Mercurial > hg > orthanc
annotate OrthancFramework/Sources/Pkcs11.cpp @ 5640:f7adfb22e20e
updated copyright, as Orthanc Team now replaces Osimis
| author | Sebastien Jodogne <s.jodogne@gmail.com> |
|---|---|
| date | Thu, 30 May 2024 21:19:57 +0200 |
| parents | 48b8dae6dc77 |
| children |
| rev | line source |
|---|---|
| 2025 | 1 /** |
| 2 * Orthanc - A Lightweight, RESTful DICOM Store | |
| 3 * Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics | |
| 4 * Department, University Hospital of Liege, Belgium | |
|
5640
f7adfb22e20e
updated copyright, as Orthanc Team now replaces Osimis
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
5485
diff
changeset
|
5 * Copyright (C) 2017-2023 Osimis S.A., Belgium |
|
f7adfb22e20e
updated copyright, as Orthanc Team now replaces Osimis
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
5485
diff
changeset
|
6 * Copyright (C) 2024-2024 Orthanc Team SRL, Belgium |
|
5485
48b8dae6dc77
upgrade to year 2024
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
5185
diff
changeset
|
7 * Copyright (C) 2021-2024 Sebastien Jodogne, ICTEAM UCLouvain, Belgium |
| 2025 | 8 * |
| 9 * This program is free software: you can redistribute it and/or | |
|
4119
bf7b9edf6b81
re-licensing the OrthancFramework to LGPL, in order to license Stone of Orthanc under LGPL
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
4044
diff
changeset
|
10 * modify it under the terms of the GNU Lesser General Public License |
|
bf7b9edf6b81
re-licensing the OrthancFramework to LGPL, in order to license Stone of Orthanc under LGPL
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
4044
diff
changeset
|
11 * as published by the Free Software Foundation, either version 3 of |
|
bf7b9edf6b81
re-licensing the OrthancFramework to LGPL, in order to license Stone of Orthanc under LGPL
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
4044
diff
changeset
|
12 * the License, or (at your option) any later version. |
| 2025 | 13 * |
| 14 * This program is distributed in the hope that it will be useful, but | |
| 15 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
|
4119
bf7b9edf6b81
re-licensing the OrthancFramework to LGPL, in order to license Stone of Orthanc under LGPL
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
4044
diff
changeset
|
17 * Lesser General Public License for more details. |
| 2025 | 18 * |
|
4119
bf7b9edf6b81
re-licensing the OrthancFramework to LGPL, in order to license Stone of Orthanc under LGPL
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
4044
diff
changeset
|
19 * You should have received a copy of the GNU Lesser General Public |
|
bf7b9edf6b81
re-licensing the OrthancFramework to LGPL, in order to license Stone of Orthanc under LGPL
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
4044
diff
changeset
|
20 * License along with this program. If not, see |
|
bf7b9edf6b81
re-licensing the OrthancFramework to LGPL, in order to license Stone of Orthanc under LGPL
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
4044
diff
changeset
|
21 * <http://www.gnu.org/licenses/>. |
| 2025 | 22 **/ |
| 23 | |
| 24 | |
| 25 #include "PrecompiledHeaders.h" | |
| 26 #include "Pkcs11.h" | |
| 27 | |
| 28 | |
| 29 #if defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_ECDSA) || defined(OPENSSL_NO_ECDH) | |
| 30 # error OpenSSL was compiled without support for RSA, EC, ECDSA or ECDH | |
| 31 #endif | |
| 32 | |
| 33 | |
| 34 #include "Logging.h" | |
| 35 #include "OrthancException.h" | |
| 2145 | 36 #include "SystemToolbox.h" |
| 2025 | 37 |
| 38 extern "C" | |
| 39 { | |
