From 840fc0e4dfcb9578b9b1bfd3da0b8fd8a1fa8534 Mon Sep 17 00:00:00 2001 From: lloyd Date: Wed, 19 Nov 2014 12:45:07 +0000 Subject: Cleanup PBES2 and add GCM support --- src/lib/pubkey/info.txt | 2 +- src/lib/pubkey/pkcs8.cpp | 36 +++++++++++++++++++++--------------- 2 files changed, 22 insertions(+), 16 deletions(-) (limited to 'src/lib/pubkey') diff --git a/src/lib/pubkey/info.txt b/src/lib/pubkey/info.txt index 27a332b5c..760f9c5cc 100644 --- a/src/lib/pubkey/info.txt +++ b/src/lib/pubkey/info.txt @@ -33,7 +33,7 @@ filters kdf libstate oid_lookup -pbe +pbes2 pem pk_pad rng diff --git a/src/lib/pubkey/pkcs8.cpp b/src/lib/pubkey/pkcs8.cpp index 7d4c9d802..24a5bb21f 100644 --- a/src/lib/pubkey/pkcs8.cpp +++ b/src/lib/pubkey/pkcs8.cpp @@ -6,12 +6,14 @@ */ #include -#include #include #include #include #include #include +#include +#include +#include #include namespace Botan { @@ -94,10 +96,11 @@ secure_vector PKCS8_decode( if(pass.first == false) break; - Pipe decryptor(get_pbe(pbe_alg_id.oid, pbe_alg_id.parameters, pass.second)); + if(OIDS::lookup(pbe_alg_id.oid) != "PBE-PKCS5v20") + throw std::runtime_error("Unknown PBE type " + pbe_alg_id.oid.as_string()); - decryptor.process_msg(key_data); - key = decryptor.read_all(); + key = pbes2_decrypt(key_data, pass.second, pbe_alg_id.parameters, + global_state().algorithm_factory()); } BER_Decoder(key) @@ -156,23 +159,26 @@ std::vector BER_encode(const Private_Key& key, std::chrono::milliseconds msec, const std::string& pbe_algo) { - const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,AES-256/CBC)"; + const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-256,AES-256/CBC)"; - std::unique_ptr pbe( - get_pbe(((pbe_algo != "") ? pbe_algo : DEFAULT_PBE), - pass, - msec, - rng)); + SCAN_Name request(pbe_algo.empty() ? DEFAULT_PBE : pbe_algo); - AlgorithmIdentifier pbe_algid(pbe->get_oid(), pbe->encode_params()); + const std::string pbe = request.algo_name(); - Pipe key_encrytor(pbe.release()); - key_encrytor.process_msg(PKCS8::BER_encode(key)); + if(pbe != "PBE-PKCS5v20") + throw std::runtime_error("Unsupported PBE " + pbe); + + const std::string digest = request.arg(0); + const std::string cipher = request.arg(1); + + const std::pair> pbe_info = + pbes2_encrypt(PKCS8::BER_encode(key), pass, msec, cipher, digest, rng, + global_state().algorithm_factory()); return DER_Encoder() .start_cons(SEQUENCE) - .encode(pbe_algid) - .encode(key_encrytor.read_all(), OCTET_STRING) + .encode(pbe_info.first) + .encode(pbe_info.second, OCTET_STRING) .end_cons() .get_contents_unlocked(); } -- cgit v1.2.3