New opaque rustls_cipher_certified_key.

A rustls `CertifiedKey` can be constructed, given chain and key PEM data. Such
a key can be returned by the client_hello callback or configured at the
builder for use in the created session.

The builder can be provided with a list of certified_keys and the session
will chose the first one from the list that is compatible with the
signatures the client provided in its hello.

Author: Stefan Eissing

src/cipher.rs

@@ -1,8 +1,19 @@
 use std::{cmp::min, slice};
 
-use crate::{ffi_panic_boundary_generic, ffi_panic_boundary_unit};
+use crate::error::rustls_result;
+use crate::{
+    ffi_panic_boundary, ffi_panic_boundary_generic, ffi_panic_boundary_unit, try_ref_from_ptr,
+};
 use libc::{c_char, size_t};
+use std::io::Cursor;
 use std::os::raw::c_ushort;
+use std::sync::Arc;
+
+use rustls::{Certificate, PrivateKey};
+use rustls_pemfile::{certs, pkcs8_private_keys, rsa_private_keys};
+
+use rustls::sign::CertifiedKey;
+use rustls_result::NullParameter;
 
 /// All SignatureScheme currently defined in rustls.
 /// At the moment not exposed by rustls itself.
@@ -81,3 +92,110 @@ pub extern "C" fn rustls_cipher_get_signature_scheme_name(
         }
     }
 }
+
+/// The complete chain of certificates plus private key for
+/// being certified against someones list of trust anchors (commonly
+/// called root store). Corresponds to `CertifiedKey` in the Rust API.
+pub struct rustls_cipher_certified_key {
+    // We use the opaque struct pattern to tell C about our types without
+    // telling them what's inside.
+    // https://doc.rust-lang.org/nomicon/ffi.html#representing-opaque-structs
+    _private: [u8; 0],
+}
+
+#[no_mangle]
+pub extern "C" fn rustls_cipher_certified_key_build(
+    cert_chain: *const u8,
+    cert_chain_len: size_t,
+    private_key: *const u8,
+    private_key_len: size_t,
+    certified_key_out: *mut *const rustls_cipher_certified_key,
+) -> rustls_result {
+    ffi_panic_boundary! {
+        let certified_key = match certified_key_build(
+            cert_chain, cert_chain_len, private_key, private_key_len) {
+            Ok(key) => Box::new(key),
+            Err(rr) => return rr,
+        };
+        unsafe {
+            *certified_key_out = Arc::into_raw(Arc::new(*certified_key)) as *const _;
+        }
+        return rustls_result::Ok
+    }
+}
+
+/// "Free" a certified_key previously returned from
+/// rustls_cipher_certified_key_build. Since certified_key is actually an
+/// atomically reference-counted pointer, extant certified_key may still
+/// hold an internal reference to the Rust object. However, C code must
+/// consider this pointer unusable after "free"ing it.
+/// Calling with NULL is fine. Must not be called twice with the same value.
+#[no_mangle]
+pub extern "C" fn rustls_cipher_certified_key_free(config: *const rustls_cipher_certified_key) {
+    ffi_panic_boundary_unit! {
+        let key: &CertifiedKey = try_ref_from_ptr!(config, &mut CertifiedKey, ());
+        // To free the certified_key, we reconstruct the Arc. It should have a refcount of 1,
+        // representing the C code's copy. When it drops, that refcount will go down to 0
+        // and the inner ServerConfig will be dropped.
+        let arc: Arc<CertifiedKey> = unsafe { Arc::from_raw(key) };
+        let strong_count = Arc::strong_count(&arc);
+        if strong_count < 1 {
+            eprintln!(
+                "rustls_cipher_certified_key_free: invariant failed: arc.strong_count was < 1: {}. \
+                You must not free the same certified_key multiple times.",
+                strong_count
+            );
+        }
+    }
+}
+
+pub(crate) fn certified_key_build(
+    cert_chain: *const u8,
+    cert_chain_len: size_t,
+    private_key: *const u8,
+    private_key_len: size_t,
+) -> Result<CertifiedKey, rustls_result> {
+    let mut cert_chain: &[u8] = unsafe {
+        if cert_chain.is_null() {
+            return Err(NullParameter);
+        }
+        slice::from_raw_parts(cert_chain, cert_chain_len as usize)
+    };
+    let private_key: &[u8] = unsafe {
+        if private_key.is_null() {
+            return Err(NullParameter);
+        }
+        slice::from_raw_parts(private_key, private_key_len as usize)
+    };
+    let mut private_keys: Vec<Vec<u8>> = match pkcs8_private_keys(&mut Cursor::new(private_key)) {
+        Ok(v) => v,
+        Err(_) => return Err(rustls_result::PrivateKeyParseError),
+    };
+    let private_key: PrivateKey = match private_keys.pop() {
+        Some(p) => PrivateKey(p),
+        None => {
+            private_keys = match rsa_private_keys(&mut Cursor::new(private_key)) {
+                Ok(v) => v,
+                Err(_) => return Err(rustls_result::PrivateKeyParseError),
+            };
+            let rsa_private_key: PrivateKey = match private_keys.pop() {
+                Some(p) => PrivateKey(p),
+                None => return Err(rustls_result::PrivateKeyParseError),
+            };
+            rsa_private_key
+        }
+    };
+    let signing_key = match rustls::sign::any_supported_type(&private_key) {
+        Ok(key) => key,
+        Err(_) => return Err(rustls_result::PrivateKeyParseError),
+    };
+    let parsed_chain: Vec<Certificate> = match certs(&mut cert_chain) {
+        Ok(v) => v.into_iter().map(Certificate).collect(),
+        Err(_) => return Err(rustls_result::CertificateParseError),
+    };
+
+    Ok(rustls::sign::CertifiedKey::new(
+        parsed_chain,
+        Arc::new(signing_key),
+    ))
+}

src/crustls.h

@@ -89,6 +89,13 @@ typedef enum rustls_result {
   RUSTLS_RESULT_CERT_SCT_UNKNOWN_LOG = 7323,
 } rustls_result;
 
