[+] ByteBuffer::GetNextLinearRead()
[+] ByteBuffer::GetNextLinearWrite() [-] ByteBuffer::WriterTryGetWriteHeadFor [+] ITLSPrivateKeyPair [+] ITLSContext::GetFatalErrorCodeAsString() [+] Begin to add certificate chains [*] Clean up TLS
This commit is contained in:
parent
afa7c8f5f8
commit
d68fc7fc91
20
Include/Aurora/IO/TLS/ICertificateChain.hpp
Normal file
20
Include/Aurora/IO/TLS/ICertificateChain.hpp
Normal file
@ -0,0 +1,20 @@
|
||||
/***
|
||||
Copyright (C) 2022 J Reece Wilson (a/k/a "Reece"). All rights reserved.
|
||||
|
||||
File: ICertifiateChain.hpp
|
||||
Date: 2022-8-30
|
||||
Author: Reece
|
||||
***/
|
||||
#pragma once
|
||||
|
||||
namespace Aurora::IO::TLS
|
||||
{
|
||||
struct ICertificateChain
|
||||
{
|
||||
virtual AuUInt32 GetCertificateCount() = 0;
|
||||
virtual AuMemoryViewRead GetCertificate(AuUInt32 idx) = 0;
|
||||
};
|
||||
|
||||
AUKN_SYM AuSPtr<ICertificateChain> ChainFromOne(const AuMemoryViewRead &read);
|
||||
AUKN_SYM AuSPtr<ICertificateChain> ChainFromMany(const AuList<AuMemoryViewRead> &read);
|
||||
}
|
@ -23,13 +23,45 @@ namespace Aurora::IO::TLS
|
||||
{
|
||||
struct TLSMeta
|
||||
{
|
||||
/**
|
||||
* @brief Input to-send, output-buffer size
|
||||
*/
|
||||
AuUInt uOutPageSize {};
|
||||
|
||||
/**
|
||||
* @brief
|
||||
*/
|
||||
AuString sSNIServerName;
|
||||
|
||||
/**
|
||||
* @brief Switches between server/client mode
|
||||
*/
|
||||
bool bIsClient { true };
|
||||
|
||||
/**
|
||||
* @brief
|
||||
*/
|
||||
AuNet::ETransportProtocol transportProtocol { AuNet::ETransportProtocol::eProtocolTCP };
|
||||
|
||||
/**
|
||||
* @brief
|
||||
*/
|
||||
AuSPtr<IPinCertificate> pCertPin;
|
||||
TLSPrivateKey privateKey;
|
||||
|
||||
/**
|
||||
* @brief
|
||||
*/
|
||||
AuSPtr<ITLSPrivateKeyPair> pKeyPair;
|
||||
|
||||
/**
|
||||
* @brief Override the cipersuites defined by ::GetDefaultCipherSuites()
|
||||
*/
|
||||
AuList<AuUInt16> cipherSuites;
|
||||
|
||||
/**
|
||||
* @brief Forces server side pinning of clients
|
||||
*/
|
||||
bool bPinServerPeers { false };
|
||||
};
|
||||
|
||||
struct ITLSContext
|
||||
@ -108,6 +140,12 @@ namespace Aurora::IO::TLS
|
||||
*/
|
||||
virtual int GetFatalErrorCode() = 0;
|
||||
|
||||
/**
|
||||
* @brief
|
||||
* @return
|
||||
*/
|
||||
virtual AuString GetFatalErrorCodeAsString() = 0;
|
||||
|
||||
/**
|
||||
* @brief
|
||||
*/
|
||||
|
@ -1,18 +0,0 @@
|
||||
/***
|
||||
Copyright (C) 2022 J Reece Wilson (a/k/a "Reece"). All rights reserved.
|
||||
|
||||
File: ITLSPrivateKey.hpp
|
||||
Date: 2022-8-27
|
||||
Author: Reece
|
||||
***/
|
||||
#pragma once
|
||||
|
||||
namespace Aurora::IO::TLS
|
||||
{
|
||||
struct ITLSPrivateKey
|
||||
{
|
||||
|
||||
};
|
||||
|
||||
AUKN_SYM AuSPtr<ITLSPrivateKey> ImportPrivateKey(const TLSPrivateKey &key);
|
||||
}
|
18
Include/Aurora/IO/TLS/ITLSPrivateKeyPair.hpp
Normal file
18
Include/Aurora/IO/TLS/ITLSPrivateKeyPair.hpp
Normal file
@ -0,0 +1,18 @@
|
||||
/***
|
||||
Copyright (C) 2022 J Reece Wilson (a/k/a "Reece"). All rights reserved.
