1 /* Copyright (C) 2010-2020 The RetroArch team
2 *
3 * ---------------------------------------------------------------------------------------
4 * The following license statement only applies to this file (net_socket.c).
5 * ---------------------------------------------------------------------------------------
6 *
7 * Permission is hereby granted, free of charge,
8 * to any person obtaining a copy of this software and associated documentation files (the "Software"),
9 * to deal in the Software without restriction, including without limitation the rights to
10 * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software,
11 * and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
16 * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
18 * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
19 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21 */
22
23 #include <string.h>
24 #include <net/net_compat.h>
25 #include <net/net_socket.h>
26 #include <net/net_socket_ssl.h>
27
28 #if defined(HAVE_BUILTINMBEDTLS)
29 #include "../../deps/mbedtls/mbedtls/config.h"
30 #include "../../deps/mbedtls/mbedtls/certs.h"
31 #include "../../deps/mbedtls/mbedtls/debug.h"
32 #include "../../deps/mbedtls/mbedtls/platform.h"
33 #include "../../deps/mbedtls/mbedtls/net_sockets.h"
34 #include "../../deps/mbedtls/mbedtls/ssl.h"
35 #include "../../deps/mbedtls/mbedtls/ctr_drbg.h"
36 #include "../../deps/mbedtls/mbedtls/entropy.h"
37 #else
38 #include <mbedtls/config.h>
39 #include <mbedtls/certs.h>
40 #include <mbedtls/debug.h>
41 #include <mbedtls/platform.h>
42 #include <mbedtls/net_sockets.h>
43 #include <mbedtls/ssl.h>
44 #include <mbedtls/ctr_drbg.h>
45 #include <mbedtls/entropy.h>
46 #endif
47
48 /* Not part of the mbedtls upstream source */
49 #include "../../deps/mbedtls/cacert.h"
50
51 #define DEBUG_LEVEL 0
52
53 struct ssl_state
54 {
55 mbedtls_net_context net_ctx;
56 mbedtls_ssl_context ctx;
57 mbedtls_entropy_context entropy;
58 mbedtls_ctr_drbg_context ctr_drbg;
59 mbedtls_ssl_config conf;
60 #if defined(MBEDTLS_X509_CRT_PARSE_C)
61 mbedtls_x509_crt ca;
62 #endif
63 const char *domain;
64 };
65
ssl_debug(void * ctx,int level,const char * file,int line,const char * str)66 static void ssl_debug(void *ctx, int level,
67 const char *file, int line,
68 const char *str)
69 {
70 fprintf((FILE*)ctx, "%s:%04d: %s", file, line, str);
71 fflush((FILE*)ctx);
72 }
73
ssl_socket_init(int fd,const char * domain)74 void* ssl_socket_init(int fd, const char *domain)
75 {
76 static const char *pers = "libretro";
77 struct ssl_state *state = (struct ssl_state*)calloc(1, sizeof(*state));
78
79 state->domain = domain;
80
81 #if defined(MBEDTLS_DEBUG_C)
82 mbedtls_debug_set_threshold(DEBUG_LEVEL);
83 #endif
84
85 mbedtls_net_init(&state->net_ctx);
86 mbedtls_ssl_init(&state->ctx);
87 mbedtls_ssl_config_init(&state->conf);
88 #if defined(MBEDTLS_X509_CRT_PARSE_C)
89 mbedtls_x509_crt_init(&state->ca);
90 #endif
91 mbedtls_ctr_drbg_init(&state->ctr_drbg);
92 mbedtls_entropy_init(&state->entropy);
93
94 state->net_ctx.fd = fd;
95
96 if (mbedtls_ctr_drbg_seed(&state->ctr_drbg, mbedtls_entropy_func, &state->entropy, (const unsigned char*)pers, strlen(pers)) != 0)
97 goto error;
98
99 #if defined(MBEDTLS_X509_CRT_PARSE_C)
100 if (mbedtls_x509_crt_parse(&state->ca, (const unsigned char*)cacert_pem, sizeof(cacert_pem) / sizeof(cacert_pem[0])) < 0)
101 goto error;
102 #endif
103
104 return state;
105
106 error:
107 if (state)
108 free(state);
109 return NULL;
110 }
111
ssl_socket_connect(void * state_data,void * data,bool timeout_enable,bool nonblock)112 int ssl_socket_connect(void *state_data,
113 void *data, bool timeout_enable, bool nonblock)
114 {
115 int ret, flags;
116 struct ssl_state *state = (struct ssl_state*)state_data;
117
118 if (socket_connect(state->net_ctx.fd, data, timeout_enable))
119 return -1;
120
121 if (mbedtls_ssl_config_defaults(&state->conf,
122 MBEDTLS_SSL_IS_CLIENT,
123 MBEDTLS_SSL_TRANSPORT_STREAM,
124 MBEDTLS_SSL_PRESET_DEFAULT) != 0)
125 return -1;
126
127 mbedtls_ssl_conf_authmode(&state->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
128 mbedtls_ssl_conf_ca_chain(&state->conf, &state->ca, NULL);
129 mbedtls_ssl_conf_rng(&state->conf, mbedtls_ctr_drbg_random, &state->ctr_drbg);
