Adding TLS sockets for Linux

Author: f-michaut

CMakeLists.txt

@@ -4,7 +4,7 @@
 ## Author Francois Michaut
 ##
 ## Started on  Sun Aug 28 19:26:51 2022 Francois Michaut
-## Last update Thu Sep 15 14:08:03 2022 Francois Michaut
+## Last update Tue May  9 11:51:16 2023 Francois Michaut
 ##
 ## CMakeLists.txt : CMake to build the CppSockets library
 ##
@@ -26,17 +26,19 @@ add_library(cppsockets
   source/IPv4.cpp
   source/Socket.cpp
   source/TlsSocket.cpp
-  )
+)
+
+target_link_libraries(cppsockets ssl)
 
 add_custom_target(test
-  COMMAND ${CMAKE_COMMAND}
+  COMMAND ${CMAKE_COMMAND} --log-level=WARNING
   -B "${CMAKE_CURRENT_BINARY_DIR}/tests"
   -S "${CMAKE_CURRENT_SOURCE_DIR}/tests"
   -G ${CMAKE_GENERATOR}
   COMMAND ${CMAKE_COMMAND} -E cmake_echo_color
   --switch=$(COLOR) --cyan "Building tests..."
   COMMAND ${CMAKE_COMMAND}
-  --build "${CMAKE_CURRENT_BINARY_DIR}/tests"
+  --build "${CMAKE_CURRENT_BINARY_DIR}/tests" -- --quiet
   COMMAND ${CMAKE_MAKE_PROGRAM}
   -C "${CMAKE_CURRENT_BINARY_DIR}/tests" test
   )

include/CppSockets/Address.hpp

@@ -4,7 +4,7 @@
 ** Author Francois Michaut
 **
 ** Started on  Sun Feb 13 17:09:05 2022 Francois Michaut
-** Last update Mon Aug 29 20:46:03 2022 Francois Michaut
+** Last update Thu Feb  9 08:55:11 2023 Francois Michaut
 **
 ** Address.hpp : Interface to represent network addresses
 */
@@ -14,6 +14,7 @@
 #include <string>
 #include <type_traits>
 
+// TODO: support IPv6 (uint32 for address will not support IPv6)
 namespace CppSockets {
     class IAddress {
         public:

include/CppSockets/IPv4.hpp

@@ -4,7 +4,7 @@
 ** Author Francois Michaut
 **
 ** Started on  Sun Feb 13 17:05:02 2022 Francois Michaut
-** Last update Wed Sep 14 22:28:32 2022 Francois Michaut
+** Last update Thu Feb  9 08:55:24 2023 Francois Michaut
 **
 ** IPv4.hpp : Class used to represent and manipulate IPv4 addresses
 */
@@ -32,4 +32,5 @@ namespace CppSockets {
             std::uint32_t addr;
             std::string str;
     };
+    using EndpointV4 = Endpoint<IPv4>;
 }

include/CppSockets/Socket.hpp

@@ -4,7 +4,7 @@
 ** Author Francois Michaut
 **
 ** Started on  Sat Jan 15 01:17:42 2022 Francois Michaut
-** Last update Wed Sep 14 22:18:29 2022 Francois Michaut
+** Last update Tue Feb  7 22:31:12 2023 Francois Michaut
 **
 ** Socket.hpp : Portable C++ socket class
 */
@@ -26,11 +26,15 @@ using RawSocketType=int;
 #include "CppSockets/Address.hpp"
 
 namespace CppSockets {
+    static void init(bool init_ssl = true, bool init_wsa = true);
+    static void deinit(bool deinit_ssl = true, bool deinit_wsa = true);
+
     class Socket {
         public:
             Socket(int domain, int type, int protocol);
             ~Socket();
 
+            // TODO Maybe enable copy with dup(2) ?
             Socket(const Socket &other) = delete;
             Socket(Socket &&other) noexcept;
             Socket &operator=(const Socket &other) = delete;
@@ -57,7 +61,7 @@ namespace CppSockets {
 
             [[nodiscard]]
             RawSocketType get_fd() const; // TODO check if windows SOCKET can be
-                                         // converted to int
+                                          // converted to int
             [[nodiscard]]
             int get_type() const;
             [[nodiscard]]
@@ -67,16 +71,17 @@ namespace CppSockets {
 
