diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-01-28 07:34:57 -0800 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2019-01-28 16:02:04 -0800 |
commit | 718de35f848e883c724244713733b21fe5db14c1 (patch) | |
tree | 97a1e5ac1f2b7343d0f9e4020831ad71f5332ea4 | |
parent | 0cdbd596a4a020b95f7b8d0e6b221c89ee17be54 (diff) | |
download | openssl-pkcs11-export-718de35f848e883c724244713733b21fe5db14c1.tar.gz |
Add cryptographic key loading
Still no key functionality.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | Makefile.am | 2 | ||||
-rw-r--r-- | cache.c | 56 | ||||
-rw-r--r-- | crypto.c | 41 | ||||
-rw-r--r-- | ini.c | 1 | ||||
-rw-r--r-- | openssl-pkcs11.h | 8 | ||||
-rw-r--r-- | pkcs11.c | 4 |
6 files changed, 102 insertions, 10 deletions
diff --git a/Makefile.am b/Makefile.am index c646813..da3fa7c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4,6 +4,6 @@ pkcs11_LTLIBRARIES=openssl-pkcs11.la pkcs11dir=@pkcs11_dir@ openssl_pkcs11_la_LDFLAGS= -module -no-undefined -avoid-version -shared -openssl_pkcs11_la_SOURCES= pkcs11.c ini.c openssl-pkcs11.h cache.c +openssl_pkcs11_la_SOURCES= pkcs11.c ini.c openssl-pkcs11.h cache.c crypto.c openssl_pkcs11_la_CFLAGS = $(CFLAGS) $(CRYPTO_CFLAGS) -Werror openssl_pkcs11_la_LIBADD = $(CRYPTO_LIBS) @@ -40,6 +40,18 @@ static struct s_s *section_get(const char *section) return NULL; } +static void remove_section(int sn) +{ + section_count--; + /* last entry, just keep the reduced count (realloc will cope) */ + if (sn == section_count) { + return; + } + + /* just move everything over it and reduce the section count */ + memcpy(&s[sn], &s[sn + 1], sizeof(struct s_s)*(section_count - sn)); +} + static struct s_s *section_get_alloc(const char *section) { struct s_s *s_s = section_get(section); @@ -87,19 +99,24 @@ static struct kv *kv_get_alloc(struct s_s *s_s, const char *key) return kv; } -void cache_add(const char *section, const char *key, const char *value) +static void cache_add_internal(struct s_s *s_s, const char *key, + const char *value) { - struct s_s *sec = section_get_alloc(section); - struct kv *kv; - - if (!sec) - return; - kv = kv_get_alloc(sec, key); + struct kv *kv = kv_get_alloc(s_s, key); if (!kv) return; kv->value = value; } +void cache_add(const char *section, const char *key, const char *value) +{ + struct s_s *s_s = section_get_alloc(section); + + if (!s_s) + return; + cache_add_internal(s_s, key, value); +} + const char *cache_get(const char *section, const char *key) { struct s_s *sec = section_get(section); @@ -128,3 +145,28 @@ int cache_get_sections(void) { return section_count; } + +void cache_load_crypto_keys(void) +{ + int i; + + /* every section apart from global must have public key and a + * private key */ + for (i = 1; i < section_count; i++) { + struct kv *kv; + + kv = kv_get(&s[i], INI_PUBLIC_KEY); + if (!kv) { + fprintf(stderr, "key '%s' has no '%s' value\n", + s[i].section, INI_PUBLIC_KEY); + /* + * a bit nasty, but removing the section + * in-place means we have to do over the value + * of i we just used + */ + remove_section(i--); + continue; + } + crypto_load_public_key(i, kv->value); + } +} diff --git a/crypto.c b/crypto.c new file mode 100644 index 0000000..6a019e1 --- /dev/null +++ b/crypto.c @@ -0,0 +1,41 @@ +/* + * Handle the openssl crypto functions + * + * Copyright (C) 2019 James.Bottomley@HansenPartnership.com + * + * SPDX-License-Identifier: LGPL-2.1-only + */ + +#include <errno.h> +#include <stdio.h> +#include <string.h> +#include <wordexp.h> + +#include <openssl/evp.h> +#include <openssl/pem.h> +#include <openssl/err.h> + +int crypto_load_public_key(int sec_num, const char *pub) +{ + FILE *file; + EVP_PKEY *pkey; + wordexp_t w; + + wordexp(pub, &w, 0); + file = fopen(w.we_wordv[0], "r"); + wordfree(&w); + if (!file) { + fprintf(stderr, "failed to open public key file %s: %s\n", + + pub, strerror(errno)); + return -1; + } + pkey = PEM_read_PUBKEY(file, NULL, NULL, NULL); + if (!pkey) { + fprintf(stderr, "failed to read public key %s:\n", pub); + ERR_print_errors_fp(stderr); + return -1; + } + + return 0; +} @@ -161,6 +161,7 @@ void parse_ini_file(void) *end++ = '\n'; *end = '\0'; parse_mem(); + cache_load_crypto_keys(); } void free_ini_file(void) diff --git a/openssl-pkcs11.h b/openssl-pkcs11.h index c5af3a0..ce3bb0d 100644 --- a/openssl-pkcs11.h +++ b/openssl-pkcs11.h @@ -3,16 +3,22 @@ #define ENV_CONFIG "OPENSSL_PKCS11_CONF" #define CONFIG_FILE ".config/openssl-pkcs11/openssl-pkcs11.conf" - #define GLOBAL_SECTION "global" +#define INI_PUBLIC_KEY "public key" + +/* crypto.c exported functions */ +int crypto_load_public_key(int sec_num, const char *pub); +/* ini.c exported functions */ void parse_ini_file(void); void free_ini_file(void); +/* cache.c exported functions */ void cache_add(const char *section, const char *key, const char *value); const char *cache_get(const char *section, const char *key); const char *cache_get_section(int sc); int cache_get_sections(void); +void cache_load_crypto_keys(void); static const char *cache_get_default(const char *section, const char *key, const char *def) @@ -128,7 +128,9 @@ CK_RV C_OpenSession(CK_SLOT_ID slot, CK_FLAGS flags, CK_VOID_PTR app, { if (!handle) return CKR_ARGUMENTS_BAD; - *handle = 0; + if (slot > cache_get_sections() - 1) + return CKR_ARGUMENTS_BAD; + *handle = slot; return CKR_OK; } |