2019-10-08 18:46:27 +03:00
# Chronos Asynchronous TLS Stream
# (c) Copyright 2019-Present
# Status Research & Development GmbH
# Licensed under either of
# Apache License, version 2.0, (LICENSE-APACHEv2)
# MIT license (LICENSE-MIT)
2019-10-16 09:01:52 +03:00
## This module implements Transport Layer Security (TLS) stream. This module
## uses sources of BearSSL <https://www.bearssl.org> by Thomas Pornin.
2023-11-18 00:18:09 +02:00
{.push raises: [].}
2022-06-17 12:39:14 +02:00
bearssl/[brssl, ec, errors, pem, rsa, ssl, x509],
2023-01-10 18:08:54 +02:00
2023-11-19 18:29:09 +01:00
import ".."/[asyncloop, asyncsync, config, timer]
2024-03-06 01:56:40 +02:00
import asyncstream, ../transports/[stream, common]
2022-06-17 12:39:14 +02:00
export asyncloop, asyncsync, timer, asyncstream
2019-10-08 18:46:27 +03:00
2024-03-06 01:56:40 +02:00
TLSSessionCacheBufferSize* = chronosTLSSessionCacheBufferSize
2019-10-08 18:46:27 +03:00
TLSStreamKind {.pure.} = enum
Client, Server
TLSVersion* {.pure.} = enum
TLS10 = 0x0301, TLS11 = 0x0302, TLS12 = 0x0303
TLSFlags* {.pure.} = enum
2019-10-16 09:01:52 +03:00
NoVerifyHost, # Client: Skip remote certificate check
NoVerifyServerName, # Client: Skip Server Name Indication (SNI) check
EnforceServerPref, # Server: Enforce server preferences
NoRenegotiation, # Server: Reject renegotiations requests
TolerateNoClientAuth, # Server: Disable strict client authentication
FailOnAlpnMismatch # Server: Fail on application protocol mismatch
TLSKeyType {.pure.} = enum
2021-02-03 12:47:03 +02:00
TLSResult {.pure.} = enum
2023-02-09 07:15:22 +02:00
Success, Error, Stopped, WriteEof, ReadEof
2021-02-03 12:47:03 +02:00
2019-10-16 09:01:52 +03:00
TLSPrivateKey* = ref object
case kind: TLSKeyType
of RSA:
rsakey: RsaPrivateKey
of EC:
eckey: EcPrivateKey
storage: seq[byte]
TLSCertificate* = ref object
certs: seq[X509Certificate]
storage: seq[byte]
TLSSessionCache* = ref object
storage: seq[byte]
context: SslSessionCacheLru
PEMElement* = object
name*: string
data*: seq[byte]
PEMContext = ref object
data: seq[byte]
2023-11-19 18:29:09 +01:00
2023-02-21 13:38:53 -05:00
TrustAnchorStore* = ref object
anchors: seq[X509TrustAnchor]
2019-10-16 09:01:52 +03:00
TLSStreamWriter* = ref object of AsyncStreamWriter
case kind: TLSStreamKind
of TLSStreamKind.Client:
2019-10-09 09:12:54 +03:00
ccontext: ptr SslClientContext
2019-10-16 09:01:52 +03:00
of TLSStreamKind.Server:
2019-10-09 09:12:54 +03:00
scontext: ptr SslServerContext
2019-10-16 09:01:52 +03:00
stream*: TLSAsyncStream
handshaked*: bool
2023-11-18 00:18:09 +02:00
handshakeFut*: Future[void].Raising([CancelledError, AsyncStreamError])
2019-10-08 18:46:27 +03:00
2019-10-16 09:01:52 +03:00
TLSStreamReader* = ref object of AsyncStreamReader
case kind: TLSStreamKind
of TLSStreamKind.Client:
2019-10-08 18:46:27 +03:00
ccontext: ptr SslClientContext
2019-10-16 09:01:52 +03:00
of TLSStreamKind.Server:
2019-10-08 18:46:27 +03:00
scontext: ptr SslServerContext
2019-10-16 09:01:52 +03:00
stream*: TLSAsyncStream
handshaked*: bool
2023-11-18 00:18:09 +02:00
handshakeFut*: Future[void].Raising([CancelledError, AsyncStreamError])
2019-10-08 18:46:27 +03:00
2019-10-16 09:01:52 +03:00
TLSAsyncStream* = ref object of RootRef
2022-07-16 20:46:19 +02:00
xwc*: X509NoanchorContext
2019-10-16 09:01:52 +03:00
ccontext*: SslClientContext
scontext*: SslServerContext
2019-10-08 18:46:27 +03:00
sbuffer*: seq[byte]
x509*: X509MinimalContext
2019-10-16 09:01:52 +03:00
reader*: TLSStreamReader
writer*: TLSStreamWriter
2023-11-18 00:18:09 +02:00
mainLoop*: Future[void].Raising([])
2023-02-21 13:38:53 -05:00
trustAnchors: TrustAnchorStore
2019-10-08 18:46:27 +03:00
2019-10-16 09:01:52 +03:00
SomeTLSStreamType* = TLSStreamReader|TLSStreamWriter|TLSAsyncStream
2023-07-23 19:40:57 +03:00
SomeTrustAnchorType* = TrustAnchorStore | openArray[X509TrustAnchor]
2019-10-16 09:01:52 +03:00
2021-01-20 15:40:15 +02:00
TLSStreamError* = object of AsyncStreamError
2021-01-22 10:36:37 +02:00
TLSStreamHandshakeError* = object of TLSStreamError
2021-02-17 02:03:12 +02:00
TLSStreamInitError* = object of TLSStreamError
2021-01-22 10:36:37 +02:00
TLSStreamReadError* = object of TLSStreamError
TLSStreamWriteError* = object of TLSStreamError
2019-10-16 09:01:52 +03:00
TLSStreamProtocolError* = object of TLSStreamError
2019-10-08 18:46:27 +03:00
errCode*: int
2021-01-22 10:36:37 +02:00
proc newTLSStreamWriteError(p: ref AsyncStreamError): ref TLSStreamWriteError {.
