aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/cli/cli.cpp8
-rw-r--r--src/cli/cli.h7
-rw-r--r--src/cli/psk.cpp6
-rw-r--r--src/cli/pubkey.cpp19
-rw-r--r--src/cli/tls_client.cpp2
-rw-r--r--src/cli/tls_http_server.cpp2
-rw-r--r--src/cli/tls_proxy.cpp2
-rw-r--r--src/cli/utils.cpp7
-rw-r--r--src/cli/x509.cpp16
9 files changed, 46 insertions, 23 deletions
diff --git a/src/cli/cli.cpp b/src/cli/cli.cpp
index 988fa623a..1918a4fbd 100644
--- a/src/cli/cli.cpp
+++ b/src/cli/cli.cpp
@@ -207,6 +207,14 @@ Botan::RandomNumberGenerator& Command::rng()
return *m_rng.get();
}
+std::string Command::get_passphrase_arg(const std::string& prompt, const std::string& opt_name)
+ {
+ const std::string s = get_arg(opt_name);
+ if(s != "-")
+ return s;
+ return get_passphrase(prompt);
+ }
+
namespace {
bool echo_suppression_supported()
diff --git a/src/cli/cli.h b/src/cli/cli.h
index fca8e5225..b6f6a3076 100644
--- a/src/cli/cli.h
+++ b/src/cli/cli.h
@@ -124,6 +124,13 @@ class Command
std::string get_arg(const std::string& opt_name) const;
+ /**
+ * Like get_arg but if the value is '-' then reads a passphrase from
+ * the terminal with echo suppressed.
+ */
+ std::string get_passphrase_arg(const std::string& prompt,
+ const std::string& opt_name);
+
/*
* Like get_arg() but if the argument was not specified or is empty, returns otherwise
*/
diff --git a/src/cli/psk.cpp b/src/cli/psk.cpp
index 45a5918d8..83b60225d 100644
--- a/src/cli/psk.cpp
+++ b/src/cli/psk.cpp
@@ -27,7 +27,7 @@ class PSK_Tool_Base : public Command
void go() override
{
const std::string db_filename = get_arg("db");
- const Botan::secure_vector<uint8_t> db_key = Botan::hex_decode_locked(get_arg("db_key"));
+ const Botan::secure_vector<uint8_t> db_key = Botan::hex_decode_locked(get_passphrase_arg("Database key", "db_key"));
std::shared_ptr<Botan::SQL_Database> db = std::make_shared<Botan::Sqlite3_Database>(db_filename);
Botan::Encrypted_PSK_Database_SQL psk(db_key, db, "psk");
@@ -53,8 +53,8 @@ class PSK_Tool_Set final : public PSK_Tool_Base
void psk_operation(Botan::PSK_Database& db) override
{
const std::string name = get_arg("name");
- Botan::secure_vector<uint8_t> key = Botan::hex_decode_locked(get_arg("psk"));
- db.set_vec(name, key);
+ const Botan::secure_vector<uint8_t> psk = Botan::hex_decode_locked(get_passphrase_arg("PSK", "psk"));
+ db.set_vec(name, psk);
}
};
diff --git a/src/cli/pubkey.cpp b/src/cli/pubkey.cpp
index 46655a6ae..6011c9701 100644
--- a/src/cli/pubkey.cpp
+++ b/src/cli/pubkey.cpp
@@ -60,7 +60,7 @@ class PK_Keygen final : public Command
throw CLI_Error_Unsupported("keygen", algo);
}
- const std::string pass = get_arg("passphrase");
+ const std::string pass = get_passphrase_arg("Key passphrase", "passphrase");
const bool der_out = flag_set("der-out");
const std::chrono::milliseconds pbe_millis(get_arg_sz("pbe-millis"));
@@ -168,11 +168,11 @@ class PK_Sign final : public Command
void go() override
{
- std::unique_ptr<Botan::Private_Key> key(
- Botan::PKCS8::load_key(
- get_arg("key"),
- rng(),
- get_arg("passphrase")));
+ const std::string key_file = get_arg("key");
+ const std::string passphrase = get_passphrase_arg("Passphrase for " + key_file, "passphrase");
+
+ Botan::DataSource_Stream input(key_file);
+ std::unique_ptr<Botan::Private_Key> key = Botan::PKCS8::load_key(input, passphrase);;
if(!key)
{
@@ -265,9 +265,10 @@ class PKCS8_Tool final : public Command
void go() override
{
- const std::string pass_in = get_arg("pass-in");
+ const std::string key_file = get_arg("key");
+ const std::string pass_in = get_passphrase_arg("Password for " + key_file, "pass-in");
- Botan::DataSource_Memory key_src(slurp_file(get_arg("key")));
+ Botan::DataSource_Memory key_src(slurp_file(key_file));
std::unique_ptr<Botan::Private_Key> key;
if(pass_in.empty())
@@ -296,7 +297,7 @@ class PKCS8_Tool final : public Command
}
else
{
- const std::string pass_out = get_arg("pass-out");
+ const std::string pass_out = get_passphrase_arg("Passphrase to encrypt key", "pass-out");
if(der_out)
{
diff --git a/src/cli/tls_client.cpp b/src/cli/tls_client.cpp
index dfe874313..32ae4cea5 100644
--- a/src/cli/tls_client.cpp
+++ b/src/cli/tls_client.cpp
