J Reece Wilson
7a0593adeb
[+] AuCrypto::CA::INewCertificateStore [+] AuCrypto::CA::IPinCertificate [+] AuCrypto::CA::PinAlwaysFail [+] AuCrypto::CA::PinAlwaysPass [+] AuCrypto::CA::PinCheckOS [+] AuCrypto::CA::PinCheckDefault [+] AuCrypto::CA::PinCheckBuiltin [+] AuCrypto::CA::PinCheckGlobal [+] AuCrypto::CA::PinCheckTwoAnd [+] AuCrypto::CA::PinCheckTwoOr [+] AuCrypto::CA::SetGlobalTLSPinner [*] Minor AuCrypto::X509 decoder work [*] AuCrypto::X509: transition to memory views (x509 is bytebuffer era and earlier code, beri early) [+] AuCrypto::IPrivateKeyProvider [+] AuCrypto::IPrivateKeyPair [+] AuCrypto::PrivateKeyPair [+] AuCrypto::ImportPrivateKeyPair [*] Refactor: AuCrypto::X509::GenerateCertificate(...) [+] AuCrypto::X509::NewChainFromOneDer [+] AuCrypto::X509::NewChainFromManyDer [+] AuCrypto::X509::NewChainFromManyDerInStream [+] AuCrypto::X509::NewChainFromOnePem [+] AuCrypto::X509::NewChainFromManyPem [+] AuCrypto::X509::NewChainFromManyPemInStream [*] Fix TLS code that was abandoned since its introduction with the net code. mbedtls is a hairbrained mess. so many *blocking* github issues starting after 2017. so little progress. [+] AuIO::TLS::TLSMeta::pKeyPairProvider [+] AuIO::TLS::TLSServer::bAllowSNIToFallBackDefault [+] AuIO::TLS::TLSServer::bAllowSNILessUseDefaultCert
104 lines
2.8 KiB
C++
104 lines
2.8 KiB
C++
/***
|
|
Copyright (C) 2022-2024 Jamie Reece Wilson (a/k/a "Reece"). All rights reserved.
|
|
|
|
File: AuPrivateKeyPair.cpp
|
|
File: TLSPrivateKeyPair.cpp
|
|
Date: 2022-8-27
|
|
Author: Reece
|
|
***/
|
|
#include <Source/RuntimeInternal.hpp>
|
|
#include "AuPrivateKeyPair.hpp"
|
|
|
|
namespace Aurora::IO::TLS
|
|
{
|
|
AuString TLSErrorToString(int iError);
|
|
}
|
|
|
|
#include <mbedtls/ctr_drbg.h>
|
|
#include <mbedtls/timing.h> // TODO: deprecate me
|
|
|
|
namespace Aurora::IO::TLS
|
|
{
|
|
extern mbedtls_entropy_context gEntropy;
|
|
extern mbedtls_ctr_drbg_context gCtrDrbg;
|
|
}
|
|
|
|
namespace Aurora::Crypto::KeyPair
|
|
{
|
|
PrivateKeyPairImpl::PrivateKeyPairImpl(const AuSPtr<X509::ICertificateChain> &pCertificateChain) :
|
|
pCertificateChain(pCertificateChain)
|
|
{
|
|
::mbedtls_pk_init(&this->privateKey_);
|
|
}
|
|
|
|
PrivateKeyPairImpl::PrivateKeyPairImpl()
|
|
{
|
|
::mbedtls_pk_init(&this->privateKey_);
|
|
}
|
|
|
|
PrivateKeyPairImpl::~PrivateKeyPairImpl()
|
|
{
|
|
::mbedtls_pk_free(&this->privateKey_);
|
|
AuMemset(&this->privateKey_, 0xFF, sizeof(this->privateKey_));
|
|
}
|
|
|
|
AuSPtr<X509::ICertificateChain> PrivateKeyPairImpl::GetChain()
|
|
{
|
|
return this->pCertificateChain;
|
|
}
|
|
|
|
X509::CertificateChain *PrivateKeyPairImpl::ToChain()
|
|
{
|
|
if (this->pCertificateChain)
|
|
{
|
|
return AuStaticCast<X509::CertificateChain>(this->pCertificateChain.get());
|
|
}
|
|
else
|
|
{
|
|
return {};
|
|
}
|
|
}
|
|
|
|
mbedtls_pk_context &PrivateKeyPairImpl::GetInternal()
|
|
{
|
|
return this->privateKey_;
|
|
}
|
|
|
|
AUKN_SYM IPrivateKeyPair *ImportPrivateKeyPairNew(const PrivateKeyPair &keyPair)
|
|
{
|
|
int iRet {};
|
|
|
|
if (!keyPair.pCertificateChain)
|
|
{
|
|
SysPushErrorArg();
|
|
return {};
|
|
}
|
|
|
|
auto pPrivateKey = _new PrivateKeyPairImpl(keyPair.pCertificateChain);
|
|
if (!pPrivateKey)
|
|
{
|
|
SysPushErrorMemory();
|
|
return {};
|
|
}
|
|
|
|
iRet = ::mbedtls_pk_parse_key(&pPrivateKey->GetInternal(),
|
|
(const unsigned char *)keyPair.privateKey.Begin(),
|
|
keyPair.privateKey.Size(),
|
|
keyPair.sPassword.size() ? (const unsigned char *)keyPair.sPassword.c_str() : nullptr,
|
|
keyPair.sPassword.size(),
|
|
mbedtls_ctr_drbg_random,
|
|
&Aurora::IO::TLS::gCtrDrbg);
|
|
if (iRet != 0)
|
|
{
|
|
SysPushErrorCrypto("Invalid Private Key: {} ({})", Aurora::IO::TLS::TLSErrorToString(iRet), iRet);
|
|
return {};
|
|
}
|
|
|
|
return pPrivateKey;
|
|
}
|
|
|
|
AUKN_SYM void ImportPrivateKeyPairRelease(IPrivateKeyPair *pHandle)
|
|
{
|
|
AuSafeDelete<PrivateKeyPairImpl *>(pHandle);
|
|
}
|
|
} |