status-im
/
nim-webrtc
mirror of https://github.com/status-im/nim-webrtc.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Finalize dtls server

This commit is contained in:
Ludovic Chenut 2023-10-05 13:14:42 +02:00
parent bf8ea1bbaa
commit ca2b411f97
No known key found for this signature in database
GPG Key ID: D9A59B1907F1D50C
1 changed files with 14 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
webrtc/dtls/dtls.nim
View File

@ -8,7 +8,6 @@
# those terms. # those terms.
import times, sequtils import times, sequtils
import strutils # to remove
import chronos, chronicles import chronos, chronicles
import ./utils, ../webrtc_connection import ./utils, ../webrtc_connection
@ -31,6 +30,7 @@ logScope:
topics = "webrtc dtls" topics = "webrtc dtls"
type type
DtlsError* = object of CatchableError
DtlsConn* = ref object of WebRTCConn DtlsConn* = ref object of WebRTCConn
recvData: seq[seq[byte]] recvData: seq[seq[byte]]
recvEvent: AsyncEvent recvEvent: AsyncEvent
@ -96,16 +96,11 @@ proc stop*(self: Dtls) =
self.started = false self.started = false
proc handshake(self: DtlsConn) {.async.} = proc serverHandshake(self: DtlsConn) {.async.} =
var endpoint = var shouldRead = true
if self.ssl.private_conf.private_endpoint == MBEDTLS_SSL_IS_SERVER:
MBEDTLS_ERR_SSL_WANT_READ
else:
MBEDTLS_ERR_SSL_WANT_WRITE
while self.ssl.private_state != MBEDTLS_SSL_HANDSHAKE_OVER: while self.ssl.private_state != MBEDTLS_SSL_HANDSHAKE_OVER:
if endpoint == MBEDTLS_ERR_SSL_WANT_READ or if shouldRead:
self.ssl.private_state == MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
self.recvData.add(await self.conn.read()) self.recvData.add(await self.conn.read())
var ta = self.getRemoteAddress() var ta = self.getRemoteAddress()
case ta.family case ta.family
@ -114,20 +109,24 @@ proc handshake(self: DtlsConn) {.async.} =
of AddressFamily.IPv6: of AddressFamily.IPv6:
mb_ssl_set_client_transport_id(self.ssl, ta.address_v6) mb_ssl_set_client_transport_id(self.ssl, ta.address_v6)
else: else:
discard # TODO: raise ? raise newException(DtlsError, "Remote address isn't an IP address")
self.sendFuture = nil self.sendFuture = nil
let res = mb_ssl_handshake_step(self.ssl) let res = mb_ssl_handshake_step(self.ssl)
shouldRead = false
if not self.sendFuture.isNil(): await self.sendFuture if not self.sendFuture.isNil(): await self.sendFuture
if res == MBEDTLS_ERR_SSL_WANT_READ or res == MBEDTLS_ERR_SSL_WANT_WRITE: if res == MBEDTLS_ERR_SSL_WANT_WRITE:
continue
elif res == MBEDTLS_ERR_SSL_WANT_READ or
self.ssl.private_state == MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:
shouldRead = true
continue continue
elif res == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED: elif res == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED:
mb_ssl_session_reset(self.ssl) mb_ssl_session_reset(self.ssl)
endpoint = MBEDTLS_ERR_SSL_WANT_READ shouldRead = true
continue continue
elif res != 0: elif res != 0:
break # raise whatever raise newException(DtlsError, $(res.mbedtls_high_level_strerr()))
endpoint = res
proc accept*(self: Dtls, conn: WebRTCConn): Future[DtlsConn] {.async.} = proc accept*(self: Dtls, conn: WebRTCConn): Future[DtlsConn] {.async.} =
var var
@ -159,12 +158,11 @@ proc accept*(self: Dtls, conn: WebRTCConn): Future[DtlsConn] {.async.} =
mb_ssl_cookie_setup(res.cookie, mbedtls_ctr_drbg_random, res.ctr_drbg) mb_ssl_cookie_setup(res.cookie, mbedtls_ctr_drbg_random, res.ctr_drbg)
mb_ssl_conf_dtls_cookies(res.config, res.cookie) mb_ssl_conf_dtls_cookies(res.config, res.cookie)
mb_ssl_set_timer_cb(res.ssl, res.timer) mb_ssl_set_timer_cb(res.ssl, res.timer)
# Add the cookie management (it works without, but it's more secure)
mb_ssl_setup(res.ssl, res.config) mb_ssl_setup(res.ssl, res.config)
mb_ssl_session_reset(res.ssl) mb_ssl_session_reset(res.ssl)
mb_ssl_set_bio(res.ssl, cast[pointer](res), mb_ssl_set_bio(res.ssl, cast[pointer](res),
dtlsSend, dtlsRecv, nil) dtlsSend, dtlsRecv, nil)
await res.handshake() await res.serverHandshake()
return res return res
proc dial*(self: Dtls, address: TransportAddress): DtlsConn = proc dial*(self: Dtls, address: TransportAddress): DtlsConn =