cantushui
/
libh2o-win


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149
							/*
 * Copyright (c) 2018 Fastly
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to
 * deal in the Software without restriction, including without limitation the
 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
 * sell copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 * IN THE SOFTWARE.
 */
#include <assert.h>
#include <stdlib.h>
#include "brotli/decode.h"
#include "brotli/encode.h"
#include "picotls/certificate_compression.h"

static inline int decompress_certificate(ptls_decompress_certificate_t *self, ptls_t *tls, uint16_t algorithm, ptls_iovec_t output,
                                         ptls_iovec_t input)
{
    if (algorithm != PTLS_CERTIFICATE_COMPRESSION_ALGORITHM_BROTLI)
        goto Fail;

    size_t decoded_size = output.len;
    if (BrotliDecoderDecompress(input.len, input.base, &decoded_size, output.base) != BROTLI_DECODER_RESULT_SUCCESS)
        goto Fail;

    if (decoded_size != output.len)
        goto Fail;

    return 0;
Fail:
    return PTLS_ALERT_BAD_CERTIFICATE;
}

static const uint16_t algorithms[] = {PTLS_CERTIFICATE_COMPRESSION_ALGORITHM_BROTLI, UINT16_MAX};

ptls_decompress_certificate_t ptls_decompress_certificate = {algorithms, decompress_certificate};

static int emit_compressed_certificate(ptls_emit_certificate_t *_self, ptls_t *tls, ptls_message_emitter_t *emitter,
                                       ptls_key_schedule_t *key_sched, ptls_iovec_t context, int push_status_request,
                                       const uint16_t *compress_algos, size_t num_compress_algos)
{
    ptls_emit_compressed_certificate_t *self = (void *)_self;
    struct st_ptls_compressed_certificate_entry_t *entry;
    int ret;

    assert(context.len == 0 || !"precompressed mode can only be used for server certificates");

    for (size_t i = 0; i != num_compress_algos; ++i) {
        if (compress_algos[i] == PTLS_CERTIFICATE_COMPRESSION_ALGORITHM_BROTLI)
            goto FoundBrotli;
    }
    /* brotli not found, delegate to the core */
    ret = PTLS_ERROR_DELEGATE;
    goto Exit;

FoundBrotli:
    entry = &self->without_ocsp_status;
    if (push_status_request && self->with_ocsp_status.uncompressed_length != 0)
        entry = &self->with_ocsp_status;

    ptls_push_message(emitter, key_sched, PTLS_HANDSHAKE_TYPE_COMPRESSED_CERTIFICATE, {
        ptls_buffer_push16(emitter->buf, PTLS_CERTIFICATE_COMPRESSION_ALGORITHM_BROTLI);
        ptls_buffer_push24(emitter->buf, entry->uncompressed_length);
        ptls_buffer_push_block(emitter->buf, 3, { ptls_buffer_pushv(emitter->buf, entry->bytes.base, entry->bytes.len); });
    });

    ret = 0;

Exit:
    return ret;
}

static int build_compressed(struct st_ptls_compressed_certificate_entry_t *entry, ptls_iovec_t *certificates,
                            size_t num_certificates, ptls_iovec_t ocsp_status)
{
    ptls_buffer_t uncompressed;
    int ret;

    ptls_buffer_init(&uncompressed, "", 0);

    /* build uncompressed */
    if ((ret = ptls_build_certificate_message(&uncompressed, ptls_iovec_init(NULL, 0), certificates, num_certificates,
                                              ocsp_status)) != 0)
        goto Exit;
    entry->uncompressed_length = (uint32_t)uncompressed.off;

    /* compress */
    entry->bytes.len = uncompressed.off - 1;
    if ((entry->bytes.base = malloc(entry->bytes.len)) == NULL) {
        ret = PTLS_ERROR_NO_MEMORY;
        goto Exit;
    }
    if (BrotliEncoderCompress(BROTLI_MAX_QUALITY, BROTLI_DEFAULT_WINDOW, BROTLI_MODE_GENERIC, uncompressed.off, uncompressed.base,
                              &entry->bytes.len, entry->bytes.base) != BROTLI_TRUE) {
        ret = PTLS_ERROR_COMPRESSION_FAILURE;
        goto Exit;
    }

    ret = 0;

Exit:
    if (ret != 0) {
        free(entry->bytes.base);
        *entry = (struct st_ptls_compressed_certificate_entry_t){0};
    }
    ptls_buffer_dispose(&uncompressed);
    return ret;
}

int ptls_init_compressed_certificate(ptls_emit_compressed_certificate_t *self, ptls_iovec_t *certificates, size_t num_certificates,
                                     ptls_iovec_t ocsp_status)
{
    int ret;

    *self = (ptls_emit_compressed_certificate_t){{emit_compressed_certificate}, PTLS_CERTIFICATE_COMPRESSION_ALGORITHM_BROTLI};

    /* build entries */
    if ((ret = build_compressed(&self->without_ocsp_status, certificates, num_certificates, ptls_iovec_init(NULL, 0))) != 0)
        goto Exit;
    if (ocsp_status.len != 0) {
        if ((ret = build_compressed(&self->with_ocsp_status, certificates, num_certificates, ocsp_status)) != 0)
            goto Exit;
    }

    ret = 0;

Exit:
    if (ret != 0)
        ptls_dispose_compressed_certificate(self);
    return ret;
}

void ptls_dispose_compressed_certificate(ptls_emit_compressed_certificate_t *self)
{
    free(self->with_ocsp_status.bytes.base);
    free(self->without_ocsp_status.bytes.base);
}