aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/relnotes/1_11_12.rst12
-rw-r--r--src/lib/asn1/oid_lookup/default.cpp11
-rw-r--r--src/lib/pubkey/mce/mceliece_key.h2
-rw-r--r--src/lib/pubkey/pkcs8.cpp20
4 files changed, 31 insertions, 14 deletions
diff --git a/doc/relnotes/1_11_12.rst b/doc/relnotes/1_11_12.rst
index 344dc95dc..516f41e81 100644
--- a/doc/relnotes/1_11_12.rst
+++ b/doc/relnotes/1_11_12.rst
@@ -2,6 +2,12 @@ Version 1.11.12, Not Yet Released
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* Add Curve25519. The implementation is based on curve25519-donna-c64.c
- by Adam Langley. New (completely non-standard) OIDs and
- formats for encrypting Curve25519 keys under PKCS #8 and including
- them in certificates and CRLs have been defined.
+ by Adam Langley. New (completely non-standard) OIDs and formats for
+ encrypting Curve25519 keys under PKCS #8 and including them in
+ certificates and CRLs have been defined.
+
+* When encrypted as PKCS #8 structures, Curve25519 and McEliece
+ private keys default to using AES-256/GCM instead of AES-256/CBC
+
+* Define OIDs for OCB mode with AES, Serpent and Twofish.
+
diff --git a/src/lib/asn1/oid_lookup/default.cpp b/src/lib/asn1/oid_lookup/default.cpp
index 54e834439..03b1be99f 100644
--- a/src/lib/asn1/oid_lookup/default.cpp
+++ b/src/lib/asn1/oid_lookup/default.cpp
@@ -1,6 +1,6 @@
/*
* OID Registry
-* (C) 1999-2010,2013 Jack Lloyd
+* (C) 1999-2010,2013,2014 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -24,7 +24,8 @@ void set_defaults()
OIDS::add_oidstr("1.3.6.1.4.1.3029.1.2.1", "ElGamal");
OIDS::add_oidstr("1.3.6.1.4.1.25258.1.1", "RW");
OIDS::add_oidstr("1.3.6.1.4.1.25258.1.2", "NR");
- OIDS::add_oidstr("1.3.6.1.4.1.25258.1.3", "McEliece/BIGGF2M");
+ OIDS::add_oidstr("1.3.6.1.4.1.25258.1.3", "McEliece");
+ OIDS::add_oidstr("1.3.6.1.4.1.25258.1.4", "Curve25519");
// X9.62 ecPublicKey, valid for ECDSA and ECDH (RFC 3279 sec 2.3.5)
OIDS::add_oidstr("1.2.840.10045.2.1", "ECDSA");
@@ -59,6 +60,12 @@ void set_defaults()
OIDS::add_oidstr("1.3.6.1.4.1.25258.3.101", "Serpent/GCM");
OIDS::add_oidstr("1.3.6.1.4.1.25258.3.102", "Twofish/GCM");
+ OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2.1", "AES-128/OCB");
+ OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2.2", "AES-192/OCB");
+ OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2.3", "AES-256/OCB");
+ OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2.4", "Serpent/OCB");
+ OIDS::add_oidstr("1.3.6.1.4.1.25258.3.2.5", "Twofish/OCB");
+
/* Hash Functions */
OIDS::add_oidstr("1.2.840.113549.2.5", "MD5");
OIDS::add_oidstr("1.3.6.1.4.1.11591.12.2", "Tiger(24,3)");
diff --git a/src/lib/pubkey/mce/mceliece_key.h b/src/lib/pubkey/mce/mceliece_key.h
index cb9412c05..d8b4b59ce 100644
--- a/src/lib/pubkey/mce/mceliece_key.h
+++ b/src/lib/pubkey/mce/mceliece_key.h
@@ -32,7 +32,7 @@ class BOTAN_DLL McEliece_PublicKey : public virtual Public_Key
McEliece_PublicKey(const McEliece_PublicKey & other);
- std::string algo_name() const { return "McEliece/BIGGF2M"; }
+ std::string algo_name() const { return "McEliece"; }
/**
* Get the maximum number of bits allowed to be fed to this key.
diff --git a/src/lib/pubkey/pkcs8.cpp b/src/lib/pubkey/pkcs8.cpp
index 15f0c4539..298cea064 100644
--- a/src/lib/pubkey/pkcs8.cpp
+++ b/src/lib/pubkey/pkcs8.cpp
@@ -153,17 +153,21 @@ std::string PEM_encode(const Private_Key& key)
namespace {
std::pair<std::string, std::string>
-choose_pbe_params(const std::string& pbe_algo)
+choose_pbe_params(const std::string& pbe_algo, const std::string& key_algo)
{
- if(!pbe_algo.empty())
+ if(pbe_algo == "")
{
- SCAN_Name request(pbe_algo);
- if(request.algo_name() != "PBE-PKCS5v20")
- throw std::runtime_error("Unsupported PBE " + pbe_algo);
- return std::make_pair(request.arg(1), request.arg(0));
+ // Defaults:
+ if(key_algo == "Curve25519" || key_algo == "McEliece")
+ return std::make_pair("AES-256/GCM", "SHA-512");
+ else // for everything else (RSA, DSA, ECDSA, GOST, ...)
+ return std::make_pair("AES-256/CBC", "SHA-256");
}
- return std::make_pair("AES-256/CBC", "SHA-256");
+ SCAN_Name request(pbe_algo);
+ if(request.algo_name() != "PBE-PKCS5v20" || request.arg_count() != 2)
+ throw std::runtime_error("Unsupported PBE " + pbe_algo);
+ return std::make_pair(request.arg(1), request.arg(0));
}
}
@@ -177,7 +181,7 @@ std::vector<byte> BER_encode(const Private_Key& key,
std::chrono::milliseconds msec,
const std::string& pbe_algo)
{
- const auto pbe_params = choose_pbe_params(pbe_algo);
+ const auto pbe_params = choose_pbe_params(pbe_algo, key.algo_name());
const std::pair<AlgorithmIdentifier, std::vector<byte>> pbe_info =
pbes2_encrypt(PKCS8::BER_encode(key), pass, msec,