| 2145 | 40 # include <libp11/engine.h> // This is P11's "engine.h" |
| 41 # include <libp11/libp11.h> | |
| 2025 | 42 } |
| 43 | |
| 44 #include <openssl/engine.h> | |
| 45 | |
|
4741
a6b7c29f5118
compiler warning about openssl license
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
4437
diff
changeset
|
46 #if OPENSSL_VERSION_NUMBER < 0x30000000L |
|
5073
859f3668c181
replaced macro "#warning" by "#pragma message" for Visual Studio
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
4892
diff
changeset
|
47 # if defined(_MSC_VER) |
|
859f3668c181
replaced macro "#warning" by "#pragma message" for Visual Studio
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
4892
diff
changeset
|
48 # pragma message("You are linking Orthanc against OpenSSL 1.x, whose license is incompatible with the GPLv3+ used by Orthanc. Please update to OpenSSL 3.x, that uses the Apache 2 license.") |
|
859f3668c181
replaced macro "#warning" by "#pragma message" for Visual Studio
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
4892
diff
changeset
|
49 # else |
|
859f3668c181
replaced macro "#warning" by "#pragma message" for Visual Studio
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
4892
diff
changeset
|
50 # warning You are linking Orthanc against OpenSSL 1.x, whose license is incompatible with the GPLv3+ used by Orthanc. Please update to OpenSSL 3.x, that uses the Apache 2 license. |
|
859f3668c181
replaced macro "#warning" by "#pragma message" for Visual Studio
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
4892
diff
changeset
|
51 # endif |
|
4741
a6b7c29f5118
compiler warning about openssl license
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
4437
diff
changeset
|
52 #endif |
|
a6b7c29f5118
compiler warning about openssl license
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
4437
diff
changeset
|
53 |
| 2025 | 54 |
| 55 namespace Orthanc | |
| 56 { | |
| 57 namespace Pkcs11 | |
| 58 { | |
| 59 static const char* PKCS11_ENGINE_ID = "pkcs11"; | |
| 60 static const char* PKCS11_ENGINE_NAME = "PKCS#11 for Orthanc"; | |
| 61 static const ENGINE_CMD_DEFN PKCS11_ENGINE_COMMANDS[] = | |
| 62 { | |
| 63 { | |
| 64 CMD_MODULE_PATH, | |
| 65 "MODULE_PATH", | |
| 66 "Specifies the path to the PKCS#11 module shared library", | |
| 67 ENGINE_CMD_FLAG_STRING | |
| 68 }, | |
| 69 { | |
| 70 CMD_PIN, | |
| 71 "PIN", | |
| 72 "Specifies the pin code", | |
| 73 ENGINE_CMD_FLAG_STRING | |
| 74 }, | |
| 75 { | |
| 76 CMD_VERBOSE, | |
| 77 "VERBOSE", | |
| 78 "Print additional details", | |
| 79 ENGINE_CMD_FLAG_NO_INPUT | |
| 80 }, | |
| 81 { | |
| 82 CMD_LOAD_CERT_CTRL, | |
| 83 "LOAD_CERT_CTRL", | |
| 84 "Get the certificate from card", | |
| 85 ENGINE_CMD_FLAG_INTERNAL | |
| 86 }, | |
| 87 { | |
| 88 0, | |
| 89 NULL, | |
| 90 NULL, | |
| 91 0 | |
| 92 } | |
| 93 }; | |
| 94 | |
| 95 | |
| 96 static bool pkcs11Initialized_ = false; | |
| 97 static ENGINE_CTX *context_ = NULL; | |
| 98 | |
| 99 static int EngineInitialize(ENGINE* engine) | |
| 100 { | |
| 101 if (context_ == NULL) | |
| 102 { | |
| 103 return 0; | |
| 104 } | |
| 105 else | |
| 106 { | |
| 107 return pkcs11_init(context_); | |
| 108 } | |
| 109 } | |
| 110 | |
| 111 | |
| 112 static int EngineFinalize(ENGINE* engine) | |
| 113 { | |
| 114 if (context_ == NULL) | |
| 115 { | |
| 116 return 0; | |
| 117 } | |
| 118 else | |
| 119 { | |
| 120 return pkcs11_finish(context_); | |
| 121 } | |
| 122 } | |
| 123 | |
| 124 | |
| 125 static int EngineDestroy(ENGINE* engine) | |
| 126 { | |
| 127 return (context_ == NULL ? 0 : 1); | |
| 128 } | |
| 129 | |
