diff options
Diffstat (limited to 'src/lib/constructs')
| -rw-r--r-- | src/lib/constructs/pbes2/pbes2.cpp | 43 | ||||
| -rw-r--r-- | src/lib/constructs/pbes2/pbes2.h | 6 | ||||
| -rw-r--r-- | src/lib/constructs/rfc3394/rfc3394.cpp | 22 | ||||
| -rw-r--r-- | src/lib/constructs/rfc3394/rfc3394.h | 9 |
4 files changed, 27 insertions, 53 deletions
diff --git a/src/lib/constructs/pbes2/pbes2.cpp b/src/lib/constructs/pbes2/pbes2.cpp index 8c2348408..811806891 100644 --- a/src/lib/constructs/pbes2/pbes2.cpp +++ b/src/lib/constructs/pbes2/pbes2.cpp @@ -6,6 +6,8 @@ */ #include <botan/pbes2.h> +#include <botan/algo_registry.h> +#include <botan/cipher_mode.h> #include <botan/pbkdf2.h> #include <botan/der_enc.h> #include <botan/ber_dec.h> @@ -13,13 +15,8 @@ #include <botan/alg_id.h> #include <botan/oids.h> #include <botan/rng.h> -#include <botan/cbc.h> #include <algorithm> -#if defined(BOTAN_HAS_AEAD_GCM) - #include <botan/gcm.h> -#endif - namespace Botan { namespace { @@ -70,8 +67,7 @@ pbes2_encrypt(const secure_vector<byte>& key_bits, std::chrono::milliseconds msec, const std::string& cipher, const std::string& digest, - RandomNumberGenerator& rng, - Algorithm_Factory& af) + RandomNumberGenerator& rng) { const std::string prf = "HMAC(" + digest + ")"; @@ -81,18 +77,12 @@ pbes2_encrypt(const secure_vector<byte>& key_bits, const secure_vector<byte> salt = rng.random_vec(12); - std::unique_ptr<Keyed_Transform> enc; - - if(cipher_spec[1] == "CBC") - enc.reset(new CBC_Encryption(af.make_block_cipher(cipher_spec[0]), new PKCS7_Padding)); -#if defined(BOTAN_HAS_AEAD_GCM) - else if(cipher_spec[1] == "GCM") - enc.reset(new GCM_Encryption(af.make_block_cipher(cipher_spec[0]))); -#endif - else + if(cipher_spec[1] != "CBC" && cipher_spec[1] != "GCM") throw Decoding_Error("PBE-PKCS5 v2.0: Don't know param format for " + cipher); - PKCS5_PBKDF2 pbkdf(af.make_mac(prf)); + std::unique_ptr<Keyed_Transform> enc(get_cipher_mode(cipher, ENCRYPTION)); + + PKCS5_PBKDF2 pbkdf(Algo_Registry<MessageAuthenticationCode>::global_registry().make(prf)); const size_t key_length = enc->key_spec().maximum_keylength(); size_t iterations = 0; @@ -116,8 +106,7 @@ pbes2_encrypt(const secure_vector<byte>& key_bits, secure_vector<byte> pbes2_decrypt(const secure_vector<byte>& key_bits, const std::string& passphrase, - const std::vector<byte>& params, - Algorithm_Factory& af) + const std::vector<byte>& params) { AlgorithmIdentifier kdf_algo, enc_algo; @@ -152,6 +141,8 @@ pbes2_decrypt(const secure_vector<byte>& key_bits, const std::vector<std::string> cipher_spec = split_on(cipher, '/'); if(cipher_spec.size() != 2) throw Decoding_Error("PBE-PKCS5 v2.0: Invalid cipher spec " + cipher); + if(cipher_spec[1] != "CBC" && cipher_spec[1] != "GCM") + throw Decoding_Error("PBE-PKCS5 v2.0: Don't know param format for " + cipher); if(salt.size() < 8) throw Decoding_Error("PBE-PKCS5 v2.0: Encoded salt is too small"); @@ -159,18 +150,10 @@ pbes2_decrypt(const secure_vector<byte>& key_bits, secure_vector<byte> iv; BER_Decoder(enc_algo.parameters).decode(iv, OCTET_STRING).verify_end(); - PKCS5_PBKDF2 pbkdf(af.make_mac(OIDS::lookup(prf_algo.oid))); - - std::unique_ptr<Keyed_Transform> dec; + const std::string prf = OIDS::lookup(prf_algo.oid); + PKCS5_PBKDF2 pbkdf(Algo_Registry<MessageAuthenticationCode>::global_registry().make(prf)); - if(cipher_spec[1] == "CBC") - dec.reset(new CBC_Decryption(af.make_block_cipher(cipher_spec[0]), new PKCS7_Padding)); -#if defined(BOTAN_HAS_AEAD_GCM) - else if(cipher_spec[1] == "GCM") - dec.reset(new GCM_Decryption(af.make_block_cipher(cipher_spec[0]))); -#endif - else - throw Decoding_Error("PBE-PKCS5 v2.0: Don't know param format for " + cipher); + std::unique_ptr<Keyed_Transform> dec(get_cipher_mode(cipher, DECRYPTION)); if(key_length == 0) key_length = dec->key_spec().maximum_keylength(); diff --git