diff options
author | lloyd <[email protected]> | 2014-11-19 12:45:07 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2014-11-19 12:45:07 +0000 |
commit | 840fc0e4dfcb9578b9b1bfd3da0b8fd8a1fa8534 (patch) | |
tree | 8d907b91cfb796bf1357f276b017724ad2354964 /src/lib/pubkey | |
parent | 80858693243f3774c2b3cd9084fb5aaafc542b06 (diff) |
Cleanup PBES2 and add GCM support
Diffstat (limited to 'src/lib/pubkey')
-rw-r--r-- | src/lib/pubkey/info.txt | 2 | ||||
-rw-r--r-- | src/lib/pubkey/pkcs8.cpp | 36 |
2 files changed, 22 insertions, 16 deletions
diff --git a/src/lib/pubkey/info.txt b/src/lib/pubkey/info.txt index 27a332b5c..760f9c5cc 100644 --- a/src/lib/pubkey/info.txt +++ b/src/lib/pubkey/info.txt @@ -33,7 +33,7 @@ filters kdf libstate oid_lookup -pbe +pbes2 pem pk_pad rng diff --git a/src/lib/pubkey/pkcs8.cpp b/src/lib/pubkey/pkcs8.cpp index 7d4c9d802..24a5bb21f 100644 --- a/src/lib/pubkey/pkcs8.cpp +++ b/src/lib/pubkey/pkcs8.cpp @@ -6,12 +6,14 @@ */ #include <botan/pkcs8.h> -#include <botan/get_pbe.h> #include <botan/der_enc.h> #include <botan/ber_dec.h> #include <botan/alg_id.h> #include <botan/oids.h> #include <botan/pem.h> +#include <botan/pbes2.h> +#include <botan/libstate.h> +#include <botan/scan_name.h> #include <botan/internal/pk_algs.h> namespace Botan { @@ -94,10 +96,11 @@ secure_vector<byte> PKCS8_decode( if(pass.first == false) break; - Pipe decryptor(get_pbe(pbe_alg_id.oid, pbe_alg_id.parameters, pass.second)); + if(OIDS::lookup(pbe_alg_id.oid) != "PBE-PKCS5v20") + throw std::runtime_error("Unknown PBE type " + pbe_alg_id.oid.as_string()); - decryptor.process_msg(key_data); - key = decryptor.read_all(); + key = pbes2_decrypt(key_data, pass.second, pbe_alg_id.parameters, + global_state().algorithm_factory()); } BER_Decoder(key) @@ -156,23 +159,26 @@ std::vector<byte> BER_encode(const Private_Key& key, std::chrono::milliseconds msec, const std::string& pbe_algo) { - const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,AES-256/CBC)"; + const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-256,AES-256/CBC)"; - std::unique_ptr<PBE> pbe( - get_pbe(((pbe_algo != "") ? pbe_algo : DEFAULT_PBE), - pass, - msec, - rng)); + SCAN_Name request(pbe_algo.empty() ? DEFAULT_PBE : pbe_algo); - AlgorithmIdentifier pbe_algid(pbe->get_oid(), pbe->encode_params()); + const std::string pbe = request.algo_name(); - Pipe key_encrytor(pbe.release()); - key_encrytor.process_msg(PKCS8::BER_encode(key)); + if(pbe != "PBE-PKCS5v20") + throw std::runtime_error("Unsupported PBE " + pbe); + + const std::string digest = request.arg(0); + const std::string cipher = request.arg(1); + + const std::pair<AlgorithmIdentifier, std::vector<byte>> pbe_info = + pbes2_encrypt(PKCS8::BER_encode(key), pass, msec, cipher, digest, rng, + global_state().algorithm_factory()); return DER_Encoder() .start_cons(SEQUENCE) - .encode(pbe_algid) - .encode(key_encrytor.read_all(), OCTET_STRING) + .encode(pbe_info.first) + .encode(pbe_info.second, OCTET_STRING) .end_cons() .get_contents_unlocked(); } |