Split Options and Builder into two classes

As discussed: https://github.com/randombit/botan/pull/4318\#issuecomment-2340834399
randombit · Sep 11, 2024 · 541b1f6 · 541b1f6
1 parent ad70300
commit 541b1f6
Show file tree

Hide file tree

Showing 14 changed files with 358 additions and 265 deletions.
diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp
@@ -103,11 +103,12 @@ Botan::PK_Signature_Options sig_options(
       return sig_options(key, "PSS", hash, use_der, provider);
    }
 
-   return Botan::PK_Signature_Options()
+   return Botan::PK_Signature_Options_Builder()
       .with_hash(hash)
       .with_padding(padding)
       .with_der_encoded_signature(use_der)
-      .with_provider(provider);
+      .with_provider(provider)
+      .commit();
 }
 
 }  // namespace

diff --git a/src/examples/ecdsa.cpp b/src/examples/ecdsa.cpp
@@ -15,13 +15,13 @@ int main() {
    const std::string message("This is a tasty burger!");
 
    // sign data
-   Botan::PK_Signer signer(key, rng, Botan::PK_Signature_Options().with_hash("SHA-256"));
+   Botan::PK_Signer signer(key, rng, Botan::PK_Signature_Options_Builder().with_hash("SHA-256").commit());
    signer.update(message);
    std::vector<uint8_t> signature = signer.signature(rng);
    std::cout << "Signature:\n" << Botan::hex_encode(signature);
 
    // now verify the signature
-   Botan::PK_Verifier verifier(key, Botan::PK_Signature_Options().with_hash("SHA-256"));
+   Botan::PK_Verifier verifier(key, Botan::PK_Signature_Options_Builder().with_hash("SHA-256").commit());
    verifier.update(message);
    std::cout << "\nis " << (verifier.check_signature(signature) ? "valid" : "invalid");
    return 0;

diff --git a/src/examples/pkcs11_ecdsa.cpp b/src/examples/pkcs11_ecdsa.cpp
@@ -96,10 +96,10 @@ int main() {
 
    std::vector<uint8_t> plaintext(20, 0x01);
 
-   Botan::PK_Signer signer(key_pair.second, rng, Botan::PK_Signature_Options().with_hash("Raw"));
+   Botan::PK_Signer signer(key_pair.second, rng, Botan::PK_Signature_Options_Builder().with_hash("Raw").commit());
    auto signature = signer.sign_message(plaintext, rng);
 
-   Botan::PK_Verifier token_verifier(key_pair.first, Botan::PK_Signature_Options().with_hash("Raw"));
+   Botan::PK_Verifier token_verifier(key_pair.first, Botan::PK_Signature_Options_Builder().with_hash("Raw").commit());
    bool ecdsa_ok = token_verifier.verify_message(plaintext, signature);
 
    return ecdsa_ok ? 0 : 1;

diff --git a/src/examples/pkcs11_rsa.cpp b/src/examples/pkcs11_rsa.cpp
@@ -93,13 +93,13 @@ int main() {
    /************ RSA sign *************/
 
    Botan::PK_Signer signer(
-      rsa_keypair.second, rng, Botan::PK_Signature_Options().with_hash("SHA-256").with_padding("PSS"));
+      rsa_keypair.second, rng, Botan::PK_Signature_Options_Builder().with_hash("SHA-256").with_padding("PSS").commit());
    auto signature = signer.sign_message(plaintext, rng);
 
    /************ RSA verify *************/
 
    Botan::PK_Verifier verifier(rsa_keypair.first,
-                               Botan::PK_Signature_Options().with_hash("SHA-256").with_padding("PSS"));
+                               Botan::PK_Signature_Options_Builder().with_hash("SHA-256").with_padding("PSS").commit());
    auto ok = verifier.verify_message(plaintext, signature);
 
    return ok ? 0 : 1;

diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp
@@ -173,21 +173,25 @@ PK_Signature_Options gost_hash_from_algid(const AlgorithmIdentifier& alg_id) {
       throw Decoding_Error("Unexpected non-empty AlgorithmIdentifier parameters for GOST 34.10 signature");
    }
 
