[pcsx_rearmed.git] / deps / libretro-common / net / net_socket_ssl_mbed.c

/* Copyright  (C) 2010-2020 The RetroArch team
 *
 * ---------------------------------------------------------------------------------------
 * The following license statement only applies to this file (net_socket.c).
 * ---------------------------------------------------------------------------------------
 *
 * Permission is hereby granted, free of charge,
 * to any person obtaining a copy of this software and associated documentation files (the "Software"),
 * to deal in the Software without restriction, including without limitation the rights to
 * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software,
 * and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
 * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
 * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 */

#include <string.h>
#include <net/net_compat.h>
#include <net/net_socket.h>
#include <net/net_socket_ssl.h>

#if defined(HAVE_BUILTINMBEDTLS)
#include "../../deps/mbedtls/mbedtls/config.h"
#include "../../deps/mbedtls/mbedtls/certs.h"
#include "../../deps/mbedtls/mbedtls/debug.h"
#include "../../deps/mbedtls/mbedtls/platform.h"
#include "../../deps/mbedtls/mbedtls/net_sockets.h"
#include "../../deps/mbedtls/mbedtls/ssl.h"
#include "../../deps/mbedtls/mbedtls/ctr_drbg.h"
#include "../../deps/mbedtls/mbedtls/entropy.h"
#else
#include <mbedtls/config.h>
#include <mbedtls/certs.h>
#include <mbedtls/debug.h>
#include <mbedtls/platform.h>
#include <mbedtls/net_sockets.h>
#include <mbedtls/ssl.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/entropy.h>
#endif

/* Not part of the mbedtls upstream source */
#include "../../deps/mbedtls/cacert.h"

#define DEBUG_LEVEL 0

struct ssl_state
{
   mbedtls_net_context net_ctx;
   mbedtls_ssl_context ctx;
   mbedtls_entropy_context entropy;
   mbedtls_ctr_drbg_context ctr_drbg;
   mbedtls_ssl_config conf;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
   mbedtls_x509_crt ca;
#endif
  const char *domain;
};

static void ssl_debug(void *ctx, int level,
      const char *file, int line,
      const char *str)
{
   fprintf((FILE*)ctx, "%s:%04d: %s", file, line, str);
   fflush((FILE*)ctx);
}

void* ssl_socket_init(int fd, const char *domain)
{
   static const char *pers = "libretro";
   struct ssl_state *state = (struct ssl_state*)calloc(1, sizeof(*state));

   state->domain           = domain;

#if defined(MBEDTLS_DEBUG_C)
   mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif

   mbedtls_net_init(&state->net_ctx);
   mbedtls_ssl_init(&state->ctx);
   mbedtls_ssl_config_init(&state->conf);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
   mbedtls_x509_crt_init(&state->ca);
#endif
   mbedtls_ctr_drbg_init(&state->ctr_drbg);
   mbedtls_entropy_init(&state->entropy);

   state->net_ctx.fd = fd;

   if (mbedtls_ctr_drbg_seed(&state->ctr_drbg, mbedtls_entropy_func, &state->entropy, (const unsigned char*)pers, strlen(pers)) != 0)
      goto error;

#if defined(MBEDTLS_X509_CRT_PARSE_C)
   if (mbedtls_x509_crt_parse(&state->ca, (const unsigned char*)cacert_pem, sizeof(cacert_pem) / sizeof(cacert_pem[0])) < 0)
      goto error;
#endif

   return state;

error:
   if (state)
      free(state);
   return NULL;
}

int ssl_socket_connect(void *state_data,
      void *data, bool timeout_enable, bool nonblock)
{
   int ret, flags;
   struct ssl_state *state = (struct ssl_state*)state_data;

