Clean up build dependencies related to PK padding schemes

Minimize the number of files which include eme.h or emsa.h Mark modules which do use these interfaces as depending on them Some modules had a dependency on pk_pad but didn't use anything from it
randombit · Jan 24, 2025 · 25f5cc7 · 25f5cc7
1 parent c637fc6
commit 25f5cc7
Show file tree

Hide file tree

Showing 9 changed files with 50 additions and 23 deletions.
diff --git a/src/lib/prov/pkcs11/info.txt b/src/lib/prov/pkcs11/info.txt
@@ -11,7 +11,6 @@ brief -> "Wrapper classes to interact with PKCS #11 modules"
 dyn_load
 rng
 pubkey
-pk_pad
 </requires>
 
 <header:external>

diff --git a/src/lib/prov/tpm2/tpm2_rsa/info.txt b/src/lib/prov/tpm2/tpm2_rsa/info.txt
@@ -9,6 +9,7 @@ brief -> "Support for RSA key pairs hosted on TPM 2.0"
 
 <requires>
 rsa
+pk_pad
 </requires>
 
 <header:public>

diff --git a/src/lib/pubkey/ecies/ecies.cpp b/src/lib/pubkey/ecies/ecies.cpp
@@ -11,6 +11,7 @@
 
 #include <botan/cipher_mode.h>
 #include <botan/ecdh.h>
+#include <botan/kdf.h>
 #include <botan/mac.h>
 #include <botan/numthry.h>
 #include <botan/rng.h>

diff --git a/src/lib/pubkey/eckcdsa/info.txt b/src/lib/pubkey/eckcdsa/info.txt
@@ -14,7 +14,6 @@ ecc_key
 hash
 keypair
 numbertheory
-pk_pad
 rng
 sha2_32
 </requires>

diff --git a/src/lib/pubkey/elgamal/info.txt b/src/lib/pubkey/elgamal/info.txt
@@ -12,6 +12,7 @@ dl_algo
 dl_group
 keypair
 numbertheory
+pk_pad
 </requires>
 
 <header:public>

diff --git a/src/lib/pubkey/pk_ops.cpp b/src/lib/pubkey/pk_ops.cpp
@@ -8,12 +8,13 @@
 #include <botan/internal/pk_ops_impl.h>
 
 #include <botan/hash.h>
+#include <botan/kdf.h>
 #include <botan/rng.h>
 #include <botan/internal/bit_ops.h>
+#include <botan/internal/eme.h>
 #include <botan/internal/fmt.h>
 #include <botan/internal/parsing.h>
 #include <botan/internal/scan_name.h>
-#include <sstream>
 
 #if defined(BOTAN_HAS_RAW_HASH_FN)
    #include <botan/internal/raw_hash.h>
@@ -27,6 +28,8 @@ AlgorithmIdentifier PK_Ops::Signature::algorithm_identifier() const {
 
 PK_Ops::Encryption_with_EME::Encryption_with_EME(std::string_view eme) : m_eme(EME::create(eme)) {}
 
+PK_Ops::Encryption_with_EME::~Encryption_with_EME() = default;
+
 size_t PK_Ops::Encryption_with_EME::max_input_bits() const {
    return 8 * m_eme->maximum_input_size(max_ptext_input_bits());
 }
@@ -43,6 +46,8 @@ std::vector<uint8_t> PK_Ops::Encryption_with_EME::encrypt(std::span<const uint8_
 
 PK_Ops::Decryption_with_EME::Decryption_with_EME(std::string_view eme) : m_eme(EME::create(eme)) {}
 
+PK_Ops::Decryption_with_EME::~Decryption_with_EME() = default;
+
 secure_vector<uint8_t> PK_Ops::Decryption_with_EME::decrypt(uint8_t& valid_mask, std::span<const uint8_t> ctext) {
    const secure_vector<uint8_t> raw = raw_decrypt(ctext);
 
@@ -71,6 +76,8 @@ PK_Ops::Key_Agreement_with_KDF::Key_Agreement_with_KDF(std::string_view kdf) {
    }
 }
 
