From 1470a7b695c758873aae78948260e0e3785a7393 Mon Sep 17 00:00:00 2001 From: Gowtham Suresh Kumar Date: Mon, 1 Jan 2024 14:12:16 +0000 Subject: [PATCH] Setup a NULL provider Signed-off-by: Gowtham Suresh Kumar # libparsec_openssl_provider_shared # name: Parsec OpenSSL Provider # version: 0.1.0 # status: active --- .gitignore | 5 + ci.sh | 9 + openssl-sys2/Cargo.toml | 7 + openssl-sys2/src/lib.rs | 7 + openssl-sys2/src/types.rs | 73 +++++++ openssl2/Cargo.toml | 6 + openssl2/src/lib.rs | 10 + parsec-openssl-provider-shared/Cargo.toml | 20 ++ parsec-openssl-provider-shared/src/lib.rs | 17 ++ parsec-openssl-provider/Cargo.toml | 15 ++ parsec-openssl-provider/src/lib.rs | 183 ++++++++++++++++++ .../parsec-provider-test.Dockerfile | 34 ++++ 12 files changed, 386 insertions(+) create mode 100644 .gitignore create mode 100755 ci.sh create mode 100644 openssl-sys2/Cargo.toml create mode 100644 openssl-sys2/src/lib.rs create mode 100644 openssl-sys2/src/types.rs create mode 100644 openssl2/Cargo.toml create mode 100644 openssl2/src/lib.rs create mode 100644 parsec-openssl-provider-shared/Cargo.toml create mode 100644 parsec-openssl-provider-shared/src/lib.rs create mode 100644 parsec-openssl-provider/Cargo.toml create mode 100644 parsec-openssl-provider/src/lib.rs create mode 100644 tests/docker_image/parsec-provider-test.Dockerfile diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..30d8b67d --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +/target +Cargo.lock +.vscode +*/Cargo.lock +*/target diff --git a/ci.sh b/ci.sh new file mode 100755 index 00000000..bacf919e --- /dev/null +++ b/ci.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +# Copyright 2023 Contributors to the Parsec project. +# SPDX-License-Identifier: Apache-2.0 + +set -ex + +openssl version +openssl list -providers -provider-path ./parsec-openssl-provider-shared/target/debug/ -provider libparsec_openssl_provider_shared diff --git a/openssl-sys2/Cargo.toml b/openssl-sys2/Cargo.toml new file mode 100644 index 00000000..967d8450 --- /dev/null +++ b/openssl-sys2/Cargo.toml @@ -0,0 +1,7 @@ +[package] +name = "openssl-sys2" +version = "0.1.0" +license = "Apache-2.0" +authors = ["Parsec maintainers"] +edition = "2021" + diff --git a/openssl-sys2/src/lib.rs b/openssl-sys2/src/lib.rs new file mode 100644 index 00000000..a84148ce --- /dev/null +++ b/openssl-sys2/src/lib.rs @@ -0,0 +1,7 @@ +// Copyright 2023 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 + +#![allow(non_camel_case_types)] + +mod types; +pub use types::*; diff --git a/openssl-sys2/src/types.rs b/openssl-sys2/src/types.rs new file mode 100644 index 00000000..b6c83892 --- /dev/null +++ b/openssl-sys2/src/types.rs @@ -0,0 +1,73 @@ +// Copyright 2023 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 + +pub const OSSL_PROV_PARAM_NAME: &[u8; 5] = b"name\0"; +pub const OSSL_PROV_PARAM_VERSION: &[u8; 8] = b"version\0"; +pub const OSSL_PROV_PARAM_BUILDINFO: &[u8; 10] = b"buildinfo\0"; +pub const OSSL_PROV_PARAM_STATUS: &[u8; 7] = b"status\0"; +pub const OSSL_PARAM_UTF8_PTR: u32 = 6; +pub const OSSL_PARAM_INTEGER: u32 = 1; + +pub const OSSL_FUNC_PROVIDER_TEARDOWN: i32 = 1024; +pub const OSSL_FUNC_PROVIDER_GETTABLE_PARAMS: i32 = 1025; +pub const OSSL_FUNC_PROVIDER_GET_PARAMS: i32 = 1026; +pub const OSSL_FUNC_PROVIDER_QUERY_OPERATION: i32 = 1027; +pub const OSSL_FUNC_PROVIDER_UNQUERY_OPERATION: i32 = 1028; +pub const OSSL_FUNC_PROVIDER_GET_REASON_STRINGS: i32 = 1029; +pub const OSSL_FUNC_PROVIDER_GET_CAPABILITIES: i32 = 1030; + +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct ossl_core_handle_st { + _unused: [u8; 0], +} +pub type OSSL_CORE_HANDLE = ossl_core_handle_st; + +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct ossl_dispatch_st { + pub function_id: ::std::os::raw::c_int, + pub function: ::std::option::Option, +} + +pub type OSSL_DISPATCH = ossl_dispatch_st; + +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct ossl_param_st { + pub key: *const ::std::os::raw::c_char, + pub data_type: ::std::os::raw::c_uint, + pub data: *mut ::std::os::raw::c_void, + pub data_size: usize, + pub return_size: usize, +} + +pub type OSSL_PARAM = ossl_param_st; + +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct ossl_algorithm_st { + pub algorithm_names: *const ::std::os::raw::c_char, + pub property_definition: *const ::std::os::raw::c_char, + pub implementation: *const OSSL_DISPATCH, + pub algorithm_description: *const ::std::os::raw::c_char, +} + +pub type OSSL_ALGORITHM = ossl_algorithm_st; + +extern "C" { + pub fn OSSL_PARAM_locate( + p: *mut OSSL_PARAM, + key: *const ::std::os::raw::c_char, + ) -> *mut OSSL_PARAM; + + pub fn OSSL_PARAM_set_utf8_ptr( + p: *mut OSSL_PARAM, + val: *const ::std::os::raw::c_char, + ) -> ::std::os::raw::c_int; + + pub fn OSSL_PARAM_set_int( + p: *mut OSSL_PARAM, + val: ::std::os::raw::c_int, + ) -> ::std::os::raw::c_int; +} diff --git a/openssl2/Cargo.toml b/openssl2/Cargo.toml new file mode 100644 index 00000000..371d805b --- /dev/null +++ b/openssl2/Cargo.toml @@ -0,0 +1,6 @@ +[package] +name = "openssl2" +version = "0.1.0" +license = "Apache-2.0" +authors = ["Parsec maintainers"] +edition = "2021" diff --git a/openssl2/src/lib.rs b/openssl2/src/lib.rs new file mode 100644 index 00000000..a9baf44a --- /dev/null +++ b/openssl2/src/lib.rs @@ -0,0 +1,10 @@ +// Copyright 2023 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 + +pub fn openssl_returns_0(result: std::os::raw::c_int) -> bool { + if result == 0 { + true + } else { + false + } +} diff --git a/parsec-openssl-provider-shared/Cargo.toml b/parsec-openssl-provider-shared/Cargo.toml new file mode 100644 index 00000000..00692a1f --- /dev/null +++ b/parsec-openssl-provider-shared/Cargo.toml @@ -0,0 +1,20 @@ +[package] +name = "parsec-openssl-provider-shared" +version = "0.1.0" +authors = ["Parsec Project Contributors"] +description = "A parsec openssl provider dynamic library" +license = "Apache-2.0" +readme = "README.md" +keywords = ["security", "service"] +categories = ["cryptography", "hardware-support"] +edition = "2021" + +[lib] +crate-type = ["cdylib"] + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +openssl-sys = "0.9.98" +openssl-sys2 = { path = "../openssl-sys2" } +parsec-openssl-provider = { path ="../parsec-openssl-provider" } diff --git a/parsec-openssl-provider-shared/src/lib.rs b/parsec-openssl-provider-shared/src/lib.rs new file mode 100644 index 00000000..fd0fc2d4 --- /dev/null +++ b/parsec-openssl-provider-shared/src/lib.rs @@ -0,0 +1,17 @@ +// Copyright 2023 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 + +use parsec_openssl_provider; + +#[allow(non_upper_case_globals)] +#[allow(non_snake_case)] +#[allow(dead_code)] +#[no_mangle] +extern "C" fn OSSL_provider_init( + handle: *const openssl_sys2::OSSL_CORE_HANDLE, + in_: *const openssl_sys2::OSSL_DISPATCH, + out: *mut *const openssl_sys2::OSSL_DISPATCH, + provctx: *mut *mut std::os::raw::c_void, +) -> ::std::os::raw::c_int { + parsec_openssl_provider::parsec_provider_provider_init(handle, in_, out, provctx) +} diff --git a/parsec-openssl-provider/Cargo.toml b/parsec-openssl-provider/Cargo.toml new file mode 100644 index 00000000..4fa05d6d --- /dev/null +++ b/parsec-openssl-provider/Cargo.toml @@ -0,0 +1,15 @@ +[package] +name = "parsec-openssl-provider" +version = "0.1.0" +authors = ["Parsec Project Contributors"] +description = "A parsec openssl provider static library" +license = "Apache-2.0" +readme = "README.md" +keywords = ["security", "service"] +categories = ["cryptography", "hardware-support"] +edition = "2021" + +[dependencies] +openssl-sys = "0.9.98" +openssl-sys2 = { path = "../openssl-sys2" } +openssl2 = { path = "../openssl2" } diff --git a/parsec-openssl-provider/src/lib.rs b/parsec-openssl-provider/src/lib.rs new file mode 100644 index 00000000..0e5740c9 --- /dev/null +++ b/parsec-openssl-provider/src/lib.rs @@ -0,0 +1,183 @@ +// Copyright 2023 Contributors to the Parsec project. +// SPDX-License-Identifier: Apache-2.0 +#![deny( + nonstandard_style, + dead_code, + improper_ctypes, + non_shorthand_field_patterns, + no_mangle_generic_items, + overflowing_literals, + path_statements, + patterns_in_fns_without_body, + unconditional_recursion, + unused, + unused_allocation, + unused_comparisons, + unused_parens, + while_true, + missing_debug_implementations, + trivial_casts, + trivial_numeric_casts, + unused_extern_crates, + unused_import_braces, + unused_qualifications, + unused_results, + missing_copy_implementations +)] + +use std::mem; + +const PARSEC_PROVIDER_PARAM_TYPES: [openssl_sys2::OSSL_PARAM; 5] = [ + openssl_sys2::OSSL_PARAM { + key: openssl_sys2::OSSL_PROV_PARAM_NAME.as_ptr() as *const std::os::raw::c_char, + data_type: openssl_sys2::OSSL_PARAM_UTF8_PTR, + data: std::ptr::null_mut(), + data_size: 0, + return_size: usize::MAX, + }, + openssl_sys2::OSSL_PARAM { + key: openssl_sys2::OSSL_PROV_PARAM_VERSION.as_ptr() as *const std::os::raw::c_char, + data_type: openssl_sys2::OSSL_PARAM_UTF8_PTR, + data: std::ptr::null_mut(), + data_size: 0, + return_size: usize::MAX, + }, + openssl_sys2::OSSL_PARAM { + key: openssl_sys2::OSSL_PROV_PARAM_BUILDINFO.as_ptr() as *const std::os::raw::c_char, + data_type: openssl_sys2::OSSL_PARAM_UTF8_PTR, + data: std::ptr::null_mut(), + data_size: 0, + return_size: usize::MAX, + }, + openssl_sys2::OSSL_PARAM { + key: openssl_sys2::OSSL_PROV_PARAM_STATUS.as_ptr() as *const std::os::raw::c_char, + data_type: openssl_sys2::OSSL_PARAM_INTEGER, + data: std::ptr::null_mut(), + data_size: 0, + return_size: usize::MAX, + }, + openssl_sys2::OSSL_PARAM { + key: std::ptr::null_mut(), + data_type: 0, + data: std::ptr::null_mut(), + data_size: 0, + return_size: 0, + }, +]; + +unsafe extern "C" fn parsec_provider_gettable_params( + _provider: *const openssl_sys::OSSL_PROVIDER, +) -> *const openssl_sys2::OSSL_PARAM { + PARSEC_PROVIDER_PARAM_TYPES.as_ptr() +} + +pub const PARSEC_PROVIDER_NAME: &[u8; 24] = b"Parsec OpenSSL Provider\0"; +pub const PARSEC_PROVIDER_VERSION: &[u8; 6] = b"0.1.0\0"; + +unsafe extern "C" fn parsec_provider_get_params( + _provctx: *const openssl_sys::OSSL_PROVIDER, + params: *mut openssl_sys2::OSSL_PARAM, +) -> ::std::os::raw::c_int { + let mut ptr: *mut openssl_sys2::OSSL_PARAM; + + ptr = openssl_sys2::OSSL_PARAM_locate( + params, + openssl_sys2::OSSL_PROV_PARAM_NAME.as_ptr() as *const std::os::raw::c_char, + ); + if !ptr.is_null() + && openssl2::openssl_returns_0(openssl_sys2::OSSL_PARAM_set_utf8_ptr( + ptr, + PARSEC_PROVIDER_NAME.as_ptr() as *const std::os::raw::c_char, + )) + { + return 0; + } + + ptr = openssl_sys2::OSSL_PARAM_locate( + params, + openssl_sys2::OSSL_PROV_PARAM_VERSION.as_ptr() as *const std::os::raw::c_char, + ); + if !ptr.is_null() + && openssl2::openssl_returns_0(openssl_sys2::OSSL_PARAM_set_utf8_ptr( + ptr, + PARSEC_PROVIDER_VERSION.as_ptr() as *const std::os::raw::c_char, + )) + { + return 0; + } + + ptr = openssl_sys2::OSSL_PARAM_locate( + params, + openssl_sys2::OSSL_PROV_PARAM_STATUS.as_ptr() as *const std::os::raw::c_char, + ); + if !ptr.is_null() && openssl2::openssl_returns_0(openssl_sys2::OSSL_PARAM_set_int(ptr, 1)) { + return 0; + } + + return 1; +} + +unsafe extern "C" fn parsec_provider_query( + _prov: *mut openssl_sys::OSSL_PROVIDER, + _operation_id: ::std::os::raw::c_int, + no_cache: *mut ::std::os::raw::c_int, +) -> *const openssl_sys2::OSSL_ALGORITHM { + unsafe { + *no_cache = 0; + } + std::ptr::null_mut() +} + +pub type ProviderGettableParamsPtr = + unsafe extern "C" fn(*const openssl_sys::OSSL_PROVIDER) -> *const openssl_sys2::OSSL_PARAM; + +pub type ProviderGetParamsPtr = unsafe extern "C" fn( + provctx: *const openssl_sys::OSSL_PROVIDER, + params: *mut openssl_sys2::OSSL_PARAM, +) -> ::std::os::raw::c_int; + +pub type ProviderQueryPtr = unsafe extern "C" fn( + prov: *mut openssl_sys::OSSL_PROVIDER, + operation_id: ::std::os::raw::c_int, + no_cache: *mut ::std::os::raw::c_int, +) -> *const openssl_sys2::OSSL_ALGORITHM; + +pub fn parsec_provider_provider_init( + _handle: *const openssl_sys2::OSSL_CORE_HANDLE, + _in_: *const openssl_sys2::OSSL_DISPATCH, + out: *mut *const openssl_sys2::OSSL_DISPATCH, + provctx: *mut *mut std::os::raw::c_void, +) -> ::std::os::raw::c_int { + let parsec_provider_gettable_params_ptr: ProviderGettableParamsPtr = + parsec_provider_gettable_params; + + let parsec_provider_get_params_ptr: ProviderGetParamsPtr = parsec_provider_get_params; + + let parsec_provider_query_ptr: ProviderQueryPtr = parsec_provider_query; + + unsafe { + let parsec_provider_dispatch_table: [openssl_sys2::OSSL_DISPATCH; 4] = [ + openssl_sys2::OSSL_DISPATCH { + function_id: openssl_sys2::OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, + function: Some(mem::transmute(parsec_provider_gettable_params_ptr)), + }, + openssl_sys2::OSSL_DISPATCH { + function_id: openssl_sys2::OSSL_FUNC_PROVIDER_GET_PARAMS, + function: Some(mem::transmute(parsec_provider_get_params_ptr)), + }, + openssl_sys2::OSSL_DISPATCH { + function_id: openssl_sys2::OSSL_FUNC_PROVIDER_QUERY_OPERATION, + function: Some(mem::transmute(parsec_provider_query_ptr)), + }, + openssl_sys2::OSSL_DISPATCH { + function_id: 0, + function: None, + }, + ]; + + *out = parsec_provider_dispatch_table.as_ptr(); + *provctx = std::ptr::null_mut(); + } + + 1 +} diff --git a/tests/docker_image/parsec-provider-test.Dockerfile b/tests/docker_image/parsec-provider-test.Dockerfile new file mode 100644 index 00000000..e40c3d7e --- /dev/null +++ b/tests/docker_image/parsec-provider-test.Dockerfile @@ -0,0 +1,34 @@ +# Copyright 2023 Contributors to the Parsec project. +# SPDX-License-Identifier: Apache-2.0 +FROM ubuntu:22.04 + +RUN apt-get update && apt-get -y upgrade +RUN apt install -y autoconf-archive libcmocka0 libcmocka-dev procps +RUN apt install -y iproute2 build-essential git pkg-config gcc libtool automake libssl-dev uthash-dev doxygen libjson-c-dev +RUN apt install -y --fix-missing wget python3 cmake clang +RUN apt install -y libini-config-dev libcurl4-openssl-dev curl libgcc1 +RUN apt install -y python3-distutils libclang-11-dev protobuf-compiler python3-pip +RUN apt install -y libgcrypt20-dev uuid-dev +RUN apt install -y libssl-dev git gcc openssl + +# Setup git config +RUN git config --global user.email "some@email.com" +RUN git config --global user.name "Parsec Team" + +WORKDIR /tmp + +# Install Rust toolchain for all users +# This way of installing allows all users to call the same binaries, but non-root +# users cannot modify the toolchains or install new ones. +# See: https://github.com/rust-lang/rustup/issues/1085 +ENV RUSTUP_HOME /opt/rust +ENV CARGO_HOME /opt/rust +RUN curl https://sh.rustup.rs -sSf | sh -s -- -y --no-modify-path +ENV PATH="/root/.cargo/bin:/opt/rust/bin:${PATH}" + +# Install the wrappers for the Rust binaries installed earlier +#COPY _exec_wrapper /usr/local/bin/ +RUN ls /opt/rust/bin | xargs -n1 -I% ln -s /usr/local/bin/_exec_wrapper /usr/local/bin/$(basename %) + +# For running tests Parsec is configured with the socket in /tmp/ +ENV PARSEC_SERVICE_ENDPOINT="unix:/tmp/parsec.sock"