2015-10-06 16:10:00 +01:00
|
|
|
/*
|
2017-06-30 08:22:17 +01:00
|
|
|
* This file is part of the MicroPython project, http://micropython.org/
|
2015-10-06 16:10:00 +01:00
|
|
|
*
|
|
|
|
* The MIT License (MIT)
|
|
|
|
*
|
2017-06-13 23:01:12 +01:00
|
|
|
* Copyright (c) 2015-2017 Paul Sokolovsky
|
2015-10-06 16:10:00 +01:00
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
|
|
* in the Software without restriction, including without limitation the rights
|
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
|
|
* furnished to do so, subject to the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be included in
|
|
|
|
* all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
* THE SOFTWARE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
#include "py/runtime.h"
|
|
|
|
#include "py/stream.h"
|
|
|
|
|
2016-07-12 23:49:38 +01:00
|
|
|
#if MICROPY_PY_USSL && MICROPY_SSL_AXTLS
|
2015-10-06 16:10:00 +01:00
|
|
|
|
|
|
|
#include "ssl.h"
|
|
|
|
|
|
|
|
typedef struct _mp_obj_ssl_socket_t {
|
|
|
|
mp_obj_base_t base;
|
|
|
|
mp_obj_t sock;
|
|
|
|
SSL_CTX *ssl_ctx;
|
|
|
|
SSL *ssl_sock;
|
|
|
|
byte *buf;
|
|
|
|
uint32_t bytes_left;
|
|
|
|
} mp_obj_ssl_socket_t;
|
|
|
|
|
2017-06-13 23:01:12 +01:00
|
|
|
struct ssl_args {
|
2017-10-30 01:48:14 +00:00
|
|
|
mp_arg_val_t key;
|
|
|
|
mp_arg_val_t cert;
|
2017-06-13 23:01:12 +01:00
|
|
|
mp_arg_val_t server_side;
|
|
|
|
mp_arg_val_t server_hostname;
|
|
|
|
};
|
|
|
|
|
2015-10-06 16:10:00 +01:00
|
|
|
STATIC const mp_obj_type_t ussl_socket_type;
|
|
|
|
|
2017-06-13 23:01:12 +01:00
|
|
|
STATIC mp_obj_ssl_socket_t *socket_new(mp_obj_t sock, struct ssl_args *args) {
|
2017-10-27 05:17:35 +01:00
|
|
|
#if MICROPY_PY_USSL_FINALISER
|
|
|
|
mp_obj_ssl_socket_t *o = m_new_obj_with_finaliser(mp_obj_ssl_socket_t);
|
|
|
|
#else
|
2015-10-06 16:10:00 +01:00
|
|
|
mp_obj_ssl_socket_t *o = m_new_obj(mp_obj_ssl_socket_t);
|
2017-10-27 05:17:35 +01:00
|
|
|
#endif
|
2015-10-06 16:10:00 +01:00
|
|
|
o->base.type = &ussl_socket_type;
|
|
|
|
o->buf = NULL;
|
|
|
|
o->bytes_left = 0;
|
|
|
|
o->sock = sock;
|
|
|
|
|
|
|
|
uint32_t options = SSL_SERVER_VERIFY_LATER;
|
2017-10-30 01:48:14 +00:00
|
|
|
if (args->key.u_obj != mp_const_none) {
|
|
|
|
options |= SSL_NO_DEFAULT_KEY;
|
|
|
|
}
|
2016-04-27 22:49:54 +01:00
|
|
|
if ((o->ssl_ctx = ssl_ctx_new(options, SSL_DEFAULT_CLNT_SESS)) == NULL) {
|
2016-10-07 03:52:14 +01:00
|
|
|
mp_raise_OSError(MP_EINVAL);
|
2015-10-06 16:10:00 +01:00
|
|
|
}
|
|
|
|
|
2017-10-30 01:48:14 +00:00
|
|
|
if (args->key.u_obj != mp_const_none) {
|
|
|
|
size_t len;
|
|
|
|
const byte *data = (const byte*)mp_obj_str_get_data(args->key.u_obj, &len);
|
|
|
|
