From e44c6c0b352510b79d676010cc6b9c28cf7bbeb4 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Sat, 7 Dec 2019 14:25:53 +0000 Subject: [PATCH] secnet: Provide `load-private' verb This allows the config file to specify the use of the scheme loadpriv call with an arbitrary private key file and algorithm, without having to enable the private key negotiation system. This is the private key counterpart to secnet: Provide `make-public' verb Like the first provision of `make-public', there is a bug: we use system_log for reporting errors, but that is not set up until after the configuration is read. So errors turn into segfaults. We will fix that in a moment. Aside from that, with this change, new public key schemes can just provide an entry in the sigschemes table. They do not need to (and should not) define their own toplevel config bindings. Signed-off-by: Ian Jackson --- privcache.c | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/privcache.c b/privcache.c index 719a2d0..b3c3e65 100644 --- a/privcache.c +++ b/privcache.c @@ -126,7 +126,7 @@ static bool_t uncached_load_file( if (sigpriv->sethash) { if (!defhash) { slilog(log,M_ERR, - "private key %s requires `hash' config key for privcache to load", + "private key %s requires `hash' config key to load", path); goto error_out; } @@ -219,7 +219,36 @@ static list_t *privcache_apply(closure_t *self, struct cloc loc, return new_closure(&st->cl); } +static list_t *loadprivate_apply(closure_t *self, struct cloc loc, + dict_t *context, list_t *args) +{ + CL_GET_STR_ARG(0,algname,"algorithm name"); + CL_GET_STR_ARG(1,path,"private key path"); + + const struct sigscheme_info *sch=sigscheme_lookup(algname); + if (!sch) cfgfatal(algname_i->loc,"load-private", + "unknown algorithm `%s'",algname); + + struct buffer_if databuf; + buffer_new(&databuf,DEFAULT_MAXPRIV_BYTES); + BUF_ALLOC(&databuf,"load-private data buf"); + + struct hash_if *defhash= + find_cl_if(context,"hash",CL_HASH,False,"load-private",loc); + + struct sigprivkey_if *sigpriv; + closure_t *cl; + bool_t ok= + uncached_load_file(sch,path,&databuf,defhash,&sigpriv,&cl,system_log); + if (!ok) cfgfatal(loc,"load-private","private key loading failed"); + + BUF_FREE(&databuf); + buffer_destroy(&databuf); + return new_closure(cl); +} + void privcache_module(dict_t *dict) { add_closure(dict,"priv-cache",privcache_apply); + add_closure(dict,"load-private",loadprivate_apply); } -- 2.30.2