💾 Archived View for gmn.clttr.info › sources › cgmnlm.git › tree › src › certs.c.txt captured on 2024-02-05 at 10:04:11.

View Raw

More Information

⬅️ Previous capture (2023-01-29)

-=-=-=-=-=-=-

#include <assert.h>
#include <bearssl.h>
#include <errno.h>
#include <gmni/certs.h>
#include <gmni/gmni.h>
#include <stdio.h>
#include <stdlib.h>

static void
crt_append(void *ctx, const void *src, size_t len)
{
	br_x509_certificate *crt = (br_x509_certificate *)ctx;
	crt->data = realloc(crt->data, crt->data_len + len);
	assert(crt->data);
	memcpy(&crt->data[crt->data_len], src, len);
	crt->data_len += len;
}

static void
key_append(void *ctx, const void *src, size_t len)
{
	br_skey_decoder_context *skctx = (br_skey_decoder_context *)ctx;
	br_skey_decoder_push(skctx, src, len);
}

int
gmni_ccert_load(struct gmni_client_certificate *cert, FILE *certin, FILE *skin)
{
	// TODO: Better error propagation to caller
	static unsigned char buf[BUFSIZ];

	br_pem_decoder_context pemdec;
	br_pem_decoder_init(&pemdec);

	cert->chain = NULL;
	cert->nchain = 0;

	static const char *certname = "CERTIFICATE";
	while (!feof(certin)) {
		size_t n = fread(&buf, 1, sizeof(buf), certin);
		if (ferror(certin)) {
			goto error;
		}
		size_t q = 0;
		while (q < n) {
			q += br_pem_decoder_push(&pemdec, &buf[q], n - q);
			switch (br_pem_decoder_event(&pemdec)) {
			case BR_PEM_BEGIN_OBJ:
				if (strcmp(br_pem_decoder_name(&pemdec), certname) != 0) {
					break;
				}
				cert->chain = realloc(cert->chain,
					sizeof(br_x509_certificate) * (cert->nchain + 1));
				memset(&cert->chain[cert->nchain], 0, sizeof(*cert->chain));
				br_pem_decoder_setdest(&pemdec, &crt_append,
						&cert->chain[cert->nchain]);
				++cert->nchain;
				break;
			case BR_PEM_END_OBJ:
				break;
			case BR_PEM_ERROR:
				fprintf(stderr, "Error decoding PEM certificate\n");
				errno = EINVAL;
				goto error;
			}
		}
	}

	if (cert->nchain == 0) {
		fprintf(stderr, "No certificates found in provided client certificate file\n");
		errno = EINVAL;
		goto error;
	}

	br_skey_decoder_context skdec = {0};
	br_skey_decoder_init(&skdec);
	br_pem_decoder_init(&pemdec);

	// TODO: Better validation of PEM file
	while (!feof(skin)) {
		size_t n = fread(&buf, 1, sizeof(buf), skin);
		if (ferror(skin)) {
			goto error;
		}
		size_t q = 0;
		while (q < n) {
			q += br_pem_decoder_push(&pemdec, &buf[q], n - q);
			switch (br_pem_decoder_event(&pemdec)) {
			case BR_PEM_BEGIN_OBJ:
				br_pem_decoder_setdest(&pemdec, &key_append, &skdec);
				break;
			case BR_PEM_END_OBJ:
				// no-op
				break;
			case BR_PEM_ERROR:
				fprintf(stderr, "Error decoding PEM private key\n");
				errno = EINVAL;
				goto error;
			}
		}
	}

	int err = br_skey_decoder_last_error(&skdec);
	if (err != 0) {
		fprintf(stderr, "Error loading private key: %d\n", err);
		errno = EINVAL;
		goto error;
	}
	switch (br_skey_decoder_key_type(&skdec)) {
		struct gmni_private_key *k;
		const br_ec_private_key *ec;
		const br_rsa_private_key *rsa;
	case BR_KEYTYPE_RSA:
		rsa = br_skey_decoder_get_rsa(&skdec);
		cert->key = k = malloc(sizeof(*k)
				+ rsa->plen + rsa->qlen
				+ rsa->dplen + rsa->dqlen
				+ rsa->iqlen);
		assert(k);
		k->type = BR_KEYTYPE_RSA;
		k->rsa = *rsa;
		k->rsa.p = k->data;
		k->rsa.q = k->rsa.p + k->rsa.plen;
		k->rsa.dp = k->rsa.q + k->rsa.qlen;
		k->rsa.dq = k->rsa.dp + k->rsa.dplen;
		k->rsa.iq = k->rsa.dq + k->rsa.dqlen;
		memcpy(k->rsa.p, rsa->p, rsa->plen);
		memcpy(k->rsa.q, rsa->q, rsa->qlen);
		memcpy(k->rsa.dp, rsa->dp, rsa->dplen);
		memcpy(k->rsa.dq, rsa->dq, rsa->dqlen);
		memcpy(k->rsa.iq, rsa->iq, rsa->iqlen);
		break;
	case BR_KEYTYPE_EC:
		ec = br_skey_decoder_get_ec(&skdec);
		cert->key = k = malloc(sizeof(*k) + ec->xlen);
		assert(k);
		k->type = BR_KEYTYPE_EC;
		k->ec.curve = ec->curve;
		k->ec.x = k->data;
		k->ec.xlen = ec->xlen;
		memcpy(k->ec.x, ec->x, ec->xlen);
		break;
	default:
		assert(0);
	}

	fclose(certin);
	fclose(skin);
	return 0;

error:
	fclose(certin);
	fclose(skin);
	free(cert->chain);
	return 1;
}