XRootD
XrdCryptosslFactory.cc
Go to the documentation of this file.
1 /******************************************************************************/
2 /* */
3 /* X r d C r y p t o S s l F a c t o r y . c c */
4 /* */
5 /* (c) 2004 by the Board of Trustees of the Leland Stanford, Jr., University */
6 /* Produced by Gerri Ganis for CERN */
7 /* */
8 /* This file is part of the XRootD software suite. */
9 /* */
10 /* XRootD is free software: you can redistribute it and/or modify it under */
11 /* the terms of the GNU Lesser General Public License as published by the */
12 /* Free Software Foundation, either version 3 of the License, or (at your */
13 /* option) any later version. */
14 /* */
15 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
16 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
17 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
18 /* License for more details. */
19 /* */
20 /* You should have received a copy of the GNU Lesser General Public License */
21 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
22 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
23 /* */
24 /* The copyright holder's institutional names and contributor's names may not */
25 /* be used to endorse or promote products derived from this software without */
26 /* specific prior written permission of the institution or contributor. */
27 /******************************************************************************/
28 
29 /* ************************************************************************** */
30 /* */
31 /* Implementation of the OpenSSL crypto factory */
32 /* */
33 /* ************************************************************************** */
34 
43 
44 #include "XrdSys/XrdSysLogger.hh"
45 #include "XrdSys/XrdSysError.hh"
46 #include "XrdSut/XrdSutRndm.hh"
47 
48 #include "XrdTls/XrdTlsContext.hh"
49 
51 
52 #include "XrdVersion.hh"
53 
54 #include <openssl/rand.h>
55 #include <openssl/ssl.h>
56 
57 //
58 // For error logging and tracing
60 static XrdSysError eDest(0,"cryptossl_");
61 
62 //______________________________________________________________________________
65 {
66  // Constructor: init the needed components of the OpenSSL library
67 
68  // Init SSL ...
69  //
70  static const char *eText = XrdTlsContext::Init();
71 
72  // Make sure all went well (we need to possibly abort here)
73  //
74  if (eText)
75  {std::cerr <<"XrdCryptosslFactory: " <<eText <<std::endl;
76  abort();
77  }
78 
79  // Init Random machinery
80  //
81  int klen = 32;
82  char *ktmp = XrdSutRndm::GetBuffer(klen);
83  if (ktmp) {
84  // Feed the random engine
85  RAND_seed(ktmp,klen);
86  delete[] ktmp;
87  }
88 }
89 
90 //______________________________________________________________________________
92 {
93  // Set trace flags according to 'trace'
94 
95  //
96  // Initiate error logging and tracing
98  if (!sslTrace)
99  sslTrace = new XrdOucTrace(&eDest);
100  if (sslTrace) {
101  // Set debug mask
102  sslTrace->What = 0;
103  // Low level only
104  if ((trace & sslTRACE_Notify))
106  // Medium level
107  if ((trace & sslTRACE_Debug))
109  // High level
110  if ((trace & sslTRACE_Dump))
112  }
113 }
114 
115 //______________________________________________________________________________
117 {
118  // Return an instance of an implementation of the PBKDF2 fun length.
119 
120  return &XrdCryptosslKDFunLen;
121 }
122 
123 //______________________________________________________________________________
125 {
126  // Return an instance of an implementation of the PBKDF2 function.
127 
128  return &XrdCryptosslKDFun;
129 }
130 
131 //______________________________________________________________________________
133 {
134  // Returns true if specified cipher is supported
135 
137 }
138 
139 //______________________________________________________________________________
141 {
142  // Returns true if cipher padding is supported
143 #if defined(HAVE_DH_PADDED) || defined(HAVE_DH_PADDED_FUNC)
144  return true;
145 #else
146  return false;
147 #endif
148 }
149 
150 //______________________________________________________________________________
152 {
153  // Return an instance of a ssl implementation of XrdCryptoCipher.
154 
155  XrdCryptoCipher *cip = new XrdCryptosslCipher(t,l);
156  if (cip) {
157  if (cip->IsValid())
158  return cip;
159  else
160  delete cip;
161  }
162  return (XrdCryptoCipher *)0;
163 }
164 
165 //______________________________________________________________________________
167  int l, const char *k,
168  int liv, const char *iv)
169 {
170  // Return an instance of a ssl implementation of XrdCryptoCipher.
171 
172  XrdCryptoCipher *cip = new XrdCryptosslCipher(t,l,k,liv,iv);
173  if (cip) {
174  if (cip->IsValid())
175  return cip;
176  else
177  delete cip;
178  }
179  return (XrdCryptoCipher *)0;
180 }
181 
182 //______________________________________________________________________________
184 {
185  // Return an instance of a Local implementation of XrdCryptoCipher.
