tls_session.h 4.74 KB
Newer Older
1
/*
2
 *  Copyright (C) 2016-2019 Savoir-faire Linux Inc.
3 4 5
 *
 *  Author: Adrien Béraud <adrien.beraud@savoirfairelinux.com>
 *  Author: Guillaume Roguez <guillaume.roguez@savoirfairelinux.com>
6
 *  Author: Sébastien Blin <sebastien.blin@savoirfairelinux.com>
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301 USA.
 */

#pragma once

25
#include "noncopyable.h"
26
#include "generic_io.h"
27 28 29 30 31 32 33

#include <gnutls/gnutls.h>

#include <string>
#include <functional>
#include <memory>
#include <future>
34
#include <chrono>
35
#include <vector>
36
#include <array>
37 38

namespace dht { namespace crypto {
39 40
struct Certificate;
struct PrivateKey;
41 42
}} // namespace dht::crypto

Adrien Béraud's avatar
Adrien Béraud committed
43
namespace jami { namespace tls {
44

45 46
class DhParams;

47 48
enum class TlsSessionState
{
49
    NONE,
50
    SETUP,
51
    COOKIE, // only used with non-initiator and non-reliable transport
52
    HANDSHAKE,
53
    MTU_DISCOVERY, // only used with non-reliable transport
54 55 56 57
    ESTABLISHED,
    SHUTDOWN
};

58 59
struct TlsParams
{
60 61 62
    // User CA list for session credentials
    std::string ca_list;

63 64
    std::shared_ptr<dht::crypto::Certificate> peer_ca;

65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80
    // User identity for credential
    std::shared_ptr<dht::crypto::Certificate> cert;
    std::shared_ptr<dht::crypto::PrivateKey> cert_key;

    // Diffie-Hellman computed by gnutls_dh_params_init/gnutls_dh_params_generateX
    std::shared_future<DhParams> dh_params;

    // DTLS timeout
    std::chrono::steady_clock::duration timeout;

    // Callback for certificate checkings
    std::function<int(unsigned status,
                      const gnutls_datum_t* cert_list,
                      unsigned cert_list_size)> cert_check;
};

81 82 83 84 85 86 87 88
/// TlsSession
///
/// Manages a TLS/DTLS data transport overlayed on a given generic socket.
///
/// \note API is not thread-safe.
///
class TlsSession : public GenericSocket<uint8_t>
{
89
public:
90
    using SocketType = GenericSocket<uint8_t>;
91 92
    using OnStateChangeFunc = std::function<void(TlsSessionState)>;
    using OnRxDataFunc = std::function<void(std::vector<uint8_t>&&)>;
93 94 95
    using OnCertificatesUpdate = std::function<void(const gnutls_datum_t*,
                                                    const gnutls_datum_t*,
                                                    unsigned int)>;
96 97 98 99 100 101 102 103 104 105 106 107
    using VerifyCertificate = std::function<int(gnutls_session_t)>;

    // ===> WARNINGS <===
    // Following callbacks are called into the FSM thread context
    // Do not call blocking routines inside them.
    using TlsSessionCallbacks = struct {
        OnStateChangeFunc onStateChange;
        OnRxDataFunc onRxData;
        OnCertificatesUpdate onCertificatesUpdate;
        VerifyCertificate verifyCertificate;
    };

108 109
    TlsSession(SocketType& transport, const TlsParams& params, const TlsSessionCallbacks& cbs,
               bool anonymous=true);
110 111
    ~TlsSession();

112 113 114 115
    /// Return the name of current cipher.
    /// Can be called by onStateChange callback when state == ESTABLISHED
    /// to obtain the used cypher suite id.
    const char* currentCipherSuiteId(std::array<uint8_t, 2>& cs_id) const;
116

117 118
    /// Request TLS thread to stop and quit.
    /// \note IO operations return error after this call.
119
    void shutdown() override;
120

121 122 123 124 125 126 127 128 129 130 131
    void setOnRecv(RecvCb&& cb) override {
        (void)cb;
        throw std::logic_error("TlsSession::setOnRecv not implemented");
    }

    /// Return true if the TLS session type is a server.
    bool isInitiator() const override;

    bool isReliable() const override;

    int maxPayload() const override;
132

133
    void waitForReady(const std::chrono::steady_clock::duration& timeout = {});
134

135 136 137
    /// Synchronous writing.
    /// Return a positive number for number of bytes write, or 0 and \a ec set in case of error.
    std::size_t write(const ValueType* data, std::size_t size, std::error_code& ec) override;
138

139 140 141
    /// Synchronous reading.
    /// Return a positive number for number of bytes read, or 0 and \a ec set in case of error.
    std::size_t read(ValueType* data, std::size_t size, std::error_code& ec) override;
142

143
    int waitForData(std::chrono::milliseconds, std::error_code&) const override;
144

145
private:
146 147
    class TlsSessionImpl;
    std::unique_ptr<TlsSessionImpl> pimpl_;
148 149
};

Adrien Béraud's avatar
Adrien Béraud committed
150
}} // namespace jami::tls