+/**
+ * The complete chain of certificates plus private key for
+ * being certified against someones list of trust anchors (commonly
+ * called root store). Corresponds to `CertifiedKey` in the Rust API.
+ */
+typedef struct rustls_cipher_certified_key rustls_cipher_certified_key;
+
 /**
  * A client config that is done being constructed and is now read-only.
  * Under the hood, this object corresponds to an Arc<ClientConfig>.
@@ -220,6 +227,22 @@ typedef struct rustls_client_hello {
   struct rustls_vec_bytes alpn;
 } rustls_client_hello;
 
+/**
+ * Prototype of a callback that can be installed by the application at the
+ * `rustls_server_config`. This callback will be invoked by a `rustls_server_session`
+ * once the TLS client hello message has been received.
+ * `userdata` will be supplied as provided when registering the callback.
+ * `hello`gives the value of the available client announcements, as interpreted
+ * by rustls. See the definition of `rustls_client_hello` for details.
+ *
+ * NOTE: the passed in `hello` and all its values are only availabe during the
+ * callback invocations.
+ *
+ * EXPERIMENTAL: this feature of crustls is likely to change in the future, as
+ * the rustls library is re-evaluating their current approach to client hello handling.
+ */
+typedef const struct rustls_cipher_certified_key *(*rustls_client_hello_callback)(rustls_client_hello_userdata userdata, const struct rustls_client_hello *hello);
+
 /**
  * Write the version of the crustls C bindings and rustls itself into the
  * provided buffer, up to a max of `len` bytes. Output is UTF-8 encoded
@@ -242,6 +265,22 @@ void rustls_cipher_get_signature_scheme_name(unsigned short scheme,
                                              size_t len,
                                              size_t *out_n);
 
+enum rustls_result rustls_cipher_certified_key_build(const uint8_t *cert_chain,
+                                                     size_t cert_chain_len,
+                                                     const uint8_t *private_key,
+                                                     size_t private_key_len,
+                                                     const struct rustls_cipher_certified_key **certified_key_out);
+
+/**
+ * "Free" a certified_key previously returned from
+ * rustls_cipher_certified_key_build. Since certified_key is actually an
+ * atomically reference-counted pointer, extant certified_key may still
+ * hold an internal reference to the Rust object. However, C code must
+ * consider this pointer unusable after "free"ing it.
+ * Calling with NULL is fine. Must not be called twice with the same value.
+ */
+void rustls_cipher_certified_key_free(const struct rustls_cipher_certified_key *config);
+
 /**
  * Create a rustls_client_config_builder. Caller owns the memory and must
  * eventually call rustls_client_config_builder_build, then free the
@@ -402,13 +441,36 @@ enum rustls_result rustls_server_config_builder_set_ignore_client_order(struct r
  * first.
  * private_key must point to a byte array of length private_key_len containing
  * a private key in PEM-encoded PKCS#8 or PKCS#1 format.
+ *
+ * EXPERIMENTAL: installing a client_hello callback will replace any
+ * configured certified keys and vice versa. Same holds true for the
+ * set_single_cert variant.
  */
 enum rustls_result rustls_server_config_builder_set_single_cert_pem(struct rustls_server_config_builder *builder,
                                                                     const uint8_t *cert_chain,
                                                                     size_t cert_chain_len,
                                                                     const uint8_t *private_key,
                                                                     size_t private_key_len);
 
+/**
+ * Provide the configuration a list of certificates where the session
+ * will select the first one that is compatible with the client's signing
+ * capabilities. Servers that want to support ECDSA and RSA certificates
+ * will want the ECSDA to go first in the list.
+ *
+ * The built configuration will keep a reference to all certified keys
+ * provided. The client may `rustls_cipher_certified_key_free()` afterwards
+ * without the configuration losing them. The same certified key may also
+ * be appear in multiple configs.
+ *
+ * EXPERIMENTAL: installing a client_hello callback will replace any
+ * configured certified keys and vice versa. Same holds true for the
+ * set_single_cert variant.
+ */
+enum rustls_result rustls_server_config_builder_set_certified_keys(struct rustls_server_config_builder *builder,
+                                                                   const struct rustls_cipher_certified_key *const *certified_keys,
+                                                                   size_t certified_keys_len);
+
 /**
  * Turn a *rustls_server_config_builder (mutable) into a *rustls_server_config
  * (read-only).
@@ -533,9 +595,11 @@ enum rustls_result rustls_server_session_get_sni_hostname(const struct rustls_se
  *
  * EXPERIMENTAL: this feature of crustls is likely to change in the future, as
  * the rustls library is re-evaluating their current approach to client hello handling.
+ * Installing a client_hello callback will replace any configured certified keys
+ * and vice versa. Same holds true for the set_single_cert variant.
  */
 enum rustls_result rustls_server_config_builder_set_hello_callback(struct rustls_server_config_builder *builder,
-                                                                   void (*callback)(rustls_client_hello_userdata userdata, const struct rustls_client_hello *hello),
+                                                                   rustls_client_hello_callback callback,
                                                                    rustls_client_hello_userdata userdata);
 
 #endif /* CRUSTLS_H */