diff --git a/include/evse_security/crypto/openssl/openssl_provider.hpp b/include/evse_security/crypto/openssl/openssl_provider.hpp index b106090..1030ab5 100644 --- a/include/evse_security/crypto/openssl/openssl_provider.hpp +++ b/include/evse_security/crypto/openssl/openssl_provider.hpp @@ -17,17 +17,19 @@ struct ossl_provider_st; // OpenSSL OSSL_PROVIDER namespace evse_security { -/// @brief determine if the PEM string is a custom private key +/// @brief determine if the PEM string is a custom private key. Will +/// only work for private keys, public keys will always return true /// @param private_key_pem string containing the PEM encoded key -/// @return true when "-----BEGIN PRIVATE KEY-----" is not found +/// @return true when file does not start "-----BEGIN PRIVATE KEY-----" /// @note works irrespective of OpenSSL version -bool is_custom_key_string(const std::string& private_key_pem); +bool is_custom_private_key_string(const std::string& private_key_pem); -/// @brief determine if the PEM file contains a custom private key +/// @brief determine if the PEM file contains a custom private key. Will +/// only work for private keys, public keys will always return true /// @param private_key_file_pem filename of the PEM file -/// @return true when file starts "-----BEGIN PRIVATE KEY-----" +/// @return true when file does not start "-----BEGIN PRIVATE KEY-----" /// @note works irrespective of OpenSSL version -bool is_custom_key_file(const fs::path& private_key_file_pem); +bool is_custom_private_key_file(const fs::path& private_key_file_pem); /// @brief Manage the loading and configuring of OpenSSL providers /// diff --git a/lib/evse_security/crypto/openssl/openssl_crypto_supplier.cpp b/lib/evse_security/crypto/openssl/openssl_crypto_supplier.cpp index 345326c..4952c2b 100644 --- a/lib/evse_security/crypto/openssl/openssl_crypto_supplier.cpp +++ b/lib/evse_security/crypto/openssl/openssl_crypto_supplier.cpp @@ -564,7 +564,7 @@ KeyValidationResult OpenSSLSupplier::x509_check_private_key(X509Handle* handle, OpenSSLProvider provider; - const bool custom_key = is_custom_key_string(private_key); + const bool custom_key = is_custom_private_key_string(private_key); if (custom_key) { provider.set_global_mode(OpenSSLProvider::mode_t::custom_provider); } else { diff --git a/lib/evse_security/crypto/openssl/openssl_provider.cpp b/lib/evse_security/crypto/openssl/openssl_provider.cpp index 77f66ef..7cd5010 100644 --- a/lib/evse_security/crypto/openssl/openssl_provider.cpp +++ b/lib/evse_security/crypto/openssl/openssl_provider.cpp @@ -26,12 +26,12 @@ namespace evse_security { static auto KEY_HEADER_DEFAULT = "-----BEGIN PRIVATE KEY-----"; static auto KEY_HEADER_TPM2 = "-----BEGIN TSS2 PRIVATE KEY-----"; -bool is_custom_key_string(const std::string& private_key_pem) { +bool is_custom_private_key_string(const std::string& private_key_pem) { // If we can't find the standard header it means it's a custom key return private_key_pem.find(KEY_HEADER_DEFAULT) == std::string::npos; } -bool is_custom_key_file(const fs::path& private_key_file_pem) { +bool is_custom_private_key_file(const fs::path& private_key_file_pem) { if (fs::is_regular_file(private_key_file_pem)) { std::ifstream key_file(private_key_file_pem); std::string line; @@ -39,7 +39,7 @@ bool is_custom_key_file(const fs::path& private_key_file_pem) { key_file.close(); // Search for the standard header - return line.find(KEY_HEADER_DEFAULT) == std::string::npos; + return is_custom_private_key_string(line); } return false; @@ -49,15 +49,8 @@ bool is_custom_key_file(const fs::path& private_key_file_pem) { constexpr bool is_custom_provider_tpm() { // custom provider string (see CMakeLists.txt) - const char* custom_provider = CUSTOM_PROVIDER_NAME; - const char* tpm_provider = "tpm2"; - - while (*tpm_provider && (*tpm_provider == *custom_provider)) { - ++tpm_provider; - ++custom_provider; - } - - return (*tpm_provider == *custom_provider); + constexpr const std::string_view custom_provider(CUSTOM_PROVIDER_NAME); + return (custom_provider == "tpm2"); } // ----------------------------------------------------------------------------