privcache.c

   1 /*
   2  * This file is part of secnet.
   3  * See README for full list of copyright holders.
   4  *
   5  * secnet is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; either version 3 of the License, or
   8  * (at your option) any later version.
   9  *
  10  * secnet is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13  * General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License
  16  * version 3 along with secnet; if not, see
  17  * https://www.gnu.org/licenses/gpl.html.
  18  */
  19
  20 #include "secnet.h"
  21 #include "util.h"
  22
  23 #define DEFAULT_SIZE 5
  24 #define DEFAULT_MAXPRIV_BYTES 4095
  25
  26 struct ent {
  27     struct sigkeyid id;
  28     struct sigprivkey_if *sigpriv; /* 0 means none such */
  29 };
  30
  31 struct privcache {
  32     closure_t cl;
  33     struct privcache_if ops;
  34     int used, alloc;
  35     struct pathprefix_template path;
  36     struct ent *ents;
  37     struct buffer_if databuf;
  38 };
  39
  40 static bool_t uncached_load_file(
  41                            const struct sigscheme_info *scheme,
  42                            const char *path,
  43                            struct buffer_if *databuf,
  44                            struct sigprivkey_if **sigpriv_r,
  45                            closure_t **closure_r,
  46                            struct log_if *log);
  47
  48 static struct sigprivkey_if *uncached_get(struct privcache *st,
  49                            const struct sigkeyid *id, struct log_if *log)
  50 {
  51     sprintf(st->path.write_here, SIGKEYID_PR_FMT, SIGKEYID_PR_VAL(id));
  52
  53     const char *path=st->path.buffer;
  54     const struct sigscheme_info *scheme;
  55     for (scheme=sigschemes;
  56          scheme->name;
  57          scheme++)
  58         if (scheme->algid == id->b[GRPIDSZ])
  59             goto found;
  60
  61     slilog(log,M_ERR,"private key file %s not loaded (unknown algid)",
  62            path);
  63     return 0;
  64
  65  found:;
  66     struct sigprivkey_if *sigpriv;
  67     closure_t *cl;
  68     bool_t ok=uncached_load_file(scheme,
  69                               path,
  70                               &st->databuf,
  71                               &sigpriv,
  72                               &cl,
  73                               log);
  74     return ok ? sigpriv : 0;
  75 }
  76
  77 static bool_t uncached_load_file(
  78                            const struct sigscheme_info *scheme,
  79                            const char *path,
  80                            struct buffer_if *databuf,
  81                            struct sigprivkey_if **sigpriv_r,
  82                            closure_t **closure_r,
  83                            struct log_if *log)
  84 {
  85     bool_t ok=False;
  86     FILE *f=0;
  87     struct sigprivkey_if *sigpriv=0;
  88
  89     f=fopen(path,"rb");
  90     if (!f) {
  91         if (errno == ENOENT) {
  92             slilog(log,M_DEBUG,"private key %s not found",
  93                    path);
  94         } else {
  95             slilog(log,M_ERR,"failed to open private key file %s",
  96                    path);
  97         }
  98         goto error_out;
  99     }
 100
 101     setbuf(f,0);
 102     buffer_init(databuf,0);
 103     ssize_t got=fread(databuf->base,1,databuf->alloclen,f);
 104     if (ferror(f)) {
 105         slilog(log,M_ERR,"failed to read private-key file %s",
 106                path);
 107         goto error_out;
 108     }
 109     if (!feof(f)) {
 110         slilog(log,M_ERR,"private key file %s longer than max %d",
 111                path, (int)databuf->alloclen);
 112         goto error_out;
 113     }
 114     fclose(f); f=0;
 115
 116     databuf->start=databuf->base;
 117     databuf->size=got;
 118     struct cloc loc = { .file=path, .line=0 };
 119     ok=scheme->loadpriv(scheme, databuf, &sigpriv, closure_r, log, loc);
 120     if (!ok) goto error_out; /* loadpriv will have logged */
 121
 122     *sigpriv_r=sigpriv;
 123
 124   out:
 125     if (f) fclose(f);
 126     return ok;
 127
 128  error_out:
 129     if (sigpriv) sigpriv->dispose(sigpriv->st);
 130     ok=False;
 131     goto out;
 132 }
 133
 134 static struct sigprivkey_if *privcache_lookup(void *sst,
 135                                               const struct sigkeyid *id,
 136                                               struct log_if *log) {
 137     struct privcache *st=sst;
 138     int was;
 139     struct ent result;
 140
 141     for (was=0; was<st->used; was++) {
 142         if (sigkeyid_equal(id, &st->ents[was].id)) {
 143             result = st->ents[was];
 144             goto found;
 145         }
 146     }
 147
 148     if (st->used < st->alloc) {
 149         was=st->used;
 150         st->used++;
 151     } else {
 152         was=st->used-1;
 153         if (st->ents[was].sigpriv) {
 154             st->ents[was].sigpriv->dispose(st->ents[was].sigpriv->st);
 155         }
 156     }
 157
 158     COPY_OBJ(result.id, *id);
 159     result.sigpriv=uncached_get(st,id,log);
 160
 161  found:
 162     memmove(&st->ents[1], &st->ents[0], sizeof(st->ents[0]) * was);
 163     st->ents[0]=result;
 164     return result.sigpriv;
 165 }
 166
 167 static list_t *privcache_apply(closure_t *self, struct cloc loc,
 168                                dict_t *context, list_t *args)
 169 {
 170     struct privcache *st;
 171     item_t *item;
 172     dict_t *dict;
 173
 174     NEW(st);
 175     st->cl.description="privcache";
 176     st->cl.type=CL_PRIVCACHE;
 177     st->cl.apply=NULL;
 178     st->cl.interface=&st->ops;
 179     st->ops.st=st;
 180     st->ops.lookup=privcache_lookup;
 181     st->ents=0;
 182     st->path.buffer=0;
 183     st->used=st->alloc=0;
 184
 185     item=list_elem(args,0);
 186     if (!item || item->type!=t_dict)
 187         cfgfatal(loc,"privcache","parameter must be a dictionary\n");
 188
 189     dict=item->data.dict;
 190
 191     st->alloc=dict_read_number(dict,"privcache-size",False,"privcache",loc,
 192                                DEFAULT_SIZE);
 193     NEW_ARY(st->ents,st->alloc);
 194     st->used=0;
 195
 196     int32_t buflen=dict_read_number(dict,"privkey-max",False,"privcache",loc,
 197                                     DEFAULT_MAXPRIV_BYTES);
 198     buffer_new(&st->databuf,buflen+1);
 199
 200     const char *path=dict_read_string(dict,"privkeys",True,"privcache",loc);
 201     pathprefix_template_init(&st->path,path,KEYIDSZ*2);
 202
 203     return new_closure(&st->cl);
 204 }
 205
 206 static list_t *loadprivate_apply(closure_t *self, struct cloc loc,
 207                                dict_t *context, list_t *args)
 208 {
 209     CL_GET_STR_ARG(0,algname,"algorithm name");
 210     CL_GET_STR_ARG(1,path,"private key path");
 211
 212     const struct sigscheme_info *sch=sigscheme_lookup(algname);
 213     if (!sch) cfgfatal(algname_i->loc,"load-private",
 214                        "unknown algorithm `%s'",algname);
 215
 216     struct buffer_if databuf;
 217     buffer_new(&databuf,DEFAULT_MAXPRIV_BYTES);
 218     BUF_ALLOC(&databuf,"load-private data buf");
 219
 220     struct cfgfile_log log;
 221     cfgfile_log_init(&log,loc,"load-private");
 222
 223     struct sigprivkey_if *sigpriv;
 224     closure_t *cl;
 225     bool_t ok=
 226         uncached_load_file(sch,path,&databuf,&sigpriv,&cl,&log.log);
 227     if (!ok) cfgfatal(loc,"load-private","private key loading failed");
 228
 229     BUF_FREE(&databuf);
 230     buffer_destroy(&databuf);
 231     return new_closure(cl);
 232 }
 233
 234 void privcache_module(dict_t *dict)
 235 {
 236     add_closure(dict,"priv-cache",privcache_apply);
 237     add_closure(dict,"load-private",loadprivate_apply);
 238 }