Commit | Line | Data |
---|---|---|
3719602c PC |
1 | /* Copyright (C) 2010-2020 The RetroArch team |
2 | * | |
3 | * --------------------------------------------------------------------------------------- | |
4 | * The following license statement only applies to this file (net_socket.c). | |
5 | * --------------------------------------------------------------------------------------- | |
6 | * | |
7 | * Permission is hereby granted, free of charge, | |
8 | * to any person obtaining a copy of this software and associated documentation files (the "Software"), | |
9 | * to deal in the Software without restriction, including without limitation the rights to | |
10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, | |
11 | * and to permit persons to whom the Software is furnished to do so, subject to the following conditions: | |
12 | * | |
13 | * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. | |
14 | * | |
15 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, | |
16 | * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
17 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. | |
18 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, | |
19 | * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
20 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | |
21 | */ | |
22 | ||
23 | #include <string.h> | |
24 | #include <net/net_compat.h> | |
25 | #include <net/net_socket.h> | |
26 | #include <net/net_socket_ssl.h> | |
27 | ||
28 | #if defined(HAVE_BUILTINMBEDTLS) | |
29 | #include "../../deps/mbedtls/mbedtls/config.h" | |
30 | #include "../../deps/mbedtls/mbedtls/certs.h" | |
31 | #include "../../deps/mbedtls/mbedtls/debug.h" | |
32 | #include "../../deps/mbedtls/mbedtls/platform.h" | |
33 | #include "../../deps/mbedtls/mbedtls/net_sockets.h" | |
34 | #include "../../deps/mbedtls/mbedtls/ssl.h" | |
35 | #include "../../deps/mbedtls/mbedtls/ctr_drbg.h" | |
36 | #include "../../deps/mbedtls/mbedtls/entropy.h" | |
37 | #else | |
38 | #include <mbedtls/config.h> | |
39 | #include <mbedtls/certs.h> | |
40 | #include <mbedtls/debug.h> | |
41 | #include <mbedtls/platform.h> | |
42 | #include <mbedtls/net_sockets.h> | |
43 | #include <mbedtls/ssl.h> | |
44 | #include <mbedtls/ctr_drbg.h> | |
45 | #include <mbedtls/entropy.h> | |
46 | #endif | |
47 | ||
48 | /* Not part of the mbedtls upstream source */ | |
49 | #include "../../deps/mbedtls/cacert.h" | |
50 | ||
51 | #define DEBUG_LEVEL 0 | |
52 | ||
53 | struct ssl_state | |
54 | { | |
55 | mbedtls_net_context net_ctx; | |
56 | mbedtls_ssl_context ctx; | |
57 | mbedtls_entropy_context entropy; | |
58 | mbedtls_ctr_drbg_context ctr_drbg; | |
59 | mbedtls_ssl_config conf; | |
60 | #if defined(MBEDTLS_X509_CRT_PARSE_C) | |
61 | mbedtls_x509_crt ca; | |
62 | #endif | |
63 | const char *domain; | |
64 | }; | |
65 | ||
66 | static void ssl_debug(void *ctx, int level, | |
67 | const char *file, int line, | |
68 | const char *str) | |
69 | { | |
70 | fprintf((FILE*)ctx, "%s:%04d: %s", file, line, str); | |
71 | fflush((FILE*)ctx); | |
72 | } | |
73 | ||
74 | void* ssl_socket_init(int fd, const char *domain) | |
75 | { | |
76 | static const char *pers = "libretro"; | |
77 | struct ssl_state *state = (struct ssl_state*)calloc(1, sizeof(*state)); | |
78 | ||
79 | state->domain = domain; | |
80 | ||
81 | #if defined(MBEDTLS_DEBUG_C) | |
