Blame - include/tls_session.h - dhtnet

blob: 4a4b994d5d9af613f477b87030f4db25d03783e8 [file] [log] [blame]

Adrien Béraud	612b55b	2023-05-29 10:42:04 -0400	[diff] [blame]	1	/*
				2	* Copyright (C) 2004-2023 Savoir-faire Linux Inc.
				3	*
				4	* Author: Adrien Béraud <adrien.beraud@savoirfairelinux.com>
				5	* Author: Guillaume Roguez <guillaume.roguez@savoirfairelinux.com>
				6	* Author: Sébastien Blin <sebastien.blin@savoirfairelinux.com>
				7	* Author: Vsevolod Ivanov <vsevolod.ivanov@savoirfairelinux.com>
				8	*
				9	* This program is free software; you can redistribute it and/or modify
				10	* it under the terms of the GNU General Public License as published by
				11	* the Free Software Foundation; either version 3 of the License, or
				12	* (at your option) any later version.
				13	*
				14	* This program is distributed in the hope that it will be useful,
				15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				17	* GNU General Public License for more details.
				18	*
				19	* You should have received a copy of the GNU General Public License
				20	* along with this program; if not, write to the Free Software
				21	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				22	*/
				23
				24	#pragma once
				25
				26	//#include "noncopyable.h"
				27	#include "generic_io.h"
				28	#include "certstore.h"
				29	#include "diffie-hellman.h"
				30
				31	#include <gnutls/gnutls.h>
				32	#include <asio/io_context.hpp>
				33
				34	#include <string>
				35	#include <functional>
				36	#include <memory>
				37	#include <future>
				38	#include <chrono>
				39	#include <vector>
				40	#include <array>
				41
				42	namespace dht {
				43	namespace crypto {
				44	struct Certificate;
				45	struct PrivateKey;
				46	} // namespace crypto
				47	} // namespace dht
				48
				49	namespace jami {
				50	namespace tls {
				51
				52	enum class TlsSessionState {
				53	NONE,
				54	SETUP,
				55	COOKIE, // only used with non-initiator and non-reliable transport
				56	HANDSHAKE,
				57	MTU_DISCOVERY, // only used with non-reliable transport
				58	ESTABLISHED,
				59	SHUTDOWN
				60	};
				61
				62	using clock = std::chrono::steady_clock;
				63	using duration = clock::duration;
				64
				65	struct TlsParams
				66	{
				67	// User CA list for session credentials
				68	std::string ca_list;
				69
				70	std::shared_ptr<dht::crypto::Certificate> peer_ca;
				71
				72	// User identity for credential
				73	std::shared_ptr<dht::crypto::Certificate> cert;
				74	std::shared_ptr<dht::crypto::PrivateKey> cert_key;
				75
				76	// Diffie-Hellman computed by gnutls_dh_params_init/gnutls_dh_params_generateX
				77	std::shared_future<DhParams> dh_params;
				78
				79	tls::CertificateStore& certStore;
				80
				81	// handshake timeout
				82	duration timeout;
				83
				84	// Callback for certificate checkings
				85	std::function<int(unsigned status, const gnutls_datum_t* cert_list, unsigned cert_list_size)>
				86	cert_check;
				87
				88	std::shared_ptr<asio::io_context> io_context;
				89
				90	std::shared_ptr<Logger> logger;
				91	};
				92
				93	/// TlsSession
				94	///
				95	/// Manages a TLS/DTLS data transport overlayed on a given generic socket.
				96	///
				97	/// \note API is not thread-safe.
				98	///
				99	class TlsSession : public GenericSocket<uint8_t>
				100	{
				101	public:
				102	using SocketType = GenericSocket<uint8_t>;
				103	using OnStateChangeFunc = std::function<void(TlsSessionState)>;
				104	using OnRxDataFunc = std::function<void(std::vector<uint8_t>&&)>;
				105	using OnCertificatesUpdate
				106	= std::function<void(const gnutls_datum_t, const gnutls_datum_t, unsigned int)>;
				107	using VerifyCertificate = std::function<int(gnutls_session_t)>;
				108
				109	// ===> WARNINGS <===
				110	// Following callbacks are called into the FSM thread context
				111	// Do not call blocking routines inside them.
				112	using TlsSessionCallbacks = struct
				113	{
				114	OnStateChangeFunc onStateChange;
				115	OnRxDataFunc onRxData;
				116	OnCertificatesUpdate onCertificatesUpdate;
				117	VerifyCertificate verifyCertificate;
				118	};
				119
				120	TlsSession(std::unique_ptr<SocketType>&& transport,
				121	const TlsParams& params,
				122	const TlsSessionCallbacks& cbs,
				123	bool anonymous = true);
				124	~TlsSession();
				125
				126	/// Request TLS thread to stop and quit.
				127	/// \note IO operations return error after this call.
				128	void shutdown() override;
				129
				130	void setOnRecv(RecvCb&& cb) override
				131	{
				132	(void) cb;
				133	throw std::logic_error("TlsSession::setOnRecv not implemented");
				134	}
				135
				136	/// Return true if the TLS session type is a server.
				137	bool isInitiator() const override;
				138
				139	bool isReliable() const override;
				140
				141	int maxPayload() const override;
				142
				143	void waitForReady(const duration& timeout = {});
				144
				145	/// Synchronous writing.
				146	/// Return a positive number for number of bytes write, or 0 and \a ec set in case of error.
				147	std::size_t write(const ValueType* data, std::size_t size, std::error_code& ec) override;
				148
				149	/// Synchronous reading.
				150	/// Return a positive number for number of bytes read, or 0 and \a ec set in case of error.
				151	std::size_t read(ValueType* data, std::size_t size, std::error_code& ec) override;
				152
				153	int waitForData(std::chrono::milliseconds, std::error_code&) const override;
				154
				155	std::shared_ptr<dht::crypto::Certificate> peerCertificate() const;
				156
				157	const std::shared_ptr<dht::log::Logger>& logger() const;
				158
				159	private:
				160	class TlsSessionImpl;
				161	std::unique_ptr<TlsSessionImpl> pimpl_;
				162	};
				163
				164	} // namespace tls
				165	} // namespace jami