emsApplication/3rdPartner/libhv/ssl/mbedtls.c

195 lines
5.5 KiB
C
Raw Normal View History

2024-05-24 12:19:45 +08:00
#include "hssl.h"
#include "hsocket.h"
#ifdef WITH_MBEDTLS
#include "mbedtls/version.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
#if defined(MBEDTLS_SSL_CACHE_C)
#include "mbedtls/ssl_cache.h"
#endif
#ifdef _MSC_VER
//#pragma comment(lib, "libmbedtls.a")
//#pragma comment(lib, "libmbedx509.a")
//#pragma comment(lib, "libmbedcrypto.a")
#endif
const char* hssl_backend() {
return "mbedtls";
}
struct mbedtls_ctx {
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_config conf;
mbedtls_x509_crt cert;
mbedtls_pk_context pkey;
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_context cache;
#endif
};
hssl_ctx_t hssl_ctx_new(hssl_ctx_opt_t* param) {
struct mbedtls_ctx* ctx = (struct mbedtls_ctx*)malloc(sizeof(struct mbedtls_ctx));
if (ctx == NULL) return NULL;
mbedtls_ssl_config_init(&ctx->conf);
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_init(&ctx->cache);
#endif
mbedtls_x509_crt_init(&ctx->cert);
mbedtls_pk_init(&ctx->pkey);
mbedtls_entropy_init(&ctx->entropy);
mbedtls_ctr_drbg_init(&ctx->ctr_drbg);
int mode = MBEDTLS_SSL_VERIFY_NONE;
int endpoint = MBEDTLS_SSL_IS_CLIENT;
bool check = false;
if (param) {
if (param->crt_file && *param->crt_file) {
if (mbedtls_x509_crt_parse_file(&ctx->cert, param->crt_file) != 0) {
fprintf(stderr, "ssl crt_file error!\n");
goto error;
}
}
if (param->key_file && *param->key_file) {
#if MBEDTLS_VERSION_MAJOR >= 3
if (mbedtls_pk_parse_keyfile(&ctx->pkey, param->key_file, NULL, NULL, NULL) != 0) {
#else
if (mbedtls_pk_parse_keyfile(&ctx->pkey, param->key_file, NULL) != 0) {
#endif
fprintf(stderr, "ssl key_file error!\n");
goto error;
}
check = true;
}
if (param->verify_peer) {
mode = MBEDTLS_SSL_VERIFY_REQUIRED;
}
if (param->endpoint == HSSL_SERVER) {
endpoint = MBEDTLS_SSL_IS_SERVER;
}
}
mbedtls_ctr_drbg_seed(&ctx->ctr_drbg, mbedtls_entropy_func, &ctx->entropy, NULL, 0);
if (mbedtls_ssl_config_defaults(&ctx->conf, endpoint,
MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
fprintf(stderr, "ssl config error!\n");
goto error;
}
mbedtls_ssl_conf_authmode(&ctx->conf, mode);
mbedtls_ssl_conf_rng(&ctx->conf, mbedtls_ctr_drbg_random, &ctx->ctr_drbg);
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_conf_session_cache(&ctx->conf, &ctx->cache, mbedtls_ssl_cache_get, mbedtls_ssl_cache_set);
#endif
if (check) {
mbedtls_ssl_conf_ca_chain(&ctx->conf, ctx->cert.next, NULL);
if (mbedtls_ssl_conf_own_cert(&ctx->conf, &ctx->cert, &ctx->pkey) != 0) {
fprintf(stderr, "ssl key_file check failed!\n");
goto error;
}
}
return ctx;
error:
free(ctx);
return NULL;
}
void hssl_ctx_free(hssl_ctx_t ssl_ctx) {
if (!ssl_ctx) return;
struct mbedtls_ctx *mctx = (struct mbedtls_ctx *)ssl_ctx;
mbedtls_x509_crt_free(&mctx->cert);
mbedtls_pk_free(&mctx->pkey);
mbedtls_ssl_config_free(&mctx->conf);
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_free(&mctx->cache);
#endif
mbedtls_ctr_drbg_free(&mctx->ctr_drbg);
mbedtls_entropy_free(&mctx->entropy);
free(mctx);
}
static int __mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len) {
int fd = (intptr_t)ctx;
// int n = write(fd, buf, len);
int n = send(fd, (char*)(buf), (int)(len), 0);
if (n >= 0) return n;
return ((socket_errno() == EAGAIN || socket_errno() == EINPROGRESS) ? MBEDTLS_ERR_SSL_WANT_WRITE : -1);
}
static int __mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len) {
int fd = (intptr_t)ctx;
// int n = read(fd, buf, len);
int n = recv(fd, (char*)(buf), (int)(len), 0);
if (n >= 0) return n;
return ((socket_errno() == EAGAIN || socket_errno() == EINPROGRESS) ? MBEDTLS_ERR_SSL_WANT_READ : -1);
}
hssl_t hssl_new(hssl_ctx_t ssl_ctx, int fd) {
struct mbedtls_ctx* mctx = (struct mbedtls_ctx*)ssl_ctx;
mbedtls_ssl_context* ssl = (mbedtls_ssl_context*)malloc(sizeof(mbedtls_ssl_context));
if (ssl == NULL) return NULL;
mbedtls_ssl_init(ssl);
mbedtls_ssl_setup(ssl, &mctx->conf);
mbedtls_ssl_set_bio(ssl, (void*)(intptr_t)fd, __mbedtls_net_send, __mbedtls_net_recv, NULL);
return ssl;
}
void hssl_free(hssl_t ssl) {
if (ssl) {
mbedtls_ssl_free(ssl);
ssl = NULL;
}
}
static int hssl_handshake(hssl_t ssl) {
int ret = mbedtls_ssl_handshake(ssl);
if (ret != 0) {
if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
return HSSL_WANT_READ;
}
else if (ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
return HSSL_WANT_WRITE;
}
}
return ret;
}
int hssl_accept(hssl_t ssl) {
return hssl_handshake(ssl);
}
int hssl_connect(hssl_t ssl) {
return hssl_handshake(ssl);
}
int hssl_read(hssl_t ssl, void* buf, int len) {
return mbedtls_ssl_read(ssl, buf, len);
}
int hssl_write(hssl_t ssl, const void* buf, int len) {
return mbedtls_ssl_write(ssl, buf, len);
}
int hssl_close(hssl_t ssl) {
return 0;
}
int hssl_set_sni_hostname(hssl_t ssl, const char* hostname) {
#ifdef MBEDTLS_X509_CRT_PARSE_C
mbedtls_ssl_set_hostname(ssl, hostname);
#endif
return 0;
}
#endif // WITH_MBEDTLS