Botan  2.6.0
Crypto and TLS for C++11
ffi_pkey.cpp
Go to the documentation of this file.
1 /*
2 * (C) 2015,2017 Jack Lloyd
3 *
4 * Botan is released under the Simplified BSD License (see license.txt)
5 */
6 
7 #include <botan/ffi.h>
8 #include <botan/internal/ffi_util.h>
9 #include <botan/internal/ffi_pkey.h>
10 #include <botan/internal/ffi_rng.h>
11 #include <botan/data_src.h>
12 #include <botan/hash.h>
13 #include <botan/pkcs8.h>
14 #include <botan/pk_keys.h>
15 #include <botan/x509_key.h>
16 #include <botan/pk_algs.h>
17 
18 #if defined(BOTAN_HAS_HASH_ID)
19  #include <botan/hash_id.h>
20 #endif
21 
22 extern "C" {
23 
24 using namespace Botan_FFI;
25 
26 int botan_privkey_create(botan_privkey_t* key_obj,
27  const char* algo_name,
28  const char* algo_params,
29  botan_rng_t rng_obj)
30  {
31  return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int {
32  if(key_obj == nullptr)
33  return BOTAN_FFI_ERROR_NULL_POINTER;
34 
35  *key_obj = nullptr;
36  if(rng_obj == nullptr)
37  return BOTAN_FFI_ERROR_NULL_POINTER;
38 
39  Botan::RandomNumberGenerator& rng = safe_get(rng_obj);
40  std::unique_ptr<Botan::Private_Key> key(
41  Botan::create_private_key(algo_name ? algo_name : "RSA",
42  rng,
43  algo_params ? algo_params : ""));
44 
45  if(key)
46  {
47  *key_obj = new botan_privkey_struct(key.release());
48  return BOTAN_FFI_SUCCESS;
49  }
50  else
51  {
52  return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
53  }
54  });
55  }
56 
57 int botan_privkey_load(botan_privkey_t* key, botan_rng_t rng_obj,
58  const uint8_t bits[], size_t len,
59  const char* password)
60  {
61  *key = nullptr;
62 
63  return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int {
64  Botan::DataSource_Memory src(bits, len);
65 
66  Botan::RandomNumberGenerator& rng = safe_get(rng_obj);
67 
68  std::unique_ptr<Botan::Private_Key> pkcs8;
69 
70  if(password == nullptr)
71  {
72  pkcs8.reset(Botan::PKCS8::load_key(src, rng));
73  }
74  else
75  {
76  pkcs8.reset(Botan::PKCS8::load_key(src, rng, static_cast<std::string>(password)));
77  }
78 
79  if(pkcs8)
80  {
81  *key = new botan_privkey_struct(pkcs8.release());
82  return BOTAN_FFI_SUCCESS;
83  }
84  return BOTAN_FFI_ERROR_UNKNOWN_ERROR;
85  });
86  }
87 
88 int botan_privkey_destroy(botan_privkey_t key)
89  {
90  return BOTAN_FFI_CHECKED_DELETE(key);
91  }
92 
93 int botan_pubkey_load(botan_pubkey_t* key,
94  const uint8_t bits[], size_t bits_len)
95  {
96  *key = nullptr;
97 
98  return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int {
99  Botan::DataSource_Memory src(bits, bits_len);
100  std::unique_ptr<Botan::Public_Key> pubkey(Botan::X509::load_key(src));
101 
102  if(pubkey == nullptr)
103  return BOTAN_FFI_ERROR_UNKNOWN_ERROR;
104 
105  *key = new botan_pubkey_struct(pubkey.release());
106  return BOTAN_FFI_SUCCESS;
107  });
108  }
109 
110 int botan_pubkey_destroy(botan_pubkey_t key)
111  {
112  return BOTAN_FFI_CHECKED_DELETE(key);
113  }
114 
115 int botan_privkey_export_pubkey(botan_pubkey_t* pubout, botan_privkey_t key_obj)
116  {
