Cleanup PBES2 and add GCM support

1 files changed, 0 insertions, 202 deletions

diff --git a/src/lib/pbe/pbes2/pbes2.cpp b/src/lib/pbe/pbes2/pbes2.cpp
deleted file mode 100644
index 131905374..000000000
--- a/src/lib/pbe/pbes2/pbes2.cpp
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
-* PKCS #5 PBES2
-* (C) 1999-2008 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/pbes2.h>
-#include <botan/pbkdf2.h>
-#include <botan/algo_factory.h>
-#include <botan/libstate.h>
-#include <botan/der_enc.h>
-#include <botan/ber_dec.h>
-#include <botan/parsing.h>
-#include <botan/alg_id.h>
-#include <botan/oids.h>
-#include <botan/lookup.h>
-#include <algorithm>
-
-namespace Botan {
-
-/*
-* Encrypt some bytes using PBES2
-*/
-void PBE_PKCS5v20::write(const byte input[], size_t length)
-   {
-   m_pipe.write(input, length);
-   flush_pipe(true);
-   }
-
-/*
-* Start encrypting with PBES2
-*/
-void PBE_PKCS5v20::start_msg()
-   {
-   m_pipe.append(get_cipher(m_block_cipher->name() + "/CBC/PKCS7",
-                            m_key, m_iv, m_direction));
-
-   m_pipe.start_msg();
-   if(m_pipe.message_count() > 1)
-      m_pipe.set_default_msg(m_pipe.default_msg() + 1);
-   }
-
-/*
-* Finish encrypting with PBES2
-*/
-void PBE_PKCS5v20::end_msg()
-   {
-   m_pipe.end_msg();
-   flush_pipe(false);
-   m_pipe.reset();
-   }
-
-/*
-* Flush the pipe
-*/
-void PBE_PKCS5v20::flush_pipe(bool safe_to_skip)
-   {
-   if(safe_to_skip && m_pipe.remaining() < 64)
-      return;
-
-   secure_vector<byte> buffer(DEFAULT_BUFFERSIZE);
-   while(m_pipe.remaining())
-      {
-      const size_t got = m_pipe.read(&buffer[0], buffer.size());
-      send(buffer, got);
-      }
-   }
-
-/*
-* Encode PKCS#5 PBES2 parameters
-*/
-std::vector<byte> PBE_PKCS5v20::encode_params() const
-   {
-   return DER_Encoder()
-      .start_cons(SEQUENCE)
-      .encode(
-         AlgorithmIdentifier("PKCS5.PBKDF2",
-            DER_Encoder()
-               .start_cons(SEQUENCE)
-                  .encode(m_salt, OCTET_STRING)
-                  .encode(m_iterations)
-                  .encode(m_key_length)
-                  .encode_if(
-                     m_prf->name() != "HMAC(SHA-160)",
-                     AlgorithmIdentifier(m_prf->name(),
-                                         AlgorithmIdentifier::USE_NULL_PARAM))
-               .end_cons()
-            .get_contents_unlocked()
-            )
-         )
-      .encode(
-         AlgorithmIdentifier(m_block_cipher->name() + "/CBC",
-            DER_Encoder().encode(m_iv, OCTET_STRING).get_contents_unlocked()
-            )
-         )
-      .end_cons()
-      .get_contents_unlocked();
-   }
-
-/*
-* Return an OID for PBES2
-*/
-OID PBE_PKCS5v20::get_oid() const
-   {
-   return OIDS::lookup("PBE-PKCS5v20");
-   }
-
-std::string PBE_PKCS5v20::name() const
-   {
-   return "PBE-PKCS5v20(" + m_block_cipher->name() + "," +
-                            m_prf->name() + ")";
-   }
-
-/*
-* PKCS#5 v2.0 PBE Constructor
-*/
-PBE_PKCS5v20::PBE_PKCS5v20(BlockCipher* cipher,
-                           MessageAuthenticationCode* mac,
-                           const std::string& passphrase,
-                           std::chrono::milliseconds msec,
-                           RandomNumberGenerator& rng) :
-   m_direction(ENCRYPTION),
-   m_block_cipher(cipher),
-   m_prf(mac),
-   m_salt(rng.random_vec(12)),
-   m_iv(rng.random_vec(m_block_cipher->block_size())),
-   m_iterations(0),
-   m_key_length(m_block_cipher->maximum_keylength())
-   {
-   PKCS5_PBKDF2 pbkdf(m_prf->clone());
-
-   m_key = pbkdf.derive_key(m_key_length, passphrase,
-                            &m_salt[0], m_salt.size(),
-                            msec, m_iterations).bits_of();
-   }
-
-/*
-* PKCS#5 v2.0 PBE Constructor
-*/
-PBE_PKCS5v20::PBE_PKCS5v20(const std::vector<byte>& params,
-                           const std::string& passphrase) :
-   m_direction(DECRYPTION),
-   m_block_cipher(nullptr),
-   m_prf(nullptr)
-   {
-   AlgorithmIdentifier kdf_algo, enc_algo;
-
-   BER_Decoder(params)
-      .start_cons(SEQUENCE)
-         .decode(kdf_algo)
-         .decode(enc_algo)
-         .verify_end()
-      .end_cons();
-
-   AlgorithmIdentifier prf_algo;
-
-   if(kdf_algo.oid != OIDS::lookup("PKCS5.PBKDF2"))
-      throw Decoding_Error("PBE-PKCS5 v2.0: Unknown KDF algorithm " +
-                           kdf_algo.oid.as_string());
-
-   BER_Decoder(kdf_algo.parameters)
-      .start_cons(SEQUENCE)
-         .decode(m_salt, OCTET_STRING)
-         .decode(m_iterations)
-         .decode_optional(m_key_length, INTEGER, UNIVERSAL)
-         .decode_optional(prf_algo, SEQUENCE, CONSTRUCTED,
-                          AlgorithmIdentifier("HMAC(SHA-160)",
-                                              AlgorithmIdentifier::USE_NULL_PARAM))
-      .verify_end()
-      .end_cons();
-
-   Algorithm_Factory& af = global_state().algorithm_factory();
-
-   std::string cipher = OIDS::lookup(enc_algo.oid);
-   std::vector<std::string> cipher_spec = split_on(cipher, '/');
-   if(cipher_spec.size() != 2)
-      throw Decoding_Error("PBE-PKCS5 v2.0: Invalid cipher spec " + cipher);
-
-   if(cipher_spec[1] != "CBC")
-      throw Decoding_Error("PBE-PKCS5 v2.0: Don't know param format for " +
-                           cipher);
-
-   BER_Decoder(enc_algo.parameters).decode(m_iv, OCTET_STRING).verify_end();
-
-   m_block_cipher.reset(af.make_block_cipher(cipher_spec[0]));
-   m_prf.reset(af.make_mac(OIDS::lookup(prf_algo.oid)));
-
-   if(m_key_length == 0)
-      m_key_length = m_block_cipher->maximum_keylength();
-
-   if(m_salt.size() < 8)
-      throw Decoding_Error("PBE-PKCS5 v2.0: Encoded salt is too small");
-
-   PKCS5_PBKDF2 pbkdf(m_prf->clone());
-
-   m_key = pbkdf.derive_key(m_key_length, passphrase,
-                            &m_salt[0], m_salt.size(),
-                            m_iterations).bits_of();
-   }
-
-}