| 130 | |
| 131 static int EngineControl(ENGINE *engine, | |
| 132 int command, | |
| 133 long i, | |
| 134 void *p, | |
| 135 void (*f) ()) | |
| 136 { | |
| 137 if (context_ == NULL) | |
| 138 { | |
| 139 return 0; | |
| 140 } | |
| 141 else | |
| 142 { | |
| 143 return pkcs11_engine_ctrl(context_, command, i, p, f); | |
| 144 } | |
| 145 } | |
| 146 | |
| 147 | |
| 148 static EVP_PKEY *EngineLoadPublicKey(ENGINE *engine, | |
| 149 const char *s_key_id, | |
| 150 UI_METHOD *ui_method, | |
| 151 void *callback_data) | |
| 152 { | |
| 153 if (context_ == NULL) | |
| 154 { | |
| 155 return 0; | |
| 156 } | |
| 157 else | |
| 158 { | |
| 159 return pkcs11_load_public_key(context_, s_key_id, ui_method, callback_data); | |
| 160 } | |
| 161 } | |
| 162 | |
| 163 | |
| 164 static EVP_PKEY *EngineLoadPrivateKey(ENGINE *engine, | |
| 165 const char *s_key_id, | |
| 166 UI_METHOD *ui_method, | |
| 167 void *callback_data) | |
| 168 { | |
| 169 if (context_ == NULL) | |
| 170 { | |
| 171 return 0; | |
| 172 } | |
| 173 else | |
| 174 { | |
| 175 return pkcs11_load_private_key(context_, s_key_id, ui_method, callback_data); | |
| 176 } | |
| 177 } | |
| 178 | |
| 179 | |
| 180 static ENGINE* LoadEngine() | |
| 181 { | |
| 182 // This function creates an engine for PKCS#11 and inspired by | |
| 183 // the "ENGINE_load_dynamic" function from OpenSSL, in file | |
| 184 // "crypto/engine/eng_dyn.c" | |
| 185 | |
| 186 ENGINE* engine = ENGINE_new(); | |
| 187 if (!engine) | |
| 188 { | |
|
2954
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
189 throw OrthancException(ErrorCode_InternalError, |
|
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
190 "Cannot create an OpenSSL engine for PKCS#11"); |
| 2025 | 191 } |
| 192 | |
| 193 // Create a PKCS#11 context using libp11 | |
| 194 context_ = pkcs11_new(); | |
| 195 if (!context_) | |
| 196 { | |
| 197 ENGINE_free(engine); | |
|
2954
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
198 throw OrthancException(ErrorCode_InternalError, |
|
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
199 "Cannot create a libp11 context for PKCS#11"); |
| 2025 | 200 } |
| 201 | |
| 202 if (!ENGINE_set_id(engine, PKCS11_ENGINE_ID) || | |
| 203 !ENGINE_set_name(engine, PKCS11_ENGINE_NAME) || | |
| 204 !ENGINE_set_cmd_defns(engine, PKCS11_ENGINE_COMMANDS) || | |
| 205 | |
| 206 // Register the callback functions | |
| 207 !ENGINE_set_init_function(engine, EngineInitialize) || | |
| 208 !ENGINE_set_finish_function(engine, EngineFinalize) || | |
| 209 !ENGINE_set_destroy_function(engine, EngineDestroy) || | |
| 210 !ENGINE_set_ctrl_function(engine, EngineControl) || | |
| 211 !ENGINE_set_load_pubkey_function(engine, EngineLoadPublicKey) || | |
| 212 !ENGINE_set_load_privkey_function(engine, EngineLoadPrivateKey) || | |
| 213 | |
| 214 !ENGINE_set_RSA(engine, PKCS11_get_rsa_method()) || | |
|
3723
cc6d4edfe8fe
fix pkcs11 compilation
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
3640
diff
changeset
|
215 |
|
cc6d4edfe8fe
fix pkcs11 compilation
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
3640
diff
changeset
|
216 #if OPENSSL_VERSION_NUMBER < 0x10100000L // OpenSSL 1.0.2 |
| 2025 | 217 !ENGINE_set_ECDSA(engine, PKCS11_get_ecdsa_method()) || |
| 218 !ENGINE_set_ECDH(engine, PKCS11_get_ecdh_method()) || | |
|
3723
cc6d4edfe8fe
fix pkcs11 compilation
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
3640
diff
changeset
|
219 #else |
| 2025 | 220 !ENGINE_set_EC(engine, PKCS11_get_ec_key_method()) || |
| 221 #endif | |
| 222 | |
| 223 // Make OpenSSL know about our PKCS#11 engine | |
