diff options
-rw-r--r-- | src/pubkey/pk_keys.cpp | 13 | ||||
-rw-r--r-- | src/pubkey/pk_keys.h | 2 | ||||
-rw-r--r-- | src/pubkey/pkcs8.cpp | 63 | ||||
-rw-r--r-- | src/pubkey/pkcs8.h | 89 | ||||
-rw-r--r-- | src/pubkey/x509_key.cpp | 28 | ||||
-rw-r--r-- | src/pubkey/x509_key.h | 35 |
6 files changed, 122 insertions, 108 deletions
diff --git a/src/pubkey/pk_keys.cpp b/src/pubkey/pk_keys.cpp index c7ca9673e..c19c676ab 100644 --- a/src/pubkey/pk_keys.cpp +++ b/src/pubkey/pk_keys.cpp @@ -25,19 +25,6 @@ OID Public_Key::get_oid() const } } -SecureVector<byte> Private_Key::PKCS8_BER_encode() const - { - const u32bit PKCS8_VERSION = 0; - - return DER_Encoder() - .start_cons(SEQUENCE) - .encode(PKCS8_VERSION) - .encode(this->pkcs8_algorithm_identifier()) - .encode(this->pkcs8_private_key(), OCTET_STRING) - .end_cons() - .get_contents(); - } - /* * Run checks on a loaded public key */ diff --git a/src/pubkey/pk_keys.h b/src/pubkey/pk_keys.h index fab8e99ae..da73db0ee 100644 --- a/src/pubkey/pk_keys.h +++ b/src/pubkey/pk_keys.h @@ -94,8 +94,6 @@ class BOTAN_DLL Private_Key : public virtual Public_Key virtual AlgorithmIdentifier pkcs8_algorithm_identifier() const { return algorithm_identifier(); } - SecureVector<byte> PKCS8_BER_encode() const; - protected: void load_check(RandomNumberGenerator&) const; void gen_check(RandomNumberGenerator&) const; diff --git a/src/pubkey/pkcs8.cpp b/src/pubkey/pkcs8.cpp index 243d3a6b3..3c767959f 100644 --- a/src/pubkey/pkcs8.cpp +++ b/src/pubkey/pkcs8.cpp @@ -129,26 +129,36 @@ SecureVector<byte> PKCS8_decode(DataSource& source, const User_Interface& ui, } /* -* DER or PEM encode a PKCS #8 private key +* BER encode a PKCS #8 private key, unencrypted */ -void encode(const Private_Key& key, Pipe& pipe, X509_Encoding encoding) +SecureVector<byte> BER_encode(const Private_Key& key) { - SecureVector<byte> contents = key.PKCS8_BER_encode(); + const u32bit PKCS8_VERSION = 0; - if(encoding == PEM) - pipe.write(PEM_Code::encode(contents, "PRIVATE KEY")); - else - pipe.write(contents); + return DER_Encoder() + .start_cons(SEQUENCE) + .encode(PKCS8_VERSION) + .encode(key.pkcs8_algorithm_identifier()) + .encode(key.pkcs8_private_key(), OCTET_STRING) + .end_cons() + .get_contents(); + } + +/* +* PEM encode a PKCS #8 private key, unencrypted +*/ +std::string PEM_encode(const Private_Key& key) + { + return PEM_Code::encode(PKCS8::BER_encode(key), "PRIVATE KEY"); } /* -* Encode and encrypt a PKCS #8 private key +* BER encode a PKCS #8 private key, encrypted */ -void encrypt_key(const Private_Key& key, - Pipe& pipe, - RandomNumberGenerator& rng, - const std::string& pass, const std::string& pbe_algo, - X509_Encoding encoding) +SecureVector<byte> BER_encode(const Private_Key& key, + RandomNumberGenerator& rng, + const std::string& pass, + const std::string& pbe_algo) { const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,AES-128/CBC)"; @@ -160,32 +170,18 @@ void encrypt_key(const Private_Key& key, AlgorithmIdentifier pbe_algid(pbe->get_oid(), pbe->encode_params()); Pipe key_encrytor(pbe.release()); - key_encrytor.process_msg(key.PKCS8_BER_encode()); + key_encrytor.process_msg(PKCS8::BER_encode(key)); - SecureVector<byte> enc_key = - DER_Encoder() + return DER_Encoder() .start_cons(SEQUENCE) .encode(pbe_algid) .encode(key_encrytor.read_all(), OCTET_STRING) .end_cons() .get_contents(); - - if(encoding == PEM) - pipe.write(PEM_Code::encode(enc_key, "ENCRYPTED PRIVATE KEY")); - else - pipe.write(enc_key); - } - -/* -* PEM encode a PKCS #8 private key -*/ -std::string PEM_encode(const Private_Key& key) - { - return PEM_Code::encode(key.PKCS8_BER_encode(), "PRIVATE KEY"); } /* -* Encrypt and PEM encode a PKCS #8 private key +* PEM encode a PKCS #8 private key, encrypted */ std::string PEM_encode(const Private_Key& key, RandomNumberGenerator& rng, @@ -195,11 +191,8 @@ std::string