186 
187  XrdCryptoCipher *cip = new XrdCryptosslCipher(b);
188  if (cip) {
189  if (cip->IsValid())
190  return cip;
191  else
192  delete cip;
193  }
194  return (XrdCryptoCipher *)0;
195 }
196 
197 //______________________________________________________________________________
198 XrdCryptoCipher *XrdCryptosslFactory::Cipher(bool padded, int b, char *p,
199  int l, const char *t)
200 {
201  // Return an instance of a Ssl implementation of XrdCryptoCipher.
202 
203  XrdCryptoCipher *cip = new XrdCryptosslCipher(padded, b,p,l,t);
204  if (cip) {
205  if (cip->IsValid())
206  return cip;
207  else
208  delete cip;
209  }
210  return (XrdCryptoCipher *)0;
211 }
212 
213 //______________________________________________________________________________
215  int l, const char *t)
216 {
217  // Return an instance of a Ssl implementation of XrdCryptoCipher.
218 
219  XrdCryptoCipher *cip = new XrdCryptosslCipher(false,b,p,l,t);
220  if (cip) {
221  if (cip->IsValid())
222  return cip;
223  else
224  delete cip;
225  }
226  return (XrdCryptoCipher *)0;
227 }
228 
229 //______________________________________________________________________________
231 {
232  // Return an instance of a Ssl implementation of XrdCryptoCipher.
233 
235  if (cip) {
236  if (cip->IsValid())
237  return cip;
238  else
239  delete cip;
240  }
241  return (XrdCryptoCipher *)0;
242 }
243 
244 //______________________________________________________________________________
246 {
247  // Returns true if specified digest is supported
248 
250 }
251 
252 //______________________________________________________________________________
254 {
255  // Return an instance of a ssl implementation of XrdCryptoMsgDigest.
256 
258  if (md) {
259  if (md->IsValid())
260  return md;
261  else
262  delete md;
263  }
264  return (XrdCryptoMsgDigest *)0;
265 }
266 
267 //______________________________________________________________________________
269 {
270  // Return an instance of a ssl implementation of XrdCryptoRSA.
271 
272  XrdCryptoRSA *rsa = new XrdCryptosslRSA(bits,exp);
273  if (rsa) {
274  if (rsa->IsValid())
275  return rsa;
276  else
277  delete rsa;
278  }
279  return (XrdCryptoRSA *)0;
280 }
281 
282 //______________________________________________________________________________
283 XrdCryptoRSA *XrdCryptosslFactory::RSA(const char *pub, int lpub)
284 {
285  // Return an instance of a ssl implementation of XrdCryptoRSA.
286 
287  XrdCryptoRSA *rsa = new XrdCryptosslRSA(pub,lpub);
288  if (rsa) {
289  if (rsa->IsValid())
290  return rsa;
291  else
292  delete rsa;
293  }
294  return (XrdCryptoRSA *)0;
295 }
296 
297 //______________________________________________________________________________
299 {
300  // Return an instance of a Ssl implementation of XrdCryptoRSA.
301 
302  XrdCryptoRSA *rsa = new XrdCryptosslRSA(*((XrdCryptosslRSA *)&r));
303  if (rsa) {
304  if (rsa->IsValid())
305  return rsa;
306  else
307  delete rsa;
308  }
309  return (XrdCryptoRSA *)0;
310 }
311 
312 //______________________________________________________________________________
313 XrdCryptoX509 *XrdCryptosslFactory::X509(const char *cf, const char *kf)
314 {
315  // Return an instance of a ssl implementation of XrdCryptoX509.
316 
317  XrdCryptoX509 *x509 = new XrdCryptosslX509(cf, kf);
318  if (x509) {
319  if (x509->Opaque())
320  return x509;
321  else
322  delete x509;
323  }
324  return (XrdCryptoX509 *)0;
325 }
326 
327 //______________________________________________________________________________
329 {
330  // Return an instance of a ssl implementation of XrdCryptoX509.
331 
332  XrdCryptoX509 *x509 = new XrdCryptosslX509(b);
333  if (x509) {
334  if (x509->Opaque())
335  return x509;
336  else
337  delete x509;
338  }
339  return (XrdCryptoX509 *)0;
340 }
341 
342 //______________________________________________________________________________
344 {
345  // Return an instance of a ssl implementation of XrdCryptoX509Crl.
346 
347  XrdCryptoX509Crl *x509Crl = new XrdCryptosslX509Crl(cf, opt);
348  if (x509Crl) {
349  if (x509Crl->Opaque())
350  return x509Crl;
351  else
352  delete x509Crl;
353  }
354  return (XrdCryptoX509Crl *)0;
355 }
356 
357 //______________________________________________________________________________
359 {
360  // Return an instance of a ssl implementation of XrdCryptoX509Crl.
