privcache.c

   1 /*
   2  * This file is part of secnet.
   3  * See README for full list of copyright holders.
   4  *
   5  * secnet is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 3 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * secnet is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13  * General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License
  16  * version 3 along with secnet; if not, see
  17  * https://www.gnu.org/licenses/gpl.html.
  18  */
  19
  20 #include "secnet.h"
  21 #include "util.h"
  22
  23 #define DEFAULT_SIZE 5
  24
  25 struct ent {
  26     struct sigkeyid id;
  27     struct sigprivkey_if *sigpriv; /* 0 means none such */
  28 };
  29
  30 struct privcache {
  31     closure_t cl;
  32     struct privcache_if ops;
  33     int used, alloc;
  34     struct pathprefix_template path;
  35     struct ent *ents;
  36     struct buffer_if databuf;
  37     struct hash_if *defhash;
  38 };
  39
  40 static struct sigprivkey_if *uncached_load_file(
  41                            const struct sigscheme_info *scheme,
  42                            const char *path,
  43                            struct buffer_if *databuf,
  44                            struct hash_if *defhash,
  45                            struct log_if *log);
  46
  47 static struct sigprivkey_if *uncached_get(struct privcache *st,
  48                            const struct sigkeyid *id, struct log_if *log)
  49 {
  50     sprintf(st->path.write_here, SIGKEYID_PR_FMT, SIGKEYID_PR_VAL(id));
  51
  52     const char *path=st->path.buffer;
  53     const struct sigscheme_info *scheme;
  54     for (scheme=sigschemes;
  55          scheme->name;
  56          scheme++)
  57         if (scheme->algid == id->b[GRPIDSZ])
  58             goto found;
  59
  60     slilog(log,M_ERR,"private key file %s not loaded (unknown algid)",
  61            path);
  62     return 0;
  63
  64  found:
  65     return uncached_load_file(scheme,
  66                               path,
  67                               &st->databuf,
  68                               st->defhash,
  69                               log);
  70 }
  71
  72 static struct sigprivkey_if *uncached_load_file(
  73                            const struct sigscheme_info *scheme,
  74                            const char *path,
  75                            struct buffer_if *databuf,
  76                            struct hash_if *defhash,
  77                            struct log_if *log)
  78 {
  79     bool_t ok=False;
  80     FILE *f=0;
  81     struct sigprivkey_if *sigpriv=0;
  82
  83     f = fopen(path,"rb");
  84     if (!f) {
  85         if (errno == ENOENT) {
  86             slilog(log,M_DEBUG,"private key %s not found",
  87                    path);
  88         } else {
  89             slilog(log,M_ERR,"failed to open private key file %s",
  90                    path);
  91         }
  92         goto out;
  93     }
  94
  95     setbuf(f,0);
  96     buffer_init(databuf,0);
  97     ssize_t got=fread(databuf->base,1,databuf->alloclen,f);
  98     if (ferror(f)) {
  99         slilog(log,M_ERR,"failed to read private-key file %s",
 100                path);
 101         goto out;
 102     }
 103     if (!feof(f)) {
 104         slilog(log,M_ERR,"private key file %s longer than max %d",
 105                path, (int)databuf->alloclen);
 106         goto out;
 107     }
 108     fclose(f); f=0;
 109
 110     databuf->start=databuf->base;
 111     databuf->size=got;
 112     struct cloc loc = { .file=path, .line=0 };
 113     ok=scheme->loadpriv(scheme, databuf, &sigpriv, log, loc);
 114     if (!ok) goto out; /* loadpriv will have logged */
 115
 116     if (sigpriv->sethash) {
 117         if (!defhash) {
 118             slilog(log,M_ERR,
 119  "private key %s requires `hash' config key for privcache to load",
 120                    path);
 121             sigpriv->dispose(sigpriv->st);
 122             sigpriv=0;
 123             goto out;
 124         }
 125         sigpriv->sethash(sigpriv->st,defhash);
 126     }
 127
 128   out:
 129     if (f) fclose(f);
 130     return ok ? sigpriv : 0;
 131 }
 132
 133 static struct sigprivkey_if *privcache_lookup(void *sst,
 134                                               const struct sigkeyid *id,
 135                                               struct log_if *log) {
 136     struct privcache *st = sst;
 137     int was;
 138     struct ent result;
 139
 140     for (was=0; was<st->used; was++) {
 141         if (sigkeyid_equal(id, &st->ents[was].id)) {
 142             result = st->ents[was];
 143             goto found;
 144         }
 145     }
 146
 147     if (st->used < st->alloc) {
 148         was = st->used;
 149         st->used++;
 150     } else {
 151         was = st->used-1;
 152         if (st->ents[was].sigpriv) {
 153             st->ents[was].sigpriv->dispose(st->ents[was].sigpriv->st);
 154         }
 155     }
 156
 157     COPY_OBJ(result.id, *id);
 158     result.sigpriv=uncached_get(st,id,log);
 159
 160  found:
 161     memmove(&st->ents[1], &st->ents[0], sizeof(st->ents[0]) * was);
 162     st->ents[0] = result;
 163     return result.sigpriv;
 164 }
 165
 166 static list_t *privcache_apply(closure_t *self, struct cloc loc,
 167                                dict_t *context, list_t *args)
 168 {
 169     struct privcache *st;
 170     item_t *item;
 171     dict_t *dict;
 172
 173     NEW(st);
 174     st->cl.description="privcache";
 175     st->cl.type=CL_PRIVCACHE;
 176     st->cl.apply=NULL;
 177     st->cl.interface=&st->ops;
 178     st->ops.st=st;
 179     st->ops.lookup=privcache_lookup;
 180     st->ents=0;
 181     st->path.buffer=0;
 182     st->used=st->alloc=0;
 183     st->defhash=0;
 184
 185     item=list_elem(args,0);
 186     if (!item || item->type!=t_dict)
 187         cfgfatal(loc,"privcache","parameter must be a dictionary\n");
 188
 189     dict=item->data.dict;
 190
 191     st->alloc=dict_read_number(dict,"privcache-size",False,"privcache",loc,
 192                                DEFAULT_SIZE);
 193     NEW_ARY(st->ents,st->alloc);
 194     st->used=0;
 195
 196     int32_t buflen=dict_read_number(dict,"privkey-max",False,"privcache",loc,
 197                                     4095);
 198     buffer_new(&st->databuf,buflen+1);
 199
 200     const char *path=dict_read_string(dict,"privkeys",True,"privcache",loc);
 201     pathprefix_template_init(&st->path,path,KEYIDSZ*2);
 202
 203     st->defhash=find_cl_if(dict,"hash",CL_HASH,False,"site",loc);
 204
 205     return new_closure(&st->cl);
 206 }
 207
 208 void privcache_module(dict_t *dict)
 209 {
 210     add_closure(dict,"priv-cache",privcache_apply);
 211 }