orthanc: Core/Pkcs11.cpp annotate

annotate Core/Pkcs11.cpp @ 2035:9dd1ee869b88

fix

author	Sebastien Jodogne <s.jodogne@gmail.com>
date	Tue, 21 Jun 2016 13:28:16 +0200
parents	d46746607ae0
children	dd609a99d39a

rev	line source
2025 e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	1 /**
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	2 * Orthanc - A Lightweight, RESTful DICOM Store
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	3 * Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	4 * Department, University Hospital of Liege, Belgium
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	5 *
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	6 * This program is free software: you can redistribute it and/or
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	7 * modify it under the terms of the GNU General Public License as
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	8 * published by the Free Software Foundation, either version 3 of the
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	9 * License, or (at your option) any later version.
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	10 *
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	11 * In addition, as a special exception, the copyright holders of this
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	12 * program give permission to link the code of its release with the
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	13 * OpenSSL project's "OpenSSL" library (or with modified versions of it
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	14 * that use the same license as the "OpenSSL" library), and distribute
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	15 * the linked executables. You must obey the GNU General Public License
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	16 * in all respects for all of the code used other than "OpenSSL". If you
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	17 * modify file(s) with this exception, you may extend this exception to
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	18 * your version of the file(s), but you are not obligated to do so. If
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	19 * you do not wish to do so, delete this exception statement from your
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	20 * version. If you delete this exception statement from all source files
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	21 * in the program, then also delete it here.
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	22 *
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	23 * This program is distributed in the hope that it will be useful, but
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	24 * WITHOUT ANY WARRANTY; without even the implied warranty of
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	26 * General Public License for more details.
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	27 *
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	28 * You should have received a copy of the GNU General Public License
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	29 * along with this program. If not, see <http://www.gnu.org/licenses/>.
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	30 **/
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	31
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	32
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	33 #include "PrecompiledHeaders.h"
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	34 #include "Pkcs11.h"
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	35
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	36 #if ORTHANC_PKCS11_ENABLED != 1 \|\| ORTHANC_SSL_ENABLED != 1
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	37 # error This file cannot be used if OpenSSL or PKCS#11 support is disabled
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	38 #endif
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	39
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	40
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	41 #if defined(OPENSSL_NO_RSA) \|\| defined(OPENSSL_NO_EC) \|\| defined(OPENSSL_NO_ECDSA) \|\| defined(OPENSSL_NO_ECDH)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	42 # error OpenSSL was compiled without support for RSA, EC, ECDSA or ECDH
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	43 #endif
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	44
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	45
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	46 #include "Logging.h"
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	47 #include "OrthancException.h"
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	48 #include "Toolbox.h"
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	49
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	50 extern "C"
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	51 {
2026 d46746607ae0 fix Sebastien Jodogne <s.jodogne@gmail.com> parents: 2025 diff changeset	52 #include <libp11/engine.h> // This is P11's "engine.h"
d46746607ae0 fix Sebastien Jodogne <s.jodogne@gmail.com> parents: 2025 diff changeset	53 #include <libp11/libp11.h>
2025 e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	54 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	55
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	56 #include <openssl/engine.h>
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	57
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	58
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	59 namespace Orthanc
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	60 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	61 namespace Pkcs11
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	62 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	63 static const char* PKCS11_ENGINE_ID = "pkcs11";
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	64 static const char* PKCS11_ENGINE_NAME = "PKCS#11 for Orthanc";
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	65 static const ENGINE_CMD_DEFN PKCS11_ENGINE_COMMANDS[] =
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	66 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	67 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	68 CMD_MODULE_PATH,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	69 "MODULE_PATH",
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	70 "Specifies the path to the PKCS#11 module shared library",
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	71 ENGINE_CMD_FLAG_STRING
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	72 },
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	73 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	74 CMD_PIN,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	75 "PIN",
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	76 "Specifies the pin code",
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	77 ENGINE_CMD_FLAG_STRING
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	78 },
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	79 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	80 CMD_VERBOSE,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	81 "VERBOSE",
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	82 "Print additional details",
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	83 ENGINE_CMD_FLAG_NO_INPUT
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	84 },
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	85 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	86 CMD_LOAD_CERT_CTRL,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	87 "LOAD_CERT_CTRL",
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	88 "Get the certificate from card",
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	89 ENGINE_CMD_FLAG_INTERNAL
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	90 },
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	91 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	92 0,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	93 NULL,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	94 NULL,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	95 0
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	96 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	97 };
