RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 22:07:35 +00:00
Code Issues Activity Actions

Userland: Convert TLS::TLSv12 to a Core::Stream::Socket

Browse source 
This commit converts TLS::TLSv12 to a Core::Stream object, and in the
process allows TLS to now wrap other Core::Stream::Socket objects.
As a large part of LibHTTP and LibGemini depend on LibTLS's interface,
this also converts those to support Core::Stream, which leads to a
simplification of LibHTTP (as there's no need to care about the
underlying socket type anymore).
Note that RequestServer now controls the TLS socket options, which is a
better place anyway, as RS is the first receiver of the user-requested
options (though this is currently not particularly useful).
This commit is contained in:
Ali Mohammad Pur 2022-02-02 19:21:55 +03:30 committed by Andreas Kling
parent 7a95c451a3
commit aafc451016
47 changed files with 841 additions and 1157 deletions
Download patch file Download diff file Expand all files Collapse all files

259
Userland/Libraries/LibTLS/Socket.cpp
View file

@ -6,6 +6,7 @@
#include <AK/Debug.h>
#include <LibCore/DateTime.h>
#include <LibCore/EventLoop.h>
#include <LibCore/Timer.h>
#include <LibCrypto/PK/Code/EMSA_PSS.h>
#include <LibTLS/TLSv12.h>
@ -17,24 +18,18 @@ constexpr static size_t MaximumApplicationDataChunkSize = 16 * KiB;
namespace TLS {
Optional<ByteBuffer> TLSv12::read()
ErrorOr<size_t> TLSv12::read(Bytes bytes)
{
if (m_context.application_buffer.size()) {
auto buf = move(m_context.application_buffer);
return { move(buf) };
m_eof = false;
auto size_to_read = min(bytes.size(), m_context.application_buffer.size());
if (size_to_read == 0) {
m_eof = true;
return 0;
}
return {};
}
ByteBuffer TLSv12::read(size_t max_size)
{
if (m_context.application_buffer.size()) {
auto length = min(m_context.application_buffer.size(), max_size);
auto buf = m_context.application_buffer.slice(0, length);
m_context.application_buffer = m_context.application_buffer.slice(length, m_context.application_buffer.size() - length);
return buf;
}
return {};
m_context.application_buffer.span().slice(0, size_to_read).copy_to(bytes);
m_context.application_buffer = m_context.application_buffer.slice(size_to_read, m_context.application_buffer.size() - size_to_read);
return size_to_read;
}
String TLSv12::read_line(size_t max_size)
@ -57,99 +52,112 @@ String TLSv12::read_line(size_t max_size)
return line;
}
bool TLSv12::write(ReadonlyBytes buffer)
ErrorOr<size_t> TLSv12::write(ReadonlyBytes bytes)
{
if (m_context.connection_status != ConnectionStatus::Established) {
dbgln_if(TLS_DEBUG, "write request while not connected");
return false;
return AK::Error::from_string_literal("TLS write request while not connected");
}
for (size_t offset = 0; offset < buffer.size(); offset += MaximumApplicationDataChunkSize) {
PacketBuilder builder { MessageType::ApplicationData, m_context.options.version, buffer.size() - offset };
builder.append(buffer.slice(offset, min(buffer.size() - offset, MaximumApplicationDataChunkSize)));
for (size_t offset = 0; offset < bytes.size(); offset += MaximumApplicationDataChunkSize) {
PacketBuilder builder { MessageType::ApplicationData, m_context.options.version, bytes.size() - offset };
builder.append(bytes.slice(offset, min(bytes.size() - offset, MaximumApplicationDataChunkSize)));
auto packet = builder.build();
update_packet(packet);
write_packet(packet);
}
return true;
return bytes.size();
}
bool TLSv12::connect(const String& hostname, int port)
ErrorOr<NonnullOwnPtr<TLSv12>> TLSv12::connect(const String& host, u16 port, Options options)
{
set_sni(hostname);
return Core::Socket::connect(hostname, port);
Core::EventLoop loop;
OwnPtr<Core::Stream::Socket> tcp_socket = TRY(Core::Stream::TCPSocket::connect(host, port));
TRY(tcp_socket->set_blocking(false));
auto tls_socket = make<TLSv12>(move(tcp_socket), move(options));
tls_socket->set_sni(host);
tls_socket->on_connected = [&] {
loop.quit(0);
};
tls_socket->on_tls_error = [&](auto alert) {
loop.quit(256 - to_underlying(alert));
};
auto result = loop.exec();
if (result == 0)
return tls_socket;
tls_socket->try_disambiguate_error();
// FIXME: Should return richer information here.