82 | mbedtls_debug_set_threshold(DEBUG_LEVEL); | |
83 | #endif | |
84 | ||
85 | mbedtls_net_init(&state->net_ctx); | |
86 | mbedtls_ssl_init(&state->ctx); | |
87 | mbedtls_ssl_config_init(&state->conf); | |
88 | #if defined(MBEDTLS_X509_CRT_PARSE_C) | |
89 | mbedtls_x509_crt_init(&state->ca); | |
90 | #endif | |
91 | mbedtls_ctr_drbg_init(&state->ctr_drbg); | |
92 | mbedtls_entropy_init(&state->entropy); | |
93 | ||
94 | state->net_ctx.fd = fd; | |
95 | ||
96 | if (mbedtls_ctr_drbg_seed(&state->ctr_drbg, mbedtls_entropy_func, &state->entropy, (const unsigned char*)pers, strlen(pers)) != 0) | |
97 | goto error; | |
98 | ||
99 | #if defined(MBEDTLS_X509_CRT_PARSE_C) | |
100 | if (mbedtls_x509_crt_parse(&state->ca, (const unsigned char*)cacert_pem, sizeof(cacert_pem) / sizeof(cacert_pem[0])) < 0) | |
101 | goto error; | |
102 | #endif | |
103 | ||
104 | return state; | |
105 | ||
106 | error: | |
107 | if (state) | |
108 | free(state); | |
109 | return NULL; | |
110 | } | |
111 | ||
112 | int ssl_socket_connect(void *state_data, | |
113 | void *data, bool timeout_enable, bool nonblock) | |
114 | { | |
115 | int ret, flags; | |
116 | struct ssl_state *state = (struct ssl_state*)state_data; | |
117 | ||
118 | if (timeout_enable) | |
119 | { | |
120 | if (!socket_connect_with_timeout(state->net_ctx.fd, data, 5000)) | |
121 | return -1; | |
122 | /* socket_connect_with_timeout makes the socket non-blocking. */ | |
123 | if (!socket_set_block(state->net_ctx.fd, true)) | |
124 | return -1; | |
125 | } | |
126 | else | |
127 | { | |
128 | if (socket_connect(state->net_ctx.fd, data)) | |
129 | return -1; | |
130 | } | |
131 | ||
132 | if (mbedtls_ssl_config_defaults(&state->conf, | |
133 | MBEDTLS_SSL_IS_CLIENT, | |
134 | MBEDTLS_SSL_TRANSPORT_STREAM, | |
135 | MBEDTLS_SSL_PRESET_DEFAULT) != 0) | |
136 | return -1; | |
137 | ||
138 | mbedtls_ssl_conf_authmode(&state->conf, MBEDTLS_SSL_VERIFY_OPTIONAL); | |
139 | mbedtls_ssl_conf_ca_chain(&state->conf, &state->ca, NULL); | |
140 | mbedtls_ssl_conf_rng(&state->conf, mbedtls_ctr_drbg_random, &state->ctr_drbg); | |
141 | mbedtls_ssl_conf_dbg(&state->conf, ssl_debug, stderr); | |
142 | ||
143 | if (mbedtls_ssl_setup(&state->ctx, &state->conf) != 0) | |
144 | return -1; | |
145 | ||
146 | #if defined(MBEDTLS_X509_CRT_PARSE_C) | |
147 | if (mbedtls_ssl_set_hostname(&state->ctx, state->domain) != 0) | |
148 | return -1; | |
149 | #endif | |
150 | ||
151 | mbedtls_ssl_set_bio(&state->ctx, &state->net_ctx, mbedtls_net_send, mbedtls_net_recv, NULL); | |
152 | ||
153 | while ((ret = mbedtls_ssl_handshake(&state->ctx)) != 0) | |
154 | { | |
155 | if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) | |
156 | return -1; | |
157 | } | |
158 | ||
159 | if ((flags = mbedtls_ssl_get_verify_result(&state->ctx)) != 0) | |
160 | { | |
161 | char vrfy_buf[512]; | |
162 | mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); | |
163 | } | |
164 | ||
165 | return state->net_ctx.fd; | |
166 | } | |
167 | ||
168 | ssize_t ssl_socket_receive_all_nonblocking(void *state_data, | |
169 | bool *error, void *data_, size_t size) | |
170 | { | |
171 | ssize_t ret; | |
172 | struct ssl_state *state = (struct ssl_state*)state_data; | |
173 | const uint8_t *data = (const uint8_t*)data_; | |
174 | /* mbedtls_ssl_read wants non-const data but it only reads it, so this cast is safe */ | |
175 | ||