|
||||
|
||||
File: ITLSPrivateKeyPair.hpp
|
||||
Date: 2022-8-27
|
||||
Author: Reece
|
||||
***/
|
||||
#pragma once
|
||||
|
||||
namespace Aurora::IO::TLS
|
||||
{
|
||||
struct ITLSPrivateKeyPair
|
||||
{
|
||||
virtual AuSPtr<ICertificateChain> GetChain() = 0;
|
||||
};
|
||||
|
||||
AUKN_SYM AuSPtr<ITLSPrivateKeyPair> ImportPrivateKeyPair(const TLSPrivateKeyPair &keyPair);
|
||||
}
|
@ -8,13 +8,13 @@
|
||||
#pragma once
|
||||
|
||||
#include "../Protocol/Protocol.hpp"
|
||||
#include "ICertificateChain.hpp"
|
||||
#include "IPinCertificate.hpp"
|
||||
#include "TLSPrivateKey.hpp"
|
||||
#include "ITLSPrivateKey.hpp"
|
||||
#include "TLSPrivateKeyPair.hpp"
|
||||
#include "ITLSPrivateKeyPair.hpp"
|
||||
#include "ITLSContext.hpp"
|
||||
#include "TLSCipherSuites.hpp"
|
||||
|
||||
namespace Aurora::IO::TLS
|
||||
{
|
||||
|
||||
}
|
@ -1,7 +1,7 @@
|
||||
/***
|
||||
Copyright (C) 2022 J Reece Wilson (a/k/a "Reece"). All rights reserved.
|
||||
|
||||
File: TLSPrivateKey.hpp
|
||||
File: TLSPrivateKeyPair.hpp
|
||||
Date: 2022-8-26
|
||||
Author: Reece
|
||||
***/
|
||||
@ -9,9 +9,10 @@
|
||||
|
||||
namespace Aurora::IO::TLS
|
||||
{
|
||||
struct TLSPrivateKey
|
||||
struct TLSPrivateKeyPair
|
||||
{
|
||||
AuByteBuffer raw;
|
||||
AuList<AuByteBuffer> certificateChain;
|
||||
AuByteBuffer privateKey;
|
||||
AuString sPassword;
|
||||
};
|
||||
}
|
@ -307,8 +307,8 @@ namespace Aurora::Memory
|
||||
|
||||
inline auline bool WriterTryGoForward(AuUInt32 offset);
|
||||
|
||||
inline auline AuUInt RemainingWrite(bool endAtRead = true);
|
||||
inline auline AuUInt RemainingBytes(bool endAtWrite = true);
|
||||
inline auline AuUInt RemainingWrite(bool endAtRead = true) const;
|
||||
inline auline AuUInt RemainingBytes(bool endAtWrite = true) const;
|
||||
|
||||
inline auline bool Skip(AuUInt count);
|
||||
inline auline AuUInt GetReadOffset() const;
|
||||
@ -316,7 +316,8 @@ namespace Aurora::Memory
|
||||
|
||||
inline auline void ResetReadPointer();
|
||||
|
||||
inline AuOptional<AuUInt8 *> WriterTryGetWriteHeadFor(AuUInt32 nBytes);
|
||||
inline MemoryViewRead GetNextLinearRead();
|
||||
inline MemoryViewWrite GetNextLinearWrite();
|
||||
|
||||
// Memory operations
|
||||
|
||||
|
@ -45,45 +45,6 @@ namespace Aurora::Memory
|
||||
return true;
|
||||
}
|
||||
|
||||
AuOptional<AuUInt8 *> ByteBuffer::WriterTryGetWriteHeadFor(AuUInt32 nBytes)
|
||||
{
|
||||
if (writePtr == base + length)
|
||||
{
|
||||
writePtr = base;
|
||||
}
|
||||
|
||||
if (flagCircular)
|
||||
{
|
||||
AuUInt32 linearOverhead;
|
||||
if (writePtr < readPtr)
|
||||
{
|
||||
linearOverhead = readPtr - writePtr;
|
||||
}
|
||||
else if (writePtr == readPtr)
|
||||
{
|
||||
linearOverhead = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
linearOverhead = length - (writePtr - base);
|
||||
}
|
||||
|
||||
if (linearOverhead < nBytes)
|
||||
{
|
||||
return {};
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (length - (writePtr - base) < nBytes)
|
||||
{
|
||||
return {};
|
||||
}
|
||||
}
|
||||
|
||||
return writePtr;
|
||||
}
|
||||
|
||||
bool ByteBuffer::ReaderTryGoBack(AuUInt32 offset)
|
||||
{
|
||||
if (flagCircular)
|
||||
@ -134,7 +95,7 @@ namespace Aurora::Memory
|
||||
}
|
||||
}
|
||||
|
||||
AuUInt ByteBuffer::RemainingBytes(bool endAtWrite)
|
||||
AuUInt ByteBuffer::RemainingBytes(bool endAtWrite) const
|
||||
{
|
||||
if (flagCircular)
|
||||
{
|
||||
@ -173,7 +134,7 @@ namespace Aurora::Memory
|
||||
}
|
||||
}
|
||||
|
||||
