Mercurial > hg > orthanc

annotate Core/Pkcs11.cpp @ 2025:e7e1858d9504

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
reorganization
author Sebastien Jodogne <s.jodogne@gmail.com>
date Mon, 20 Jun 2016 13:23:42 +0200
parents
children d46746607ae0
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2025
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
1 /**
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
2 * Orthanc - A Lightweight, RESTful DICOM Store
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
3 * Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
4 * Department, University Hospital of Liege, Belgium
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
5 *
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
6 * This program is free software: you can redistribute it and/or
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
7 * modify it under the terms of the GNU General Public License as
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
8 * published by the Free Software Foundation, either version 3 of the
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
9 * License, or (at your option) any later version.
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
10 *
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
11 * In addition, as a special exception, the copyright holders of this
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
12 * program give permission to link the code of its release with the
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
13 * OpenSSL project's "OpenSSL" library (or with modified versions of it
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
14 * that use the same license as the "OpenSSL" library), and distribute
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
15 * the linked executables. You must obey the GNU General Public License
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
16 * in all respects for all of the code used other than "OpenSSL". If you
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
17 * modify file(s) with this exception, you may extend this exception to
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
18 * your version of the file(s), but you are not obligated to do so. If
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
19 * you do not wish to do so, delete this exception statement from your
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
20 * version. If you delete this exception statement from all source files
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
21 * in the program, then also delete it here.
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
22 *
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
23 * This program is distributed in the hope that it will be useful, but
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
24 * WITHOUT ANY WARRANTY; without even the implied warranty of
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
26 * General Public License for more details.
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
27 *
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
28 * You should have received a copy of the GNU General Public License
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
29 * along with this program. If not, see <http://www.gnu.org/licenses/>.
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
30 **/
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
31
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
32
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
33 #include "PrecompiledHeaders.h"
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
34 #include "Pkcs11.h"
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
35
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
36 #if ORTHANC_PKCS11_ENABLED != 1 || ORTHANC_SSL_ENABLED != 1
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
37 # error This file cannot be used if OpenSSL or PKCS#11 support is disabled
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
38 #endif
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
39
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
40
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
41 #if defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_ECDSA) || defined(OPENSSL_NO_ECDH)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
42 # error OpenSSL was compiled without support for RSA, EC, ECDSA or ECDH
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
43 #endif
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
44
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
45
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
46 #include "Logging.h"
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
47 #include "OrthancException.h"
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
48 #include "Toolbox.h"
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
49
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
50 extern "C"
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
51 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
52 #include <engine.h> // This is P11's "engine.h"
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
53 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
54
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
55 #include <openssl/engine.h>
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
56 #include <libp11.h>
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
57
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
58
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
59 namespace Orthanc
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
60 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
61 namespace Pkcs11
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
62 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
63 static const char* PKCS11_ENGINE_ID = "pkcs11";
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
64 static const char* PKCS11_ENGINE_NAME = "PKCS#11 for Orthanc";
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
65 static const ENGINE_CMD_DEFN PKCS11_ENGINE_COMMANDS[] =
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
66 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
67 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
68 CMD_MODULE_PATH,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
69 "MODULE_PATH",
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
70 "Specifies the path to the PKCS#11 module shared library",
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
71 ENGINE_CMD_FLAG_STRING
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
72 },
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
73 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
74 CMD_PIN,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
75 "PIN",
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
76 "Specifies the pin code",
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
77 ENGINE_CMD_FLAG_STRING
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
78 },
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
79 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
80 CMD_VERBOSE,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
81 "VERBOSE",
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
82 "Print additional details",
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
83 ENGINE_CMD_FLAG_NO_INPUT
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
84 },
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
85 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
86 CMD_LOAD_CERT_CTRL,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
87 "LOAD_CERT_CTRL",
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
88 "Get the certificate from card",
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
89 ENGINE_CMD_FLAG_INTERNAL
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
90 },
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
91 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
92 0,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
93 NULL,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
94 NULL,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
95 0
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
96 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
97 };
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
98
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
99
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
100 static bool pkcs11Initialized_ = false;
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
101 static ENGINE_CTX *context_ = NULL;
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
102
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
103 static int EngineInitialize(ENGINE* engine)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
104 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
105 if (context_ == NULL)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
106 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
107 return 0;
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
108 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
109 else
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
110 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
111 return pkcs11_init(context_);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
112 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
113 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
114
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
115
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
116 static int EngineFinalize(ENGINE* engine)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
117 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
118 if (context_ == NULL)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
119 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
120 return 0;
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
121 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
122 else
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
123 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
124 return pkcs11_finish(context_);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
125 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
126 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
127
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
128
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
129 static int EngineDestroy(ENGINE* engine)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
130 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
131 return (context_ == NULL ? 0 : 1);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
132 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
133
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
134
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
135 static int EngineControl(ENGINE *engine,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
136 int command,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
137 long i,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
138 void *p,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
139 void (*f) ())
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
140 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
141 if (context_ == NULL)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
142 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
143 return 0;
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
144 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
145 else
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
146 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
147 return pkcs11_engine_ctrl(context_, command, i, p, f);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
148 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
149 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
150
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
151
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
152 static EVP_PKEY *EngineLoadPublicKey(ENGINE *engine,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
153 const char *s_key_id,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
154 UI_METHOD *ui_method,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
155 void *callback_data)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
156 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
