mirror of
https://github.com/vlang/v.git
synced 2025-08-04 02:07:28 -04:00
708 lines
18 KiB
V
708 lines
18 KiB
V
module mbedtls
|
|
|
|
import io
|
|
import net
|
|
import time
|
|
|
|
const ctr_drbg = C.mbedtls_ctr_drbg_context{}
|
|
|
|
const entropy = C.mbedtls_entropy_context{}
|
|
|
|
fn init() {
|
|
$if trace_ssl ? {
|
|
eprintln(@METHOD)
|
|
}
|
|
unsafe { // Unsafe is needed for taking an address of const
|
|
C.mbedtls_ctr_drbg_init(&ctr_drbg)
|
|
C.mbedtls_entropy_init(&entropy)
|
|
ret := C.mbedtls_ctr_drbg_seed(&ctr_drbg, C.mbedtls_entropy_func, &entropy, 0,
|
|
0)
|
|
if ret != 0 {
|
|
C.mbedtls_ctr_drbg_free(&ctr_drbg)
|
|
panic('Failed to seed ssl context: ${ret}')
|
|
}
|
|
}
|
|
}
|
|
|
|
// SSLCerts represents a pair of CA and client certificates + key
|
|
pub struct SSLCerts {
|
|
pub mut:
|
|
cacert C.mbedtls_x509_crt
|
|
client_cert C.mbedtls_x509_crt
|
|
client_key C.mbedtls_pk_context
|
|
}
|
|
|
|
// new_sslcerts initializes and returns a pair of SSL certificates and key
|
|
pub fn new_sslcerts() &SSLCerts {
|
|
mut certs := SSLCerts{}
|
|
C.mbedtls_x509_crt_init(&certs.cacert)
|
|
C.mbedtls_x509_crt_init(&certs.client_cert)
|
|
C.mbedtls_pk_init(&certs.client_key)
|
|
return &certs
|
|
}
|
|
|
|
// new_sslcerts_in_memory creates a pair of SSL certificates, given their contents (not paths).
|
|
pub fn new_sslcerts_in_memory(verify string, cert string, cert_key string) !&SSLCerts {
|
|
mut certs := new_sslcerts()
|
|
if verify != '' {
|
|
ret := C.mbedtls_x509_crt_parse(&certs.cacert, verify.str, verify.len + 1)
|
|
if ret != 0 {
|
|
return error_with_code('mbedtls_x509_crt_parse error', ret)
|
|
}
|
|
}
|
|
if cert != '' {
|
|
ret := C.mbedtls_x509_crt_parse(&certs.client_cert, cert.str, cert.len + 1)
|
|
if ret != 0 {
|
|
return error_with_code('mbedtls_x509_crt_parse error', ret)
|
|
}
|
|
}
|
|
if cert_key != '' {
|
|
unsafe {
|
|
ret := C.mbedtls_pk_parse_key(&certs.client_key, cert_key.str, cert_key.len + 1,
|
|
0, 0, C.mbedtls_ctr_drbg_random, &ctr_drbg)
|
|
if ret != 0 {
|
|
return error_with_code('v error', ret)
|
|
}
|
|
}
|
|
}
|
|
return certs
|
|
}
|
|
|
|
// new_sslcerts_from_file creates a new pair of SSL certificates, given their paths on the filesystem.