130 mbedtls_ssl_conf_dbg(&state->conf, ssl_debug, stderr);
131
132 if (mbedtls_ssl_setup(&state->ctx, &state->conf) != 0)
133 return -1;
134
135 #if defined(MBEDTLS_X509_CRT_PARSE_C)
136 if (mbedtls_ssl_set_hostname(&state->ctx, state->domain) != 0)
137 return -1;
138 #endif
139
140 mbedtls_ssl_set_bio(&state->ctx, &state->net_ctx, mbedtls_net_send, mbedtls_net_recv, NULL);
141
142 while ((ret = mbedtls_ssl_handshake(&state->ctx)) != 0)
143 {
144 if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE)
145 return -1;
146 }
147
148 if ((flags = mbedtls_ssl_get_verify_result(&state->ctx)) != 0)
149 {
150 char vrfy_buf[512];
151 mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
152 }
153
154 return state->net_ctx.fd;
155 }
156
ssl_socket_receive_all_nonblocking(void * state_data,bool * error,void * data_,size_t size)157 ssize_t ssl_socket_receive_all_nonblocking(void *state_data,
158 bool *error, void *data_, size_t size)
159 {
160 ssize_t ret;
161 struct ssl_state *state = (struct ssl_state*)state_data;
162 const uint8_t *data = (const uint8_t*)data_;
163 /* mbedtls_ssl_read wants non-const data but it only reads it, so this cast is safe */
164
165 mbedtls_net_set_nonblock(&state->net_ctx);
166
167 ret = mbedtls_ssl_read(&state->ctx, (unsigned char*)data, size);
168
169 if (ret > 0)
170 return ret;
171
172 if (ret == 0)
173 {
174 /* Socket closed */
175 *error = true;
176 return -1;
177 }
178
179 if (isagain((int)ret) || ret == MBEDTLS_ERR_SSL_WANT_READ)
180 return 0;
181
182 *error = true;
183 return -1;
184 }
185
ssl_socket_receive_all_blocking(void * state_data,void * data_,size_t size)186 int ssl_socket_receive_all_blocking(void *state_data,
187 void *data_, size_t size)
188 {
189 struct ssl_state *state = (struct ssl_state*)state_data;
190 const uint8_t *data = (const uint8_t*)data_;
191
192 mbedtls_net_set_block(&state->net_ctx);
193
194 for (;;)
195 {
196 /* mbedtls_ssl_read wants non-const data but it only reads it,
197 * so this cast is safe */
198 int ret = mbedtls_ssl_read(&state->ctx, (unsigned char*)data, size);
199
200 if ( ret == MBEDTLS_ERR_SSL_WANT_READ ||
201 ret == MBEDTLS_ERR_SSL_WANT_WRITE)
202 continue;
203
204 if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY)
205 break;
206
207 if (ret == 0)
208 break; /* normal EOF */
209
210 if (ret < 0)
211 return -1;
212 }
213
214 return 1;
215 }
216
ssl_socket_send_all_blocking(void * state_data,const void * data_,size_t size,bool no_signal)217 int ssl_socket_send_all_blocking(void *state_data,
218 const void *data_, size_t size, bool no_signal)
219 {
220 int ret;
221 struct ssl_state *state = (struct ssl_state*)state_data;
222 const uint8_t *data = (const uint8_t*)data_;
223
224 mbedtls_net_set_block(&state->net_ctx);
225
226 while ((ret = mbedtls_ssl_write(&state->ctx, data, size)) <= 0)
227 {
228 if ( ret != MBEDTLS_ERR_SSL_WANT_READ &&
229 ret != MBEDTLS_ERR_SSL_WANT_WRITE)
230 return false;
231 }
232
233 return true;
234 }
235
ssl_socket_send_all_nonblocking(void * state_data,const void * data_,size_t size,bool no_signal)236 ssize_t ssl_socket_send_all_nonblocking(void *state_data,
237 const void *data_, size_t size, bool no_signal)
238 {
239 int ret;
240 ssize_t sent = size;
241 struct ssl_state *state = (struct ssl_state*)state_data;
242 const uint8_t *data = (const uint8_t*)data_;
243
244 mbedtls_net_set_nonblock(&state->net_ctx);
245
246 ret = mbedtls_ssl_write(&state->ctx, data, size);
247
248 if (ret <= 0)
249 return -1;
250
251 return sent;
252 }
253
ssl_socket_close(void * state_data)254 void ssl_socket_close(void *state_data)
255 {
256 struct ssl_state *state = (struct ssl_state*)state_data;
257
258 mbedtls_ssl_close_notify(&state->ctx);
259
260 socket_close(state->net_ctx.fd);
261 }
262
ssl_socket_free(void * state_data)263 void ssl_socket_free(void *state_data)
264 {
265 struct ssl_state *state = (struct ssl_state*)state_data;
266
267 if (!state)
268 return;
269
270 mbedtls_ssl_free(&state->ctx);
271 mbedtls_ssl_config_free(&state->conf);
272 mbedtls_ctr_drbg_free(&state->ctr_drbg);
273 mbedtls_entropy_free(&state->entropy);
274 #if defined(MBEDTLS_X509_CRT_PARSE_C)
275 mbedtls_x509_crt_free(&state->ca);
276 #endif
277
278 free(state);
279 }
280