diff options
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/pubkey/info.txt | 1 | ||||
-rw-r--r-- | src/lib/pubkey/pkcs8.cpp | 43 |
2 files changed, 35 insertions, 9 deletions
diff --git a/src/lib/pubkey/info.txt b/src/lib/pubkey/info.txt index bd848e353..c6e8036e5 100644 --- a/src/lib/pubkey/info.txt +++ b/src/lib/pubkey/info.txt @@ -22,7 +22,6 @@ pk_ops_impl.h asn1 bigint kdf -pbes2 pem pk_pad numbertheory diff --git a/src/lib/pubkey/pkcs8.cpp b/src/lib/pubkey/pkcs8.cpp index 0d13d8090..bea3beec0 100644 --- a/src/lib/pubkey/pkcs8.cpp +++ b/src/lib/pubkey/pkcs8.cpp @@ -1,6 +1,6 @@ /* * PKCS #8 -* (C) 1999-2010,2014 Jack Lloyd +* (C) 1999-2010,2014,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -12,10 +12,13 @@ #include <botan/alg_id.h> #include <botan/oids.h> #include <botan/pem.h> -#include <botan/pbes2.h> #include <botan/scan_name.h> #include <botan/pk_algs.h> +#if defined(BOTAN_HAS_PKCS5_PBES2) + #include <botan/pbes2.h> +#endif + namespace Botan { namespace PKCS8 { @@ -54,20 +57,20 @@ secure_vector<uint8_t> PKCS8_decode( try { if(ASN1::maybe_BER(source) && !PEM_Code::matches(source)) { - if ( is_encrypted ) + if(is_encrypted) { key_data = PKCS8_extract(source, pbe_alg_id); } else { // todo read more efficiently - while ( !source.end_of_data() ) + while(!source.end_of_data()) { uint8_t b; - size_t read = source.read_byte( b ); - if ( read ) + size_t read = source.read_byte(b); + if(read) { - key_data.push_back( b ); + key_data.push_back(b); } } } @@ -103,14 +106,19 @@ secure_vector<uint8_t> PKCS8_decode( { if(OIDS::lookup(pbe_alg_id.get_oid()) != "PBE-PKCS5v20") throw Exception("Unknown PBE type " + pbe_alg_id.get_oid().as_string()); +#if defined(BOTAN_HAS_PKCS5_PBES2) key = pbes2_decrypt(key_data, get_passphrase(), pbe_alg_id.get_parameters()); +#else + BOTAN_UNUSED(get_passphrase); + throw Decoding_Error("Private key is encrypted but PBES2 was disabled in build"); +#endif } else key = key_data; BER_Decoder(key) .start_cons(SEQUENCE) - .decode_and_check<size_t>(0, "Unknown PKCS #8 version number") + .decode_and_check<size_t>(0, "Unknown PKCS #8 version number") .decode(pk_alg_id) .decode(key, OCTET_STRING) .discard_remaining() @@ -142,6 +150,8 @@ std::string PEM_encode(const Private_Key& key) return PEM_Code::encode(PKCS8::BER_encode(key), "PRIVATE KEY"); } +#if defined(BOTAN_HAS_PKCS5_PBES2) + namespace { std::pair<std::string, std::string> @@ -164,6 +174,8 @@ choose_pbe_params(const std::string& pbe_algo, const std::string& key_algo) } +#endif + /* * BER encode a PKCS #8 private key, encrypted */ @@ -173,6 +185,7 @@ std::vector<uint8_t> BER_encode(const Private_Key& key, std::chrono::milliseconds msec, const std::string& pbe_algo) { +#if defined(BOTAN_HAS_PKCS5_PBES2) const auto pbe_params = choose_pbe_params(pbe_algo, key.algo_name()); const std::pair<AlgorithmIdentifier, std::vector<uint8_t>> pbe_info = @@ -185,6 +198,10 @@ std::vector<uint8_t> BER_encode(const Private_Key& key, .encode(pbe_info.second, OCTET_STRING) .end_cons() .get_contents_unlocked(); +#else + BOTAN_UNUSED(key, rng, pass, msec, pbe_algo); + throw Encoding_Error("PKCS8::BER_encode cannot encrypt because PBES2 was disabled in build"); +#endif } /* @@ -213,6 +230,7 @@ std::vector<uint8_t> BER_encode_encrypted_pbkdf_iter(const Private_Key& key, const std::string& cipher, const std::string& pbkdf_hash) { +#if defined(BOTAN_HAS_PKCS5_PBES2) const std::pair<AlgorithmIdentifier, std::vector<uint8_t>> pbe_info = pbes2_encrypt_iter(key.private_key_info(), pass, pbkdf_iterations, @@ -226,6 +244,10 @@ std::vector<uint8_t> BER_encode_encrypted_pbkdf_iter(const Private_Key& key, .encode(pbe_info.second, OCTET_STRING) .end_cons() .get_contents_unlocked(); +#else + BOTAN_UNUSED(key, rng, pass, pbkdf_iterations, cipher, pbkdf_hash); + throw Encoding_Error("PKCS8::BER_encode_encrypted_pbkdf_iter cannot encrypt because PBES2 disabled in build"); +#endif } /* @@ -254,6 +276,7 @@ std::vector<uint8_t> BER_encode_encrypted_pbkdf_msec(const Private_Key& key, const std::string& cipher, const std::string& pbkdf_hash) { +#if defined(BOTAN_HAS_PKCS5_PBES2) const std::pair<AlgorithmIdentifier, std::vector<uint8_t>> pbe_info = pbes2_encrypt_msec(key.private_key_info(), pass, pbkdf_msec, pbkdf_iterations, @@ -267,6 +290,10 @@ std::vector<uint8_t> BER_encode_encrypted_pbkdf_msec(const Private_Key& key, .encode(pbe_info.second, OCTET_STRING) .end_cons() .get_contents_unlocked(); +#else + BOTAN_UNUSED(key, rng, pass, pbkdf_msec, pbkdf_iterations, cipher, pbkdf_hash); + throw Encoding_Error("BER_encode_encrypted_pbkdf_msec cannot encrypt because PBES2 disabled in build"); +#endif } /* |