|
|
pub fn new_sslcerts_from_file(verify string, cert string, cert_key string) !&SSLCerts {
|
|
mut certs := new_sslcerts()
|
|
if verify != '' {
|
|
ret := C.mbedtls_x509_crt_parse_file(&certs.cacert, &char(verify.str))
|
|
if ret != 0 {
|
|
return error_with_code('mbedtls_x509_crt_parse error', ret)
|
|
}
|
|
}
|
|
if cert != '' {
|
|
ret := C.mbedtls_x509_crt_parse_file(&certs.client_cert, &char(cert.str))
|
|
if ret != 0 {
|
|
return error_with_code('mbedtls_x509_crt_parse error', ret)
|
|
}
|
|
}
|
|
if cert_key != '' {
|
|
unsafe {
|
|
ret := C.mbedtls_pk_parse_keyfile(&certs.client_key, &char(cert_key.str),
|
|
0, C.mbedtls_ctr_drbg_random, &ctr_drbg)
|
|
if ret != 0 {
|
|
return error_with_code('v error', ret)
|
|
}
|
|
}
|
|
}
|
|
return certs
|
|
}
|
|
|
|
// cleanup frees the SSL certificates
|
|
pub fn (mut c SSLCerts) cleanup() {
|
|
C.mbedtls_x509_crt_free(&c.cacert)
|
|
C.mbedtls_x509_crt_free(&c.client_cert)
|
|
C.mbedtls_pk_free(&c.client_key)
|
|
}
|
|
|
|
// SSLConn is the current connection
|
|
pub struct SSLConn {
|
|
pub:
|
|
config SSLConnectConfig
|
|
pub mut:
|
|
server_fd C.mbedtls_net_context
|
|
ssl C.mbedtls_ssl_context
|
|
conf C.mbedtls_ssl_config
|
|
certs &SSLCerts = unsafe { nil }
|
|
handle int
|
|
duration time.Duration
|
|
opened bool
|
|
ip string
|
|
|
|
owns_socket bool
|
|
}
|
|
|
|
// SSLListener listens on a TCP port and accepts connection secured with TLS
|
|
pub struct SSLListener {
|
|
saddr string
|
|
config SSLConnectConfig
|
|
mut:
|
|
server_fd C.mbedtls_net_context
|
|
ssl C.mbedtls_ssl_context
|
|
conf C.mbedtls_ssl_config
|
|
certs &SSLCerts = unsafe { nil }
|
|
opened bool
|
|
// handle int
|
|
// duration time.Duration
|
|
}
|
|
|
|
// create a new SSLListener binding to `saddr`
|
|
pub fn new_ssl_listener(saddr string, config SSLConnectConfig) !&SSLListener {
|
|
mut listener := &SSLListener{
|
|
saddr: saddr
|
|
config: config
|
|
}
|
|
listener.init()!
|
|
listener.opened = true
|
|
return listener
|
|
}
|
|
|
|
// finish the listener and clean up resources
|
|
pub fn (mut l SSLListener) shutdown() ! {
|
|
$if trace_ssl ? {
|
|
eprintln(@METHOD)
|
|
}
|
|
if unsafe { l.certs != nil } {
|
|
l.certs.cleanup()
|
|
}
|
|
C.mbedtls_ssl_free(&l.ssl)
|
|
C.mbedtls_ssl_config_free(&l.conf)
|
|
if l.opened {
|
|
C.mbedtls_net_free(&l.server_fd)
|
|
}
|
|
}
|
|
|
|
// internal function to init and bind the listener
|
|
fn (mut l SSLListener) init() ! {
|
|
$if trace_ssl ? {
|
|
eprintln(@METHOD)
|
|
}
|
|
|
|
lhost, lport := net.split_address(l.saddr)!
|
|
if l.config.cert == '' || l.config.cert_key == '' {
|
|
return error('No certificate or key provided')
|
|
}
|
|
if l.config.validate && l.config.verify == '' {
|
|
return error('No root CA provided')
|
|
}
|
|
C.mbedtls_net_init(&l.server_fd)
|
|
C.mbedtls_ssl_init(&l.ssl)
|
|
C.mbedtls_ssl_config_init(&l.conf)
|
|
l.certs = &SSLCerts{}
|
|
C.mbedtls_x509_crt_init(&l.certs.client_cert)
|
|
C.mbedtls_pk_init(&l.certs.client_key)
|
|
|
|
unsafe {
|
|
C.mbedtls_ssl_conf_rng(&l.conf, C.mbedtls_ctr_drbg_random, &ctr_drbg)
|
|
}
|
|
|
|
mut ret := 0
|
|
|
|
if l.config.in_memory_verification {
|
|
l.certs = new_sslcerts_in_memory(l.config.verify, l.config.cert, l.config.cert_key) or {
|
|
return error('Cert failure')
|
|
}
|
|
} else {
|
|
l.certs = new_sslcerts_from_file(l.config.verify, l.config.cert, l.config.cert_key) or {
|
|
return error('Cert failure')
|
|
}
|
|
}
|
|
|
|
if l.config.validate {
|
|
C.mbedtls_ssl_conf_authmode(&l.conf, C.MBEDTLS_SSL_VERIFY_REQUIRED)
|
|
}
|
|
|
|
mut bind_ip := unsafe { nil }
|
