 +-- src/lib/pubkey/pk_keys.cpp | 3 +-- src/lib/pubkey/pk_keys.h | 6 +----- src/lib/pubkey/pubkey.cpp | 3 +-- src/lib/pubkey/pubkey.h | 19 +++++++++++++++++-- src/lib/pubkey/rsa/rsa.cpp | 3 +-- src/lib/pubkey/rsa/rsa.h | 3 +-- src/tests/test_kyber.cpp | 6 +++--- src/tests/test_mceliece.cpp | 4 ++-- src/tests/test_pubkey.cpp | 2 +- 14 files changed, 36 insertions(+), 31 deletions(-) diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 174e8f5a7b4..90d9198b743 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -1806,7 +1806,7 @@ class Speed final : public Command std::chrono::milliseconds msec) { Botan::PK_KEM_Decryptor dec(key, rng(), kdf, provider); - Botan::PK_KEM_Encryptor enc(key, rng(), kdf, provider); + Botan::PK_KEM_Encryptor enc(key, kdf, provider); auto kem_enc_timer = make_timer(nm, provider, "KEM encrypt"); auto kem_dec_timer = make_timer(nm, provider, "KEM decrypt"); diff --git a/src/lib/pubkey/kyber/kyber_common/kyber.cpp b/src/lib/pubkey/kyber/kyber_common/kyber.cpp index b26ecbcb800..1d99aa64a5f 100644 --- a/src/lib/pubkey/kyber/kyber_common/kyber.cpp +++ b/src/lib/pubkey/kyber/kyber_common/kyber.cpp @@ -1569,11 +1569,11 @@ secure_vector Kyber_PrivateKey::private_key_bits_der() const return output; } -std::unique_ptr Kyber_PublicKey::create_kem_encryption_op(RandomNumberGenerator& rng, - const std::string& params, - const std::string& provider) const +std::unique_ptr +Kyber_PublicKey::create_kem_encryption_op( + const std::string& params, + const std::string& provider) const { - BOTAN_UNUSED(rng); if(provider.empty() || provider == "base") return std::make_unique(*this, params); throw Provider_Not_Found(algo_name(), provider); diff --git a/src/lib/pubkey/kyber/kyber_common/kyber.h b/src/lib/pubkey/kyber/kyber_common/kyber.h index 893a890df79..6a2780b3479 100644 --- a/src/lib/pubkey/kyber/kyber_common/kyber.h +++ b/src/lib/pubkey/kyber/kyber_common/kyber.h @@ -100,7 +100,7 @@ class BOTAN_PUBLIC_API(3, 0) Kyber_PublicKey : public virtual Public_Key return (op == PublicKeyOperation::KeyEncapsulation); } - std::unique_ptr create_kem_encryption_op(RandomNumberGenerator& rng, + std::unique_ptr create_kem_encryption_op( const std::string& params, const std::string& provider) const override; diff --git a/src/lib/pubkey/mce/mceliece.h b/src/lib/pubkey/mce/mceliece.h index a79e0f5e7a2..28b0c93ca09 100644 --- a/src/lib/pubkey/mce/mceliece.h +++ b/src/lib/pubkey/mce/mceliece.h @@ -62,8 +62,7 @@ class BOTAN_PUBLIC_API(2,0) McEliece_PublicKey : public virtual Public_Key } std::unique_ptr - create_kem_encryption_op(RandomNumberGenerator& rng, - const std::string& params, + create_kem_encryption_op(const std::string& params, const std::string& provider) const override; protected: diff --git a/src/lib/pubkey/mce/mceliece_key.cpp b/src/lib/pubkey/mce/mceliece_key.cpp index 34dfc54c389..1d50e3a02cf 100644 --- a/src/lib/pubkey/mce/mceliece_key.cpp +++ b/src/lib/pubkey/mce/mceliece_key.cpp @@ -372,8 +372,7 @@ class MCE_KEM_Decryptor final : public PK_Ops::KEM_Decryption_with_KDF } std::unique_ptr -McEliece_PublicKey::create_kem_encryption_op(RandomNumberGenerator& /*rng*/, - const std::string& params, +McEliece_PublicKey::create_kem_encryption_op(const std::string& params, const std::string& provider) const { if(provider == "base" || provider.empty()) diff --git a/src/lib/pubkey/pk_keys.cpp b/src/lib/pubkey/pk_keys.cpp