fix: Remove mbedsock
This commit is contained in:
parent
290be9e615
commit
8eb270365c
@ -1,16 +0,0 @@
|
|||||||
cmake_minimum_required(VERSION 3.7 FATAL_ERROR)
|
|
||||||
project(mbedsock VERSION 1.0.0 LANGUAGES C)
|
|
||||||
add_library(mbedsock SHARED mbedsock.c mbedsock.h mbedsock.def)
|
|
||||||
|
|
||||||
target_include_directories(mbedsock PUBLIC ${MBEDTLS_ROOT_DIR}/include)
|
|
||||||
target_link_libraries(mbedsock mbedtls mbedx509 mbedcrypto pthread)
|
|
||||||
link_directories(${MBEDTLS_ROOT_DIR}/lib)
|
|
||||||
|
|
||||||
set_target_properties(mbedsock PROPERTIES
|
|
||||||
PUBLIC_HEADER mbedsock.h
|
|
||||||
VERSION ${PROJECT_VERSION}
|
|
||||||
SOVERSION 1
|
|
||||||
OUTPUT_NAME "mbedsock"
|
|
||||||
XCODE_ATTRIBUTE_CODE_SIGN_IDENTITY "Hex_Identity_ID_Goes_Here"
|
|
||||||
)
|
|
||||||
install(TARGETS mbedsock)
|
|
@ -1,240 +0,0 @@
|
|||||||
#include "mbedtls/ssl.h"
|
|
||||||
#include "mbedtls/entropy.h"
|
|
||||||
#include "mbedtls/net_sockets.h"
|
|
||||||
#include "mbedtls/ctr_drbg.h"
|
|
||||||
#include "mbedsock.h"
|
|
||||||
|
|
||||||
#include <stdbool.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <string.h>
|
|
||||||
|
|
||||||
struct mbedsock_ctx *mbedsock_ctx_new_ex(const char *capath) {
|
|
||||||
struct mbedsock_ctx *ctx = malloc(sizeof(struct mbedsock_ctx));
|
|
||||||
mbedsock_ctx_new(ctx, capath);
|
|
||||||
|
|
||||||
return ctx;
|
|
||||||
}
|
|
||||||
|
|
||||||
struct mbedsock *mbedsock_new_ex(struct mbedsock_ctx *ctx) {
|
|
||||||
struct mbedsock *sock = malloc(sizeof(struct mbedsock));
|
|
||||||
mbedsock_new(ctx, sock);
|
|
||||||
|
|
||||||
return sock;
|
|
||||||
}
|
|
||||||
|
|
||||||
int mbedsock_ctx_new(struct mbedsock_ctx *ctx, const char *capath) {
|
|
||||||
int ret = 1;
|
|
||||||
|
|
||||||
mbedtls_x509_crt_init(&ctx->chain);
|
|
||||||
mbedtls_ctr_drbg_init(&ctx->ctr_drbg);
|
|
||||||
mbedtls_entropy_init(&ctx->entropy);
|
|
||||||
if ((ret = mbedtls_ctr_drbg_seed(&ctx->ctr_drbg, mbedtls_entropy_func, &ctx->entropy,
|
|
||||||
(unsigned char *) SSL_PERS,
|
|
||||||
SSL_PERS_LEN)) != 0)
|
|
||||||
return ret;
|
|
||||||
|
|
||||||
if((ret = mbedtls_x509_crt_parse_path(&ctx->chain, capath)) < 0 )
|
|
||||||
return ret;
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int mbedsock_new(struct mbedsock_ctx *ctx, struct mbedsock *sock) {
|
|
||||||
int ret = 1;
|
|
||||||
mbedtls_net_init(&sock->server_fd);
|
|
||||||
mbedtls_ssl_init(&sock->ssl);
|
|
||||||
mbedtls_ssl_config_init(&sock->conf);
|
|
||||||
|
|
||||||
mbedtls_ssl_conf_authmode(&sock->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
|
|
||||||
mbedtls_ssl_conf_ca_chain(&sock->conf, &ctx->chain, NULL);
|
|
||||||
mbedtls_ssl_conf_rng(&sock->conf, mbedtls_ctr_drbg_random, &ctx->ctr_drbg);
|
|
||||||
|
|
||||||
if ((ret = mbedtls_ssl_setup(&sock->ssl, &sock->conf)) != 0)
|
|
||||||
return ret;
|
|
||||||
|
|
||||||
mbedtls_ssl_set_bio(&sock->ssl, &sock->server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
|
|
||||||
|
|
||||||
if ((ret = mbedtls_ssl_config_defaults(&sock->conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT)) != 0)
|
|
||||||
return ret;
|
|
||||||
|
|
||||||
sock->secure = false;
|
|
||||||
sock->read_cb = NULL;
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
void mbedsock_free(struct mbedsock *sock) {
