8000 Move BearSSLHelpers into BearSSL namespace by earlephilhower · Pull Request #5315 · esp8266/Arduino · GitHub
[go: up one dir, main page]

Skip to content

Move BearSSLHelpers into BearSSL namespace #5315

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Nov 7, 2018
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Move BearSSLHelpers into BearSSL namespace
BearSSLX509List, BearSSLSession, BearSSLPublicKey, and BearSSLPrivateKey
were all in the global namespace and not in the BearSSL:: one, due to an
oversight when they were originally created.  Move them to the proper
namespace with the following mapping:
    BearSSLX509List => BearSSL::X509List
    BearSSLSession => BearSSL::Session
    BearSSLPublicKey => BearSSL::PublicKey
    BearSSLPrivateKey => BearSSL::PrivateKey
  • Loading branch information
Earle F. Philhower, III authored and Earle F. Philhower, III committed Nov 6, 2018
commit 3fc8408b00aa4cd3fad3c844c83c69e43d088088
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ void setup()

MDNS.begin(host);

httpServer.setRSACert(new BearSSLX509List(serverCert), new BearSSLPrivateKey(serverKey));
httpServer.setRSACert(new BearSSL::X509List(serverCert), new BearSSL::PrivateKey(serverKey));
httpUpdater.setup(&httpServer, update_path, update_username, update_password);
httpServer.begin();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ void setup(void){
Serial.println("MDNS responder started");
}

server.setRSACert(new BearSSLX509List(serverCert), new BearSSLPrivateKey(serverKey));
server.setRSACert(new BearSSL::X509List(serverCert), new BearSSL::PrivateKey(serverKey));

server.on("/", handleRoot);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,12 @@ ESP8266WebServerSecure::ESP8266WebServerSecure(int port)
{
}

void ESP8266WebServerSecure::setRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk)
void ESP8266WebServerSecure::setRSACert(const X509List *chain, const PrivateKey *sk)
{
_serverSecure.setRSACert(chain, sk);
}

void ESP8266WebServerSecure::setECCert(const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk)
void ESP8266WebServerSecure::setECCert(const X509List *chain, unsigned cert_issuer_key_type, const PrivateKey *sk)
{
_serverSecure.setECCert(chain, cert_issuer_key_type, sk);
}
Expand Down Expand Up @@ -83,7 +83,7 @@ void ESP8266WebServerSecure::begin() {

void ESP8266WebServerSecure::handleClient() {
if (_currentStatus == HC_NONE) {
BearSSL::WiFiClientSecure client = _serverSecure.available();
WiFiClientSecure client = _serverSecure.available();
if (!client) {
return;
}
Expand Down Expand Up @@ -136,7 +136,7 @@ void ESP8266WebServerSecure::handleClient() {
}

if (!keepCurrentClient) {
_currentClientSecure = BearSSL::WiFiClientSecure();
_currentClientSecure = WiFiClientSecure();
_currentStatus = HC_NONE;
_currentUpload.reset();
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ class ESP8266WebServerSecure : public ESP8266WebServer
virtual ~ESP8266WebServerSecure();

void setBufferSizes(int recv, int xmit);
void setRSACert(const BearSSLX509List *chain, const BearSSLPrivateKey *sk);
void setECCert(const BearSSLX509List *chain, unsigned cert_issuer_key_type, const BearSSLPrivateKey *sk);
void setRSACert(const X509List *chain, const PrivateKey *sk);
void setECCert(const X509List *chain, unsigned cert_issuer_key_type, const PrivateKey *sk);

WiFiClient client() override { return _currentClientSecure; }

Expand All @@ -61,8 +61,8 @@ class ESP8266WebServerSecure : public ESP8266WebServer
size_t _currentClientWrite_P (PGM_P bytes, size_t len) override { return _currentClientSecure.write_P(bytes, len); }

protected:
BearSSL::WiFiServerSecure _serverSecure;
BearSSL::WiFiClientSecure _currentClientSecure;
WiFiServerSecure _serverSecure;
WiFiClientSecure _currentClientSecure;
};

};
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -121,8 +121,8 @@ void setup() {
Serial.println(WiFi.localIP());

// Attach the server private cert/key combo
BearSSLX509List *serverCertList = new BearSSLX509List(server_cert);
BearSSLPrivateKey *serverPrivKey = new BearSSLPrivateKey(server_private_key);
BearSSL::X509List *serverCertList = new BearSSL::X509List(server_cert);
BearSSL::PrivateKey *serverPrivKey = new BearSSL::PrivateKey(server_private_key);
server.setRSACert(serverCertList, serverPrivKey);

// Actually start accepting connections
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -197,12 +197,12 @@ void setup() {
setClock(); // Required for X.509 validation