@@ -101,7 +101,7 @@ class TLS_Client final : public Command, public Botan::TLS::Callbacks
if(!sessions_db.empty())
{
#if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER)
- const std::string sessions_passphrase = get_arg("session-db-pass");
+ const std::string sessions_passphrase = get_passphrase_arg("Session DB passphrase", "session-db-pass");
session_mgr.reset(new Botan::TLS::Session_Manager_SQLite(sessions_passphrase, rng(), sessions_db));
#else
error_output() << "Ignoring session DB file, sqlite not enabled\n";
diff --git a/src/cli/tls_http_server.cpp b/src/cli/tls_http_server.cpp
index 6b5cefab4..cc59a71c3 100644
--- a/src/cli/tls_http_server.cpp
+++ b/src/cli/tls_http_server.cpp
@@ -531,7 +531,7 @@ class TLS_HTTP_Server final : public Command
if(!sessions_db.empty())
{
#if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER)
- const std::string sessions_passphrase = get_arg("session-db-pass");
+ const std::string sessions_passphrase = get_passphrase_arg("Session DB passphrase", "session-db-pass");
session_mgr.reset(new Botan::TLS::Session_Manager_SQLite(sessions_passphrase, rng(), sessions_db));
#else
throw CLI_Error_Unsupported("Sqlite3 support not available");
diff --git a/src/cli/tls_proxy.cpp b/src/cli/tls_proxy.cpp
index 717bbc6c6..49ffbe376 100644
--- a/src/cli/tls_proxy.cpp
+++ b/src/cli/tls_proxy.cpp
@@ -453,7 +453,7 @@ class TLS_Proxy final : public Command
std::unique_ptr<Botan::TLS::Session_Manager> session_mgr;
#if defined(BOTAN_HAS_TLS_SQLITE3_SESSION_MANAGER)
- const std::string sessions_passphrase = get_arg("session-db-pass");
+ const std::string sessions_passphrase = get_passphrase_arg("Session DB passphrase", "session-db-pass");
const std::string sessions_db = get_arg("session-db");
if(!sessions_db.empty())
diff --git a/src/cli/utils.cpp b/src/cli/utils.cpp
index 1a7639937..99471fba5 100644
--- a/src/cli/utils.cpp
+++ b/src/cli/utils.cpp
@@ -540,7 +540,7 @@ class Generate_Bcrypt final : public Command
void go() override
{
- const std::string password = get_arg("password");
+ const std::string password = get_passphrase_arg("Passphrase to hash", "password");
const size_t wf = get_arg_sz("work-factor");
if(wf < 4 || wf > 18)
@@ -574,7 +574,7 @@ class Check_Bcrypt final : public Command
void go() override
{
- const std::string password = get_arg("password");
+ const std::string password = get_passphrase_arg("Password to check", "password");
const std::string hash = get_arg("hash");
if(hash.length() != 60)
@@ -585,6 +585,9 @@ class Check_Bcrypt final : public Command
const bool ok = Botan::check_bcrypt(password, hash);
output() << "Password is " << (ok ? "valid" : "NOT valid") << std::endl;
+
+ if(ok == false)
+ set_return_code(1);
}
};
diff --git a/src/cli/x509.cpp b/src/cli/x509.cpp
index adae8285c..d894b99a4 100644
--- a/src/cli/x509.cpp
+++ b/src/cli/x509.cpp
@@ -45,23 +45,25 @@ class Sign_Cert final : public Command
void go() override
{
Botan::X509_Certificate ca_cert(get_arg("ca_cert"));
- std::unique_ptr<Botan::Private_Key> key;
- const std::string pass = get_arg("ca-key-pass");
+
+ const std::string key_file = get_arg("ca_key");
+ const std::string pass = get_passphrase_arg("Password for " + key_file, "ca-key-pass");
const std::string emsa = get_arg("emsa");
const std::string hash = get_arg("hash");
+ std::unique_ptr<Botan::Private_Key> key;
if(!pass.empty())
{
- key.reset(Botan::PKCS8::load_key(get_arg("ca_key"), rng(), pass));
+ key.reset(Botan::PKCS8::load_key(key_file, rng(), pass));
}
else
{
- key.reset(Botan::PKCS8::load_key(get_arg("ca_key"), rng()));
+ key.reset(Botan::PKCS8::load_key(key_file, rng()));
}
if(!key)
{
- throw CLI_Error("Failed to load key from " + get_arg("ca_key"));
+ throw CLI_Error("Failed to load key from " + key_file);
}
std::map<std::string, std::string> options;
@@ -251,7 +253,9 @@ class Gen_Self_Signed final : public Command
void go() override
{
- std::unique_ptr<Botan::Private_Key> key(Botan::PKCS8::load_key(get_arg("key"), rng(), get_arg("key-pass")));
+ const std::string key_file = get_arg("key");
+ const std::string passphrase = get_passphrase_arg("Passphrase for " + key_file, "key-pass");
+ std::unique_ptr<Botan::Private_Key> key(Botan::PKCS8::load_key(key_file, rng(), passphrase));
if(!key)
{