+PK_Ops::Key_Agreement_with_KDF::~Key_Agreement_with_KDF() = default;
+
 secure_vector<uint8_t> PK_Ops::Key_Agreement_with_KDF::agree(size_t key_len,
                                                              std::span<const uint8_t> other_key,
                                                              std::span<const uint8_t> salt) {
@@ -122,6 +129,8 @@ std::unique_ptr<HashFunction> create_signature_hash(std::string_view padding) {
 PK_Ops::Signature_with_Hash::Signature_with_Hash(std::string_view hash) :
       Signature(), m_hash(create_signature_hash(hash)) {}
 
+PK_Ops::Signature_with_Hash::~Signature_with_Hash() = default;
+
 #if defined(BOTAN_HAS_RFC6979_GENERATOR)
 std::string PK_Ops::Signature_with_Hash::rfc6979_hash_function() const {
    std::string hash = m_hash->name();
@@ -132,6 +141,10 @@ std::string PK_Ops::Signature_with_Hash::rfc6979_hash_function() const {
 }
 #endif
 
+std::string PK_Ops::Signature_with_Hash::hash_function() const {
+   return m_hash->name();
+}
+
 void PK_Ops::Signature_with_Hash::update(std::span<const uint8_t> msg) {
    m_hash->update(msg);
 }
@@ -144,6 +157,12 @@ std::vector<uint8_t> PK_Ops::Signature_with_Hash::sign(RandomNumberGenerator& rn
 PK_Ops::Verification_with_Hash::Verification_with_Hash(std::string_view padding) :
       Verification(), m_hash(create_signature_hash(padding)) {}
 
+PK_Ops::Verification_with_Hash::~Verification_with_Hash() = default;
+
+std::string PK_Ops::Verification_with_Hash::hash_function() const {
+   return m_hash->name();
+}
+
 PK_Ops::Verification_with_Hash::Verification_with_Hash(const AlgorithmIdentifier& alg_id,
                                                        std::string_view pk_algo,
                                                        bool allow_null_parameters) {
@@ -211,6 +230,8 @@ PK_Ops::KEM_Encryption_with_KDF::KEM_Encryption_with_KDF(std::string_view kdf) {
    }
 }
 
+PK_Ops::KEM_Encryption_with_KDF::~KEM_Encryption_with_KDF() = default;
+
 size_t PK_Ops::KEM_Decryption_with_KDF::shared_key_length(size_t desired_shared_key_len) const {
    if(m_kdf) {
       return desired_shared_key_len;
@@ -244,4 +265,6 @@ PK_Ops::KEM_Decryption_with_KDF::KEM_Decryption_with_KDF(std::string_view kdf) {
    }
 }
 
+PK_Ops::KEM_Decryption_with_KDF::~KEM_Decryption_with_KDF() = default;
+
 }  // namespace Botan
diff --git a/src/lib/pubkey/pk_ops_impl.h b/src/lib/pubkey/pk_ops_impl.h
@@ -8,21 +8,26 @@
 #ifndef BOTAN_PK_OPERATION_IMPL_H_
 #define BOTAN_PK_OPERATION_IMPL_H_
 
-#include <botan/hash.h>
-#include <botan/kdf.h>
 #include <botan/pk_ops.h>
-#include <botan/internal/eme.h>
+
+namespace Botan {
+
+class HashFunction;
+class KDF;
+class EME;
+
+}
 
 namespace Botan::PK_Ops {
 
 class Encryption_with_EME : public Encryption {
    public:
+      ~Encryption_with_EME() override;
+
       size_t max_input_bits() const override;
 
       std::vector<uint8_t> encrypt(std::span<const uint8_t> ptext, RandomNumberGenerator& rng) override;
 
-      ~Encryption_with_EME() override = default;
-
    protected:
       explicit Encryption_with_EME(std::string_view eme);
 
@@ -35,9 +40,9 @@ class Encryption_with_EME : public Encryption {
 
 class Decryption_with_EME : public Decryption {
    public:
-      secure_vector<uint8_t> decrypt(uint8_t& valid_mask, std::span<const uint8_t> ctext) override;
+      ~Decryption_with_EME() override;
 