// Attach the server private cert/key combo
BearSSLX509List *serverCertList = new BearSSLX509List(server_cert);
BearSSLPrivateKey *serverPrivKey = new BearSSLPrivateKey(server_private_key);
BearSSL::X509List *serverCertList = new BearSSL::X509List(server_cert);
BearSSL::PrivateKey *serverPrivKey = new BearSSL::PrivateKey(server_private_key);
server.setRSACert(serverCertList, serverPrivKey);

// Require a certificate validated by the trusted CA
BearSSLX509List *serverTrustedCA = new BearSSLX509List(ca_cert);
BearSSL::X509List *serverTrustedCA = new BearSSL::X509List(ca_cert);
server.setClientTrustAnchor(serverTrustedCA);

// Actually start accepting connections
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
)EOF";
uint32_t start, finish;
BearSSL::WiFiClientSecure client;
BearSSLX509List cert(digicert);
BearSSL::X509List cert(digicert);

Serial.printf("Connecting without sessions...");
start = millis();
Expand All @@ -128,7 +128,7 @@ vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
finish = millis();
Serial.printf("Total time: %d F438 ms\n", finish - start);

BearSSLSession session;
BearSSL::Session session;
client.setSession(&session);
Serial.printf("Connecting with an unitialized session...");
start = millis();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -144,7 +144,7 @@ wQIDAQAB
-----END PUBLIC KEY-----
)KEY";
BearSSL::WiFiClientSecure client;
BearSSLPublicKey key(pubkey);
BearSSL::PublicKey key(pubkey);
client.setKnownKey(&key);
fetchURL(&client, host, port, path);
}
Expand Down Expand Up @@ -186,7 +186,7 @@ BearSSL does verify the notValidBefore/After fields.
)EOF");

BearSSL::WiFiClientSecure client;
BearSSLX509List cert(digicert);
BearSSL::X509List cert(digicert);
client.setTrustAnchors(&cert);
Serial.printf("Try validating without setting the time (should fail)\n");
fetchURL(&client, host, port, path);
Expand Down
9 changes: 6 additions & 3 deletions libraries/ESP8266WiFi/keywords.txt
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,14 @@ WiFiServerSecure KEYWORD1
WiFiUDP KEYWORD1
WiFiClientSecure KEYWORD1
ESP8266WiFiMulti KEYWORD1
BearSSLX509List KEYWORD1
BearSSLPrivateKey KEYWORD1
BearSSLPublicKey KEYWORD1
BearSSL KEYWORD1
X509List KEYWORD1
PrivateKey KEYWORD1
PublicKey KEYWORD1
CertStoreSPIFFSBearSSL KEYWORD1
CertStoreSDBearSSL KEYWORD1
Session KEYWORD1


######### 10000 ##############################
# Methods and Functions (KEYWORD2)
Expand Down
60 changes: 34 additions & 26 deletions libraries/ESP8266WiFi/src/BearSSLHelpers.cpp
< F987 td id="diff-27c310e0cd2a3e9cd07b2df131ac801c6787ec09914b6883b6b1962c1d51d8b7L682" data-line-number="682" class="blob-num blob-num-context js-linkable-line-number">
Original file line number Diff line number Diff line change
Expand Up @@ -622,33 +622,36 @@ namespace brssl {
};


namespace BearSSL {


// ----- Public Key -----

BearSSLPublicKey::BearSSLPublicKey() {
PublicKey::PublicKey() {
_key = nullptr;
}

BearSSLPublicKey::BearSSLPublicKey(const char *pemKey) {
PublicKey::PublicKey(const char *pemKey) {
_key = nullptr;
parse(pemKey);
}

BearSSLPublicKey::BearSSLPublicKey(const uint8_t *derKey, size_t derLen) {
PublicKey::PublicKey(const uint8_t *derKey, size_t derLen) {
_key = nullptr;
parse(derKey, derLen);
}

BearSSLPublicKey::~BearSSLPublicKey() {
PublicKey::~PublicKey() {
if (_key) {
brssl::free_public_key(_key);
}
}

bool BearSSLPublicKey::parse(const char *pemKey) {
bool PublicKey::parse(const char *pemKey) {
return parse((const uint8_t *)pemKey, strlen_P(pemKey));
}

bool BearSSLPublicKey::parse(const uint8_t *derKey, size_t derLen) {
bool PublicKey::parse(const uint8_t *derKey, size_t derLen) {
if (_key) {
brssl::free_public_key(_key);
_key = nullptr;
Expand All @@ -657,28 +660,28 @@ bool BearSSLPublicKey::parse(const uint8_t *derKey, size_t derLen) {
return _key ? true : false;
}

bool BearSSLPublicKey::isRSA() const {
bool PublicKey::isRSA() const {
if (!_key || _key->key_type != BR_KEYTYPE_RSA) {
return false;
}
return true;
}