|
if lhost != '' {
|
|
bind_ip = voidptr(lhost.str)
|
|
}
|
|
bind_port := lport.str()
|
|
|
|
ret = C.mbedtls_net_bind(&l.server_fd, bind_ip, voidptr(bind_port.str), C.MBEDTLS_NET_PROTO_TCP)
|
|
|
|
if ret != 0 {
|
|
return error_with_code("can't bind to ${l.saddr}", ret)
|
|
}
|
|
|
|
ret = C.mbedtls_ssl_config_defaults(&l.conf, C.MBEDTLS_SSL_IS_SERVER, C.MBEDTLS_SSL_TRANSPORT_STREAM,
|
|
C.MBEDTLS_SSL_PRESET_DEFAULT)
|
|
if ret != 0 {
|
|
return error_with_code("can't to set config defaults", ret)
|
|
}
|
|
|
|
C.mbedtls_ssl_conf_ca_chain(&l.conf, &l.certs.cacert, unsafe { nil })
|
|
ret = C.mbedtls_ssl_conf_own_cert(&l.conf, &l.certs.client_cert, &l.certs.client_key)
|
|
|
|
if ret != 0 {
|
|
return error_with_code("can't load certificate", ret)
|
|
}
|
|
|
|
ret = C.mbedtls_ssl_setup(&l.ssl, &l.conf)
|
|
|
|
if ret != 0 {
|
|
return error_with_code("can't setup ssl", ret)
|
|
}
|
|
|
|
if get_cert_callback := l.config.get_certificate {
|
|
l.init_sni(get_cert_callback)
|
|
}
|
|
}
|
|
|
|
// setup SNI callback
|
|
fn (mut l SSLListener) init_sni(get_cert_callback fn (mut SSLListener, string) !&SSLCerts) {
|
|
$if trace_ssl ? {
|
|
eprintln(@METHOD)
|
|
}
|
|
C.mbedtls_ssl_conf_sni(&l.conf, fn [get_cert_callback, mut l] (p_info voidptr, ssl &C.mbedtls_ssl_context, name &char, lng int) int {
|
|
host := unsafe { name.vstring_literal_with_len(lng) }
|
|
if certs := get_cert_callback(mut l, host) {
|
|
return C.mbedtls_ssl_set_hs_own_cert(ssl, &certs.client_cert, &certs.client_key)
|
|
} else {
|
|
return -1
|
|
}
|
|
}, &l.conf)
|
|
}
|
|
|
|
// accepts a new connection and returns a SSLConn of the connected client
|
|
pub fn (mut l SSLListener) accept() !&SSLConn {
|
|
mut conn := &SSLConn{
|
|
config: l.config
|
|
opened: true
|
|
}
|
|
|
|
ip := [16]u8{}
|
|
iplen := usize(0)
|
|
|
|
mut ret := C.mbedtls_net_accept(&l.server_fd, &conn.server_fd, &ip, 16, &iplen)
|
|
if ret != 0 {
|
|
return error_with_code("can't accept connection", ret)
|
|
}
|
|
conn.handle = conn.server_fd.fd
|
|
conn.owns_socket = true
|
|
if iplen == 4 {
|
|
conn.ip = '${ip[0]}.${ip[1]}.${ip[2]}.${ip[3]}'
|
|
}
|
|
|
|
C.mbedtls_ssl_init(&conn.ssl)
|
|
C.mbedtls_ssl_config_init(&conn.conf)
|
|
ret = C.mbedtls_ssl_setup(&conn.ssl, &l.conf)
|
|
|
|
if ret != 0 {
|
|
return error_with_code('SSL setup failed', ret)
|
|
}
|
|
|
|
C.mbedtls_ssl_set_bio(&conn.ssl, &conn.server_fd, C.mbedtls_net_send, C.mbedtls_net_recv,
|
|
unsafe { nil })
|
|
|
|
ret = C.mbedtls_ssl_handshake(&conn.ssl)
|
|
for ret != 0 {
|
|
if ret != C.MBEDTLS_ERR_SSL_WANT_READ && ret != C.MBEDTLS_ERR_SSL_WANT_WRITE {
|
|
conn.shutdown() or {
|
|
$if trace_ssl ? {
|
|
eprintln('${@METHOD} shutdown ---> res: ${err}')
|
|
}
|
|
}
|
|
return error_with_code('SSL handshake failed', ret)
|
|
}
|
|
ret = C.mbedtls_ssl_handshake(&conn.ssl)
|
|
}
|
|
|
|
return conn
|
|
}
|
|
|
|
@[params]
|
|
pub struct SSLConnectConfig {
|
|
pub:
|
|
verify string // the path to a rootca.pem file, containing trusted CA certificate(s)
|
|
cert string // the path to a cert.pem file, containing client certificate(s) for the request
|
|
cert_key string // the path to a key.pem file, containing private keys for the client certificate(s)
|
|
validate bool // set this to true, if you want to stop requests, when their certificates are found to be invalid
|
|
|
|
in_memory_verification bool // if true, verify, cert, and cert_key are read from memory, not from a file
|
|
|
|
get_certificate ?fn (mut SSLListener, string) !&SSLCerts
|
|
}
|
|
|
|
// new_ssl_conn returns a new SSLConn with the given config.
