| 1 | /* Copyright (C) 2010-2020 The RetroArch team |
| 2 | * |
| 3 | * --------------------------------------------------------------------------------------- |
| 4 | * The following license statement only applies to this file (net_socket.c). |
| 5 | * --------------------------------------------------------------------------------------- |
| 6 | * |
| 7 | * Permission is hereby granted, free of charge, |
| 8 | * to any person obtaining a copy of this software and associated documentation files (the "Software"), |
| 9 | * to deal in the Software without restriction, including without limitation the rights to |
| 10 | * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, |
| 11 | * and to permit persons to whom the Software is furnished to do so, subject to the following conditions: |
| 12 | * |
| 13 | * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. |
| 14 | * |
| 15 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, |
| 16 | * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
| 17 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
| 18 | * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, |
| 19 | * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
| 20 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
| 21 | */ |
| 22 | |
| 23 | #include <string.h> |
| 24 | #include <net/net_compat.h> |
| 25 | #include <net/net_socket.h> |
| 26 | #include <net/net_socket_ssl.h> |
| 27 | |
| 28 | #if defined(HAVE_BUILTINMBEDTLS) |
| 29 | #include "../../deps/mbedtls/mbedtls/config.h" |
| 30 | #include "../../deps/mbedtls/mbedtls/certs.h" |
| 31 | #include "../../deps/mbedtls/mbedtls/debug.h" |
| 32 | #include "../../deps/mbedtls/mbedtls/platform.h" |
| 33 | #include "../../deps/mbedtls/mbedtls/net_sockets.h" |
| 34 | #include "../../deps/mbedtls/mbedtls/ssl.h" |
| 35 | #include "../../deps/mbedtls/mbedtls/ctr_drbg.h" |
| 36 | #include "../../deps/mbedtls/mbedtls/entropy.h" |
| 37 | #else |
| 38 | #include <mbedtls/config.h> |
| 39 | #include <mbedtls/certs.h> |
| 40 | #include <mbedtls/debug.h> |
| 41 | #include <mbedtls/platform.h> |
| 42 | #include <mbedtls/net_sockets.h> |
| 43 | #include <mbedtls/ssl.h> |
| 44 | #include <mbedtls/ctr_drbg.h> |
| 45 | #include <mbedtls/entropy.h> |
| 46 | #endif |
| 47 | |
| 48 | /* Not part of the mbedtls upstream source */ |
| 49 | #include "../../deps/mbedtls/cacert.h" |
| 50 | |
| 51 | #define DEBUG_LEVEL 0 |
| 52 | |
| 53 | struct ssl_state |
| 54 | { |
| 55 | mbedtls_net_context net_ctx; |
| 56 | mbedtls_ssl_context ctx; |
| 57 | mbedtls_entropy_context entropy; |
| 58 | mbedtls_ctr_drbg_context ctr_drbg; |
| 59 | mbedtls_ssl_config conf; |
| 60 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| 61 | mbedtls_x509_crt ca; |
| 62 | #endif |
| 63 | const char *domain; |
| 64 | }; |
| 65 | |
| 66 | static void ssl_debug(void *ctx, int level, |
| 67 | const char *file, int line, |
| 68 | const char *str) |
| 69 | { |
| 70 | fprintf((FILE*)ctx, "%s:%04d: %s", file, line, str); |
| 71 | fflush((FILE*)ctx); |
| 72 | } |
| 73 | |
| 74 | void* ssl_socket_init(int fd, const char *domain) |
| 75 | { |
| 76 | static const char *pers = "libretro"; |
| 77 | struct ssl_state *state = (struct ssl_state*)calloc(1, sizeof(*state)); |
| 78 | |
| 79 | state->domain = domain; |
| 80 | |
| 81 | #if defined(MBEDTLS_DEBUG_C) |
| 82 | mbedtls_debug_set_threshold(DEBUG_LEVEL); |
