diff options
| author | Jack Lloyd <[email protected]> | 2017-09-28 17:16:55 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2017-09-28 17:16:55 -0400 |
| commit | c1edbe9c436dfffa9d7def0f99497e9c7e19c210 (patch) | |
| tree | 6212e65913fdb4135878c9142cb805022a5c7107 | |
| parent | fd252eb6dee1d5d4fff0ec99f398b9bcaded50cf (diff) | |
Add variants of PKCS8::load_key that don't require an RNG argument
It's not used and only there for compat with existing callers,
but no reason we can't offer a version that doesn't require it.
| -rw-r--r-- | src/lib/pubkey/pkcs8.cpp | 79 | ||||
| -rw-r--r-- | src/lib/pubkey/pkcs8.h | 65 |
2 files changed, 112 insertions, 32 deletions
diff --git a/src/lib/pubkey/pkcs8.cpp b/src/lib/pubkey/pkcs8.cpp index 010516973..d719ca8f8 100644 --- a/src/lib/pubkey/pkcs8.cpp +++ b/src/lib/pubkey/pkcs8.cpp @@ -289,10 +289,10 @@ namespace { /* * Extract a private key (encrypted/unencrypted) and return it */ -Private_Key* load_key(DataSource& source, - RandomNumberGenerator& /*rng*/, - std::function<std::string ()> get_pass, - bool is_encrypted) +std::unique_ptr<Private_Key> +load_key(DataSource& source, + std::function<std::string ()> get_pass, + bool is_encrypted) { AlgorithmIdentifier alg_id; secure_vector<uint8_t> pkcs8_key = PKCS8_decode(source, get_pass, alg_id, is_encrypted); @@ -302,7 +302,7 @@ Private_Key* load_key(DataSource& source, throw PKCS8_Exception("Unknown algorithm OID: " + alg_id.oid.as_string()); - return load_private_key(alg_id, pkcs8_key).release(); + return std::unique_ptr<Private_Key>(load_private_key(alg_id, pkcs8_key)); } } @@ -310,11 +310,51 @@ Private_Key* load_key(DataSource& source, /* * Extract an encrypted private key and return it */ +std::unique_ptr<Private_Key> load_key(DataSource& source, + std::function<std::string ()> get_pass) + { + return load_key(source, get_pass, true); + } + +/* +* Extract an encrypted private key and return it +*/ +std::unique_ptr<Private_Key> load_key(DataSource& source, + const std::string& pass) + { + return load_key(source, [pass]() { return pass; }, true); + } + +/* +* Extract an unencrypted private key and return it +*/ +std::unique_ptr<Private_Key> load_key(DataSource& source) + { + auto fail_fn = []() -> std::string { + throw PKCS8_Exception("Internal error: Attempt to read password for unencrypted key"); + }; + + return load_key(source, fail_fn, false); + } + +/* +* Make a copy of this private key +*/ +std::unique_ptr<Private_Key> copy_key(const Private_Key& key) + { + DataSource_Memory source(PEM_encode(key)); + return PKCS8::load_key(source); + } + +/* +* Extract an encrypted private key and return it +*/ Private_Key* load_key(DataSource& source, RandomNumberGenerator& rng, std::function<std::string ()> get_pass) { - return load_key(source, rng, get_pass, true); + BOTAN_UNUSED(rng); + return PKCS8::load_key(source, get_pass).release(); } /* @@ -324,7 +364,8 @@ Private_Key* load_key(DataSource& source, RandomNumberGenerator& rng, const std::string& pass) { - return load_key(source, rng, [pass]() { return pass; }, true); + BOTAN_UNUSED(rng); + return PKCS8::load_key(source, pass).release(); } /* @@ -333,8 +374,8 @@ Private_Key* load_key(DataSource& source, Private_Key* load_key(DataSource& source, RandomNumberGenerator& rng) { - return load_key(source, rng, []() -> std::string { - throw PKCS8_Exception( "Internal error: Attempt to read password for unencrypted key" );}, false); + BOTAN_UNUSED(rng); + return PKCS8::load_key(source).release(); } #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) @@ -346,8 +387,9 @@ Private_Key* load_key(const std::string& fsname, RandomNumberGenerator& rng, std::function<std::string ()> get_pass) { - DataSource_Stream source(fsname, true); - return load_key(source, rng, get_pass, true); + BOTAN_UNUSED(rng); + DataSource_Stream in(fsname); + return PKCS8::load_key(in, get_pass).release(); } /* @@ -357,7 +399,8 @@ Private_Key* load_key(const std::string& fsname, RandomNumberGenerator& rng, const std::string& pass) { - return PKCS8::load_key(fsname, rng, [pass]() { return pass; }); + DataSource_Stream in(fsname); + return PKCS8::load_key(in, [pass]() { return pass; }).release(); } /* @@ -366,9 +409,9 @@ Private_Key* load_key(const std::string& fsname, Private_Key* load_key(const std::string& fsname, RandomNumberGenerator& rng) { - DataSource_Stream source(fsname, true); - return load_key(source, rng, []() -> std::string { - throw PKCS8_Exception( "Internal error: Attempt to read password for unencrypted key" );}, false); + BOTAN_UNUSED(rng); + DataSource_Stream in(fsname); + return PKCS8::load_key(in).release(); } #endif @@ -378,10 +421,12 @@ Private_Key* load_key(const std::string& fsname, Private_Key* copy_key(const Private_Key& key, RandomNumberGenerator& rng) { - DataSource_Memory source(PEM_encode(key)); - return PKCS8::load_key(source, rng); + BOTAN_UNUSED(rng); + return PKCS8::copy_key(key).release(); } + + } } diff --git