-      ~Decryption_with_EME() override = default;
+      secure_vector<uint8_t> decrypt(uint8_t& valid_mask, std::span<const uint8_t> ctext) override;
 
    protected:
       explicit Decryption_with_EME(std::string_view eme);
@@ -49,12 +54,12 @@ class Decryption_with_EME : public Decryption {
 
 class Verification_with_Hash : public Verification {
    public:
-      ~Verification_with_Hash() override = default;
+      ~Verification_with_Hash() override;
 
       void update(std::span<const uint8_t> input) override;
       bool is_valid_signature(std::span<const uint8_t> sig) override;
 
-      std::string hash_function() const final { return m_hash->name(); }
+      std::string hash_function() const final;
 
    protected:
       explicit Verification_with_Hash(std::string_view hash);
@@ -63,15 +68,13 @@ class Verification_with_Hash : public Verification {
                                       std::string_view pk_algo,
                                       bool allow_null_parameters = false);
 
-      /*
+      /**
       * Perform a signature check operation
       * @param msg the message
-      * @param msg_len the length of msg in bytes
       * @param sig the signature
-      * @param sig_len the length of sig in bytes
-      * @returns if signature is a valid one for message
+      * @returns if sig is a valid signature for msg
       */
-      virtual bool verify(std::span<const uint8_t> input, std::span<const uint8_t> sig) = 0;
+      virtual bool verify(std::span<const uint8_t> msg, std::span<const uint8_t> sig) = 0;
 
    private:
       std::unique_ptr<HashFunction> m_hash;
@@ -83,12 +86,12 @@ class Signature_with_Hash : public Signature {
 
       std::vector<uint8_t> sign(RandomNumberGenerator& rng) override;
 
-      ~Signature_with_Hash() override = default;
+      ~Signature_with_Hash() override;
 
    protected:
       explicit Signature_with_Hash(std::string_view hash);
 
-      std::string hash_function() const final { return m_hash->name(); }
+      std::string hash_function() const final;
 
 #if defined(BOTAN_HAS_RFC6979_GENERATOR)
       std::string rfc6979_hash_function() const;
@@ -106,7 +109,7 @@ class Key_Agreement_with_KDF : public Key_Agreement {
                                    std::span<const uint8_t> other_key,
                                    std::span<const uint8_t> salt) override;
 
-      ~Key_Agreement_with_KDF() override = default;
+      ~Key_Agreement_with_KDF() override;
 
    protected:
       explicit Key_Agreement_with_KDF(std::string_view kdf);
@@ -126,7 +129,7 @@ class KEM_Encryption_with_KDF : public KEM_Encryption {
 
       size_t shared_key_length(size_t desired_shared_key_len) const final;
 
-      ~KEM_Encryption_with_KDF() override = default;
+      ~KEM_Encryption_with_KDF() override;
 
    protected:
       virtual void raw_kem_encrypt(std::span<uint8_t> out_encapsulated_key,
@@ -150,7 +153,7 @@ class KEM_Decryption_with_KDF : public KEM_Decryption {
 
       size_t shared_key_length(size_t desired_shared_key_len) const final;
 
-      ~KEM_Decryption_with_KDF() override = default;
+      ~KEM_Decryption_with_KDF() override;
 
    protected:
       virtual void raw_kem_decrypt(std::span<uint8_t> out_raw_shared_key,

diff --git a/src/lib/pubkey/rsa/info.txt b/src/lib/pubkey/rsa/info.txt
@@ -10,6 +10,7 @@ name -> "RSA"
 blinding
 keypair
 numbertheory
+pk_pad
 emsa_pssr
 sha2_32
 </requires>

diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp
@@ -11,7 +11,6 @@
 #include <botan/der_enc.h>
 #include <botan/pem.h>
 #include <botan/pubkey.h>
-#include <botan/internal/emsa.h>
 #include <botan/internal/fmt.h>
 #include <algorithm>
 #include <sstream>
-Original file line number
+Diff line change
@@ Expand Up / @@ -11,7 +11,6 @@ brief -> "Wrapper classes to interact with PKCS #11 modules" @@
     dyn_load
     rng
     pubkey
-    pk_pad
     </requires>
     <header:external>
@@ Expand Down @@