diff options
29 files changed, 58 insertions, 43 deletions
@@ -8,6 +8,10 @@ Version 1.11.35, Not Yet Released X.509 SubjectPublicKey, to public_key_bits. Add a new non-virtual function Public_Key::subject_public_key which does exactly that. (GH #685) +* Rename Private_Key::pkcs8_private_key, which does not return a + PKCS#8 private key, to private_key_bits. Add a new non-virtual function + Private_Key::private_key_info which does exactly that. (GH #685) + Version 1.11.34, 2016-11-28 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/src/lib/prov/openssl/openssl_rsa.cpp b/src/lib/prov/openssl/openssl_rsa.cpp index 21822a627..aef9c95d8 100644 --- a/src/lib/prov/openssl/openssl_rsa.cpp +++ b/src/lib/prov/openssl/openssl_rsa.cpp @@ -99,7 +99,7 @@ class OpenSSL_RSA_Decryption_Operation : public PK_Ops::Decryption OpenSSL_RSA_Decryption_Operation(const RSA_PrivateKey& rsa, int pad) : m_openssl_rsa(nullptr, ::RSA_free), m_padding(pad) { - const secure_vector<byte> der = rsa.pkcs8_private_key(); + const secure_vector<byte> der = rsa.private_key_bits(); const byte* der_ptr = der.data(); m_openssl_rsa.reset(d2i_RSAPrivateKey(nullptr, &der_ptr, der.size())); if(!m_openssl_rsa) @@ -183,7 +183,7 @@ class OpenSSL_RSA_Signing_Operation : public PK_Ops::Signature_with_EMSA PK_Ops::Signature_with_EMSA(emsa), m_openssl_rsa(nullptr, ::RSA_free) { - const secure_vector<byte> der = rsa.pkcs8_private_key(); + const secure_vector<byte> der = rsa.private_key_bits(); const byte* der_ptr = der.data(); m_openssl_rsa.reset(d2i_RSAPrivateKey(nullptr, &der_ptr, der.size())); if(!m_openssl_rsa) diff --git a/src/lib/prov/pkcs11/p11_ecdh.cpp b/src/lib/prov/pkcs11/p11_ecdh.cpp index f2604185d..50aa964d5 100644 --- a/src/lib/prov/pkcs11/p11_ecdh.cpp +++ b/src/lib/prov/pkcs11/p11_ecdh.cpp @@ -33,9 +33,9 @@ ECDH_PrivateKey PKCS11_ECDH_PrivateKey::export_key() const return ECDH_PrivateKey(rng, domain(), BigInt::decode(priv_key)); } -secure_vector<byte> PKCS11_ECDH_PrivateKey::pkcs8_private_key() const +secure_vector<byte> PKCS11_ECDH_PrivateKey::private_key_bits() const { - return export_key().pkcs8_private_key(); + return export_key().private_key_bits(); } namespace { diff --git a/src/lib/prov/pkcs11/p11_ecdh.h b/src/lib/prov/pkcs11/p11_ecdh.h index ef9ccb250..7fc21ad46 100644 --- a/src/lib/prov/pkcs11/p11_ecdh.h +++ b/src/lib/prov/pkcs11/p11_ecdh.h @@ -101,7 +101,7 @@ class BOTAN_DLL PKCS11_ECDH_PrivateKey final : public virtual PKCS11_EC_PrivateK /// @return the exported ECDH private key ECDH_PrivateKey export_key() const; - secure_vector<byte> pkcs8_private_key() const override; + secure_vector<byte> private_key_bits() const override; std::unique_ptr<PK_Ops::Key_Agreement> create_key_agreement_op(RandomNumberGenerator& rng, diff --git a/src/lib/prov/pkcs11/p11_ecdsa.cpp b/src/lib/prov/pkcs11/p11_ecdsa.cpp index 852366d25..cbdd4d007 100644 --- a/src/lib/prov/pkcs11/p11_ecdsa.cpp +++ b/src/lib/prov/pkcs11/p11_ecdsa.cpp @@ -47,9 +47,9 @@ ECDSA_PrivateKey PKCS11_ECDSA_PrivateKey::export_key() const return ECDSA_PrivateKey(rng, domain(), BigInt::decode(priv_key)); } -secure_vector<byte> PKCS11_ECDSA_PrivateKey::pkcs8_private_key() const +secure_vector<byte> PKCS11_ECDSA_PrivateKey::private_key_bits() const { - return export_key().pkcs8_private_key(); + return export_key().private_key_bits(); } namespace { diff --git a/src/lib/prov/pkcs11/p11_ecdsa.h b/src/lib/prov/pkcs11/p11_ecdsa.h index a4c3df3ea..73ee900db 