aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2017-09-28 17:16:55 -0400
committerJack Lloyd <[email protected]>2017-09-28 17:16:55 -0400
commitc1edbe9c436dfffa9d7def0f99497e9c7e19c210 (patch)
tree6212e65913fdb4135878c9142cb805022a5c7107 /src
parentfd252eb6dee1d5d4fff0ec99f398b9bcaded50cf (diff)
Add variants of PKCS8::load_key that don't require an RNG argument
It's not used and only there for compat with existing callers, but no reason we can't offer a version that doesn't require it.
Diffstat (limited to 'src')
-rw-r--r--src/lib/pubkey/pkcs8.cpp79
-rw-r--r--src/lib/pubkey/pkcs8.h65
2 files changed, 112 insertions, 32 deletions
diff --git a/src/lib/pubkey/pkcs8.cpp b/src/lib/pubkey/pkcs8.cpp
index 010516973..d719ca8f8 100644
--- a/src/lib/pubkey/pkcs8.cpp
+++ b/src/lib/pubkey/pkcs8.cpp
@@ -289,10 +289,10 @@ namespace {
/*
* Extract a private key (encrypted/unencrypted) and return it
*/
-Private_Key* load_key(DataSource& source,
- RandomNumberGenerator& /*rng*/,
- std::function<std::string ()> get_pass,
- bool is_encrypted)
+std::unique_ptr<Private_Key>
+load_key(DataSource& source,
+ std::function<std::string ()> get_pass,
+ bool is_encrypted)
{
AlgorithmIdentifier alg_id;
secure_vector<uint8_t> pkcs8_key = PKCS8_decode(source, get_pass, alg_id, is_encrypted);
@@ -302,7 +302,7 @@ Private_Key* load_key(DataSource& source,
throw PKCS8_Exception("Unknown algorithm OID: " +
alg_id.oid.as_string());
- return load_private_key(alg_id, pkcs8_key).release();
+ return std::unique_ptr<Private_Key>(load_private_key(alg_id, pkcs8_key));
}
}
@@ -310,11 +310,51 @@ Private_Key* load_key(DataSource& source,
/*
* Extract an encrypted private key and return it
*/
+std::unique_ptr<Private_Key> load_key(DataSource& source,
+ std::function<std::string ()> get_pass)
+ {
+ return load_key(source, get_pass, true);
+ }
+
+/*
+* Extract an encrypted private key and return it
+*/
+std::unique_ptr<Private_Key> load_key(DataSource& source,
+ const std::string& pass)
+ {
+ return load_key(source, [pass]() { return pass; }, true);
+ }
+
+/*
+* Extract an unencrypted private key and return it
+*/
+std::unique_ptr<Private_Key> load_key(DataSource& source)
+ {
+ auto fail_fn = []() -> std::string {
+ throw PKCS8_Exception("Internal error: Attempt to read password for unencrypted key");
+ };
+
+ return load_key(source, fail_fn, false);
+ }
+
+/*
+* Make a copy of this private key
+*/
+std::unique_ptr<Private_Key> copy_key(const Private_Key& key)
+ {
+ DataSource_Memory source(PEM_encode(key));
+ return PKCS8::load_key(source);
+ }
+
+/*
+* Extract an encrypted private key and return it
+*/
Private_Key* load_key(DataSource& source,
RandomNumberGenerator& rng,
std::function<std::string ()> get_pass)
{
- return load_key(source, rng, get_pass, true);
+ BOTAN_UNUSED(rng);
+ return PKCS8::load_key(source, get_pass).release();
}
/*
@@ -324,7 +364,8 @@ Private_Key* load_key(DataSource& source,
RandomNumberGenerator& rng,
const std::string& pass)
{
- return load_key(source, rng, [pass]() { return pass; }, true);
+ BOTAN_UNUSED(rng);
+ return PKCS8::load_key(source, pass).release();
}
/*
@@ -333,8 +374,8 @@ Private_Key* load_key(DataSource& source,
Private_Key* load_key(DataSource& source,
RandomNumberGenerator& rng)
{
- return load_key(source, rng, []() -> std::string {
- throw PKCS8_Exception( "Internal error: Attempt to read password for unencrypted key" );}, false);
+ BOTAN_UNUSED(rng);
+ return PKCS8::load_key(source).release();
}
#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
@@ -346,8 +387,9 @@ Private_Key* load_key(const std::string& fsname,
RandomNumberGenerator& rng,
std::function<std::string ()> get_pass)
{
- DataSource_Stream source(fsname, true);
- return load_key(source, rng, get_pass, true);
+ BOTAN_UNUSED(rng);
+ DataSource_Stream in(fsname);
+ return PKCS8::load_key(in, get_pass).release();
}
/*
@@ -357,7 +399,8 @@ Private_Key* load_key(const std::string& fsname,
RandomNumberGenerator& rng,
const std::string& pass)
{
- return PKCS8::load_key(fsname, rng, [pass]() { return pass; });
+ DataSource_Stream in(fsname);
+ return PKCS8::load_key(in, [pass]() { return pass; }).release();
}
/*
@@ -366,9 +409,9 @@ Private_Key* load_key(const std::string& fsname,
Private_Key* load_key(const std::string& fsname,
RandomNumberGenerator& rng)
{
- DataSource_Stream source(fsname, true);
- return load_key(source, rng, []() -> std::string {
- throw PKCS8_Exception( "Internal error: Attempt to read password for unencrypted key" );}, false);
+ BOTAN_UNUSED(rng);
+ DataSource_Stream in(fsname);
+ return PKCS8::load_key(in).release();
}
#endif
@@ -378,10 +421,12 @@ Private_Key* load_key(const std::string& fsname,
Private_Key* copy_key(const Private_Key& key,
RandomNumberGenerator& rng)
{
- DataSource_Memory source(PEM_encode(key));
- return PKCS8::load_key(source, rng);
+ BOTAN_UNUSED(rng);
+ return PKCS8::copy_key(key).release();
}
+
+
}
}
diff --git a/src/lib/pubkey/pkcs8.h b/src/lib/pubkey/pkcs8.h
index b75a44180..65ca97a47 100644
--- a/src/lib/pubkey/pkcs8.h
+++ b/src/lib/pubkey/pkcs8.h
@@ -49,8 +49,8 @@ BOTAN_PUBLIC_API(2,0) std::string PEM_encode(const Private_Key& key);
* @param pass the password to use for encryption
* @param msec number of milliseconds to run the password derivation
* @param pbe_algo the name of the desired password-based encryption
- algorithm; if empty ("") a reasonable (portable/secure)
- default will be chosen.
