1*1c60b9acSAndroid Build Coastguard Worker /* 2*1c60b9acSAndroid Build Coastguard Worker * libwebsockets - small server side websockets and web server implementation 3*1c60b9acSAndroid Build Coastguard Worker * 4*1c60b9acSAndroid Build Coastguard Worker * Copyright (C) 2010 - 2019 Andy Green <[email protected]> 5*1c60b9acSAndroid Build Coastguard Worker * 6*1c60b9acSAndroid Build Coastguard Worker * Permission is hereby granted, free of charge, to any person obtaining a copy 7*1c60b9acSAndroid Build Coastguard Worker * of this software and associated documentation files (the "Software"), to 8*1c60b9acSAndroid Build Coastguard Worker * deal in the Software without restriction, including without limitation the 9*1c60b9acSAndroid Build Coastguard Worker * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 10*1c60b9acSAndroid Build Coastguard Worker * sell copies of the Software, and to permit persons to whom the Software is 11*1c60b9acSAndroid Build Coastguard Worker * furnished to do so, subject to the following conditions: 12*1c60b9acSAndroid Build Coastguard Worker * 13*1c60b9acSAndroid Build Coastguard Worker * The above copyright notice and this permission notice shall be included in 14*1c60b9acSAndroid Build Coastguard Worker * all copies or substantial portions of the Software. 15*1c60b9acSAndroid Build Coastguard Worker * 16*1c60b9acSAndroid Build Coastguard Worker * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17*1c60b9acSAndroid Build Coastguard Worker * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18*1c60b9acSAndroid Build Coastguard Worker * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19*1c60b9acSAndroid Build Coastguard Worker * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20*1c60b9acSAndroid Build Coastguard Worker * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 21*1c60b9acSAndroid Build Coastguard Worker * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 22*1c60b9acSAndroid Build Coastguard Worker * IN THE SOFTWARE. 23*1c60b9acSAndroid Build Coastguard Worker * 24*1c60b9acSAndroid Build Coastguard Worker * This is included from private-lib-core.h if LWS_WITH_TLS 25*1c60b9acSAndroid Build Coastguard Worker */ 26*1c60b9acSAndroid Build Coastguard Worker 27*1c60b9acSAndroid Build Coastguard Worker struct lws_context_per_thread; 28*1c60b9acSAndroid Build Coastguard Worker struct lws_tls_ops { 29*1c60b9acSAndroid Build Coastguard Worker int (*fake_POLLIN_for_buffered)(struct lws_context_per_thread *pt); 30*1c60b9acSAndroid Build Coastguard Worker }; 31*1c60b9acSAndroid Build Coastguard Worker 32*1c60b9acSAndroid Build Coastguard Worker struct lws_context_tls { 33*1c60b9acSAndroid Build Coastguard Worker char alpn_discovered[32]; 34*1c60b9acSAndroid Build Coastguard Worker const char *alpn_default; 35*1c60b9acSAndroid Build Coastguard Worker time_t last_cert_check_s; 36*1c60b9acSAndroid Build Coastguard Worker struct lws_dll2_owner cc_owner; 37*1c60b9acSAndroid Build Coastguard Worker int count_client_contexts; 38*1c60b9acSAndroid Build Coastguard Worker }; 39*1c60b9acSAndroid Build Coastguard Worker 40*1c60b9acSAndroid Build Coastguard Worker struct lws_pt_tls { 41*1c60b9acSAndroid Build Coastguard Worker struct lws_dll2_owner dll_pending_tls_owner; 42*1c60b9acSAndroid Build Coastguard Worker }; 43*1c60b9acSAndroid Build Coastguard Worker 44*1c60b9acSAndroid Build Coastguard Worker struct lws_tls_ss_pieces; 45*1c60b9acSAndroid Build Coastguard Worker 46*1c60b9acSAndroid Build Coastguard Worker struct alpn_ctx { 47*1c60b9acSAndroid Build Coastguard Worker uint8_t data[23]; 48*1c60b9acSAndroid Build Coastguard Worker uint8_t len; 49*1c60b9acSAndroid Build Coastguard Worker }; 50*1c60b9acSAndroid Build Coastguard Worker 51*1c60b9acSAndroid Build Coastguard