PEM_encode(const Private_Key& key, if(pass == "") return PEM_encode(key); - Pipe pem; - pem.start_msg(); - encrypt_key(key, pem, rng, pass, pbe_algo, PEM); - pem.end_msg(); - return pem.read_all_as_string(); + return PEM_Code::encode(PKCS8::BER_encode(key, rng, pass, pbe_algo), + "ENCRYPTED PRIVATE KEY"); } /* diff --git a/src/pubkey/pkcs8.h b/src/pubkey/pkcs8.h index 920f8c24a..24f28086b 100644 --- a/src/pubkey/pkcs8.h +++ b/src/pubkey/pkcs8.h @@ -25,31 +25,11 @@ struct BOTAN_DLL PKCS8_Exception : public Decoding_Error namespace PKCS8 { /** -* Encode a private key into a pipe. +* BER encode a private key * @param key the private key to encode -* @param pipe the pipe to feed the encoded key into -* @param enc the encoding type to use +* @return BER encoded key */ -BOTAN_DLL void encode(const Private_Key& key, Pipe& pipe, - X509_Encoding enc = PEM); - -/** -* Encode and encrypt a private key into a pipe. -* @param key the private key to encode -* @param pipe the pipe to feed the encoded key into -* @param pass the password to use for encryption -* @param rng the rng to use -* @param pbe_algo the name of the desired password-based encryption algorithm; - if empty ("") a reasonable (portable/secure) default will be chosen. -* @param enc the encoding type to use -*/ -BOTAN_DLL void encrypt_key(const Private_Key& key, - Pipe& pipe, - RandomNumberGenerator& rng, - const std::string& pass, - const std::string& pbe_algo = "", - X509_Encoding enc = PEM); - +BOTAN_DLL SecureVector<byte> BER_encode(const Private_Key& key); /** * Get a string containing a PEM encoded private key. @@ -59,19 +39,78 @@ BOTAN_DLL void encrypt_key(const Private_Key& key, BOTAN_DLL std::string PEM_encode(const Private_Key& key); /** +* Encrypt a key using PKCS #8 encryption +* @param key the key to encode +* @param rng the rng to use +* @param pass the password to use for encryption +* @param pbe_algo the name of the desired password-based encryption + algorithm; if empty ("") a reasonable (portable/secure) + default will be chosen. +* @return the encrypted key in binary BER form +*/ +BOTAN_DLL SecureVector<byte> BER_encode(const Private_Key& key, + RandomNumberGenerator& rng, + const std::string& pass, + const std::string& pbe_algo = ""); + +/** * Get a string containing a PEM encoded private key, encrypting it with a * password. * @param key the key to encode * @param rng the rng to use * @param pass the password to use for encryption -* @param pbe_algo the name of the desired password-based encryption algorithm; - if empty ("") a reasonable (portable/secure) default will be chosen. +* @param pbe_algo the name of the desired password-based encryption + algorithm; if empty ("") a reasonable (portable/secure) + default will be chosen. +* @return the encrypted key in PEM form */ BOTAN_DLL std::string PEM_encode(const Private_Key& key, RandomNumberGenerator& rng, const std::string& pass, const std::string& pbe_algo = ""); + +/** +* Encode a private key into a pipe. This function is deprecated. +* @param key the private key to encode +* @param pipe the pipe to feed the encoded key into +* @param encoding the encoding type to use +*/ +inline void encode(const Private_Key& key, + Pipe& pipe, + X509_Encoding encoding = PEM) + { + if(encoding == PEM) + pipe.write(PKCS8::PEM_encode(key)); + else + pipe.write(PKCS8::BER_encode(key)); + } + +/** +* Encode and encrypt a private key into a pipe. This function is +* deprecated. +* @param key the private key to encode +* @param pipe the pipe to feed the encoded key into +* @param pass the password to use for encryption +* @param rng the rng to use +* @param pbe_algo the name of the desired password-based encryption + algorithm; if empty ("") a reasonable (portable/secure) + default will be chosen. +* @param encoding the encoding type to use +*/ +inline void encrypt_key(const