100644 --- a/src/lib/prov/pkcs11/p11_ecdsa.h +++ b/src/lib/prov/pkcs11/p11_ecdsa.h @@ -98,7 +98,7 @@ class BOTAN_DLL PKCS11_ECDSA_PrivateKey final : public PKCS11_EC_PrivateKey /// @return the exported ECDSA private key ECDSA_PrivateKey export_key() const; - secure_vector<byte> pkcs8_private_key() const override; + secure_vector<byte> private_key_bits() const override; bool check_key(RandomNumberGenerator&, bool) const override; diff --git a/src/lib/prov/pkcs11/p11_rsa.cpp b/src/lib/prov/pkcs11/p11_rsa.cpp index ea0fc874b..1edbde83b 100644 --- a/src/lib/prov/pkcs11/p11_rsa.cpp +++ b/src/lib/prov/pkcs11/p11_rsa.cpp @@ -101,9 +101,9 @@ RSA_PrivateKey PKCS11_RSA_PrivateKey::export_key() const , BigInt::decode(n)); } -secure_vector<byte> PKCS11_RSA_PrivateKey::pkcs8_private_key() const +secure_vector<byte> PKCS11_RSA_PrivateKey::private_key_bits() const { - return export_key().pkcs8_private_key(); + return export_key().private_key_bits(); } diff --git a/src/lib/prov/pkcs11/p11_rsa.h b/src/lib/prov/pkcs11/p11_rsa.h index 6d80e45a7..13b9d9dc1 100644 --- a/src/lib/prov/pkcs11/p11_rsa.h +++ b/src/lib/prov/pkcs11/p11_rsa.h @@ -200,7 +200,7 @@ class BOTAN_DLL PKCS11_RSA_PrivateKey final : public Private_Key, /// @return the exported RSA private key RSA_PrivateKey export_key() const; - secure_vector<byte> pkcs8_private_key() const override; + secure_vector<byte> private_key_bits() const override; std::unique_ptr<PK_Ops::Decryption> create_decryption_op(RandomNumberGenerator& rng, diff --git a/src/lib/prov/tpm/tpm.cpp b/src/lib/prov/tpm/tpm.cpp index b3a846d4e..936bb869d 100644 --- a/src/lib/prov/tpm/tpm.cpp +++ b/src/lib/prov/tpm/tpm.cpp @@ -359,7 +359,7 @@ std::vector<byte> TPM_PrivateKey::public_key_bits() const .get_contents_unlocked(); } -secure_vector<byte> TPM_PrivateKey::pkcs8_private_key() const +secure_vector<byte> TPM_PrivateKey::private_key_bits() const { throw TPM_Error("PKCS #8 export not supported for TPM keys"); } diff --git a/src/lib/prov/tpm/tpm.h b/src/lib/prov/tpm/tpm.h index f776f09e7..de0fa364f 100644 --- a/src/lib/prov/tpm/tpm.h +++ b/src/lib/prov/tpm/tpm.h @@ -156,7 +156,7 @@ class BOTAN_DLL TPM_PrivateKey : public Private_Key std::vector<byte> public_key_bits() const override; - secure_vector<byte> pkcs8_private_key() const override; + secure_vector<byte> private_key_bits() const override; bool check_key(RandomNumberGenerator& rng, bool) const override; diff --git a/src/lib/pubkey/curve25519/curve25519.cpp b/src/lib/pubkey/curve25519/curve25519.cpp index 8c2628934..bad961b40 100644 --- a/src/lib/pubkey/curve25519/curve25519.cpp +++ b/src/lib/pubkey/curve25519/curve25519.cpp @@ -88,7 +88,7 @@ Curve25519_PrivateKey::Curve25519_PrivateKey(const AlgorithmIdentifier&, size_check(m_private.size(), "private key"); } -secure_vector<byte> Curve25519_PrivateKey::pkcs8_private_key() const +secure_vector<byte> Curve25519_PrivateKey::private_key_bits() const { return DER_Encoder() .start_cons(SEQUENCE) diff --git a/src/lib/pubkey/curve25519/curve25519.h b/src/lib/pubkey/curve25519/curve25519.h index f48bb117d..41f32c931 100644 --- a/src/lib/pubkey/curve25519/curve25519.h +++ b/src/lib/pubkey/curve25519/curve25519.h @@ -86,7 +86,7 @@ class BOTAN_DLL Curve25519_PrivateKey : public Curve25519_PublicKey, const secure_vector<byte>& get_x() const { return m_private; } - secure_vector<byte> pkcs8_private_key() const override; + secure_vector<byte> private_key_bits() const