int res = ssl_obj_memory_load(o->ssl_ctx, SSL_OBJ_RSA_KEY, data, len, NULL);
|
|
|
|
if (res != SSL_OK) {
|
|
|
|
mp_raise_ValueError("invalid key");
|
|
|
|
}
|
|
|
|
|
|
|
|
data = (const byte*)mp_obj_str_get_data(args->cert.u_obj, &len);
|
|
|
|
res = ssl_obj_memory_load(o->ssl_ctx, SSL_OBJ_X509_CERT, data, len, NULL);
|
|
|
|
if (res != SSL_OK) {
|
|
|
|
mp_raise_ValueError("invalid cert");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-06-13 23:01:12 +01:00
|
|
|
if (args->server_side.u_bool) {
|
2016-04-28 15:27:20 +01:00
|
|
|
o->ssl_sock = ssl_server_new(o->ssl_ctx, (long)sock);
|
|
|
|
} else {
|
2017-06-13 23:01:12 +01:00
|
|
|
SSL_EXTENSIONS *ext = ssl_ext_new();
|
|
|
|
|
|
|
|
if (args->server_hostname.u_obj != mp_const_none) {
|
|
|
|
ext->host_name = (char*)mp_obj_str_get_str(args->server_hostname.u_obj);
|
|
|
|
}
|
2016-04-28 15:27:20 +01:00
|
|
|
|
2017-06-13 23:01:12 +01:00
|
|
|
o->ssl_sock = ssl_client_new(o->ssl_ctx, (long)sock, NULL, 0, ext);
|
|
|
|
|
|
|
|
int res = ssl_handshake_status(o->ssl_sock);
|
|
|
|
// Pointer to SSL_EXTENSIONS as being passed to ssl_client_new()
|
|
|
|
// is saved in ssl_sock->extensions.
|
|
|
|
// As of axTLS 2.1.3, extensions aren't used beyond the initial
|
|
|
|
// handshake, and that's pretty much how it's expected to be. So
|
|
|
|
// we allocate them on stack and reset the pointer after handshake.
|
|
|
|
|
|
|
|
if (res != SSL_OK) {
|
2016-04-28 15:27:20 +01:00
|
|
|
printf("ssl_handshake_status: %d\n", res);
|
|
|
|
ssl_display_error(res);
|
2016-10-07 03:52:14 +01:00
|
|
|
mp_raise_OSError(MP_EIO);
|
2016-04-28 15:27:20 +01:00
|
|
|
}
|
2017-06-13 23:01:12 +01:00
|
|
|
|
2015-10-06 16:10:00 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return o;
|
|
|
|
}
|
|
|
|
|
|
|
|
STATIC void socket_print(const mp_print_t *print, mp_obj_t self_in, mp_print_kind_t kind) {
|
|
|
|
(void)kind;
|
2016-05-25 23:38:37 +01:00
|
|
|
mp_obj_ssl_socket_t *self = MP_OBJ_TO_PTR(self_in);
|
2015-10-06 16:10:00 +01:00
|
|
|
mp_printf(print, "<_SSLSocket %p>", self->ssl_sock);
|
|
|
|
}
|
|
|
|
|
|
|
|
STATIC mp_uint_t socket_read(mp_obj_t o_in, void *buf, mp_uint_t size, int *errcode) {
|
2016-05-25 23:38:37 +01:00
|
|
|
mp_obj_ssl_socket_t *o = MP_OBJ_TO_PTR(o_in);
|
2015-10-06 16:10:00 +01:00
|
|
|
|
2017-07-19 22:20:53 +01:00
|
|
|
if (o->ssl_sock == NULL) {
|
|
|
|
*errcode = EBADF;
|
|
|
|
return MP_STREAM_ERROR;
|
|
|
|
}
|
|
|
|
|
2015-10-06 16:10:00 +01:00
|
|
|
while (o->bytes_left == 0) {
|
|
|
|
mp_int_t r = ssl_read(o->ssl_sock, &o->buf);
|
2016-04-28 15:29:11 +01:00
|
|
|
if (r == SSL_OK) {
|
|
|
|
// SSL_OK from ssl_read() means "everything is ok, but there's
|
2017-11-01 22:16:03 +00:00
|
|
|
// no user data yet". So, we just keep reading.