             [[nodiscard]]
             bool connected() const;
-        private:
-            Socket(int domain, int type, int protocol, int sockfd);
 
-            static void init();
-
-            static int getsockopt(int fd, int level, int optname, void *optval, socklen_t *optlen);
+        public:
             static int get_errno();
             static char *strerror(int err);
             static char *strerror();
 
+        private:
+            Socket(int domain, int type, int protocol, int sockfd);
+
+            static int getsockopt(int fd, int level, int optname, void *optval, socklen_t *optlen);
+
             int domain;
             int type;
             int protocol;

include/CppSockets/TlsSocket.hpp

@@ -0,0 +1,95 @@
+/*
+** Project LibCppSockets, 2022
+**
+** Author Francois Michaut
+**
+** Started on  Wed Sep 14 20:51:23 2022 Francois Michaut
+** Last update Mon May  8 19:57:05 2023 Francois Michaut
+**
+** SecureSocket.hpp : TLS socket wrapper using openssl
+*/
+
+#pragma once
+
+#ifdef _WIN32
+// TODO Currently disabling TlsSocket for windows
+#else
+
+#include "CppSockets/IPv4.hpp"
+#include <CppSockets/Socket.hpp>
+
+#include <functional>
+
+// TODO: find a better way do to this
+using SSL = struct ssl_st;
+using SSL_METHOD = struct ssl_method_st;
+using SSL_CTX = struct ssl_ctx_st;
+using X509 = struct x509_st;
+using RSA = struct rsa_st;
+using EVP_PKEY = struct evp_pkey_st;
+using EVP_MD = struct evp_md_st;
+using EVP_MD_CTX = struct evp_md_ctx_st;
+
+namespace CppSockets {
+    using SSL_CTX_ptr=std::unique_ptr<SSL_CTX, std::function<void(SSL_CTX *)>>;
+    using SSL_ptr=std::unique_ptr<SSL, std::function<void(SSL *)>>;
+    using X509_ptr=std::unique_ptr<X509, std::function<void(X509 *)>>;
+    using RSA_ptr=std::unique_ptr<RSA, std::function<void(RSA *)>>;
+    using EVP_PKEY_ptr=std::unique_ptr<EVP_PKEY, std::function<void(EVP_PKEY *)>>;
+    using EVP_MD_ptr=std::unique_ptr<EVP_MD, std::function<void(EVP_MD *)>>;
+    using EVP_MD_CTX_ptr=std::unique_ptr<EVP_MD_CTX, std::function<void(EVP_MD_CTX *)>>;
+
+    // TODO add more TLS-related functions
+    class TlsSocket : public Socket {
+        public:
+            explicit TlsSocket(Socket &&other);
+            TlsSocket(int domain, int type, int protocol);
+            ~TlsSocket();
+
+            TlsSocket(const TlsSocket &other) = delete;
+            TlsSocket(TlsSocket &&other) noexcept;
+            TlsSocket &operator=(const TlsSocket &other) = delete;
+            TlsSocket &operator=(TlsSocket &&other) noexcept;
+
+            std::string read(std::size_t len = -1);
+            std::size_t read(char *buff, std::size_t size);
+            std::size_t write(const std::string &buff);
+            std::size_t write(const char *buff, std::size_t len);
+
+            int connect(const IEndpoint &endpoint);
+
+            std::shared_ptr<TlsSocket> accept(void *addr_out);
+
+            [[nodiscard]]
+            const SSL_CTX_ptr &get_ssl_ctx() const;
+            [[nodiscard]]
+            const SSL_ptr &get_ssl() const;
+            [[nodiscard]]
+            const X509_ptr &get_client_cert() const;
+
+            [[nodiscard]]
+            const std::string tls_strerror(int ret);
+        private:
+            SSL_CTX_ptr ctx;
+            SSL_ptr ssl;
+            X509_ptr peer_cert;
+            bool do_shutdown = true;
+    };
+
+    inline std::size_t TlsSocket::write(const std::string &buff) {
+        return write(buff.data(), buff.size());
+    }
+
+    inline const SSL_CTX_ptr &TlsSocket::get_ssl_ctx() const {
+        return ctx;
+    }
+
+    inline const SSL_ptr &TlsSocket::get_ssl() const {
+        return ssl;
+    }
+
+    inline const X509_ptr &TlsSocket::get_client_cert() const {
+        return peer_cert;
+    }
+}
+#endif

source/Socket.cpp

@@ -4,7 +4,7 @@
 ** Author Francois Michaut
 **
 ** Started on  Sat Jan 15 01:27:40 2022 Francois Michaut
-** Last update Wed Sep 14 22:19:18 2022 Francois Michaut
+** Last update Sun Feb 19 11:01:09 2023 Francois Michaut
 **
 ** Socket.cpp : Protable C++ socket class implementation
 */
@@ -27,43 +27,26 @@ static constexpr int SOCKET_ERROR = -1;
 
 static constexpr int BUFF_SIZE = 4096;
 