176 | mbedtls_net_set_nonblock(&state->net_ctx); | |
177 | ||
178 | ret = mbedtls_ssl_read(&state->ctx, (unsigned char*)data, size); | |
179 | ||
180 | if (ret > 0) | |
181 | return ret; | |
182 | ||
183 | if (ret == 0) | |
184 | { | |
185 | /* Socket closed */ | |
186 | *error = true; | |
187 | return -1; | |
188 | } | |
189 | ||
190 | if (isagain((int)ret) || ret == MBEDTLS_ERR_SSL_WANT_READ) | |
191 | return 0; | |
192 | ||
193 | *error = true; | |
194 | return -1; | |
195 | } | |
196 | ||
197 | int ssl_socket_receive_all_blocking(void *state_data, | |
198 | void *data_, size_t size) | |
199 | { | |
200 | struct ssl_state *state = (struct ssl_state*)state_data; | |
201 | const uint8_t *data = (const uint8_t*)data_; | |
202 | ||
203 | mbedtls_net_set_block(&state->net_ctx); | |
204 | ||
205 | for (;;) | |
206 | { | |
207 | /* mbedtls_ssl_read wants non-const data but it only reads it, | |
208 | * so this cast is safe */ | |
209 | int ret = mbedtls_ssl_read(&state->ctx, (unsigned char*)data, size); | |
210 | ||
211 | if ( ret == MBEDTLS_ERR_SSL_WANT_READ || | |
212 | ret == MBEDTLS_ERR_SSL_WANT_WRITE) | |
213 | continue; | |
214 | ||
215 | if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) | |
216 | break; | |
217 | ||
218 | if (ret == 0) | |
219 | break; /* normal EOF */ | |
220 | ||
221 | if (ret < 0) | |
222 | return -1; | |
223 | } | |
224 | ||
225 | return 1; | |
226 | } | |
227 | ||
228 | int ssl_socket_send_all_blocking(void *state_data, | |
229 | const void *data_, size_t size, bool no_signal) | |
230 | { | |
231 | int ret; | |
232 | struct ssl_state *state = (struct ssl_state*)state_data; | |
233 | const uint8_t *data = (const uint8_t*)data_; | |
234 | ||
235 | mbedtls_net_set_block(&state->net_ctx); | |
236 | ||
237 | while ((ret = mbedtls_ssl_write(&state->ctx, data, size)) <= 0) | |
238 | { | |
239 | if ( ret != MBEDTLS_ERR_SSL_WANT_READ && | |
240 | ret != MBEDTLS_ERR_SSL_WANT_WRITE) | |
241 | return false; | |
242 | } | |
243 | ||
244 | return true; | |
245 | } | |
246 | ||
247 | ssize_t ssl_socket_send_all_nonblocking(void *state_data, | |
248 | const void *data_, size_t size, bool no_signal) | |
249 | { | |
250 | int ret; | |
251 | ssize_t sent = size; | |
252 | struct ssl_state *state = (struct ssl_state*)state_data; | |
253 | const uint8_t *data = (const uint8_t*)data_; | |
254 | ||
255 | mbedtls_net_set_nonblock(&state->net_ctx); | |
256 | ||
257 | ret = mbedtls_ssl_write(&state->ctx, data, size); | |
258 | ||
259 | if (ret <= 0) | |
260 | return -1; | |
261 | ||
262 | return sent; | |
263 | } | |
264 | ||
265 | void ssl_socket_close(void *state_data) | |
266 | { | |
267 | struct ssl_state *state = (struct ssl_state*)state_data; | |
268 | ||
269 | mbedtls_ssl_close_notify(&state->ctx); | |
270 | ||
271 | socket_close(state->net_ctx.fd); | |
272 | } | |
273 | ||
274 | void ssl_socket_free(void *state_data) | |
275 | { | |
276 | struct ssl_state *state = (struct ssl_state*)state_data; | |
277 | ||
278 | if (!state) | |
279 | return; | |
280 | ||
281 | mbedtls_ssl_free(&state->ctx); | |
282 | mbedtls_ssl_config_free(&state->conf); | |
283 | mbedtls_ctr_drbg_free(&state->ctr_drbg); | |
284 | mbedtls_entropy_free(&state->entropy); | |
285 | #if defined(MBEDTLS_X509_CRT_PARSE_C) | |
286 | mbedtls_x509_crt_free(&state->ca); | |
287 | #endif | |
288 | ||
289 | free(state); | |
290 | } |