diff options
| author | Brett Grandbois <brett.grandbois@opengear.com> | 2018-05-15 10:55:49 +1000 |
|---|---|---|
| committer | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2018-05-30 14:23:39 +1000 |
| commit | 8b214b9d1c51f49d977e93b66378ed4f73790c8b (patch) | |
| tree | 94bdcbd19c82e7d45a970e7cf6c80a2b20627f8d /lib/security/gpg.h | |
| parent | b1234ac9dd09c9ceaf929c9d4d738fd556525291 (diff) | |
| download | talos-petitboot-8b214b9d1c51f49d977e93b66378ed4f73790c8b.tar.gz talos-petitboot-8b214b9d1c51f49d977e93b66378ed4f73790c8b.zip | |
lib/security: add in openssl support
Refactor to export a generic API rather than specific gpg_ prefixes by
changing gpg.h to security.h and renaming some of the exports.
Break out the common and specific functionality into common.c and
none.c/gpg.c/openssl.c for no/gpgme/openssl modes respectively.
gpgme should work as before
OpenSSL support works like this:
The pb-lockdown file is a PKCS12 file or X509 certificate or PEM-encoded
raw public key. To follow the current conventions the presence of a
PKCS12 file as a lockdown signals decrypt mode because of the presence
of the private key, anything else signals signature verification mode.
The keyring path is currently ignored but in the future could be used to
point to an X509 certificate chain for validity checking. Because of
this self-signed certificates are currently supported and really just
used as a public key container.
Signature verification mode supports:
* Cryptographic Message Syntax (CMS) as detached S/MIME, this is really
more for consistency for the encryption mode (see below). This mode
requires the lockdown file to be an X509 certificate.
A sample creation command would be:
openssl cms -sign -in (infile) -out (outfile) -binary -nocerts \
-inkey (private key) -signer (recipient certificate)
* Raw signature digest as output from openssl dgst -sign command. This
mode can have the lockdown file be an X509 certificate or a PEM raw
public key but the digest algorithm must be pre-defined by the
VERIFY_DIGEST configure argument. The default is SHA256.
A sample creation command would be:
openssl dgst -sign (private key) -out (outfile) -(digest mode) \
(infile)
Decryption mode supports:
* CMS signed-envelope as attached S/MIME. This is for consistency with
the current expectation of no external file for decryption. Some
future enhancement could be to come up with some proprietary external
file format containing the cipher used, the encrypted cipher key, and
the IV (if necessary).
A sample creation command would be:
openssl cms -sign -in (infile) -signer (recipient certificate) \
-binary -nocerts -nodetach -inkey (private key) | \
openssl cms -encrypt -(cipher mode) -out (outfile) \
(recipient certificate)
The PKCS12 file is expecting the private key to have password of NULL or
"" as there is currently no mechanism to supply a custom one.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Diffstat (limited to 'lib/security/gpg.h')
| -rw-r--r-- | lib/security/gpg.h | 83 |
1 files changed, 0 insertions, 83 deletions
diff --git a/lib/security/gpg.h b/lib/security/gpg.h deleted file mode 100644 index 6efc3d2..0000000 --- a/lib/security/gpg.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (C) 2016 Raptor Engineering, LLC - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; version 2 of the License. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#ifndef _PB_GPG_H -#define _PB_GPG_H - -#include <discover/boot.h> - -enum { - PB_LOCKDOWN_NONE = 0, - PB_LOCKDOWN_SIGN = 1, - PB_LOCKDOWN_DECRYPT = 2, -}; - -#if defined(HAVE_LIBGPGME) -#include <gpgme.h> -#endif /* HAVE_LIBGPGME */ - -int lockdown_status(void); - -struct pb_url * gpg_get_signature_url(void *ctx, struct pb_url *base_file); - -int verify_file_signature(const char *plaintext_filename, - const char *signature_filename, FILE *authorized_signatures_handle, - const char *keyring_path); - -int decrypt_file(const char * filename, - FILE * authorized_signatures_handle, const char * keyring_path); - -int gpg_validate_boot_files(struct boot_task *boot_task); - -void gpg_validate_boot_files_cleanup(struct boot_task *boot_task); - -#if !defined(HAVE_LIBGPGME) - -int lockdown_status(void) { return PB_LOCKDOWN_NONE; } - -struct pb_url * gpg_get_signature_url(void *ctx __attribute__((unused)), - struct pb_url *base_file __attribute__((unused))) -{ - return NULL; -} - -int verify_file_signature(const char *plaintext_filename __attribute__((unused)), - const char *signature_filename __attribute__((unused)), - FILE *authorized_signatures_handle __attribute__((unused)), - const char *keyring_path __attribute__((unused))) -{ - return -1; -} - -int decrypt_file(const char * filename __attribute__((unused)), - FILE * authorized_signatures_handle __attribute__((unused)), - const char * keyring_path __attribute__((unused))) -{ - return -1; -} - -int gpg_validate_boot_files(struct boot_task *boot_task __attribute__((unused))) -{ - return 0; -} - -void gpg_validate_boot_files_cleanup(struct boot_task *boot_task __attribute__((unused))) -{} - -#endif /* HAVE_LIBGPGME */ - -#endif /* _PB_GPG_H */
\ No newline at end of file |
