1 /*
2 * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License as
6 * published by the Free Software Foundation; either version 2 of the
7 * License, or any later version.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17 * 02110-1301, USA.
18 *
19 * You can also choose to distribute this program under the terms of
20 * the Unmodified Binary Distribution Licence (as given in the file
21 * COPYING.UBDL), provided that you have satisfied its requirements.
22 */
23
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25
26 #include <stdint.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <ipxe/dhcp.h>
30 #include <ipxe/settings.h>
31 #include <ipxe/x509.h>
32 #include <ipxe/privkey.h>
33
34 /** @file
35 *
36 * Private key
37 *
38 * Life would in theory be easier if we could use a single file to
39 * hold both the certificate and corresponding private key.
40 * Unfortunately, the only common format which supports this is
41 * PKCS#12 (aka PFX), which is too ugly to be allowed anywhere near my
42 * codebase. See, for reference and amusement:
43 *
44 * http://www.cs.auckland.ac.nz/~pgut001/pubs/pfx.html
45 */
46
47 /* Allow private key to be overridden if not explicitly specified */
48 #ifdef PRIVATE_KEY
49 #define ALLOW_KEY_OVERRIDE 0
50 #else
51 #define ALLOW_KEY_OVERRIDE 1
52 #endif
53
54 /* Raw private key data */
55 extern char private_key_data[];
56 extern char private_key_len[];
57 __asm__ ( ".section \".rodata\", \"a\", " PROGBITS "\n\t"
58 "\nprivate_key_data:\n\t"
59 #ifdef PRIVATE_KEY
60 ".incbin \"" PRIVATE_KEY "\"\n\t"
61 #endif /* PRIVATE_KEY */
62 ".size private_key_data, ( . - private_key_data )\n\t"
63 ".equ private_key_len, ( . - private_key_data )\n\t"
64 ".previous\n\t" );
65
66 /** Private key */
67 struct asn1_cursor private_key = {
68 .data = private_key_data,
69 .len = ( ( size_t ) private_key_len ),
70 };
71
72 /** Default private key */
73 static struct asn1_cursor default_private_key = {
74 .data = private_key_data,
75 .len = ( ( size_t ) private_key_len ),
76 };
77
78 /** Private key setting */
79 static struct setting privkey_setting __setting ( SETTING_CRYPTO, privkey ) = {
80 .name = "privkey",
81 .description = "Private key",
82 .tag = DHCP_EB_KEY,
83 .type = &setting_type_hex,
84 };
85
86 /**
87 * Apply private key configuration settings
88 *
89 * @ret rc Return status code
90 */
privkey_apply_settings(void)91 static int privkey_apply_settings ( void ) {
92 static void *key_data = NULL;
93 int len;
94
95 /* Allow private key to be overridden only if not explicitly
96 * specified at build time.
97 */
98 if ( ALLOW_KEY_OVERRIDE ) {
99
100 /* Restore default private key */
101 memcpy ( &private_key, &default_private_key,
102 sizeof ( private_key ) );
103
104 /* Fetch new private key, if any */
105 free ( key_data );
106 if ( ( len = fetch_raw_setting_copy ( NULL, &privkey_setting,
107 &key_data ) ) >= 0 ) {
108 private_key.data = key_data;
109 private_key.len = len;
110 }
111 }
112
113 /* Debug */
114 if ( private_key.len ) {
115 DBGC ( &private_key, "PRIVKEY using %s private key:\n",
116 ( key_data ? "external" : "built-in" ) );
117 DBGC_HDA ( &private_key, 0, private_key.data, private_key.len );
118 } else {
119 DBGC ( &private_key, "PRIVKEY has no private key\n" );
120 }
121
122 return 0;
123 }
124
125 /** Private key settings applicator */
126 struct settings_applicator privkey_applicator __settings_applicator = {
127 .apply = privkey_apply_settings,
128 };
129