117  return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int {
118  std::unique_ptr<Botan::Public_Key>
119  pubkey(Botan::X509::load_key(Botan::X509::BER_encode(safe_get(key_obj))));
120 
121  *pubout = new botan_pubkey_struct(pubkey.release());
122  return BOTAN_FFI_SUCCESS;
123  });
124  }
125 
126 int botan_pubkey_algo_name(botan_pubkey_t key, char out[], size_t* out_len)
127  {
128  return BOTAN_FFI_DO(Botan::Public_Key, key, k, { return write_str_output(out, out_len, k.algo_name()); });
129  }
130 
131 int botan_pubkey_check_key(botan_pubkey_t key, botan_rng_t rng, uint32_t flags)
132  {
133  const bool strong = (flags & BOTAN_CHECK_KEY_EXPENSIVE_TESTS);
134 
135  return BOTAN_FFI_DO(Botan::Public_Key, key, k,
136  { return (k.check_key(safe_get(rng), strong) == true) ? 0 : -1; });
137  }
138 
139 int botan_privkey_check_key(botan_privkey_t key, botan_rng_t rng, uint32_t flags)
140  {
141  const bool strong = (flags & BOTAN_CHECK_KEY_EXPENSIVE_TESTS);
142  return BOTAN_FFI_DO(Botan::Private_Key, key, k,
143  { return (k.check_key(safe_get(rng), strong) == true) ? 0 : -1; });
144  }
145 
146 int botan_pubkey_export(botan_pubkey_t key, uint8_t out[], size_t* out_len, uint32_t flags)
147  {
148  return BOTAN_FFI_DO(Botan::Public_Key, key, k, {
149  if(flags == BOTAN_PRIVKEY_EXPORT_FLAG_DER)
150  return write_vec_output(out, out_len, Botan::X509::BER_encode(k));
151  else if(flags == BOTAN_PRIVKEY_EXPORT_FLAG_PEM)
152  return write_str_output(out, out_len, Botan::X509::PEM_encode(k));
153  else
154  return BOTAN_FFI_ERROR_BAD_FLAG;
155  });
156  }
157 
158 int botan_privkey_export(botan_privkey_t key, uint8_t out[], size_t* out_len, uint32_t flags)
159  {
160  return BOTAN_FFI_DO(Botan::Private_Key, key, k, {
161  if(flags == BOTAN_PRIVKEY_EXPORT_FLAG_DER)
162  return write_vec_output(out, out_len, Botan::PKCS8::BER_encode(k));
163  else if(flags == BOTAN_PRIVKEY_EXPORT_FLAG_PEM)
164  return write_str_output(out, out_len, Botan::PKCS8::PEM_encode(k));
165  else
166  return BOTAN_FFI_ERROR_BAD_FLAG;
167  });
168  }
169 
170 int botan_privkey_export_encrypted(botan_privkey_t key,
171  uint8_t out[], size_t* out_len,
172  botan_rng_t rng_obj,
173  const char* pass,
174  const char* /*ignored - pbe*/,
175  uint32_t flags)
176  {
177  return botan_privkey_export_encrypted_pbkdf_iter(key, out, out_len, rng_obj, pass, 100000, nullptr, nullptr, flags);
178  }
179 
180 int botan_privkey_export_encrypted_pbkdf_msec(botan_privkey_t key,
181  uint8_t out[], size_t* out_len,
182  botan_rng_t rng_obj,
183  const char* pass,
184  uint32_t pbkdf_msec,
185  size_t* pbkdf_iters_out,
186  const char* maybe_cipher,
187  const char* maybe_pbkdf_hash,
188  uint32_t flags)
189  {
190  return BOTAN_FFI_DO(Botan::Private_Key, key, k, {
191  const std::chrono::milliseconds pbkdf_time(pbkdf_msec);
192  Botan::RandomNumberGenerator& rng = safe_get(rng_obj);
193 
194  const std::string cipher = (maybe_cipher ? maybe_cipher : "");
195  const std::string pbkdf_hash = (maybe_pbkdf_hash ? maybe_pbkdf_hash : "");
196 
197  if(flags == BOTAN_PRIVKEY_EXPORT_FLAG_DER)
198  {