| 83 | #endif |
| 84 | |
| 85 | mbedtls_net_init(&state->net_ctx); |
| 86 | mbedtls_ssl_init(&state->ctx); |
| 87 | mbedtls_ssl_config_init(&state->conf); |
| 88 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| 89 | mbedtls_x509_crt_init(&state->ca); |
| 90 | #endif |
| 91 | mbedtls_ctr_drbg_init(&state->ctr_drbg); |
| 92 | mbedtls_entropy_init(&state->entropy); |
| 93 | |
| 94 | state->net_ctx.fd = fd; |
| 95 | |
| 96 | if (mbedtls_ctr_drbg_seed(&state->ctr_drbg, mbedtls_entropy_func, &state->entropy, (const unsigned char*)pers, strlen(pers)) != 0) |
| 97 | goto error; |
| 98 | |
| 99 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| 100 | if (mbedtls_x509_crt_parse(&state->ca, (const unsigned char*)cacert_pem, sizeof(cacert_pem) / sizeof(cacert_pem[0])) < 0) |
| 101 | goto error; |
| 102 | #endif |
| 103 | |
| 104 | return state; |
| 105 | |
| 106 | error: |
| 107 | if (state) |
| 108 | free(state); |
| 109 | return NULL; |
| 110 | } |
| 111 | |
| 112 | int ssl_socket_connect(void *state_data, |
| 113 | void *data, bool timeout_enable, bool nonblock) |
| 114 | { |
| 115 | int ret, flags; |
| 116 | struct ssl_state *state = (struct ssl_state*)state_data; |
| 117 | |
| 118 | if (timeout_enable) |
| 119 | { |
| 120 | if (!socket_connect_with_timeout(state->net_ctx.fd, data, 5000)) |
| 121 | return -1; |
| 122 | /* socket_connect_with_timeout makes the socket non-blocking. */ |
| 123 | if (!socket_set_block(state->net_ctx.fd, true)) |
| 124 | return -1; |
| 125 | } |
| 126 | else |
| 127 | { |
| 128 | if (socket_connect(state->net_ctx.fd, data)) |
| 129 | return -1; |
| 130 | } |
| 131 | |
| 132 | if (mbedtls_ssl_config_defaults(&state->conf, |
| 133 | MBEDTLS_SSL_IS_CLIENT, |
| 134 | MBEDTLS_SSL_TRANSPORT_STREAM, |
| 135 | MBEDTLS_SSL_PRESET_DEFAULT) != 0) |
| 136 | return -1; |
| 137 | |
| 138 | mbedtls_ssl_conf_authmode(&state->conf, MBEDTLS_SSL_VERIFY_OPTIONAL); |
| 139 | mbedtls_ssl_conf_ca_chain(&state->conf, &state->ca, NULL); |
| 140 | mbedtls_ssl_conf_rng(&state->conf, mbedtls_ctr_drbg_random, &state->ctr_drbg); |
| 141 | mbedtls_ssl_conf_dbg(&state->conf, ssl_debug, stderr); |
| 142 | |
| 143 | if (mbedtls_ssl_setup(&state->ctx, &state->conf) != 0) |
| 144 | return -1; |
| 145 | |
| 146 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| 147 | if (mbedtls_ssl_set_hostname(&state->ctx, state->domain) != 0) |
| 148 | return -1; |
| 149 | #endif |
| 150 | |
| 151 | mbedtls_ssl_set_bio(&state->ctx, &state->net_ctx, mbedtls_net_send, mbedtls_net_recv, NULL); |
| 152 | |
| 153 | while ((ret = mbedtls_ssl_handshake(&state->ctx)) != 0) |
| 154 | { |
| 155 | if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) |
| 156 | return -1; |
| 157 | } |
| 158 | |
| 159 | if ((flags = mbedtls_ssl_get_verify_result(&state->ctx)) != 0) |
| 160 | { |
| 161 | char vrfy_buf[512]; |
| 162 | mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags); |
| 163 | } |
| 164 | |
| 165 | return state->net_ctx.fd; |
| 166 | } |
| 167 | |
| 168 | ssize_t ssl_socket_receive_all_nonblocking(void *state_data, |
| 169 | bool *error, void *data_, size_t size) |
| 170 | { |
| 171 | ssize_t ret; |
| 172 | struct ssl_state *state = (struct ssl_state*)state_data; |
| 173 | const uint8_t *data = (const uint8_t*)data_; |
| 174 | /* mbedtls_ssl_read wants non-const data but it only reads it, so this cast is safe */ |
| 175 | |
