"veyron/security": Expose Load/SavePEMKey
LoadPEMKey and SavePEMKey methods would be needed by WSPR to manage
its private key within Chrome. This CL exposes these two methods.
Change-Id: I8e16fccce899ed305471549978a33d24c2453130
diff --git a/security/principal.go b/security/principal.go
index 2b1f211..8be1a27 100644
--- a/security/principal.go
+++ b/security/principal.go
@@ -133,7 +133,7 @@
return nil, err
}
defer f.Close()
- key, err := loadPEMKey(f, passphrase)
+ key, err := LoadPEMKey(f, passphrase)
if err != nil {
return nil, err
}
@@ -160,7 +160,7 @@
if err != nil {
return nil, fmt.Errorf("failed to generate private key: %v", err)
}
- if err := savePEMKey(f, key, passphrase); err != nil {
+ if err := SavePEMKey(f, key, passphrase); err != nil {
return nil, fmt.Errorf("failed to save private key to %q: %v", keyFile, err)
}
return key, nil
diff --git a/security/principal_test.go b/security/principal_test.go
index fd6d05d..8be6f25 100644
--- a/security/principal_test.go
+++ b/security/principal_test.go
@@ -103,7 +103,7 @@
panic(err)
}
defer f.Close()
- if err = savePEMKey(f, key, passphrase); err != nil {
+ if err = SavePEMKey(f, key, passphrase); err != nil {
panic(err)
}
return dir
diff --git a/security/util.go b/security/util.go
index b33d7fd..23268f4 100644
--- a/security/util.go
+++ b/security/util.go
@@ -30,9 +30,9 @@
var PassphraseErr = errors.New("passphrase incorrect for decrypting private key")
-// loadPEMKey loads a key from 'r'. returns PassphraseErr for incorrect Passphrase.
+// LoadPEMKey loads a key from 'r'. returns PassphraseErr for incorrect Passphrase.
// If the key held in 'r' is unencrypted, 'passphrase' will be ignored.
-func loadPEMKey(r io.Reader, passphrase []byte) (interface{}, error) {
+func LoadPEMKey(r io.Reader, passphrase []byte) (interface{}, error) {
pemBlockBytes, err := ioutil.ReadAll(r)
if err != nil {
return nil, err
@@ -62,12 +62,12 @@
return nil, fmt.Errorf("PEM key block has an unrecognized type: %v", pemBlock.Type)
}
-// savePEMKey marshals 'key', encrypts it using 'passphrase', and saves the bytes to 'w' in PEM format.
+// SavePEMKey marshals 'key', encrypts it using 'passphrase', and saves the bytes to 'w' in PEM format.
// If passphrase is nil, the key will not be encrypted.
//
// For example, if key is an ECDSA private key, it will be marshaled
// in ASN.1, DER format, encrypted, and then written in a PEM block.
-func savePEMKey(w io.Writer, key interface{}, passphrase []byte) error {
+func SavePEMKey(w io.Writer, key interface{}, passphrase []byte) error {
var data []byte
var err error
switch k := key.(type) {
diff --git a/security/util_test.go b/security/util_test.go
index 356f98c..9d098a6 100644
--- a/security/util_test.go
+++ b/security/util_test.go
@@ -20,11 +20,11 @@
}
var buf bytes.Buffer
- if err := savePEMKey(&buf, key, nil); err != nil {
+ if err := SavePEMKey(&buf, key, nil); err != nil {
t.Fatalf("Failed to save ECDSA private key: %v", err)
}
- loadedKey, err := loadPEMKey(&buf, nil)
+ loadedKey, err := LoadPEMKey(&buf, nil)
if !reflect.DeepEqual(loadedKey, key) {
t.Fatalf("Got key %v, but want %v", loadedKey, key)
}
@@ -40,28 +40,28 @@
var buf bytes.Buffer
// Test incorrect passphrase.
- if err := savePEMKey(&buf, key, pass); err != nil {
+ if err := SavePEMKey(&buf, key, pass); err != nil {
t.Fatalf("Failed to save ECDSA private key: %v", err)
}
- loadedKey, err := loadPEMKey(&buf, incorrect_pass)
+ loadedKey, err := LoadPEMKey(&buf, incorrect_pass)
if loadedKey != nil && err != nil {
t.Errorf("expected (nil, err != nil) received (%v,%v)", loadedKey, err)
}
// Test correct password.
- if err := savePEMKey(&buf, key, pass); err != nil {
+ if err := SavePEMKey(&buf, key, pass); err != nil {
t.Fatalf("Failed to save ECDSA private key: %v", err)
}
- loadedKey, err = loadPEMKey(&buf, pass)
+ loadedKey, err = LoadPEMKey(&buf, pass)
if !reflect.DeepEqual(loadedKey, key) {
t.Fatalf("Got key %v, but want %v", loadedKey, key)
}
// Test nil passphrase.
- if err := savePEMKey(&buf, key, pass); err != nil {
+ if err := SavePEMKey(&buf, key, pass); err != nil {
t.Fatalf("Failed to save ECDSA private key: %v", err)
}
- if loadedKey, err = loadPEMKey(&buf, nil); loadedKey != nil || err != PassphraseErr {
+ if loadedKey, err = LoadPEMKey(&buf, nil); loadedKey != nil || err != PassphraseErr {
t.Fatalf("expected(nil, PassphraseError), instead got (%v, %v)", loadedKey, err)
}
}