AuUInt ByteBuffer::RemainingWrite(bool endAtRead)
|
||||
AuUInt ByteBuffer::RemainingWrite(bool endAtRead) const
|
||||
{
|
||||
if (flagCircular)
|
||||
{
|
||||
@ -215,6 +176,62 @@ namespace Aurora::Memory
|
||||
readPtr = base;
|
||||
}
|
||||
|
||||
MemoryViewRead ByteBuffer::GetNextLinearRead()
|
||||
{
|
||||
AuUInt8 *pBase {};
|
||||
AuUInt uCount {};
|
||||
|
||||
if (this->flagCircular && this->base + this->length == this->readPtr)
|
||||
{
|
||||
this->readPtr = this->base;
|
||||
}
|
||||
|
||||
if (this->writePtr >= this->readPtr)
|
||||
{
|
||||
uCount = this->writePtr - this->readPtr;
|
||||
pBase = this->readPtr;
|
||||
}
|
||||
else if (this->flagCircular)
|
||||
{
|
||||
uCount = (this->base + this->length) - this->readPtr;
|
||||
pBase = this->readPtr;
|
||||
}
|
||||
|
||||
return MemoryViewRead(pBase, uCount);
|
||||
}
|
||||
|
||||
MemoryViewWrite ByteBuffer::GetNextLinearWrite()
|
||||
{
|
||||
AuUInt8 *pBase {};
|
||||
AuUInt uCount {};
|
||||
|
||||
if (this->flagCircular)
|
||||
{
|
||||
if (this->writePtr == this->base + this->length)
|
||||
{
|
||||
this->writePtr = this->base;
|
||||
}
|
||||
|
||||
if (this->readPtr > this->writePtr)
|
||||
{
|
||||
uCount = (this->writePtr - this->readPtr) - 1;
|
||||
pBase = this->writePtr;
|
||||
}
|
||||
else
|
||||
{
|
||||
uCount = ((this->base + this->length) - this->readPtr) - 1;
|
||||
pBase = this->writePtr;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
uCount = (this->base + this->length) - this->writePtr;
|
||||
pBase = this->writePtr;
|
||||
}
|
||||
|
||||
return MemoryViewWrite(pBase, uCount);
|
||||
}
|
||||
|
||||
AuUInt ByteBuffer::GetReadOffset() const
|
||||
{
|
||||
if (flagCircular)
|
||||
|
@ -10,7 +10,13 @@
|
||||
#include <Source/RuntimeInternal.hpp>
|
||||
#include <Aurora/IO/TLS/TLS.hpp>
|
||||
|
||||
#include <mbedtls/ssl.h>
|
||||
#include <mbedtls/x509.h>
|
||||
|
||||
namespace Aurora::IO::TLS
|
||||
{
|
||||
extern mbedtls_entropy_context gEntropy;
|
||||
extern mbedtls_ctr_drbg_context gCtrDrbg;
|
||||
|
||||
AuString TLSErrorToString(int iError);
|
||||
}
|
140
Source/IO/TLS/TLSCertificateChain.cpp
Normal file
140
Source/IO/TLS/TLSCertificateChain.cpp
Normal file
@ -0,0 +1,140 @@
|
||||
/***
|
||||
Copyright (C) 2022 J Reece Wilson (a/k/a "Reece"). All rights reserved.
|
||||
|
||||
File: TLSCertificateChain.cpp
|
||||
Date: 2022-8-27
|
||||
Author: Reece
|
||||
***/
|
||||
#include "TLS.hpp"
|
||||
#include "TLSCertificateChain.hpp"
|
||||
|
||||
namespace Aurora::IO::TLS
|
||||
{
|
||||
CertificateChain::CertificateChain()
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
CertificateChain::~CertificateChain()
|
||||
{
|
||||
::mbedtls_x509_crt_free(&this->ownCertificate);
|
||||
}
|
||||
|
||||
AuUInt32 CertificateChain::GetCertificateCount()
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
AuMemoryViewRead CertificateChain::GetCertificate(AuUInt32 idx)
|
||||
{
|
||||
return {};
|
||||
}
|
||||
|
||||
bool CertificateChain::Init(const AuList<AuByteBuffer> &certs)
|
||||
{
|
||||
int iRet {};
|
||||
|
||||
this->pCertificate = &this->ownCertificate;
|
||||
::mbedtls_x509_crt_init(&this->ownCertificate);
|
||||
|
||||
for (const auto &cert : certs)
|
||||
{
|
||||
iRet = ::mbedtls_x509_crt_parse(&this->ownCertificate,
|
||||
(const unsigned char *)cert.base,
|
||||
cert.length);
|
||||
if (iRet != 0)
|
||||
{
|
||||
SysPushErrorCrypto("Failed to parse certificate chain: {}", iRet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return this->Precache();
