Credential Utilities checkin

src/common/credential_utils.c

+#include <stdio.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+
+#include <src/common/log.h>
+#include <src/common/xmalloc.h>
+#include <src/common/slurm_errno.h>
+#include <src/common/slurm_protocol_errno.h>
+#include <src/common/slurm_protocol_api.h>
+#include <src/slurmd/credential_utils.h>
+
+
+int ssl_init ( )
+{
+	ERR_load_crypto_strings();
+	return SLURM_SUCCESS ;
+}
+
+int ssl_destroy ( )
+{
+	ERR_free_strings();
+	return SLURM_SUCCESS ;
+}
+
+int init_signer ( credential_tools_ctx_t * ctx , char * path )
+{
+	int local_errno ;
+	FILE * key_file ;
+	if ( ( key_file = fopen ( path , "r" ) ) == NULL )
+	{
+		local_errno = errno ;
+		error ( "error opening credential sign key file , errno %i" , local_errno ) ;
+	};
+	ctx -> key . private = PEM_read_PrivateKey ( key_file, NULL , NULL , NULL ) ;
+	fclose ( key_file ) ;
+
+	if ( ctx -> key . private == NULL )
+	{
+		ERR_print_errors_fp (stderr);
+		slurm_seterrno ( ESLURMD_OPENSSL_ERROR ) ;
+		return SLURM_ERROR ;
+	}
+	return SLURM_SUCCESS ;
+}
+
+int init_verifier ( credential_tools_ctx_t * ctx , char * path )
+{
+	int local_errno ;
+	X509 * x509 ;
+	FILE * cert_file ;
+	if ( ( cert_file = fopen ( path , "r" ) ) == NULL )
+	{
+		local_errno = errno ;
+		error ( "error opening certificate file , errno %i" , local_errno ) ;
+	};
+	
+	x509 = PEM_read_X509 ( cert_file, NULL , NULL , NULL ) ;
+	fclose ( cert_file ) ;
+
+	if ( x509 == NULL )
+	{
+		ERR_print_errors_fp (stderr);
+		slurm_seterrno ( ESLURMD_OPENSSL_ERROR ) ;
+		return SLURM_ERROR ;
+	}
+
+	ctx -> key . public = X509_get_pubkey ( x509 ) ;
+	X509_free ( x509 ) ;
+
+	if ( ctx -> key . public == NULL )
+	{
+		ERR_print_errors_fp (stderr);
+		slurm_seterrno ( ESLURMD_OPENSSL_ERROR ) ;
+		return SLURM_ERROR ;
+	}
+	return SLURM_SUCCESS ;
+}
+
+int destroy_credential_ctx ( credential_tools_ctx_t * ctx )
+{
+	if ( ctx )
+	{
+	EVP_PKEY_free ( ctx -> key . private ) ;
+	xfree ( ctx ) ;
+	}
+	return SLURM_SUCCESS ;
+}
+
+
+int credential_sign ( credential_tools_ctx_t * ctx , char * data_buffer , int data_length , char * signature_buffer , int * signature_length ) 
+{
+	int rc ;
+	EVP_MD_CTX md_ctx ;
+
+	EVP_SignInit ( & md_ctx , EVP_dss1 ( ) ) ;
+	EVP_SignUpdate ( & md_ctx , data_buffer , data_length ) ;
+	if ( ( rc = EVP_SignFinal ( & md_ctx , signature_buffer , signature_length , ctx -> key . private ) ) != SLURM_OPENSSL_SIGNED )
+	{
+		ERR_print_errors_fp (stderr);
+		slurm_seterrno ( ESLURMD_OPENSSL_ERROR ) ;
+		return SLURM_ERROR ;
+	}
+	return SLURM_SUCCESS ;
+}
+
+int credential_verify ( credential_tools_ctx_t * ctx , char * data_buffer , int data_length , char * signature_buffer , int signature_length ) 
+{
+	int rc ;
+	EVP_MD_CTX md_ctx ;
+
+	EVP_VerifyInit ( & md_ctx , EVP_dss1 ( ) ) ;
+	EVP_VerifyUpdate ( & md_ctx , data_buffer , data_length ) ;
+	if ( ( rc = EVP_VerifyFinal ( & md_ctx , signature_buffer , signature_length ,  ctx -> key . public ) ) != SLURM_OPENSSL_VERIFIED )
+	{
+		ERR_print_errors_fp (stderr);
+		slurm_seterrno ( ESLURMD_OPENSSL_ERROR ) ;
+		return SLURM_ERROR ;
+	}
+	return SLURM_SUCCESS ;
+}

src/common/credential_utils.h

+#ifndef _CREDENTIAL_UTILS_H
+#define _CREDENTIAL_UTILS_H
+#include <stdio.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+
+#include <src/common/slurm_protocol_api.h>
+
+enum key_type { SIGNER_PRIVATE_KEY , VERIFIER_PUBLIC_KEY } ;
+enum { SLURM_OPENSSL_SIGNED = 1 } ;
+enum { SLURM_OPENSSL_VERIFIED = 1 } ;
+
+typedef struct credential_tools_ctx
+{
+	enum key_type ;
+	unsigned int key_length ;
+	union key
+	{
+		EVP_PKEY * private ;
+		EVP_PKEY * public ;
+	} key ;
+} credential_tools_ctx_t ;
+#endif

src/slurmd/Makefile.am

@@ -13,6 +13,6 @@ slurmd_SOURCES = slurmd.c \
 		read_proc.c \
 		task_mgr.c \
 		shmem_struct.c \
-		circular_buffer.c
-
+		circular_buffer.c \
+		credential_utils.c