dd/d94/net__ssl_8h_source.html

// Copyright (c) 2006-2013, Andrey N. Sabelnikov, www.sabelnikov.net

// All rights reserved.

//

// Redistribution and use in source and binary forms, with or without

// modification, are permitted provided that the following conditions are met:

// * Redistributions of source code must retain the above copyright

// notice, this list of conditions and the following disclaimer.

// * Redistributions in binary form must reproduce the above copyright

// notice, this list of conditions and the following disclaimer in the

// documentation and/or other materials provided with the distribution.

// * Neither the name of the Andrey N. Sabelnikov nor the

// names of its contributors may be used to endorse or promote products

// derived from this software without specific prior written permission.

//

// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND

// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER  BE LIABLE FOR ANY

// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND

// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

//


#ifndef _NET_SSL_H

#define _NET_SSL_H


#include <chrono>

#include <stdint.h>

#include <string>

#include <vector>

#include <boost/utility/string_ref.hpp>

#include <boost/asio/io_context.hpp>

#include <boost/asio/ip/tcp.hpp>

#include <boost/asio/ssl.hpp>

#include <boost/filesystem/path.hpp>

#include <boost/system/error_code.hpp>


#define SSL_FINGERPRINT_SIZE 32


namespace epee

{

namespace net_utils

{


    enum class ssl_support_t: uint8_t {

        e_ssl_support_disabled,

        e_ssl_support_enabled,

        e_ssl_support_autodetect,

    };


  enum class ssl_verification_t : uint8_t

  {

    none = 0,

    system_ca,

    user_certificates,

    user_ca

  };


  struct ssl_authentication_t

  {

    std::string private_key_path;

    std::string certificate_path;


    void use_ssl_certificate(boost::asio::ssl::context &ssl_context) const;

  };


  class ssl_options_t

  {

    // force sorted behavior in private

    std::vector<std::vector<std::uint8_t>> fingerprints_;


  public:

    std::string ca_path;

    ssl_authentication_t auth;

    ssl_support_t support;

    ssl_verification_t verification;


    ssl_options_t(ssl_support_t support)

      : fingerprints_(),

        ca_path(),

        auth(),

        support(support),

        verification(support == ssl_support_t::e_ssl_support_disabled ? ssl_verification_t::none : ssl_verification_t::system_ca)

    {}


    ssl_options_t(std::vector<std::vector<std::uint8_t>> fingerprints, std::string ca_path);


    ssl_options_t(const ssl_options_t&) = default;

    ssl_options_t(ssl_options_t&&) = default;


    ssl_options_t& operator=(const ssl_options_t&) = default;

    ssl_options_t& operator=(ssl_options_t&&) = default;


    explicit operator bool() const noexcept { return support != ssl_support_t::e_ssl_support_disabled; }


    bool has_strong_verification(boost::string_ref host) const noexcept;


    bool has_fingerprint(boost::asio::ssl::verify_context &ctx) const;


    void configure(

      boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket,

      boost::asio::ssl::stream_base::handshake_type type,

      const std::string& host = {}) const;

    boost::asio::ssl::context create_context() const;


    bool handshake(

      boost::asio::io_context& io_context,

      boost::asio::ssl::stream<boost::asio::ip::tcp::socket> &socket,

      boost::asio::ssl::stream_base::handshake_type type,

      boost::asio::const_buffer buffer = {},

      const std::string& host = {},

      std::chrono::milliseconds timeout = std::chrono::seconds(15)) const;

  };


        // https://security.stackexchange.com/questions/34780/checking-client-hello-for-https-classification

    constexpr size_t get_ssl_magic_size() { return 9; }

    bool is_ssl(const unsigned char *data, size_t len);

    bool ssl_support_from_string(ssl_support_t &ssl, boost::string_ref s);


    bool create_ec_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert);

    bool create_rsa_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert);


  boost::system::error_code store_ssl_keys(boost::asio::ssl::context& ssl, const boost::filesystem::path& base);

}

}


#endif //_NET_SSL_H

s
#define s(x, c)
Definition aesb.c:47

epee::net_utils::ssl_options_t::create_context
boost::asio::ssl::context create_context() const
Definition net_ssl.cpp:304

epee::net_utils::ssl_options_t::handshake
bool handshake(boost::asio::io_context &io_context, boost::asio::ssl::stream< boost::asio::ip::tcp::socket > &socket, boost::asio::ssl::stream_base::handshake_type type, boost::asio::const_buffer buffer={}, const std::string &host={}, std::chrono::milliseconds timeout=std::chrono::seconds(15)) const
Definition net_ssl.cpp:554

epee::net_utils::ssl_options_t::configure
void configure(boost::asio::ssl::stream< boost::asio::ip::tcp::socket > &socket, boost::asio::ssl::stream_base::handshake_type type, const std::string &host={}) const
configure ssl_stream handshake verification
Definition net_ssl.cpp:501

