1327234555

Committed 11 Jun 2024 12:05PM UTC coverage: 76.862% (-0.4%) from 77.239%

Build # 1327234555

Build Type

Pull #613

gitlab-ci

Committed by

alfrunes

Commit Message

ci: Add missing Openssl dependencies to build jobs

Signed-off-by: Alf-Rune Siqveland <alf.rune@northern.tech>

Pull Request Pull Request #613: chore(Dockerfile): Refactor dockerfile to Debian Slim with no deps

Run Details

5707 of 7425 relevant lines covered (76.86%)

133.34 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/artifact/signer_pkcs11.go

// Copyright 2022 Northern.tech AS
//
//    Licensed under the Apache License, Version 2.0 (the "License");
//    you may not use this file except in compliance with the License.
//    You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//    Unless required by applicable law or agreed to in writing, software
//    distributed under the License is distributed on an "AS IS" BASIS,
//    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//    See the License for the specific language governing permissions and
//    limitations under the License.

//go:build !nopkcs11
// +build !nopkcs11

package artifact

import (
        "encoding/base64"
        "strings"

        "github.com/mendersoftware/openssl"
        "github.com/pkg/errors"
)

const (
        pkcs11URIPrefix = "pkcs11:"
        pkcsEngineId    = "pkcs11"
)

type PKCS11Signer struct {
        Key openssl.PrivateKey
}

func NewPKCS11Signer(pkcsKey string) (*PKCS11Signer, error) {
        if len(pkcsKey) == 0 {
                return nil, errors.New("PKCS#11 signer: missing key")
        }

        key, err := loadPrivateKey(pkcsKey, pkcsEngineId)
        if err != nil {
                return nil, errors.Wrap(err, "PKCS#11: failed to load private key")
        }

        return &PKCS11Signer{
                Key: key,
        }, nil
}

func (s *PKCS11Signer) Sign(message []byte) ([]byte, error) {
        sig, err := s.Key.SignPKCS1v15(openssl.SHA256_Method, message[:])
        if err != nil {
                return nil, errors.Wrap(err, "PKCS#11 signer: error signing image")
        }

        enc := make([]byte, base64.StdEncoding.EncodedLen(len(sig)))
        base64.StdEncoding.Encode(enc, sig)
        return enc, nil
}

func (s *PKCS11Signer) Verify(message, sig []byte) error {
        dec := make([]byte, base64.StdEncoding.DecodedLen(len(sig)))
        decLen, err := base64.StdEncoding.Decode(dec, sig)
        if err != nil {
                return errors.Wrap(err, "signer: error decoding signature")
        }
        err = s.Key.VerifyPKCS1v15(openssl.SHA256_Method, message[:], dec[:decLen])
        return errors.Wrap(err, "failed to verify PKCS#11 signature")
}

var engineLoadPrivateKeyFunc = openssl.EngineLoadPrivateKey

func loadPrivateKey(keyFile string, engineId string) (key openssl.PrivateKey, err error) {
        if strings.HasPrefix(keyFile, pkcs11URIPrefix) {
                engine, err := openssl.EngineById(engineId)
                if err != nil {
                        return nil, err
                }

                key, err = engineLoadPrivateKeyFunc(engine, keyFile)
                if err != nil {
                        return nil, err
                }
        } else {
                return nil, errors.New("PKCS#11 URI prefix not found")
        }

        return key, nil
}

1	// Copyright 2022 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14
15	//go:build !nopkcs11
16	// +build !nopkcs11
17
18	package artifact
19
20	import (
21	"encoding/base64"
22	"strings"
23
24	"github.com/mendersoftware/openssl"
25	"github.com/pkg/errors"
26	)
27
28	const (
29	pkcs11URIPrefix = "pkcs11:"
30	pkcsEngineId = "pkcs11"
31	)
32
33	type PKCS11Signer struct {
34	Key openssl.PrivateKey
35	}
36
37	func NewPKCS11Signer(pkcsKey string) (*PKCS11Signer, error) {	×
38	if len(pkcsKey) == 0 {	×
39	return nil, errors.New("PKCS#11 signer: missing key")	×
40	}	×
41
42	key, err := loadPrivateKey(pkcsKey, pkcsEngineId)	×
43	if err != nil {	×
44	return nil, errors.Wrap(err, "PKCS#11: failed to load private key")	×
45	}	×
46
47	return &PKCS11Signer{	×
48	Key: key,	×
49	}, nil	×
50	}
51
52	func (s *PKCS11Signer) Sign(message []byte) ([]byte, error) {	×
53	sig, err := s.Key.SignPKCS1v15(openssl.SHA256_Method, message[:])	×
54	if err != nil {	×
55	return nil, errors.Wrap(err, "PKCS#11 signer: error signing image")	×
56	}	×
57
58	enc := make([]byte, base64.StdEncoding.EncodedLen(len(sig)))	×
59	base64.StdEncoding.Encode(enc, sig)	×
60	return enc, nil	×
61	}
62
63	func (s *PKCS11Signer) Verify(message, sig []byte) error {	×
64	dec := make([]byte, base64.StdEncoding.DecodedLen(len(sig)))	×
65	decLen, err := base64.StdEncoding.Decode(dec, sig)	×
66	if err != nil {	×
67	return errors.Wrap(err, "signer: error decoding signature")	×
68	}	×
69	err = s.Key.VerifyPKCS1v15(openssl.SHA256_Method, message[:], dec[:decLen])	×
70	return errors.Wrap(err, "failed to verify PKCS#11 signature")	×
71	}
72
73	var engineLoadPrivateKeyFunc = openssl.EngineLoadPrivateKey
74
75	func loadPrivateKey(keyFile string, engineId string) (key openssl.PrivateKey, err error) {	×
76	if strings.HasPrefix(keyFile, pkcs11URIPrefix) {	×
77	engine, err := openssl.EngineById(engineId)	×
78	if err != nil {	×
79	return nil, err	×
80	}	×
81
82	key, err = engineLoadPrivateKeyFunc(engine, keyFile)	×
83	if err != nil {	×
84	return nil, err	×
85	}	×
86	} else {	×
87	return nil, errors.New("PKCS#11 URI prefix not found")	×
88	}	×
89
90	return key, nil	×
91	}

mendersoftware / mender-artifact / 1327234555

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous