Add private key initialization

86c5efcf · Nils Goroll · 5e7bc11b · 86c5efcf · 86c5efcf · 86c5efcf
Unverified Commit 86c5efcf authored Mar 24, 2021 by Nils Goroll
Hide whitespace changes
Inline Side-by-side

Showing with 83 additions and 0 deletions

vmod_crypto.c src/vmod_crypto.c +56 -0

vmod_crypto.rst src/vmod_crypto.rst +16 -0

vmod_crypto.vcc src/vmod_crypto.vcc +11 -0

No files found.
--- a/src/vmod_crypto.c
+++ b/src/vmod_crypto.c
@@ -292,6 +292,50 @@ pubkey_pem(VRT_CTX, VCL_STRING pem)
 	return (NULL);
 }

+static int
+literal_pw_cb(char *buf, int size, int rwflag, void *u)
+{
+	size_t len;
+
+	(void) rwflag;
+	if (u == NULL)
+		return (0);
+
+	len = strlen(u);
+	if (len > size)
+		len = size;
+	memcpy(buf, u, len);
+	return (len);
+}
+
+/* to be freed by caller */
+static EVP_PKEY *
+privkey_pem(VRT_CTX, VCL_STRING pem, VCL_STRING password)
+{
+	EVP_PKEY *pkey;
+	BIO *bio;
+
+	ERR_clear_error();
+
+	bio = BIO_new_mem_buf(pem, -1);
+	if (bio == NULL) {
+		VRT_fail(ctx, "key bio failed");
+		return (NULL);
+	}
+
+	pkey = PEM_read_bio_PrivateKey(bio, NULL,
+	    literal_pw_cb, TRUST_ME(password));
+	BIO_free_all(bio);
+
+	if (pkey != NULL)
+		return (pkey);
+
+	VRT_fail(ctx, "read public key failed, error 0x%lx",
+	    ERR_get_error());
+
+	return (NULL);
+}
+
 static struct VPFX(crypto_key) *
 crypto_key_ok(VRT_CTX, VCL_STRING name, struct VPFX(crypto_key) *k)
 {
@@ -319,6 +363,18 @@ vmod_key_pem_pubkey(VRT_CTX, struct VPFX(crypto_key) *k,
 	k->pkey = pubkey_pem(ctx, pem);
 }

+VCL_VOID
+vmod_key_pem_privkey(VRT_CTX, struct VPFX(crypto_key) *k,
+    VCL_STRING pem, VCL_STRING password)
+{
+
+	k = crypto_key_ok(ctx, "pem_privkey", k);
+	if (k == NULL)
+		return;
+
+	k->pkey = privkey_pem(ctx, pem, password);
+}
+
 VCL_VOID
 vmod_key_rsa(VRT_CTX, struct VPFX(crypto_key) *k, struct VARGS(key_rsa) *args) {
 	BIGNUM *n = NULL, *e = NULL, *d = NULL;

--- a/src/vmod_crypto.rst
+++ b/src/vmod_crypto.rst
@@ -26,6 +26,8 @@ SYNOPSIS
  
      :ref:`xkey.pem_pubkey()`
  
+      :ref:`xkey.pem_privkey()`
+  
      :ref:`xkey.rsa()`
  
  :ref:`crypto.verifier()`
@@ -96,6 +98,20 @@ comprise RSA and DSA.

 Any error is fatal to vcl initialization.

+.. _xkey.pem_privkey():
+
+VOID xkey.pem_privkey(STRING, STRING password=0)
+------------------------------------------------
+
+Create a key from the PEM-encoded private key, optionally decrypting
+it using `password`.
+
+The cryptographic method to be used and the key length are
+automatically determined from _pem_. Typically supported methods
+comprise RSA and DSA.
+
+Any error is fatal to vcl initialization.
+
 .. _xkey.rsa():

 VOID xkey.rsa(BLOB n, BLOB e, [BLOB d])

--- a/src/vmod_crypto.vcc
+++ b/src/vmod_crypto.vcc
@@ -58,6 +58,17 @@ comprise RSA and DSA.

 Any error is fatal to vcl initialization.

+$Method VOID .pem_privkey(STRING, STRING password=0)
+
+Create a key from the PEM-encoded private key, optionally decrypting
+it using `password`.
+
+The cryptographic method to be used and the key length are
+automatically determined from _pem_. Typically supported methods
+comprise RSA and DSA.
+
+Any error is fatal to vcl initialization.
+
 $Method VOID .rsa(BLOB n, BLOB e, [BLOB d])

 Create an RSA key from the parameters n, e, and optionally d.