| 176 | mbedtls_net_set_nonblock(&state->net_ctx); |
| 177 | |
| 178 | ret = mbedtls_ssl_read(&state->ctx, (unsigned char*)data, size); |
| 179 | |
| 180 | if (ret > 0) |
| 181 | return ret; |
| 182 | |
| 183 | if (ret == 0) |
| 184 | { |
| 185 | /* Socket closed */ |
| 186 | *error = true; |
| 187 | return -1; |
| 188 | } |
| 189 | |
| 190 | if (isagain((int)ret) || ret == MBEDTLS_ERR_SSL_WANT_READ) |
| 191 | return 0; |
| 192 | |
| 193 | *error = true; |
| 194 | return -1; |
| 195 | } |
| 196 | |
| 197 | int ssl_socket_receive_all_blocking(void *state_data, |
| 198 | void *data_, size_t size) |
| 199 | { |
| 200 | struct ssl_state *state = (struct ssl_state*)state_data; |
| 201 | const uint8_t *data = (const uint8_t*)data_; |
| 202 | |
| 203 | mbedtls_net_set_block(&state->net_ctx); |
| 204 | |
| 205 | for (;;) |
| 206 | { |
| 207 | /* mbedtls_ssl_read wants non-const data but it only reads it, |
| 208 | * so this cast is safe */ |
| 209 | int ret = mbedtls_ssl_read(&state->ctx, (unsigned char*)data, size); |
| 210 | |
| 211 | if ( ret == MBEDTLS_ERR_SSL_WANT_READ || |
| 212 | ret == MBEDTLS_ERR_SSL_WANT_WRITE) |
| 213 | continue; |
| 214 | |
| 215 | if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) |
| 216 | break; |
| 217 | |
| 218 | if (ret == 0) |
| 219 | break; /* normal EOF */ |
| 220 | |
| 221 | if (ret < 0) |
| 222 | return -1; |
| 223 | } |
| 224 | |
| 225 | return 1; |
| 226 | } |
| 227 | |
| 228 | int ssl_socket_send_all_blocking(void *state_data, |
| 229 | const void *data_, size_t size, bool no_signal) |
| 230 | { |
| 231 | int ret; |
| 232 | struct ssl_state *state = (struct ssl_state*)state_data; |
| 233 | const uint8_t *data = (const uint8_t*)data_; |
| 234 | |
| 235 | mbedtls_net_set_block(&state->net_ctx); |
| 236 | |
| 237 | while ((ret = mbedtls_ssl_write(&state->ctx, data, size)) <= 0) |
| 238 | { |
| 239 | if ( ret != MBEDTLS_ERR_SSL_WANT_READ && |
| 240 | ret != MBEDTLS_ERR_SSL_WANT_WRITE) |
| 241 | return false; |
| 242 | } |
| 243 | |
| 244 | return true; |
| 245 | } |
| 246 | |
| 247 | ssize_t ssl_socket_send_all_nonblocking(void *state_data, |
| 248 | const void *data_, size_t size, bool no_signal) |
| 249 | { |
| 250 | int ret; |
| 251 | ssize_t sent = size; |
| 252 | struct ssl_state *state = (struct ssl_state*)state_data; |
| 253 | const uint8_t *data = (const uint8_t*)data_; |
| 254 | |
| 255 | mbedtls_net_set_nonblock(&state->net_ctx); |
| 256 | |
| 257 | ret = mbedtls_ssl_write(&state->ctx, data, size); |
| 258 | |
| 259 | if (ret <= 0) |
| 260 | return -1; |
| 261 | |
| 262 | return sent; |
| 263 | } |
| 264 | |
| 265 | void ssl_socket_close(void *state_data) |
| 266 | { |
| 267 | struct ssl_state *state = (struct ssl_state*)state_data; |
| 268 | |
| 269 | mbedtls_ssl_close_notify(&state->ctx); |
| 270 | |
| 271 | socket_close(state->net_ctx.fd); |
| 272 | } |
| 273 | |
| 274 | void ssl_socket_free(void *state_data) |
| 275 | { |
| 276 | struct ssl_state *state = (struct ssl_state*)state_data; |
| 277 | |
| 278 | if (!state) |
| 279 | return; |
| 280 | |
| 281 | mbedtls_ssl_free(&state->ctx); |
| 282 | mbedtls_ssl_config_free(&state->conf); |
| 283 | mbedtls_ctr_drbg_free(&state->ctr_drbg); |
| 284 | mbedtls_entropy_free(&state->entropy); |
| 285 | #if defined(MBEDTLS_X509_CRT_PARSE_C) |
| 286 | mbedtls_x509_crt_free(&state->ca); |
| 287 | #endif |
| 288 | |
| 289 | free(state); |
| 290 | } |