361 
362  XrdCryptoX509Crl *x509Crl = new XrdCryptosslX509Crl(ca);
363  if (x509Crl) {
364  if (x509Crl->Opaque())
365  return x509Crl;
366  else
367  delete x509Crl;
368  }
369  return (XrdCryptoX509Crl *)0;
370 }
371 
372 //______________________________________________________________________________
374 {
375  // Return an instance of a ssl implementation of XrdCryptoX509Crl.
376 
377  XrdCryptoX509Req *x509Req = new XrdCryptosslX509Req(b);
378  if (x509Req) {
379  if (x509Req->Opaque())
380  return x509Req;
381  else
382  delete x509Req;
383  }
384  return (XrdCryptoX509Req *)0;
385 }
386 
387 //______________________________________________________________________________
389 {
390  // Return hook to the OpenSSL implementation of the verification
391  // function for X509 certificate.
392 
394 }
395 
396 //______________________________________________________________________________
398 {
399  // Return hook to the OpenSSL implementation of the verification
400  // function for X509 certificate chains.
401 
403 }
404 
405 //______________________________________________________________________________
407 {
408  // Return an instance of an implementation of a function
409  // to export a X509 certificate chain.
410 
412 }
413 
414 //______________________________________________________________________________
416 {
417  // Return an instance of an implementation of a function
418  // to dump a X509 certificate chain to a file.
419 
421 }
422 
423 //______________________________________________________________________________
425 {
426  // Return an instance of an implementation of a function
427  // to parse a file supposed to contain for X509 certificates.
428 
430 }
431 
432 //______________________________________________________________________________
434 {
435  // Return an instance of an implementation of a function
436  // to parse a file supposed to contain for X509 certificates.
437 
439 }
440 
441 //______________________________________________________________________________
443 {
444  // Return an instance of an implementation of a function
445  // to parse a file supposed to contain for X509 certificates.
446 
448 }
449 
450 //______________________________________________________________________________
452 {
453  // Check if the proxyCertInfo extension exists
454 
456 }
457 
458 //______________________________________________________________________________
460 {
461  // Set the path length constraint
462 
464 }
465 
466 //______________________________________________________________________________
468 {
469  // Create a proxy certificate
470 
472 }
473 
474 //______________________________________________________________________________
476 {
477  // Create a proxy request
478 
480 }
481 
482 //______________________________________________________________________________
484 {
485  // Sign a proxy request
486 
488 }
489 
490 //______________________________________________________________________________
492 {
493  // Check consistency of a GSI 3 compliant proxy
494 
496 }
497 
498 //______________________________________________________________________________
500 {
501  // Get VOMS attributes, if any
502 
504 }
505 
506 
507 /******************************************************************************/
508 /* X r d C r y p t o S s l F a c t o r y O b j e c t */
509 /******************************************************************************/
510 
512 
513 extern "C" {
515 {
516  // Return a pointer to the instantiated Ssl factory singleton.
517  // Instantiate the singleton on the first call.
518 
519  static XrdCryptosslFactory SslCryptoFactory;
520 
521  return &SslCryptoFactory;
522 }}
int kXR_int32
Definition: XPtypes.hh:89
int(* XrdCryptoKDFunLen_t)()
Definition: XrdCryptoAux.hh:59
int(* XrdCryptoKDFun_t)(const char *pass, int plen, const char *salt, int slen, char *key, int klen)
Definition: XrdCryptoAux.hh:60
int(* XrdCryptoX509ChainToFile_t)(XrdCryptoX509Chain *, const char *)
int(* XrdCryptoX509CreateProxy_t)(const char *, const char *, XrdProxyOpt_t *, XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *)