epee::net_utils::ssl_options_t::verification
ssl_verification_t verification
Definition net_ssl.h:85

epee::net_utils::ssl_options_t::ca_path
std::string ca_path
Definition net_ssl.h:82

epee::net_utils::ssl_options_t::ssl_options_t
ssl_options_t(const ssl_options_t &)=default

epee::net_utils::ssl_options_t::ssl_options_t
ssl_options_t(ssl_support_t support)
Verification is set to system ca unless SSL is disabled.
Definition net_ssl.h:88

epee::net_utils::ssl_options_t::has_strong_verification
bool has_strong_verification(boost::string_ref host) const noexcept
Definition net_ssl.cpp:444

epee::net_utils::ssl_options_t::operator=
ssl_options_t & operator=(const ssl_options_t &)=default

epee::net_utils::ssl_options_t::fingerprints_
std::vector< std::vector< std::uint8_t > > fingerprints_
Definition net_ssl.h:79

epee::net_utils::ssl_options_t::auth
ssl_authentication_t auth
Definition net_ssl.h:83

epee::net_utils::ssl_options_t::ssl_options_t
ssl_options_t(ssl_options_t &&)=default

epee::net_utils::ssl_options_t::has_fingerprint
bool has_fingerprint(boost::asio::ssl::verify_context &ctx) const
Search against internal fingerprints. Always false if behavior() != user_certificate_check.
Definition net_ssl.cpp:463

epee::net_utils::ssl_options_t::operator=
ssl_options_t & operator=(ssl_options_t &&)=default

const
#define const
Definition ipfrdr.c:80

base
Definition base.py:1

epee::net_utils::ssl_verification_t
ssl_verification_t
Definition net_ssl.h:56

epee::net_utils::ssl_verification_t::user_certificates
@ user_certificates
Verify peer via specific (non-chain) certificate(s) only.
Definition net_ssl.h:59

epee::net_utils::ssl_verification_t::none
@ none
Do not verify peer.
Definition net_ssl.h:57

epee::net_utils::ssl_verification_t::system_ca
@ system_ca
Verify peer via system ca only (do not inspect user certificates).
Definition net_ssl.h:58

epee::net_utils::ssl_verification_t::user_ca
@ user_ca
Verify peer via specific (possibly chain) certificate(s) only.
Definition net_ssl.h:60

epee::net_utils::store_ssl_keys
boost::system::error_code store_ssl_keys(boost::asio::ssl::context &ssl, const boost::filesystem::path &base)
Store private key for ssl at base + ".key" unencrypted and certificate for ssl at base + "....
Definition net_ssl.cpp:667

epee::net_utils::is_ssl
bool is_ssl(const unsigned char *data, size_t len)
Definition net_ssl.cpp:424

epee::net_utils::get_ssl_magic_size
constexpr size_t get_ssl_magic_size()
Definition net_ssl.h:150

epee::net_utils::ssl_support_from_string
bool ssl_support_from_string(ssl_support_t &ssl, boost::string_ref s)
Definition net_ssl.cpp:654

epee::net_utils::create_rsa_ssl_certificate
bool create_rsa_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert)
Definition net_ssl.cpp:143

epee::net_utils::create_ec_ssl_certificate
bool create_ec_ssl_certificate(EVP_PKEY *&pkey, X509 *&cert)

epee::net_utils::ssl_support_t
ssl_support_t
Definition net_ssl.h:49

epee::net_utils::ssl_support_t::e_ssl_support_disabled
@ e_ssl_support_disabled
Definition net_ssl.h:50

epee::net_utils::ssl_support_t::e_ssl_support_autodetect
@ e_ssl_support_autodetect
Definition net_ssl.h:52

epee::net_utils::ssl_support_t::e_ssl_support_enabled
@ e_ssl_support_enabled
Definition net_ssl.h:51

epee
TODO: (mj-xmr) This will be reduced in an another PR.
Definition byte_slice.h:40

support
Definition support.py:1

stdint.h

uint8_t
unsigned char uint8_t
Definition stdint.h:124

epee::net_utils::ssl_authentication_t
Definition net_ssl.h:64

epee::net_utils::ssl_authentication_t::certificate_path
std::string certificate_path
Certificate used for authentication to peer.
Definition net_ssl.h:66

epee::net_utils::ssl_authentication_t::private_key_path
std::string private_key_path
Private key used for authentication.
Definition net_ssl.h:65

epee::net_utils::ssl_authentication_t::use_ssl_certificate
void use_ssl_certificate(boost::asio::ssl::context &ssl_context) const
Load private_key_path and certificate_path into ssl_context.
Definition net_ssl.cpp:413

data
std::string data
Definition base58.cpp:37