21#ifndef G_SSL_MBEDTLS_H
22#define G_SSL_MBEDTLS_H
58 void load(
const std::string & file ) ;
60 mbedtls_x509_crt * ptr() ;
61 mbedtls_x509_crt * ptr()
const ;
70 bool m_loaded{
false} ;
82 mbedtls_ctr_drbg_context * ptr() ;
83 mbedtls_ctr_drbg_context * ptr()
const ;
86 Rng(
const Rng & ) = delete ;
88 Rng & operator=(
const Rng & ) = delete ;
89 Rng & operator=(
Rng && ) = delete ;
92 mbedtls_ctr_drbg_context x ;
93 mbedtls_entropy_context entropy ;
104 void load(
const std::string & file ,
const Rng & ) ;
105 mbedtls_pk_context * ptr() ;
106 mbedtls_pk_context * ptr()
const ;
109 Key(
const Key & ) = delete ;
111 Key & operator=(
const Key & ) = delete ;
112 Key & operator=(
Key && ) = delete ;
115 mbedtls_pk_context x ;
124 explicit Context(
const mbedtls_ssl_config * ) ;
126 mbedtls_ssl_context * ptr() ;
127 mbedtls_ssl_context * ptr()
const ;
136 mbedtls_ssl_context x ;
145 explicit Error(
const std::string & ) ;
146 Error(
const std::string & ,
int rc ,
const std::string & more = {} ) ;
149 static std::string format(
const std::string & ,
int ,
const std::string & ) ;
159 SecureFile(
const std::string & path ,
bool with_counted_nul ) ;
161 const char * p()
const ;
162 const unsigned char * pu()
const ;
163 unsigned char * pu() ;
164 std::size_t size()
const ;
174 static std::size_t fileSize( std::filebuf & ) ;
175 static bool fileRead( std::filebuf & ,
char * , std::size_t ) ;
176 static void scrub(
char * , std::size_t ) noexcept ;
177 static void clear( std::vector<char> & ) noexcept ;
180 std::vector<char> m_buffer ;
190 int min_()
const noexcept ;
191 int max_()
const noexcept ;
192 bool noverify()
const noexcept ;
193 bool clientnoverify()
const noexcept ;
194 bool servernoverify()
const noexcept ;
201 bool m_clientnoverify ;
202 bool m_servernoverify ;
216 ~LibraryImp()
override ;
217 const Rng & rng()
const ;
218 Library::LogFn log()
const ;
220 static std::string credit(
const std::string & ,
const std::string & ,
const std::string & ) ;
221 static std::string sid() ;
222 static std::string version() ;
225 void addProfile(
const std::string & profile_name ,
bool is_server_profile ,
226 const std::string & key_file ,
const std::string & cert_file ,
const std::string & ca_file ,
227 const std::string & default_peer_certificate_name ,
const std::string & default_peer_host_name ,
228 const std::string & profile_config )
override ;
229 bool hasProfile(
const std::string & profile_name )
const override ;
230 const Profile &
profile(
const std::string & profile_name )
const override ;
231 std::string
id()
const override ;
233 Digester digester(
const std::string & ,
const std::string & ,
bool )
const override ;
236 LibraryImp(
const LibraryImp & ) = delete ;
237 LibraryImp( LibraryImp && ) = delete ;
238 LibraryImp & operator=(
const LibraryImp & ) = delete ;
239 LibraryImp & operator=( LibraryImp && ) = delete ;
246 using Map = std::map<std::string,std::shared_ptr<ProfileImp>> ;
247 Library::LogFn m_log_fn ;
256class GSsl::MbedTls::ProfileImp :
public Profile
263 ProfileImp(
const LibraryImp & library_imp ,
bool is_server ,
const std::string & key_file ,
264 const std::string & cert_file ,
const std::string & ca_file ,
265 const std::string & default_peer_certificate_name ,
const std::string & default_peer_host_name ,
266 const std::string & profile_config ) ;
267 ~ProfileImp()
override ;
268 const mbedtls_ssl_config * config()
const ;
269 mbedtls_x509_crl * crl()
const ;
270 void logAt(
int level_out , std::string )
const ;
271 const std::string & defaultPeerCertificateName()
const ;
272 const std::string & defaultPeerHostName()
const ;
273 int authmode()
const ;
276 std::unique_ptr<ProtocolImpBase>
newProtocol(
const std::string & ,
const std::string & )
const override ;
279 ProfileImp(
const ProfileImp & ) = delete ;
280 ProfileImp( ProfileImp && ) = delete ;
281 ProfileImp & operator=(
const ProfileImp & ) = delete ;
282 ProfileImp & operator=( ProfileImp && ) = delete ;
285 static void onDebug(
void * ,
int ,
const char * ,
int ,
const char * ) ;
286 void doDebug(
int ,
const char * ,
int ,
const char * ) ;
289 const LibraryImp & m_library_imp ;
290 const std::string m_default_peer_certificate_name ;
291 const std::string m_default_peer_host_name ;
292 mbedtls_ssl_config m_config ;
294 Certificate m_certificate ;
295 Certificate m_ca_list ;
302class GSsl::MbedTls::ProtocolImp :