2021-02-17 02:03:12 +02:00
noinline.} =
2021-01-22 10:36:37 +02:00
var w = newException(TLSStreamWriteError, "Write stream failed")
w.msg = w.msg & ", originated from [" & $p.name & "] " & p.msg
2023-11-18 00:18:09 +02:00
w.parent = p
2021-01-22 10:36:37 +02:00
2021-02-17 02:03:12 +02:00
template newTLSStreamProtocolImpl[T](message: T): ref TLSStreamProtocolError =
2019-10-08 18:46:27 +03:00
var msg = ""
var code = 0
when T is string:
elif T is cint:
msg.add(sslErrorMsg(message) & " (code: " & $int(message) & ")")
code = int(message)
elif T is int:
msg.add(sslErrorMsg(message) & " (code: " & $message & ")")
code = message
msg.add("Internal Error")
2019-10-16 09:01:52 +03:00
var err = newException(TLSStreamProtocolError, msg)
2019-10-08 18:46:27 +03:00
err.errCode = code
2023-02-09 07:15:22 +02:00
template newTLSUnexpectedProtocolError(): ref TLSStreamProtocolError =
newException(TLSStreamProtocolError, "Unexpected internal error")
2021-02-17 02:03:12 +02:00
proc newTLSStreamProtocolError[T](message: T): ref TLSStreamProtocolError =
2023-11-18 00:18:09 +02:00
proc raiseTLSStreamProtocolError[T](message: T) {.
noreturn, noinline, raises: [TLSStreamProtocolError].} =
2021-02-17 02:03:12 +02:00
raise newTLSStreamProtocolImpl(message)
2023-07-23 19:40:57 +03:00
proc new*(T: typedesc[TrustAnchorStore],
anchors: openArray[X509TrustAnchor]): TrustAnchorStore =
2023-02-21 13:38:53 -05:00
var res: seq[X509TrustAnchor]
for anchor in anchors:
2023-07-23 19:40:57 +03:00
doAssert(unsafeAddr(anchor) != unsafeAddr(res[^1]),
"Anchors should be copied")
TrustAnchorStore(anchors: res)
2023-02-21 13:38:53 -05:00
2021-01-22 10:36:37 +02:00
proc tlsWriteRec(engine: ptr SslEngineContext,
2023-11-18 00:18:09 +02:00
writer: TLSStreamWriter): Future[TLSResult] {.
async: (raises: []).} =
2021-01-22 10:36:37 +02:00
var length = 0'u
2022-06-17 12:39:14 +02:00
var buf = sslEngineSendrecBuf(engine[], length)
2021-01-22 10:36:37 +02:00
doAssert(length != 0 and not isNil(buf))
2024-03-20 08:47:59 +02:00
await writer.wsource.write(buf, int(length))
2022-06-17 12:39:14 +02:00
sslEngineSendrecAck(engine[], length)
2023-10-30 15:27:25 +02:00
2021-01-22 10:36:37 +02:00
except AsyncStreamError as exc:
2023-02-09 07:15:22 +02:00
writer.state = AsyncStreamState.Error
writer.error = exc
2023-10-30 15:27:25 +02:00
2021-01-22 10:36:37 +02:00
except CancelledError:
2021-08-06 13:13:55 +03:00
if writer.state == AsyncStreamState.Running:
writer.state = AsyncStreamState.Stopped
2023-10-30 15:27:25 +02:00
2021-01-22 10:36:37 +02:00
proc tlsWriteApp(engine: ptr SslEngineContext,
2023-11-18 00:18:09 +02:00
writer: TLSStreamWriter): Future[TLSResult] {.
async: (raises: []).} =
2021-01-22 10:36:37 +02:00
var item = await writer.queue.get()
if item.size > 0:
var length = 0'u
2022-06-17 12:39:14 +02:00
var buf = sslEngineSendappBuf(engine[], length)
2023-02-09 07:15:22 +02:00
if isNil(buf) or (length == 0):
# This situation could happen when connection is closing, no
# application data can be sent, but some can still be received
# (and discarded).
writer.state = AsyncStreamState.Finished
return TLSResult.WriteEof
2021-01-22 10:36:37 +02:00
let toWrite = min(int(length), item.size)
copyOut(buf, item, toWrite)
if int(length) >= item.size:
# BearSSL is ready to accept whole item size.
2022-06-17 12:39:14 +02:00
sslEngineSendappAck(engine[], uint(item.size))
sslEngineFlush(engine[], 0)
2021-01-22 10:36:37 +02:00
# BearSSL is not ready to accept whole item, so we will send
# only part of item and adjust offset.
item.offset = item.offset + int(length)
item.size = item.size - int(length)
2023-11-18 00:18:09 +02:00
except AsyncQueueFullError:
raiseAssert "AsyncQueue should not be full at this moment"
2022-06-17 12:39:14 +02:00
sslEngineSendappAck(engine[], length)
2023-10-30 15:27:25 +02:00
2021-01-22 10:36:37 +02:00
2022-06-17 12:39:14 +02:00
2021-01-22 10:36:37 +02:00
2023-10-30 15:27:25 +02:00
2021-01-22 10:36:37 +02:00
except CancelledError:
2021-08-06 13:13:55 +03:00
if writer.state == AsyncStreamState.Running:
writer.state = AsyncStreamState.Stopped
2023-10-30 15:27:25 +02:00
2021-01-22 10:36:37 +02:00
proc tlsReadRec(engine: ptr SslEngineContext,
2023-11-18 00:18:09 +02:00
reader: TLSStreamReader): Future[TLSResult] {.