199  return write_vec_output(out, out_len,
200  Botan::PKCS8::BER_encode_encrypted_pbkdf_msec(k, rng, pass, pbkdf_time, pbkdf_iters_out, cipher, pbkdf_hash));
201  }
202  else if(flags == BOTAN_PRIVKEY_EXPORT_FLAG_PEM)
203  {
204  return write_str_output(out, out_len,
205  Botan::PKCS8::PEM_encode_encrypted_pbkdf_msec(k, rng, pass, pbkdf_time, pbkdf_iters_out, cipher, pbkdf_hash));
206  }
207  else
208  {
209  return -2;
210  }
211  });
212  }
213 
214 int botan_privkey_export_encrypted_pbkdf_iter(botan_privkey_t key,
215  uint8_t out[], size_t* out_len,
216  botan_rng_t rng_obj,
217  const char* pass,
218  size_t pbkdf_iter,
219  const char* maybe_cipher,
220  const char* maybe_pbkdf_hash,
221  uint32_t flags)
222  {
223  return BOTAN_FFI_DO(Botan::Private_Key, key, k, {
224  Botan::RandomNumberGenerator& rng = safe_get(rng_obj);
225 
226  const std::string cipher = (maybe_cipher ? maybe_cipher : "");
227  const std::string pbkdf_hash = (maybe_pbkdf_hash ? maybe_pbkdf_hash : "");
228 
229  if(flags == BOTAN_PRIVKEY_EXPORT_FLAG_DER)
230  {
231  return write_vec_output(out, out_len,
232  Botan::PKCS8::BER_encode_encrypted_pbkdf_iter(k, rng, pass, pbkdf_iter, cipher, pbkdf_hash));
233  }
234  else if(flags == BOTAN_PRIVKEY_EXPORT_FLAG_PEM)
235  {
236  return write_str_output(out, out_len,
237  Botan::PKCS8::PEM_encode_encrypted_pbkdf_iter(k, rng, pass, pbkdf_iter, cipher, pbkdf_hash));
238  }
239  else
240  {
241  return -2;
242  }
243  });
244  }
245 
246 int botan_pubkey_estimated_strength(botan_pubkey_t key, size_t* estimate)
247  {
248  return BOTAN_FFI_DO(Botan::Public_Key, key, k, { *estimate = k.estimated_strength(); });
249  }
250 
251 int botan_pubkey_fingerprint(botan_pubkey_t key, const char* hash_fn,
252  uint8_t out[], size_t* out_len)
253  {
254  return BOTAN_FFI_DO(Botan::Public_Key, key, k, {
255  std::unique_ptr<Botan::HashFunction> h(Botan::HashFunction::create(hash_fn));
256  return write_vec_output(out, out_len, h->process(k.public_key_bits()));
257  });
258  }
259 
260 int botan_pkcs_hash_id(const char* hash_name, uint8_t pkcs_id[], size_t* pkcs_id_len)
261  {
262 #if defined(BOTAN_HAS_HASH_ID)
263  return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int {
264  const std::vector<uint8_t> hash_id = Botan::pkcs_hash_id(hash_name);
265  return write_output(pkcs_id, pkcs_id_len, hash_id.data(), hash_id.size());
266  });
267 #else
268  return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
269 #endif
270  }
271 
272 }
botan_privkey_destroy
int botan_privkey_destroy(botan_privkey_t key)
Definition: ffi_pkey.cpp:88
botan_privkey_create
int botan_privkey_create(botan_privkey_t *key_obj, const char *algo_name, const char *algo_params, botan_rng_t rng_obj)
Definition: ffi_pkey.cpp:26
BOTAN_PRIVKEY_EXPORT_FLAG_PEM
#define BOTAN_PRIVKEY_EXPORT_FLAG_PEM
Definition: ffi.h:741
Botan::X509::PEM_encode
std::string PEM_encode(const Public_Key &key)
Definition: x509_key.cpp:28
Botan::Private_Key
Definition: pk_keys.h:170
botan_privkey_export_pubkey
int botan_privkey_export_pubkey(botan_pubkey_t *pubout, botan_privkey_t key_obj)