Worker struct lws_vhost_tls { 52*1c60b9acSAndroid Build Coastguard Worker lws_tls_ctx *ssl_ctx; 53*1c60b9acSAndroid Build Coastguard Worker lws_tls_ctx *ssl_client_ctx; 54*1c60b9acSAndroid Build Coastguard Worker struct lws_tls_client_reuse *tcr; 55*1c60b9acSAndroid Build Coastguard Worker const char *alpn; 56*1c60b9acSAndroid Build Coastguard Worker struct lws_tls_ss_pieces *ss; /* for acme tls certs */ 57*1c60b9acSAndroid Build Coastguard Worker char *alloc_cert_path; 58*1c60b9acSAndroid Build Coastguard Worker char *key_path; 59*1c60b9acSAndroid Build Coastguard Worker #if defined(LWS_WITH_MBEDTLS) 60*1c60b9acSAndroid Build Coastguard Worker lws_tls_x509 *x509_client_CA; 61*1c60b9acSAndroid Build Coastguard Worker #endif 62*1c60b9acSAndroid Build Coastguard Worker char ecdh_curve[16]; 63*1c60b9acSAndroid Build Coastguard Worker struct alpn_ctx alpn_ctx; 64*1c60b9acSAndroid Build Coastguard Worker 65*1c60b9acSAndroid Build Coastguard Worker int use_ssl; 66*1c60b9acSAndroid Build Coastguard Worker int allow_non_ssl_on_ssl_port; 67*1c60b9acSAndroid Build Coastguard Worker int ssl_info_event_mask; 68*1c60b9acSAndroid Build Coastguard Worker 69*1c60b9acSAndroid Build Coastguard Worker #if defined(LWS_WITH_MBEDTLS) 70*1c60b9acSAndroid Build Coastguard Worker uint32_t tls_session_cache_ttl; 71*1c60b9acSAndroid Build Coastguard Worker #endif 72*1c60b9acSAndroid Build Coastguard Worker 73*1c60b9acSAndroid Build Coastguard Worker unsigned int user_supplied_ssl_ctx:1; 74*1c60b9acSAndroid Build Coastguard Worker unsigned int skipped_certs:1; 75*1c60b9acSAndroid Build Coastguard Worker }; 76*1c60b9acSAndroid Build Coastguard Worker 77*1c60b9acSAndroid Build Coastguard Worker struct lws_lws_tls { 78*1c60b9acSAndroid Build Coastguard Worker lws_tls_conn *ssl; 79*1c60b9acSAndroid Build Coastguard Worker lws_tls_bio *client_bio; 80*1c60b9acSAndroid Build Coastguard Worker #if defined(LWS_TLS_SYNTHESIZE_CB) 81*1c60b9acSAndroid Build Coastguard Worker lws_sorted_usec_list_t sul_cb_synth; 82*1c60b9acSAndroid Build Coastguard Worker #endif 83*1c60b9acSAndroid Build Coastguard Worker #if !defined(LWS_WITH_MBEDTLS) && defined(LWS_WITH_TLS_JIT_TRUST) 84*1c60b9acSAndroid Build Coastguard Worker /* mbedtls has this in the wrapper, since no wsi ptr at validation */ 85*1c60b9acSAndroid Build Coastguard Worker lws_tls_kid_chain_t kid_chain; 86*1c60b9acSAndroid Build Coastguard Worker #endif 87*1c60b9acSAndroid Build Coastguard Worker struct lws_dll2 dll_pending_tls; 88*1c60b9acSAndroid Build Coastguard Worker char err_helper[32]; 89*1c60b9acSAndroid Build Coastguard Worker unsigned int use_ssl; 90*1c60b9acSAndroid Build Coastguard Worker unsigned int redirect_to_https:1; 91*1c60b9acSAndroid Build Coastguard Worker }; 92*1c60b9acSAndroid Build Coastguard Worker 93*1c60b9acSAndroid Build Coastguard Worker 94*1c60b9acSAndroid Build Coastguard Worker void 95*1c60b9acSAndroid Build Coastguard Worker lws_context_init_alpn(struct lws_vhost *vhost); 96*1c60b9acSAndroid Build Coastguard Worker int LWS_WARN_UNUSED_RESULT 97*1c60b9acSAndroid Build Coastguard Worker lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, size_t len); 98*1c60b9acSAndroid Build Coastguard Worker int LWS_WARN_UNUSED_RESULT 99*1c60b9acSAndroid Build Coastguard Worker lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, size_t len); 100*1c60b9acSAndroid Build Coastguard Worker int LWS_WARN_UNUSED_RESULT 101*1c60b9acSAndroid Build Coastguard Worker lws_ssl_pending(struct lws *wsi); 102*1c60b9acSAndroid Build Coastguard Worker int LWS_WARN_UNUSED_RESULT 103*1c60b9acSAndroid Build Coastguard Worker lws_server_socket_service_ssl(struct lws *new_wsi, lws_sockfd_type accept_fd, 104*1c60b9acSAndroid Build Coastguard Worker char is_pollin); 105*1c60b9acSAndroid