async: (raises: []).} =
2021-01-22 10:36:37 +02:00
var length = 0'u
2022-06-17 12:39:14 +02:00
var buf = sslEngineRecvrecBuf(engine[], length)
2021-01-22 10:36:37 +02:00
let res = await reader.rsource.readOnce(buf, int(length))
2022-06-17 12:39:14 +02:00
sslEngineRecvrecAck(engine[], uint(res))
2021-02-03 12:47:03 +02:00
if res == 0:
2022-06-17 12:39:14 +02:00
2023-10-30 15:27:25 +02:00
2021-02-03 12:47:03 +02:00
2023-10-30 15:27:25 +02:00
2023-02-09 07:15:22 +02:00
except AsyncStreamError as exc:
reader.state = AsyncStreamState.Error
reader.error = exc
2023-10-30 15:27:25 +02:00
2021-01-22 10:36:37 +02:00
except CancelledError:
2021-08-06 13:13:55 +03:00
if reader.state == AsyncStreamState.Running:
reader.state = AsyncStreamState.Stopped
2023-10-30 15:27:25 +02:00
2021-01-22 10:36:37 +02:00
proc tlsReadApp(engine: ptr SslEngineContext,
2023-11-18 00:18:09 +02:00
reader: TLSStreamReader): Future[TLSResult] {.
async: (raises: []).} =
2021-01-22 10:36:37 +02:00
var length = 0'u
2022-06-17 12:39:14 +02:00
var buf = sslEngineRecvappBuf(engine[], length)
2024-03-26 22:33:19 +02:00
await upload(reader.buffer, buf, int(length))
2022-06-17 12:39:14 +02:00
sslEngineRecvappAck(engine[], length)
2023-10-30 15:27:25 +02:00
2021-01-22 10:36:37 +02:00
except CancelledError:
2021-08-06 13:13:55 +03:00
if reader.state == AsyncStreamState.Running:
reader.state = AsyncStreamState.Stopped
2023-10-30 15:27:25 +02:00
2021-01-21 05:42:44 +02:00
2021-01-22 10:36:37 +02:00
template readAndReset(fut: untyped) =
if fut.finished():
2023-11-18 00:18:09 +02:00
let res = fut.value()
2021-02-03 12:47:03 +02:00
case res
2023-02-09 07:15:22 +02:00
of TLSResult.Success, TLSResult.WriteEof, TLSResult.Stopped:
2021-01-22 10:36:37 +02:00
fut = nil
2021-02-03 12:47:03 +02:00
of TLSResult.Error:
2021-01-22 10:36:37 +02:00
fut = nil
2021-08-06 13:13:55 +03:00
if loopState == AsyncStreamState.Running:
loopState = AsyncStreamState.Error
2021-01-22 10:36:37 +02:00
2023-02-09 07:15:22 +02:00
of TLSResult.ReadEof:
2021-02-03 12:47:03 +02:00
fut = nil
2021-08-06 13:13:55 +03:00
if loopState == AsyncStreamState.Running:
loopState = AsyncStreamState.Finished
2021-02-03 12:47:03 +02:00
2019-10-09 09:12:54 +03:00
2021-02-03 12:47:03 +02:00
proc dumpState*(state: cuint): string =
var res = ""
if (state and SSL_CLOSED) == SSL_CLOSED:
if len(res) > 0: res.add(", ")
if (state and SSL_SENDREC) == SSL_SENDREC:
if len(res) > 0: res.add(", ")
if (state and SSL_SENDAPP) == SSL_SENDAPP:
if len(res) > 0: res.add(", ")
if (state and SSL_RECVREC) == SSL_RECVREC:
if len(res) > 0: res.add(", ")
if (state and SSL_RECVAPP) == SSL_RECVAPP:
if len(res) > 0: res.add(", ")
"{" & res & "}"
2023-11-18 00:18:09 +02:00
proc tlsLoop*(stream: TLSAsyncStream) {.async: (raises: []).} =
2021-01-22 10:36:37 +02:00
2023-11-18 00:18:09 +02:00
sendRecFut, sendAppFut: Future[TLSResult].Raising([])
recvRecFut, recvAppFut: Future[TLSResult].Raising([])
2021-01-22 10:36:37 +02:00
let engine =
case stream.reader.kind
of TLSStreamKind.Server:
addr stream.scontext.eng
of TLSStreamKind.Client:
addr stream.ccontext.eng
2019-10-09 09:12:54 +03:00
2021-01-22 10:36:37 +02:00
var loopState = AsyncStreamState.Running
2019-10-09 09:12:54 +03:00
2021-01-20 15:40:15 +02:00
while true:
2023-11-18 00:18:09 +02:00
var waiting: seq[Future[TLSResult].Raising([])]
2022-06-17 12:39:14 +02:00
var state = sslEngineCurrentState(engine[])
2021-01-21 20:11:43 +02:00
2021-01-22 10:36:37 +02:00
if (state and SSL_CLOSED) == SSL_CLOSED:
2021-08-06 13:13:55 +03:00
if loopState == AsyncStreamState.Running:
loopState = AsyncStreamState.Finished
2021-01-22 10:36:37 +02:00
2021-01-21 20:11:43 +02:00
2021-01-22 10:36:37 +02:00
if isNil(sendRecFut):
if (state and SSL_SENDREC) == SSL_SENDREC:
sendRecFut = tlsWriteRec(engine, stream.writer)
if isNil(sendAppFut):
if (state and SSL_SENDAPP) == SSL_SENDAPP:
2023-02-09 07:15:22 +02:00
if stream.writer.state == AsyncStreamState.Running:
