2 * Copyright (C) 2010 Martin Willi
3 * Copyright (C) 2010 revosec AG
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 #include "tls_socket.h"
21 #include <utils/debug.h>
22 #include <threading/thread.h>
25 * Buffer size for plain side I/O
27 #define PLAIN_BUF_SIZE 4096
30 * Buffer size for encrypted side I/O
32 #define CRYPTO_BUF_SIZE 4096
34 typedef struct private_tls_socket_t private_tls_socket_t
;
35 typedef struct private_tls_application_t private_tls_application_t
;
37 struct private_tls_application_t
{
40 * Implements tls_application layer.
42 tls_application_t application
;
45 * Chunk of data to send
50 * Chunk of data received
56 * Private data of an tls_socket_t object.
58 struct private_tls_socket_t
{
61 * Public tls_socket_t interface.
66 * TLS application implementation
68 private_tls_application_t app
;
76 * Underlying OS socket
81 METHOD(tls_application_t
, process
, status_t
,
82 private_tls_application_t
*this, bio_reader_t
*reader
)
86 if (!reader
->read_data(reader
, reader
->remaining(reader
), &data
))
90 this->in
= chunk_cat("mc", this->in
, data
);
94 METHOD(tls_application_t
, build
, status_t
,
95 private_tls_application_t
*this, bio_writer_t
*writer
)
99 writer
->write_data(writer
, this->out
);
100 this->out
= chunk_empty
;
103 return INVALID_STATE
;
107 * TLS data exchange loop
109 static bool exchange(private_tls_socket_t
*this, bool wr
)
111 char buf
[CRYPTO_BUF_SIZE
], *pos
;
115 for (round
= 0; TRUE
; round
++)
120 switch (this->tls
->build(this->tls
, buf
, &len
, NULL
))
127 out
= write(this->fd
, pos
, len
);
130 DBG1(DBG_TLS
, "TLS crypto write error: %s",
147 if (this->app
.out
.len
== 0)
148 { /* all data written */
154 if (this->app
.in
.len
)
155 { /* some data received */
159 { /* did some handshaking, return empty chunk to not block */
163 len
= read(this->fd
, buf
, sizeof(buf
));
168 if (this->tls
->process(this->tls
, buf
, len
) != NEED_MORE
)
175 METHOD(tls_socket_t
, read_
, bool,
176 private_tls_socket_t
*this, chunk_t
*buf
)
178 if (exchange(this, FALSE
))
181 this->app
.in
= chunk_empty
;
187 METHOD(tls_socket_t
, write_
, bool,
188 private_tls_socket_t
*this, chunk_t buf
)
191 if (exchange(this, TRUE
))
198 METHOD(tls_socket_t
, splice
, bool,
199 private_tls_socket_t
*this, int rfd
, int wfd
)
201 char buf
[PLAIN_BUF_SIZE
], *pos
;
211 FD_SET(this->fd
, &set
);
213 old
= thread_cancelability(TRUE
);
214 len
= select(max(rfd
, this->fd
) + 1, &set
, NULL
, NULL
, NULL
);
215 thread_cancelability(old
);
218 DBG1(DBG_TLS
, "TLS select error: %s", strerror(errno
));
221 if (FD_ISSET(this->fd
, &set
))
223 if (!read_(this, &data
))
225 DBG2(DBG_TLS
, "TLS read error/disconnect");
231 len
= write(wfd
, pos
, data
.len
);
235 DBG1(DBG_TLS
, "TLS plain write error: %s", strerror(errno
));
243 if (FD_ISSET(rfd
, &set
))
245 len
= read(rfd
, buf
, sizeof(buf
));
248 if (!write_(this, chunk_create(buf
, len
)))
250 DBG1(DBG_TLS
, "TLS write error");
258 DBG1(DBG_TLS
, "TLS plain read error: %s", strerror(errno
));
267 METHOD(tls_socket_t
, get_fd
, int,
268 private_tls_socket_t
*this)
273 METHOD(tls_socket_t
, destroy
, void,
274 private_tls_socket_t
*this)
276 this->tls
->destroy(this->tls
);
277 free(this->app
.in
.ptr
);
284 tls_socket_t
*tls_socket_create(bool is_server
, identification_t
*server
,
285 identification_t
*peer
, int fd
, tls_cache_t
*cache
)
287 private_tls_socket_t
*this;
301 .destroy
= (void*)nop
,
307 this->tls
= tls_create(is_server
, server
, peer
, TLS_PURPOSE_GENERIC
,
308 &this->app
.application
, cache
);
315 return &this->public;