   if (timeout_enable)
   {
      if (!socket_connect_with_timeout(state->net_ctx.fd, data, 5000))
         return -1;
      /* socket_connect_with_timeout makes the socket non-blocking. */
      if (!socket_set_block(state->net_ctx.fd, true))
         return -1;
   }
   else
   {
      if (socket_connect(state->net_ctx.fd, data))
         return -1;
   }

   if (mbedtls_ssl_config_defaults(&state->conf,
               MBEDTLS_SSL_IS_CLIENT,
               MBEDTLS_SSL_TRANSPORT_STREAM,
               MBEDTLS_SSL_PRESET_DEFAULT) != 0)
      return -1;

   mbedtls_ssl_conf_authmode(&state->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
   mbedtls_ssl_conf_ca_chain(&state->conf, &state->ca, NULL);
   mbedtls_ssl_conf_rng(&state->conf, mbedtls_ctr_drbg_random, &state->ctr_drbg);
   mbedtls_ssl_conf_dbg(&state->conf, ssl_debug, stderr);

   if (mbedtls_ssl_setup(&state->ctx, &state->conf) != 0)
      return -1;

#if defined(MBEDTLS_X509_CRT_PARSE_C)
   if (mbedtls_ssl_set_hostname(&state->ctx, state->domain) != 0)
      return -1;
#endif

   mbedtls_ssl_set_bio(&state->ctx, &state->net_ctx, mbedtls_net_send, mbedtls_net_recv, NULL);

   while ((ret = mbedtls_ssl_handshake(&state->ctx)) != 0)
   {
      if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE)
         return -1;
   }

   if ((flags = mbedtls_ssl_get_verify_result(&state->ctx)) != 0)
   {
      char vrfy_buf[512];
      mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), "  ! ", flags);
   }

   return state->net_ctx.fd;
}

ssize_t ssl_socket_receive_all_nonblocking(void *state_data,
      bool *error, void *data_, size_t size)
{
   ssize_t         ret;
   struct ssl_state *state = (struct ssl_state*)state_data;
   const uint8_t     *data = (const uint8_t*)data_;
   /* mbedtls_ssl_read wants non-const data but it only reads it, so this cast is safe */

   mbedtls_net_set_nonblock(&state->net_ctx);

   ret = mbedtls_ssl_read(&state->ctx, (unsigned char*)data, size);

   if (ret > 0)
      return ret;

   if (ret == 0)
   {
      /* Socket closed */
      *error = true;
      return -1;
   }

   if (isagain((int)ret) || ret == MBEDTLS_ERR_SSL_WANT_READ)
      return 0;

   *error = true;
   return -1;
}

int ssl_socket_receive_all_blocking(void *state_data,
      void *data_, size_t size)
{
   struct ssl_state *state = (struct ssl_state*)state_data;
   const uint8_t     *data = (const uint8_t*)data_;

   mbedtls_net_set_block(&state->net_ctx);

   for (;;)
   {
      /* mbedtls_ssl_read wants non-const data but it only reads it, 
       * so this cast is safe */
      int ret = mbedtls_ssl_read(&state->ctx, (unsigned char*)data, size);

      if (  ret == MBEDTLS_ERR_SSL_WANT_READ || 
            ret == MBEDTLS_ERR_SSL_WANT_WRITE)
         continue;

      if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY)
         break;

      if (ret == 0)
         break; /* normal EOF */

      if (ret < 0)
         return -1;
   }

   return 1;
}

int ssl_socket_send_all_blocking(void *state_data,
      const void *data_, size_t size, bool no_signal)
{
   int ret;
   struct ssl_state *state = (struct ssl_state*)state_data;
   const     uint8_t *data = (const uint8_t*)data_;

   mbedtls_net_set_block(&state->net_ctx);

   while ((ret = mbedtls_ssl_write(&state->ctx, data, size)) <= 0)
   {
      if (  ret != MBEDTLS_ERR_SSL_WANT_READ && 
            ret != MBEDTLS_ERR_SSL_WANT_WRITE)
         return false;
   }