# Application data can be sent over stream.
if not(stream.writer.handshaked):
stream.reader.handshaked = true
stream.writer.handshaked = true
if not(isNil(stream.writer.handshakeFut)):
sendAppFut = tlsWriteApp(engine, stream.writer)
2021-01-22 10:36:37 +02:00
if isNil(recvRecFut):
if (state and SSL_RECVREC) == SSL_RECVREC:
recvRecFut = tlsReadRec(engine, stream.reader)
if isNil(recvAppFut):
if (state and SSL_RECVAPP) == SSL_RECVAPP:
recvAppFut = tlsReadApp(engine, stream.reader)
if not(isNil(sendRecFut)):
if not(isNil(sendAppFut)):
if not(isNil(recvRecFut)):
if not(isNil(recvAppFut)):
if len(waiting) > 0:
discard await one(waiting)
2023-11-18 00:18:09 +02:00
except ValueError:
raiseAssert "array should not be empty at this moment"
2021-01-22 10:36:37 +02:00
except CancelledError:
2021-08-06 13:13:55 +03:00
if loopState == AsyncStreamState.Running:
loopState = AsyncStreamState.Stopped
2021-01-22 10:36:37 +02:00
if loopState != AsyncStreamState.Running:
2021-01-20 15:40:15 +02:00
2019-10-08 18:46:27 +03:00
2023-11-18 00:18:09 +02:00
# Cancelling and waiting and all the pending operations
var pending: seq[FutureBase]
if not(isNil(sendRecFut)) and not(sendRecFut.finished()):
if not(isNil(sendAppFut)) and not(sendAppFut.finished()):
if not(isNil(recvRecFut)) and not(recvRecFut.finished()):
if not(isNil(recvAppFut)) and not(recvAppFut.finished()):
await noCancel(allFutures(pending))
2021-01-22 10:36:37 +02:00
# Calculating error
let error =
case loopState
of AsyncStreamState.Stopped:
of AsyncStreamState.Error:
if not(isNil(stream.writer.error)):
2023-02-09 07:15:22 +02:00
elif not(isNil(stream.reader.error)):
2021-01-22 10:36:37 +02:00
2023-02-09 07:15:22 +02:00
2021-01-22 10:36:37 +02:00
of AsyncStreamState.Finished:
2022-06-17 12:39:14 +02:00
let err = engine[].sslEngineLastError()
2021-01-22 10:36:37 +02:00
if err != 0:
of AsyncStreamState.Running:
# Syncing state for reader and writer
stream.writer.state = loopState
2023-01-10 18:08:54 +02:00
stream.reader.state = loopState
2021-01-22 10:36:37 +02:00
if loopState == AsyncStreamState.Error:
if isNil(stream.reader.error):
2023-01-10 18:08:54 +02:00
stream.reader.state = AsyncStreamState.Finished
2021-01-22 10:36:37 +02:00
if not(isNil(error)):
# Completing all pending writes
2023-11-18 00:18:09 +02:00
let item =
except AsyncQueueEmptyError:
raiseAssert "AsyncQueue should not be empty at this moment"
2021-01-22 10:36:37 +02:00
if not(item.future.finished()):
# Completing handshake
if not(stream.writer.handshaked):
if not(isNil(stream.writer.handshakeFut)):
if not(stream.writer.handshakeFut.finished()):
2021-02-03 12:47:03 +02:00
if not(stream.writer.handshaked):
if not(isNil(stream.writer.handshakeFut)):
if not(stream.writer.handshakeFut.finished()):
2023-02-09 07:15:22 +02:00
"Connection to the remote peer has been lost")
2021-02-03 12:47:03 +02:00
2021-01-22 10:36:37 +02:00
# Completing readers
2019-10-09 09:12:54 +03:00
2023-11-18 00:18:09 +02:00
proc tlsWriteLoop(stream: AsyncStreamWriter) {.async: (raises: []).} =
2021-02-17 02:03:12 +02:00
var wstream = TLSStreamWriter(stream)
2021-01-22 10:36:37 +02:00
wstream.state = AsyncStreamState.Running
2023-11-18 00:18:09 +02:00
await noCancel(sleepAsync(0.milliseconds))
2021-01-22 10:36:37 +02:00
if isNil(wstream.stream.mainLoop):
wstream.stream.mainLoop = tlsLoop(wstream.stream)
await wstream.stream.mainLoop
2019-10-08 18:46:27 +03:00
2023-11-18 00:18:09 +02:00
proc tlsReadLoop(stream: AsyncStreamReader) {.async: (raises: []).} =
2021-02-17 02:03:12 +02:00
var rstream = TLSStreamReader(stream)
2019-10-09 09:12:54 +03:00
rstream.state = AsyncStreamState.Running
2023-11-18 00:18:09 +02:00
await noCancel(sleepAsync(0.milliseconds))
2021-01-22 10:36:37 +02:00
if isNil(rstream.stream.mainLoop):
rstream.stream.mainLoop = tlsLoop(rstream.stream)
await rstream.stream.mainLoop
2019-10-08 18:46:27 +03:00
2019-10-16 09:01:52 +03:00
proc getSignerAlgo(xc: X509Certificate): int =
## Get certificate's signing algorithm.
var dc: X509DecoderContext
2022-06-17 12:39:14 +02:00
x509DecoderInit(dc, nil, nil)
x509DecoderPush(dc, xc.data, xc.dataLen)
let err = x509DecoderLastError(dc)
2019-10-16 09:01:52 +03:00
if err != 0:
2021-01-20 15:40:15 +02:00
2019-10-16 09:01:52 +03:00
2022-06-17 12:39:14 +02:00
2019-10-16 09:01:52 +03:00
2023-07-23 19:40:57 +03:00
proc newTLSClientAsyncStream*(
rsource: AsyncStreamReader,
wsource: AsyncStreamWriter,
serverName: string,
bufferSize = SSL_BUFSIZE_BIDI,
minVersion = TLSVersion.TLS12,
maxVersion = TLSVersion.TLS12,
flags: set[TLSFlags] = {},
trustAnchors: SomeTrustAnchorType = MozillaTrustAnchors
2023-11-18 00:18:09 +02:00
): TLSAsyncStream {.raises: [TLSStreamInitError].} =
2019-10-16 09:01:52 +03:00
## Create new TLS asynchronous stream for outbound (client) connections
## using reading stream ``rsource`` and writing stream ``wsource``.
2019-10-08 18:46:27 +03:00
## You can specify remote server name using ``serverName``, if while
## handshake server reports different name you will get an error. If
## ``serverName`` is empty string, remote server name checking will be
## disabled.
## ``bufferSize`` - is SSL/TLS buffer which is used for encoding/decoding
## incoming data.
## ``minVersion`` and ``maxVersion`` are TLS versions which will be used
## for handshake with remote server. If server's version will be lower then
## ``minVersion`` of bigger then ``maxVersion`` you will get an error.
## ``flags`` - custom TLS connection flags.
2023-11-19 18:29:09 +01:00
2023-02-21 13:38:53 -05:00
## ``trustAnchors`` - use this if you want to use certificate trust
## anchors other than the default Mozilla trust anchors. If you pass
## a ``TrustAnchorStore`` you should reuse the same instance for
## every call to avoid making a copy of the trust anchors per call.
when trustAnchors is TrustAnchorStore:
2023-07-23 19:40:57 +03:00
doAssert(len(trustAnchors.anchors) > 0,
"Empty trust anchor list is invalid")
2023-02-21 13:38:53 -05:00
doAssert(len(trustAnchors) > 0, "Empty trust anchor list is invalid")
2021-01-20 15:40:15 +02:00
var res = TLSAsyncStream()
var reader = TLSStreamReader(
kind: TLSStreamKind.Client,
stream: res,
ccontext: addr res.ccontext
var writer = TLSStreamWriter(
kind: TLSStreamKind.Client,
stream: res,
ccontext: addr res.ccontext
res.reader = reader
res.writer = writer
2019-10-08 18:46:27 +03:00
if TLSFlags.NoVerifyHost in flags:
2022-06-17 12:39:14 +02:00
sslClientInitFull(res.ccontext, addr res.x509, nil, 0)
2022-11-02 09:09:15 +02:00
x509NoanchorInit(res.xwc, addr res.x509.vtable)
2022-06-17 12:39:14 +02:00
sslEngineSetX509(res.ccontext.eng, addr res.xwc.vtable)
2019-10-08 18:46:27 +03:00
2023-02-21 13:38:53 -05:00
when trustAnchors is TrustAnchorStore:
res.trustAnchors = trustAnchors
sslClientInitFull(res.ccontext, addr res.x509,
unsafeAddr trustAnchors.anchors[0],
sslClientInitFull(res.ccontext, addr res.x509,
unsafeAddr trustAnchors[0],
2019-10-08 18:46:27 +03:00
let size = max(SSL_BUFSIZE_BIDI, bufferSize)
2021-01-20 15:40:15 +02:00
res.sbuffer = newSeq[byte](size)
2022-06-17 12:39:14 +02:00
sslEngineSetBuffer(res.ccontext.eng, addr res.sbuffer[0],
2021-01-20 15:40:15 +02:00
uint(len(res.sbuffer)), 1)
2022-06-17 12:39:14 +02:00
sslEngineSetVersions(res.ccontext.eng, uint16(minVersion),
2019-10-08 18:46:27 +03:00
2019-10-16 09:01:52 +03:00
if TLSFlags.NoVerifyServerName in flags:
2023-07-23 19:40:57 +03:00
let err = sslClientReset(res.ccontext, nil, 0)
2019-10-08 18:46:27 +03:00
if err == 0:
2021-02-17 02:03:12 +02:00
raise newException(TLSStreamInitError, "Could not initialize TLS layer")
2019-10-08 18:46:27 +03:00
2019-10-16 09:07:46 +03:00
if len(serverName) == 0:
2021-02-17 02:03:12 +02:00
raise newException(TLSStreamInitError,
"serverName must not be empty string")
2019-10-16 09:07:46 +03:00
2022-06-17 12:39:14 +02:00
let err = sslClientReset(res.ccontext, serverName, 0)
2019-10-08 18:46:27 +03:00
if err == 0:
2021-02-17 02:03:12 +02:00
raise newException(TLSStreamInitError, "Could not initialize TLS layer")
2019-10-08 18:46:27 +03:00
2021-02-17 02:03:12 +02:00
init(AsyncStreamWriter(res.writer), wsource, tlsWriteLoop,
2019-10-08 18:46:27 +03:00
2021-02-17 02:03:12 +02:00
init(AsyncStreamReader(res.reader), rsource, tlsReadLoop,
2019-10-08 18:46:27 +03:00
2021-01-20 15:40:15 +02:00
2019-10-16 09:01:52 +03:00
proc newTLSServerAsyncStream*(rsource: AsyncStreamReader,
wsource: AsyncStreamWriter,
privateKey: TLSPrivateKey,
certificate: TLSCertificate,
bufferSize = SSL_BUFSIZE_BIDI,
minVersion = TLSVersion.TLS11,
maxVersion = TLSVersion.TLS12,
cache: TLSSessionCache = nil,
2023-11-18 00:18:09 +02:00
flags: set[TLSFlags] = {}): TLSAsyncStream {.
raises: [TLSStreamInitError, TLSStreamProtocolError].} =
2019-10-16 09:01:52 +03:00
## Create new TLS asynchronous stream for inbound (server) connections
## using reading stream ``rsource`` and writing stream ``wsource``.
## You need to specify local private key ``privateKey`` and certificate
## ``certificate``.
## ``bufferSize`` - is SSL/TLS buffer which is used for encoding/decoding
## incoming data.
## ``minVersion`` and ``maxVersion`` are TLS versions which will be used
## for handshake with remote server. If server's version will be lower then
## ``minVersion`` of bigger then ``maxVersion`` you will get an error.
## ``flags`` - custom TLS connection flags.
if isNil(privateKey) or privateKey.kind notin {TLSKeyType.RSA, TLSKeyType.EC}:
2021-02-17 02:03:12 +02:00
raiseTLSStreamProtocolError("Incorrect private key")
2019-10-16 09:01:52 +03:00
if isNil(certificate) or len(certificate.certs) == 0:
2021-02-17 02:03:12 +02:00
raiseTLSStreamProtocolError("Incorrect certificate")
2019-10-16 09:01:52 +03:00
2021-01-20 15:40:15 +02:00
var res = TLSAsyncStream()
var reader = TLSStreamReader(
kind: TLSStreamKind.Server,
stream: res,
scontext: addr res.scontext
var writer = TLSStreamWriter(
kind: TLSStreamKind.Server,
stream: res,
scontext: addr res.scontext
res.reader = reader
res.writer = writer
2019-10-16 09:01:52 +03:00
if privateKey.kind == TLSKeyType.EC:
let algo = getSignerAlgo(certificate.certs[0])
if algo == -1:
2021-02-17 02:03:12 +02:00
raiseTLSStreamProtocolError("Could not decode certificate")
2022-06-17 12:39:14 +02:00
sslServerInitFullEc(res.scontext, addr certificate.certs[0],
uint(len(certificate.certs)), cuint(algo),
2019-10-16 09:01:52 +03:00
addr privateKey.eckey)
elif privateKey.kind == TLSKeyType.RSA:
2022-06-17 12:39:14 +02:00
sslServerInitFullRsa(res.scontext, addr certificate.certs[0],
uint(len(certificate.certs)), addr privateKey.rsakey)
2019-10-16 09:01:52 +03:00
let size = max(SSL_BUFSIZE_BIDI, bufferSize)
2021-01-20 15:40:15 +02:00
res.sbuffer = newSeq[byte](size)
2022-06-17 12:39:14 +02:00
sslEngineSetBuffer(res.scontext.eng, addr res.sbuffer[0],
2021-01-20 15:40:15 +02:00
uint(len(res.sbuffer)), 1)
2022-06-17 12:39:14 +02:00
sslEngineSetVersions(res.scontext.eng, uint16(minVersion),
2019-10-16 09:01:52 +03:00
if not isNil(cache):
2022-06-17 12:39:14 +02:00
sslServerSetCache(res.scontext, addr cache.context.vtable)
2019-10-16 09:01:52 +03:00
if TLSFlags.EnforceServerPref in flags:
2022-06-17 12:39:14 +02:00
sslEngineAddFlags(res.scontext.eng, OPT_ENFORCE_SERVER_PREFERENCES)
2019-10-16 09:01:52 +03:00
if TLSFlags.NoRenegotiation in flags:
2022-06-17 12:39:14 +02:00
sslEngineAddFlags(res.scontext.eng, OPT_NO_RENEGOTIATION)
2019-10-16 09:01:52 +03:00
if TLSFlags.TolerateNoClientAuth in flags:
2022-06-17 12:39:14 +02:00
sslEngineAddFlags(res.scontext.eng, OPT_TOLERATE_NO_CLIENT_AUTH)
2019-10-16 09:01:52 +03:00
if TLSFlags.FailOnAlpnMismatch in flags:
2022-06-17 12:39:14 +02:00
sslEngineAddFlags(res.scontext.eng, OPT_FAIL_ON_ALPN_MISMATCH)
2019-10-16 09:01:52 +03:00
2022-06-17 12:39:14 +02:00
let err = sslServerReset(res.scontext)
2019-10-16 09:01:52 +03:00
if err == 0:
2021-02-17 02:03:12 +02:00
raise newException(TLSStreamInitError, "Could not initialize TLS layer")
2019-10-16 09:01:52 +03:00
2023-11-18 00:18:09 +02:00
init(AsyncStreamWriter(res.writer), wsource, tlsWriteLoop, bufferSize)
init(AsyncStreamReader(res.reader), rsource, tlsReadLoop, bufferSize)