|
||||
}
|
||||
|
||||
bool CertificateChain::Init(const AuList<AuMemoryViewRead> &certs)
|
||||
{
|
||||
int iRet {};
|
||||
|
||||
this->pCertificate = &this->ownCertificate;
|
||||
::mbedtls_x509_crt_init(&this->ownCertificate);
|
||||
|
||||
for (const auto &cert : certs)
|
||||
{
|
||||
iRet = ::mbedtls_x509_crt_parse(&this->ownCertificate,
|
||||
(const unsigned char *)cert.ToPointer(),
|
||||
cert.length);
|
||||
if (iRet != 0)
|
||||
{
|
||||
SysPushErrorCrypto("Failed to parse certificate chain: {}", iRet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return this->Precache();
|
||||
}
|
||||
|
||||
bool CertificateChain::Init(const AuMemoryViewRead &cert)
|
||||
{
|
||||
int iRet {};
|
||||
|
||||
this->pCertificate = &this->ownCertificate;
|
||||
::mbedtls_x509_crt_init(&this->ownCertificate);
|
||||
|
||||
iRet = ::mbedtls_x509_crt_parse(&this->ownCertificate,
|
||||
(const unsigned char *)cert.ToPointer(),
|
||||
cert.length);
|
||||
if (iRet != 0)
|
||||
{
|
||||
SysPushErrorCrypto("Failed to parse certificate chain: {}", iRet);
|
||||
return false;
|
||||
}
|
||||
|
||||
return this->Precache();
|
||||
}
|
||||
|
||||
bool CertificateChain::Init(const mbedtls_x509_crt *pCert)
|
||||
{
|
||||
this->pCertificate = &this->ownCertificate;
|
||||
return this->Precache();
|
||||
}
|
||||
|
||||
bool CertificateChain::Precache()
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
AUKN_SYM AuSPtr<ICertificateChain> ChainFromOne(const AuMemoryViewRead &read)
|
||||
{
|
||||
auto pCertificateChain = AuMakeShared<CertificateChain>();
|
||||
if (!pCertificateChain)
|
||||
{
|
||||
SysPushErrorMemory();
|
||||
return {};
|
||||
}
|
||||
|
||||
if (!pCertificateChain->Init(read))
|
||||
{
|
||||
return {};
|
||||
}
|
||||
|
||||
return pCertificateChain;
|
||||
}
|
||||
|
||||
AUKN_SYM AuSPtr<ICertificateChain> ChainFromMany(const AuList<AuMemoryViewRead> &read)
|
||||
{
|
||||
auto pCertificateChain = AuMakeShared<CertificateChain>();
|
||||
if (!pCertificateChain)
|
||||
{
|
||||
SysPushErrorMemory();
|
||||
return {};
|
||||
}
|
||||
|
||||
if (!pCertificateChain->Init(read))
|
||||
{
|
||||
return {};
|
||||
}
|
||||
|
||||
return pCertificateChain;
|
||||
}
|
||||
}
|
29
Source/IO/TLS/TLSCertificateChain.hpp
Normal file
29
Source/IO/TLS/TLSCertificateChain.hpp
Normal file
@ -0,0 +1,29 @@
|
||||
/***
|
||||
Copyright (C) 2022 J Reece Wilson (a/k/a "Reece"). All rights reserved.
|
||||
|
||||
File: TLSCertificateChain.hpp
|
||||
Date: 2022-8-27
|
||||
Author: Reece
|
||||
***/
|
||||
#pragma once
|
||||
namespace Aurora::IO::TLS
|
||||
{
|
||||
struct CertificateChain : ICertificateChain
|
||||
{
|
||||
CertificateChain();
|
||||
~CertificateChain();
|
||||
|
||||
virtual AuUInt32 GetCertificateCount() override;
|
||||
virtual AuMemoryViewRead GetCertificate(AuUInt32 idx) override;
|
||||
|
||||
bool Init(const AuList<AuByteBuffer> &certs);
|
||||
bool Init(const AuList<AuMemoryViewRead> &certs);
|
||||
bool Init(const AuMemoryViewRead &cert);
|
||||
bool Init(const mbedtls_x509_crt *pCert);
|
||||
|
||||
bool Precache();
|
||||
|
||||
mbedtls_x509_crt *pCertificate;
|
||||
mbedtls_x509_crt ownCertificate;
|
||||
};
|
||||
}
|
@ -13,24 +13,29 @@
|
||||
|
||||
namespace Aurora::IO::TLS
|
||||
{
|
||||
static mbedtls_entropy_context gEntropy;
|
||||
static mbedtls_ctr_drbg_context gCtrDrbg;
|
||||
mbedtls_entropy_context gEntropy;
|
||||
mbedtls_ctr_drbg_context gCtrDrbg;
|
||||
static bool gTlsReady {};