|
|
||||||
mbedtls_net_free(&sock->server_fd);
|
|
||||||
mbedtls_ssl_free(&sock->ssl);
|
|
||||||
mbedtls_ssl_config_free(&sock->conf);
|
|
||||||
}
|
|
||||||
|
|
||||||
void mbedsock_ctx_free(struct mbedsock_ctx *ctx) {
|
|
||||||
mbedtls_x509_crt_free(&ctx->chain);
|
|
||||||
mbedtls_ctr_drbg_free(&ctx->ctr_drbg);
|
|
||||||
mbedtls_entropy_free(&ctx->entropy);
|
|
||||||
}
|
|
||||||
|
|
||||||
void mbedsock_free_ex(struct mbedsock *sock) {
|
|
||||||
mbedsock_free(sock);
|
|
||||||
free(sock);
|
|
||||||
}
|
|
||||||
|
|
||||||
void mbedsock_ctx_free_ex(struct mbedsock_ctx *ctx) {
|
|
||||||
mbedsock_ctx_free(ctx);
|
|
||||||
free(ctx);
|
|
||||||
}
|
|
||||||
|
|
||||||
int mbedsock_do_handshake(struct mbedsock *sock, const char *alpn, const char *sni) {
|
|
||||||
int ret = 1;
|
|
||||||
|
|
||||||
// Set ALPN, if desired
|
|
||||||
if (alpn != NULL) {
|
|
||||||
const char *alpn_list[2];
|
|
||||||
alpn_list[0] = alpn;
|
|
||||||
alpn_list[1] = NULL;
|
|
||||||
|
|
||||||
if ((ret = mbedtls_ssl_conf_alpn_protocols(&sock->conf, alpn_list)) != 0) {
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Set SNI, if desired
|
|
||||||
if (sni != NULL) {
|
|
||||||
if ((ret = mbedtls_ssl_set_hostname(&sock->ssl, sni)) != 0) {
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
while ((ret = mbedtls_ssl_handshake(&sock->ssl)) != 0) {
|
|
||||||
if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Verify the certificates
|
|
||||||
if ((ret = mbedtls_ssl_get_verify_result(&sock->ssl)) != 0) {
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
sock->secure = true;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int mbedsock_connect_secure(struct mbedsock *sock, const char *host, const char *port, const char *alpn, const char *sni) {
|
|
||||||
int ret = 1;
|
|
||||||
|
|
||||||
if ((ret = mbedtls_net_connect(&sock->server_fd, host, port, MBEDTLS_NET_PROTO_TCP)) != 0)
|
|
||||||
return ret;
|
|
||||||
|
|
||||||
if ((ret = mbedsock_do_handshake(sock, alpn, sni)))
|
|
||||||
return ret;
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int mbedsock_connect(struct mbedsock *sock, const char *host, const char *port) {
|
|
||||||
return mbedtls_net_connect(&sock->server_fd, host, port, MBEDTLS_NET_PROTO_TCP);
|
|
||||||
}
|
|
||||||
|
|
||||||
int mbedsock_write(struct mbedsock *sock, const unsigned char *data, int len) {
|
|
||||||
int ret = 1;
|
|
||||||
|
|
||||||
if (sock->secure) {
|
|
||||||
while ((ret = mbedtls_ssl_write(&sock->ssl, data, len)) <= 0) {
|
|
||||||
if(ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE)
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
if ((ret = mbedtls_net_send(&sock->server_fd, data, len)) <= 0)
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
int mbedsock_read(struct mbedsock *sock, unsigned char *buf, int len) {
|
|
||||||
int ret = 1;
|
|
||||||
|
|
||||||
memset(buf, 0, len);
|
|
||||||
if (sock->secure) {
|
|
||||||
do {
|
|
||||||
ret = mbedtls_ssl_read(&sock->ssl, buf, len);
|
|
||||||
|
|
||||||
if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE)
|
|
||||||
continue;
|
|
||||||
|
|
||||||
// TODO: Notify
|
|
||||||
if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY)
|
|
||||||
break;
|
|
||||||
|
|
||||||
if (ret < 0)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
