From 25f5cc70d24a999da4a46d9f16f015e31db1e106 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Fri, 24 Jan 2025 06:58:12 -0500
Subject: [PATCH] Clean up build dependencies related to PK padding schemes

Minimize the number of files which include eme.h or emsa.h

Mark modules which do use these interfaces as depending on them

Some modules had a dependency on pk_pad but didn't use anything from it
---
 src/lib/prov/pkcs11/info.txt        |  1 -
 src/lib/prov/tpm2/tpm2_rsa/info.txt |  1 +
 src/lib/pubkey/ecies/ecies.cpp      |  1 +
 src/lib/pubkey/eckcdsa/info.txt     |  1 -
 src/lib/pubkey/elgamal/info.txt     |  1 +
 src/lib/pubkey/pk_ops.cpp           | 25 +++++++++++++++++-
 src/lib/pubkey/pk_ops_impl.h        | 41 ++++++++++++++++-------------
 src/lib/pubkey/rsa/info.txt         |  1 +
 src/lib/x509/x509_obj.cpp           |  1 -
 9 files changed, 50 insertions(+), 23 deletions(-)

diff --git a/src/lib/prov/pkcs11/info.txt b/src/lib/prov/pkcs11/info.txt
index 6141f729aac..9b4586e30f6 100644
--- a/src/lib/prov/pkcs11/info.txt
+++ b/src/lib/prov/pkcs11/info.txt
@@ -11,7 +11,6 @@ brief -> "Wrapper classes to interact with PKCS #11 modules"
 dyn_load
 rng
 pubkey
-pk_pad
 </requires>
 
 <header:external>
diff --git a/src/lib/prov/tpm2/tpm2_rsa/info.txt b/src/lib/prov/tpm2/tpm2_rsa/info.txt
index 3afea9a3ea8..6865251ef07 100644
--- a/src/lib/prov/tpm2/tpm2_rsa/info.txt
+++ b/src/lib/prov/tpm2/tpm2_rsa/info.txt
@@ -9,6 +9,7 @@ brief -> "Support for RSA key pairs hosted on TPM 2.0"
 
 <requires>
 rsa
+pk_pad
 </requires>
 
 <header:public>
diff --git a/src/lib/pubkey/ecies/ecies.cpp b/src/lib/pubkey/ecies/ecies.cpp
index 7d84ae5ad38..c3d56357077 100644
--- a/src/lib/pubkey/ecies/ecies.cpp
+++ b/src/lib/pubkey/ecies/ecies.cpp
@@ -11,6 +11,7 @@
 
 #include <botan/cipher_mode.h>
 #include <botan/ecdh.h>
+#include <botan/kdf.h>
 #include <botan/mac.h>
 #include <botan/numthry.h>
 #include <botan/rng.h>
diff --git a/src/lib/pubkey/eckcdsa/info.txt b/src/lib/pubkey/eckcdsa/info.txt
index c9bf7540c43..c9143f24e2a 100644
--- a/src/lib/pubkey/eckcdsa/info.txt
+++ b/src/lib/pubkey/eckcdsa/info.txt
@@ -14,7 +14,6 @@ ecc_key
 hash
 keypair
 numbertheory
-pk_pad
 rng
 sha2_32
 </requires>
diff --git a/src/lib/pubkey/elgamal/info.txt b/src/lib/pubkey/elgamal/info.txt
index 5499ad78965..3170c45f204 100644
--- a/src/lib/pubkey/elgamal/info.txt
+++ b/src/lib/pubkey/elgamal/info.txt
@@ -12,6 +12,7 @@ dl_algo
 dl_group
 keypair
 numbertheory
+pk_pad
 </requires>
 
 <header:public>
diff --git a/src/lib/pubkey/pk_ops.cpp b/src/lib/pubkey/pk_ops.cpp
index 3fa426e7ac7..72421c6d164 100644
--- a/src/lib/pubkey/pk_ops.cpp
+++ b/src/lib/pubkey/pk_ops.cpp
@@ -8,12 +8,13 @@
 #include <botan/internal/pk_ops_impl.h>
 
 #include <botan/hash.h>
+#include <botan/kdf.h>
 #include <botan/rng.h>
 #include <botan/internal/bit_ops.h>
+#include <botan/internal/eme.h>
 #include <botan/internal/fmt.h>
 #include <botan/internal/parsing.h>
 #include <botan/internal/scan_name.h>
-#include <sstream>
 
 #if defined(BOTAN_HAS_RAW_HASH_FN)
    #include <botan/internal/raw_hash.h>
@@ -27,6 +28,8 @@ AlgorithmIdentifier PK_Ops::Signature::algorithm_identifier() const {
 
 PK_Ops::Encryption_with_EME::Encryption_with_EME(std::string_view eme) : m_eme(EME::create(eme)) {}
 