-// TODO add exceptions on error retunrs
-// TODO throw custom exceptions on invalid status (eg: socket already connected)
+#include <array>
+
 #include "CppSockets/IPv4.hpp"
 #include "CppSockets/Socket.hpp"
 
+// TODO add exceptions on error retunrs
+// TODO throw custom exceptions on invalid status (eg: socket already connected)
 namespace CppSockets {
-    void Socket::init() {
-#ifdef _WIN32
-        static bool init_done = false;
-        WSADATA wsa_data;
-
-        if (!init_done) {
-            // TODO need to call WSACleanup too
-            if (WSAStartup(MAKEWORD(2, 2), &wsa_data) != 0) {
-                throw std::runtime_error(std::string("WASStartup Failed : ") + std::strerror(errno));
-            }
-            init_done = true;
-        }
-#endif
-    }
-
     Socket::Socket(int domain, int type, int protocol, int sockfd) :
         domain(domain), type(type), protocol(protocol), sockfd(sockfd)
-    {
-        init();
-    }
+    {}
 
     Socket::Socket(int domain, int type, int protocol) :
-        domain(domain), type(type), protocol(protocol)
+        domain(domain), type(type), protocol(protocol), sockfd(::socket(domain, type, protocol))
     {
-        init();
-        sockfd = ::socket(domain, type, protocol);
         if (sockfd == INVALID_SOCKET)
             throw std::runtime_error(std::string("Failed to create socket : ") + std::strerror(errno));
     }
 
-    Socket::Socket(Socket &&other) noexcept { // NOLINT
+    Socket::Socket(Socket &&other) noexcept { // NOLINT(cppcoreguidelines-pro-type-member-init, hicpp-member-init)
         *this = std::move(other);
     }
 
@@ -111,7 +94,7 @@ namespace CppSockets {
 
     std::string Socket::read(std::size_t len) {
         std::array<char, BUFF_SIZE> buff = {0};
-        std::string res;
+        std::string res; // TODO use a stringstream
         std::size_t total = 0;
         std::size_t nb = 1;
 
@@ -165,6 +148,11 @@ namespace CppSockets {
         return this->bind(inet_addr(addr.c_str()), port);
     }
 
+    int Socket::bind(const IEndpoint &endpoint) {
+        // TODO: this only works for IPv4. Need to switch getFamily() to handle IPv6 / AF_UNIX ...
+        return this->bind(endpoint.getAddr().getAddress(), endpoint.getPort());
+    }
+
     int Socket::bind(std::uint32_t s_addr, int port) {
         struct sockaddr_in addr = {};
         int ret = 0;
@@ -219,7 +207,7 @@ namespace CppSockets {
         socklen_t len = sizeof(int);
 
         if (addr_out != nullptr) {
-            // TODO
+            // TODO figure it out
         }
         if (fd == INVALID_SOCKET) {
             return nullptr;
@@ -236,9 +224,9 @@ namespace CppSockets {
 
         if (ret >= 0) {
             if (val) {
-                ret = fcntl(sockfd, F_SETFL, flags | O_NONBLOCK); //NOLINT
+                ret = fcntl(sockfd, F_SETFL, flags | O_NONBLOCK); // NOLINT(cppcoreguidelines-pro-type-vararg, hicpp-vararg, hicpp-signed-bitwise)
             } else {
-                ret = fcntl(sockfd, F_SETFL, (flags | O_NONBLOCK) ^ O_NONBLOCK); //NOLINT
+                ret = fcntl(sockfd, F_SETFL, (flags | O_NONBLOCK) ^ O_NONBLOCK); // NOLINT(cppcoreguidelines-pro-type-vararg, hicpp-vararg, hicpp-signed-bitwise)
             }
         }
         if (ret < 0) {