pseudossl.c 9.89 KB
Newer Older
1 2 3
/*
 * This file is part of the Nice GLib ICE library.
 *
4 5 6
 * (C) 2008-2009 Collabora Ltd.
 *  Contact: Youness Alaoui
 * (C) 2008-2009 Nokia Corporation. All rights reserved.
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
 *
 * The contents of this file are subject to the Mozilla Public License Version
 * 1.1 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 * http://www.mozilla.org/MPL/
 *
 * Software distributed under the License is distributed on an "AS IS" basis,
 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 * for the specific language governing rights and limitations under the
 * License.
 *
 * The Original Code is the Nice GLib ICE library.
 *
 * The Initial Developers of the Original Code are Collabora Ltd and Nokia
 * Corporation. All Rights Reserved.
 *
 * Contributors:
24
 *   Youness Alaoui, Collabora Ltd.
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
 *
 * Alternatively, the contents of this file may be used under the terms of the
 * the GNU Lesser General Public License Version 2.1 (the "LGPL"), in which
 * case the provisions of LGPL are applicable instead of those above. If you
 * wish to allow use of your version of this file only under the terms of the
 * LGPL and not to allow others to use your version of this file under the
 * MPL, indicate your decision by deleting the provisions above and replace
 * them with the notice and other provisions required by the LGPL. If you do
 * not delete the provisions above, a recipient may use your version of this
 * file under either the MPL or the LGPL.
 */

/*
 * Implementation of TCP relay socket interface using TCP Berkeley sockets. (See
 * http://en.wikipedia.org/wiki/Berkeley_sockets.)
 */
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#include "pseudossl.h"
46
#include "agent-priv.h"
47
#include "socket-priv.h"
48 49 50 51 52 53 54 55 56 57 58

#include <string.h>

#ifndef G_OS_WIN32
#include <unistd.h>
#endif

typedef struct {
  gboolean handshaken;
  NiceSocket *base_socket;
  GQueue send_queue;
59
  NicePseudoSSLSocketCompatibility compatibility;
60 61 62
} PseudoSSLPriv;


63
static const gchar SSL_SERVER_GOOGLE_HANDSHAKE[] = {
64 65 66 67 68 69 70 71 72 73 74
  0x16, 0x03, 0x01, 0x00, 0x4a, 0x02, 0x00, 0x00,
  0x46, 0x03, 0x01, 0x42, 0x85, 0x45, 0xa7, 0x27,
  0xa9, 0x5d, 0xa0, 0xb3, 0xc5, 0xe7, 0x53, 0xda,
  0x48, 0x2b, 0x3f, 0xc6, 0x5a, 0xca, 0x89, 0xc1,
  0x58, 0x52, 0xa1, 0x78, 0x3c, 0x5b, 0x17, 0x46,
  0x00, 0x85, 0x3f, 0x20, 0x0e, 0xd3, 0x06, 0x72,
  0x5b, 0x5b, 0x1b, 0x5f, 0x15, 0xac, 0x13, 0xf9,
  0x88, 0x53, 0x9d, 0x9b, 0xe8, 0x3d, 0x7b, 0x0c,
  0x30, 0x32, 0x6e, 0x38, 0x4d, 0xa2, 0x75, 0x57,
  0x41, 0x6c, 0x34, 0x5c, 0x00, 0x04, 0x00};

75
static const gchar SSL_CLIENT_GOOGLE_HANDSHAKE[] = {
76 77 78 79 80 81 82 83 84 85
  0x80, 0x46, 0x01, 0x03, 0x01, 0x00, 0x2d, 0x00,
  0x00, 0x00, 0x10, 0x01, 0x00, 0x80, 0x03, 0x00,
  0x80, 0x07, 0x00, 0xc0, 0x06, 0x00, 0x40, 0x02,
  0x00, 0x80, 0x04, 0x00, 0x80, 0x00, 0x00, 0x04,
  0x00, 0xfe, 0xff, 0x00, 0x00, 0x0a, 0x00, 0xfe,
  0xfe, 0x00, 0x00, 0x09, 0x00, 0x00, 0x64, 0x00,
  0x00, 0x62, 0x00, 0x00, 0x03, 0x00, 0x00, 0x06,
  0x1f, 0x17, 0x0c, 0xa6, 0x2f, 0x00, 0x78, 0xfc,
  0x46, 0x55, 0x2e, 0xb1, 0x83, 0x39, 0xf1, 0xea};

