Merge pull request #33 from docker/yubilibrary-search-paths

Search a list of possible paths for the Yubico pkcs11 library. Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
2015-11-08 14:27:54 -08:00 · 2015-11-08 14:27:54 -08:00 · 6d82d14ef3
parent 030fa4800b 30224f27ae
commit 6d82d14ef3
3 changed files with 28 additions and 16 deletions
--- a/signer/api/ecdsa_hardware_crypto_service.go
+++ b/signer/api/ecdsa_hardware_crypto_service.go
@ -13,6 +13,7 @@ import (
 	"fmt"
 	"io"
 	"math/big"
+	"os"

 	"github.com/Sirupsen/logrus"
 	"github.com/docker/notary/passphrase"
@ -48,8 +49,20 @@ func SetYubikeyKeyMode(keyMode int) error {
 	return nil
 }

-// Hardcoded yubikey PKCS11 ID
-var YUBIKEY_ROOT_KEY_ID = []byte{2}
+var pkcs11Lib string
+
+func init() {
+	for _, loc := range possiblePkcs11Libs {
+		_, err := os.Stat(loc)
+		if err == nil {
+			p := pkcs11.New(loc)
+			if p != nil {
+				pkcs11Lib = loc
+				return
+			}
+		}
+	}
+}

 type ErrBackupFailed struct {
 	err string
@ -630,6 +643,9 @@ func cleanup(ctx *pkcs11.Ctx, session pkcs11.SessionHandle) {

 // SetupHSMEnv is a method that depends on the existences
 func SetupHSMEnv(libraryPath string) (*pkcs11.Ctx, pkcs11.SessionHandle, error) {
+	if libraryPath == "" {
+		return nil, 0, errors.New("No library found.")
+	}
 	p := pkcs11.New(libraryPath)

 	if p == nil {
@ -661,6 +677,9 @@ func SetupHSMEnv(libraryPath string) (*pkcs11.Ctx, pkcs11.SessionHandle, error)

 // YubikeyEnabled returns true if a Yubikey can be accessed
 func YubikeyAccessible() bool {
+	if pkcs11Lib == "" {
+		return false
+	}
 	ctx, session, err := SetupHSMEnv(pkcs11Lib)
 	if err != nil {
 		return false
--- a/signer/api/pkcs11_darwin.go
+++ b/signer/api/pkcs11_darwin.go
@ -2,11 +2,7 @@

 package api

-var (
-	pkcs11Lib = "/usr/local/lib/libykcs11.dylib"
-)
-
-func init() {
-	// TODO(diogomonica): all the crap for darwin to configure
-	// the variable pkcs11 to find the right one in the right dir
+var possiblePkcs11Libs = []string{
+	"/usr/local/lib/libykcs11.dylib",
+	"/usr/local/docker/lib/libykcs11.dylib",
 }
--- a/signer/api/pkcs11_linux.go
+++ b/signer/api/pkcs11_linux.go
@ -2,11 +2,8 @@

 package api

-var (
-	pkcs11Lib = "/usr/local/lib/libykcs11.so"
-)
-
-func init() {
-	// TODO(diogomonica): all the crap for linux to configure
-	// the variable pkcs11 to find the right one in the right dir
+var possiblePkcs11Libs = []string{
+	"/usr/lib/libykcs11.so",
+	"/usr/lib/x86_64-linux-gnu/libykcs11.so",
+	"/usr/local/lib/libykcs11.so",
 }