|
2016-04-28 15:29:11 +01:00
|
|
|
continue;
|
|
|
|
}
|
2015-10-06 16:10:00 +01:00
|
|
|
if (r < 0) {
|
|
|
|
if (r == SSL_CLOSE_NOTIFY || r == SSL_ERROR_CONN_LOST) {
|
|
|
|
// EOF
|
|
|
|
return 0;
|
|
|
|
}
|
2017-11-01 22:14:11 +00:00
|
|
|
if (r == SSL_EAGAIN) {
|
|
|
|
r = MP_EAGAIN;
|
|
|
|
}
|
2015-10-06 16:10:00 +01:00
|
|
|
*errcode = r;
|
|
|
|
return MP_STREAM_ERROR;
|
|
|
|
}
|
|
|
|
o->bytes_left = r;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (size > o->bytes_left) {
|
|
|
|
size = o->bytes_left;
|
|
|
|
}
|
|
|
|
memcpy(buf, o->buf, size);
|
|
|
|
o->buf += size;
|
|
|
|
o->bytes_left -= size;
|
|
|
|
return size;
|
|
|
|
}
|
|
|
|
|
|
|
|
STATIC mp_uint_t socket_write(mp_obj_t o_in, const void *buf, mp_uint_t size, int *errcode) {
|
2016-05-25 23:38:37 +01:00
|
|
|
mp_obj_ssl_socket_t *o = MP_OBJ_TO_PTR(o_in);
|
2017-07-19 22:20:53 +01:00
|
|
|
|
|
|
|
if (o->ssl_sock == NULL) {
|
|
|
|
*errcode = EBADF;
|
|
|
|
return MP_STREAM_ERROR;
|
|
|
|
}
|
|
|
|
|
2015-10-06 16:10:00 +01:00
|
|
|
mp_int_t r = ssl_write(o->ssl_sock, buf, size);
|
|
|
|
if (r < 0) {
|
|
|
|
*errcode = r;
|
|
|
|
return MP_STREAM_ERROR;
|
|
|
|
}
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2018-03-07 06:48:53 +00:00
|
|
|
STATIC mp_uint_t socket_ioctl(mp_obj_t o_in, mp_uint_t request, uintptr_t arg, int *errcode) {
|
|
|
|
mp_obj_ssl_socket_t *self = MP_OBJ_TO_PTR(o_in);
|
2018-07-20 04:05:04 +01:00
|
|
|
if (request == MP_STREAM_CLOSE && self->ssl_sock != NULL) {
|
|
|
|
ssl_free(self->ssl_sock);
|
|
|
|
ssl_ctx_free(self->ssl_ctx);
|
|
|
|
self->ssl_sock = NULL;
|
2018-03-07 06:48:53 +00:00
|
|
|
}
|
2018-07-20 04:05:04 +01:00
|
|
|
// Pass all requests down to the underlying socket
|
|
|
|
return mp_get_stream(self->sock)->ioctl(self->sock, request, arg, errcode);
|
2018-03-07 06:48:53 +00:00
|
|
|
}
|
|
|
|
|
2016-07-14 23:05:06 +01:00
|
|
|
STATIC mp_obj_t socket_setblocking(mp_obj_t self_in, mp_obj_t flag_in) {
|
|
|
|
// Currently supports only blocking mode
|
|
|
|
(void)self_in;
|
|
|
|
if (!mp_obj_is_true(flag_in)) {
|
2017-10-24 12:39:36 +01:00
|
|
|
mp_raise_NotImplementedError(NULL);
|
2016-07-14 23:05:06 +01:00
|
|
|
}
|
|
|
|
return mp_const_none;
|
|
|
|
}
|
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_2(socket_setblocking_obj, socket_setblocking);
|
|
|
|
|
2016-05-25 23:38:37 +01:00
|
|
|
STATIC const mp_rom_map_elem_t ussl_socket_locals_dict_table[] = {
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_read), MP_ROM_PTR(&mp_stream_read_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_readinto), MP_ROM_PTR(&mp_stream_readinto_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_readline), MP_ROM_PTR(&mp_stream_unbuffered_readline_obj) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_write), MP_ROM_PTR(&mp_stream_write_obj) },
|
2016-07-14 23:05:06 +01:00
|
|
|
{ MP_ROM_QSTR(MP_QSTR_setblocking), MP_ROM_PTR(&socket_setblocking_obj) },
|
2018-03-07 06:48:53 +00:00
|
|
|
{ MP_ROM_QSTR(MP_QSTR_close), MP_ROM_PTR(&mp_stream_close_obj) },
|
2017-10-27 05:17:35 +01:00
|
|
|
#if MICROPY_PY_USSL_FINALISER
|
