Add cryptographic key loading

Still no key functionality.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

6 files changed, 102 insertions, 10 deletions

diff --git a/Makefile.am b/Makefile.am
index c646813..da3fa7c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4,6 +4,6 @@ pkcs11_LTLIBRARIES=openssl-pkcs11.la
 pkcs11dir=@pkcs11_dir@
 
 openssl_pkcs11_la_LDFLAGS= -module -no-undefined -avoid-version -shared
-openssl_pkcs11_la_SOURCES= pkcs11.c ini.c openssl-pkcs11.h cache.c
+openssl_pkcs11_la_SOURCES= pkcs11.c ini.c openssl-pkcs11.h cache.c crypto.c
 openssl_pkcs11_la_CFLAGS = $(CFLAGS) $(CRYPTO_CFLAGS) -Werror
 openssl_pkcs11_la_LIBADD = $(CRYPTO_LIBS)
diff --git a/cache.c b/cache.c
index 1e799d2..f10a229 100644
--- a/cache.c
+++ b/cache.c
@@ -40,6 +40,18 @@ static struct s_s *section_get(const char *section)
 	return NULL;
 }
 
+static void remove_section(int sn)
+{
+	section_count--;
+	/* last entry, just keep the reduced count (realloc will cope) */
+	if (sn == section_count) {
+		return;
+	}
+
+	/* just move everything over it and reduce the section count */
+	memcpy(&s[sn], &s[sn + 1], sizeof(struct s_s)*(section_count - sn));
+}
+
 static struct s_s *section_get_alloc(const char *section)
 {
 	struct s_s *s_s = section_get(section);
@@ -87,19 +99,24 @@ static struct kv *kv_get_alloc(struct s_s *s_s, const char *key)
 	return kv;
 }
 
-void cache_add(const char *section, const char *key, const char *value)
+static void cache_add_internal(struct s_s *s_s, const char *key,
+			       const char *value)
 {
-	struct s_s *sec = section_get_alloc(section);
-	struct kv *kv;
-
-	if (!sec)
-		return;
-	kv = kv_get_alloc(sec, key);
+	struct kv *kv = kv_get_alloc(s_s, key);
 	if (!kv)
 		return;
 	kv->value = value;
 }
 
+void cache_add(const char *section, const char *key, const char *value)
+{
+	struct s_s *s_s = section_get_alloc(section);
+
+	if (!s_s)
+		return;
+	cache_add_internal(s_s, key, value);
+}
+
 const char *cache_get(const char *section, const char *key)
 {
 	struct s_s *sec = section_get(section);
@@ -128,3 +145,28 @@ int cache_get_sections(void)
 {
 	return section_count;
 }
+
+void cache_load_crypto_keys(void)
+{
+	int i;
+
+	/* every section apart from global must have public key and  a
+	 * private key */
+	for (i = 1; i < section_count; i++) {
+		struct kv *kv;
+
+		kv = kv_get(&s[i], INI_PUBLIC_KEY);
+		if (!kv) {
+			fprintf(stderr, "key '%s' has no '%s' value\n",
+				s[i].section, INI_PUBLIC_KEY);
+			/*
+			 * a bit nasty, but removing the section
+			 * in-place means we have to do over the value
+			 * of i we just used
+			 */
+			remove_section(i--);
+			continue;
+		}
+		crypto_load_public_key(i, kv->value);
+	}
+}
diff --git a/crypto.c b/crypto.c
new file mode 100644
index 0000000..6a019e1
--- /dev/null
+++ b/crypto.c
@@ -0,0 +1,41 @@
+/*
+ * Handle the openssl crypto functions
+ *
+ * Copyright (C) 2019 James.Bottomley@HansenPartnership.com
+ *
+ * SPDX-License-Identifier: LGPL-2.1-only
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <wordexp.h>
+
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+int crypto_load_public_key(int sec_num, const char *pub)
+{
+	FILE *file;
+	EVP_PKEY *pkey;
+	wordexp_t w;
+
+	wordexp(pub, &w, 0);
+	file = fopen(w.we_wordv[0], "r");
+	wordfree(&w);
+	if (!file) {
+		fprintf(stderr, "failed to open public key file %s: %s\n",
+
+			pub, strerror(errno));
+		return -1;
+	}
+	pkey = PEM_read_PUBKEY(file, NULL, NULL, NULL);
+	if (!pkey) {
+		fprintf(stderr, "failed to read public key %s:\n", pub);
+		ERR_print_errors_fp(stderr);
+		return -1;
+	}
+
+	return 0;
+}
diff --git a/ini.c b/ini.c
index cea2aa6..7577351 100644
--- a/ini.c
+++ b/ini.c
@@ -161,6 +161,7 @@ void parse_ini_file(void)
 		*end++ = '\n';
 	*end = '\0';
 	parse_mem();
+	cache_load_crypto_keys();
 }
 
 void free_ini_file(void)
diff --git a/openssl-pkcs11.h b/openssl-pkcs11.h
index c5af3a0..ce3bb0d 100644
--- a/openssl-pkcs11.h
+++ b/openssl-pkcs11.h
@@ -3,16 +3,22 @@
 
 #define ENV_CONFIG "OPENSSL_PKCS11_CONF"
 #define CONFIG_FILE ".config/openssl-pkcs11/openssl-pkcs11.conf"
-
 #define GLOBAL_SECTION "global"
+#define INI_PUBLIC_KEY "public key"
+
+/* crypto.c exported functions */
+int crypto_load_public_key(int sec_num, const char *pub);
 
+/* ini.c exported functions */
 void parse_ini_file(void);
 void free_ini_file(void);
 
+/* cache.c exported functions */
 void cache_add(const char *section, const char *key, const char *value);
 const char *cache_get(const char *section, const char *key);
 const char *cache_get_section(int sc);
 int cache_get_sections(void);
+void cache_load_crypto_keys(void);
 
 static const char *cache_get_default(const char *section, const char *key,
 				    const char *def)
diff --git a/pkcs11.c b/pkcs11.c
index 81dd73e..d89fc75 100644
--- a/pkcs11.c
+++ b/pkcs11.c
@@ -128,7 +128,9 @@ CK_RV C_OpenSession(CK_SLOT_ID slot, CK_FLAGS flags, CK_VOID_PTR app,
 {
 	if (!handle)
 		return CKR_ARGUMENTS_BAD;
-	*handle = 0;
+	if (slot >  cache_get_sections() - 1)
+		return CKR_ARGUMENTS_BAD;
+	*handle = slot;
 
 	return CKR_OK;
 }