tesses50/tessesframework
1
0
Fork 0
mirror of https://git.tesses.org/tesses50/tessesframework.git synced 2026-06-01 18:15:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Mike Nolan
2024-12-06 04:58:55 -06:00
commit 856373b396
61 changed files with 5920 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

263
src/Crypto/ClientTLSStream.cpp Normal file
View File

@@ -0,0 +1,263 @@
#include "TessesFramework/Crypto/ClientTLSStream.hpp"
#if defined(TESSESFRAMEWORK_ENABLE_MBED)
#if defined(TESSESFRAMEWORK_EMBED_CERT_BUNDLE)
#include "CertificateChain.h"
#else
#include "TessesFramework/TextStreams/StreamReader.hpp"
using StreamReader = Tesses::Framework::TextStreams::StreamReader;
#endif
#include <mbedtls/entropy.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/x509.h>
#include <mbedtls/ssl.h>
#include <mbedtls/net_sockets.h>
#include <mbedtls/error.h>
#endif
#include <cstring>
using namespace Tesses::Framework::Streams;
namespace Tesses::Framework::Crypto
{
#if defined(TESSESFRAMEWORK_ENABLE_MBED)
class ClientTLSPrivateData {
public:
bool eos;
bool owns;
bool success;
Stream* strm;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_x509_crt cachain;
~ClientTLSPrivateData()
{
mbedtls_x509_crt_free(&cachain);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
if(this->owns) delete strm;
}
};
#endif
std::string ClientTLSStream::GetCertChain()
{
#if defined(TESSESFRAMEWORK_ENABLE_MBED)
#if defined(TESSESFRAMEWORK_EMBED_CERT_BUNDLE)
return std::string((const char*)CERTIFICATECHAIN,CERTIFICATECHAIN_SIZE);
#else
#if defined(TESSESFRAMEWORK_CERT_BUNDLE_FILE)
StreamReader sr(TESSESFRAMEWORK_CERT_BUNDLE_FILE);
return sr.ReadToEnd();
#endif
#endif
#endif
return "";
}
ClientTLSStream::ClientTLSStream(Tesses::Framework::Streams::Stream* innerStream, bool owns, bool verify, std::string domain) : ClientTLSStream(innerStream,owns,verify,domain,"")
{
}
ClientTLSStream::ClientTLSStream(Tesses::Framework::Streams::Stream* innerStream, bool owns, bool verify, std::string domain, std::string cert)
{
#if defined(TESSESFRAMEWORK_ENABLE_MBED)
if(cert.empty())
{
cert = GetCertChain();
}
ClientTLSPrivateData* data = new ClientTLSPrivateData();
this->privateData = static_cast<void*>(data);
data->eos=false;
data->success=false;
data->strm = innerStream;
data->owns = owns;
mbedtls_ssl_init(&data->ssl);
mbedtls_ssl_config_init(&data->conf);
mbedtls_x509_crt_init(&data->cachain);
mbedtls_ctr_drbg_init(&data->ctr_drbg);
mbedtls_entropy_init(&data->entropy);
const char* pers = "TessesFramework";
int ret=0;
/*
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
return;
}
#endif
*/
if ((ret = mbedtls_ctr_drbg_seed(&data->ctr_drbg, mbedtls_entropy_func, &data->entropy,
(const unsigned char *) pers,
strlen(pers))) != 0)
{
printf("FAILED mbedtls_ctr_drbg_seed\n");
return;
}
if(ret != 0) { printf("FAILED mbedtls_x509_crt_parse cert %i\n",ret); return;}
ret = mbedtls_x509_crt_parse(&data->cachain, (const unsigned char *) cert.c_str(),
cert.size()+1);
if(ret != 0) {printf("FAILED mbedtls_x509_crt_parse chain %i\n",ret); return;}
if((ret = mbedtls_ssl_config_defaults(&data->conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT)) != 0)
{
char buffer[100];
mbedtls_strerror(ret,buffer,sizeof(buffer));
printf("FAILED mbedtls_ssl_conf_defaults %s\n",buffer);