Build Coastguard Worker 106*1c60b9acSAndroid Build Coastguard Worker void 107*1c60b9acSAndroid Build Coastguard Worker lws_sess_cache_synth_cb(lws_sorted_usec_list_t *sul); 108*1c60b9acSAndroid Build Coastguard Worker 109*1c60b9acSAndroid Build Coastguard Worker int 110*1c60b9acSAndroid Build Coastguard Worker lws_ssl_close(struct lws *wsi); 111*1c60b9acSAndroid Build Coastguard Worker void 112*1c60b9acSAndroid Build Coastguard Worker lws_ssl_SSL_CTX_destroy(struct lws_vhost *vhost); 113*1c60b9acSAndroid Build Coastguard Worker void 114*1c60b9acSAndroid Build Coastguard Worker lws_ssl_context_destroy(struct lws_context *context); 115*1c60b9acSAndroid Build Coastguard Worker void 116*1c60b9acSAndroid Build Coastguard Worker __lws_ssl_remove_wsi_from_buffered_list(struct lws *wsi); 117*1c60b9acSAndroid Build Coastguard Worker LWS_VISIBLE void 118*1c60b9acSAndroid Build Coastguard Worker lws_ssl_remove_wsi_from_buffered_list(struct lws *wsi); 119*1c60b9acSAndroid Build Coastguard Worker int 120*1c60b9acSAndroid Build Coastguard Worker lws_ssl_client_bio_create(struct lws *wsi); 121*1c60b9acSAndroid Build Coastguard Worker 122*1c60b9acSAndroid Build Coastguard Worker int 123*1c60b9acSAndroid Build Coastguard Worker lws_ssl_client_connect2(struct lws *wsi, char *errbuf, size_t len); 124*1c60b9acSAndroid Build Coastguard Worker int 125*1c60b9acSAndroid Build Coastguard Worker lws_tls_fake_POLLIN_for_buffered(struct lws_context_per_thread *pt); 126*1c60b9acSAndroid Build Coastguard Worker int 127*1c60b9acSAndroid Build Coastguard Worker lws_gate_accepts(struct lws_context *context, int on); 128*1c60b9acSAndroid Build Coastguard Worker void 129*1c60b9acSAndroid Build Coastguard Worker lws_ssl_bind_passphrase(lws_tls_ctx *ssl_ctx, int is_client, 130*1c60b9acSAndroid Build Coastguard Worker const struct lws_context_creation_info *info); 131*1c60b9acSAndroid Build Coastguard Worker void 132*1c60b9acSAndroid Build Coastguard Worker lws_ssl_info_callback(const lws_tls_conn *ssl, int where, int ret); 133*1c60b9acSAndroid Build Coastguard Worker int 134*1c60b9acSAndroid Build Coastguard Worker lws_tls_server_certs_load(struct lws_vhost *vhost, struct lws *wsi, 135*1c60b9acSAndroid Build Coastguard Worker const char *cert, const char *private_key, 136*1c60b9acSAndroid Build Coastguard Worker const char *mem_cert, size_t len_mem_cert, 137*1c60b9acSAndroid Build Coastguard Worker const char *mem_privkey, size_t mem_privkey_len); 138*1c60b9acSAndroid Build Coastguard Worker enum lws_tls_extant 139*1c60b9acSAndroid Build Coastguard Worker lws_tls_generic_cert_checks(struct lws_vhost *vhost, const char *cert, 140*1c60b9acSAndroid Build Coastguard Worker const char *private_key); 141*1c60b9acSAndroid Build Coastguard Worker #if defined(LWS_WITH_SERVER) 142*1c60b9acSAndroid Build Coastguard Worker int 143*1c60b9acSAndroid Build Coastguard Worker lws_context_init_server_ssl(const struct lws_context_creation_info *info, 144*1c60b9acSAndroid Build Coastguard Worker struct lws_vhost *vhost); 145*1c60b9acSAndroid Build Coastguard Worker void 146*1c60b9acSAndroid Build Coastguard Worker lws_tls_acme_sni_cert_destroy(struct lws_vhost *vhost); 147*1c60b9acSAndroid Build Coastguard Worker #else 148*1c60b9acSAndroid Build Coastguard Worker #define lws_context_init_server_ssl(_a, _b) (0) 149*1c60b9acSAndroid Build Coastguard Worker #define lws_tls_acme_sni_cert_destroy(_a) 150*1c60b9acSAndroid Build Coastguard Worker #endif 151*1c60b9acSAndroid Build Coastguard Worker 152*1c60b9acSAndroid Build Coastguard Worker void 153*1c60b9acSAndroid Build Coastguard Worker lws_ssl_destroy(struct lws_vhost *vhost); 154*1c60b9acSAndroid Build Coastguard Worker 155*1c60b9acSAndroid Build Coastguard Worker /* 156*1c60b9acSAndroid Build Coastguard