|
||||
|
||||
AuString TLSErrorToString(int iError)
|
||||
{
|
||||
return {};
|
||||
}
|
||||
|
||||
void TLSInit()
|
||||
{
|
||||
int iRet;
|
||||
|
||||
::mbedtls_ctr_drbg_init(&gCtrDrbg);
|
||||
::mbedtls_entropy_init(&gEntropy);
|
||||
|
||||
int ret;
|
||||
|
||||
if ((ret = ::mbedtls_ctr_drbg_seed(&gCtrDrbg,
|
||||
if ((iRet = ::mbedtls_ctr_drbg_seed(&gCtrDrbg,
|
||||
::mbedtls_entropy_func,
|
||||
&gEntropy,
|
||||
(const unsigned char *)"ReeceWasHere",
|
||||
12)) != 0)
|
||||
{
|
||||
SysPushErrorNet("{}", ret);
|
||||
SysPushErrorNet("{} ({})", TLSErrorToString(iRet), iRet);
|
||||
return;
|
||||
}
|
||||
|
||||
@ -56,8 +61,8 @@ namespace Aurora::IO::TLS
|
||||
channelSend_(this),
|
||||
meta_(meta)
|
||||
{
|
||||
this->recvStack_ = AuMakeShared<Protocol::ProtocolStack>();
|
||||
this->sendStack_ = AuMakeShared<Protocol::ProtocolStack>();
|
||||
this->pRecvStack_ = AuMakeShared<Protocol::ProtocolStack>();
|
||||
this->pSendStack_ = AuMakeShared<Protocol::ProtocolStack>();
|
||||
}
|
||||
|
||||
TLSContext::TLSContext(const AuSPtr<Protocol::IProtocolStack> &pSendStack,
|
||||
@ -65,8 +70,8 @@ namespace Aurora::IO::TLS
|
||||
const TLSMeta &meta) :
|
||||
channelRecv_(this),
|
||||
channelSend_(this),
|
||||
recvStack_(AuStaticCast<Protocol::ProtocolStack>(pRecvStack)),
|
||||
sendStack_(AuStaticCast<Protocol::ProtocolStack>(pSendStack)),
|
||||
pRecvStack_(AuStaticCast<Protocol::ProtocolStack>(pRecvStack)),
|
||||
pSendStack_(AuStaticCast<Protocol::ProtocolStack>(pSendStack)),
|
||||
meta_(meta)
|
||||
{
|
||||
}
|
||||
@ -83,7 +88,7 @@ namespace Aurora::IO::TLS
|
||||
|
||||
int TLSContext::Write(const void *pIn, AuUInt length)
|
||||
{
|
||||
return this->sendStack_->pDrainBuffer->Write(pIn, length);
|
||||
return this->pSendStack_->pDrainBuffer->Write(pIn, length);
|
||||
}
|
||||
|
||||
int TLSContext::Read(void *pOut, AuUInt length)
|
||||
@ -123,38 +128,48 @@ namespace Aurora::IO::TLS
|
||||
//
|
||||
//
|
||||
|
||||
void TLSContext::Init()
|
||||
bool TLSContext::Init()
|
||||
{
|
||||
int ret;
|
||||
int iRet;
|
||||
|
||||
if (!this->sendStack_)
|
||||
if (!this->pSendStack_)
|
||||
{
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!this->recvStack_)
|
||||
if (!this->pRecvStack_)
|
||||
{
|
||||
return;
|
||||
return false;
|
||||
}
|
||||
|
||||
SysAssert(this->sendStack_->AddInterceptorEx(this->GetSendInterceptor(), this->meta_.uOutPageSize));
|
||||
SysAssert(this->recvStack_->AddInterceptorEx(this->GetRecvInterceptor(), this->meta_.uOutPageSize));
|
||||
if (!this->pSendStack_->AddInterceptorEx(this->GetSendInterceptor(), this->meta_.uOutPageSize))
|
||||
{
|
||||
SysPushErrorNet("Couldn't add TLS interceptor");
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!this->pRecvStack_->AddInterceptorEx(this->GetRecvInterceptor(), this->meta_.uOutPageSize))
|
||||
{
|
||||
SysPushErrorNet("Couldn't add TLS interceptor");
|
||||
return false;
|
||||
}
|
||||
|
||||
::mbedtls_ssl_init(&ssl);
|
||||
::mbedtls_ssl_config_init(&conf);
|
||||
::mbedtls_x509_crt_init(&cacert);
|
||||
::mbedtls_ssl_init(&this->ssl);
|
||||
::mbedtls_ssl_config_init(&this->conf);
|
||||
::mbedtls_x509_crt_init(&this->cacert);
|
||||
|
||||
if ((ret = ::mbedtls_ssl_config_defaults(&conf,
|
||||
if ((iRet = ::mbedtls_ssl_config_defaults(&this->conf,
|
||||
this->meta_.bIsClient ? MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
|
||||
this->meta_.transportProtocol == AuNet::ETransportProtocol::eProtocolUDP ? MBEDTLS_SSL_TRANSPORT_DATAGRAM : MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT)) != 0)
