Botan  2.4.0
Crypto and TLS for C++11
Functions
Botan::X509 Namespace Reference

Functions

std::vector< uint8_t > BER_encode (const Public_Key &key)
 
Public_Keycopy_key (const Public_Key &key)
 
PKCS10_Request create_cert_req (const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
 
X509_Certificate create_self_signed_cert (const X509_Cert_Options &opts, const Private_Key &key, const std::string &hash_fn, RandomNumberGenerator &rng)
 
Public_Keyload_key (DataSource &source)
 
Public_Keyload_key (const std::vector< uint8_t > &mem)
 
std::string PEM_encode (const Public_Key &key)
 

Detailed Description

This namespace contains functions for handling X.509 public keys

Function Documentation

◆ BER_encode()

std::vector< uint8_t > Botan::X509::BER_encode ( const Public_Key key)

BER encode a key

Parameters
keythe public key to encode
Returns
BER encoding of this key

Definition at line 19 of file x509_key.cpp.

References Botan::Public_Key::subject_public_key().

Referenced by botan_privkey_export_pubkey(), botan_pubkey_export(), create_cert_req(), and create_self_signed_cert().

20  {
21  // keeping it around for compat
22  return key.subject_public_key();
23  }

◆ copy_key()

Public_Key * Botan::X509::copy_key ( const Public_Key key)

Copy a key.

Parameters
keythe public key to copy
Returns
new public key object

Definition at line 98 of file x509_key.cpp.

References load_key(), and PEM_encode().

99  {
100  DataSource_Memory source(PEM_encode(key));
101  return X509::load_key(source);
102  }
std::string PEM_encode(const Public_Key &key)
Definition: x509_key.cpp:28
Public_Key * load_key(const std::vector< uint8_t > &mem)
Definition: x509_key.cpp:89

◆ create_cert_req()

PKCS10_Request Botan::X509::create_cert_req ( const X509_Cert_Options opts,
const Private_Key key,
const std::string &  hash_fn,
RandomNumberGenerator rng 
)

Create a PKCS#10 certificate request.

Parameters
optsthe options defining the request to create
keythe key used to sign this request
rngthe rng to use
hash_fnthe hash function to use
Returns
newly created PKCS#10 request

Definition at line 98 of file x509self.cpp.

References Botan::Extensions::add(), BER_encode(), Botan::X509_Cert_Options::challenge, Botan::choose_sig_format(), Botan::X509_Cert_Options::constraints, Botan::CRL_SIGN, Botan::DIRECTORY_STRING, Botan::PEM_Code::encode(), Botan::DER_Encoder::encode(), Botan::DER_Encoder::end_cons(), Botan::DER_Encoder::end_explicit(), Botan::X509_Cert_Options::ex_constraints, Botan::X509_Cert_Options::extensions, Botan::DER_Encoder::get_contents(), Botan::X509_Cert_Options::is_CA, Botan::KEY_CERT_SIGN, Botan::X509_Object::make_signed(), Botan::NO_CONSTRAINTS, Botan::X509_Cert_Options::padding_scheme, Botan::X509_Cert_Options::path_limit, Botan::DER_Encoder::raw_bytes(), Botan::SEQUENCE, Botan::DER_Encoder::start_cons(), Botan::DER_Encoder::start_explicit(), and Botan::verify_cert_constraints_valid_for_key_type().

