aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey
diff options
context:
space:
mode:
authorlloyd <[email protected]>2014-11-19 12:45:07 +0000
committerlloyd <[email protected]>2014-11-19 12:45:07 +0000
commit840fc0e4dfcb9578b9b1bfd3da0b8fd8a1fa8534 (patch)
tree8d907b91cfb796bf1357f276b017724ad2354964 /src/lib/pubkey
parent80858693243f3774c2b3cd9084fb5aaafc542b06 (diff)
Cleanup PBES2 and add GCM support
Diffstat (limited to 'src/lib/pubkey')
-rw-r--r--src/lib/pubkey/info.txt2
-rw-r--r--src/lib/pubkey/pkcs8.cpp36
2 files changed, 22 insertions, 16 deletions
diff --git a/src/lib/pubkey/info.txt b/src/lib/pubkey/info.txt
index 27a332b5c..760f9c5cc 100644
--- a/src/lib/pubkey/info.txt
+++ b/src/lib/pubkey/info.txt
@@ -33,7 +33,7 @@ filters
kdf
libstate
oid_lookup
-pbe
+pbes2
pem
pk_pad
rng
diff --git a/src/lib/pubkey/pkcs8.cpp b/src/lib/pubkey/pkcs8.cpp
index 7d4c9d802..24a5bb21f 100644
--- a/src/lib/pubkey/pkcs8.cpp
+++ b/src/lib/pubkey/pkcs8.cpp
@@ -6,12 +6,14 @@
*/
#include <botan/pkcs8.h>
-#include <botan/get_pbe.h>
#include <botan/der_enc.h>
#include <botan/ber_dec.h>
#include <botan/alg_id.h>
#include <botan/oids.h>
#include <botan/pem.h>
+#include <botan/pbes2.h>
+#include <botan/libstate.h>
+#include <botan/scan_name.h>
#include <botan/internal/pk_algs.h>
namespace Botan {
@@ -94,10 +96,11 @@ secure_vector<byte> PKCS8_decode(
if(pass.first == false)
break;
- Pipe decryptor(get_pbe(pbe_alg_id.oid, pbe_alg_id.parameters, pass.second));
+ if(OIDS::lookup(pbe_alg_id.oid) != "PBE-PKCS5v20")
+ throw std::runtime_error("Unknown PBE type " + pbe_alg_id.oid.as_string());
- decryptor.process_msg(key_data);
- key = decryptor.read_all();
+ key = pbes2_decrypt(key_data, pass.second, pbe_alg_id.parameters,
+ global_state().algorithm_factory());
}
BER_Decoder(key)
@@ -156,23 +159,26 @@ std::vector<byte> BER_encode(const Private_Key& key,
std::chrono::milliseconds msec,
const std::string& pbe_algo)
{
- const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,AES-256/CBC)";
+ const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-256,AES-256/CBC)";
- std::unique_ptr<PBE> pbe(
- get_pbe(((pbe_algo != "") ? pbe_algo : DEFAULT_PBE),
- pass,
- msec,
- rng));
+ SCAN_Name request(pbe_algo.empty() ? DEFAULT_PBE : pbe_algo);
- AlgorithmIdentifier pbe_algid(pbe->get_oid(), pbe->encode_params());
+ const std::string pbe = request.algo_name();
- Pipe key_encrytor(pbe.release());
- key_encrytor.process_msg(PKCS8::BER_encode(key));
+ if(pbe != "PBE-PKCS5v20")
+ throw std::runtime_error("Unsupported PBE " + pbe);
+
+ const std::string digest = request.arg(0);
+ const std::string cipher = request.arg(1);
+
+ const std::pair<AlgorithmIdentifier, std::vector<byte>> pbe_info =
+ pbes2_encrypt(PKCS8::BER_encode(key), pass, msec, cipher, digest, rng,
+ global_state().algorithm_factory());
return DER_Encoder()
.start_cons(SEQUENCE)
- .encode(pbe_algid)
- .encode(key_encrytor.read_all(), OCTET_STRING)
+ .encode(pbe_info.first)
+ .encode(pbe_info.second, OCTET_STRING)
.end_cons()
.get_contents_unlocked();
}