|
||||
{
|
||||
SysPushErrorNet("{}", ret);
|
||||
return;
|
||||
SysPushErrorNet("{} ({})", TLSErrorToString(iRet), iRet);
|
||||
return false;
|
||||
}
|
||||
|
||||
::mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
|
||||
::mbedtls_ssl_conf_ca_cb(&conf, [](void *p_ctx,
|
||||
::mbedtls_ssl_conf_authmode(&this->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
|
||||
|
||||
::mbedtls_ssl_conf_ca_cb(&this->conf, [](void *p_ctx,
|
||||
mbedtls_x509_crt const *child,
|
||||
mbedtls_x509_crt **candidate_cas) -> int
|
||||
{
|
||||
@ -162,35 +177,40 @@ namespace Aurora::IO::TLS
|
||||
return ((TLSContext *)p_ctx)->CheckCertificate({ child->raw.p, child->raw.len }) ? 0 : -1;
|
||||
}, this);
|
||||
|
||||
::mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &gCtrDrbg);
|
||||
::mbedtls_ssl_conf_dbg(&conf, [](void *, int, const char *as, int, const char *ad)
|
||||
::mbedtls_ssl_conf_rng(&this->conf, mbedtls_ctr_drbg_random, &gCtrDrbg);
|
||||
|
||||
::mbedtls_ssl_conf_dbg(&this->conf, [](void *, int, const char *as, int, const char *ad)
|
||||
{
|
||||
//AuLogDbg("{} <--> {}", as, ad);
|
||||
}, nullptr);
|
||||
|
||||
if ((ret = ::mbedtls_ssl_setup(&ssl, &conf)) != 0)
|
||||
if ((iRet = ::mbedtls_ssl_setup(&this->ssl, &this->conf)) != 0)
|
||||
{
|
||||
SysPushErrorNet("{}", ret);
|
||||
return;
|
||||
SysPushErrorNet("{} ({})", TLSErrorToString(iRet), iRet);
|
||||
return false;
|
||||
}
|
||||
|
||||
if (this->meta_.sSNIServerName.size())
|
||||
{
|
||||
if ((ret = ::mbedtls_ssl_set_hostname(&ssl, this->meta_.sSNIServerName.c_str())) != 0)
|
||||
if ((iRet = ::mbedtls_ssl_set_hostname(&this->ssl, this->meta_.sSNIServerName.c_str())) != 0)
|
||||
{
|
||||
SysPushErrorNet("{}", ret);
|
||||
return;
|
||||
SysPushErrorNet("{} ({})", TLSErrorToString(iRet), iRet);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
::mbedtls_ssl_set_bio(&ssl, this, TLSContextSend, TLSContextRecv, nullptr);
|
||||
::mbedtls_ssl_set_bio(&this->ssl, this, TLSContextSend, TLSContextRecv, nullptr);
|
||||
|
||||
if (this->meta_.cipherSuites.size())
|
||||
{
|
||||
this->cipherSuites_.reserve(this->meta_.cipherSuites.size());
|
||||
for (const auto &cipher : this->meta_.cipherSuites)
|
||||
{
|
||||
this->cipherSuites_.push_back(cipher);
|
||||
if (!AuTryInsert(this->cipherSuites_, cipher))
|
||||
{
|
||||
SysPushErrorMemory();
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -199,19 +219,29 @@ namespace Aurora::IO::TLS
|
||||
this->cipherSuites_.reserve(defaultCiphers.size());
|
||||
for (const auto &cipher : defaultCiphers)
|
||||
{
|
||||
this->cipherSuites_.push_back(cipher);
|
||||
if (!AuTryInsert(this->cipherSuites_, cipher))
|
||||
{
|
||||
SysPushErrorMemory();
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
this->cipherSuites_.push_back(0);
|
||||
((mbedtls_ssl_config *)ssl.private_conf/*fuck yourself*/)->private_ciphersuite_list = this->cipherSuites_.data();
|
||||
if (!AuTryInsert(this->cipherSuites_, 0))
|
||||
{
|
||||
SysPushErrorMemory();
|
||||
return false;
|
||||
}
|
||||
|
||||
((mbedtls_ssl_config *)this->ssl.private_conf/*fuck yourself*/)->private_ciphersuite_list = this->cipherSuites_.data();
|
||||
return true;
|
||||
}
|
||||
|
||||
void TLSContext::Destroy()
|
||||
{
|
||||
::mbedtls_ssl_free(&ssl);
|
||||
::mbedtls_ssl_config_free(&conf);
|
||||
::mbedtls_x509_crt_free(&cacert);
|
||||
::mbedtls_ssl_free(&this->ssl);
|
||||