86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106
static const gchar SSL_SERVER_MSOC_HANDSHAKE[] = {
  0x16, 0x03, 0x01, 0x00, 0x4e, 0x02, 0x00, 0x00,
  0x46, 0x03, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x0e,
  0x00, 0x00, 0x00};

static const gchar SSL_CLIENT_MSOC_HANDSHAKE[] = {
  0x16, 0x03, 0x01, 0x00, 0x2d, 0x01, 0x00, 0x00,
  0x29, 0x03, 0x01, 0xc1, 0xfc, 0xd5, 0xa3, 0x6d,
  0x93, 0xdd, 0x7e, 0x0b, 0x45, 0x67, 0x3f, 0xec,
  0x79, 0x85, 0xfb, 0xbc, 0x3f, 0xd6, 0x60, 0xc2,
  0xce, 0x84, 0x85, 0x08, 0x1b, 0x81, 0x21, 0xbc,
  0xaa, 0x10, 0xfb, 0x00, 0x00, 0x02, 0x00, 0x18,
  0x01, 0x00};
107 108

static void socket_close (NiceSocket *sock);
109 110
static gint socket_recv_messages (NiceSocket *sock,
    NiceInputMessage *recv_messages, guint n_recv_messages);
111
static gint socket_send_messages (NiceSocket *sock, const NiceAddress *to,
112
    const NiceOutputMessage *messages, guint n_messages);
113 114
static gint socket_send_messages_reliable (NiceSocket *sock,
    const NiceAddress *to, const NiceOutputMessage *messages, guint n_messages);
115
static gboolean socket_is_reliable (NiceSocket *sock);
116 117 118
static gboolean socket_can_send (NiceSocket *sock, NiceAddress *addr);
static void socket_set_writable_callback (NiceSocket *sock,
    NiceSocketWritableCb callback, gpointer user_data);
119 120

NiceSocket *
121 122
nice_pseudossl_socket_new (NiceSocket *base_socket,
    NicePseudoSSLSocketCompatibility compatibility)
123 124
{
  PseudoSSLPriv *priv;
125 126 127 128 129 130 131 132 133 134 135 136 137 138 139
  NiceSocket *sock;
  const gchar *buf;
  guint len;

  if (compatibility == NICE_PSEUDOSSL_SOCKET_COMPATIBILITY_MSOC) {
    buf = SSL_CLIENT_MSOC_HANDSHAKE;
    len = sizeof(SSL_CLIENT_MSOC_HANDSHAKE);
  } else if (compatibility == NICE_PSEUDOSSL_SOCKET_COMPATIBILITY_GOOGLE) {
    buf = SSL_CLIENT_GOOGLE_HANDSHAKE;
    len = sizeof(SSL_CLIENT_GOOGLE_HANDSHAKE);
  } else {
    return NULL;
  }

  sock = g_slice_new0 (NiceSocket);
140 141 142 143
  sock->priv = priv = g_slice_new0 (PseudoSSLPriv);

  priv->handshaken = FALSE;
  priv->base_socket = base_socket;
144
  priv->compatibility = compatibility;
145

146
  sock->type = NICE_SOCKET_TYPE_PSEUDOSSL;
147 148
  sock->fileno = priv->base_socket->fileno;
  sock->addr = priv->base_socket->addr;
149
  sock->send_messages = socket_send_messages;
150
  sock->send_messages_reliable = socket_send_messages_reliable;
151
  sock->recv_messages = socket_recv_messages;
152
  sock->is_reliable = socket_is_reliable;
153 154
  sock->can_send = socket_can_send;
  sock->set_writable_callback = socket_set_writable_callback;
155 156 157 158
  sock->close = socket_close;

  /* We send 'to' NULL because it will always be to an already connected
   * TCP base socket, which ignores the destination */
159
  nice_socket_send_reliable (priv->base_socket, NULL, len, buf);
160 161 162 163 164 165 166 167 168 169 170 171 172

  return sock;
}


static void
socket_close (NiceSocket *sock)
{
  PseudoSSLPriv *priv = sock->priv;

  if (priv->base_socket)
    nice_socket_free (priv->base_socket);

173
  nice_socket_free_send_queue (&priv->send_queue);
174

175 176 177
  g_slice_free(PseudoSSLPriv, sock->priv);
}

178
static gboolean
179
server_handshake_valid(NiceSocket *sock, GInputVector *data, guint length)
180 181 182 183
{
  PseudoSSLPriv *priv = sock->priv;

  if (priv->compatibility == NICE_PSEUDOSSL_SOCKET_COMPATIBILITY_MSOC) {
184
    if (length == sizeof(SSL_SERVER_MSOC_HANDSHAKE)) {
185 186 187 188 189 190 191 192 193
      guint8 *buf = data->buffer;

