/*
* Copyright (C) 2022-2023 Jordan Bancino <@jordan:bancino.net>
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include <Tls.h>
#if TLS_IMPL == TLS_LIBRESSL
#include <Memory.h>
#include <Log.h>
#include <tls.h> /* LibreSSL TLS */
typedef struct LibreSSLCookie
{
int fd;
struct tls *ctx;
struct tls *cctx;
struct tls_config *cfg;
} LibreSSLCookie;
void *
TlsInitClient(int fd, const char *serverName)
{
LibreSSLCookie *cookie = Malloc(sizeof(LibreSSLCookie));
if (!cookie)
{
return NULL;
}
cookie->ctx = tls_client();
cookie->cctx = NULL;
cookie->cfg = tls_config_new();
cookie->fd = fd;
if (!cookie->ctx || !cookie->cfg)
{
goto error;
}
if (tls_config_set_ca_file(cookie->cfg, tls_default_ca_cert_file()) == -1)
{
goto error;
}
if (tls_configure(cookie->ctx, cookie->cfg) == -1)
{
goto error;
}
if (tls_connect_socket(cookie->ctx, fd, serverName) == -1)
{
goto error;
}
return cookie;
error:
if (cookie->ctx)
{
if (tls_error(cookie->ctx))
{
Log(LOG_ERR, "TlsInitClient(): %s", tls_error(cookie->ctx));
}
tls_free(cookie->ctx);
}
if (cookie->cfg)
{
tls_config_free(cookie->cfg);
}
Free(cookie);
return NULL;
}
void *
TlsInitServer(int fd, const char *crt, const char *key)
{
LibreSSLCookie *cookie = Malloc(sizeof(LibreSSLCookie));
if (!cookie)
{
return NULL;
}
cookie->ctx = tls_server();
cookie->cctx = NULL;
cookie->cfg = tls_config_new();
cookie->fd = fd;
if (!cookie->ctx || !cookie->cfg)
{
goto error;
}
if (tls_config_set_cert_file(cookie->cfg, crt) == -1)
{
Log(LOG_ERR, "Error with certificate file.");
goto error;
}
if (tls_config_set_key_file(cookie->cfg, key) == -1)
{
Log(LOG_ERR, "Error with key file.");
goto error;
}
if (tls_configure(cookie->ctx, cookie->cfg) == -1)
{
Log(LOG_ERR, "Error configuring context.");
goto error;
}
if (tls_accept_socket(cookie->ctx, &cookie->cctx, fd) == -1)
{
Log(LOG_ERR, "Error accepting socket.");
goto error;
}
return cookie;
error:
if (cookie->ctx)
{
if (tls_error(cookie->ctx))
{
Log(LOG_ERR, "TlsInitServer(): %s", tls_error(cookie->ctx));
}
tls_free(cookie->ctx);
}
if (cookie->cctx)
{
if (tls_error(cookie->cctx))
{
Log(LOG_ERR, "TlsInitServer(): %s", tls_error(cookie->cctx));
}
tls_free(cookie->cctx);
}
if (cookie->cfg)
{
tls_config_free(cookie->cfg);
}
Free(cookie);
return NULL;
}
ssize_t
TlsRead(void *cookie, void *buf, size_t nBytes)
{
LibreSSLCookie *tls = cookie;
ssize_t ret = tls_read(tls->cctx ? tls->cctx : tls->ctx, buf, nBytes);
if (ret == -1)
{
Log(LOG_ERR, "TlsRead(): %s", tls_error(tls->cctx ? tls->cctx : tls->ctx));
}
return ret;
}
ssize_t
TlsWrite(void *cookie, void *buf, size_t nBytes)
{
LibreSSLCookie *tls = cookie;
ssize_t ret = tls_write(tls->cctx ? tls->cctx : tls->ctx, buf, nBytes);
if (ret == -1)
{
Log(LOG_ERR, "TlsWrite(): %s", tls_error(tls->cctx ? tls->cctx : tls->ctx));
}
return ret;
}
int
TlsClose(void *cookie)
{
LibreSSLCookie *tls = cookie;
int tlsRet = tls_close(tls->cctx ? tls->cctx : tls->ctx);
int sdRet;
if (tls->cctx)
{
tls_free(tls->cctx);
}
tls_free(tls->ctx);
tls_config_free(tls->cfg);
sdRet = close(tls->fd);
Free(tls);
return (tlsRet == -1 || sdRet == -1) ? -1 : 0;
}
#endif