::mbedtls_ssl_config_free(&this->conf);
|
||||
::mbedtls_x509_crt_free(&this->cacert);
|
||||
|
||||
this->Attach({});
|
||||
}
|
||||
@ -248,12 +278,12 @@ namespace Aurora::IO::TLS
|
||||
|
||||
AuSPtr<Protocol::IProtocolStack> TLSContext::ToReadStack()
|
||||
{
|
||||
return this->recvStack_;
|
||||
return this->pRecvStack_;
|
||||
}
|
||||
|
||||
AuSPtr<Protocol::IProtocolStack> TLSContext::ToWriteStack()
|
||||
{
|
||||
return this->sendStack_;
|
||||
return this->pSendStack_;
|
||||
}
|
||||
|
||||
AuSPtr<Protocol::IProtocolInterceptorEx> TLSContext::GetRecvInterceptor()
|
||||
@ -288,7 +318,21 @@ namespace Aurora::IO::TLS
|
||||
|
||||
void TLSContext::StartHandshake()
|
||||
{
|
||||
this->channelRecv_.TryHandshake();
|
||||
this->bIsAlive = false;
|
||||
this->bIsDead = false;
|
||||
this->bIsFatal = false;
|
||||
this->iFatalError = 0;
|
||||
|
||||
this->channelRecv_.HasCompletedHandshake() = false;
|
||||
|
||||
if (::mbedtls_ssl_session_reset(&this->ssl) != 0)
|
||||
{
|
||||
this->OnFatal();
|
||||
}
|
||||
else
|
||||
{
|
||||
this->channelRecv_.TryHandshake();
|
||||
}
|
||||
}
|
||||
|
||||
void TLSContext::StartClose()
|
||||
@ -314,6 +358,11 @@ namespace Aurora::IO::TLS
|
||||
{
|
||||
return this->iFatalError;
|
||||
}
|
||||
|
||||
AuString TLSContext::GetFatalErrorCodeAsString()
|
||||
{
|
||||
return TLSErrorToString(this->GetFatalErrorCode());
|
||||
}
|
||||
|
||||
AUKN_SYM AuSPtr<ITLSContext> NewTLSContext(const TLSMeta &meta)
|
||||
{
|
||||
@ -338,7 +387,10 @@ namespace Aurora::IO::TLS
|
||||
return {};
|
||||
}
|
||||
|
||||
pTlsContext->Init();
|
||||
if (!pTlsContext->Init())
|
||||
{
|
||||
return {};
|
||||
}
|
||||
|
||||
return pTlsContext;
|
||||
}
|
||||
|
@ -31,7 +31,7 @@ namespace Aurora::IO::TLS
|
||||
const TLSMeta &meta);
|
||||
~TLSContext();
|
||||
|
||||
void Init();
|
||||
bool Init();
|
||||
|
||||
virtual void Destroy() override;
|
||||
|
||||
@ -52,6 +52,8 @@ namespace Aurora::IO::TLS
|
||||
|
||||
int GetFatalErrorCode() override;
|
||||
|
||||
AuString GetFatalErrorCodeAsString() override;
|
||||
|
||||
void OnClose();
|
||||
void OnFatal();
|
||||
|
||||
@ -75,8 +77,8 @@ namespace Aurora::IO::TLS
|
||||
AuWPtr<Net::ISocket> wpSocket_;
|
||||
TLSProtocolRecv channelRecv_;
|
||||
TLSProtocolSend channelSend_;
|
||||
AuSPtr<Protocol::ProtocolStack> sendStack_;
|
||||
AuSPtr<Protocol::ProtocolStack> recvStack_;
|
||||
AuSPtr<Protocol::ProtocolStack> pSendStack_;
|
||||
AuSPtr<Protocol::ProtocolStack> pRecvStack_;
|
||||
|
||||
};
|
||||
}
|
@ -1,16 +0,0 @@
|
||||
/***
|
||||
Copyright (C) 2022 J Reece Wilson (a/k/a "Reece"). All rights reserved.
|
||||
|
||||
File: TLSPrivateKey.cpp
|
||||
Date: 2022-8-27
|
||||
Author: Reece
|
||||
***/
|
||||
#include "TLS.hpp"
|
||||
|
||||
namespace Aurora::IO::TLS
|
||||
{
|
||||
AUKN_SYM AuSPtr<ITLSPrivateKey> ImportPrivateKey(const TLSPrivateKey &key)
|
||||
{
|
||||
return {};
|
||||
}
|
||||
}
|
@ -1,16 +0,0 @@
|
||||
/***
|
||||
Copyright (C) 2022 J Reece Wilson (a/k/a "Reece"). All rights reserved.
|
||||
|
||||
File: TLSPrivateKey.hpp
|
||||
Date: 2022-8-27
|
||||
Author: Reece
|
||||
***/
|
||||
#pragma once
|
||||
|
||||
namespace Aurora::IO::TLS
|
||||
{
|
||||
struct TLSPrivateKeyImpl : ITLSPrivateKey
|
||||
{
|
||||
|
||||
};
|
||||
}
|
69
Source/IO/TLS/TLSPrivateKeyPair.cpp
Normal file
69
Source/IO/TLS/TLSPrivateKeyPair.cpp
Normal file
@ -0,0 +1,69 @@
|
||||
/***
|
||||
Copyright (C) 2022 J Reece Wilson (a/k/a "Reece"). All rights reserved.
