diff options
| author | lloyd <[email protected]> | 2012-05-31 18:19:43 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2012-05-31 18:19:43 +0000 |
| commit | b82642c328d98f2aaa1ac17aa0999e69e7152ae8 (patch) | |
| tree | a2a181c26709bd7995d519c9148c6f0bc06f143f /src/pbe/get_pbe.cpp | |
| parent | 75db296a459a9e25b112207707cc5e26a6f2b872 (diff) | |
Add new PBKDF interface that takes a std::chrono::milliseconds and
runs the KDF until at least that much time has passed, then returns
the number of interations used.
New parameter to the PKCS8 encryption routines which tells how long to
run the PBKDF. Defaults to 200 milliseconds, which is short enough
that it is unlikely to bother anyone but long enough to provide quite
reasonable security against cracking attacks. On a Core i7-860, 200
ms with PBKDF2/SHA-1 runs about 180K to 220K iterations (compare with
previous default of 10K).
New PBE interface, remove new_params/set_key and require all inputs
including the passphrase to be passed to the constructor.
Drop the PGP S2K as it is pretty weird and not really useful outside
of a full PGP implementation.
Drop the deprecated PKCS8::encrypt_key and PKCS8::encode functions.
Diffstat (limited to 'src/pbe/get_pbe.cpp')
| -rw-r--r-- | src/pbe/get_pbe.cpp | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/src/pbe/get_pbe.cpp b/src/pbe/get_pbe.cpp index 3217101ef..9ce830639 100644 --- a/src/pbe/get_pbe.cpp +++ b/src/pbe/get_pbe.cpp @@ -24,7 +24,10 @@ namespace Botan { /* * Get an encryption PBE, set new parameters */ -PBE* get_pbe(const std::string& algo_spec) +PBE* get_pbe(const std::string& algo_spec, + const std::string& passphrase, + std::chrono::milliseconds msec, + RandomNumberGenerator& rng) { SCAN_Name request(algo_spec); @@ -59,13 +62,18 @@ PBE* get_pbe(const std::string& algo_spec) if(pbe == "PBE-PKCS5v15") return new PBE_PKCS5v15(block_cipher->clone(), hash_function->clone(), - ENCRYPTION); + passphrase, + msec, + rng); #endif #if defined(BOTAN_HAS_PBE_PKCS_V20) if(pbe == "PBE-PKCS5v20") return new PBE_PKCS5v20(block_cipher->clone(), - hash_function->clone()); + hash_function->clone(), + passphrase, + msec, + rng); #endif throw Algorithm_Not_Found(algo_spec); @@ -74,7 +82,9 @@ PBE* get_pbe(const std::string& algo_spec) /* * Get a decryption PBE, decode parameters */ -PBE* get_pbe(const OID& pbe_oid, DataSource& params) +PBE* get_pbe(const OID& pbe_oid, + const std::vector<byte>& params, + const std::string& passphrase) { SCAN_Name request(OIDS::lookup(pbe_oid)); @@ -111,17 +121,16 @@ PBE* get_pbe(const OID& pbe_oid, DataSource& params) if(!hash_function) throw Algorithm_Not_Found(digest_name); - PBE* pbe = new PBE_PKCS5v15(block_cipher->clone(), - hash_function->clone(), - DECRYPTION); - pbe->decode_params(params); - return pbe; + return new PBE_PKCS5v15(block_cipher->clone(), + hash_function->clone(), + params, + passphrase); } #endif #if defined(BOTAN_HAS_PBE_PKCS_V20) if(pbe == "PBE-PKCS5v20") - return new PBE_PKCS5v20(params); + return new PBE_PKCS5v20(params, passphrase); #endif throw Algorithm_Not_Found(pbe_oid.as_string()); |