aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
authorlloyd <[email protected]>2014-12-08 07:21:12 +0000
committerlloyd <[email protected]>2014-12-08 07:21:12 +0000
commite14d04baf0261d5250285fcb6486950078b2c6e7 (patch)
treefaddc8299e5f4c0495418e7b2fb8ad9181965ab0 /src/lib
parent1b7dbd5ca22f83ac8011dc209d92d2562562c816 (diff)
Cleanup for pbe name parsing in PKCS #8 encoder
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/pubkey/pkcs8.cpp37
1 files changed, 23 insertions, 14 deletions
diff --git a/src/lib/pubkey/pkcs8.cpp b/src/lib/pubkey/pkcs8.cpp
index 24a5bb21f..15f0c4539 100644
--- a/src/lib/pubkey/pkcs8.cpp
+++ b/src/lib/pubkey/pkcs8.cpp
@@ -1,6 +1,6 @@
/*
* PKCS #8
-* (C) 1999-2010 Jack Lloyd
+* (C) 1999-2010,2014 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -150,6 +150,24 @@ std::string PEM_encode(const Private_Key& key)
return PEM_Code::encode(PKCS8::BER_encode(key), "PRIVATE KEY");
}
+namespace {
+
+std::pair<std::string, std::string>
+choose_pbe_params(const std::string& pbe_algo)
+ {
+ if(!pbe_algo.empty())
+ {
+ SCAN_Name request(pbe_algo);
+ if(request.algo_name() != "PBE-PKCS5v20")
+ throw std::runtime_error("Unsupported PBE " + pbe_algo);
+ return std::make_pair(request.arg(1), request.arg(0));
+ }
+
+ return std::make_pair("AES-256/CBC", "SHA-256");
+ }
+
+}
+
/*
* BER encode a PKCS #8 private key, encrypted
*/
@@ -159,21 +177,12 @@ std::vector<byte> BER_encode(const Private_Key& key,
std::chrono::milliseconds msec,
const std::string& pbe_algo)
{
- const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-256,AES-256/CBC)";
-
- SCAN_Name request(pbe_algo.empty() ? DEFAULT_PBE : pbe_algo);
-
- const std::string pbe = request.algo_name();
-
- if(pbe != "PBE-PKCS5v20")
- throw std::runtime_error("Unsupported PBE " + pbe);
-
- const std::string digest = request.arg(0);
- const std::string cipher = request.arg(1);
+ const auto pbe_params = choose_pbe_params(pbe_algo);
const std::pair<AlgorithmIdentifier, std::vector<byte>> pbe_info =
- pbes2_encrypt(PKCS8::BER_encode(key), pass, msec, cipher, digest, rng,
- global_state().algorithm_factory());
+ pbes2_encrypt(PKCS8::BER_encode(key), pass, msec,
+ pbe_params.first, pbe_params.second,
+ rng, global_state().algorithm_factory());
return DER_Encoder()
.start_cons(SEQUENCE)