[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Monotone-commits-diffs] net.venge.monotone: 9ff6e41adc6f40ae054fb4487f3
From: |
code |
Subject: |
[Monotone-commits-diffs] net.venge.monotone: 9ff6e41adc6f40ae054fb4487f356bf69324dbdb |
Date: |
Mon, 18 Mar 2013 20:16:59 +0100 (CET) |
revision: 9ff6e41adc6f40ae054fb4487f356bf69324dbdb
date: 2013-03-17T10:14:12
author: address@hidden
branch: net.venge.monotone
changelog:
Add conditional code using Botan 1.10 specific API. This prevents
deprecation warnings when compiling against that version of Botan
and flattens the path towards Botan 1.12, where now deprecated
methods are going to disappear.
manifest:
format_version "1"
new_manifest [134292d7331b6c8b98f340d93583283199368b09]
old_revision [dfe4b51c8db852b7281a125aac6f3ddee34906f6]
patch "src/database.cc"
from [39ab2644b936e09a536b99ebd28b93f6e0d7c162]
to [a2f65339e0beb0740c9338b149b47e70c9ae0bfd]
patch "src/key_store.cc"
from [1ca13b7ee527bc2872d9fc325cf5ef327ca053c2]
to [974edefb0c48a3cdb903cac5c03859563c1e6971]
============================================================
--- src/database.cc 39ab2644b936e09a536b99ebd28b93f6e0d7c162
+++ src/database.cc a2f65339e0beb0740c9338b149b47e70c9ae0bfd
@@ -98,12 +98,15 @@ using boost::lexical_cast;
using boost::tuple;
using boost::lexical_cast;
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
+using Botan::PK_Encryptor_EME;
+#else
using Botan::PK_Encryptor;
+#endif
using Botan::PK_Verifier;
using Botan::SecureVector;
using Botan::X509_PublicKey;
using Botan::RSA_PublicKey;
-using Botan::get_pk_encryptor;
int const
int const
@@ -3435,23 +3438,25 @@ database::encrypt_rsa(key_id const & pub
throw recoverable_failure(origin::system,
"Failed to get RSA encrypting key");
- shared_ptr<PK_Encryptor>
- encryptor(get_pk_encryptor(*pub_key, "EME1(SHA-1)"));
-
SecureVector<Botan::byte> ct;
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
- ct = encryptor->encrypt(
+ PK_Encryptor_EME encryptor(*pub_key, "EME1(SHA-1)");
+ ct = encryptor.encrypt(
reinterpret_cast<Botan::byte const *>(plaintext.data()),
plaintext.size(), lazy_rng::get());
#else
+ shared_ptr<PK_Encryptor>
+ encryptor(Botan::get_pk_encryptor(*pub_key, "EME1(SHA-1)"));
+
ct = encryptor->encrypt(
reinterpret_cast<Botan::byte const *>(plaintext.data()),
plaintext.size());
#endif
- ciphertext = rsa_oaep_sha_data(string(reinterpret_cast<char const *>(ct.begin()),
- ct.size()),
- origin::database);
+
+ ciphertext = rsa_oaep_sha_data(
+ string(reinterpret_cast<char const *>(ct.begin()), ct.size()),
+ origin::database);
}
cert_status
@@ -3486,7 +3491,11 @@ database::check_signature(key_id const &
E(pub_key, id.inner().made_from,
F("failed to get RSA verifying key for %s") % id);
- verifier.reset(get_pk_verifier(*pub_key, "EMSA3(SHA-1)"));
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
+ verifier.reset(new Botan::PK_Verifier(*pub_key, "EMSA3(SHA1)"));
+#else
+ verifier.reset(Botan::get_pk_verifier(*pub_key, "EMSA3(SHA-1)"));
+#endif
/* XXX This is ugly. We need to keep the key around
* as long as the verifier is around, but the shared_ptr will go
============================================================
--- src/key_store.cc 1ca13b7ee527bc2872d9fc325cf5ef327ca053c2
+++ src/key_store.cc 974edefb0c48a3cdb903cac5c03859563c1e6971
@@ -55,6 +55,7 @@ using Botan::get_cipher;
using Botan::Pipe;
using Botan::get_pk_decryptor;
using Botan::get_cipher;
+using Botan::byte;
typedef pair<key_name, keypair> key_info;
@@ -710,10 +711,19 @@ key_store::create_key_pair(database & db
// serialize and maybe encrypt the private key
keypair kp;
- SecureVector<Botan::byte> pubkey, privkey;
+ SecureVector<byte> pubkey, privkey;
unfiltered_pipe->start_msg();
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
if ((*maybe_passphrase)().length())
+ unfiltered_pipe->write(
+ Botan::PKCS8::BER_encode(priv, lazy_rng::get(),
+ (*maybe_passphrase)(),
+ "PBE-PKCS5v20(SHA-1,TripleDES/CBC)"));
+ else
+ unfiltered_pipe->write(Botan::PKCS8::PEM_encode(priv));
+#else
+ if ((*maybe_passphrase)().length())
Botan::PKCS8::encrypt_key(priv, *unfiltered_pipe,
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
lazy_rng::get(),
@@ -723,13 +733,20 @@ key_store::create_key_pair(database & db
Botan::RAW_BER);
else
Botan::PKCS8::encode(priv, *unfiltered_pipe);
+#endif
unfiltered_pipe->end_msg();
- kp.priv = rsa_priv_key(unfiltered_pipe->read_all_as_string(Pipe::LAST_MESSAGE),
