diff --git a/mbedsock/CMakeLists.txt b/mbedsock/CMakeLists.txt deleted file mode 100644 index 134a831..0000000 --- a/mbedsock/CMakeLists.txt +++ /dev/null @@ -1,16 +0,0 @@ -cmake_minimum_required(VERSION 3.7 FATAL_ERROR) -project(mbedsock VERSION 1.0.0 LANGUAGES C) -add_library(mbedsock SHARED mbedsock.c mbedsock.h mbedsock.def) - -target_include_directories(mbedsock PUBLIC ${MBEDTLS_ROOT_DIR}/include) -target_link_libraries(mbedsock mbedtls mbedx509 mbedcrypto pthread) -link_directories(${MBEDTLS_ROOT_DIR}/lib) - -set_target_properties(mbedsock PROPERTIES - PUBLIC_HEADER mbedsock.h - VERSION ${PROJECT_VERSION} - SOVERSION 1 - OUTPUT_NAME "mbedsock" - XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Hex_Identity_ID_Goes_Here" -) -install(TARGETS mbedsock) diff --git a/mbedsock/mbedsock.c b/mbedsock/mbedsock.c deleted file mode 100644 index 9d1209b..0000000 --- a/mbedsock/mbedsock.c +++ /dev/null @@ -1,240 +0,0 @@ -#include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedsock.h" - -#include -#include -#include - -struct mbedsock_ctx *mbedsock_ctx_new_ex(const char *capath) { - struct mbedsock_ctx *ctx = malloc(sizeof(struct mbedsock_ctx)); - mbedsock_ctx_new(ctx, capath); - - return ctx; -} - -struct mbedsock *mbedsock_new_ex(struct mbedsock_ctx *ctx) { - struct mbedsock *sock = malloc(sizeof(struct mbedsock)); - mbedsock_new(ctx, sock); - - return sock; -} - -int mbedsock_ctx_new(struct mbedsock_ctx *ctx, const char *capath) { - int ret = 1; - - mbedtls_x509_crt_init(&ctx->chain); - mbedtls_ctr_drbg_init(&ctx->ctr_drbg); - mbedtls_entropy_init(&ctx->entropy); - if ((ret = mbedtls_ctr_drbg_seed(&ctx->ctr_drbg, mbedtls_entropy_func, &ctx->entropy, - (unsigned char *) SSL_PERS, - SSL_PERS_LEN)) != 0) - return ret; - - if((ret = mbedtls_x509_crt_parse_path(&ctx->chain, capath)) < 0 ) - return ret; - - return 0; -} - -int mbedsock_new(struct mbedsock_ctx *ctx, struct mbedsock *sock) { - int ret = 1; - mbedtls_net_init(&sock->server_fd); - mbedtls_ssl_init(&sock->ssl); - mbedtls_ssl_config_init(&sock->conf); - - mbedtls_ssl_conf_authmode(&sock->conf, MBEDTLS_SSL_VERIFY_REQUIRED); - mbedtls_ssl_conf_ca_chain(&sock->conf, &ctx->chain, NULL); - mbedtls_ssl_conf_rng(&sock->conf, mbedtls_ctr_drbg_random, &ctx->ctr_drbg); - - if ((ret = mbedtls_ssl_setup(&sock->ssl, &sock->conf)) != 0) - return ret; - - mbedtls_ssl_set_bio(&sock->ssl, &sock->server_fd, mbedtls_net_send, mbedtls_net_recv, NULL); - - if ((ret = mbedtls_ssl_config_defaults(&sock->conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT)) != 0) - return ret; - - sock->secure = false; - sock->read_cb = NULL; - - return 0; -} - -void mbedsock_free(struct mbedsock *sock) { - mbedtls_net_free(&sock->server_fd); - mbedtls_ssl_free(&sock->ssl); - mbedtls_ssl_config_free(&sock->conf); -} - -void mbedsock_ctx_free(struct mbedsock_ctx *ctx) { - mbedtls_x509_crt_free(&ctx->chain); - mbedtls_ctr_drbg_free(&ctx->ctr_drbg); - mbedtls_entropy_free(&ctx->entropy); -} - -void mbedsock_free_ex(struct mbedsock *sock) { - mbedsock_free(sock); - free(sock); -} - -void mbedsock_ctx_free_ex(struct mbedsock_ctx *ctx) { - mbedsock_ctx_free(ctx); - free(ctx); -} - -int mbedsock_do_handshake(struct mbedsock *sock, const char *alpn, const char *sni) { - int ret = 1; - - // Set ALPN, if desired - if (alpn != NULL) { - const char *alpn_list[2]; - alpn_list[0] = alpn; - alpn_list[1] = NULL; - - if ((ret = mbedtls_ssl_conf_alpn_protocols(&sock->conf, alpn_list)) != 0) { - return ret; - } - } - - // Set SNI, if desired - if (sni != NULL) { - if ((ret = mbedtls_ssl_set_hostname(&sock->ssl, sni)) != 0) { - return ret; - } - } - - while ((ret = mbedtls_ssl_handshake(&sock->ssl)) != 0) { - if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) - return ret; - } - - // Verify the certificates - if ((ret = mbedtls_ssl_get_verify_result(&sock->ssl)) != 0) { - return ret; - } - - sock->secure = true; - return 0; -} - -int mbedsock_connect_secure(struct mbedsock *sock, const char *host, const char *port, const char *alpn, const char *sni) { - int ret = 1; - - if ((ret = mbedtls_net_connect(&sock->server_fd, host, port, MBEDTLS_NET_PROTO_TCP)) != 0) - return ret; - - if ((ret = mbedsock_do_handshake(sock, alpn, sni))) - return ret; - - return 0; -} - -int mbedsock_connect(struct mbedsock *sock, const char *host, const char *port) { - return mbedtls_net_connect(&sock->server_fd, host, port, MBEDTLS_NET_PROTO_TCP); -} - -int mbedsock_write(struct mbedsock *sock, const unsigned char *data, int len) { - int ret = 1; - - if (sock->secure) { - while ((ret = mbedtls_ssl_write(&sock->ssl, data, len)) <= 0) { - if(ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) - return -1; - } - } else { - if ((ret = mbedtls_net_send(&sock->server_fd, data, len)) <= 0) - return -1; - } - - return ret; -} - -int mbedsock_read(struct mbedsock *sock, unsigned char *buf, int len) { - int ret = 1; - - memset(buf, 0, len); - if (sock->secure) { - do { - ret = mbedtls_ssl_read(&sock->ssl, buf, len); - - if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) - continue; - - // TODO: Notify - if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) - break; - - if (ret < 0) - return -1; - - return ret; - } while (true); - } else { - ret = mbedtls_net_recv(&sock->server_fd, buf, len); - - if (ret < 0) - return -1; - - return ret; - } - - return 0; -} - -bool mbedsock_is_secure(struct mbedsock *sock) { - return sock->secure; -} - -void mbedsock_set_read_cb(struct mbedsock *sock, void (*read_cb)(int)) { - sock->read_cb = read_cb; -} - -struct mbedsock_thread_data { - struct mbedsock *sock; - unsigned char *buf; - int len; -}; - -void _mbedsock_read_loop(void *args) { - struct mbedsock_thread_data *data = (struct mbedsock_thread_data *) args; - struct mbedsock *sock = data->sock; - unsigned char *buf = data->buf; - int len = data->len; - int result = 1; - - printf("args2: %p\n", args); - printf("bufptr2: %p\n", buf); - printf("len: %d\n", len); - - free(data); - - while (true) { - result = mbedsock_read(sock, buf, len); - sock->read_cb(result); - - if (result <= 0) - break; - } - - pthread_exit(NULL); -} - -int mbedsock_run_read_loop(struct mbedsock *sock, unsigned char *buf, int len) { - if (sock->read_cb == NULL) - return -1; - - sock->read_cb(42); - - struct mbedsock_thread_data *data = malloc(sizeof(struct mbedsock_thread_data)); - data->sock = sock; - data->buf = buf; - data->len = len; - - printf("bufptr: %p\n", buf); - printf("args: %p\n", &data); - pthread_create(&sock->thread, NULL, &_mbedsock_read_loop, (void *) data); - return 0; -} diff --git a/mbedsock/mbedsock.def b/mbedsock/mbedsock.def deleted file mode 100644 index ac29e61..0000000 --- a/mbedsock/mbedsock.def +++ /dev/null @@ -1,4 +0,0 @@ -LIBRARY mbedsock -EXPORTS - mbedsock_ctx_new - mbedsock_new \ No newline at end of file diff --git a/mbedsock/mbedsock.h b/mbedsock/mbedsock.h deleted file mode 100644 index 9ee89d1..0000000 --- a/mbedsock/mbedsock.h +++ /dev/null @@ -1,120 +0,0 @@ -#ifndef __MBEDSOCK_H__ -#define __MBEDSOCK_H__ - -#include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/ctr_drbg.h" - -#include -#include - -#define