} while (true);
|
|
||||||
} else {
|
|
||||||
ret = mbedtls_net_recv(&sock->server_fd, buf, len);
|
|
||||||
|
|
||||||
if (ret < 0)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
bool mbedsock_is_secure(struct mbedsock *sock) {
|
|
||||||
return sock->secure;
|
|
||||||
}
|
|
||||||
|
|
||||||
void mbedsock_set_read_cb(struct mbedsock *sock, void (*read_cb)(int)) {
|
|
||||||
sock->read_cb = read_cb;
|
|
||||||
}
|
|
||||||
|
|
||||||
struct mbedsock_thread_data {
|
|
||||||
struct mbedsock *sock;
|
|
||||||
unsigned char *buf;
|
|
||||||
int len;
|
|
||||||
};
|
|
||||||
|
|
||||||
void _mbedsock_read_loop(void *args) {
|
|
||||||
struct mbedsock_thread_data *data = (struct mbedsock_thread_data *) args;
|
|
||||||
struct mbedsock *sock = data->sock;
|
|
||||||
unsigned char *buf = data->buf;
|
|
||||||
int len = data->len;
|
|
||||||
int result = 1;
|
|
||||||
|
|
||||||
printf("args2: %p\n", args);
|
|
||||||
printf("bufptr2: %p\n", buf);
|
|
||||||
printf("len: %d\n", len);
|
|
||||||
|
|
||||||
free(data);
|
|
||||||
|
|
||||||
while (true) {
|
|
||||||
result = mbedsock_read(sock, buf, len);
|
|
||||||
sock->read_cb(result);
|
|
||||||
|
|
||||||
if (result <= 0)
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
pthread_exit(NULL);
|
|
||||||
}
|
|
||||||
|
|
||||||
int mbedsock_run_read_loop(struct mbedsock *sock, unsigned char *buf, int len) {
|
|
||||||
if (sock->read_cb == NULL)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
sock->read_cb(42);
|
|
||||||
|
|
||||||
struct mbedsock_thread_data *data = malloc(sizeof(struct mbedsock_thread_data));
|
|
||||||
data->sock = sock;
|
|
||||||
data->buf = buf;
|
|
||||||
data->len = len;
|
|
||||||
|
|
||||||
printf("bufptr: %p\n", buf);
|
|
||||||
printf("args: %p\n", &data);
|
|
||||||
pthread_create(&sock->thread, NULL, &_mbedsock_read_loop, (void *) data);
|
|
||||||
return 0;
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
LIBRARY mbedsock
|
|
||||||
EXPORTS
|
|
||||||
mbedsock_ctx_new
|
|
||||||
mbedsock_new
|
|
@ -1,120 +0,0 @@
|
|||||||
#ifndef __MBEDSOCK_H__
|
|
||||||
#define __MBEDSOCK_H__
|
|
||||||
|
|
||||||
#include "mbedtls/ssl.h"
|
|
||||||
#include "mbedtls/entropy.h"
|
|
||||||
#include "mbedtls/net_sockets.h"
|
|
||||||
#include "mbedtls/ctr_drbg.h"
|
|
||||||
|
|
||||||
#include <stdbool.h>
|
|
||||||
#include <pthread.h>
|
|
||||||
|
|
||||||
#define SSL_PERS "moxxmpp_socket"
|
|
||||||
#define SSL_PERS_LEN sizeof(SSL_PERS)/sizeof(char)
|
|
||||||
|
|
||||||
/*
|
|
||||||
* The context for the sockets. This must be created once and is shared between all
|
|
||||||
* sockets.
|
|
||||||
*/
|
|
||||||
struct mbedsock_ctx {
|
|
||||||
mbedtls_entropy_context entropy;
|
|
||||||
mbedtls_ctr_drbg_context ctr_drbg;
|
|
||||||
mbedtls_x509_crt chain;
|
|
||||||
};
|
|
||||||
|
|
||||||
/*
|
|
||||||
* The data for the socket.
|
|
||||||
*/
|
|
||||||
struct mbedsock {
|
|
||||||
mbedtls_ssl_context ssl;
|
|
||||||
mbedtls_ssl_config conf;
|
|
||||||
mbedtls_net_context server_fd;
|
|
||||||
|
|
||||||
// The thread the socket runs in
|
|
||||||
pthread_t thread;
|
|
||||||
|
|
||||||
// The callback function when the read loop is running
|
|
||||||
void (*read_cb)(int);
|
|
||||||
|
|
||||||
// Indicates whether the socket is secured using TLS (true) or not (false).
