dtls fixes 1

This commit is contained in:
Ludovic Chenut 2023-08-18 17:13:34 +02:00
parent 8a33c17c38
commit c28ae5ca31
No known key found for this signature in database
GPG Key ID: D9A59B1907F1D50C
1 changed files with 67 additions and 33 deletions

View File

@ -33,8 +33,6 @@ type
recvEvent: AsyncEvent recvEvent: AsyncEvent
sendEvent: AsyncEvent sendEvent: AsyncEvent
entropy: mbedtls_entropy_context
ctr_drbg: mbedtls_ctr_drbg_context
timer: mbedtls_timing_delay_context timer: mbedtls_timing_delay_context
config: mbedtls_ssl_config config: mbedtls_ssl_config
@ -53,37 +51,9 @@ proc dtlsRecv*(ctx: pointer, buf: ptr byte, len: uint): cint {.cdecl.} =
method init*(self: DtlsConn, conn: WebRTCConn, address: TransportAddress) {.async.} = method init*(self: DtlsConn, conn: WebRTCConn, address: TransportAddress) {.async.} =
await procCall(WebRTCConn(self).init(conn, address)) await procCall(WebRTCConn(self).init(conn, address))
self.recvEvent = AsyncEvent() # self.recvEvent = AsyncEvent()
self.sendEvent = AsyncEvent() # self.sendEvent = AsyncEvent()
#
mb_ctr_drbg_init(self.ctr_drbg)
mb_entropy_init(self.entropy)
mb_ctr_drbg_seed(self.ctr_drbg, mbedtls_entropy_func,
self.entropy, nil, 0)
var
srvcert = self.generateCertificate()
pkey = self.generateKey()
selfvar = self
mb_ssl_init(self.ssl)
mb_ssl_config_init(self.config)
mb_ssl_config_defaults(self.config, MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT)
mb_ssl_conf_rng(self.config, mbedtls_ctr_drbg_random, self.ctr_drbg)
mb_ssl_conf_read_timeout(self.config, 10000) # in milliseconds
mb_ssl_conf_ca_chain(self.config, srvcert.next, nil)
mb_ssl_conf_own_cert(self.config, srvcert, pkey)
mbedtls_ssl_set_timer_cb(addr self.ssl, cast[pointer](addr self.timer),
mbedtls_timing_set_delay,
mbedtls_timing_get_delay)
# cookie ?
mb_ssl_setup(self.ssl, self.config)
mb_ssl_session_reset(self.ssl)
mb_ssl_set_bio(self.ssl, cast[pointer](addr selfvar),
dtlsSend, dtlsRecv, nil)
while true:
mb_ssl_handshake(self.ssl)
method write*(self: DtlsConn, msg: seq[byte]) {.async.} = method write*(self: DtlsConn, msg: seq[byte]) {.async.} =
var buf = msg var buf = msg
@ -103,3 +73,67 @@ proc main {.async.} =
await dtls.init(nil, laddr) await dtls.init(nil, laddr)
waitFor(main()) waitFor(main())
type
Dtls* = ref object of RootObj
ctr_drbg: mbedtls_ctr_drbg_context
entropy: mbedtls_entropy_context
address: TransportAddress
started: bool
proc start*(self: Dtls, address: TransportAddress) =
if self.started:
warn "Already started"
return
self.address = address
self.started = true
mb_ctr_drbg_init(self.ctr_drbg)
mb_entropy_init(self.entropy)
mb_ctr_drbg_seed(self.ctr_drbg, mbedtls_entropy_func,
self.entropy, nil, 0)
proc stop*(self: Dtls) =
if not self.started:
warn "Already stopped"
return
self.stopped = false
proc handshake(self: DtlsConn) {.async.} =
while self.ssl.private_state != MBEDTLS_SSL_HANDSHAKE_OVER:
let res = mbedtls_ssl_handshake_step(addr self.ssl)
if res == MBEDTLS_ERR_SSL_WANT_READ or res == MBEDTLS_ERR_SSL_WANT_READ:
continue
proc accept*(self: Dtls, conn: WebRTCConn): DtlsConn {.async.} =
var
srvcert = self.generateCertificate()
pkey = self.generateKey()
selfvar = self
result = Dtls()
result.init(conn, self.address)
mb_ssl_init(result.ssl)
mb_ssl_config_init(result.config)
mb_ssl_config_defaults(result.config,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT)
mb_ssl_conf_rng(result.config, mbedtls_ctr_drbg_random, self.ctr_drbg)
mb_ssl_conf_read_timeout(result.config, 10000) # in milliseconds
mb_ssl_conf_ca_chain(result.config, srvcert.next, nil)
mb_ssl_conf_own_cert(result.config, srvcert, pkey)
mbedtls_ssl_set_timer_cb(addr result.ssl, cast[pointer](addr result.timer),
mbedtls_timing_set_delay,
mbedtls_timing_get_delay)
# Add the cookie management (it works without, but it's more secure)
mb_ssl_setup(result.ssl, result.config)
mb_ssl_session_reset(result.ssl)
mb_ssl_set_bio(result.ssl, cast[pointer](result),
dtlsSend, dtlsRecv, nil)
await result.handshake()
proc dial*(self: Dtls, address: TransportAddress): DtlsConn =
discard