int(* XrdCryptoX509SignProxyReq_t)(XrdCryptoX509 *, XrdCryptoRSA *, XrdCryptoX509Req *, XrdCryptoX509 **)
bool(* XrdCryptoX509VerifyChain_t)(XrdCryptoX509Chain *chain, int &errcode)
int(* XrdCryptoX509ParseBucket_t)(XrdSutBucket *, XrdCryptoX509Chain *)
bool(* XrdCryptoX509VerifyCert_t)(XrdCryptoX509 *c, XrdCryptoX509 *r)
int(* XrdCryptoX509GetVOMSAttr_t)(XrdCryptoX509 *, XrdOucString &)
void(* XrdCryptoSetPathLenConstraint_t)(void *, int)
int(* XrdCryptoX509ParseStack_t)(XrdTlsPeerCerts *pc, XrdCryptoX509Chain *c)
XrdSutBucket *(* XrdCryptoX509ExportChain_t)(XrdCryptoX509Chain *, bool)
int(* XrdCryptoX509ParseFile_t)(const char *fname, XrdCryptoX509Chain *, const char *)
int(* XrdCryptoX509CreateProxyReq_t)(XrdCryptoX509 *, XrdCryptoX509Req **, XrdCryptoRSA **)
bool(* XrdCryptoProxyCertInfo_t)(const void *, int &, bool *)
int(* XrdCryptoX509CheckProxy3_t)(XrdCryptoX509 *, XrdOucString &)
int XrdCryptosslX509ParseBucket(XrdSutBucket *b, XrdCryptoX509Chain *chain)
int XrdCryptosslKDFunLen()
int XrdCryptosslX509ChainToFile(XrdCryptoX509Chain *ch, const char *fn)
XrdOucTrace * sslTrace
int XrdCryptosslX509ParseStack(XrdTlsPeerCerts *pc, XrdCryptoX509Chain *chain)
int XrdCryptosslKDFun(const char *pass, int plen, const char *salt, int slen, char *key, int klen)
XrdSutBucket * XrdCryptosslX509ExportChain(XrdCryptoX509Chain *chain, bool withprivatekey)
int XrdCryptosslX509ParseFile(const char *fname, XrdCryptoX509Chain *chain, const char *fkey)
bool XrdCryptosslX509VerifyChain(XrdCryptoX509Chain *chain, int &errcode)
bool XrdCryptosslX509VerifyCert(XrdCryptoX509 *cert, XrdCryptoX509 *ref)
void XrdCryptosslSetPathLenConstraint(void *ext, int pathlen)
int XrdCryptosslX509CheckProxy3(XrdCryptoX509 *, XrdOucString &)
#define sslTRACE_ALL
int XrdCryptosslX509SignProxyReq(XrdCryptoX509 *, XrdCryptoRSA *, XrdCryptoX509Req *, XrdCryptoX509 **)
bool XrdCryptosslProxyCertInfo(const void *ext, int &pathlen, bool *haspolicy=0)
#define sslTRACE_Dump
int XrdCryptosslX509CreateProxyReq(XrdCryptoX509 *, XrdCryptoX509Req **, XrdCryptoRSA **)
#define sslTRACE_Debug
#define sslTRACE_Notify
int XrdCryptosslX509CreateProxy(const char *, const char *, XrdProxyOpt_t *, XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *)
int XrdCryptosslX509GetVOMSAttr(XrdCryptoX509 *, XrdOucString &)
XrdCryptoFactory * XrdCryptosslFactoryObject()
static XrdSysLogger Logger
static XrdSysError eDest(0,"cryptossl_")
XrdVERSIONINFO(XrdCryptosslFactoryObject, cryptossl)
#define XrdCryptosslFactoryID
virtual bool IsValid()
virtual bool IsValid()
bool IsValid()
Definition: XrdCryptoRSA.hh:69
virtual XrdCryptoX509Crldata Opaque()
virtual XrdCryptoX509Reqdata Opaque()
virtual XrdCryptoX509data Opaque()
static bool IsSupported(const char *cip)
void SetTrace(kXR_int32 trace)
XrdCryptoX509CreateProxy_t X509CreateProxy()
XrdCryptoX509CreateProxyReq_t X509CreateProxyReq()
XrdCryptoSetPathLenConstraint_t SetPathLenConstraint()
XrdCryptoX509ChainToFile_t X509ChainToFile()
bool SupportedMsgDigest(const char *dgst)
XrdCryptoX509ParseFile_t X509ParseFile()
XrdCryptoX509VerifyCert_t X509VerifyCert()
XrdCryptoX509SignProxyReq_t X509SignProxyReq()
XrdCryptoX509ExportChain_t X509ExportChain()
XrdCryptoMsgDigest * MsgDigest(const char *dgst)
XrdCryptoX509GetVOMSAttr_t X509GetVOMSAttr()
XrdCryptoX509VerifyChain_t X509VerifyChain()
bool SupportedCipher(const char *t)
XrdCryptoKDFun_t KDFun()
XrdCryptoX509ParseStack_t X509ParseStack()
XrdCryptoX509ParseBucket_t X509ParseBucket()
XrdCryptoKDFunLen_t KDFunLen()
XrdCryptoX509Req * X509Req(XrdSutBucket *bck)
XrdCryptoX509CheckProxy3_t X509CheckProxy3()
XrdCryptoX509 * X509(const char *cf, const char *kf=0)
XrdCryptoX509Crl * X509Crl(const char *crlfile, int opt=0)
XrdCryptoCipher * Cipher(const char *t, int l=0)
XrdCryptoProxyCertInfo_t ProxyCertInfo()
XrdCryptoRSA * RSA(int bits=XrdCryptoDefRSABits, int exp=XrdCryptoDefRSAExp)
static bool IsSupported(const char *dgst)
static char * GetBuffer(int len, int opt=-1)
Definition: XrdSutRndm.cc:179
XrdSysLogger * logger(XrdSysLogger *lp=0)
Definition: XrdSysError.hh:141
static const char * Init()