|
|
||||||
bool secure;
|
|
||||||
};
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Create a new mbedsock_ctx context and write it to @ctx. @capath is the path
|
|
||||||
* to the directory containing the system's .crt root CA files.
|
|
||||||
*
|
|
||||||
* Returns true if everything went well; something non-zero on errors.
|
|
||||||
*/
|
|
||||||
int mbedsock_ctx_new(struct mbedsock_ctx *ctx, const char *capath);
|
|
||||||
struct mbedsock_ctx *mbedsock_ctx_new_ex(const char *capath);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Create a new socket using the context @ctx and writes it to @sock. Returns zero
|
|
||||||
* on success; something non-zero on error.
|
|
||||||
*/
|
|
||||||
int mbedsock_new(struct mbedsock_ctx *ctx, struct mbedsock *sock);
|
|
||||||
struct mbedsock *mbedsock_new_ex(struct mbedsock_ctx *ctx);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Free the resources used by @sock.
|
|
||||||
*/
|
|
||||||
void mbedsock_free(struct mbedsock *sock);
|
|
||||||
void mbedsock_free_ex(struct mbedsock *sock);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Free the resources used by @ctx.
|
|
||||||
*/
|
|
||||||
void mbedsock_ctx_free(struct mbedsock_ctx *ctx);
|
|
||||||
void mbedsock_ctx_free_ex(struct mbedsock_ctx *ctx);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Performs the TLS handshake and upgrades the connection @sock to a secured one.
|
|
||||||
* If @alpn is not NULL, then its value will be used for TLS ALPN. If @sni is not NULL,
|
|
||||||
* then its value will be used for Server Name Indication.
|
|
||||||
*
|
|
||||||
* Returns 0 on success; something non-zero on failure.
|
|
||||||
*/
|
|
||||||
int mbedsock_do_handshake(struct mbedsock *sock, const char *alpn, const char *sni);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Use socket @sock to to connect to @host:@port and immediately call
|
|
||||||
* mbedsock_do_handshake. @alpn and @sni are used for mbedsock_do_handshake.
|
|
||||||
*
|
|
||||||
* Returns 0 on success; something non-zero on failure.
|
|
||||||
*/
|
|
||||||
int mbedsock_connect_secure(struct mbedsock *sock, const char *host, const char *port, const char *alpn, const char *sni);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Use socket @sock to to connect to @host:@port. The socket is not secured on success.
|
|
||||||
*
|
|
||||||
* Returns 0 on success; something non-zero on failure.
|
|
||||||
*/
|
|
||||||
int mbedsock_connect(struct mbedsock *sock, const char *host, const char *port);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Write @data - @len being the amount of bytes in data to read - to @sock. The function
|
|
||||||
* uses @sock's secure attribute to decide whether to use TLS or not.
|
|
||||||
*
|
|
||||||
* Returns the amount of bytes written on success. The documentation for
|
|
||||||
* mbedtls_ssl_write and mbedtls_net_send apply for the return value. Returns -1
|
|
||||||
* if an error occurred.
|
|
||||||
*/
|
|
||||||
int mbedsock_write(struct mbedsock *sock, const unsigned char *data, int len);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Read data from @sock into @buf. @len is the size of the buffer.
|
|
||||||
*
|
|
||||||
* Returns the amount of bytes read on success. The documentation for
|
|
||||||
* mbedtls_ssl_read and mbedtls_net_recv apply for the return value. Returns -1
|
|
||||||
* if an error occurred.
|
|
||||||
*/
|
|
||||||
int mbedsock_read(struct mbedsock *sock, unsigned char *buf, int len);
|
|
||||||
|
|
||||||
bool mbedsock_is_secure(struct mbedsock *sock);
|
|
||||||
|
|
||||||
void mbedsock_set_read_cb(struct mbedsock *sock, void (*read_cb)(int));
|
|
||||||
|
|
||||||
int mbedsock_run_read_loop(struct mbedsock *sock, unsigned char *buf, int len);
|
|
||||||
|
|
||||||
#endif // __MBEDSOCK_H__
|
|
Loading…
Reference in New Issue
Block a user