homed: move helper calls for RSA encryption to shared code
This commit is contained in:
parent
73d874bacd
commit
f2d5df8a30
|
@ -93,43 +93,6 @@ static int acquire_pkcs11_certificate(
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
static int encrypt_bytes(
|
|
||||||
EVP_PKEY *pkey,
|
|
||||||
const void *decrypted_key,
|
|
||||||
size_t decrypted_key_size,
|
|
||||||
void **ret_encrypt_key,
|
|
||||||
size_t *ret_encrypt_key_size) {
|
|
||||||
|
|
||||||
_cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = NULL;
|
|
||||||
_cleanup_free_ void *b = NULL;
|
|
||||||
size_t l;
|
|
||||||
|
|
||||||
ctx = EVP_PKEY_CTX_new(pkey, NULL);
|
|
||||||
if (!ctx)
|
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to allocate public key context");
|
|
||||||
|
|
||||||
if (EVP_PKEY_encrypt_init(ctx) <= 0)
|
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to initialize public key context");
|
|
||||||
|
|
||||||
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
|
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to configure PKCS#1 padding");
|
|
||||||
|
|
||||||
if (EVP_PKEY_encrypt(ctx, NULL, &l, decrypted_key, decrypted_key_size) <= 0)
|
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to determine encrypted key size");
|
|
||||||
|
|
||||||
b = malloc(l);
|
|
||||||
if (!b)
|
|
||||||
return log_oom();
|
|
||||||
|
|
||||||
if (EVP_PKEY_encrypt(ctx, b, &l, decrypted_key, decrypted_key_size) <= 0)
|
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EIO), "Failed to determine encrypted key size");
|
|
||||||
|
|
||||||
*ret_encrypt_key = TAKE_PTR(b);
|
|
||||||
*ret_encrypt_key_size = l;
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int add_pkcs11_encrypted_key(
|
static int add_pkcs11_encrypted_key(
|
||||||
JsonVariant **v,
|
JsonVariant **v,
|
||||||
const char *uri,
|
const char *uri,
|
||||||
|
@ -267,9 +230,8 @@ int identity_add_pkcs11_key_data(JsonVariant **v, const char *uri) {
|
||||||
size_t decrypted_key_size, encrypted_key_size;
|
size_t decrypted_key_size, encrypted_key_size;
|
||||||
_cleanup_(X509_freep) X509 *cert = NULL;
|
_cleanup_(X509_freep) X509 *cert = NULL;
|
||||||
EVP_PKEY *pkey;
|
EVP_PKEY *pkey;
|
||||||
|
int bits, r;
|
||||||
RSA *rsa;
|
RSA *rsa;
|
||||||
int bits;
|
|
||||||
int r;
|
|
||||||
|
|
||||||
assert(v);
|
assert(v);
|
||||||
|
|
||||||
|
@ -308,7 +270,7 @@ int identity_add_pkcs11_key_data(JsonVariant **v, const char *uri) {
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to generate random key: %m");
|
return log_error_errno(r, "Failed to generate random key: %m");
|
||||||
|
|
||||||
r = encrypt_bytes(pkey, decrypted_key, decrypted_key_size, &encrypted_key, &encrypted_key_size);
|
r = rsa_encrypt_bytes(pkey, decrypted_key, decrypted_key_size, &encrypted_key, &encrypted_key_size);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to encrypt key: %m");
|
return log_error_errno(r, "Failed to encrypt key: %m");
|
||||||
|
|
||||||
|
|
|
@ -183,6 +183,7 @@ shared_sources = files('''
|
||||||
nsflags.h
|
nsflags.h
|
||||||
numa-util.c
|
numa-util.c
|
||||||
numa-util.h
|
numa-util.h
|
||||||
|
openssl-util.c
|
||||||
openssl-util.h
|
openssl-util.h
|
||||||
os-util.c
|
os-util.c
|
||||||
os-util.h
|
os-util.h
|
||||||
|
|
41
src/shared/openssl-util.c
Normal file
41
src/shared/openssl-util.c
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
#include "openssl-util.h"
|
||||||
|
#include "alloc-util.h"
|
||||||
|
|
||||||
|
#if HAVE_OPENSSL
|
||||||
|
int rsa_encrypt_bytes(
|
||||||
|
EVP_PKEY *pkey,
|
||||||
|
const void *decrypted_key,
|
||||||
|
size_t decrypted_key_size,
|
||||||
|
void **ret_encrypt_key,
|
||||||
|
size_t *ret_encrypt_key_size) {
|
||||||
|
|
||||||
|
_cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = NULL;
|
||||||
|
_cleanup_free_ void *b = NULL;
|
||||||
|
size_t l;
|
||||||
|
|
||||||
|
ctx = EVP_PKEY_CTX_new(pkey, NULL);
|
||||||
|
if (!ctx)
|
||||||
|
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to allocate public key context");
|
||||||
|
|
||||||
|
if (EVP_PKEY_encrypt_init(ctx) <= 0)
|
||||||
|
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to initialize public key context");
|
||||||
|
|
||||||
|
if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0)
|
||||||
|
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to configure PKCS#1 padding");
|
||||||
|
|
||||||
|
if (EVP_PKEY_encrypt(ctx, NULL, &l, decrypted_key, decrypted_key_size) <= 0)
|
||||||
|
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to determine encrypted key size");
|
||||||
|
|
||||||
|
b = malloc(l);
|
||||||
|
if (!b)
|
||||||
|
return -ENOMEM;
|
||||||
|
|
||||||
|
if (EVP_PKEY_encrypt(ctx, b, &l, decrypted_key, decrypted_key_size) <= 0)
|
||||||
|
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to determine encrypted key size");
|
||||||
|
|
||||||
|
*ret_encrypt_key = TAKE_PTR(b);
|
||||||
|
*ret_encrypt_key_size = l;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
#endif
|
|
@ -1,6 +1,8 @@
|
||||||
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
||||||
#pragma once
|
#pragma once
|
||||||
|
|
||||||
|
#include "macro.h"
|
||||||
|
|
||||||
#if HAVE_OPENSSL
|
#if HAVE_OPENSSL
|
||||||
# include <openssl/pem.h>
|
# include <openssl/pem.h>
|
||||||
|
|
||||||
|
@ -9,4 +11,6 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(X509_NAME*, X509_NAME_free);
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC(EVP_PKEY_CTX*, EVP_PKEY_CTX_free);
|
DEFINE_TRIVIAL_CLEANUP_FUNC(EVP_PKEY_CTX*, EVP_PKEY_CTX_free);
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free);
|
DEFINE_TRIVIAL_CLEANUP_FUNC(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free);
|
||||||
|
|
||||||
|
int rsa_encrypt_bytes(EVP_PKEY *pkey, const void *decrypted_key, size_t decrypted_key_size, void **ret_encrypt_key, size_t *ret_encrypt_key_size);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
Loading…
Reference in a new issue