-   const std::string oid_str = alg_id.oid().to_formatted_string();
-   if(oid_str == "GOST-34.10/GOST-R-34.11-94") {
-      return PK_Signature_Options("GOST-R-34.11-94");
-   }
-   if(oid_str == "GOST-34.10-2012-256/Streebog-256") {
-      return PK_Signature_Options("Streebog-256");
-   }
-   if(oid_str == "GOST-34.10-2012-512/Streebog-512") {
-      return PK_Signature_Options("Streebog-512");
-   }
-   if(oid_str == "GOST-34.10-2012-256/SHA-256") {
-      return PK_Signature_Options("SHA-256");
+   const auto hash = [&](std::string_view oid_str) -> std::optional<std::string> {
+      if(oid_str == "GOST-34.10/GOST-R-34.11-94") {
+         return "GOST-R-34.11-94";
+      } else if(oid_str == "GOST-34.10-2012-256/Streebog-256") {
+         return "Streebog-256";
+      } else if(oid_str == "GOST-34.10-2012-512/Streebog-512") {
+         return "Streebog-512";
+      } else if(oid_str == "GOST-34.10-2012-256/SHA-256") {
+         return "SHA-256";
+      } else {
+         return std::nullopt;
+      }
+   }(alg_id.oid().to_formatted_string());
+
+   if(!hash.has_value()) {
+      throw Decoding_Error(fmt("Unknown OID ({}) for GOST 34.10 signatures", alg_id.oid()));
    }
 
-   throw Decoding_Error(fmt("Unknown OID ({}) for GOST 34.10 signatures", alg_id.oid()));
+   return PK_Signature_Options_Builder().with_hash(hash.value()).commit();
 }
 
 /**

diff --git a/src/lib/pubkey/pk_keys.cpp b/src/lib/pubkey/pk_keys.cpp
@@ -141,14 +141,14 @@ std::unique_ptr<PK_Ops::Key_Agreement> Private_Key::create_key_agreement_op(Rand
 
 std::unique_ptr<PK_Ops::Verification> Public_Key::create_verification_op(std::string_view params,
                                                                          std::string_view provider) const {
-   PK_Signature_Options opts(algo_name(), params, provider);
+   auto opts = PK_Signature_Options_Builder(algo_name(), params, provider).commit();
    return this->_create_verification_op(opts);
 }
 
 std::unique_ptr<PK_Ops::Signature> Private_Key::create_signature_op(RandomNumberGenerator& rng,
                                                                     std::string_view params,
                                                                     std::string_view provider) const {
-   PK_Signature_Options opts(algo_name(), params, provider);
+   auto opts = PK_Signature_Options_Builder(algo_name(), params, provider).commit();
    return this->_create_signature_op(rng, opts);
 }
 

diff --git a/src/lib/pubkey/pk_options.cpp b/src/lib/pubkey/pk_options.cpp
@@ -12,7 +12,9 @@
 
 namespace Botan {
 
-PK_Signature_Options::PK_Signature_Options(std::string_view algo, std::string_view params, std::string_view provider) {
+PK_Signature_Options_Builder::PK_Signature_Options_Builder(std::string_view algo,
+                                                           std::string_view params,
+                                                           std::string_view provider) {
    /*
    * This is a convoluted mess because we must handle dispatch for every algorithm
    * specific detail of how padding strings were formatted in versions prior to 3.6.
@@ -21,8 +23,6 @@ PK_Signature_Options::PK_Signature_Options(std::string_view algo, std::string_vi
    * are removed in Botan4.
    */
 
-   auto options = PK_Signature_Options();
-
    if(!provider.empty() && provider != "base") {
       with_provider(provider);
    }