The function is fairly generic and to avoid duplicating the same
functionality move the function to crypto.c and change fixed string to
be the same as the pem_name parameter.
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20190122150333.1061-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/search?l=mid&q=20190122150333.1061-1-arne@rfc2549.org
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -1882,3 +1882,42 @@ cleanup: |
1882 | 1882 |
gc_free(&gc); |
1883 | 1883 |
return; |
1884 | 1884 |
} |
1885 |
+ |
|
1886 |
+bool |
|
1887 |
+read_pem_key_file(struct buffer *key, const char *pem_name, |
|
1888 |
+ const char *key_file, const char *key_inline) |
|
1889 |
+{ |
|
1890 |
+ bool ret = false; |
|
1891 |
+ struct buffer key_pem = { 0 }; |
|
1892 |
+ struct gc_arena gc = gc_new(); |
|
1893 |
+ |
|
1894 |
+ if (strcmp(key_file, INLINE_FILE_TAG)) |
|
1895 |
+ { |
|
1896 |
+ key_pem = buffer_read_from_file(key_file, &gc); |
|
1897 |
+ if (!buf_valid(&key_pem)) |
|
1898 |
+ { |
|
1899 |
+ msg(M_WARN, "ERROR: failed to read %s file (%s)", |
|
1900 |
+ pem_name, key_file); |
|
1901 |
+ goto cleanup; |
|
1902 |
+ } |
|
1903 |
+ } |
|
1904 |
+ else |
|
1905 |
+ { |
|
1906 |
+ buf_set_read(&key_pem, (const void *)key_inline, strlen(key_inline) + 1); |
|
1907 |
+ } |
|
1908 |
+ |
|
1909 |
+ if (!crypto_pem_decode(pem_name, key, &key_pem)) |
|
1910 |
+ { |
|
1911 |
+ msg(M_WARN, "ERROR: %s pem decode failed", pem_name); |
|
1912 |
+ goto cleanup; |
|
1913 |
+ } |
|
1914 |
+ |
|
1915 |
+ ret = true; |
|
1916 |
+cleanup: |
|
1917 |
+ if (strcmp(key_file, INLINE_FILE_TAG)) |
|
1918 |
+ { |
|
1919 |
+ buf_clear(&key_pem); |
|
1920 |
+ } |
|
1921 |
+ gc_free(&gc); |
|
1922 |
+ return ret; |
|
1923 |
+} |
... | ... |
@@ -430,6 +430,18 @@ unsigned int crypto_max_overhead(void); |
430 | 430 |
void |
431 | 431 |
write_pem_key_file(const char *filename, const char *pem_name); |
432 | 432 |
|
433 |
+/** |
|
434 |
+ * Read key material from a PEM encoded files into the key structure |
|
435 |
+ * @param key the key structure that will hold the key material |
|
436 |
+ * @param pem_name the name used in the pem encoding start/end lines |
|
437 |
+ * @param key_file name of the file to read |
|
438 |
+ * @param key_inline a string holding the data in case of an inline key |
|
439 |
+ * @return true if reading into key was successful |
|
440 |
+ */ |
|
441 |
+bool |
|
442 |
+read_pem_key_file(struct buffer *key, const char *pem_name, |
|
443 |
+ const char *key_file, const char *key_inline); |
|
444 |
+ |
|
433 | 445 |
/* Minimum length of the nonce used by the PRNG */ |
434 | 446 |
#define NONCE_SECRET_LEN_MIN 16 |
435 | 447 |
|
... | ... |
@@ -278,45 +278,6 @@ error_exit: |
278 | 278 |
return false; |
279 | 279 |
} |
280 | 280 |
|
281 |
-static inline bool |
|
282 |
-tls_crypt_v2_read_keyfile(struct buffer *key, const char *pem_name, |
|
283 |
- const char *key_file, const char *key_inline) |
|
284 |
-{ |
|
285 |
- bool ret = false; |
|
286 |
- struct buffer key_pem = { 0 }; |
|
287 |
- struct gc_arena gc = gc_new(); |
|
288 |
- |
|
289 |
- if (strcmp(key_file, INLINE_FILE_TAG)) |
|
290 |
- { |
|
291 |
- key_pem = buffer_read_from_file(key_file, &gc); |
|
292 |
- if (!buf_valid(&key_pem)) |
|
293 |
- { |
|
294 |
- msg(M_WARN, "ERROR: failed to read tls-crypt-v2 key file (%s)", |
|
295 |
- key_file); |
|
296 |
- goto cleanup; |
|
297 |
- } |
|
298 |
- } |
|
299 |
- else |
|
300 |
- { |
|
301 |
- buf_set_read(&key_pem, (const void *)key_inline, strlen(key_inline) + 1); |
|
302 |
- } |
|
303 |
- |
|
304 |
- if (!crypto_pem_decode(pem_name, key, &key_pem)) |
|
305 |
- { |
|
306 |
- msg(M_WARN, "ERROR: tls-crypt-v2 pem decode failed"); |
|
307 |
- goto cleanup; |
|
308 |
- } |
|
309 |
- |
|
310 |
- ret = true; |
|
311 |
-cleanup: |
|
312 |
- if (strcmp(key_file, INLINE_FILE_TAG)) |
|
313 |
- { |
|
314 |
- buf_clear(&key_pem); |
|
315 |
- } |
|
316 |
- gc_free(&gc); |
|
317 |
- return ret; |
|
318 |
-} |
|
319 |
- |
|
320 | 281 |
static inline void |
321 | 282 |
tls_crypt_v2_load_client_key(struct key_ctx_bi *key, const struct key2 *key2, |
322 | 283 |
bool tls_server) |
... | ... |
@@ -339,8 +300,8 @@ tls_crypt_v2_init_client_key(struct key_ctx_bi *key, struct buffer *wkc_buf, |
339 | 339 |
struct buffer client_key = alloc_buf(TLS_CRYPT_V2_CLIENT_KEY_LEN |
340 | 340 |
+ TLS_CRYPT_V2_MAX_WKC_LEN); |
341 | 341 |
|
342 |
- if (!tls_crypt_v2_read_keyfile(&client_key, tls_crypt_v2_cli_pem_name, |
|
343 |
- key_file, key_inline)) |
|
342 |
+ if (!read_pem_key_file(&client_key, tls_crypt_v2_cli_pem_name, |
|
343 |
+ key_file, key_inline)) |
|
344 | 344 |
{ |
345 | 345 |
msg(M_FATAL, "ERROR: invalid tls-crypt-v2 client key format"); |
346 | 346 |
} |
... | ... |
@@ -365,8 +326,8 @@ tls_crypt_v2_init_server_key(struct key_ctx *key_ctx, bool encrypt, |
365 | 365 |
struct buffer srv_key_buf; |
366 | 366 |
|
367 | 367 |
buf_set_write(&srv_key_buf, (void *)&srv_key, sizeof(srv_key)); |
368 |
- if (!tls_crypt_v2_read_keyfile(&srv_key_buf, tls_crypt_v2_srv_pem_name, |
|
369 |
- key_file, key_inline)) |
|
368 |
+ if (!read_pem_key_file(&srv_key_buf, tls_crypt_v2_srv_pem_name, |
|
369 |
+ key_file, key_inline)) |
|
370 | 370 |
{ |
371 | 371 |
msg(M_FATAL, "ERROR: invalid tls-crypt-v2 server key format"); |
372 | 372 |
} |