bool BearSSLPublicKey::isEC() const {
bool PublicKey::isEC() const {
if (!_key || _key->key_type != BR_KEYTYPE_EC) {
return false;
}
return true;
}

const br_rsa_public_key *BearSSLPublicKey::getRSA() const {
const br_rsa_public_key *PublicKey::getRSA() const {
if (!_key || _key->key_type != BR_KEYTYPE_RSA) {
return nullptr;
}
return &_key->key.rsa;
}

const br_ec_public_key *BearSSLPublicKey::getEC() const {
const br_ec_public_key *PublicKey::getEC() const {
if (!_key || _key->key_type != BR_KEYTYPE_EC) {
return nullptr;
}
Expand All @@ -687,31 +690,31 @@ const br_ec_public_key *BearSSLPublicKey::getEC() const {

// ----- Private Key -----

BearSSLPrivateKey::BearSSLPrivateKey() {
PrivateKey::PrivateKey() {
_key = nullptr;
}

BearSSLPrivateKey::BearSSLPrivateKey(const char *pemKey) {
PrivateKey::PrivateKey(const char *pemKey) {
_key = nullptr;
parse(pemKey);
}

BearSSLPrivateKey::BearSSLPrivateKey(const uint8_t *derKey, size_t derLen) {
PrivateKey::PrivateKey(const uint8_t *derKey, size_t derLen) {
_key = nullptr;
parse(derKey, derLen);
}

BearSSLPrivateKey::~BearSSLPrivateKey() {
PrivateKey::~PrivateKey() {
if (_key) {
brssl::free_private_key(_key);
}
}

bool BearSSLPrivateKey::parse(const char *pemKey) {
bool PrivateKey::parse(const char *pemKey) {
return parse((const uint8_t *)pemKey, strlen_P(pemKey));
}

bool BearSSLPrivateKey::parse(const uint8_t *derKey, size_t derLen) {
bool PrivateKey::parse(const uint8_t *derKey, size_t derLen) {
if (_key) {
brssl::free_private_key(_key);
_key = nullptr;
Expand All @@ -720,68 +723,70 @@ bool BearSSLPrivateKey::parse(const uint8_t *derKey, size_t derLen) {
return _key ? true : false;
}

bool BearSSLPrivateKey::isRSA() const {
bool PrivateKey::isRSA() const {
if (!_key || _key->key_type != BR_KEYTYPE_RSA) {
return false;
}
return true;
}

bool BearSSLPrivateKey::isEC() const {
bool PrivateKey::isEC() const {
if (!_key || _key->key_type != BR_KEYTYPE_EC) {
return false;
}
return true;
}

const br_rsa_private_key *BearSSLPrivateKey::getRSA() const {
const br_rsa_private_key *PrivateKey::getRSA() const {
if (!_key || _key->key_type != BR_KEYTYPE_RSA) {
return nullptr;
}
return &_key->key.rsa;
}

const br_ec_private_key *BearSSLPrivateKey::getEC() const {
const br_ec_private_key *PrivateKey::getEC() const {
if (!_key || _key->key_type != BR_KEYTYPE_EC) {
return nullptr;
}
return &_key->key.ec;
}

BearSSLX509List::BearSSLX509List() {
// ----- Certificate Lists -----

X509List::X509List() {
_count = 0;
_cert = nullptr;
_ta = nullptr;
}

BearSSLX509List::BearSSLX509List(const char *pemCert) {
X509List::X509List(const char *pemCert) {
_count = 0;
_cert = nullptr;
_ta = nullptr;
append(pemCert);
}


BearSSLX509List::BearSSLX509List(const uint8_t *derCert, size_t derLen) {
X509List::X509List(const uint8_t *derCert, size_t derLen) {
_count = 0;
_cert = nullptr;
_ta = nullptr;
append(derCert, derLen);
}

BearSSLX509List::~BearSSLX509List() {
X509List::~X509List() {
brssl::free_certificates(_cert, _count); // also frees cert
for (size_t i = 0; i < _count; i++) {
brssl::free_ta_contents(&_ta[i]);
}
free(_ta);
}

bool BearSSLX509List::append(const char *pemCert) {
bool X509List::append(const char *pemCert) {
return append((const uint8_t *)pemCert, strlen_P(pemCert));
}

bool BearSSLX509List::append(const uint8_t *derCert, size_t derLen) {
bool X509List::append(const uint8_t *derCert, size_t derLen) {
size_t numCerts;
br_x509_certificate *newCerts = brssl::read_certificates((const char *)derCert, derLen, &numCerts);
if (!newCerts) {
Expand Down Expand Up @@ -819,3 +824,6 @@ bool BearSSLX509List::append(const uint8_t *derCert, size_t derLen) {

return true;
}

};

Loading
0