From 2fabbc77e30ebaf8583ac05f0f4e209eb44ea5df Mon Sep 17 00:00:00 2001 From: MikeCamel Date: Thu, 1 Oct 2020 09:47:27 +0100 Subject: [PATCH] Added key-pair + certificate generation. Signed-off-by: MikeCamel --- Cargo.lock | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++ Cargo.toml | 4 +++- src/main.rs | 58 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 126 insertions(+), 1 deletion(-) diff --git a/Cargo.lock b/Cargo.lock index 0cc923d..92b828f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -245,6 +245,7 @@ dependencies = [ "clap", "env_logger", "log", + "openssl", "serde", "serde_yaml", "tar", @@ -287,6 +288,21 @@ dependencies = [ "winapi", ] +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + [[package]] name = "getrandom" version = "0.1.14" @@ -451,6 +467,49 @@ dependencies = [ "wasmparser 0.57.0", ] +[[package]] +name = "openssl" +version = "0.10.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d575eff3665419f9b83678ff2815858ad9d11567e082f5ac1814baba4e2bcb4" +dependencies = [ + "bitflags", + "cfg-if", + "foreign-types", + "lazy_static", + "libc", + "openssl-sys", +] + +[[package]] +name = "openssl-src" +version = "111.11.0+1.1.1h" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "380fe324132bea01f45239fadfec9343adb044615f29930d039bec1ae7b9fa5b" +dependencies = [ + "cc", +] + +[[package]] +name = "openssl-sys" +version = "0.9.58" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a842db4709b604f0fe5d1170ae3565899be2ad3d9cbc72dedc789ac0511f78de" +dependencies = [ + "autocfg", + "cc", + "libc", + "openssl-src", + "pkg-config", + "vcpkg", +] + +[[package]] +name = "pkg-config" +version = "0.3.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d36492546b6af1463394d46f0c834346f31548646f6ba10849802c9c9a27ac33" + [[package]] name = "ppv-lite86" version = "0.2.9" @@ -815,6 +874,12 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564" +[[package]] +name = "vcpkg" +version = "0.2.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6454029bf181f092ad1b853286f23e2c507d8e8194d01d92da4a55c274a5508c" + [[package]] name = "vec_map" version = "0.8.2" diff --git a/Cargo.toml b/Cargo.toml index 2bcd02d..d2fca41 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "enarx-wasmldr" version = "0.1.0" -authors = ["Stefan Junker ", "Daiki Ueno "] +authors = ["Stefan Junker ", "Daiki Ueno ", "Mike Bursell "] edition = "2018" license = "Apache-2.0" homepage = "https://github.com/enarx/enarx-wasmldr" @@ -36,6 +36,8 @@ serde = { version = "1.0", features = ["derive"] } serde_yaml = "0.8" cfg-if = "0.1" +openssl = { version = "0.10", features = ["vendored"] } + [build-dependencies] wat = "1.0" diff --git a/src/main.rs b/src/main.rs index 73e9d95..6ec2a31 100644 --- a/src/main.rs +++ b/src/main.rs @@ -36,6 +36,10 @@ mod workload; use cfg_if::cfg_if; use log::info; +use openssl::asn1::Asn1Time; +use openssl::hash::MessageDigest; +use openssl::pkey::PKey; +use openssl::rsa::Rsa; use std::fs::File; use std::io::Read; #[cfg(unix)] @@ -43,6 +47,8 @@ use std::os::unix::io::FromRawFd; #[cfg(unix)] const FD: std::os::unix::io::RawFd = 3; +/// Source of the key to use for TLS +pub const KEY_SOURCE: &str = "generate"; fn main() { let _ = env_logger::try_init_from_env(env_logger::Env::default()); @@ -50,6 +56,12 @@ fn main() { let mut args = std::env::args().skip(1); let vars = std::env::vars(); + //TODO - need to pass this in (e.g. as args). Use sensible defaults for now + //let listen_address: &str = &args[0]; + let _listen_address: &str = "127.0.0.1"; + //NOTE - these are currently unused + let (_public_key, _private_key, _server_cert) = get_credentials_bytes(_listen_address); + let mut reader = if let Some(path) = args.next() { File::open(&path).expect("Unable to open file") } else { @@ -71,3 +83,49 @@ fn main() { info!("got result: {:#?}", result); } + +fn get_credentials_bytes(listen_addr: &str) -> (Vec, Vec, Vec) { + let (public_key, private_key, cert) = match KEY_SOURCE { + "generate" => (generate_credentials(&listen_addr)), + //no match! + _ => panic!("No match for credentials source"), + }; + (public_key, private_key, cert) +} + +//TODO - this is vital code, and needs to be carefully audited! +fn generate_credentials(listen_addr: &str) -> (Vec, Vec, Vec) { + let key = Rsa::generate(2048).unwrap(); + let pkey = PKey::from_rsa(key.clone()).unwrap(); + + println!( + "Should create a certificate for {}, but using hard-coded 127.0.0.1 instead", + &listen_addr + ); + + let mut x509_name = openssl::x509::X509NameBuilder::new().unwrap(); + x509_name.append_entry_by_text("C", "GB").unwrap(); + x509_name.append_entry_by_text("O", "enarx-test").unwrap(); + //FIXME - problems when client parses some addresses need investigation + x509_name.append_entry_by_text("CN", &listen_addr).unwrap(); + let x509_name = x509_name.build(); + + let mut x509_builder = openssl::x509::X509::builder().unwrap(); + if let Err(e) = x509_builder.set_not_before(&Asn1Time::days_from_now(0).unwrap()) { + panic!("Problem creating cert {}", e) + } + if let Err(e) = x509_builder.set_not_after(&Asn1Time::days_from_now(7).unwrap()) { + panic!("Problem creating cert {}", e) + } + + x509_builder.set_subject_name(&x509_name).unwrap(); + x509_builder.set_pubkey(&pkey).unwrap(); + x509_builder.sign(&pkey, MessageDigest::sha256()).unwrap(); + let certificate = x509_builder.build(); + + ( + key.public_key_to_pem().unwrap(), + key.private_key_to_pem().unwrap(), + certificate.to_pem().unwrap(), + ) +}