      memset(buf + 11, 0, 32);
      memset(buf + 44, 0, 32);
      return memcmp(SSL_SERVER_MSOC_HANDSHAKE, data->buffer,
          sizeof(SSL_SERVER_MSOC_HANDSHAKE)) == 0;
    }
    return FALSE;
  } else {
194
    return length == sizeof(SSL_SERVER_GOOGLE_HANDSHAKE) &&
195 196 197 198
        memcmp(SSL_SERVER_GOOGLE_HANDSHAKE, data->buffer,
            sizeof(SSL_SERVER_GOOGLE_HANDSHAKE)) == 0;
  }
}
199 200

static gint
201 202
socket_recv_messages (NiceSocket *sock,
    NiceInputMessage *recv_messages, guint n_recv_messages)
203 204 205 206
{
  PseudoSSLPriv *priv = sock->priv;

  if (priv->handshaken) {
207 208 209 210 211 212
    if (priv->base_socket) {
      /* Fast path: once we’ve done the handshake, pass straight through to the
       * base socket. */
      return nice_socket_recv_messages (priv->base_socket,
          recv_messages, n_recv_messages);
    }
213
  } else {
214 215
    guint8 data[MAX(sizeof(SSL_SERVER_GOOGLE_HANDSHAKE),
          sizeof(SSL_SERVER_MSOC_HANDSHAKE))];
216
    gint ret = -1;
217
    GInputVector local_recv_buf = { data, sizeof(data) };
218
    NiceInputMessage local_recv_message = { &local_recv_buf, 1, NULL, 0 };
219

220 221 222 223 224 225

    if (priv->compatibility == NICE_PSEUDOSSL_SOCKET_COMPATIBILITY_MSOC) {
      local_recv_buf.size = sizeof(SSL_SERVER_MSOC_HANDSHAKE);
    } else {
      local_recv_buf.size = sizeof(SSL_SERVER_GOOGLE_HANDSHAKE);
    }
226 227 228 229
    if (priv->base_socket) {
      ret = nice_socket_recv_messages (priv->base_socket,
          &local_recv_message, 1);
    }
230 231 232

    if (ret <= 0) {
      return ret;
233 234
    } else if (ret == 1 && server_handshake_valid(sock, &local_recv_buf,
            local_recv_message.length)) {
235
      priv->handshaken = TRUE;
236
      nice_socket_flush_send_queue (priv->base_socket, &priv->send_queue);
237 238 239 240 241
    } else {
      if (priv->base_socket)
        nice_socket_free (priv->base_socket);
      priv->base_socket = NULL;

242
      return -1;
243 244 245 246 247
    }
  }
  return 0;
}

248
static gint
249 250
socket_send_messages (NiceSocket *sock, const NiceAddress *to,
    const NiceOutputMessage *messages, guint n_messages)
251 252 253 254
{
  PseudoSSLPriv *priv = sock->priv;

  if (priv->handshaken) {
255 256 257
    /* Fast path: pass directly through to the base socket once the handshake is
     * complete. */
    if (priv->base_socket == NULL)
258
      return -1;
259

260 261
    return nice_socket_send_messages (priv->base_socket, to, messages,
        n_messages);
262
  } else {
263
    return 0;
264
  }
265
  return n_messages;
266 267 268
}


269 270 271 272 273 274 275 276 277 278 279 280 281 282 283
static gint
socket_send_messages_reliable (NiceSocket *sock, const NiceAddress *to,
    const NiceOutputMessage *messages, guint n_messages)
{
  PseudoSSLPriv *priv = sock->priv;

  if (priv->handshaken) {
    /* Fast path: pass directly through to the base socket once the handshake is
     * complete. */
    if (priv->base_socket == NULL)
      return -1;

    return nice_socket_send_messages_reliable (priv->base_socket, to, messages,
        n_messages);
  } else {
284
    nice_socket_queue_send (&priv->send_queue, to, messages, n_messages);
285 286 287 288
  }
  return n_messages;
}

289 290 291
static gboolean
socket_is_reliable (NiceSocket *sock)
{
292 293 294
  PseudoSSLPriv *priv = sock->priv;

  return nice_socket_is_reliable (priv->base_socket);
295
}
296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312

static gboolean
socket_can_send (NiceSocket *sock, NiceAddress *addr)
{
  PseudoSSLPriv *priv = sock->priv;

  return nice_socket_can_send (priv->base_socket, addr);
}

static void
socket_set_writable_callback (NiceSocket *sock,
    NiceSocketWritableCb callback, gpointer user_data)
{
  PseudoSSLPriv *priv = sock->priv;

  nice_socket_set_writable_callback (priv->base_socket, callback, user_data);
}