iPXE
privkey.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 #include <stdint.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <ipxe/dhcp.h>
30 #include <ipxe/settings.h>
31 #include <ipxe/x509.h>
32 #include <ipxe/privkey.h>
33 
34 /** @file
35  *
36  * Private key
37  *
38  * Life would in theory be easier if we could use a single file to
39  * hold both the certificate and corresponding private key.
40  * Unfortunately, the only common format which supports this is
41  * PKCS#12 (aka PFX), which is too ugly to be allowed anywhere near my
42  * codebase. See, for reference and amusement:
43  *
44  * http://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html
45  */
46 
47 /* Allow private key to be overridden if not explicitly specified */
48 #ifdef PRIVATE_KEY
49 #define ALLOW_KEY_OVERRIDE 0
50 #else
51 #define ALLOW_KEY_OVERRIDE 1
52 #endif
53 
54 /* Raw private key data */
55 extern char private_key_data[];
56 extern char private_key_len[];
57 __asm__ ( ".section \".rodata\", \"a\", " PROGBITS "\n\t"
58  "\nprivate_key_data:\n\t"
59 #ifdef PRIVATE_KEY
60  ".incbin \"" PRIVATE_KEY "\"\n\t"
61 #endif /* PRIVATE_KEY */
62  ".size private_key_data, ( . - private_key_data )\n\t"
63  ".equ private_key_len, ( . - private_key_data )\n\t"
64  ".previous\n\t" );
65 
66 /** Private key */
69  .len = ( ( size_t ) private_key_len ),
70 };
71 
72 /** Default private key */
75  .len = ( ( size_t ) private_key_len ),
76 };
77 
78 /** Private key setting */
79 static struct setting privkey_setting __setting ( SETTING_CRYPTO, privkey ) = {
80  .name = "privkey",
81  .description = "Private key",
82  .tag = DHCP_EB_KEY,
83  .type = &setting_type_hex,
84 };
85 
86 /**
87  * Apply private key configuration settings
88  *
89  * @ret rc Return status code
90  */
91 static int privkey_apply_settings ( void ) {
92  static void *key_data = NULL;
93  int len;
94 
95  /* Allow private key to be overridden only if not explicitly
96  * specified at build time.
97  */
98  if ( ALLOW_KEY_OVERRIDE ) {
99 
100  /* Restore default private key */
102  sizeof ( private_key ) );
103 
104  /* Fetch new private key, if any */
105  free ( key_data );
106  if ( ( len = fetch_raw_setting_copy ( NULL, &privkey_setting,
107  &key_data ) ) >= 0 ) {
108  private_key.data = key_data;
109  private_key.len = len;
110  }
111  }
112 
113  /* Debug */
114  if ( private_key.len ) {
115  DBGC ( &private_key, "PRIVKEY using %s private key:\n",
116  ( key_data ? "external" : "built-in" ) );
118  } else {
119  DBGC ( &private_key, "PRIVKEY has no private key\n" );
120  }
121 
122  return 0;
123 }
124 
125 /** Private key settings applicator */
126 struct settings_applicator privkey_applicator __settings_applicator = {
128 };
Dynamic Host Configuration Protocol.
int fetch_raw_setting_copy(struct settings *settings, const struct setting *setting, void **data)
Fetch value of setting.
Definition: settings.c:825
__SIZE_TYPE__ size_t
Definition: stdint.h:6
char private_key_data[]
#define PROGBITS
Definition: compiler.h:61
const void * data
Start of data.
Definition: asn1.h:21
#define DBGC(...)
Definition: compiler.h:505
A settings applicator.
Definition: settings.h:251
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
size_t len
Length of data.
Definition: asn1.h:23
const char * name
Name.
Definition: settings.h:28
Private key.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
struct settings_applicator privkey_applicator __settings_applicator
Private key settings applicator.
Definition: privkey.c:126
char private_key_len[]
#define DBGC_HDA(...)
Definition: compiler.h:506
Configuration settings.
static struct asn1_cursor default_private_key
Default private key.
Definition: privkey.c:73
static void(* free)(struct refcnt *refcnt))
Definition: refcnt.h:54
static struct setting privkey_setting __setting(SETTING_CRYPTO, privkey)
Private key setting.
X.509 certificates.
A setting.
Definition: settings.h:23
struct asn1_cursor private_key
Private key.
Definition: privkey.c:67
#define ALLOW_KEY_OVERRIDE
Definition: privkey.c:51
__asm__(".section \".rodata\", \"a\", " PROGBITS "\n\t" "\nprivate_key_data:\n\t" ".size private_key_data, ( . - private_key_data )\n\t" ".equ private_key_len, ( . - private_key_data )\n\t" ".previous\n\t")
uint32_t len
Length.
Definition: ena.h:14
int(* apply)(void)
Apply updated settings.
Definition: settings.h:256
#define DHCP_EB_KEY
Client private key.
Definition: dhcp.h:398
#define SETTING_CRYPTO
Cryptography settings.
Definition: settings.h:79
static int privkey_apply_settings(void)
Apply private key configuration settings.
Definition: privkey.c:91
#define NULL
NULL pointer (VOID *)
Definition: Base.h:362
String functions.
An ASN.1 object cursor.
Definition: asn1.h:19