Definition: ffi_pkey.cpp:115
Botan::X509::BER_encode
std::vector< uint8_t > BER_encode(const Public_Key &key)
Definition: x509_key.cpp:19
Botan::create_private_key
std::unique_ptr< Private_Key > create_private_key(const std::string &alg_name, RandomNumberGenerator &rng, const std::string &params, const std::string &provider)
Definition: pk_algs.cpp:273
Botan_FFI::ffi_guard_thunk
int ffi_guard_thunk(const char *func_name, Thunk thunk)
Definition: ffi_util.h:64
Botan::PKCS11::flags
Flags flags(Flag flags)
Definition: p11.h:858
botan_pubkey_export
int botan_pubkey_export(botan_pubkey_t key, uint8_t out[], size_t *out_len, uint32_t flags)
Definition: ffi_pkey.cpp:146
Botan::PKCS8::BER_encode_encrypted_pbkdf_iter
std::vector< uint8_t > BER_encode_encrypted_pbkdf_iter(const Private_Key &key, RandomNumberGenerator &rng, const std::string &pass, size_t pbkdf_iterations, const std::string &cipher, const std::string &pbkdf_hash)
Definition: pkcs8.cpp:226
botan_privkey_export_encrypted_pbkdf_msec
int botan_privkey_export_encrypted_pbkdf_msec(botan_privkey_t key, uint8_t out[], size_t *out_len, botan_rng_t rng_obj, const char *pass, uint32_t pbkdf_msec, size_t *pbkdf_iters_out, const char *maybe_cipher, const char *maybe_pbkdf_hash, uint32_t flags)
Definition: ffi_pkey.cpp:180
Botan_FFI::write_vec_output
int write_vec_output(uint8_t out[], size_t *out_len, const std::vector< uint8_t, Alloc > &buf)
Definition: ffi_util.h:146
Botan::PKCS8::BER_encode_encrypted_pbkdf_msec
std::vector< uint8_t > BER_encode_encrypted_pbkdf_msec(const Private_Key &key, RandomNumberGenerator &rng, const std::string &pass, std::chrono::milliseconds pbkdf_msec, size_t *pbkdf_iterations, const std::string &cipher, const std::string &pbkdf_hash)
Definition: pkcs8.cpp:271
Botan_FFI::write_str_output
int write_str_output(uint8_t out[], size_t *out_len, const std::string &str)
Definition: ffi_util.h:151
botan_privkey_export_encrypted_pbkdf_iter
int botan_privkey_export_encrypted_pbkdf_iter(botan_privkey_t key, uint8_t out[], size_t *out_len, botan_rng_t rng_obj, const char *pass, size_t pbkdf_iter, const char *maybe_cipher, const char *maybe_pbkdf_hash, uint32_t flags)
Definition: ffi_pkey.cpp:214
botan_pubkey_check_key
int botan_pubkey_check_key(botan_pubkey_t key, botan_rng_t rng, uint32_t flags)
Definition: ffi_pkey.cpp:131
BOTAN_CHECK_KEY_EXPENSIVE_TESTS
#define BOTAN_CHECK_KEY_EXPENSIVE_TESTS
Definition: ffi.h:670
BOTAN_PRIVKEY_EXPORT_FLAG_DER
#define BOTAN_PRIVKEY_EXPORT_FLAG_DER
Definition: ffi.h:740
botan_pubkey_load
int botan_pubkey_load(botan_pubkey_t *key, const uint8_t bits[], size_t bits_len)
Definition: ffi_pkey.cpp:93
Botan::HashFunction::create
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:106
Botan::PKCS8::PEM_encode
std::string PEM_encode(const Private_Key &key)
Definition: pkcs8.cpp:148
Botan_FFI
Definition: ffi.cpp:15
Botan::PKCS8::BER_encode
secure_vector< uint8_t > BER_encode(const Private_Key &key)
Definition: pkcs8.cpp:139
BOTAN_FFI_CHECKED_DELETE
#define BOTAN_FFI_CHECKED_DELETE(o)
Definition: ffi_util.h:126