   return true;
}

ssize_t ssl_socket_send_all_nonblocking(void *state_data,
      const void *data_, size_t size, bool no_signal)
{
   int ret;
   ssize_t            sent = size;
   struct ssl_state *state = (struct ssl_state*)state_data;
   const uint8_t     *data = (const uint8_t*)data_;

   mbedtls_net_set_nonblock(&state->net_ctx);

   ret = mbedtls_ssl_write(&state->ctx, data, size);

   if (ret <= 0)
      return -1;

   return sent;
}

void ssl_socket_close(void *state_data)
{
   struct ssl_state *state = (struct ssl_state*)state_data;

   mbedtls_ssl_close_notify(&state->ctx);

   socket_close(state->net_ctx.fd);
}

void ssl_socket_free(void *state_data)
{
   struct ssl_state *state = (struct ssl_state*)state_data;

   if (!state)
      return;

   mbedtls_ssl_free(&state->ctx);
   mbedtls_ssl_config_free(&state->conf);
   mbedtls_ctr_drbg_free(&state->ctr_drbg);
   mbedtls_entropy_free(&state->entropy);
#if defined(MBEDTLS_X509_CRT_PARSE_C)
   mbedtls_x509_crt_free(&state->ca);
#endif

   free(state);
}
Commit	Line	Data
3719602c PC	1	/* Copyright (C) 2010-2020 The RetroArch team
	2	*
	3	* ---------------------------------------------------------------------------------------
	4	* The following license statement only applies to this file (net_socket.c).
	5	* ---------------------------------------------------------------------------------------
	6	*
	7	* Permission is hereby granted, free of charge,
	8	* to any person obtaining a copy of this software and associated documentation files (the "Software"),
	9	* to deal in the Software without restriction, including without limitation the rights to
	10	* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software,
	11	* and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
	12	*
	13	* The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
	14	*
	15	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
	16	* INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
	18	* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
	19	* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	20	* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
	21	*/
	22
	23	#include <string.h>
	24	#include <net/net_compat.h>
	25	#include <net/net_socket.h>
	26	#include <net/net_socket_ssl.h>
	27
	28	#if defined(HAVE_BUILTINMBEDTLS)
	29	#include "../../deps/mbedtls/mbedtls/config.h"
	30	#include "../../deps/mbedtls/mbedtls/certs.h"
	31	#include "../../deps/mbedtls/mbedtls/debug.h"
	32	#include "../../deps/mbedtls/mbedtls/platform.h"
	33	#include "../../deps/mbedtls/mbedtls/net_sockets.h"
	34	#include "../../deps/mbedtls/mbedtls/ssl.h"
	35	#include "../../deps/mbedtls/mbedtls/ctr_drbg.h"
	36	#include "../../deps/mbedtls/mbedtls/entropy.h"
	37	#else
	38	#include <mbedtls/config.h>
	39	#include <mbedtls/certs.h>
	40	#include <mbedtls/debug.h>
	41	#include <mbedtls/platform.h>
	42	#include <mbedtls/net_sockets.h>
	43	#include <mbedtls/ssl.h>
	44	#include <mbedtls/ctr_drbg.h>
	45	#include <mbedtls/entropy.h>
	46	#endif
	47
	48	/* Not part of the mbedtls upstream source */
	49	#include "../../deps/mbedtls/cacert.h"
	50
	51	#define DEBUG_LEVEL 0