- origin::internal);
+ kp.priv = rsa_priv_key(
+ unfiltered_pipe->read_all_as_string(Pipe::LAST_MESSAGE),
+ origin::internal);
+
// serialize the public key
unfiltered_pipe->start_msg();
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
+ unfiltered_pipe->write(Botan::X509::BER_encode(priv));
+#else
Botan::X509::encode(priv, *unfiltered_pipe, Botan::RAW_BER);
+#endif
unfiltered_pipe->end_msg();
kp.pub = rsa_pub_key(unfiltered_pipe->read_all_as_string(Pipe::LAST_MESSAGE),
origin::internal);
@@ -796,7 +813,16 @@ key_store::change_key_passphrase(key_id
get_passphrase(new_phrase, name, id, true, false);
unfiltered_pipe->start_msg();
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
if (new_phrase().length())
+ unfiltered_pipe->write(
+ Botan::PKCS8::BER_encode(*priv, lazy_rng::get(),
+ new_phrase(),
+ "PBE-PKCS5v20(SHA-1,TripleDES/CBC)"));
+ else
+ unfiltered_pipe->write(Botan::PKCS8::PEM_encode(*priv));
+#else
+ if (new_phrase().length())
Botan::PKCS8::encrypt_key(*priv, *unfiltered_pipe,
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
lazy_rng::get(),
@@ -806,6 +832,7 @@ key_store::change_key_passphrase(key_id
Botan::RAW_BER);
else
Botan::PKCS8::encode(*priv, *unfiltered_pipe);
+#endif
unfiltered_pipe->end_msg();
kp.priv = rsa_priv_key(unfiltered_pipe->read_all_as_string(Pipe::LAST_MESSAGE),
@@ -826,14 +853,23 @@ key_store::decrypt_rsa(key_id const & id
load_key_pair(*this, id, kp);
shared_ptr<RSA_PrivateKey> priv_key = s->decrypt_private_key(id);
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
+ Botan::PK_Decryptor_EME decryptor(*priv_key, "EME1(SHA-1)");
+
+ SecureVector<byte> plain =
+ decryptor.decrypt(reinterpret_cast<byte const *>(ciphertext().data()),
+ ciphertext().size());
+ plaintext = string(plain.begin(), plain.end());
+#else
shared_ptr<PK_Decryptor>
- decryptor(get_pk_decryptor(*priv_key, "EME1(SHA-1)"));
+ decryptor(Botan::get_pk_decryptor(*priv_key, "EME1(SHA-1)"));
- SecureVector<Botan::byte> plain =
- decryptor->decrypt(reinterpret_cast<Botan::byte const *>(ciphertext().data()),
+ SecureVector<byte> plain =
+ decryptor->decrypt(reinterpret_cast<byte const *>(ciphertext().data()),
ciphertext().size());
plaintext = string(reinterpret_cast<char const*>(plain.begin()),
plain.size());
+#endif
}
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,4)
catch (std::exception & e)
@@ -873,8 +909,8 @@ key_store::make_signature(database & db,
{
if (agent.connected()) {
//grab the monotone public key as an RSA_PublicKey
- SecureVector<Botan::byte> pub_block
- (reinterpret_cast<Botan::byte const *>(key.pub().data()),
+ SecureVector<byte> pub_block
+ (reinterpret_cast<byte const *>(key.pub().data()),
key.pub().size());
L(FL("make_signature: building %d-byte pub key") % pub_block.size());
shared_ptr<X509_PublicKey> x509_key =
@@ -902,7 +938,7 @@ key_store::make_signature(database & db,
|| s->ssh_sign_mode == "check"
|| s->ssh_sign_mode == "no")
{
- SecureVector<Botan::byte> sig;
+ SecureVector<byte> sig;
// we permit the user to relax security here, by caching a decrypted key
// (if they permit it) through the life of a program run. this helps when
@@ -926,7 +962,13 @@ key_store::make_signature(database & db,
L(FL("make_signature: adding private key (%s) to ssh-agent") % id);
agent.add_identity(*priv_key, name());
}
- signer = shared_ptr<PK_Signer>(get_pk_signer(*priv_key, "EMSA3(SHA-1)"));
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
+ signer = shared_ptr<PK_Signer>(
+ new PK_Signer(*priv_key, "EMSA3(SHA-1)"));
+#else
+ signer = shared_ptr<PK_Signer>(
+ get_pk_signer(*priv_key, "EMSA3(SHA-1)"));
+#endif
/* If persist_phrase is true, the RSA_PrivateKey object is
cached in s->active_keys and will survive as long as the
@@ -937,11 +979,11 @@ key_store::make_signature(database & db,
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
sig = signer->sign_message(
- reinterpret_cast<Botan::byte const *>(tosign.data()),
+ reinterpret_cast<byte const *>(tosign.data()),
tosign.size(), lazy_rng::get());
#else
sig = signer->sign_message(
- reinterpret_cast<Botan::byte const *>(tosign.data()),
+ reinterpret_cast<byte const *>(tosign.data()),
tosign.size());
#endif
sig_string = string(reinterpret_cast<char const*>(sig.begin()), sig.size());
@@ -1006,7 +1048,16 @@ key_store::export_key_for_agent(key_id c
// This pipe cannot sensibly be recycled.