|
|
pub fn new_ssl_conn(config SSLConnectConfig) !&SSLConn {
|
|
$if trace_ssl ? {
|
|
eprintln(@METHOD)
|
|
}
|
|
mut conn := &SSLConn{
|
|
config: config
|
|
}
|
|
conn.init() or { return err }
|
|
return conn
|
|
}
|
|
|
|
// Select operation
|
|
enum Select {
|
|
read
|
|
write
|
|
except
|
|
}
|
|
|
|
// close terminates the ssl connection and does cleanup
|
|
pub fn (mut s SSLConn) close() ! {
|
|
s.shutdown()!
|
|
}
|
|
|
|
// shutdown terminates the ssl connection and does cleanup
|
|
pub fn (mut s SSLConn) shutdown() ! {
|
|
$if trace_ssl ? {
|
|
eprintln(@METHOD)
|
|
}
|
|
if !s.opened {
|
|
return error('ssl connection not open')
|
|
}
|
|
if unsafe { s.certs != nil } {
|
|
C.mbedtls_x509_crt_free(&s.certs.cacert)
|
|
C.mbedtls_x509_crt_free(&s.certs.client_cert)
|
|
C.mbedtls_pk_free(&s.certs.client_key)
|
|
}
|
|
C.mbedtls_ssl_free(&s.ssl)
|
|
C.mbedtls_ssl_config_free(&s.conf)
|
|
if s.owns_socket {
|
|
net.shutdown(s.handle)
|
|
net.close(s.handle)!
|
|
}
|
|
}
|
|
|
|
// connect to server using mbedtls
|
|
fn (mut s SSLConn) init() ! {
|
|
$if trace_ssl ? {
|
|
eprintln(@METHOD)
|
|
}
|
|
C.mbedtls_net_init(&s.server_fd)
|
|
C.mbedtls_ssl_init(&s.ssl)
|
|
C.mbedtls_ssl_config_init(&s.conf)
|
|
|
|
mut ret := 0
|
|
ret = C.mbedtls_ssl_config_defaults(&s.conf, C.MBEDTLS_SSL_IS_CLIENT, C.MBEDTLS_SSL_TRANSPORT_STREAM,
|
|
C.MBEDTLS_SSL_PRESET_DEFAULT)
|
|
if ret != 0 {
|
|
return error_with_code('Failed to set SSL configuration', ret)
|
|
}
|
|
|
|
unsafe {
|
|
C.mbedtls_ssl_conf_rng(&s.conf, C.mbedtls_ctr_drbg_random, &ctr_drbg)
|
|
}
|
|
|
|
if s.config.verify != '' || s.config.cert != '' || s.config.cert_key != '' {
|
|
s.certs = &SSLCerts{}
|
|
C.mbedtls_x509_crt_init(&s.certs.cacert)
|
|
C.mbedtls_x509_crt_init(&s.certs.client_cert)
|
|
C.mbedtls_pk_init(&s.certs.client_key)
|
|
}
|
|
|
|
if s.config.in_memory_verification {
|
|
if s.config.verify != '' {
|
|
ret = C.mbedtls_x509_crt_parse(&s.certs.cacert, s.config.verify.str,
|
|
s.config.verify.len + 1)
|
|
}
|
|
if s.config.cert != '' {
|
|
ret = C.mbedtls_x509_crt_parse(&s.certs.client_cert, s.config.cert.str,
|
|
s.config.cert.len + 1)
|
|
}
|
|
if s.config.cert_key != '' {
|
|
unsafe {
|
|
ret = C.mbedtls_pk_parse_key(&s.certs.client_key, s.config.cert_key.str,
|
|
s.config.cert_key.len + 1, 0, 0, C.mbedtls_ctr_drbg_random, &ctr_drbg)
|
|
}
|
|
}
|
|
} else {
|
|
if s.config.verify != '' {
|
|
ret = C.mbedtls_x509_crt_parse_file(&s.certs.cacert, &char(s.config.verify.str))
|
|
}
|
|
if s.config.cert != '' {
|
|
ret = C.mbedtls_x509_crt_parse_file(&s.certs.client_cert, &char(s.config.cert.str))
|
|
}
|
|
if s.config.cert_key != '' {
|
|
unsafe {
|
|
ret = C.mbedtls_pk_parse_keyfile(&s.certs.client_key, &char(s.config.cert_key.str),
|
|
0, C.mbedtls_ctr_drbg_random, &ctr_drbg)
