Fix Mbed TLS TODOs

paullouisageneau · Mar 10, 2023 · 1902efc · 1902efc
1 parent ca10f10
commit 1902efc
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 28 deletions.
diff --git a/src/impl/certificate.cpp b/src/impl/certificate.cpp
@@ -156,36 +156,52 @@ string make_fingerprint(gnutls_x509_crt_t crt) {
 
 Certificate Certificate::FromString(string crt_pem, string key_pem) {
 	PLOG_DEBUG << "Importing certificate from PEM string (MbedTLS)";
+	shared_ptr<mbedtls_x509_crt> crt(
+			new mbedtls_x509_crt,
+	    [](mbedtls_x509_crt *p) {
+		    mbedtls_x509_crt_free(p);
+		    delete p;
+	    });
 
-	// TODO
+	shared_ptr<mbedtls_pk_context> pk(
+			new mbedtls_pk_context,
+	    [](mbedtls_pk_context *p) {
+		    mbedtls_pk_free(p);
+		    delete p;
+	    });
+
+  mbedtls_x509_crt_init(crt.get());
+	mbedtls::check(mbedtls_x509_crt_parse(crt.get(), (const unsigned char *) crt_pem.c_str(), crt_pem.length()));
+
+	mbedtls_pk_init(pk.get());
+	mbedtls::check(mbedtls_pk_parse_key(pk.get(), (const unsigned char *) key_pem.c_str(), key_pem.size(), NULL, 0, NULL, 0));
+
+	return Certificate(std::move(crt), std::move(pk));
 }
 
 Certificate Certificate::FromFile(const string &crt_pem_file, const string &key_pem_file,
                                   const string &pass) {
 	PLOG_DEBUG << "Importing certificate from PEM file (MbedTLS): " << crt_pem_file;
 
 	shared_ptr<mbedtls_x509_crt> crt(
-	    []() {
-		    auto *p = new mbedtls_x509_crt;
-		    mbedtls_x509_crt_init(p);
-	    },
-	    []() {
+			new mbedtls_x509_crt,
+	    [](mbedtls_x509_crt *p) {
 		    mbedtls_x509_crt_free(p);
 		    delete p;
 	    });
 
 	shared_ptr<mbedtls_pk_context> pk(
-	    []() {
-		    auto *p = new mbedtls_pk_context;
-		    mbedtls_pk_context_init(p);
-	    },
-	    []() {
-		    mbedtls_pk_context_free(p);
+			new mbedtls_pk_context,
+	    [](mbedtls_pk_context *p) {
+		    mbedtls_pk_free(p);
 		    delete p;
 	    });
 
-	mbedtls::check(mbedtls_x509_crt_parse_file(crt.get(), crt_pem.c_str()));
-	mbedtls::check(mbedtls_pk_parse_keyfile(pk.get(), key_pem.c_str(), ""));
+	mbedtls_x509_crt_init(crt.get());
+	mbedtls::check(mbedtls_x509_crt_parse_file(crt.get(), crt_pem_file.c_str()));
+
+	mbedtls_pk_init(pk.get());
+	mbedtls::check(mbedtls_pk_parse_keyfile(pk.get(), key_pem_file.c_str(), pass.c_str(), 0, NULL));
 
 	return Certificate(std::move(crt), std::move(pk));
 }
@@ -194,24 +210,20 @@ Certificate Certificate::Generate(CertificateType type, const string &commonName
 	PLOG_DEBUG << "Generating certificate (MbedTLS)";
 
 	shared_ptr<mbedtls_x509_crt> crt(
-	    []() {
-		    auto *p = new mbedtls_x509_crt;
-		    mbedtls_x509_crt_init(p);
-	    },
-	    []() {
+			new mbedtls_x509_crt,
+	    [](mbedtls_x509_crt *p) {
 		    mbedtls_x509_crt_free(p);
 		    delete p;
 	    });
+	mbedtls_x509_crt_init(crt.get());
 
 	shared_ptr<mbedtls_pk_context> pk(
-	    []() {
-		    auto *p = new mbedtls_pk_context;
-		    mbedtls_pk_context_init(p);
-	    },
-	    []() {
-		    mbedtls_pk_context_free(p);
+			new mbedtls_pk_context,
+	    [](mbedtls_pk_context *p) {
+		    mbedtls_pk_free(p);
 		    delete p;
 	    });
+	mbedtls_pk_init(pk.get());
 
 	mbedtls_entropy_context entropy;
 	mbedtls_ctr_drbg_context drbg;
@@ -288,6 +300,8 @@ Certificate Certificate::Generate(CertificateType type, const string &commonName
 	return Certificate(std::move(crt), std::move(pk));
 }
 
+#elif USE_GNUTLS
+
 // TODO
 Certificate::Certificate(gnutls_x509_crt_t crt, gnutls_x509_privkey_t privkey)
     : mCredentials(gnutls::new_credentials(), gnutls::free_credentials),

diff --git a/src/impl/certificate.hpp b/src/impl/certificate.hpp
@@ -29,7 +29,7 @@ class Certificate {
 #if USE_GNUTLS
 	Certificate(gnutls_x509_crt_t crt, gnutls_x509_privkey_t privkey);
 	gnutls_certificate_credentials_t credentials() const;
-#if USE_MBEDTLS
+#elif USE_MBEDTLS
 	Certificate(shared_ptr<mbedtls_x509_crt> crt, shared_ptr<mbedtls_pk_context> pk);
 	std::tuple<shared_ptr<mbedtls_x509_crt>, shared_ptr<mbedtls_pk_context>> credentials() const;
 #else // OPENSSL
@@ -45,7 +45,7 @@ class Certificate {
 #if USE_GNUTLS
 	Certificate(shared_ptr<gnutls_certificate_credentials_t> creds);
 	const shared_ptr<gnutls_certificate_credentials_t> mCredentials;
-#if USE_MBEDTLS
+#elif USE_MBEDTLS
 	const shared_ptr<mbedtls_x509_crt> mCrt;
 	const shared_ptr<mbedtls_pk_context> mPk;
 #else
@@ -59,6 +59,8 @@ class Certificate {
 #if USE_GNUTLS
 string make_fingerprint(gnutls_certificate_credentials_t credentials);
 string make_fingerprint(gnutls_x509_crt_t crt);
+#elif USE_MBEDTLS
+string make_fingerprint(shared_ptr<mbedtls_x509_crt> crt);
 #else
 string make_fingerprint(X509 *x509);
 #endif

diff --git a/src/impl/tls.hpp b/src/impl/tls.hpp
@@ -40,9 +40,14 @@ gnutls_datum_t make_datum(char *data, size_t size);
 
 #elif USE_MBEDTLS
 
-#include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/entropy.h"
 #include "mbedtls/pk.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/x509_crt.h"
+
 
 namespace rtc::mbedtls {