102  {
103  AlgorithmIdentifier sig_algo;
104  X509_DN subject_dn;
105  AlternativeName subject_alt;
106 
107  // for now, only the padding option is used
108  std::map<std::string,std::string> sig_opts = { {"padding",opts.padding_scheme} };
109 
110  std::vector<uint8_t> pub_key = X509::BER_encode(key);
111  std::unique_ptr<PK_Signer> signer(choose_sig_format(key, sig_opts, rng, hash_fn, sig_algo));
112  load_info(opts, subject_dn, subject_alt);
113 
114  const size_t PKCS10_VERSION = 0;
115 
116  Key_Constraints constraints;
117  if(opts.is_CA)
118  {
119  constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN);
120  }
121  else
122  {
123  verify_cert_constraints_valid_for_key_type(key, opts.constraints);
124  constraints = opts.constraints;
125  }
126 
127  Extensions extensions = opts.extensions;
128 
129  extensions.add(
130  new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit));
131 
132  if(constraints != NO_CONSTRAINTS)
133  {
134  extensions.add(
135  new Cert_Extension::Key_Usage(constraints));
136  }
137  extensions.add(
138  new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));
139  extensions.add(
140  new Cert_Extension::Subject_Alternative_Name(subject_alt));
141 
142  DER_Encoder tbs_req;
143 
144  tbs_req.start_cons(SEQUENCE)
145  .encode(PKCS10_VERSION)
146  .encode(subject_dn)
147  .raw_bytes(pub_key)
148  .start_explicit(0);
149 
150  if(!opts.challenge.empty())
151  {
152  ASN1_String challenge(opts.challenge, DIRECTORY_STRING);
153 
154  tbs_req.encode(
155  Attribute("PKCS9.ChallengePassword",
156  DER_Encoder().encode(challenge).get_contents_unlocked()
157  )
158  );
159  }
160 
161  tbs_req.encode(
162  Attribute("PKCS9.ExtensionRequest",
163  DER_Encoder()
164  .start_cons(SEQUENCE)
165  .encode(extensions)
166  .end_cons()
167  .get_contents_unlocked()
168  )
169  )
170  .end_explicit()
171  .end_cons();
172 
173  const std::vector<uint8_t> req =
174  X509_Object::make_signed(signer.get(), rng, sig_algo,
175  tbs_req.get_contents());
176 
177  return PKCS10_Request(req);
178  }
Definition: ffi.h:1147
std::string encode(const uint8_t der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:43
secure_vector< uint8_t > BER_encode(const Private_Key &key)
Definition: pkcs8.cpp:131
void verify_cert_constraints_valid_for_key_type(const Public_Key &pub_key, Key_Constraints constraints)
PK_Signer * choose_sig_format(const Private_Key &key, RandomNumberGenerator &rng, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
Definition: x509_ca.cpp:275
CK_ATTRIBUTE Attribute
Definition: p11.h:845

◆ create_self_signed_cert()

X509_Certificate Botan::X509::create_self_signed_cert ( const X509_Cert_Options opts,
const Private_Key key,
const std::string &  hash_fn,
RandomNumberGenerator rng 
)

Create a self-signed X.509 certificate.

Parameters
optsthe options defining the certificate to create
keythe private key used for signing, i.e. the key associated with this self-signed certificate
hash_fnthe hash function to use
rngthe rng to use
Returns
newly created self-signed certificate

Definition at line 43 of file x509self.cpp.

References Botan::Extensions::add(), BER_encode(), Botan::choose_sig_format(), Botan::X509_Cert_Options::constraints, Botan::CRL_SIGN, Botan::X509_Cert_Options::end, Botan::X509_Cert_Options::ex_constraints, Botan::X509_Cert_Options::extensions, Botan::X509_Cert_Options::is_CA, Botan::KEY_CERT_SIGN, Botan::X509_CA::make_cert(), Botan::NO_CONSTRAINTS, Botan::X509_Cert_Options::padding_scheme, Botan::X509_Cert_Options::path_limit, Botan::X509_Cert_Options::start, and Botan::verify_cert_constraints_valid_for_key_type().

47  {
48  AlgorithmIdentifier sig_algo;
49  X509_DN subject_dn;
50  AlternativeName subject_alt;
51 
52  // for now, only the padding option is used
53  std::map<std::string,std::string> sig_opts = { {"padding",opts.padding_scheme} };
54 
55  std::vector<uint8_t> pub_key = X509::BER_encode(key);
56  std::unique_ptr<PK_Signer> signer(choose_sig_format(key, sig_opts, rng, hash_fn, sig_algo));
57  load_info(opts, subject_dn, subject_alt);
58 
59  Key_Constraints constraints;
60  if(opts.is_CA)
61  {
62  constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN);
63  }
64  else
65  {
66  verify_cert_constraints_valid_for_key_type(key, opts.constraints);
67  constraints = opts.constraints;
68  }
69 
70  Extensions extensions = opts.extensions;
71 
72  extensions.add(
73  new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit),
74  true);
75 
76  if(constraints != NO_CONSTRAINTS)
77  {
78  extensions.add(new Cert_Extension::Key_Usage(constraints), true);
79  }
80 
81  extensions.add(new Cert_Extension::Subject_Key_ID(pub_key, hash_fn));
82 
83  extensions.add(
84  new Cert_Extension::Subject_Alternative_Name(subject_alt));
85 
86  extensions.add(
87  new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));
88 
89  return X509_CA::make_cert(signer.get(), rng, sig_algo, pub_key,
90  opts.start, opts.end,
91  subject_dn, subject_dn,
92  extensions);
93  }
Definition: ffi.h:1147
secure_vector< uint8_t > BER_encode(const Private_Key &key)
Definition: pkcs8.cpp:131
void verify_cert_constraints_valid_for_key_type(const Public_Key &pub_key, Key_Constraints constraints)
PK_Signer * choose_sig_format(const Private_Key &key, RandomNumberGenerator &rng, const std::string &hash_fn, AlgorithmIdentifier &sig_algo)
Definition: x509_ca.cpp:275