return AK::Error::from_string_literal(alert_name(static_cast<AlertDescription>(256 - result)));
}
bool TLSv12::common_connect(const struct sockaddr* saddr, socklen_t length)
ErrorOr<NonnullOwnPtr<TLSv12>> TLSv12::connect(const String& host, Core::Stream::Socket& underlying_stream, Options options)
{
if (m_context.critical_error)
return false;
StreamVariantType socket { &underlying_stream };
auto tls_socket = make<TLSv12>(&underlying_stream, move(options));
tls_socket->set_sni(host);
Core::EventLoop loop;
tls_socket->on_connected = [&] {
loop.quit(0);
};
tls_socket->on_tls_error = [&](auto alert) {
loop.quit(256 - to_underlying(alert));
};
auto result = loop.exec();
if (result == 0)
return tls_socket;
if (Core::Socket::is_connected()) {
if (is_established()) {
VERIFY_NOT_REACHED();
} else {
Core::Socket::close(); // reuse?
}
}
tls_socket->try_disambiguate_error();
// FIXME: Should return richer information here.
return AK::Error::from_string_literal(alert_name(static_cast<AlertDescription>(256 - result)));
}
Core::Socket::on_connected = [this] {
Core::Socket::on_ready_to_read = [this] {
read_from_socket();
void TLSv12::setup_connection()
{
Core::deferred_invoke([this] {
auto& stream = underlying_stream();
stream.on_ready_to_read = [this] {
auto result = read_from_socket();
if (result.is_error())
dbgln("Read error: {}", result.error());
};
m_handshake_timeout_timer = Core::Timer::create_single_shot(
m_max_wait_time_for_handshake_in_seconds * 1000, [&] {
dbgln("Handshake timeout :(");
auto timeout_diff = Core::DateTime::now().timestamp() - m_context.handshake_initiation_timestamp;
// If the timeout duration was actually within the max wait time (with a margin of error),
// we're not operating slow, so the server timed out.
// otherwise, it's our fault that the negotiation is taking too long, so extend the timer :P
if (timeout_diff < m_max_wait_time_for_handshake_in_seconds + 1) {
// The server did not respond fast enough,
// time the connection out.
alert(AlertLevel::Critical, AlertDescription::UserCanceled);
m_context.tls_buffer.clear();
m_context.error_code = Error::TimedOut;
m_context.critical_error = (u8)Error::TimedOut;
check_connection_state(false); // Notify the client.
} else {
// Extend the timer, we are too slow.
m_handshake_timeout_timer->restart(m_max_wait_time_for_handshake_in_seconds * 1000);
}
});
auto packet = build_hello();
write_packet(packet);
deferred_invoke([&] {
m_handshake_timeout_timer = Core::Timer::create_single_shot(
m_max_wait_time_for_handshake_in_seconds * 1000, [&] {
auto timeout_diff = Core::DateTime::now().timestamp() - m_context.handshake_initiation_timestamp;
// If the timeout duration was actually within the max wait time (with a margin of error),
// we're not operating slow, so the server timed out.
// otherwise, it's our fault that the negotiation is taking too long, so extend the timer :P
if (timeout_diff < m_max_wait_time_for_handshake_in_seconds + 1) {
// The server did not respond fast enough,
// time the connection out.
alert(AlertLevel::Critical, AlertDescription::UserCanceled);
m_context.connection_finished = true;
m_context.tls_buffer.clear();
m_context.error_code = Error::TimedOut;
m_context.critical_error = (u8)Error::TimedOut;
check_connection_state(false); // Notify the client.
} else {
// Extend the timer, we are too slow.
m_handshake_timeout_timer->restart(m_max_wait_time_for_handshake_in_seconds * 1000);
}
},
this);
write_into_socket();
m_handshake_timeout_timer->start();
m_context.handshake_initiation_timestamp = Core::DateTime::now().timestamp();
});
m_has_scheduled_write_flush = true;
if (on_tls_connected)
on_tls_connected();
};
bool success = Core::Socket::common_connect(saddr, length);
if (!success)
return false;
return true;
write_into_socket();
m_handshake_timeout_timer->start();
m_context.handshake_initiation_timestamp = Core::DateTime::now().timestamp();
});
m_has_scheduled_write_flush = true;
}
void TLSv12::notify_client_for_app_data()
{
if (m_context.application_buffer.size() > 0) {
if (!m_has_scheduled_app_data_flush) {
deferred_invoke([this] { notify_client_for_app_data(); });
m_has_scheduled_app_data_flush = true;
}
if (on_tls_ready_to_read)
on_tls_ready_to_read(*this);
if (on_ready_to_read)
on_ready_to_read();
} else {
if (m_context.connection_finished && !m_context.has_invoked_finish_or_error_callback) {
m_context.has_invoked_finish_or_error_callback = true;
@ -160,7 +168,7 @@ void TLSv12::notify_client_for_app_data()
m_has_scheduled_app_data_flush = false;
}
void TLSv12::read_from_socket()
ErrorOr<void> TLSv12::read_from_socket()
{
// If there's anything before we consume stuff, let the client know
// since we won't be consuming things if the connection is terminated.