botan_privkey_load
int botan_privkey_load(botan_privkey_t *key, botan_rng_t rng_obj, const uint8_t bits[], size_t len, const char *password)
Definition: ffi_pkey.cpp:57
botan_privkey_t
struct botan_privkey_struct * botan_privkey_t
Definition: ffi.h:663
Botan::Public_Key
Definition: pk_keys.h:23
Botan::PKCS8::PEM_encode_encrypted_pbkdf_iter
std::string PEM_encode_encrypted_pbkdf_iter(const Private_Key &key, RandomNumberGenerator &rng, const std::string &pass, size_t pbkdf_iterations, const std::string &cipher, const std::string &pbkdf_hash)
Definition: pkcs8.cpp:256
Botan_FFI::safe_get
T & safe_get(botan_struct< T, M > *p)
Definition: ffi_util.h:49
botan_pubkey_fingerprint
int botan_pubkey_fingerprint(botan_pubkey_t key, const char *hash_fn, uint8_t out[], size_t *out_len)
Definition: ffi_pkey.cpp:251
Botan::Public_Key::estimated_strength
virtual size_t estimated_strength() const =0
BOTAN_CURRENT_FUNCTION
#define BOTAN_CURRENT_FUNCTION
Definition: compiler.h:143
botan_privkey_export
int botan_privkey_export(botan_privkey_t key, uint8_t out[], size_t *out_len, uint32_t flags)
Definition: ffi_pkey.cpp:158
botan_pubkey_destroy
int botan_pubkey_destroy(botan_pubkey_t key)
Definition: ffi_pkey.cpp:110
botan_pubkey_estimated_strength
int botan_pubkey_estimated_strength(botan_pubkey_t key, size_t *estimate)
Definition: ffi_pkey.cpp:246
Botan::DataSource_Memory
Definition: data_src.h:98
botan_privkey_export_encrypted
int botan_privkey_export_encrypted(botan_privkey_t key, uint8_t out[], size_t *out_len, botan_rng_t rng_obj, const char *pass, const char *, uint32_t flags)
Definition: ffi_pkey.cpp:170
botan_privkey_check_key
int botan_privkey_check_key(botan_privkey_t key, botan_rng_t rng, uint32_t flags)
Definition: ffi_pkey.cpp:139
botan_pubkey_t
struct botan_pubkey_struct * botan_pubkey_t
Definition: ffi.h:791
botan_pubkey_algo_name
int botan_pubkey_algo_name(botan_pubkey_t key, char out[], size_t *out_len)
Definition: ffi_pkey.cpp:126
Botan::PKCS8::load_key
std::unique_ptr< Private_Key > load_key(DataSource &source, std::function< std::string()> get_pass)
Definition: pkcs8.cpp:341
Botan_FFI::write_output
int write_output(uint8_t out[], size_t *out_len, const uint8_t buf[], size_t buf_len)
Definition: ffi_util.h:128
BOTAN_FFI_DO
#define BOTAN_FFI_DO(T, obj, param, block)
Definition: ffi_util.h:98
botan_rng_t
struct botan_rng_struct * botan_rng_t
Definition: ffi.h:182
botan_pkcs_hash_id
int botan_pkcs_hash_id(const char *hash_name, uint8_t pkcs_id[], size_t *pkcs_id_len)
Definition: ffi_pkey.cpp:260
Botan::pkcs_hash_id
std::vector< uint8_t > pkcs_hash_id(const std::string &name)
Definition: hash_id.cpp:77
Botan::PKCS8::PEM_encode_encrypted_pbkdf_msec
std::string PEM_encode_encrypted_pbkdf_msec(const Private_Key &key, RandomNumberGenerator &rng, const std::string &pass, std::chrono::milliseconds pbkdf_msec, size_t *pbkdf_iterations, const std::string &cipher, const std::string &pbkdf_hash)
Definition: pkcs8.cpp:302
Botan::X509::load_key
Public_Key * load_key(DataSource &source)
Definition: x509_key.cpp:37
Generated by   doxygen 1.8.14