|
|
}
|
|
}
|
|
}
|
|
if ret < 0 {
|
|
return error_with_code('Failed to set certificates', ret)
|
|
}
|
|
|
|
if unsafe { s.certs != nil } {
|
|
C.mbedtls_ssl_conf_ca_chain(&s.conf, &s.certs.cacert, 0)
|
|
C.mbedtls_ssl_conf_own_cert(&s.conf, &s.certs.client_cert, &s.certs.client_key)
|
|
}
|
|
|
|
if s.config.validate {
|
|
C.mbedtls_ssl_conf_authmode(&s.conf, C.MBEDTLS_SSL_VERIFY_REQUIRED)
|
|
} else {
|
|
C.mbedtls_ssl_conf_authmode(&s.conf, C.MBEDTLS_SSL_VERIFY_OPTIONAL)
|
|
}
|
|
|
|
ret = C.mbedtls_ssl_setup(&s.ssl, &s.conf)
|
|
if ret != 0 {
|
|
return error_with_code('Failed to setup SSL connection', ret)
|
|
}
|
|
}
|
|
|
|
// connect sets up an ssl connection on an existing TCP connection
|
|
pub fn (mut s SSLConn) connect(mut tcp_conn net.TcpConn, hostname string) ! {
|
|
$if trace_ssl ? {
|
|
eprintln('${@METHOD} hostname: ${hostname}')
|
|
}
|
|
if s.opened {
|
|
return error('ssl connection already open')
|
|
}
|
|
s.handle = tcp_conn.sock.handle
|
|
s.duration = 30 * time.second
|
|
|
|
mut ret := C.mbedtls_ssl_set_hostname(&s.ssl, &char(hostname.str))
|
|
if ret != 0 {
|
|
return error_with_code('Failed to set hostname', ret)
|
|
}
|
|
|
|
s.server_fd.fd = s.handle
|
|
|
|
C.mbedtls_ssl_set_bio(&s.ssl, &s.server_fd, C.mbedtls_net_send, C.mbedtls_net_recv,
|
|
C.mbedtls_net_recv_timeout)
|
|
|
|
ret = C.mbedtls_ssl_handshake(&s.ssl)
|
|
if ret != 0 {
|
|
return error_with_code('SSL handshake failed', ret)
|
|
}
|
|
|
|
s.opened = true
|
|
}
|
|
|
|
// dial opens an ssl connection on hostname:port
|
|
pub fn (mut s SSLConn) dial(hostname string, port int) ! {
|
|
$if trace_ssl ? {
|
|
eprintln('${@METHOD} hostname: ${hostname} | port: ${port}')
|
|
}
|
|
s.owns_socket = true
|
|
if s.opened {
|
|
return error('ssl connection already open')
|
|
}
|
|
s.duration = 30 * time.second
|
|
|
|
mut ret := C.mbedtls_ssl_set_hostname(&s.ssl, &char(hostname.str))
|
|
if ret != 0 {
|
|
return error_with_code('Failed to set hostname', ret)
|
|
}
|
|
|
|
port_str := port.str()
|
|
ret = C.mbedtls_net_connect(&s.server_fd, &char(hostname.str), &char(port_str.str),
|
|
C.MBEDTLS_NET_PROTO_TCP)
|
|
if ret != 0 {
|
|
return error_with_code('Failed to connect to host', ret)
|
|
}
|
|
|
|
C.mbedtls_ssl_set_bio(&s.ssl, &s.server_fd, C.mbedtls_net_send, C.mbedtls_net_recv,
|
|
C.mbedtls_net_recv_timeout)
|
|
|
|
s.handle = s.server_fd.fd
|
|
|
|
ret = C.mbedtls_ssl_handshake(&s.ssl)
|
|
if ret != 0 {
|
|
return error_with_code('SSL handshake failed', ret)
|
|
}
|
|
|
|
s.opened = true
|
|
}
|
|
|
|
// addr retrieves the local ip address and port number for this connection
|
|
pub fn (s &SSLConn) addr() !net.Addr {
|
|
return net.addr_from_socket_handle(s.handle)
|
|
}
|
|
|
|
// peer_addr retrieves the ip address and port number used by the peer
|
|