SSL_PERS "moxxmpp_socket" -#define SSL_PERS_LEN sizeof(SSL_PERS)/sizeof(char) - -/* - * The context for the sockets. This must be created once and is shared between all - * sockets. - */ -struct mbedsock_ctx { - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_x509_crt chain; -}; - -/* - * The data for the socket. - */ -struct mbedsock { - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_net_context server_fd; - - // The thread the socket runs in - pthread_t thread; - - // The callback function when the read loop is running - void (*read_cb)(int); - - // Indicates whether the socket is secured using TLS (true) or not (false). - bool secure; -}; - -/* - * Create a new mbedsock_ctx context and write it to @ctx. @capath is the path - * to the directory containing the system's .crt root CA files. - * - * Returns true if everything went well; something non-zero on errors. - */ -int mbedsock_ctx_new(struct mbedsock_ctx *ctx, const char *capath); -struct mbedsock_ctx *mbedsock_ctx_new_ex(const char *capath); - -/* - * Create a new socket using the context @ctx and writes it to @sock. Returns zero - * on success; something non-zero on error. - */ -int mbedsock_new(struct mbedsock_ctx *ctx, struct mbedsock *sock); -struct mbedsock *mbedsock_new_ex(struct mbedsock_ctx *ctx); - -/* - * Free the resources used by @sock. - */ -void mbedsock_free(struct mbedsock *sock); -void mbedsock_free_ex(struct mbedsock *sock); - -/* - * Free the resources used by @ctx. - */ -void mbedsock_ctx_free(struct mbedsock_ctx *ctx); -void mbedsock_ctx_free_ex(struct mbedsock_ctx *ctx); - -/* - * Performs the TLS handshake and upgrades the connection @sock to a secured one. - * If @alpn is not NULL, then its value will be used for TLS ALPN. If @sni is not NULL, - * then its value will be used for Server Name Indication. - * - * Returns 0 on success; something non-zero on failure. - */ -int mbedsock_do_handshake(struct mbedsock *sock, const char *alpn, const char *sni); - -/* - * Use socket @sock to to connect to @host:@port and immediately call - * mbedsock_do_handshake. @alpn and @sni are used for mbedsock_do_handshake. - * - * Returns 0 on success; something non-zero on failure. - */ -int mbedsock_connect_secure(struct mbedsock *sock, const char *host, const char *port, const char *alpn, const char *sni); - -/* - * Use socket @sock to to connect to @host:@port. The socket is not secured on success. - * - * Returns 0 on success; something non-zero on failure. - */ -int mbedsock_connect(struct mbedsock *sock, const char *host, const char *port); - -/* - * Write @data - @len being the amount of bytes in data to read - to @sock. The function - * uses @sock's secure attribute to decide whether to use TLS or not. - * - * Returns the amount of bytes written on success. The documentation for - * mbedtls_ssl_write and mbedtls_net_send apply for the return value. Returns -1 - * if an error occurred. - */ -int mbedsock_write(struct mbedsock *sock, const unsigned char *data, int len); - -/* - * Read data from @sock into @buf. @len is the size of the buffer. - * - * Returns the amount of bytes read on success. The documentation for - * mbedtls_ssl_read and mbedtls_net_recv apply for the return value. Returns -1 - * if an error occurred. - */ -int mbedsock_read(struct mbedsock *sock, unsigned char *buf, int len); - -bool mbedsock_is_secure(struct mbedsock *sock); - -void mbedsock_set_read_cb(struct mbedsock *sock, void (*read_cb)(int)); - -int mbedsock_run_read_loop(struct mbedsock *sock, unsigned char *buf, int len); - -#endif // __MBEDSOCK_H__