2021-01-20 15:40:15 +02:00
2019-10-16 09:01:52 +03:00
proc copyKey(src: RsaPrivateKey): TLSPrivateKey =
## Creates copy of RsaPrivateKey ``src``.
2022-06-17 12:39:14 +02:00
var offset = 0'u
2019-10-16 09:01:52 +03:00
let keySize = src.plen + src.qlen + src.dplen + src.dqlen + src.iqlen
2021-01-20 15:40:15 +02:00
var res = TLSPrivateKey(kind: TLSKeyType.RSA, storage: newSeq[byte](keySize))
copyMem(addr res.storage[offset], src.p, src.plen)
2022-06-17 12:39:14 +02:00
res.rsakey.p = addr res.storage[offset]
2021-01-20 15:40:15 +02:00
res.rsakey.plen = src.plen
2019-10-16 09:01:52 +03:00
offset = offset + src.plen
2021-01-20 15:40:15 +02:00
copyMem(addr res.storage[offset], src.q, src.qlen)
2022-06-17 12:39:14 +02:00
res.rsakey.q = addr res.storage[offset]
2021-01-20 15:40:15 +02:00
res.rsakey.qlen = src.qlen
2019-10-16 09:01:52 +03:00
offset = offset + src.qlen
2021-01-20 15:40:15 +02:00
copyMem(addr res.storage[offset], src.dp, src.dplen)
2022-06-17 12:39:14 +02:00
res.rsakey.dp = addr res.storage[offset]
2021-01-20 15:40:15 +02:00
res.rsakey.dplen = src.dplen
2019-10-16 09:01:52 +03:00
offset = offset + src.dplen
2021-01-20 15:40:15 +02:00
copyMem(addr res.storage[offset], src.dq, src.dqlen)
2022-06-17 12:39:14 +02:00
res.rsakey.dq = addr res.storage[offset]
2021-01-20 15:40:15 +02:00
res.rsakey.dqlen = src.dqlen
2019-10-16 09:01:52 +03:00
offset = offset + src.dqlen
2021-01-20 15:40:15 +02:00
copyMem(addr res.storage[offset], src.iq, src.iqlen)
2022-06-17 12:39:14 +02:00
res.rsakey.iq = addr res.storage[offset]
2021-01-20 15:40:15 +02:00
res.rsakey.iqlen = src.iqlen
res.rsakey.nBitlen = src.nBitlen
2019-10-16 09:01:52 +03:00
proc copyKey(src: EcPrivateKey): TLSPrivateKey =
## Creates copy of EcPrivateKey ``src``.
var offset = 0
let keySize = src.xlen
2021-01-20 15:40:15 +02:00
var res = TLSPrivateKey(kind: TLSKeyType.EC, storage: newSeq[byte](keySize))
copyMem(addr res.storage[offset], src.x, src.xlen)
2022-06-17 12:39:14 +02:00
res.eckey.x = addr res.storage[offset]
2021-01-20 15:40:15 +02:00
res.eckey.xlen = src.xlen
res.eckey.curve = src.curve
2019-10-16 09:01:52 +03:00
2023-11-18 00:18:09 +02:00
proc init*(tt: typedesc[TLSPrivateKey], data: openArray[byte]): TLSPrivateKey {.
raises: [TLSStreamProtocolError].} =
2019-10-16 09:01:52 +03:00
## Initialize TLS private key from array of bytes ``data``.
## This procedure initializes private key using raw, DER-encoded format,
## or wrapped in an unencrypted PKCS#8 archive (again DER-encoded).
var ctx: SkeyDecoderContext
if len(data) == 0:
2021-02-17 02:03:12 +02:00
raiseTLSStreamProtocolError("Incorrect private key")
2022-06-17 12:39:14 +02:00
skeyDecoderPush(ctx, cast[pointer](unsafeAddr data[0]), uint(len(data)))
let err = skeyDecoderLastError(ctx)
2019-10-16 09:01:52 +03:00
if err != 0:
2021-02-17 02:03:12 +02:00
2022-06-17 12:39:14 +02:00
let keyType = skeyDecoderKeyType(ctx)
2021-01-20 15:40:15 +02:00
let res =
if keyType == KEYTYPE_RSA:
elif keyType == KEYTYPE_EC:
2021-02-17 02:03:12 +02:00
raiseTLSStreamProtocolError("Unknown key type (" & $keyType & ")")
2021-01-20 15:40:15 +02:00
2019-10-16 09:01:52 +03:00
2023-11-18 00:18:09 +02:00
proc pemDecode*(data: openArray[char]): seq[PEMElement] {.
