/**
* Copyright (c) 2018 Cornell University.
*
* Author: Ted Yin <tederminant@gmail.com>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is furnished to do
* so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#ifndef _SALTICIDAE_CRYPTO_H
#define _SALTICIDAE_CRYPTO_H
#include "salticidae/type.h"
#include "salticidae/util.h"
#include <openssl/sha.h>
#include <openssl/ssl.h>
namespace salticidae {
class SHA256 {
SHA256_CTX ctx;
public:
SHA256() { reset(); }
void reset() {
if (!SHA256_Init(&ctx))
throw std::runtime_error("openssl SHA256 init error");
}
template<typename T>
void update(const T &data) {
update(reinterpret_cast<const uint8_t *>(&*data.begin()), data.size());
}
void update(const bytearray_t::const_iterator &it, size_t length) {
update(&*it, length);
}
void update(const uint8_t *ptr, size_t length) {
if (!SHA256_Update(&ctx, ptr, length))
throw std::runtime_error("openssl SHA256 update error");
}
void _digest(bytearray_t &md) {
if (!SHA256_Final(&*md.begin(), &ctx))
throw std::runtime_error("openssl SHA256 error");
}
void digest(bytearray_t &md) {
md.resize(32);
_digest(md);
}
bytearray_t digest() {
bytearray_t md(32);
_digest(md);
return std::move(md);
}
};
class SHA1 {
SHA_CTX ctx;
public:
SHA1() { reset(); }
void reset() {
if (!SHA1_Init(&ctx))
throw std::runtime_error("openssl SHA1 init error");
}
template<typename T>
void update(const T &data) {
update(reinterpret_cast<const uint8_t *>(&*data.begin()), data.size());
}
void update(const bytearray_t::const_iterator &it, size_t length) {
update(&*it, length);
}
void update(const uint8_t *ptr, size_t length) {
if (!SHA1_Update(&ctx, ptr, length))
throw std::runtime_error("openssl SHA1 update error");
}
void _digest(bytearray_t &md) {
if (!SHA1_Final(&*md.begin(), &ctx))
throw std::runtime_error("openssl SHA1 error");
}
void digest(bytearray_t &md) {
md.resize(32);
_digest(md);
}
bytearray_t digest() {
bytearray_t md(32);
_digest(md);
return std::move(md);
}
};
class TLSContext {
SSL_CTX *ctx;
friend class TLS;
public:
static void init_tls() { SSL_library_init(); }
TLSContext(): ctx(SSL_CTX_new(TLS_method())) {
if (ctx == nullptr)
throw std::runtime_error("TLSContext init error");
}
void use_cert_file(const std::string &fname) {
auto ret = SSL_CTX_use_certificate_file(ctx, fname.c_str(), SSL_FILETYPE_PEM);
if (ret <= 0)
throw SalticidaeError(SALTI_ERROR_TLS_CERT_ERROR);
}
void use_priv_key_file(const std::string &fname) {
auto ret = SSL_CTX_use_PrivateKey_file(ctx, fname.c_str(), SSL_FILETYPE_PEM);
if (ret <= 0)
throw SalticidaeError(SALTI_ERROR_TLS_KEY_ERROR);
}
bool check_priv_key() {
return SSL_CTX_check_private_key(ctx) > 0;
}
~TLSContext() { SSL_CTX_free(ctx); }
};
using tls_context_t = ArcObj<TLSContext>;
class TLS {
SSL *ssl;
public:
TLS(const tls_context_t &ctx, int fd, bool accept): ssl(SSL_new(ctx->ctx)) {
if (ssl == nullptr)
throw std::runtime_error("TLS init error");
if (!SSL_set_fd(ssl, fd))
throw SalticidaeError(SALTI_ERROR_TLS_GENERIC_ERROR);
if (accept)
SSL_set_accept_state(ssl);
else
SSL_set_connect_state(ssl);
}
bool do_handshake(int &want_io_type) { /* 0 for read, 1 for write */
auto ret = SSL_do_handshake(ssl);
if (ret == 1) return true;
auto err = SSL_get_error(ssl, ret);
if (err == SSL_ERROR_WANT_WRITE)
want_io_type = 1;
else if (err == SSL_ERROR_WANT_READ)
want_io_type = 0;
else
throw SalticidaeError(SALTI_ERROR_TLS_GENERIC_ERROR);
return false;
}
inline int send(const void *buff, size_t size) {
return SSL_write(ssl, buff, size);
}
inline int recv(void *buff, size_t size) {
return SSL_read(ssl, buff, size);
}
int get_error(int ret) {
return SSL_get_error(ssl, ret);
}
~TLS() {
SSL_shutdown(ssl);
SSL_free(ssl);
}
};
}
#endif