2018-06-13 04:16:21 +01:00
|
|
|
{ MP_ROM_QSTR(MP_QSTR___del__), MP_ROM_PTR(&mp_stream_close_obj) },
|
2017-10-27 05:17:35 +01:00
|
|
|
#endif
|
2015-10-06 16:10:00 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
STATIC MP_DEFINE_CONST_DICT(ussl_socket_locals_dict, ussl_socket_locals_dict_table);
|
|
|
|
|
|
|
|
STATIC const mp_stream_p_t ussl_socket_stream_p = {
|
|
|
|
.read = socket_read,
|
|
|
|
.write = socket_write,
|
2018-03-07 06:48:53 +00:00
|
|
|
.ioctl = socket_ioctl,
|
2015-10-06 16:10:00 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
STATIC const mp_obj_type_t ussl_socket_type = {
|
|
|
|
{ &mp_type_type },
|
|
|
|
// Save on qstr's, reuse same as for module
|
|
|
|
.name = MP_QSTR_ussl,
|
|
|
|
.print = socket_print,
|
|
|
|
.getiter = NULL,
|
|
|
|
.iternext = NULL,
|
2016-06-18 16:19:24 +01:00
|
|
|
.protocol = &ussl_socket_stream_p,
|
2016-05-25 23:38:37 +01:00
|
|
|
.locals_dict = (void*)&ussl_socket_locals_dict,
|
2015-10-06 16:10:00 +01:00
|
|
|
};
|
|
|
|
|
2016-05-25 23:38:37 +01:00
|
|
|
STATIC mp_obj_t mod_ssl_wrap_socket(size_t n_args, const mp_obj_t *pos_args, mp_map_t *kw_args) {
|
2015-10-06 16:10:00 +01:00
|
|
|
// TODO: Implement more args
|
2016-04-28 15:27:20 +01:00
|
|
|
static const mp_arg_t allowed_args[] = {
|
2018-08-14 12:47:07 +01:00
|
|
|
{ MP_QSTR_key, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_PTR(&mp_const_none_obj)} },
|
|
|
|
{ MP_QSTR_cert, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_PTR(&mp_const_none_obj)} },
|
2016-04-28 15:27:20 +01:00
|
|
|
{ MP_QSTR_server_side, MP_ARG_KW_ONLY | MP_ARG_BOOL, {.u_bool = false} },
|
2018-08-14 12:47:07 +01:00
|
|
|
{ MP_QSTR_server_hostname, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_PTR(&mp_const_none_obj)} },
|
2016-04-28 15:27:20 +01:00
|
|
|
};
|
|
|
|
|
2015-10-06 16:10:00 +01:00
|
|
|
// TODO: Check that sock implements stream protocol
|
2016-04-28 15:27:20 +01:00
|
|
|
mp_obj_t sock = pos_args[0];
|
|
|
|
|
2017-06-13 23:01:12 +01:00
|
|
|
struct ssl_args args;
|
2016-04-28 15:27:20 +01:00
|
|
|
mp_arg_parse_all(n_args - 1, pos_args + 1, kw_args,
|
|
|
|
MP_ARRAY_SIZE(allowed_args), allowed_args, (mp_arg_val_t*)&args);
|
|
|
|
|
2017-06-13 23:01:12 +01:00
|
|
|
return MP_OBJ_FROM_PTR(socket_new(sock, &args));
|
2015-10-06 16:10:00 +01:00
|
|
|
}
|
2016-04-28 15:27:20 +01:00
|
|
|
STATIC MP_DEFINE_CONST_FUN_OBJ_KW(mod_ssl_wrap_socket_obj, 1, mod_ssl_wrap_socket);
|
2015-10-06 16:10:00 +01:00
|
|
|
|
2016-05-25 23:38:37 +01:00
|
|
|
STATIC const mp_rom_map_elem_t mp_module_ssl_globals_table[] = {
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR___name__), MP_ROM_QSTR(MP_QSTR_ussl) },
|
|
|
|
{ MP_ROM_QSTR(MP_QSTR_wrap_socket), MP_ROM_PTR(&mod_ssl_wrap_socket_obj) },
|
2015-10-06 16:10:00 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
STATIC MP_DEFINE_CONST_DICT(mp_module_ssl_globals, mp_module_ssl_globals_table);
|
|
|
|
|
|
|
|
const mp_obj_module_t mp_module_ussl = {
|
|
|
|
.base = { &mp_type_module },
|
|
|
|
.globals = (mp_obj_dict_t*)&mp_module_ssl_globals,
|
|
|
|
};
|
|
|
|
|
|
|
|
#endif // MICROPY_PY_USSL
|