Worker * lws_tls_ abstract backend implementations 157*1c60b9acSAndroid Build Coastguard Worker */ 158*1c60b9acSAndroid Build Coastguard Worker 159*1c60b9acSAndroid Build Coastguard Worker int 160*1c60b9acSAndroid Build Coastguard Worker lws_tls_server_client_cert_verify_config(struct lws_vhost *vh); 161*1c60b9acSAndroid Build Coastguard Worker int 162*1c60b9acSAndroid Build Coastguard Worker lws_tls_server_vhost_backend_init(const struct lws_context_creation_info *info, 163*1c60b9acSAndroid Build Coastguard Worker struct lws_vhost *vhost, struct lws *wsi); 164*1c60b9acSAndroid Build Coastguard Worker int 165*1c60b9acSAndroid Build Coastguard Worker lws_tls_server_new_nonblocking(struct lws *wsi, lws_sockfd_type accept_fd); 166*1c60b9acSAndroid Build Coastguard Worker 167*1c60b9acSAndroid Build Coastguard Worker enum lws_ssl_capable_status 168*1c60b9acSAndroid Build Coastguard Worker lws_tls_server_accept(struct lws *wsi); 169*1c60b9acSAndroid Build Coastguard Worker 170*1c60b9acSAndroid Build Coastguard Worker enum lws_ssl_capable_status 171*1c60b9acSAndroid Build Coastguard Worker lws_tls_server_abort_connection(struct lws *wsi); 172*1c60b9acSAndroid Build Coastguard Worker 173*1c60b9acSAndroid Build Coastguard Worker enum lws_ssl_capable_status 174*1c60b9acSAndroid Build Coastguard Worker __lws_tls_shutdown(struct lws *wsi); 175*1c60b9acSAndroid Build Coastguard Worker 176*1c60b9acSAndroid Build Coastguard Worker enum lws_ssl_capable_status 177*1c60b9acSAndroid Build Coastguard Worker lws_tls_client_connect(struct lws *wsi, char *errbuf, size_t len); 178*1c60b9acSAndroid Build Coastguard Worker int 179*1c60b9acSAndroid Build Coastguard Worker lws_tls_client_confirm_peer_cert(struct lws *wsi, char *ebuf, size_t ebuf_len); 180*1c60b9acSAndroid Build Coastguard Worker int 181*1c60b9acSAndroid Build Coastguard Worker lws_tls_client_create_vhost_context(struct lws_vhost *vh, 182*1c60b9acSAndroid Build Coastguard Worker const struct lws_context_creation_info *info, 183*1c60b9acSAndroid Build Coastguard Worker const char *cipher_list, 184*1c60b9acSAndroid Build Coastguard Worker const char *ca_filepath, 185*1c60b9acSAndroid Build Coastguard Worker const void *ca_mem, 186*1c60b9acSAndroid Build Coastguard Worker unsigned int ca_mem_len, 187*1c60b9acSAndroid Build Coastguard Worker const char *cert_filepath, 188*1c60b9acSAndroid Build Coastguard Worker const void *cert_mem, 189*1c60b9acSAndroid Build Coastguard Worker unsigned int cert_mem_len, 190*1c60b9acSAndroid Build Coastguard Worker const char *private_key_filepath, 191*1c60b9acSAndroid Build Coastguard Worker const void *key_mem, 192*1c60b9acSAndroid Build Coastguard Worker unsigned int key_mem_len); 193*1c60b9acSAndroid Build Coastguard Worker 194*1c60b9acSAndroid Build Coastguard Worker 195*1c60b9acSAndroid Build Coastguard Worker lws_tls_ctx * 196*1c60b9acSAndroid Build Coastguard Worker lws_tls_ctx_from_wsi(struct lws *wsi); 197*1c60b9acSAndroid Build Coastguard Worker int 198*1c60b9acSAndroid Build Coastguard Worker lws_ssl_get_error(struct lws *wsi, int n); 199*1c60b9acSAndroid Build Coastguard Worker 200*1c60b9acSAndroid Build Coastguard Worker int 201*1c60b9acSAndroid Build Coastguard Worker lws_context_init_client_ssl(const struct lws_context_creation_info *info, 202*1c60b9acSAndroid Build Coastguard Worker struct lws_vhost *vhost); 203*1c60b9acSAndroid Build Coastguard Worker 204*1c60b9acSAndroid Build Coastguard Worker void 205*1c60b9acSAndroid Build Coastguard Worker lws_ssl_info_callback(const lws_tls_conn *ssl, int where, int ret); 206*1c60b9acSAndroid Build Coastguard Worker 207*1c60b9acSAndroid Build Coastguard Worker int 208*1c60b9acSAndroid Build Coastguard Worker lws_tls_fake_POLLIN_for_buffered(struct lws_context_per_thread *pt); 209