Pipe p(new Botan::DataSink_Stream(os));
p.start_msg();
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
if (new_phrase().length())
+ p.write(Botan::PKCS8::PEM_encode(*priv,
+ lazy_rng::get(),
+ new_phrase(),
+ "PBE-PKCS5v20(SHA-1,TripleDES/CBC)"));
+ else
+ p.write(Botan::PKCS8::PEM_encode(*priv));
+#else
+ if (new_phrase().length())
Botan::PKCS8::encrypt_key(*priv,
p,
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
@@ -1016,6 +1067,7 @@ key_store::export_key_for_agent(key_id c
"PBE-PKCS5v20(SHA-1,TripleDES/CBC)");
else
Botan::PKCS8::encode(*priv, p);
+#endif
p.end_msg();
}
@@ -1031,7 +1083,7 @@ key_store_state::migrate_old_key_pair
rsa_pub_key const & pub)
{
keypair kp;
- SecureVector<Botan::byte> arc4_key;
+ SecureVector<byte> arc4_key;
utf8 phrase;
shared_ptr<PKCS8_PrivateKey> pkcs8_key;
shared_ptr<RSA_PrivateKey> priv_key;
@@ -1051,10 +1103,10 @@ key_store_state::migrate_old_key_pair
{
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,9,11)
arc4_key.resize(phrase().size());
- arc4_key.copy(reinterpret_cast<Botan::byte const *>(phrase().data()),
+ arc4_key.copy(reinterpret_cast<byte const *>(phrase().data()),
phrase().size());
#else
- arc4_key.set(reinterpret_cast<Botan::byte const *>(phrase().data()),
+ arc4_key.set(reinterpret_cast<byte const *>(phrase().data()),
phrase().size());
#endif
@@ -1065,7 +1117,7 @@ key_store_state::migrate_old_key_pair
// This is necessary because PKCS8::load_key() cannot currently
// recognize an unencrypted, raw-BER blob as such, but gets it
// right if it's PEM-coded.
- SecureVector<Botan::byte> arc4_decrypt(arc4_decryptor.read_all());
+ SecureVector<byte> arc4_decrypt(arc4_decryptor.read_all());
Botan::DataSource_Memory ds(Botan::PEM_Code::encode(arc4_decrypt,
"PRIVATE KEY"));
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
@@ -1098,6 +1150,11 @@ key_store_state::migrate_old_key_pair
// now we can write out the new key
unfiltered_pipe->start_msg();
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
+ unfiltered_pipe->write(Botan::PKCS8::BER_encode(
+ *priv_key, lazy_rng::get(), phrase(),
+ "PBE-PKCS5v20(SHA-1,TripleDES/CBC)"));
+#else
Botan::PKCS8::encrypt_key(*priv_key, *unfiltered_pipe,
#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,7,7)
lazy_rng::get(),
@@ -1105,6 +1162,7 @@ key_store_state::migrate_old_key_pair
phrase(),
"PBE-PKCS5v20(SHA-1,TripleDES/CBC)",
Botan::RAW_BER);
+#endif
unfiltered_pipe->end_msg();
kp.priv = rsa_priv_key(unfiltered_pipe->read_all_as_string(Pipe::LAST_MESSAGE),
origin::internal);
@@ -1113,7 +1171,11 @@ key_store_state::migrate_old_key_pair
// Botan for the X.509 encoding of the private key implies that we want
// it to derive and produce the public key)
unfiltered_pipe->start_msg();
+#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,10,0)
+ unfiltered_pipe->write(Botan::X509::BER_encode(*priv_key));
+#else
Botan::X509::encode(*priv_key, *unfiltered_pipe, Botan::RAW_BER);
+#endif
unfiltered_pipe->end_msg();
kp.pub = rsa_pub_key(unfiltered_pipe->read_all_as_string(Pipe::LAST_MESSAGE),
origin::internal);
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Monotone-commits-diffs] net.venge.monotone: 9ff6e41adc6f40ae054fb4487f356bf69324dbdb,
code <=