iPXE
privkey.c
Go to the documentation of this file.
00001 /*
00002  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
00003  *
00004  * This program is free software; you can redistribute it and/or
00005  * modify it under the terms of the GNU General Public License as
00006  * published by the Free Software Foundation; either version 2 of the
00007  * License, or any later version.
00008  *
00009  * This program is distributed in the hope that it will be useful, but
00010  * WITHOUT ANY WARRANTY; without even the implied warranty of
00011  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00012  * General Public License for more details.
00013  *
00014  * You should have received a copy of the GNU General Public License
00015  * along with this program; if not, write to the Free Software
00016  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
00017  * 02110-1301, USA.
00018  *
00019  * You can also choose to distribute this program under the terms of
00020  * the Unmodified Binary Distribution Licence (as given in the file
00021  * COPYING.UBDL), provided that you have satisfied its requirements.
00022  */
00023 
00024 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
00025 
00026 #include <stdint.h>
00027 #include <stdlib.h>
00028 #include <string.h>
00029 #include <ipxe/dhcp.h>
00030 #include <ipxe/settings.h>
00031 #include <ipxe/x509.h>
00032 #include <ipxe/privkey.h>
00033 
00034 /** @file
00035  *
00036  * Private key
00037  *
00038  * Life would in theory be easier if we could use a single file to
00039  * hold both the certificate and corresponding private key.
00040  * Unfortunately, the only common format which supports this is
00041  * PKCS#12 (aka PFX), which is too ugly to be allowed anywhere near my
00042  * codebase.  See, for reference and amusement:
00043  *
00044  *    http://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html
00045  */
00046 
00047 /* Allow private key to be overridden if not explicitly specified */
00048 #ifdef PRIVATE_KEY
00049 #define ALLOW_KEY_OVERRIDE 0
00050 #else
00051 #define ALLOW_KEY_OVERRIDE 1
00052 #endif
00053 
00054 /* Raw private key data */
00055 extern char private_key_data[];
00056 extern char private_key_len[];
00057 __asm__ ( ".section \".rodata\", \"a\", " PROGBITS "\n\t"
00058           "\nprivate_key_data:\n\t"
00059 #ifdef PRIVATE_KEY
00060           ".incbin \"" PRIVATE_KEY "\"\n\t"
00061 #endif /* PRIVATE_KEY */
00062           ".size private_key_data, ( . - private_key_data )\n\t"
00063           ".equ private_key_len, ( . - private_key_data )\n\t"
00064           ".previous\n\t" );
00065 
00066 /** Private key */
00067 struct asn1_cursor private_key = {
00068         .data = private_key_data,
00069         .len = ( ( size_t ) private_key_len ),
00070 };
00071 
00072 /** Default private key */
00073 static struct asn1_cursor default_private_key = {
00074         .data = private_key_data,
00075         .len = ( ( size_t ) private_key_len ),
00076 };
00077 
00078 /** Private key setting */
00079 static struct setting privkey_setting __setting ( SETTING_CRYPTO, privkey ) = {
00080         .name = "privkey",
00081         .description = "Private key",
00082         .tag = DHCP_EB_KEY,
00083         .type = &setting_type_hex,
00084 };
00085 
00086 /**
00087  * Apply private key configuration settings
00088  *
00089  * @ret rc              Return status code
00090  */
00091 static int privkey_apply_settings ( void ) {
00092         static void *key_data = NULL;
00093         int len;
00094 
00095         /* Allow private key to be overridden only if not explicitly
00096          * specified at build time.
00097          */
00098         if ( ALLOW_KEY_OVERRIDE ) {
00099 
00100                 /* Restore default private key */
00101                 memcpy ( &private_key, &default_private_key,
00102                          sizeof ( private_key ) );
00103 
00104                 /* Fetch new private key, if any */
00105                 free ( key_data );
00106                 if ( ( len = fetch_raw_setting_copy ( NULL, &privkey_setting,
00107                                                       &key_data ) ) >= 0 ) {
00108                         private_key.data = key_data;
00109                         private_key.len = len;
00110                 }
00111         }
00112 
00113         /* Debug */
00114         if ( private_key.len ) {
00115                 DBGC ( &private_key, "PRIVKEY using %s private key:\n",
00116                        ( key_data ? "external" : "built-in" ) );
00117                 DBGC_HDA ( &private_key, 0, private_key.data, private_key.len );
00118         } else {
00119                 DBGC ( &private_key, "PRIVKEY has no private key\n" );
00120         }
00121 
00122         return 0;
00123 }
00124 
00125 /** Private key settings applicator */
00126 struct settings_applicator privkey_applicator __settings_applicator = {
00127         .apply = privkey_apply_settings,
00128 };