a/src/lib/pubkey/pkcs8.h b/src/lib/pubkey/pkcs8.h index b75a44180..65ca97a47 100644 --- a/src/lib/pubkey/pkcs8.h +++ b/src/lib/pubkey/pkcs8.h @@ -49,8 +49,8 @@ BOTAN_PUBLIC_API(2,0) std::string PEM_encode(const Private_Key& key); * @param pass the password to use for encryption * @param msec number of milliseconds to run the password derivation * @param pbe_algo the name of the desired password-based encryption - algorithm; if empty ("") a reasonable (portable/secure) - default will be chosen. +* algorithm; if empty ("") a reasonable (portable/secure) +* default will be chosen. * @return encrypted key in binary BER form */ BOTAN_PUBLIC_API(2,0) std::vector<uint8_t> @@ -68,8 +68,8 @@ BER_encode(const Private_Key& key, * @param pass the password to use for encryption * @param msec number of milliseconds to run the password derivation * @param pbe_algo the name of the desired password-based encryption - algorithm; if empty ("") a reasonable (portable/secure) - default will be chosen. +* algorithm; if empty ("") a reasonable (portable/secure) +* default will be chosen. * @return encrypted key in PEM form */ BOTAN_PUBLIC_API(2,0) std::string @@ -178,8 +178,8 @@ PEM_encode_encrypted_pbkdf_msec(const Private_Key& key, * @return loaded private key object */ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(DataSource& source, - RandomNumberGenerator& rng, - std::function<std::string ()> get_passphrase); + RandomNumberGenerator& rng, + std::function<std::string ()> get_passphrase); /** Load an encrypted key from a data source. * @param source the data source providing the encoded key @@ -188,8 +188,8 @@ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(DataSource& source, * @return loaded private key object */ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(DataSource& source, - RandomNumberGenerator& rng, - const std::string& pass); + RandomNumberGenerator& rng, + const std::string& pass); /** Load an unencrypted key from a data source. * @param source the data source providing the encoded key @@ -197,7 +197,7 @@ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(DataSource& source, * @return loaded private key object */ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(DataSource& source, - RandomNumberGenerator& rng); + RandomNumberGenerator& rng); #if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM) /** @@ -208,8 +208,8 @@ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(DataSource& source, * @return loaded private key object */ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(const std::string& filename, - RandomNumberGenerator& rng, - std::function<std::string ()> get_passphrase); + RandomNumberGenerator& rng, + std::function<std::string ()> get_passphrase); /** Load an encrypted key from a file. * @param filename the path to the file containing the encoded key @@ -218,8 +218,8 @@ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(const std::string& filename, * @return loaded private key object */ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(const std::string& filename, - RandomNumberGenerator& rng, - const std::string& pass); + RandomNumberGenerator& rng, + const std::string& pass); /** Load an unencrypted key from a file. * @param filename the path to the file containing the encoded key @@ -227,7 +227,7 @@ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(const std::string& filename, * @return loaded private key object */ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(const std::string& filename, - RandomNumberGenerator& rng); + RandomNumberGenerator& rng); #endif /** @@ -237,7 +237,42 @@ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(const std::string& filename, * @return new copy of the key */ BOTAN_PUBLIC_API(2,0) Private_Key* copy_key(const Private_Key& key, - RandomNumberGenerator& rng); + RandomNumberGenerator& rng); + + +/** +* Load an encrypted key from a data source. +* @param source the data source providing the encoded key +* @param get_passphrase a function that returns passphrases +* @return loaded private key object +*/ +BOTAN_PUBLIC_API(2,3) +std::unique_ptr<Private_Key> load_key(DataSource& source, + std::function<std::string ()> get_passphrase); + +/** Load an encrypted key from a data source. +* @param source the data source providing the encoded key +* @param pass the passphrase to decrypt the key +* @return loaded private key object +*/ +BOTAN_PUBLIC_API(2,3) +std::unique_ptr<Private_Key> load_key(DataSource& source, + const std::string& pass); + +/** Load an unencrypted key from a data source. +* @param source the data source providing the encoded key +* @return loaded private key object +*/ +BOTAN_PUBLIC_API(2,3) +std::unique_ptr<Private_Key> load_key(DataSource& source); + +/** +* Copy an existing encoded key object. +* @param key the key to copy +* @return new copy of the key +*/ +BOTAN_PUBLIC_API(2,3) +std::unique_ptr<Private_Key> copy_key(const Private_Key& key); } |