aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pbe/pbes2/pbes2.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/pbe/pbes2/pbes2.cpp')
-rw-r--r--src/lib/pbe/pbes2/pbes2.cpp202
1 files changed, 0 insertions, 202 deletions
diff --git a/src/lib/pbe/pbes2/pbes2.cpp b/src/lib/pbe/pbes2/pbes2.cpp
deleted file mode 100644
index 131905374..000000000
--- a/src/lib/pbe/pbes2/pbes2.cpp
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
-* PKCS #5 PBES2
-* (C) 1999-2008 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/pbes2.h>
-#include <botan/pbkdf2.h>
-#include <botan/algo_factory.h>
-#include <botan/libstate.h>
-#include <botan/der_enc.h>
-#include <botan/ber_dec.h>
-#include <botan/parsing.h>
-#include <botan/alg_id.h>
-#include <botan/oids.h>
-#include <botan/lookup.h>
-#include <algorithm>
-
-namespace Botan {
-
-/*
-* Encrypt some bytes using PBES2
-*/
-void PBE_PKCS5v20::write(const byte input[], size_t length)
- {
- m_pipe.write(input, length);
- flush_pipe(true);
- }
-
-/*
-* Start encrypting with PBES2
-*/
-void PBE_PKCS5v20::start_msg()
- {
- m_pipe.append(get_cipher(m_block_cipher->name() + "/CBC/PKCS7",
- m_key, m_iv, m_direction));
-
- m_pipe.start_msg();
- if(m_pipe.message_count() > 1)
- m_pipe.set_default_msg(m_pipe.default_msg() + 1);
- }
-
-/*
-* Finish encrypting with PBES2
-*/
-void PBE_PKCS5v20::end_msg()
- {
- m_pipe.end_msg();
- flush_pipe(false);
- m_pipe.reset();
- }
-
-/*
-* Flush the pipe
-*/
-void PBE_PKCS5v20::flush_pipe(bool safe_to_skip)
- {
- if(safe_to_skip && m_pipe.remaining() < 64)
- return;
-
- secure_vector<byte> buffer(DEFAULT_BUFFERSIZE);
- while(m_pipe.remaining())
- {
- const size_t got = m_pipe.read(&buffer[0], buffer.size());
- send(buffer, got);
- }
- }
-
-/*
-* Encode PKCS#5 PBES2 parameters
-*/
-std::vector<byte> PBE_PKCS5v20::encode_params() const
- {
- return DER_Encoder()
- .start_cons(SEQUENCE)
- .encode(
- AlgorithmIdentifier("PKCS5.PBKDF2",
- DER_Encoder()
- .start_cons(SEQUENCE)
- .encode(m_salt, OCTET_STRING)
- .encode(m_iterations)
- .encode(m_key_length)
- .encode_if(
- m_prf->name() != "HMAC(SHA-160)",
- AlgorithmIdentifier(m_prf->name(),
- AlgorithmIdentifier::USE_NULL_PARAM))
- .end_cons()
- .get_contents_unlocked()
- )
- )
- .encode(
- AlgorithmIdentifier(m_block_cipher->name() + "/CBC",
- DER_Encoder().encode(m_iv, OCTET_STRING).get_contents_unlocked()
- )
- )
- .end_cons()
- .get_contents_unlocked();
- }
-
-/*
-* Return an OID for PBES2
-*/
-OID PBE_PKCS5v20::get_oid() const
- {
- return OIDS::lookup("PBE-PKCS5v20");
- }
-
-std::string PBE_PKCS5v20::name() const
- {
- return "PBE-PKCS5v20(" + m_block_cipher->name() + "," +
- m_prf->name() + ")";
- }
-
-/*
-* PKCS#5 v2.0 PBE Constructor
-*/
-PBE_PKCS5v20::PBE_PKCS5v20(BlockCipher* cipher,
- MessageAuthenticationCode* mac,
- const std::string& passphrase,
- std::chrono::milliseconds msec,
- RandomNumberGenerator& rng) :
- m_direction(ENCRYPTION),
- m_block_cipher(cipher),
- m_prf(mac),
- m_salt(rng.random_vec(12)),
- m_iv(rng.random_vec(m_block_cipher->block_size())),
- m_iterations(0),
- m_key_length(m_block_cipher->maximum_keylength())
- {
- PKCS5_PBKDF2 pbkdf(m_prf->clone());
-
- m_key = pbkdf.derive_key(m_key_length, passphrase,
- &m_salt[0], m_salt.size(),
- msec, m_iterations).bits_of();
- }
-
-/*
-* PKCS#5 v2.0 PBE Constructor
-*/
-PBE_PKCS5v20::PBE_PKCS5v20(const std::vector<byte>& params,
- const std::string& passphrase) :
- m_direction(DECRYPTION),
- m_block_cipher(nullptr),
- m_prf(nullptr)
- {
- AlgorithmIdentifier kdf_algo, enc_algo;
-
- BER_Decoder(params)
- .start_cons(SEQUENCE)
- .decode(kdf_algo)
- .decode(enc_algo)
- .verify_end()
- .end_cons();
-
- AlgorithmIdentifier prf_algo;
-
- if(kdf_algo.oid != OIDS::lookup("PKCS5.PBKDF2"))
- throw Decoding_Error("PBE-PKCS5 v2.0: Unknown KDF algorithm " +
- kdf_algo.oid.as_string());
-
- BER_Decoder(kdf_algo.parameters)
- .start_cons(SEQUENCE)
- .decode(m_salt, OCTET_STRING)
- .decode(m_iterations)
- .decode_optional(m_key_length, INTEGER, UNIVERSAL)
- .decode_optional(prf_algo, SEQUENCE, CONSTRUCTED,
- AlgorithmIdentifier("HMAC(SHA-160)",
- AlgorithmIdentifier::USE_NULL_PARAM))
- .verify_end()
- .end_cons();
-
- Algorithm_Factory& af = global_state().algorithm_factory();
-
- std::string cipher = OIDS::lookup(enc_algo.oid);
- std::vector<std::string> cipher_spec = split_on(cipher, '/');
- if(cipher_spec.size() != 2)
- throw Decoding_Error("PBE-PKCS5 v2.0: Invalid cipher spec " + cipher);
-
- if(cipher_spec[1] != "CBC")
- throw Decoding_Error("PBE-PKCS5 v2.0: Don't know param format for " +
- cipher);
-
- BER_Decoder(enc_algo.parameters).decode(m_iv, OCTET_STRING).verify_end();
-
- m_block_cipher.reset(af.make_block_cipher(cipher_spec[0]));
- m_prf.reset(af.make_mac(OIDS::lookup(prf_algo.oid)));
-
- if(m_key_length == 0)
- m_key_length = m_block_cipher->maximum_keylength();
-
- if(m_salt.size() < 8)
- throw Decoding_Error("PBE-PKCS5 v2.0: Encoded salt is too small");
-
- PKCS5_PBKDF2 pbkdf(m_prf->clone());
-
- m_key = pbkdf.derive_key(m_key_length, passphrase,
- &m_salt[0], m_salt.size(),
- m_iterations).bits_of();
- }
-
-}