pub fn (s &SSLConn) peer_addr() !net.Addr {
|
|
return net.peer_addr_from_socket_handle(s.handle)
|
|
}
|
|
|
|
// socket_read_into_ptr reads `len` bytes into `buf`
|
|
pub fn (mut s SSLConn) socket_read_into_ptr(buf_ptr &u8, len int) !int {
|
|
mut res := 0
|
|
$if trace_ssl ? {
|
|
defer {
|
|
if len > 0 {
|
|
eprintln('${@METHOD} res: ${res}: buf_ptr: ${voidptr(buf_ptr):x}, len: ${len}, hex: ${unsafe { buf_ptr.vbytes(len).hex() }} data: `${unsafe { buf_ptr.vstring_with_len(len) }}`')
|
|
}
|
|
}
|
|
}
|
|
|
|
deadline := time.now().add(s.duration)
|
|
// s.wait_for_read(deadline - time.now())!
|
|
for {
|
|
res = C.mbedtls_ssl_read(&s.ssl, buf_ptr, len)
|
|
if res > 0 {
|
|
return res
|
|
} else if res == 0 {
|
|
$if trace_ssl ? {
|
|
eprintln('${@METHOD} ---> res: io.Eof')
|
|
}
|
|
return io.Eof{}
|
|
} else {
|
|
match res {
|
|
C.MBEDTLS_ERR_SSL_WANT_READ {
|
|
s.wait_for_read(deadline - time.now()) or {
|
|
$if trace_ssl ? {
|
|
eprintln('${@METHOD} ---> res: ${err}, C.MBEDTLS_ERR_SSL_WANT_READ')
|
|
}
|
|
return err
|
|
}
|
|
}
|
|
C.MBEDTLS_ERR_SSL_WANT_WRITE {
|
|
s.wait_for_write(deadline - time.now()) or {
|
|
$if trace_ssl ? {
|
|
eprintln('${@METHOD} ---> res: ${err}, C.MBEDTLS_ERR_SSL_WANT_WRITE')
|
|
}
|
|
return err
|
|
}
|
|
}
|
|
C.MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY {
|
|
$if trace_ssl ? {
|
|
eprintln('${@METHOD} ---> res: 0 C.MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY')
|
|
}
|
|
return 0
|
|
}
|
|
else {
|
|
$if trace_ssl ? {
|
|
eprintln('${@METHOD} ---> res: could not read using SSL')
|
|
}
|
|
return error_with_code('Could not read using SSL', res)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Dead code, for the compiler to pass
|
|
return error('Unknown error')
|
|
}
|
|
|
|
// read reads data from the ssl connection into `buffer`
|
|
pub fn (mut s SSLConn) read(mut buffer []u8) !int {
|
|
$if trace_ssl ? {
|
|
eprintln('${@METHOD} buffer.len: ${buffer.len}')
|
|
}
|
|
return s.socket_read_into_ptr(&u8(buffer.data), buffer.len)
|
|
}
|
|
|
|
// write_ptr writes `len` bytes from `bytes` to the ssl connection
|
|
pub fn (mut s SSLConn) write_ptr(bytes &u8, len int) !int {
|
|
mut total_sent := 0
|
|
$if trace_ssl ? {
|
|
defer {
|
|
eprintln('${@METHOD} total_sent: ${total_sent}, bytes: ${voidptr(bytes):x}, len: ${len}, hex: ${unsafe { bytes.vbytes(len).hex() }}, data:-=-=-=-\n${unsafe { bytes.vstring_with_len(len) }}\n-=-=-=-')
|
|
}
|
|
}
|
|
|
|
deadline := time.now().add(s.duration)
|
|
unsafe {
|
|
mut ptr_base := bytes
|
|
for total_sent < len {
|
|
ptr := ptr_base + total_sent
|
|
remaining := len - total_sent
|
|
mut sent := C.mbedtls_ssl_write(&s.ssl, ptr, remaining)
|
|
if sent <= 0 {
|
|
match sent {
|
|
C.MBEDTLS_ERR_SSL_WANT_READ {
|
|
s.wait_for_read(deadline - time.now())!