index 09d7eec47dd..8b16b83e1ef 100644 --- a/src/lib/pubkey/pk_keys.cpp +++ b/src/lib/pubkey/pk_keys.cpp @@ -101,8 +101,7 @@ Public_Key::create_encryption_op(RandomNumberGenerator& /*rng*/, } std::unique_ptr -Public_Key::create_kem_encryption_op(RandomNumberGenerator& /*rng*/, - const std::string& /*params*/, +Public_Key::create_kem_encryption_op(const std::string& /*params*/, const std::string& /*provider*/) const { throw Lookup_Error(algo_name() + " does not support KEM encryption"); diff --git a/src/lib/pubkey/pk_keys.h b/src/lib/pubkey/pk_keys.h index c696329e24c..a5496670315 100644 --- a/src/lib/pubkey/pk_keys.h +++ b/src/lib/pubkey/pk_keys.h @@ -207,15 +207,11 @@ class BOTAN_PUBLIC_API(2,0) Public_Key : public virtual Asymmetric_Key * * Return a KEM encryption operation for this key/params or throw * - * @param rng a random number generator. The PK_Op may maintain a - * reference to the RNG and use it many times. The rng must outlive - * any operations which reference it. * @param params additional parameters * @param provider the provider to use */ virtual std::unique_ptr - create_kem_encryption_op(RandomNumberGenerator& rng, - const std::string& params, + create_kem_encryption_op(const std::string& params, const std::string& provider) const; /** diff --git a/src/lib/pubkey/pubkey.cpp b/src/lib/pubkey/pubkey.cpp index 0890b4a5f23..6e9625307b1 100644 --- a/src/lib/pubkey/pubkey.cpp +++ b/src/lib/pubkey/pubkey.cpp @@ -138,11 +138,10 @@ secure_vector PK_Decryptor_EME::do_decrypt(uint8_t& valid_mask, } PK_KEM_Encryptor::PK_KEM_Encryptor(const Public_Key& key, - RandomNumberGenerator& rng, const std::string& param, const std::string& provider) { - m_op = key.create_kem_encryption_op(rng, param, provider); + m_op = key.create_kem_encryption_op(param, provider); if(!m_op) throw Invalid_Argument("Key type " + key.algo_name() + " does not support KEM encryption"); } diff --git a/src/lib/pubkey/pubkey.h b/src/lib/pubkey/pubkey.h index 1242a86cc2a..4ed7cfb39a8 100644 --- a/src/lib/pubkey/pubkey.h +++ b/src/lib/pubkey/pubkey.h @@ -612,15 +612,30 @@ class BOTAN_PUBLIC_API(2,0) PK_KEM_Encryptor final public: /** * Construct an instance. - * @param key the key to use inside the encryptor + * @param key the key to encrypt to + * @param kem_param additional KEM parameters + * @param provider the provider to use + */ + PK_KEM_Encryptor(const Public_Key& key, + const std::string& kem_param = "", + const std::string& provider = ""); + + /** + * Construct an instance. + * @param key the key to encrypt to * @param rng the RNG to use * @param kem_param additional KEM parameters * @param provider the provider to use */ + BOTAN_DEPRECATED("Use constructor that does not take RNG") PK_KEM_Encryptor(const Public_Key& key, RandomNumberGenerator& rng, const std::string& kem_param = "", - const std::string& provider = ""); + const std::string& provider = "") : + PK_KEM_Encryptor(key, kem_param, provider) + { + BOTAN_UNUSED(rng); + } ~PK_KEM_Encryptor(); diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index 452321de15d..9c2dd4cd01e 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -737,8 +737,7 @@ RSA_PublicKey::create_encryption_op(RandomNumberGenerator& /*rng*/, } std::unique_ptr -RSA_PublicKey::create_kem_encryption_op(RandomNumberGenerator& /*rng*/, - const std::string& params, +RSA_PublicKey::create_kem_encryption_op(const