|
||||
|
||||
File: TLSPrivateKeyPair.cpp
|
||||
Date: 2022-8-27
|
||||
Author: Reece
|
||||
***/
|
||||
#include "TLS.hpp"
|
||||
#include "TLSPrivateKeyPair.hpp"
|
||||
|
||||
namespace Aurora::IO::TLS
|
||||
{
|
||||
TLSPrivateKeyPairImpl::TLSPrivateKeyPairImpl()
|
||||
{
|
||||
::mbedtls_pk_init(&this->privateKey_);
|
||||
}
|
||||
|
||||
TLSPrivateKeyPairImpl::~TLSPrivateKeyPairImpl()
|
||||
{
|
||||
::mbedtls_pk_free(&this->privateKey_);
|
||||
}
|
||||
|
||||
AuSPtr<ICertificateChain> TLSPrivateKeyPairImpl::GetChain()
|
||||
{
|
||||
return AuSPtr<ICertificateChain>(AuSharedFromThis(), &this->chain_);
|
||||
}
|
||||
|
||||
CertificateChain *TLSPrivateKeyPairImpl::ToChain()
|
||||
{
|
||||
return &this->chain_;
|
||||
}
|
||||
|
||||
mbedtls_pk_context &TLSPrivateKeyPairImpl::GetInternal()
|
||||
{
|
||||
return this->privateKey_;
|
||||
}
|
||||
|
||||
AUKN_SYM AuSPtr<ITLSPrivateKeyPair> ImportPrivateKeyPair(const TLSPrivateKeyPair &keyPair)
|
||||
{
|
||||
int iRet {};
|
||||
auto pPrivateKey = AuMakeShared<TLSPrivateKeyPairImpl>();
|
||||
if (!pPrivateKey)
|
||||
{
|
||||
SysPushErrorMemory();
|
||||
return {};
|
||||
}
|
||||
|
||||
if (!pPrivateKey->ToChain()->Init(keyPair.certificateChain))
|
||||
{
|
||||
// Not going to bother with a nested push
|
||||
return {};
|
||||
}
|
||||
|
||||
iRet = ::mbedtls_pk_parse_key(&pPrivateKey->GetInternal(),
|
||||
(const unsigned char *)keyPair.privateKey.readPtr,
|
||||
keyPair.privateKey.RemainingBytes(),
|
||||
keyPair.sPassword.size() ? (const unsigned char *)keyPair.sPassword.c_str() : nullptr,
|
||||
keyPair.sPassword.size(),
|
||||
gEntropy,
|
||||
&gCtrDrbg);
|
||||
if (iRet != 0)
|
||||
{
|
||||
SysPushErrorCrypto("Invalid Private Key: {} ({})", TLSErrorToString(iRet), iRet);
|
||||
return {};
|
||||
}
|
||||
|
||||
return pPrivateKey;
|
||||
}
|
||||
}
|
28
Source/IO/TLS/TLSPrivateKeyPair.hpp
Normal file
28
Source/IO/TLS/TLSPrivateKeyPair.hpp
Normal file
@ -0,0 +1,28 @@
|
||||
/***
|
||||
Copyright (C) 2022 J Reece Wilson (a/k/a "Reece"). All rights reserved.
|
||||
|
||||
File: TLSPrivateKeyPair.hpp
|
||||
Date: 2022-8-27
|
||||
Author: Reece
|
||||
***/
|
||||
#pragma once
|
||||
|
||||
#include "TLSCertificateChain.hpp"
|
||||
|
||||
namespace Aurora::IO::TLS
|
||||
{
|
||||
struct TLSPrivateKeyPairImpl : ITLSPrivateKeyPair, AuEnableSharedFromThis<TLSPrivateKeyPairImpl>
|
||||
{
|
||||
TLSPrivateKeyPairImpl();
|
||||
~TLSPrivateKeyPairImpl();
|
||||
|
||||
virtual AuSPtr<ICertificateChain> GetChain() override;
|
||||
|
||||
CertificateChain *ToChain();
|
||||
mbedtls_pk_context &GetInternal();
|
||||
|
||||
private:
|
||||
CertificateChain chain_;
|
||||
mbedtls_pk_context privateKey_;
|
||||
};
|
||||
}
|
@ -194,7 +194,7 @@ namespace Aurora::IO::TLS
|
||||
return this->bHasRead;
|
||||
}
|
||||
|
||||
bool TLSProtocolRecv::HasCompletedHandshake()
|
||||
bool &TLSProtocolRecv::HasCompletedHandshake()
|
||||
{
|
||||
return this->bHasCompletedHandshake_;
|
||||
}
|
||||
|
@ -28,7 +28,7 @@ namespace Aurora::IO::TLS
|
||||
AuUInt32 uBytesReadAvail {};
|
||||
AuWPtr<Memory::ByteBuffer> pReadInByteBuffer;
|
||||
|
||||
bool HasCompletedHandshake();
|
||||
bool &HasCompletedHandshake();
|
||||
|
||||
private:
|
||||
TLSContext *pParent_;
|
||||
|
Loading…
Reference in New Issue
Block a user