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	98
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	99
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	100 static bool pkcs11Initialized_ = false;
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	101 static ENGINE_CTX *context_ = NULL;
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	102
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	103 static int EngineInitialize(ENGINE* engine)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	104 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	105 if (context_ == NULL)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	106 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	107 return 0;
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	108 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	109 else
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	110 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	111 return pkcs11_init(context_);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	112 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	113 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	114
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	115
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	116 static int EngineFinalize(ENGINE* engine)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	117 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	118 if (context_ == NULL)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	119 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	120 return 0;
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	121 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	122 else
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	123 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	124 return pkcs11_finish(context_);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	125 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	126 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	127
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	128
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	129 static int EngineDestroy(ENGINE* engine)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	130 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	131 return (context_ == NULL ? 0 : 1);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	132 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	133
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	134
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	135 static int EngineControl(ENGINE *engine,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	136 int command,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	137 long i,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	138 void *p,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	139 void (*f) ())
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	140 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	141 if (context_ == NULL)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	142 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	143 return 0;
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	144 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	145 else
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	146 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	147 return pkcs11_engine_ctrl(context_, command, i, p, f);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	148 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	149 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	150
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	151
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	152 static EVP_PKEY EngineLoadPublicKey(ENGINE engine,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	153 const char *s_key_id,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	154 UI_METHOD *ui_method,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	155 void *callback_data)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	156 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	157 if (context_ == NULL)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	158 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	159 return 0;
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	160 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	161 else
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	162 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	163 return pkcs11_load_public_key(context_, s_key_id, ui_method, callback_data);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	164 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	165 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	166
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	167
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	168 static EVP_PKEY EngineLoadPrivateKey(ENGINE engine,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	169 const char *s_key_id,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	170 UI_METHOD *ui_method,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	171 void *callback_data)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	172 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	173 if (context_ == NULL)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	174 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	175 return 0;
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	176 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	177 else
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	178 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	179 return pkcs11_load_private_key(context_, s_key_id, ui_method, callback_data);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	180 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	181 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	182
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	183
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	184 static ENGINE* LoadEngine()
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	185 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	186 // This function creates an engine for PKCS#11 and inspired by
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	187 // the "ENGINE_load_dynamic" function from OpenSSL, in file
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	188 // "crypto/engine/eng_dyn.c"
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	189
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	190 ENGINE* engine = ENGINE_new();
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	191 if (!engine)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	192 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	193 LOG(ERROR) << "Cannot create an OpenSSL engine for PKCS#11";
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	194 throw OrthancException(ErrorCode_InternalError);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	195 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	196
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	197 // Create a PKCS#11 context using libp11
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	198 context_ = pkcs11_new();
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	199 if (!context_)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	200 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	201 LOG(ERROR) << "Cannot create a libp11 context for PKCS#11";
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	202 ENGINE_free(engine);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	203 throw OrthancException(ErrorCode_InternalError);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	204 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	205
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	206 if (!ENGINE_set_id(engine, PKCS11_ENGINE_ID) \|\|
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	207 !ENGINE_set_name(engine, PKCS11_ENGINE_NAME) \|\|
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	208 !ENGINE_set_cmd_defns(engine, PKCS11_ENGINE_COMMANDS) \|\|
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	209
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	210 // Register the callback functions
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	211 !ENGINE_set_init_function(engine, EngineInitialize) \|\|