std::string& params, const std::string& provider) const { if(provider == "base" || provider.empty()) diff --git a/src/lib/pubkey/rsa/rsa.h b/src/lib/pubkey/rsa/rsa.h index 7b15e4f1794..385a8f6cbff 100644 --- a/src/lib/pubkey/rsa/rsa.h +++ b/src/lib/pubkey/rsa/rsa.h @@ -74,8 +74,7 @@ class BOTAN_PUBLIC_API(2,0) RSA_PublicKey : public virtual Public_Key const std::string& provider) const override; std::unique_ptr - create_kem_encryption_op(RandomNumberGenerator& rng, - const std::string& params, + create_kem_encryption_op(const std::string& params, const std::string& provider) const override; std::unique_ptr diff --git a/src/tests/test_kyber.cpp b/src/tests/test_kyber.cpp index 62870e4262c..201423ba9e1 100644 --- a/src/tests/test_kyber.cpp +++ b/src/tests/test_kyber.cpp @@ -58,7 +58,7 @@ class KYBER_Tests final : public Test auto roundtrip = [&] (const auto& pkey, const auto& skey, const std::string& context, const std::string& kdf) { - auto e = Botan::PK_KEM_Encryptor(*pkey, Test::rng(), kdf, "base"); + auto e = Botan::PK_KEM_Encryptor(*pkey, kdf, "base"); Botan::secure_vector ct, shared_key; e.encrypt(ct, shared_key, 64, Test::rng()); @@ -113,7 +113,7 @@ class KYBER_Tests final : public Test // Bob (reading from serialized public key) Botan::Kyber_PublicKey alice_pub_key(pub_key_bits, mode, Botan::KyberKeyEncoding::Full); - auto enc = Botan::PK_KEM_Encryptor(alice_pub_key, Test::rng(), "Raw", "base"); + auto enc = Botan::PK_KEM_Encryptor(alice_pub_key, "Raw", "base"); Botan::secure_vector cipher_text, key_bob; enc.encrypt(cipher_text, key_bob, 0 /* no KDF */, Test::rng()); @@ -195,7 +195,7 @@ Test::Result run_kyber_test(const char* test_name, const VarMap& vars, Botan::Ky result.test_eq("Secret Key Output", priv_key.private_key_bits(), sk_in); // Bob - auto enc = Botan::PK_KEM_Encryptor(*pub_key, ctr_drbg, "Raw", "base"); + auto enc = Botan::PK_KEM_Encryptor(*pub_key, "Raw", "base"); Botan::secure_vector cipher_text, key_bob; enc.encrypt(cipher_text, key_bob, 0 /* no KDF */, ctr_drbg); result.test_eq("Cipher-Text Output", cipher_text, ct_in); diff --git a/src/tests/test_mceliece.cpp b/src/tests/test_mceliece.cpp index de8af9c3338..5c986583ed7 100644 --- a/src/tests/test_mceliece.cpp +++ b/src/tests/test_mceliece.cpp @@ -70,7 +70,7 @@ class McEliece_Keygen_Encrypt_Test final : public Text_Based_Test try { - Botan::PK_KEM_Encryptor kem_enc(mce_priv, Test::rng(), "KDF1(SHA-512)"); + Botan::PK_KEM_Encryptor kem_enc(mce_priv, "KDF1(SHA-512)"); Botan::PK_KEM_Decryptor kem_dec(mce_priv, Test::rng(), "KDF1(SHA-512)"); Botan::secure_vector encap_key, prod_shared_key; @@ -204,7 +204,7 @@ class McEliece_Tests final : public Test Test::Result result("McEliece KEM"); result.start_timer(); - Botan::PK_KEM_Encryptor enc_op(pk, Test::rng(), "KDF2(SHA-256)"); + Botan::PK_KEM_Encryptor enc_op(pk, "KDF2(SHA-256)"); Botan::PK_KEM_Decryptor dec_op(sk, Test::rng(), "KDF2(SHA-256)"); const size_t trials = (Test::run_long_tests() ? 30 : 10); diff --git a/src/tests/test_pubkey.cpp b/src/tests/test_pubkey.cpp index 9de6d639093..d5eb94539c3 100644 --- a/src/tests/test_pubkey.cpp +++ b/src/tests/test_pubkey.cpp @@ -537,7 +537,7 @@ Test::Result PK_KEM_Test::run_one_test(const std::string& /*header*/, const VarM std::unique_ptr enc; try { - enc = std::make_unique(pubkey, Test::rng(), kdf); + enc = std::make_unique(pubkey, kdf); } catch(Botan::Lookup_Error&) {