	52
	53	struct ssl_state
	54	{
	55	mbedtls_net_context net_ctx;
	56	mbedtls_ssl_context ctx;
	57	mbedtls_entropy_context entropy;
	58	mbedtls_ctr_drbg_context ctr_drbg;
	59	mbedtls_ssl_config conf;
	60	#if defined(MBEDTLS_X509_CRT_PARSE_C)
	61	mbedtls_x509_crt ca;
	62	#endif
	63	const char *domain;
	64	};
65
66	static void ssl_debug(void *ctx, int level,
67	const char *file, int line,
68	const char *str)
69	{
70	fprintf((FILE*)ctx, "%s:%04d: %s", file, line, str);
71	fflush((FILE*)ctx);
72	}
73
74	void* ssl_socket_init(int fd, const char *domain)
75	{
76	static const char *pers = "libretro";
77	struct ssl_state state = (struct ssl_state)calloc(1, sizeof(*state));
78
79	state->domain = domain;
80
81	#if defined(MBEDTLS_DEBUG_C)
82	mbedtls_debug_set_threshold(DEBUG_LEVEL);
83	#endif
84
85	mbedtls_net_init(&state->net_ctx);
86	mbedtls_ssl_init(&state->ctx);
87	mbedtls_ssl_config_init(&state->conf);
88	#if defined(MBEDTLS_X509_CRT_PARSE_C)
89	mbedtls_x509_crt_init(&state->ca);
90	#endif
91	mbedtls_ctr_drbg_init(&state->ctr_drbg);
92	mbedtls_entropy_init(&state->entropy);
93
94	state->net_ctx.fd = fd;
95
96	if (mbedtls_ctr_drbg_seed(&state->ctr_drbg, mbedtls_entropy_func, &state->entropy, (const unsigned char*)pers, strlen(pers)) != 0)
97	goto error;
98
99	#if defined(MBEDTLS_X509_CRT_PARSE_C)
100	if (mbedtls_x509_crt_parse(&state->ca, (const unsigned char*)cacert_pem, sizeof(cacert_pem) / sizeof(cacert_pem[0])) < 0)
101	goto error;
102	#endif
103
104	return state;
105
106	error:
107	if (state)
108	free(state);
109	return NULL;
110	}
111
112	int ssl_socket_connect(void *state_data,
113	void *data, bool timeout_enable, bool nonblock)
114	{
115	int ret, flags;
116	struct ssl_state state = (struct ssl_state)state_data;
117
118	if (timeout_enable)
119	{
120	if (!socket_connect_with_timeout(state->net_ctx.fd, data, 5000))
121	return -1;
122	/* socket_connect_with_timeout makes the socket non-blocking. */
123	if (!socket_set_block(state->net_ctx.fd, true))
124	return -1;
125	}
126	else
127	{
128	if (socket_connect(state->net_ctx.fd, data))
129	return -1;
130	}
131
132	if (mbedtls_ssl_config_defaults(&state->conf,
133	MBEDTLS_SSL_IS_CLIENT,
134	MBEDTLS_SSL_TRANSPORT_STREAM,
135	MBEDTLS_SSL_PRESET_DEFAULT) != 0)
136	return -1;
137
138	mbedtls_ssl_conf_authmode(&state->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
139	mbedtls_ssl_conf_ca_chain(&state->conf, &state->ca, NULL);
140	mbedtls_ssl_conf_rng(&state->conf, mbedtls_ctr_drbg_random, &state->ctr_drbg);
141	mbedtls_ssl_conf_dbg(&state->conf, ssl_debug, stderr);
142
143	if (mbedtls_ssl_setup(&state->ctx, &state->conf) != 0)
144	return -1;
145
146	#if defined(MBEDTLS_X509_CRT_PARSE_C)
147	if (mbedtls_ssl_set_hostname(&state->ctx, state->domain) != 0)
148	return -1;
149	#endif
150
151	mbedtls_ssl_set_bio(&state->ctx, &state->net_ctx, mbedtls_net_send, mbedtls_net_recv, NULL);
152
153	while ((ret = mbedtls_ssl_handshake(&state->ctx)) != 0)
154	{
155	if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE)
156	return -1;
157	}
158
159	if ((flags = mbedtls_ssl_get_verify_result(&state->ctx)) != 0)
160	{
161	char vrfy_buf[512];