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	212 !ENGINE_set_finish_function(engine, EngineFinalize) \|\|
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	213 !ENGINE_set_destroy_function(engine, EngineDestroy) \|\|
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	214 !ENGINE_set_ctrl_function(engine, EngineControl) \|\|
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	215 !ENGINE_set_load_pubkey_function(engine, EngineLoadPublicKey) \|\|
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	216 !ENGINE_set_load_privkey_function(engine, EngineLoadPrivateKey) \|\|
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	217
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	218 !ENGINE_set_RSA(engine, PKCS11_get_rsa_method()) \|\|
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	219 !ENGINE_set_ECDSA(engine, PKCS11_get_ecdsa_method()) \|\|
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	220 !ENGINE_set_ECDH(engine, PKCS11_get_ecdh_method()) \|\|
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	221
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	222 #if OPENSSL_VERSION_NUMBER >= 0x10100002L
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	223 !ENGINE_set_EC(engine, PKCS11_get_ec_key_method()) \|\|
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	224 #endif
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	225
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	226 // Make OpenSSL know about our PKCS#11 engine
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	227 !ENGINE_add(engine))
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	228 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	229 LOG(ERROR) << "Cannot initialize the OpenSSL engine for PKCS#11";
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	230 pkcs11_finish(context_);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	231 ENGINE_free(engine);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	232 throw OrthancException(ErrorCode_InternalError);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	233 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	234
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	235 // If the "ENGINE_add" worked, it gets a structural
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	236 // reference. We release our just-created reference.
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	237 ENGINE_free(engine);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	238
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	239 return ENGINE_by_id(PKCS11_ENGINE_ID);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	240 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	241
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	242
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	243 bool IsInitialized()
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	244 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	245 return pkcs11Initialized_;
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	246 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	247
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	248 const char* GetEngineIdentifier()
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	249 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	250 return PKCS11_ENGINE_ID;
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	251 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	252
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	253 void Initialize(const std::string& module,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	254 const std::string& pin,
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	255 bool verbose)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	256 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	257 if (pkcs11Initialized_)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	258 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	259 LOG(ERROR) << "The PKCS#11 engine has already been initialized";
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	260 throw OrthancException(ErrorCode_BadSequenceOfCalls);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	261 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	262
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	263 if (module.empty() \|\|
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	264 !Toolbox::IsRegularFile(module))
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	265 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	266 LOG(ERROR) << "The PKCS#11 module must be a path to one shared library (DLL or .so)";
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	267 throw OrthancException(ErrorCode_InexistentFile);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	268 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	269
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	270 ENGINE* engine = LoadEngine();
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	271 if (!engine)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	272 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	273 LOG(ERROR) << "Cannot create an OpenSSL engine for PKCS#11";
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	274 throw OrthancException(ErrorCode_InternalError);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	275 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	276
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	277 if (!ENGINE_ctrl_cmd_string(engine, "MODULE_PATH", module.c_str(), 0))
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	278 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	279 LOG(ERROR) << "Cannot configure the OpenSSL dynamic engine for PKCS#11";
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	280 throw OrthancException(ErrorCode_InternalError);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	281 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	282
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	283 if (verbose)
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	284 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	285 ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	286 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	287
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	288 if (!pin.empty() &&
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	289 !ENGINE_ctrl_cmd_string(engine, "PIN", pin.c_str(), 0))
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	290 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	291 LOG(ERROR) << "Cannot set the PIN code for PKCS#11";
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	292 throw OrthancException(ErrorCode_InternalError);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	293 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	294
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	295 if (!ENGINE_init(engine))
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	296 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	297 LOG(ERROR) << "Cannot initialize the OpenSSL dynamic engine for PKCS#11";
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	298 throw OrthancException(ErrorCode_InternalError);
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	299 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	300
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	301 LOG(WARNING) << "The PKCS#11 engine has been successfully initialized";
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	302 pkcs11Initialized_ = true;
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	303 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	304
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	305
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	306 void Finalize()
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	307 {
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	308 // Nothing to do, the unregistration of the engine is
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	309 // automatically done by OpenSSL
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	310 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	311 }
e7e1858d9504 reorganization Sebastien Jodogne <s.jodogne@gmail.com> parents: diff changeset	312 }

Mercurial > hg > orthanc

annotate Core/Pkcs11.cpp @ 2035:9dd1ee869b88