@ -173,12 +181,28 @@ void TLSv12::read_from_socket()
}
};
if (!check_connection_state(true)) {
set_idle(true);
return;
}
if (!check_connection_state(true))
return {};
consume(Core::Socket::read(4 * MiB));
u8 buffer[16 * KiB];
Bytes bytes { buffer, array_size(buffer) };
size_t nread = 0;
auto& stream = underlying_stream();
do {
auto result = stream.read(bytes);
if (result.is_error()) {
if (result.error().is_errno() && result.error().code() != EINTR) {
if (result.error().code() != EAGAIN)
dbgln("TLS Socket read failed, error: {}", result.error());
break;
}
continue;
}
nread = result.release_value();
consume(bytes.slice(0, nread));
} while (nread > 0 && !m_context.critical_error);
return {};
}
void TLSv12::write_into_socket()
@ -188,14 +212,8 @@ void TLSv12::write_into_socket()
m_has_scheduled_write_flush = false;
if (!check_connection_state(false))
return;
flush();
if (!is_established())
return;
if (!m_context.application_buffer.size()) // hey client, you still have stuff to read...
if (on_tls_ready_to_write)
on_tls_ready_to_write(*this);
MUST(flush());
}
bool TLSv12::check_connection_state(bool read)
@ -203,16 +221,21 @@ bool TLSv12::check_connection_state(bool read)
if (m_context.connection_finished)
return false;
if (!Core::Socket::is_open() || !Core::Socket::is_connected()) {
if (m_context.close_notify)
m_context.connection_finished = true;
auto& stream = underlying_stream();
if (!stream.is_open()) {
// an abrupt closure (the server is a jerk)
dbgln_if(TLS_DEBUG, "Socket not open, assuming abrupt closure");
m_context.connection_finished = true;
m_context.connection_status = ConnectionStatus::Disconnected;
Core::Socket::close();
close();
return false;
}
if (read && Core::Socket::eof()) {
if (read && stream.is_eof()) {
if (m_context.application_buffer.size() == 0 && m_context.connection_status != ConnectionStatus::Disconnected) {
m_context.has_invoked_finish_or_error_callback = true;
if (on_tls_finished)
@ -229,9 +252,10 @@ bool TLSv12::check_connection_state(bool read)
on_tls_error((AlertDescription)m_context.critical_error);
m_context.connection_finished = true;
m_context.connection_status = ConnectionStatus::Disconnected;
Core::Socket::close();
close();
return false;
}
if (((read && m_context.application_buffer.size() == 0) || !read) && m_context.connection_finished) {
if (m_context.application_buffer.size() == 0 && m_context.connection_status != ConnectionStatus::Disconnected) {
m_context.has_invoked_finish_or_error_callback = true;
@ -250,30 +274,51 @@ bool TLSv12::check_connection_state(bool read)
return true;
}
bool TLSv12::flush()
ErrorOr<bool> TLSv12::flush()
{
auto out_buffer = write_buffer().data();
size_t out_buffer_index { 0 };
size_t out_buffer_length = write_buffer().size();
auto out_bytes = m_context.tls_buffer.bytes();
if (out_buffer_length == 0)
if (out_bytes.is_empty())
return true;
if constexpr (TLS_DEBUG) {
dbgln("SENDING...");
print_buffer(out_buffer, out_buffer_length);
print_buffer(out_bytes);
}
if (Core::Socket::write(&out_buffer[out_buffer_index], out_buffer_length)) {
write_buffer().clear();
auto& stream = underlying_stream();
Optional<AK::Error> error;
size_t written;
do {
auto result = stream.write(out_bytes);
if (result.is_error() && result.error().code() != EINTR && result.error().code() != EAGAIN) {
error = result.release_error();
dbgln("TLS Socket write error: {}", *error);
break;
}
written = result.value();
out_bytes = out_bytes.slice(written);
} while (!out_bytes.is_empty());
if (out_bytes.is_empty() && !error.has_value()) {
m_context.tls_buffer.clear();
return true;
}
if (m_context.send_retries++ == 10) {
// drop the records, we can't send
dbgln_if(TLS_DEBUG, "Dropping {} bytes worth of TLS records as max retries has been reached", write_buffer().size());
write_buffer().clear();
dbgln_if(TLS_DEBUG, "Dropping {} bytes worth of TLS records as max retries has been reached", m_context.tls_buffer.size());
m_context.tls_buffer.clear();
m_context.send_retries = 0;
}
return false;
}
void TLSv12::close()
{
alert(AlertLevel::Critical, AlertDescription::CloseNotify);
// bye bye.
m_context.connection_status = ConnectionStatus::Disconnected;
}
}