+PK_Ops::Encryption_with_EME::~Encryption_with_EME() = default;
+
 size_t PK_Ops::Encryption_with_EME::max_input_bits() const {
    return 8 * m_eme->maximum_input_size(max_ptext_input_bits());
 }
@@ -43,6 +46,8 @@ std::vector<uint8_t> PK_Ops::Encryption_with_EME::encrypt(std::span<const uint8_
 
 PK_Ops::Decryption_with_EME::Decryption_with_EME(std::string_view eme) : m_eme(EME::create(eme)) {}
 
+PK_Ops::Decryption_with_EME::~Decryption_with_EME() = default;
+
 secure_vector<uint8_t> PK_Ops::Decryption_with_EME::decrypt(uint8_t& valid_mask, std::span<const uint8_t> ctext) {
    const secure_vector<uint8_t> raw = raw_decrypt(ctext);
 
@@ -71,6 +76,8 @@ PK_Ops::Key_Agreement_with_KDF::Key_Agreement_with_KDF(std::string_view kdf) {
    }
 }
 
+PK_Ops::Key_Agreement_with_KDF::~Key_Agreement_with_KDF() = default;
+
 secure_vector<uint8_t> PK_Ops::Key_Agreement_with_KDF::agree(size_t key_len,
                                                              std::span<const uint8_t> other_key,
                                                              std::span<const uint8_t> salt) {
@@ -122,6 +129,8 @@ std::unique_ptr<HashFunction> create_signature_hash(std::string_view padding) {
 PK_Ops::Signature_with_Hash::Signature_with_Hash(std::string_view hash) :
       Signature(), m_hash(create_signature_hash(hash)) {}
 
+PK_Ops::Signature_with_Hash::~Signature_with_Hash() = default;
+
 #if defined(BOTAN_HAS_RFC6979_GENERATOR)
 std::string PK_Ops::Signature_with_Hash::rfc6979_hash_function() const {
    std::string hash = m_hash->name();
@@ -132,6 +141,10 @@ std::string PK_Ops::Signature_with_Hash::rfc6979_hash_function() const {
 }
 #endif
 
+std::string PK_Ops::Signature_with_Hash::hash_function() const {
+   return m_hash->name();
+}
+
 void PK_Ops::Signature_with_Hash::update(std::span<const uint8_t> msg) {
    m_hash->update(msg);
 }
@@ -144,6 +157,12 @@ std::vector<uint8_t> PK_Ops::Signature_with_Hash::sign(RandomNumberGenerator& rn
 PK_Ops::Verification_with_Hash::Verification_with_Hash(std::string_view padding) :
       Verification(), m_hash(create_signature_hash(padding)) {}
 
+PK_Ops::Verification_with_Hash::~Verification_with_Hash() = default;
+
+std::string PK_Ops::Verification_with_Hash::hash_function() const {
+   return m_hash->name();
+}
+
 PK_Ops::Verification_with_Hash::Verification_with_Hash(const AlgorithmIdentifier& alg_id,
                                                        std::string_view pk_algo,
                                                        bool allow_null_parameters) {
@@ -211,6 +230,8 @@ PK_Ops::KEM_Encryption_with_KDF::KEM_Encryption_with_KDF(std::string_view kdf) {
    }
 }
 
+PK_Ops::KEM_Encryption_with_KDF::~KEM_Encryption_with_KDF() = default;
+
 size_t PK_Ops::KEM_Decryption_with_KDF::shared_key_length(size_t desired_shared_key_len) const {
    if(m_kdf) {
       return desired_shared_key_len;
@@ -244,4 +265,6 @@ PK_Ops::KEM_Decryption_with_KDF::KEM_Decryption_with_KDF(std::string_view kdf) {
    }
 }
 
+PK_Ops::KEM_Decryption_with_KDF::~KEM_Decryption_with_KDF() = default;
+
 }  // namespace Botan
diff --git a/src/lib/pubkey/pk_ops_impl.h b/src/lib/pubkey/pk_ops_impl.h
index f136245ecfc..54391173ed4 100644
--- a/src/lib/pubkey/pk_ops_impl.h
+++ b/src/lib/pubkey/pk_ops_impl.h
@@ -8,21 +8,26 @@
 #ifndef BOTAN_PK_OPERATION_IMPL_H_
 #define BOTAN_PK_OPERATION_IMPL_H_
 
-#include <botan/hash.h>
-#include <botan/kdf.h>
 #include <botan/pk_ops.h>
-#include <botan/internal/eme.h>
+
+namespace Botan {
+
+class HashFunction;
+class KDF;
+class EME;
+
+}
 
 namespace Botan::PK_Ops {
 
 class Encryption_with_EME : public Encryption {
    public:
+      ~Encryption_with_EME() override;
+
       size_t max_input_bits() const override;
 
       std::vector<uint8_t> encrypt(std::span<const uint8_t> ptext, RandomNumberGenerator& rng) override;
 