+* algorithm; if empty ("") a reasonable (portable/secure)
+* default will be chosen.
* @return encrypted key in binary BER form
*/
BOTAN_PUBLIC_API(2,0) std::vector<uint8_t>
@@ -68,8 +68,8 @@ BER_encode(const Private_Key& key,
* @param pass the password to use for encryption
* @param msec number of milliseconds to run the password derivation
* @param pbe_algo the name of the desired password-based encryption
- algorithm; if empty ("") a reasonable (portable/secure)
- default will be chosen.
+* algorithm; if empty ("") a reasonable (portable/secure)
+* default will be chosen.
* @return encrypted key in PEM form
*/
BOTAN_PUBLIC_API(2,0) std::string
@@ -178,8 +178,8 @@ PEM_encode_encrypted_pbkdf_msec(const Private_Key& key,
* @return loaded private key object
*/
BOTAN_PUBLIC_API(2,0) Private_Key* load_key(DataSource& source,
- RandomNumberGenerator& rng,
- std::function<std::string ()> get_passphrase);
+ RandomNumberGenerator& rng,
+ std::function<std::string ()> get_passphrase);
/** Load an encrypted key from a data source.
* @param source the data source providing the encoded key
@@ -188,8 +188,8 @@ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(DataSource& source,
* @return loaded private key object
*/
BOTAN_PUBLIC_API(2,0) Private_Key* load_key(DataSource& source,
- RandomNumberGenerator& rng,
- const std::string& pass);
+ RandomNumberGenerator& rng,
+ const std::string& pass);
/** Load an unencrypted key from a data source.
* @param source the data source providing the encoded key
@@ -197,7 +197,7 @@ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(DataSource& source,
* @return loaded private key object
*/
BOTAN_PUBLIC_API(2,0) Private_Key* load_key(DataSource& source,
- RandomNumberGenerator& rng);
+ RandomNumberGenerator& rng);
#if defined(BOTAN_TARGET_OS_HAS_FILESYSTEM)
/**
@@ -208,8 +208,8 @@ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(DataSource& source,
* @return loaded private key object
*/
BOTAN_PUBLIC_API(2,0) Private_Key* load_key(const std::string& filename,
- RandomNumberGenerator& rng,
- std::function<std::string ()> get_passphrase);
+ RandomNumberGenerator& rng,
+ std::function<std::string ()> get_passphrase);
/** Load an encrypted key from a file.
* @param filename the path to the file containing the encoded key
@@ -218,8 +218,8 @@ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(const std::string& filename,
* @return loaded private key object
*/
BOTAN_PUBLIC_API(2,0) Private_Key* load_key(const std::string& filename,
- RandomNumberGenerator& rng,
- const std::string& pass);
+ RandomNumberGenerator& rng,
+ const std::string& pass);
/** Load an unencrypted key from a file.
* @param filename the path to the file containing the encoded key
@@ -227,7 +227,7 @@ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(const std::string& filename,
* @return loaded private key object
*/
BOTAN_PUBLIC_API(2,0) Private_Key* load_key(const std::string& filename,
- RandomNumberGenerator& rng);
+ RandomNumberGenerator& rng);
#endif
/**
@@ -237,7 +237,42 @@ BOTAN_PUBLIC_API(2,0) Private_Key* load_key(const std::string& filename,
* @return new copy of the key
*/
BOTAN_PUBLIC_API(2,0) Private_Key* copy_key(const Private_Key& key,
- RandomNumberGenerator& rng);
+ RandomNumberGenerator& rng);
+
+
+/**
+* Load an encrypted key from a data source.
+* @param source the data source providing the encoded key
+* @param get_passphrase a function that returns passphrases
+* @return loaded private key object
+*/
+BOTAN_PUBLIC_API(2,3)
+std::unique_ptr<Private_Key> load_key(DataSource& source,
+ std::function<std::string ()> get_passphrase);
+
+/** Load an encrypted key from a data source.
+* @param source the data source providing the encoded key
+* @param pass the passphrase to decrypt the key
+* @return loaded private key object
+*/
+BOTAN_PUBLIC_API(2,3)
+std::unique_ptr<Private_Key> load_key(DataSource& source,
+ const std::string& pass);
+
+/** Load an unencrypted key from a data source.
+* @param source the data source providing the encoded key
+* @return loaded private key object
+*/
+BOTAN_PUBLIC_API(2,3)
+std::unique_ptr<Private_Key> load_key(DataSource& source);
+
+/**
+* Copy an existing encoded key object.
+* @param key the key to copy
+* @return new copy of the key
+*/
+BOTAN_PUBLIC_API(2,3)
+std::unique_ptr<Private_Key> copy_key(const Private_Key& key);
}