1 /*****************************************************************************
3 *****************************************************************************
4 * Copyright (C) 2004-2016 RĂ©mi Denis-Courmont
5 * Copyright (C) 2005-2006 VLC authors and VideoLAN
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU Lesser General Public License as published by
9 * the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this program; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
20 *****************************************************************************/
27 * \defgroup transport Transport layer sockets
28 * Network stream abstraction
30 * Originally intended for the TLS protocol (Transport Layer Security),
31 * the Transport Layer Sockets now provides a generic abstraction
32 * for connection-oriented full-duplex I/O byte streams, such as TCP/IP sockets
33 * and TLS protocol sessions.
37 * Transport layer functions
40 # include <vlc_network.h>
42 /** Transport layer socket */
43 typedef struct vlc_tls
45 int (*get_fd
)(struct vlc_tls
*);
46 ssize_t (*readv
)(struct vlc_tls
*, struct iovec
*, unsigned);
47 ssize_t (*writev
)(struct vlc_tls
*, const struct iovec
*, unsigned);
48 int (*shutdown
)(struct vlc_tls
*, bool duplex
);
49 void (*close
)(struct vlc_tls
*);
55 * \defgroup tls Transport Layer Security
62 * This structure contains the credentials for establishing TLS sessions.
63 * This includes root Certificate Authorities (on client side),
64 * trust and cryptographic parameters,
65 * public certificates and private keys.
67 typedef struct vlc_tls_creds
69 struct vlc_common_members obj
;
74 vlc_tls_t
*(*open
)(struct vlc_tls_creds
*, vlc_tls_t
*sock
,
75 const char *host
, const char *const *alpn
);
76 int (*handshake
)(struct vlc_tls_creds
*, vlc_tls_t
*session
,
77 const char *hostname
, const char *service
,
78 char ** /*restrict*/ alp
);
82 * Allocates TLS credentials for a client.
83 * Credentials can be cached and reused across multiple TLS sessions.
85 * @return TLS credentials object, or NULL on error.
87 VLC_API vlc_tls_creds_t
*vlc_tls_ClientCreate(vlc_object_t
*);
90 * Allocates server TLS credentials.
92 * @param cert path to an x509 certificate (required)
93 * @param key path to the PKCS private key for the certificate,
94 * or NULL to use cert path
96 * @return TLS credentials object, or NULL on error.
98 VLC_API vlc_tls_creds_t
*vlc_tls_ServerCreate(vlc_object_t
*, const char *cert
,
101 static inline int vlc_tls_SessionHandshake (vlc_tls_creds_t
*crd
,
104 return crd
->handshake(crd
, tls
, NULL
, NULL
, NULL
);
108 * Releases TLS credentials.
110 * Releases data allocated with vlc_tls_ClientCreate() or
111 * vlc_tls_ServerCreate().
113 * @param srv object to be destroyed (or NULL)
115 VLC_API
void vlc_tls_Delete(vlc_tls_creds_t
*);
118 * Initiates a client TLS session.
120 * Initiates a Transport Layer Security (TLS) session as the client side, using
121 * trusted root CAs previously loaded with vlc_tls_ClientCreate().
123 * This is a blocking network operation and may be a thread cancellation point.
125 * @param creds X.509 credentials, i.e. set of root certificates of trusted
126 * certificate authorities
127 * @param sock socket through which to establish the secure channel
128 * @param hostname expected server name, used both as Server Name Indication
129 * and as expected Common Name of the peer certificate [IN]
130 * @param service unique identifier for the service to connect to
131 * (only used locally for certificates database) [IN]
132 * @param alpn NULL-terminated list of Application Layer Protocols
133 * to negotiate, or NULL to not negotiate protocols [IN]
134 * @param alp storage space for the negotiated Application Layer
135 * Protocol or NULL if negotiation was not performed [OUT]
137 * @note The credentials must remain valid until the session is finished.
139 * @return TLS session, or NULL on error.
141 VLC_API vlc_tls_t
*vlc_tls_ClientSessionCreate(vlc_tls_creds_t
*creds
,
145 const char *const *alpn
,
149 * Creates a TLS server session.
151 * Allocates a Transport Layer Security (TLS) session as the server side, using
152 * cryptographic keys pair and X.509 certificates chain already loaded with
153 * vlc_tls_ServerCreate().
155 * Unlike vlc_tls_ClientSessionCreate(), this function does not perform any
156 * actual network I/O. vlc_tls_SessionHandshake() must be used to perform the
157 * TLS handshake before sending and receiving data through the TLS session.
159 * This function is non-blocking and is not a cancellation point.
161 * @param creds server credentials, i.e. keys pair and X.509 certificates chain
162 * @param alpn NULL-terminated list of Application Layer Protocols
163 * to negotiate, or NULL to not negotiate protocols
165 * @return TLS session, or NULL on error.