public ProtocolImpBase
305 using Result = Protocol::Result ;
306 using Context = MbedTls::Context ;
307 using Error = MbedTls::Error ;
309 ProtocolImp(
const ProfileImp & ,
const std::string & ,
const std::string & ) ;
310 ~ProtocolImp()
override ;
312 static int doSend(
void * ,
const unsigned char * , std::size_t ) ;
313 static int doRecv(
void * ,
unsigned char * , std::size_t ) ;
314 static int doRecvTimeout(
void * ,
unsigned char * , std::size_t , uint32_t ) ;
315 const Profile & profile()
const ;
320 Result read(
char * buffer , std::size_t buffer_size_in , ssize_t & data_size_out )
override ;
321 Result write(
const char * buffer , std::size_t data_size_in , ssize_t & data_size_out )
override ;
322 Result shutdown()
override ;
323 std::string peerCertificate()
const override ;
324 std::string peerCertificateChain()
const override ;
325 std::string protocol()
const override ;
326 std::string cipher()
const override ;
327 bool verified()
const override ;
330 ProtocolImp(
const ProtocolImp & ) = delete ;
331 ProtocolImp( ProtocolImp && ) = delete ;
332 ProtocolImp & operator=(
const ProtocolImp & ) = delete ;
333 ProtocolImp & operator=( ProtocolImp && ) = delete ;
336 Result convert(
const char * ,
int ,
bool more =
false ) ;
338 std::string getPeerCertificate() ;
339 std::string verifyResultString(
int ) ;
342 const ProfileImp & m_profile ;
345 std::string m_peer_certificate ;
346 std::string m_peer_certificate_chain ;
356 using Error = MbedTls::Error ;
357 DigesterImp(
const std::string & ,
const std::string & ,
bool ) ;
358 ~DigesterImp()
override ;
362 std::string
value()
override ;
363 std::string
state()
override ;
364 std::size_t
blocksize() const noexcept override ;
365 std::
size_t valuesize() const noexcept override ;
366 std::
size_t statesize() const noexcept override ;
369 DigesterImp( const DigesterImp & ) = delete ;
370 DigesterImp( DigesterImp && ) = delete ;
371 DigesterImp & operator=( const DigesterImp & ) = delete ;
372 DigesterImp & operator=( DigesterImp && ) = delete ;
375 static
void check_ret(
int , const
char * ) ;
378 enum class Type { Md5 , Sha1 , Sha256 } ;
379 Type m_hash_type{Type::Md5} ;
380 mbedtls_md5_context m_md5{} ;
381 mbedtls_sha1_context m_sha1{} ;
382 mbedtls_sha256_context m_sha256{} ;
383 std::size_t m_block_size{64U} ;
384 std::size_t m_value_size{16U} ;
385 std::size_t m_state_size{20U} ;
A base interface for GSsl::Digester pimple classes.
virtual std::string state()=0
Implements Digester::state().
virtual std::size_t blocksize() const noexcept=0
Implements Digester::blocksize().
virtual std::string value()=0
Implements Digester::value().
virtual void add(G::string_view)=0
Implements Digester::add().
A class for objects that can perform a cryptographic hash.
A base interface for GSsl::Library pimple classes.
virtual bool hasProfile(const std::string &profile_name) const =0
Implements Library::hasProfile().
virtual const Profile & profile(const std::string &profile_name) const =0
Implements Library::profile().
virtual Digester digester(const std::string &, const std::string &, bool) const =0
Implements Library::digester().
virtual std::string id() const =0
Implements Library::id().
virtual G::StringArray digesters(bool) const =0
Implements Library::digesters().
virtual void addProfile(const std::string &, bool, const std::string &, const std::string &, const std::string &, const std::string &, const std::string &, const std::string &)=0
Implements Library::addProfile().
Holds a mbedtls_x509_crt structure.
Holds protocol version information, etc.
Holds a mbedtls_ssl_context structure.
An exception class for GSsl::MbedTls classes.
Holds a mbedtls_pk_context structure.
Holds a mbedtls_ctr_drbg_context structure.
An interface for reading a sensitive file and then overwriting its contents in memory.
A base interface for profile classes that work with concrete classes derived from GSsl::LibraryImpBas...
virtual std::unique_ptr< ProtocolImpBase > newProtocol(const std::string &, const std::string &) const =0
Factory method for a new Protocol object.
An abstract interface for reading and writing from a non-blocking i/o channel.
A class like c++17's std::string_view.
An interface to an underlying TLS library.
TLS/SSL transport layer security classes.
std::vector< std::string > StringArray
A std::vector of std::strings.