-      ~Encryption_with_EME() override = default;
-
    protected:
       explicit Encryption_with_EME(std::string_view eme);
 
@@ -35,9 +40,9 @@ class Encryption_with_EME : public Encryption {
 
 class Decryption_with_EME : public Decryption {
    public:
-      secure_vector<uint8_t> decrypt(uint8_t& valid_mask, std::span<const uint8_t> ctext) override;
+      ~Decryption_with_EME() override;
 
-      ~Decryption_with_EME() override = default;
+      secure_vector<uint8_t> decrypt(uint8_t& valid_mask, std::span<const uint8_t> ctext) override;
 
    protected:
       explicit Decryption_with_EME(std::string_view eme);
@@ -49,12 +54,12 @@ class Decryption_with_EME : public Decryption {
 
 class Verification_with_Hash : public Verification {
    public:
-      ~Verification_with_Hash() override = default;
+      ~Verification_with_Hash() override;
 
       void update(std::span<const uint8_t> input) override;
       bool is_valid_signature(std::span<const uint8_t> sig) override;
 
-      std::string hash_function() const final { return m_hash->name(); }
+      std::string hash_function() const final;
 
    protected:
       explicit Verification_with_Hash(std::string_view hash);
@@ -63,15 +68,13 @@ class Verification_with_Hash : public Verification {
                                       std::string_view pk_algo,
                                       bool allow_null_parameters = false);
 
-      /*
+      /**
       * Perform a signature check operation
       * @param msg the message
-      * @param msg_len the length of msg in bytes
       * @param sig the signature
-      * @param sig_len the length of sig in bytes
-      * @returns if signature is a valid one for message
+      * @returns if sig is a valid signature for msg
       */
-      virtual bool verify(std::span<const uint8_t> input, std::span<const uint8_t> sig) = 0;
+      virtual bool verify(std::span<const uint8_t> msg, std::span<const uint8_t> sig) = 0;
 
    private:
       std::unique_ptr<HashFunction> m_hash;
@@ -83,12 +86,12 @@ class Signature_with_Hash : public Signature {
 
       std::vector<uint8_t> sign(RandomNumberGenerator& rng) override;
 
-      ~Signature_with_Hash() override = default;
+      ~Signature_with_Hash() override;
 
    protected:
       explicit Signature_with_Hash(std::string_view hash);
 
-      std::string hash_function() const final { return m_hash->name(); }
+      std::string hash_function() const final;
 
 #if defined(BOTAN_HAS_RFC6979_GENERATOR)
       std::string rfc6979_hash_function() const;
@@ -106,7 +109,7 @@ class Key_Agreement_with_KDF : public Key_Agreement {
                                    std::span<const uint8_t> other_key,
                                    std::span<const uint8_t> salt) override;
 
-      ~Key_Agreement_with_KDF() override = default;
+      ~Key_Agreement_with_KDF() override;
 
    protected:
       explicit Key_Agreement_with_KDF(std::string_view kdf);
@@ -126,7 +129,7 @@ class KEM_Encryption_with_KDF : public KEM_Encryption {
 
       size_t shared_key_length(size_t desired_shared_key_len) const final;
 
-      ~KEM_Encryption_with_KDF() override = default;
+      ~KEM_Encryption_with_KDF() override;
 
    protected:
       virtual void raw_kem_encrypt(std::span<uint8_t> out_encapsulated_key,
@@ -150,7 +153,7 @@ class KEM_Decryption_with_KDF : public KEM_Decryption {
 
       size_t shared_key_length(size_t desired_shared_key_len) const final;
 
-      ~KEM_Decryption_with_KDF() override = default;
+      ~KEM_Decryption_with_KDF() override;
 
    protected:
       virtual void raw_kem_decrypt(std::span<uint8_t> out_raw_shared_key,
diff --git a/src/lib/pubkey/rsa/info.txt b/src/lib/pubkey/rsa/info.txt
index d3f95cb8421..e1f5c5a44e3 100644
--- a/src/lib/pubkey/rsa/info.txt
+++ b/src/lib/pubkey/rsa/info.txt
@@ -10,6 +10,7 @@ name -> "RSA"
 blinding
 keypair
 numbertheory
+pk_pad
 emsa_pssr
 sha2_32
 </requires>
diff --git a/src/lib/x509/x509_obj.cpp b/src/lib/x509/x509_obj.cpp
index 8068dc8a40c..f57d9336cfa 100644
--- a/src/lib/x509/x509_obj.cpp
+++ b/src/lib/x509/x509_obj.cpp
@@ -11,7 +11,6 @@
 #include <botan/der_enc.h>
 #include <botan/pem.h>
 #include <botan/pubkey.h>
-#include <botan/internal/emsa.h>
 #include <botan/internal/fmt.h>
 #include <algorithm>
 #include <sstream>