Private_Key& key, + Pipe& pipe, + RandomNumberGenerator& rng, + const std::string& pass, + const std::string& pbe_algo = "", + X509_Encoding encoding = PEM) + { + if(encoding == PEM) + pipe.write(PKCS8::PEM_encode(key, rng, pass, pbe_algo)); + else + pipe.write(PKCS8::BER_encode(key, rng, pass, pbe_algo)); + } + /** * Load a key from a data source. * @param source the data source providing the encoded key diff --git a/src/pubkey/x509_key.cpp b/src/pubkey/x509_key.cpp index babeb517f..d321ce338 100644 --- a/src/pubkey/x509_key.cpp +++ b/src/pubkey/x509_key.cpp @@ -1,6 +1,6 @@ /* * X.509 Public Key -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -18,23 +18,14 @@ namespace Botan { namespace X509 { -/* -* DER or PEM encode a X.509 public key -*/ -void encode(const Public_Key& key, Pipe& pipe, X509_Encoding encoding) +MemoryVector<byte> BER_encode(const Public_Key& key) { - MemoryVector<byte> der = - DER_Encoder() + return DER_Encoder() .start_cons(SEQUENCE) .encode(key.algorithm_identifier()) .encode(key.x509_subject_public_key(), BIT_STRING) .end_cons() .get_contents(); - - if(encoding == PEM) - pipe.write(PEM_Code::encode(der, "PUBLIC KEY")); - else - pipe.write(der); } /* @@ -42,11 +33,8 @@ void encode(const Public_Key& key, Pipe& pipe, X509_Encoding encoding) */ std::string PEM_encode(const Public_Key& key) { - Pipe pem; - pem.start_msg(); - encode(key, pem, PEM); - pem.end_msg(); - return pem.read_all_as_string(); + return PEM_Code::encode(X509::BER_encode(key), + "PUBLIC KEY"); } /* @@ -115,11 +103,7 @@ Public_Key* load_key(const MemoryRegion<byte>& mem) */ Public_Key* copy_key(const Public_Key& key) { - Pipe bits; - bits.start_msg(); - X509::encode(key, bits, RAW_BER); - bits.end_msg(); - DataSource_Memory source(bits.read_all()); + DataSource_Memory source(PEM_encode(key)); return X509::load_key(source); } diff --git a/src/pubkey/x509_key.h b/src/pubkey/x509_key.h index 13f11646e..d9e9f2d7c 100644 --- a/src/pubkey/x509_key.h +++ b/src/pubkey/x509_key.h @@ -1,6 +1,6 @@ /* * X.509 Public Key -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -16,18 +16,16 @@ namespace Botan { /** -* This namespace contains functions for handling X509 objects. +* This namespace contains functions for handling X.509 public keys */ namespace X509 { /** -* Encode a key into a pipe. +* BER encode a key * @param key the public key to encode -* @param pipe the pipe to feed the encoded key into -* @param enc the encoding type to use +* @return the BER encoding of this key */ -BOTAN_DLL void encode(const Public_Key& key, Pipe& pipe, - X509_Encoding enc = PEM); +BOTAN_DLL MemoryVector<byte> BER_encode(const Public_Key& key); /** * PEM encode a public key into a string. @@ -44,11 +42,11 @@ BOTAN_DLL std::string PEM_encode(const Public_Key& key); BOTAN_DLL Public_Key* load_key(DataSource& source); /** -* Create a public key from a string. -* @param enc the string containing the PEM encoded key +* Create a public key from a file +* @param file pathname to the file to load * @return the new public key object */ -BOTAN_DLL Public_Key* load_key(const std::string& enc); +BOTAN_DLL Public_Key* load_key(const std::string& filename); /** * Create a public key from a memory region. @@ -73,10 +71,25 @@ BOTAN_DLL Public_Key* copy_key(const Public_Key& key); * @return the combination of key type specific constraints and * additional limits */ - BOTAN_DLL Key_Constraints find_constraints(const Public_Key& pub_key, Key_Constraints limits); +/** +* Encode a key into a pipe. This function is deprecated. +* @param key the public key to encode +* @param pipe the pipe to feed the encoded key into +* @param encoding the encoding type to use +*/ +inline void encode(const Public_Key& key, + Pipe& pipe, + X509_Encoding encoding = PEM) + { + if(encoding == PEM) + pipe.write(X509::PEM_encode(key)); + else + pipe.write(X509::BER_encode(key)); + } + } } |