162	mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
163	}
164
165	return state->net_ctx.fd;
166	}
167
168	ssize_t ssl_socket_receive_all_nonblocking(void *state_data,
169	bool error, void data_, size_t size)
170	{
171	ssize_t ret;
172	struct ssl_state state = (struct ssl_state)state_data;
173	const uint8_t data = (const uint8_t)data_;
174	/* mbedtls_ssl_read wants non-const data but it only reads it, so this cast is safe */
175
176	mbedtls_net_set_nonblock(&state->net_ctx);
177
178	ret = mbedtls_ssl_read(&state->ctx, (unsigned char*)data, size);
179
180	if (ret > 0)
181	return ret;
182
183	if (ret == 0)
184	{
185	/* Socket closed */
186	*error = true;
187	return -1;
188	}
189
190	if (isagain((int)ret) \|\| ret == MBEDTLS_ERR_SSL_WANT_READ)
191	return 0;
192
193	*error = true;
194	return -1;
195	}
196
197	int ssl_socket_receive_all_blocking(void *state_data,
198	void *data_, size_t size)
199	{
200	struct ssl_state state = (struct ssl_state)state_data;
201	const uint8_t data = (const uint8_t)data_;
202
203	mbedtls_net_set_block(&state->net_ctx);
204
205	for (;;)
206	{
207	/* mbedtls_ssl_read wants non-const data but it only reads it,
208	* so this cast is safe */
209	int ret = mbedtls_ssl_read(&state->ctx, (unsigned char*)data, size);
210
211	if ( ret == MBEDTLS_ERR_SSL_WANT_READ \|\|
212	ret == MBEDTLS_ERR_SSL_WANT_WRITE)
213	continue;
214
215	if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY)
216	break;
217
218	if (ret == 0)
219	break; /* normal EOF */
220
221	if (ret < 0)
222	return -1;
223	}
224
225	return 1;
226	}
227
228	int ssl_socket_send_all_blocking(void *state_data,
229	const void *data_, size_t size, bool no_signal)
230	{
231	int ret;
232	struct ssl_state state = (struct ssl_state)state_data;
233	const uint8_t data = (const uint8_t)data_;
234
235	mbedtls_net_set_block(&state->net_ctx);
236
237	while ((ret = mbedtls_ssl_write(&state->ctx, data, size)) <= 0)
238	{
239	if ( ret != MBEDTLS_ERR_SSL_WANT_READ &&
240	ret != MBEDTLS_ERR_SSL_WANT_WRITE)
241	return false;
242	}
243
244	return true;
245	}
246
247	ssize_t ssl_socket_send_all_nonblocking(void *state_data,
248	const void *data_, size_t size, bool no_signal)
249	{
250	int ret;
251	ssize_t sent = size;
252	struct ssl_state state = (struct ssl_state)state_data;
253	const uint8_t data = (const uint8_t)data_;
254
255	mbedtls_net_set_nonblock(&state->net_ctx);
256
257	ret = mbedtls_ssl_write(&state->ctx, data, size);
258
259	if (ret <= 0)
260	return -1;
261
262	return sent;
263	}
264
265	void ssl_socket_close(void *state_data)
266	{
267	struct ssl_state state = (struct ssl_state)state_data;
268
269	mbedtls_ssl_close_notify(&state->ctx);
270
271	socket_close(state->net_ctx.fd);
272	}
273
274	void ssl_socket_free(void *state_data)
275	{
276	struct ssl_state state = (struct ssl_state)state_data;
277
278	if (!state)
279	return;
280
281	mbedtls_ssl_free(&state->ctx);
282	mbedtls_ssl_config_free(&state->conf);
283	mbedtls_ctr_drbg_free(&state->ctr_drbg);
284	mbedtls_entropy_free(&state->entropy);
285	#if defined(MBEDTLS_X509_CRT_PARSE_C)
286	mbedtls_x509_crt_free(&state->ca);
287	#endif
288
289	free(state);
290	}