◆ load_key() [1/2]

Public_Key * Botan::X509::load_key ( DataSource source)

Create a public key from a data source.

Parameters
sourcethe source providing the DER or PEM encoded key
Returns
new public key object

Definition at line 37 of file x509_key.cpp.

References Botan::BIT_STRING, Botan::BER_Decoder::decode(), Botan::PEM_Code::decode_check_label(), Botan::BER_Decoder::end_cons(), Botan::load_public_key(), Botan::PEM_Code::matches(), Botan::ASN1::maybe_BER(), Botan::SEQUENCE, Botan::BER_Decoder::start_cons(), and Botan::Exception::what().

Referenced by botan_privkey_export_pubkey(), botan_pubkey_load(), copy_key(), load_key(), Botan::X509_Certificate::load_subject_public_key(), Botan::PKCS10_Request::subject_public_key(), and Botan::X509_Certificate::X509_Certificate().

38  {
39  try {
40  AlgorithmIdentifier alg_id;
41  std::vector<uint8_t> key_bits;
42 
43  if(ASN1::maybe_BER(source) && !PEM_Code::matches(source))
44  {
45  BER_Decoder(source)
46  .start_cons(SEQUENCE)
47  .decode(alg_id)
48  .decode(key_bits, BIT_STRING)
49  .end_cons();
50  }
51  else
52  {
53  DataSource_Memory ber(
54  PEM_Code::decode_check_label(source, "PUBLIC KEY")
55  );
56 
57  BER_Decoder(ber)
58  .start_cons(SEQUENCE)
59  .decode(alg_id)
60  .decode(key_bits, BIT_STRING)
61  .end_cons();
62  }
63 
64  if(key_bits.empty())
65  throw Decoding_Error("X.509 public key decoding failed");
66 
67  return load_public_key(alg_id, key_bits).release();
68  }
69  catch(Decoding_Error& e)
70  {
71  throw Decoding_Error("X.509 public key decoding failed: " + std::string(e.what()));
72  }
73  }
std::unique_ptr< Public_Key > load_public_key(const AlgorithmIdentifier &alg_id, const std::vector< uint8_t > &key_bits)
Definition: pk_algs.cpp:84
bool maybe_BER(DataSource &source)
Definition: asn1_obj.cpp:116
secure_vector< uint8_t > decode_check_label(DataSource &source, const std::string &label_want)
Definition: pem.cpp:54
bool matches(DataSource &source, const std::string &extra, size_t search_range)
Definition: pem.cpp:142

◆ load_key() [2/2]

Public_Key * Botan::X509::load_key ( const std::vector< uint8_t > &  enc)

Create a public key from a memory region.

Parameters
encthe memory region containing the DER or PEM encoded key
Returns
new public key object

Definition at line 89 of file x509_key.cpp.

References load_key().

90  {
91  DataSource_Memory source(mem);
92  return X509::load_key(source);
93  }
Public_Key * load_key(const std::vector< uint8_t > &mem)
Definition: x509_key.cpp:89

◆ PEM_encode()

std::string Botan::X509::PEM_encode ( const Public_Key key)

PEM encode a public key into a string.

Parameters
keythe key to encode
Returns
PEM encoded key

Definition at line 28 of file x509_key.cpp.

References Botan::PEM_Code::encode(), and Botan::Public_Key::subject_public_key().

Referenced by botan_pubkey_export(), copy_key(), and Botan::X509_Certificate::to_string().

29  {
30  return PEM_Code::encode(key.subject_public_key(),
31  "PUBLIC KEY");
32  }
std::string encode(const uint8_t der[], size_t length, const std::string &label, size_t width)
Definition: pem.cpp:43