override; bool check_key(RandomNumberGenerator& rng, bool strong) const override; diff --git a/src/lib/pubkey/dl_algo/dl_algo.cpp b/src/lib/pubkey/dl_algo/dl_algo.cpp index 8457a61ac..baa8a66f4 100644 --- a/src/lib/pubkey/dl_algo/dl_algo.cpp +++ b/src/lib/pubkey/dl_algo/dl_algo.cpp @@ -43,7 +43,7 @@ DL_Scheme_PublicKey::DL_Scheme_PublicKey(const AlgorithmIdentifier& alg_id, BER_Decoder(key_bits).decode(m_y); } -secure_vector<byte> DL_Scheme_PrivateKey::pkcs8_private_key() const +secure_vector<byte> DL_Scheme_PrivateKey::private_key_bits() const { return DER_Encoder().encode(m_x).get_contents(); } diff --git a/src/lib/pubkey/dl_algo/dl_algo.h b/src/lib/pubkey/dl_algo/dl_algo.h index c24c921a8..46f86a1bb 100644 --- a/src/lib/pubkey/dl_algo/dl_algo.h +++ b/src/lib/pubkey/dl_algo/dl_algo.h @@ -102,7 +102,7 @@ class BOTAN_DLL DL_Scheme_PrivateKey : public virtual DL_Scheme_PublicKey, */ const BigInt& get_x() const { return m_x; } - secure_vector<byte> pkcs8_private_key() const override; + secure_vector<byte> private_key_bits() const override; /** * Create a private key. diff --git a/src/lib/pubkey/ecc_key/ecc_key.cpp b/src/lib/pubkey/ecc_key/ecc_key.cpp index 95427c487..195da0a63 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.cpp +++ b/src/lib/pubkey/ecc_key/ecc_key.cpp @@ -110,7 +110,7 @@ EC_PrivateKey::EC_PrivateKey(RandomNumberGenerator& rng, "Generated public key point was on the curve"); } -secure_vector<byte> EC_PrivateKey::pkcs8_private_key() const +secure_vector<byte> EC_PrivateKey::private_key_bits() const { return DER_Encoder() .start_cons(SEQUENCE) diff --git a/src/lib/pubkey/ecc_key/ecc_key.h b/src/lib/pubkey/ecc_key/ecc_key.h index e6e5a3029..c2d1b057c 100644 --- a/src/lib/pubkey/ecc_key/ecc_key.h +++ b/src/lib/pubkey/ecc_key/ecc_key.h @@ -132,7 +132,7 @@ class BOTAN_DLL EC_PrivateKey : public virtual EC_PublicKey, const secure_vector<byte>& key_bits, bool with_modular_inverse=false); - secure_vector<byte> pkcs8_private_key() const override; + secure_vector<byte> private_key_bits() const override; /** * Get the private key value of this key object. diff --git a/src/lib/pubkey/mce/mceliece.h b/src/lib/pubkey/mce/mceliece.h index 884f40083..0731e0c68 100644 --- a/src/lib/pubkey/mce/mceliece.h +++ b/src/lib/pubkey/mce/mceliece.h @@ -104,7 +104,7 @@ class BOTAN_DLL McEliece_PrivateKey : public virtual McEliece_PublicKey, inline u32bit get_codimension() const { return m_codimension; } - secure_vector<byte> pkcs8_private_key() const override; + secure_vector<byte> private_key_bits() const override; bool operator==(const McEliece_PrivateKey & other) const; diff --git a/src/lib/pubkey/mce/mceliece_key.cpp b/src/lib/pubkey/mce/mceliece_key.cpp index 502665820..409688153 100644 --- a/src/lib/pubkey/mce/mceliece_key.cpp +++ b/src/lib/pubkey/mce/mceliece_key.cpp @@ -115,7 +115,7 @@ McEliece_PublicKey::McEliece_PublicKey(const std::vector<byte>& key_bits) m_code_length = n; } -secure_vector<byte> McEliece_PrivateKey::pkcs8_private_key() const +secure_vector<byte> McEliece_PrivateKey::private_key_bits() const { DER_Encoder enc; enc.start_cons(SEQUENCE) diff --git a/src/lib/pubkey/pk_keys.cpp b/src/lib/pubkey/pk_keys.cpp index d21ff484a..06833958d 100644 --- a/src/lib/pubkey/pk_keys.cpp +++ b/src/lib/pubkey/pk_keys.cpp @@ -38,12 +38,25 @@ OID Public_Key::get_oid() const } } +secure_vector<byte> Private_Key::private_key_info() const + { + const size_t PKCS8_VERSION = 