Browse code
Rename tls_crypt_v2_read_keyfile into generic pem_read_key_file
The function is fairly generic and to avoid duplicating the same
functionality move the function to crypto.c and change fixed string to
be the same as the pem_name parameter.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20190122150333.1061-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=20190122150333.1061-1-arne@rfc2549.org
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Arne Schwabe authored on 2019/01/23 00:03:28Showing 4 changed files
| ... | ... |
@@ -1882,3 +1882,42 @@ cleanup: |
| 1882 | 1882 |
gc_free(&gc); |
| 1883 | 1883 |
return; |
| 1884 | 1884 |
} |
| 1885 |
+ |
|
| 1886 |
+bool |
|
| 1887 |
+read_pem_key_file(struct buffer *key, const char *pem_name, |
|
| 1888 |
+ const char *key_file, const char *key_inline) |
|
| 1889 |
+{
|
|
| 1890 |
+ bool ret = false; |
|
| 1891 |
+ struct buffer key_pem = { 0 };
|
|
| 1892 |
+ struct gc_arena gc = gc_new(); |
|
| 1893 |
+ |
|
| 1894 |
+ if (strcmp(key_file, INLINE_FILE_TAG)) |
|
| 1895 |
+ {
|
|
| 1896 |
+ key_pem = buffer_read_from_file(key_file, &gc); |
|
| 1897 |
+ if (!buf_valid(&key_pem)) |
|
| 1898 |
+ {
|
|
| 1899 |
+ msg(M_WARN, "ERROR: failed to read %s file (%s)", |
|
| 1900 |
+ pem_name, key_file); |
|
| 1901 |
+ goto cleanup; |
|
| 1902 |
+ } |
|
| 1903 |
+ } |
|
| 1904 |
+ else |
|
| 1905 |
+ {
|
|
| 1906 |
+ buf_set_read(&key_pem, (const void *)key_inline, strlen(key_inline) + 1); |
|
| 1907 |
+ } |
|
| 1908 |
+ |
|
| 1909 |
+ if (!crypto_pem_decode(pem_name, key, &key_pem)) |
|
| 1910 |
+ {
|
|
| 1911 |
+ msg(M_WARN, "ERROR: %s pem decode failed", pem_name); |
|
| 1912 |
+ goto cleanup; |
|
| 1913 |
+ } |
|
| 1914 |
+ |
|
| 1915 |
+ ret = true; |
|
| 1916 |
+cleanup: |
|
| 1917 |
+ if (strcmp(key_file, INLINE_FILE_TAG)) |
|
| 1918 |
+ {
|
|
| 1919 |
+ buf_clear(&key_pem); |
|
| 1920 |
+ } |
|
| 1921 |
+ gc_free(&gc); |
|
| 1922 |
+ return ret; |
|
| 1923 |
+} |
| ... | ... |
@@ -430,6 +430,18 @@ unsigned int crypto_max_overhead(void); |
| 430 | 430 |
void |
| 431 | 431 |
write_pem_key_file(const char *filename, const char *pem_name); |
| 432 | 432 |
|
| 433 |
+/** |
|
| 434 |
+ * Read key material from a PEM encoded files into the key structure |
|
| 435 |
+ * @param key the key structure that will hold the key material |
|
| 436 |
+ * @param pem_name the name used in the pem encoding start/end lines |
|
| 437 |
+ * @param key_file name of the file to read |
|
| 438 |
+ * @param key_inline a string holding the data in case of an inline key |
|
| 439 |
+ * @return true if reading into key was successful |
|
| 440 |
+ */ |
|
| 441 |
+bool |
|
| 442 |
+read_pem_key_file(struct buffer *key, const char *pem_name, |
|
| 443 |
+ const char *key_file, const char *key_inline); |
|
| 444 |
+ |
|
| 433 | 445 |
/* Minimum length of the nonce used by the PRNG */ |