a/src/lib/constructs/pbes2/pbes2.h b/src/lib/constructs/pbes2/pbes2.h index 7d73795dc..3aa7d1159 100644 --- a/src/lib/constructs/pbes2/pbes2.h +++ b/src/lib/constructs/pbes2/pbes2.h @@ -30,8 +30,7 @@ BOTAN_DLL pbes2_encrypt(const secure_vector<byte>& key_bits, std::chrono::milliseconds msec, const std::string& cipher, const std::string& digest, - RandomNumberGenerator& rng, - Algorithm_Factory& af); + RandomNumberGenerator& rng); /** * Decrypt a PKCS #5 v2.0 encrypted stream @@ -42,8 +41,7 @@ BOTAN_DLL pbes2_encrypt(const secure_vector<byte>& key_bits, secure_vector<byte> BOTAN_DLL pbes2_decrypt(const secure_vector<byte>& key_bits, const std::string& passphrase, - const std::vector<byte>& params, - Algorithm_Factory& af); + const std::vector<byte>& params); } diff --git a/src/lib/constructs/rfc3394/rfc3394.cpp b/src/lib/constructs/rfc3394/rfc3394.cpp index ee1cc1dd8..6c8b62219 100644 --- a/src/lib/constructs/rfc3394/rfc3394.cpp +++ b/src/lib/constructs/rfc3394/rfc3394.cpp @@ -6,7 +6,7 @@ */ #include <botan/rfc3394.h> -#include <botan/algo_factory.h> +#include <botan/algo_registry.h> #include <botan/block_cipher.h> #include <botan/loadstor.h> #include <botan/exceptn.h> @@ -16,15 +16,15 @@ namespace Botan { namespace { -BlockCipher* make_aes(size_t keylength, - Algorithm_Factory& af) +BlockCipher* make_aes(size_t keylength) { + auto& block_ciphers = Algo_Registry<BlockCipher>::global_registry(); if(keylength == 16) - return af.make_block_cipher("AES-128"); + return block_ciphers.make("AES-128"); else if(keylength == 24) - return af.make_block_cipher("AES-192"); + return block_ciphers.make("AES-192"); else if(keylength == 32) - return af.make_block_cipher("AES-256"); + return block_ciphers.make("AES-256"); else throw std::invalid_argument("Bad KEK length for NIST keywrap"); } @@ -32,13 +32,12 @@ BlockCipher* make_aes(size_t keylength, } secure_vector<byte> rfc3394_keywrap(const secure_vector<byte>& key, - const SymmetricKey& kek, - Algorithm_Factory& af) + const SymmetricKey& kek) { if(key.size() % 8 != 0) throw std::invalid_argument("Bad input key size for NIST key wrap"); - std::unique_ptr<BlockCipher> aes(make_aes(kek.length(), af)); + std::unique_ptr<BlockCipher> aes(make_aes(kek.length())); aes->set_key(kek); const size_t n = key.size() / 8; @@ -74,13 +73,12 @@ secure_vector<byte> rfc3394_keywrap(const secure_vector<byte>& key, } secure_vector<byte> rfc3394_keyunwrap(const secure_vector<byte>& key, - const SymmetricKey& kek, - Algorithm_Factory& af) + const SymmetricKey& kek) { if(key.size() < 16 || key.size() % 8 != 0) throw std::invalid_argument("Bad input key size for NIST key unwrap"); - std::unique_ptr<BlockCipher> aes(make_aes(kek.length(), af)); + std::unique_ptr<BlockCipher> aes(make_aes(kek.length())); aes->set_key(kek); const size_t n = (key.size() - 8) / 8; diff --git a/src/lib/constructs/rfc3394/rfc3394.h b/src/lib/constructs/rfc3394/rfc3394.h index 9800bbab1..fab6bc3cb 100644 --- a/src/lib/constructs/rfc3394/rfc3394.h +++ b/src/lib/constructs/rfc3394/rfc3394.h @@ -12,20 +12,16 @@ namespace Botan { -class Algorithm_Factory; - /** * Encrypt a key under a key encryption key using the algorithm * described in RFC 3394 * * @param key the plaintext key to encrypt * @param kek the key encryption key -* @param af an algorithm factory * @return key encrypted under kek */ secure_vector<byte> BOTAN_DLL rfc3394_keywrap(const secure_vector<byte>& key, - const SymmetricKey& kek, - Algorithm_Factory& af); + const SymmetricKey& kek); /** * Decrypt a key under a key encryption key using the algorithm @@ -37,8 +33,7 @@ secure_vector<byte> BOTAN_DLL rfc3394_keywrap(const secure_vector<byte>& key, * @return key decrypted under kek */ secure_vector<byte> BOTAN_DLL rfc3394_keyunwrap(const secure_vector<byte>& key, - const SymmetricKey& kek, - Algorithm_Factory& af); + const SymmetricKey& kek); } |