157 if (context_ == NULL)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
158 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
159 return 0;
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
160 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
161 else
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
162 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
163 return pkcs11_load_public_key(context_, s_key_id, ui_method, callback_data);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
164 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
165 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
166
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
167
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
168 static EVP_PKEY *EngineLoadPrivateKey(ENGINE *engine,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
169 const char *s_key_id,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
170 UI_METHOD *ui_method,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
171 void *callback_data)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
172 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
173 if (context_ == NULL)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
174 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
175 return 0;
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
176 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
177 else
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
178 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
179 return pkcs11_load_private_key(context_, s_key_id, ui_method, callback_data);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
180 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
181 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
182
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
183
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
184 static ENGINE* LoadEngine()
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
185 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
186 // This function creates an engine for PKCS#11 and inspired by
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
187 // the "ENGINE_load_dynamic" function from OpenSSL, in file
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
188 // "crypto/engine/eng_dyn.c"
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
189
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
190 ENGINE* engine = ENGINE_new();
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
191 if (!engine)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
192 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
193 LOG(ERROR) << "Cannot create an OpenSSL engine for PKCS#11";
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
194 throw OrthancException(ErrorCode_InternalError);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
195 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
196
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
197 // Create a PKCS#11 context using libp11
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
198 context_ = pkcs11_new();
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
199 if (!context_)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
200 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
201 LOG(ERROR) << "Cannot create a libp11 context for PKCS#11";
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
202 ENGINE_free(engine);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
203 throw OrthancException(ErrorCode_InternalError);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
204 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
205
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
206 if (!ENGINE_set_id(engine, PKCS11_ENGINE_ID) ||
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
207 !ENGINE_set_name(engine, PKCS11_ENGINE_NAME) ||
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
208 !ENGINE_set_cmd_defns(engine, PKCS11_ENGINE_COMMANDS) ||
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
209
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
210 // Register the callback functions
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
211 !ENGINE_set_init_function(engine, EngineInitialize) ||
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
212 !ENGINE_set_finish_function(engine, EngineFinalize) ||
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
213 !ENGINE_set_destroy_function(engine, EngineDestroy) ||
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
214 !ENGINE_set_ctrl_function(engine, EngineControl) ||
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
215 !ENGINE_set_load_pubkey_function(engine, EngineLoadPublicKey) ||
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
216 !ENGINE_set_load_privkey_function(engine, EngineLoadPrivateKey) ||
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
217
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
218 !ENGINE_set_RSA(engine, PKCS11_get_rsa_method()) ||
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
219 !ENGINE_set_ECDSA(engine, PKCS11_get_ecdsa_method()) ||
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
220 !ENGINE_set_ECDH(engine, PKCS11_get_ecdh_method()) ||
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
221
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
222 #if OPENSSL_VERSION_NUMBER >= 0x10100002L
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
223 !ENGINE_set_EC(engine, PKCS11_get_ec_key_method()) ||
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
224 #endif
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
225
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
226 // Make OpenSSL know about our PKCS#11 engine
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
227 !ENGINE_add(engine))
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
228 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
229 LOG(ERROR) << "Cannot initialize the OpenSSL engine for PKCS#11";
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
230 pkcs11_finish(context_);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
231 ENGINE_free(engine);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
232 throw OrthancException(ErrorCode_InternalError);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
233 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
234
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
235 // If the "ENGINE_add" worked, it gets a structural
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
236 // reference. We release our just-created reference.
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
237 ENGINE_free(engine);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
238
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
239 return ENGINE_by_id(PKCS11_ENGINE_ID);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
240 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
241
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
242
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
243 bool IsInitialized()
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
244 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
245 return pkcs11Initialized_;
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
246 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
247
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
248 const char* GetEngineIdentifier()
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
249 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
250 return PKCS11_ENGINE_ID;
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
251 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
252
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
253 void Initialize(const std::string& module,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
254 const std::string& pin,
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
255 bool verbose)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
256 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
257 if (pkcs11Initialized_)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
258 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
259 LOG(ERROR) << "The PKCS#11 engine has already been initialized";
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
260 throw OrthancException(ErrorCode_BadSequenceOfCalls);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
261 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
262
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
263 if (module.empty() ||
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
264 !Toolbox::IsRegularFile(module))
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
265 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
266 LOG(ERROR) << "The PKCS#11 module must be a path to one shared library (DLL or .so)";
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
267 throw OrthancException(ErrorCode_InexistentFile);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
268 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
269
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
270 ENGINE* engine = LoadEngine();
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
271 if (!engine)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
272 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
273 LOG(ERROR) << "Cannot create an OpenSSL engine for PKCS#11";
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
274 throw OrthancException(ErrorCode_InternalError);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
275 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
276
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
277 if (!ENGINE_ctrl_cmd_string(engine, "MODULE_PATH", module.c_str(), 0))
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
278 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
279 LOG(ERROR) << "Cannot configure the OpenSSL dynamic engine for PKCS#11";
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
280 throw OrthancException(ErrorCode_InternalError);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
281 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
282
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
283 if (verbose)
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
284 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
285 ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
286 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
287
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
288 if (!pin.empty() &&
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
289 !ENGINE_ctrl_cmd_string(engine, "PIN", pin.c_str(), 0))
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
290 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
291 LOG(ERROR) << "Cannot set the PIN code for PKCS#11";
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
292 throw OrthancException(ErrorCode_InternalError);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
293 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
294
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
295 if (!ENGINE_init(engine))
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
296 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
297 LOG(ERROR) << "Cannot initialize the OpenSSL dynamic engine for PKCS#11";
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
298 throw OrthancException(ErrorCode_InternalError);
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
299 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
300
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
301 LOG(WARNING) << "The PKCS#11 engine has been successfully initialized";
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
302 pkcs11Initialized_ = true;
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
303 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
304
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
305
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
306 void Finalize()
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
307 {
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
308 // Nothing to do, the unregistration of the engine is
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
309 // automatically done by OpenSSL
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
310 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
311 }
e7e1858d9504 reorganization
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
diff changeset
312 }