| 224 !ENGINE_add(engine)) | |
| 225 { | |
| 226 pkcs11_finish(context_); | |
| 227 ENGINE_free(engine); | |
|
2954
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
228 throw OrthancException(ErrorCode_InternalError, |
|
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
229 "Cannot initialize the OpenSSL engine for PKCS#11"); |
| 2025 | 230 } |
| 231 | |
| 232 // If the "ENGINE_add" worked, it gets a structural | |
| 233 // reference. We release our just-created reference. | |
| 234 ENGINE_free(engine); | |
| 235 | |
| 236 return ENGINE_by_id(PKCS11_ENGINE_ID); | |
| 237 } | |
| 238 | |
| 239 | |
| 240 bool IsInitialized() | |
| 241 { | |
| 242 return pkcs11Initialized_; | |
| 243 } | |
| 244 | |
| 245 const char* GetEngineIdentifier() | |
| 246 { | |
| 247 return PKCS11_ENGINE_ID; | |
| 248 } | |
| 249 | |
| 250 void Initialize(const std::string& module, | |
| 251 const std::string& pin, | |
| 252 bool verbose) | |
| 253 { | |
| 254 if (pkcs11Initialized_) | |
| 255 { | |
|
2954
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
256 throw OrthancException(ErrorCode_BadSequenceOfCalls, |
|
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
257 "The PKCS#11 engine has already been initialized"); |
| 2025 | 258 } |
| 259 | |
| 260 if (module.empty() || | |
| 2145 | 261 !SystemToolbox::IsRegularFile(module)) |
| 2025 | 262 { |
|
2954
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
263 throw OrthancException( |
|
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
264 ErrorCode_InexistentFile, |
|
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
265 "The PKCS#11 module must be a path to one shared library (DLL or .so)"); |
| 2025 | 266 } |
| 267 | |
| 268 ENGINE* engine = LoadEngine(); | |
| 269 if (!engine) | |
| 270 { | |
|
2954
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
271 throw OrthancException(ErrorCode_InternalError, |
|
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
272 "Cannot create an OpenSSL engine for PKCS#11"); |
| 2025 | 273 } |
| 274 | |
| 275 if (!ENGINE_ctrl_cmd_string(engine, "MODULE_PATH", module.c_str(), 0)) | |
| 276 { | |
|
2954
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
277 throw OrthancException(ErrorCode_InternalError, |
|
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
278 "Cannot configure the OpenSSL dynamic engine for PKCS#11"); |
| 2025 | 279 } |
| 280 | |
| 281 if (verbose) | |
| 282 { | |
| 283 ENGINE_ctrl_cmd_string(engine, "VERBOSE", NULL, 0); | |
| 284 } | |
| 285 | |
| 286 if (!pin.empty() && | |
| 287 !ENGINE_ctrl_cmd_string(engine, "PIN", pin.c_str(), 0)) | |
| 288 { | |
|
2954
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
289 throw OrthancException(ErrorCode_InternalError, |
|
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
290 "Cannot set the PIN code for PKCS#11"); |
| 2025 | 291 } |
| 292 | |
| 293 if (!ENGINE_init(engine)) | |
| 294 { | |
|
2954
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
295 throw OrthancException(ErrorCode_InternalError, |
|
d924f9bb61cc
taking advantage of details in OrthancException
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
2447
diff
changeset
|
296 "Cannot initialize the OpenSSL dynamic engine for PKCS#11"); |
| 2025 | 297 } |
| 298 | |
| 299 LOG(WARNING) << "The PKCS#11 engine has been successfully initialized"; | |
| 300 pkcs11Initialized_ = true; | |
| 301 } | |
| 302 | |
| 303 | |
| 304 void Finalize() | |
| 305 { | |
| 306 // Nothing to do, the unregistration of the engine is | |
| 307 // automatically done by OpenSSL | |
| 308 } | |
| 309 } | |
| 310 } |