Add new PBKDF interface that takes a std::chrono::milliseconds and

runs the KDF until at least that much time has passed, then returns
the number of interations used.

New parameter to the PKCS8 encryption routines which tells how long to
run the PBKDF. Defaults to 200 milliseconds, which is short enough
that it is unlikely to bother anyone but long enough to provide quite
reasonable security against cracking attacks.  On a Core i7-860, 200
ms with PBKDF2/SHA-1 runs about 180K to 220K iterations (compare with
previous default of 10K).

New PBE interface, remove new_params/set_key and require all inputs
including the passphrase to be passed to the constructor.

Drop the PGP S2K as it is pretty weird and not really useful outside
of a full PGP implementation.

Drop the deprecated PKCS8::encrypt_key and PKCS8::encode functions.

1 files changed, 0 insertions, 9 deletions

diff --git a/src/engine/core_engine/lookup_pbkdf.cpp b/src/engine/core_engine/lookup_pbkdf.cpp
index 2419f4373..bfd2c8bc2 100644
--- a/src/engine/core_engine/lookup_pbkdf.cpp
+++ b/src/engine/core_engine/lookup_pbkdf.cpp
@@ -17,10 +17,6 @@
   #include <botan/pbkdf2.h>
 #endif
 
-#if defined(BOTAN_HAS_PGPS2K)
-  #include <botan/pgp_s2k.h>
-#endif
-
 namespace Botan {
 
 PBKDF* Core_Engine::find_pbkdf(const SCAN_Name& algo_spec,
@@ -41,11 +37,6 @@ PBKDF* Core_Engine::find_pbkdf(const SCAN_Name& algo_spec,
       }
 #endif
 
-#if defined(BOTAN_HAS_PGPS2K)
-   if(algo_spec.algo_name() == "OpenPGP-S2K" && algo_spec.arg_count() == 1)
-      return new OpenPGP_S2K(af.make_hash_function(algo_spec.arg(0)));
-#endif
-
    return nullptr;
    }