raises: [TLSStreamProtocolError].} =
2019-10-16 09:01:52 +03:00
## Decode PEM encoded string and get array of binary blobs.
if len(data) == 0:
2021-02-17 02:03:12 +02:00
raiseTLSStreamProtocolError("Empty PEM message")
2019-10-16 09:01:52 +03:00
var pctx = new PEMContext
2021-01-20 15:40:15 +02:00
var res = newSeq[PEMElement]()
2019-10-16 09:01:52 +03:00
2022-06-17 12:39:14 +02:00
proc itemAppend(ctx: pointer, pbytes: pointer, nbytes: uint) {.cdecl.} =
2019-10-16 09:01:52 +03:00
var p = cast[PEMContext](ctx)
2022-06-17 12:39:14 +02:00
var o = uint(len(p.data))
2019-10-16 09:01:52 +03:00
p.data.setLen(o + nbytes)
copyMem(addr p.data[o], pbytes, nbytes)
var offset = 0
var inobj = false
var elem: PEMElement
2022-06-17 12:39:14 +02:00
var ctx: PemDecoderContext
ctx.setdest(itemAppend, cast[pointer](pctx))
while offset < data.len:
let tlen = ctx.push(data.toOpenArray(offset, data.high))
2019-10-16 09:01:52 +03:00
offset = offset + tlen
2022-06-17 12:39:14 +02:00
let event = ctx.lastEvent()
2019-10-16 09:01:52 +03:00
if event == PEM_BEGIN_OBJ:
inobj = true
2022-06-17 12:39:14 +02:00
elem.name = ctx.banner()
2019-10-16 09:01:52 +03:00
elif event == PEM_END_OBJ:
if inobj:
elem.data = pctx.data
2021-01-20 15:40:15 +02:00
2019-10-16 09:01:52 +03:00
inobj = false
2021-02-17 02:03:12 +02:00
raiseTLSStreamProtocolError("Invalid PEM encoding")
2021-01-20 15:40:15 +02:00
2019-10-16 09:01:52 +03:00
2023-11-18 00:18:09 +02:00
proc init*(tt: typedesc[TLSPrivateKey], data: openArray[char]): TLSPrivateKey {.
raises: [TLSStreamProtocolError].} =
2019-10-16 09:01:52 +03:00
## Initialize TLS private key from string ``data``.
## This procedure initializes private key using unencrypted PKCS#8 PEM
## encoded string.
## Note that PKCS#1 PEM encoded objects are not supported.
2021-01-20 15:40:15 +02:00
var res: TLSPrivateKey
2019-10-16 09:01:52 +03:00
var items = pemDecode(data)
for item in items:
if item.name == "PRIVATE KEY":
2021-01-20 15:40:15 +02:00
res = TLSPrivateKey.init(item.data)
2019-10-16 09:01:52 +03:00
2021-01-20 15:40:15 +02:00
if isNil(res):
2021-02-17 02:03:12 +02:00
raiseTLSStreamProtocolError("Could not find private key")
2021-01-20 15:40:15 +02:00
2019-10-16 09:01:52 +03:00
proc init*(tt: typedesc[TLSCertificate],
2023-11-18 00:18:09 +02:00
data: openArray[char]): TLSCertificate {.
raises: [TLSStreamProtocolError].} =
2019-10-16 09:01:52 +03:00
## Initialize TLS certificates from string ``data``.
## This procedure initializes array of certificates from PEM encoded string.
var items = pemDecode(data)
2022-01-28 12:46:15 +01:00
# storage needs to be big enough for input data
var res = TLSCertificate(storage: newSeqOfCap[byte](data.len))
2019-10-16 09:01:52 +03:00
for item in items:
if item.name == "CERTIFICATE" and len(item.data) > 0:
2021-01-20 15:40:15 +02:00
let offset = len(res.storage)
2019-10-16 09:01:52 +03:00
let cert = X509Certificate(
2022-06-17 12:39:14 +02:00
data: addr res.storage[offset],
dataLen: uint(len(item.data))
2019-10-16 09:01:52 +03:00
2021-01-20 15:40:15 +02:00
let ares = getSignerAlgo(cert)
if ares == -1:
2021-02-17 02:03:12 +02:00
raiseTLSStreamProtocolError("Could not decode certificate")
2021-01-20 15:40:15 +02:00
elif ares != KEYTYPE_RSA and ares != KEYTYPE_EC:
2021-02-17 02:03:12 +02:00
"Unsupported signing key type in certificate")
2021-01-20 15:40:15 +02:00
if len(res.storage) == 0:
2021-02-17 02:03:12 +02:00
raiseTLSStreamProtocolError("Could not find any certificates")
2021-01-20 15:40:15 +02:00
2019-10-16 09:01:52 +03:00
2024-03-06 01:56:40 +02:00
proc init*(tt: typedesc[TLSSessionCache],
size: int = TLSSessionCacheBufferSize): TLSSessionCache =
2019-10-16 09:01:52 +03:00
## Create new TLS session cache with size ``size``.
## One cached item is near 100 bytes size.
2024-03-06 01:56:40 +02:00
let rsize = min(size, 4096)
2021-01-20 15:40:15 +02:00
var res = TLSSessionCache(storage: newSeq[byte](rsize))
sslSessionCacheLruInit(addr res.context, addr res.storage[0], rsize)
2019-10-16 09:01:52 +03:00
2023-11-18 00:18:09 +02:00
proc handshake*(rws: SomeTLSStreamType): Future[void] {.
async: (raw: true, raises: [CancelledError, AsyncStreamError]).} =
2019-10-16 09:01:52 +03:00
## Wait until initial TLS handshake will be successfully performed.
2023-11-18 00:18:09 +02:00
let retFuture = Future[void].Raising([CancelledError, AsyncStreamError])
2019-10-16 09:01:52 +03:00
when rws is TLSStreamReader:
if rws.handshaked:
rws.handshakeFut = retFuture
rws.stream.writer.handshakeFut = retFuture
elif rws is TLSStreamWriter:
if rws.handshaked:
rws.handshakeFut = retFuture
rws.stream.reader.handshakeFut = retFuture
elif rws is TLSAsyncStream:
if rws.reader.handshaked:
rws.reader.handshakeFut = retFuture
rws.writer.handshakeFut = retFuture
2021-01-20 15:40:15 +02:00