0; + + return DER_Encoder() + .start_cons(SEQUENCE) + .encode(PKCS8_VERSION) + .encode(pkcs8_algorithm_identifier()) + .encode(private_key_bits(), OCTET_STRING) + .end_cons() + .get_contents(); + } + /* * Hash of the PKCS #8 encoding for this key object */ std::string Private_Key::fingerprint(const std::string& alg) const { - secure_vector<byte> buf = pkcs8_private_key(); + secure_vector<byte> buf = private_key_bits(); std::unique_ptr<HashFunction> hash(HashFunction::create(alg)); hash->update(buf); const auto hex_print = hex_encode(hash->final()); diff --git a/src/lib/pubkey/pk_keys.h b/src/lib/pubkey/pk_keys.h index 6a5f4fc64..f8242f429 100644 --- a/src/lib/pubkey/pk_keys.h +++ b/src/lib/pubkey/pk_keys.h @@ -164,9 +164,14 @@ class BOTAN_DLL Private_Key : public virtual Public_Key { public: /** + * @return BER encoded private key bits + */ + virtual secure_vector<byte> private_key_bits() const = 0; + + /** * @return PKCS #8 private key encoding for this key object */ - virtual secure_vector<byte> pkcs8_private_key() const = 0; + secure_vector<byte> private_key_info() const; /** * @return PKCS #8 AlgorithmIdentifier for this key diff --git a/src/lib/pubkey/pkcs8.cpp b/src/lib/pubkey/pkcs8.cpp index f74eb4387..7857e3ee0 100644 --- a/src/lib/pubkey/pkcs8.cpp +++ b/src/lib/pubkey/pkcs8.cpp @@ -129,15 +129,8 @@ secure_vector<byte> PKCS8_decode( */ secure_vector<byte> BER_encode(const Private_Key& key) { - const size_t PKCS8_VERSION = 0; - - return DER_Encoder() - .start_cons(SEQUENCE) - .encode(PKCS8_VERSION) - .encode(key.pkcs8_algorithm_identifier()) - .encode(key.pkcs8_private_key(), OCTET_STRING) - .end_cons() - .get_contents(); + // keeping around for compat + return key.private_key_info(); } /* diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index 039627806..59f3ed142 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -72,7 +72,7 @@ bool RSA_PublicKey::check_key(RandomNumberGenerator&, bool) const return true; } -secure_vector<byte> RSA_PrivateKey::pkcs8_private_key() const +secure_vector<byte> RSA_PrivateKey::private_key_bits() const { return DER_Encoder() .start_cons(SEQUENCE) diff --git a/src/lib/pubkey/rsa/rsa.h b/src/lib/pubkey/rsa/rsa.h index 83b43a9ad..0a779b56a 100644 --- a/src/lib/pubkey/rsa/rsa.h +++ b/src/lib/pubkey/rsa/rsa.h @@ -138,7 +138,7 @@ class BOTAN_DLL RSA_PrivateKey : public Private_Key, public RSA_PublicKey const BigInt& get_d1() const { return m_d1; } const BigInt& get_d2() const { return m_d2; } - secure_vector<byte> pkcs8_private_key() const override; + secure_vector<byte> private_key_bits() const override; std::unique_ptr<PK_Ops::Decryption> create_decryption_op(RandomNumberGenerator& rng, diff --git a/src/lib/pubkey/xmss/xmss_privatekey.h b/src/lib/pubkey/xmss/xmss_privatekey.h index 2fa9bd655..79959c247 100644 --- a/src/lib/pubkey/xmss/xmss_privatekey.h +++ b/src/lib/pubkey/xmss/xmss_privatekey.h @@ -203,7 +203,7 @@ class BOTAN_DLL XMSS_PrivateKey : public virtual XMSS_PublicKey, const std::string&, const std::string& provider) const override; - virtual secure_vector<byte> pkcs8_private_key() const override + virtual secure_vector<byte> private_key_bits() const override { return raw_private_key(); } diff --git a/src/lib/pubkey/xmss/xmss_wots_addressed_privatekey.h b/src/lib/pubkey/xmss/xmss_wots_addressed_privatekey.h index e82cd1638..deb5d7f87 100644 --- a/src/lib/pubkey/xmss/xmss_wots_addressed_privatekey.h +++ b/src/lib/pubkey/xmss/xmss_wots_addressed_privatekey.h @@ -54,9 +54,9 @@ class XMSS_WOTS_Addressed_PrivateKey return m_priv_key.pkcs8_algorithm_identifier(); } - virtual secure_vector<byte> pkcs8_private_key() const override + virtual secure_vector<byte> private_key_bits() const override { - return m_priv_key.pkcs8_private_key(); + return m_priv_key.private_key_bits(); } private: diff --git a/src/lib/pubkey/xmss/xmss_wots_privatekey.h b/src/lib/pubkey/xmss/xmss_wots_privatekey.h index 158bad1bb..cf84fd076 100644 --- a/src/lib/pubkey/xmss/xmss_wots_privatekey.h +++ b/src/lib/pubkey/xmss/xmss_wots_privatekey.h @@ -226,7 +226,7 @@ class BOTAN_DLL XMSS_WOTS_PrivateKey : public virtual XMSS_WOTS_PublicKey, const std::string&, const std::string& provider) const override; - virtual secure_vector<byte> pkcs8_private_key() const override + virtual secure_vector<byte> private_key_bits() const override { throw Not_Implemented("No PKCS8 key format defined for XMSS-WOTS."); } diff --git a/src/tests/test_certstor.cpp b/src/tests/test_certstor.cpp index 13f8891a7..693630e54 100644 --- a/src/tests/test_certstor.cpp +++ b/src/tests/test_certstor.cpp @@ -54,7 +54,7 @@ Test::Result test_certstor_insert_find_remove_test( if(priv) { - result.test_eq("Got wrong private key",key->pkcs8_private_key(),priv->pkcs8_private_key()); + result.test_eq("Got wrong private key",key->private_key_bits(),priv->private_key_bits()); auto rev_certs = store.find_certs_for_key(*priv); diff --git a/src/tests/test_mceliece.cpp b/src/tests/test_mceliece.cpp index 26a404c13..693d7d2c1 100644 --- a/src/tests/test_mceliece.cpp +++ b/src/tests/test_mceliece.cpp @@ -63,7 +63,7 @@ class McEliece_Keygen_Encrypt_Test : public Text_Based_Test Test::Result result("McEliece keygen"); result.test_eq("public key fingerprint", hash_bytes(mce_priv.public_key_bits()), fprint_pub); - result.test_eq("private key fingerprint", hash_bytes(mce_priv.pkcs8_private_key()), fprint_priv); + result.test_eq("private key fingerprint", hash_bytes(mce_priv.private_key_bits()), fprint_priv); rng.clear(); rng.initialize_with(encrypt_seed.data(), encrypt_seed.size()); @@ -120,7 +120,7 @@ class McEliece_Tests : public Test if(!hash) throw Test_Error("Hash " + hash_algo + " not available"); - hash->update(key.pkcs8_private_key()); + hash->update(key.private_key_bits()); return Botan::hex_encode(hash->final()); } @@ -154,7 +154,7 @@ class McEliece_Tests : public Test const Botan::McEliece_PublicKey& pk1 = sk1; const std::vector<byte> pk_enc = pk1.public_key_bits(); - const Botan::secure_vector<byte> sk_enc = sk1.pkcs8_private_key(); + const Botan::secure_vector<byte> sk_enc = sk1.private_key_bits(); Botan::McEliece_PublicKey pk(pk_enc); Botan::McEliece_PrivateKey sk(sk_enc); diff --git a/src/tests/test_pkcs11_high_level.cpp b/src/tests/test_pkcs11_high_level.cpp index 4e220d6e8..cf3fdac62 100644 --- a/src/tests/test_pkcs11_high_level.cpp +++ b/src/tests/test_pkcs11_high_level.cpp @@ -918,7 +918,7 @@ Test::Result test_ecdsa_privkey_export() ECDSA_PrivateKey exported = pk.export_key(); result.test_success("ECDSA private key export was successful"); result.confirm("Check exported key valid", exported.check_key(Test::rng(), true)); - result.test_eq("Check exported key contents", exported.pkcs8_private_key(), priv_key.pkcs8_private_key()); + result.test_eq("Check exported key contents", exported.private_key_bits(), priv_key.private_key_bits()); pk.destroy(); return result; |