|
|
continue
|
|
}
|
|
C.MBEDTLS_ERR_SSL_WANT_WRITE {
|
|
s.wait_for_write(deadline - time.now())!
|
|
continue
|
|
}
|
|
else {
|
|
$if trace_ssl ? {
|
|
eprintln('${@METHOD} ---> res: could not write SSL, sent: ${sent}')
|
|
}
|
|
return error_with_code('Could not write using SSL', sent)
|
|
}
|
|
}
|
|
}
|
|
total_sent += sent
|
|
}
|
|
}
|
|
return total_sent
|
|
}
|
|
|
|
// write writes data from `bytes` to the ssl connection
|
|
pub fn (mut s SSLConn) write(bytes []u8) !int {
|
|
return s.write_ptr(&u8(bytes.data), bytes.len)
|
|
}
|
|
|
|
// write_string writes a string to the ssl connection
|
|
pub fn (mut s SSLConn) write_string(str string) !int {
|
|
$if trace_ssl ? {
|
|
eprintln('${@METHOD} str: ${str}')
|
|
}
|
|
return s.write_ptr(str.str, str.len)
|
|
}
|
|
|
|
// Select waits for an io operation (specified by parameter `test`) to be available
|
|
fn select(handle int, test Select, timeout time.Duration) !bool {
|
|
$if trace_ssl ? {
|
|
eprintln('${@METHOD} handle: ${handle}, timeout: ${timeout}')
|
|
}
|
|
set := C.fd_set{}
|
|
C.FD_ZERO(&set)
|
|
C.FD_SET(handle, &set)
|
|
|
|
deadline := time.now().add(timeout)
|
|
mut remaining_time := timeout.milliseconds()
|
|
for remaining_time > 0 {
|
|
seconds := remaining_time / 1000
|
|
microseconds := (remaining_time % 1000) * 1000
|
|
|
|
tt := C.timeval{
|
|
tv_sec: u64(seconds)
|
|
tv_usec: u64(microseconds)
|
|
}
|
|
timeval_timeout := if timeout < 0 {
|
|
&C.timeval(unsafe { nil })
|
|
} else {
|
|
&tt
|
|
}
|
|
|
|
mut res := -1
|
|
match test {
|
|
.read {
|
|
res = net.socket_error(C.select(handle + 1, &set, C.NULL, C.NULL, timeval_timeout))!
|
|
}
|
|
.write {
|
|
res = net.socket_error(C.select(handle + 1, C.NULL, &set, C.NULL, timeval_timeout))!
|
|
}
|
|
.except {
|
|
res = net.socket_error(C.select(handle + 1, C.NULL, C.NULL, &set, timeval_timeout))!
|
|
}
|
|
}
|
|
if res < 0 {
|
|
if C.errno == C.EINTR {
|
|
// errno is 4, Spurious wakeup from signal, keep waiting
|
|
remaining_time = (deadline - time.now()).milliseconds()
|
|
continue
|
|
}
|
|
return error_with_code('Select failed: ${res}', C.errno)
|
|
} else if res == 0 {
|
|
return net.err_timed_out
|
|
}
|
|
|
|
res = C.FD_ISSET(handle, &set)
|
|
$if trace_ssl ? {
|
|
eprintln('${@METHOD} ---> res: ${res}')
|
|
}
|
|
return res != 0
|
|
}
|
|
|
|
return net.err_timed_out
|
|
}
|
|
|
|
// wait_for wraps the common wait code
|
|
fn wait_for(handle int, what Select, timeout time.Duration) ! {
|
|
ready := select(handle, what, timeout)!
|
|
if ready {
|
|
return
|
|
}
|
|
|
|
return net.err_timed_out
|
|
}
|
|
|
|
// wait_for_write waits for a write io operation to be available
|
|
fn (mut s SSLConn) wait_for_write(timeout time.Duration) ! {
|
|
return wait_for(s.handle, .write, timeout)
|
|
}
|
|
|
|
// wait_for_read waits for a read io operation to be available
|
|
fn (mut s SSLConn) wait_for_read(timeout time.Duration) ! {
|
|
return wait_for(s.handle, .read, timeout)
|
|
}
|