diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2021-05-30 09:19:26 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska-skaware@skarnet.org> | 2021-05-30 09:19:26 +0000 |
| commit | e763c3ef1485404585b923365f93314aab4e8dd6 (patch) | |
| tree | 53dbb23320627390527f0d0bc45278b8520c46dc /src/sbearssl/sbearssl_sni_policy_init.c | |
| parent | 02afa553cc33400ead38ac85f8f7f2f3fe79f49d (diff) | |
| download | s6-networking-e763c3ef1485404585b923365f93314aab4e8dd6.tar.xz | |
Start work on bearssl server-side sni
Diffstat (limited to 'src/sbearssl/sbearssl_sni_policy_init.c')
| -rw-r--r-- | src/sbearssl/sbearssl_sni_policy_init.c | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/src/sbearssl/sbearssl_sni_policy_init.c b/src/sbearssl/sbearssl_sni_policy_init.c new file mode 100644 index 0000000..fd0e946 --- /dev/null +++ b/src/sbearssl/sbearssl_sni_policy_init.c @@ -0,0 +1,75 @@ +/* ISC license. */ + +#include <errno.h> + +#include <bearssl.h> + +#include <skalibs/stralloc.h> +#include <skalibs/genalloc.h> +#include <skalibs/avltree.h> + +#include <s6-networking/sbearssl.h> + +#define INSTANCE(c) ((sbearssl_sni_policy_context *)(c)) + +static int choose (br_ssl_server_policy_class const **pctx, br_ssl_server_context const *sc, br_ssl_server_choices *choices) +{ + sbearssl_sni_policy_context *pol = INSTANCE(pctx) ; + uint32_t n ; + char const *servername = br_ssl_engine_get_server_name(&sc->eng) ; + if (!avltree_search(&pol->map, servername, &n) + && (!servername[0] || !avltree_search(&pol->map, "", &n))) + return 0 ; + avltree_free(&pol->map) ; + copy_and_free(pol, n) ; +} + +static uint32_t do_keyx (br_ssl_server_policy_class const **pctx, unsigned char *data, size_t *len) +{ + sbearssl_sni_policy_context *pol = INSTANCE(pctx) ; + switch (pol->skey.type) + { + case BR_KEYTYPE_RSA : return kx_rsa(pol, data, len) ; + case BR_KEYTYPE_EC : return kx_ec(pol, data, len) ; + default : return 0 ; + } +} + +static size_t do_sign (br_ssl_server_policy_class const **pctx, unsigned int algo_id, unsigned char *data, size_t hv_len, size_t len) +{ + sbearssl_sni_policy_context *pol = INSTANCE(pctx) ; + switch (pol->skey.type) + { + case BR_KEYTYPE_RSA : return sign_rsa(pol, algo_id, data, hv_len, len) ; + case BR_KEYTYPE_EC : return sign_ec(pol, algo_id, data, hv_len, len) ; + default : return 0 ; + } +} + +static br_ssl_server_policy_class const vtable = +{ + .context_size = sizeof(sbearssl_sni_policy_context), + .choose = &choose, + .do_keyx = &do_keyx, + .do_sign = &do_sign +} ; + +static void *sbearssl_sni_policy_node_dtok (uint32_t d, void *data) +{ + return ((sbearssl_sni_policy_context *)data)->storage.s + d ; +} + +static int sbearssl_sni_policy_node_cmp (void const *a, void const *b, void *data) +{ + (void)data ; + return strcmp((char const *)a, (char const *)b) ; +} + +void sbearssl_sni_policy_init (sbearssl_sni_policy_context *pol) +{ + pol->vtable = &vtable ; + pol->map = avltree_zero ; + pol->mapga = genalloc_zero ; + pol->certga = genalloc_zero ; + pol->storage = GENALLOC_ZERO ; +} |