| 434 | 446 |
#define NONCE_SECRET_LEN_MIN 16 |
| 435 | 447 |
|
| ... | ... |
@@ -278,45 +278,6 @@ error_exit: |
| 278 | 278 |
return false; |
| 279 | 279 |
} |
| 280 | 280 |
|
| 281 |
-static inline bool |
|
| 282 |
-tls_crypt_v2_read_keyfile(struct buffer *key, const char *pem_name, |
|
| 283 |
- const char *key_file, const char *key_inline) |
|
| 284 |
-{
|
|
| 285 |
- bool ret = false; |
|
| 286 |
- struct buffer key_pem = { 0 };
|
|
| 287 |
- struct gc_arena gc = gc_new(); |
|
| 288 |
- |
|
| 289 |
- if (strcmp(key_file, INLINE_FILE_TAG)) |
|
| 290 |
- {
|
|
| 291 |
- key_pem = buffer_read_from_file(key_file, &gc); |
|
| 292 |
- if (!buf_valid(&key_pem)) |
|
| 293 |
- {
|
|
| 294 |
- msg(M_WARN, "ERROR: failed to read tls-crypt-v2 key file (%s)", |
|
| 295 |
- key_file); |
|
| 296 |
- goto cleanup; |
|
| 297 |
- } |
|
| 298 |
- } |
|
| 299 |
- else |
|
| 300 |
- {
|
|
| 301 |
- buf_set_read(&key_pem, (const void *)key_inline, strlen(key_inline) + 1); |
|
| 302 |
- } |
|
| 303 |
- |
|
| 304 |
- if (!crypto_pem_decode(pem_name, key, &key_pem)) |
|
| 305 |
- {
|
|
| 306 |
- msg(M_WARN, "ERROR: tls-crypt-v2 pem decode failed"); |
|
| 307 |
- goto cleanup; |
|
| 308 |
- } |
|
| 309 |
- |
|
| 310 |
- ret = true; |
|
| 311 |
-cleanup: |
|
| 312 |
- if (strcmp(key_file, INLINE_FILE_TAG)) |
|
| 313 |
- {
|
|
| 314 |
- buf_clear(&key_pem); |
|
| 315 |
- } |
|
| 316 |
- gc_free(&gc); |
|
| 317 |
- return ret; |
|
| 318 |
-} |
|
| 319 |
- |
|
| 320 | 281 |
static inline void |
| 321 | 282 |
tls_crypt_v2_load_client_key(struct key_ctx_bi *key, const struct key2 *key2, |
| 322 | 283 |
bool tls_server) |
| ... | ... |
@@ -339,8 +300,8 @@ tls_crypt_v2_init_client_key(struct key_ctx_bi *key, struct buffer *wkc_buf, |
| 339 | 339 |
struct buffer client_key = alloc_buf(TLS_CRYPT_V2_CLIENT_KEY_LEN |
| 340 | 340 |
+ TLS_CRYPT_V2_MAX_WKC_LEN); |
| 341 | 341 |
|
| 342 |
- if (!tls_crypt_v2_read_keyfile(&client_key, tls_crypt_v2_cli_pem_name, |
|
| 343 |
- key_file, key_inline)) |
|
| 342 |
+ if (!read_pem_key_file(&client_key, tls_crypt_v2_cli_pem_name, |
|
| 343 |
+ key_file, key_inline)) |
|
| 344 | 344 |
{
|
| 345 | 345 |
msg(M_FATAL, "ERROR: invalid tls-crypt-v2 client key format"); |
| 346 | 346 |
} |
| ... | ... |
@@ -365,8 +326,8 @@ tls_crypt_v2_init_server_key(struct key_ctx *key_ctx, bool encrypt, |
| 365 | 365 |
struct buffer srv_key_buf; |
| 366 | 366 |
|
| 367 | 367 |
buf_set_write(&srv_key_buf, (void *)&srv_key, sizeof(srv_key)); |
| 368 |
- if (!tls_crypt_v2_read_keyfile(&srv_key_buf, tls_crypt_v2_srv_pem_name, |
|
| 369 |
- key_file, key_inline)) |
|
| 368 |
+ if (!read_pem_key_file(&srv_key_buf, tls_crypt_v2_srv_pem_name, |
|
| 369 |
+ key_file, key_inline)) |
|
| 370 | 370 |
{
|
| 371 | 371 |
msg(M_FATAL, "ERROR: invalid tls-crypt-v2 server key format"); |
| 372 | 372 |
} |