WebSVN – planix.SVN – /os/trunk/sys/src/libsec/port/thumb.c

#include "os.h"
#include <bio.h>
#include <libsec.h>

enum{ ThumbTab = 1<<10 };

static Thumbprint*
tablehead(uchar *hash, Thumbprint *table)
{
        return &table[((hash[0]<<8) + hash[1]) & (ThumbTab-1)];
}

void
freeThumbprints(Thumbprint *table)
{
        Thumbprint *hd, *p, *q;

        if(table == nil)
                return;
        for(hd = table; hd < table+ThumbTab; hd++){
                for(p = hd->next; p && p != hd; p = q){
                        q = p->next;
                        free(p);
                }
        }
        free(table);
}

int
okThumbprint(uchar *hash, int len, Thumbprint *table)
{
        Thumbprint *hd, *p;

        if(table == nil)
                return 0;
        hd = tablehead(hash, table);
        for(p = hd->next; p; p = p->next){
                if(p->len == len && memcmp(hash, p->hash, len) == 0)
                        return 1;
                if(p == hd)
                        break;
        }
        return 0;
}

int
okCertificate(uchar *cert, int len, Thumbprint *table)
{
        uchar hash[SHA2_256dlen];
        char thumb[2*SHA2_256dlen+1];

        if(table == nil){
                werrstr("no thumbprints provided");
                return 0;
        }
        if(cert == nil || len <= 0){
                werrstr("no certificate provided");
                return 0;
        }

        sha1(cert, len, hash, nil);
        if(okThumbprint(hash, SHA1dlen, table))
                return 1;

        sha2_256(cert, len, hash, nil);
        if(okThumbprint(hash, SHA2_256dlen, table))
                return 1;

        if(X509digestSPKI(cert, len, sha2_256, hash) < 0)
                return 0;
        if(okThumbprint(hash, SHA2_256dlen, table))
                return 1;

        len = enc64(thumb, sizeof(thumb), hash, SHA2_256dlen);
        while(len > 0 && thumb[len-1] == '=')
                len--;
        thumb[len] = '\0';
        werrstr("sha256=%s", thumb);

        return 0;
}

static int
loadThumbprints(char *file, char *tag, Thumbprint *table, Thumbprint *crltab, int depth)
{
        Thumbprint *hd, *entry;
        char *line, *field[50];
        uchar hash[SHA2_256dlen];
        Biobuf *bin;
        int len, n;

        if(depth > 8){
                werrstr("too many includes, last file %s", file);
                return -1;
        }
        if(access(file, AEXIST) < 0)
                return 0;       /* not an error */
        if((bin = Bopen(file, OREAD)) == nil)
                return -1;
        for(; (line = Brdstr(bin, '\n', 1)) != nil; free(line)){
                if(tokenize(line, field, nelem(field)) < 2)
                        continue;
                if(strcmp(field[0], "#include") == 0){
                        if(loadThumbprints(field[1], tag, table, crltab, depth+1) < 0)
                                goto err;
                        continue;
                }
                if(strcmp(field[0], tag) != 0)
                        continue;
                if(strncmp(field[1], "sha1=", 5) == 0){
                        field[1] += 5;
                        len = SHA1dlen;
                } else if(strncmp(field[1], "sha256=", 7) == 0){
                        field[1] += 7;
                        len = SHA2_256dlen;
                } else {
                        continue;
                }
                n = strlen(field[1]);
                if((n != len*2 || dec16(hash, len, field[1], n) != len)
                && dec64(hash, len, field[1], n) != len){
                        werrstr("malformed %s entry in %s: %s", tag, file, field[1]);
                        goto err;
                }
                if(crltab && okThumbprint(hash, len, crltab))
                        continue;
                hd = tablehead(hash, table);
                if(hd->next == nil)
                        entry = hd;
                else {
                        if((entry = malloc(sizeof(*entry))) == nil)
                                goto err;
                        entry->next = hd->next;
                }
                hd->next = entry;
                entry->len = len;
                memcpy(entry->hash, hash, len);
        }
        Bterm(bin);
        return 0;
err:
        free(line);
        Bterm(bin);
        return -1;
}

Thumbprint *
initThumbprints(char *ok, char *crl, char *tag)
{
        Thumbprint *table, *crltab;

        table = crltab = nil;
        if(crl){
                if((crltab = malloc(ThumbTab * sizeof(*crltab))) == nil)
                        goto err;
                memset(crltab, 0, ThumbTab * sizeof(*crltab));
                if(loadThumbprints(crl, tag, crltab, nil, 0) < 0)
                        goto err;
        }
        if((table = malloc(ThumbTab * sizeof(*table))) == nil)
                goto err;
        memset(table, 0, ThumbTab * sizeof(*table));
        if(loadThumbprints(ok, tag, table, crltab, 0) < 0){
                freeThumbprints(table);
                table = nil;
        }
err:
        freeThumbprints(crltab);
        return table;
}
Subversion Repositories planix.SVN

(root)/os/trunk/sys/src/libsec/port/thumb.c – Rev 33