return;
}
mbedtls_ssl_conf_rng(&data->conf, mbedtls_ctr_drbg_random, &data->ctr_drbg);
/* #if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_conf_session_cache(&conf, &cache,
mbedtls_ssl_cache_get,
mbedtls_ssl_cache_set);
#endif*/
mbedtls_ssl_conf_authmode(&data->conf, verify ? MBEDTLS_SSL_VERIFY_REQUIRED: MBEDTLS_SSL_VERIFY_OPTIONAL);
mbedtls_ssl_conf_ca_chain(&data->conf, &data->cachain, NULL);
mbedtls_ssl_set_bio(&data->ssl, static_cast<void*>(data),strm_send,strm_recv, NULL);
if((ret=mbedtls_ssl_setup(&data->ssl,&data->conf) != 0))
{
printf("FAILED mbedtls_ssl_setup %i\n",ret);
return;
}
if((ret=mbedtls_ssl_set_hostname(&data->ssl,domain.c_str()) != 0))
{
printf("FAILED mbedtls_ssl_set_hostname %i\n",ret);
return;
}
if((ret = mbedtls_ssl_handshake(&data->ssl)) != 0)
{
char buffer[100];
mbedtls_strerror(ret,buffer,sizeof(buffer));
printf("FAILED mbedtls_ssl_handshake %s\n",buffer);
return;
}
uint32_t flags;
if ((flags = mbedtls_ssl_get_verify_result(&data->ssl)) != 0) {
#if !defined(MBEDTLS_X509_REMOVE_INFO)
char vrfy_buf[512];
#endif
#if !defined(MBEDTLS_X509_REMOVE_INFO)
mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
#endif
if(verify)
return;
}
data->success=true;
#endif
}
size_t ClientTLSStream::Read(uint8_t* buffer, size_t len)
{
#if defined(TESSESFRAMEWORK_ENABLE_MBED)
auto priv = static_cast<ClientTLSPrivateData*>(this->privateData);
if(!priv->success) return 0;
if(priv->eos) return 0;
int r = mbedtls_ssl_read(&priv->ssl,buffer,len);
if(r == -30848)
{
priv->eos = true;
return 0;
}
return (size_t)r;
#else
return (size_t)0;
#endif
}
size_t ClientTLSStream::Write(const uint8_t* buffer, size_t len)
{
#if defined(TESSESFRAMEWORK_ENABLE_MBED)
auto priv = static_cast<ClientTLSPrivateData*>(this->privateData);
if(!priv->success) return 0;
int r = mbedtls_ssl_write(&priv->ssl,buffer,len);
return (size_t)r;
#else
return (size_t)0;
#endif
}
int ClientTLSStream::strm_send(void* ctx,const unsigned char* buf,size_t len)
{
#if defined(TESSESFRAMEWORK_ENABLE_MBED)
auto priv = static_cast<ClientTLSPrivateData*>(ctx);
return (int)priv->strm->Write(buf, len);
#else
return 0;
#endif
}
int ClientTLSStream::strm_recv(void* ctx,unsigned char* buf,size_t len)
{
#if defined(TESSESFRAMEWORK_ENABLE_MBED)
auto priv = static_cast<ClientTLSPrivateData*>(ctx);
return (int)priv->strm->Read(buf, len);
#else
return 0;
#endif
}
bool ClientTLSStream::CanRead()
{
#if defined(TESSESFRAMEWORK_ENABLE_MBED)
return !(!static_cast<ClientTLSPrivateData*>(this->privateData)->success || static_cast<ClientTLSPrivateData*>(this->privateData)->eos);
#else
return false;
#endif
}
bool ClientTLSStream::CanWrite()
{
#if defined(TESSESFRAMEWORK_ENABLE_MBED)
return !(!static_cast<ClientTLSPrivateData*>(this->privateData)->success || static_cast<ClientTLSPrivateData*>(this->privateData)->eos);
#else
return false;
#endif
}
bool ClientTLSStream::EndOfStream()
{
#if defined(TESSESFRAMEWORK_ENABLE_MBED)
return !static_cast<ClientTLSPrivateData*>(this->privateData)->success || static_cast<ClientTLSPrivateData*>(this->privateData)->eos;
#else
return true;
#endif
}
ClientTLSStream::~ClientTLSStream()
{
#if defined(TESSESFRAMEWORK_ENABLE_MBED)
delete static_cast<ClientTLSPrivateData*>(this->privateData);
#endif
}
}