167 VLC_API vlc_tls_t
*vlc_tls_ServerSessionCreate(vlc_tls_creds_t
*creds
,
169 const char *const *alpn
);
174 * Destroys a TLS session down.
176 * All resources associated with the TLS session are released.
178 * If the session was established successfully, then shutdown cleanly, the
179 * underlying socket can be reused. Otherwise, it must be closed. Either way,
180 * this function does not close the underlying socket: Use vlc_tls_Close()
181 * instead to close it at the same.
183 * This function is non-blocking and is not a cancellation point.
185 VLC_API
void vlc_tls_SessionDelete (vlc_tls_t
*);
187 static inline int vlc_tls_GetFD(vlc_tls_t
*tls
)
189 return tls
->get_fd(tls
);
193 * Receives data through a socket.
195 * This dequeues incoming data from a transport layer socket.
197 * @param buf received buffer start address [OUT]
198 * @param len buffer length (in bytes)
199 * @param waitall whether to wait for the exact buffer length (true),
200 * or for any amount of data (false)
202 * @note At end of stream, the number of bytes returned may be shorter than
203 * requested regardless of the "waitall" flag.
205 * @return the number of bytes actually dequeued, or -1 on error.
207 VLC_API ssize_t
vlc_tls_Read(vlc_tls_t
*, void *buf
, size_t len
, bool waitall
);
210 * Receives a text line through a socket.
212 * This dequeues one line of text from a transport layer socket.
213 * @return a heap-allocated nul-terminated string, or NULL on error
215 VLC_API
char *vlc_tls_GetLine(vlc_tls_t
*);
218 * Sends data through a socket.
220 VLC_API ssize_t
vlc_tls_Write(vlc_tls_t
*, const void *buf
, size_t len
);
223 * Shuts a connection down.
225 * This sends the connection close notification.
227 * If the TLS protocol is used, this provides a secure indication to the other
228 * end that no further data will be sent. If using plain TCP/IP, this sets the
231 * Data can still be received until a close notification is received from the
234 * @param duplex whether to stop receiving data as well
235 * @retval 0 the session was terminated securely and cleanly
236 * (the underlying socket can be reused for other purposes)
237 * @return -1 the session was terminated locally, but either a notification
238 * could not be sent or received (the underlying socket cannot be
239 * reused and must be closed)
241 static inline int vlc_tls_Shutdown(vlc_tls_t
*tls
, bool duplex
)
243 return tls
->shutdown(tls
, duplex
);
247 * Closes a connection and its underlying resources.
249 * This function closes the transport layer socket, and terminates any
250 * underlying connection. For instance, if the TLS protocol is used over a TCP
251 * stream, this function terminates both the TLS session, and then underlying
254 * To close a connection but retain any underlying resources, use
255 * vlc_tls_SessionDelete() instead.
257 static inline void vlc_tls_Close(vlc_tls_t
*session
)
261 vlc_tls_t
*p
= session
->p
;
263 vlc_tls_SessionDelete(session
);
266 while (session
!= NULL
);
270 * Creates a transport-layer stream from a socket.
272 * Creates a transport-layer I/O stream from a socket file descriptor.
273 * Data will be sent and received directly through the socket. This can be used
274 * either to share common code between non-TLS and TLS cases, or for testing
277 * This function is not a cancellation point.
279 * @deprecated This function is transitional. Do not use it directly.
281 VLC_API vlc_tls_t
*vlc_tls_SocketOpen(int fd
);
284 * Creates a connected pair of transport-layer sockets.
286 VLC_API
int vlc_tls_SocketPair(int family
, int protocol
, vlc_tls_t
*[2]);
291 * Creates a transport-layer stream from a struct addrinfo.
293 * This function tries to allocate a socket using the specified addrinfo
294 * structure. Normally, the vlc_tls_SocketOpenTCP() function takes care of
295 * this. But in some cases, it cannot be used, notably:
296 * - if the remote destination is not resolved (directly) from getaddrinfo(),
297 * - if the socket type is not SOCK_STREAM,
298 * - if the transport protocol is not TCP (IPPROTO_TCP), or
299 * - if TCP Fast Open should be attempted.
301 * @param ai a filled addrinfo structure (the ai_next member is ignored)
302 * @param defer_connect whether to attempt a TCP Fast Open connection or not
304 VLC_API vlc_tls_t
*vlc_tls_SocketOpenAddrInfo(const struct addrinfo
*ai
,
308 * Creates a transport-layer TCP stream from a name and port.
310 * This function resolves a hostname, and attempts to establish a TCP/IP
311 * connection to the specified host and port number.
313 * @note The function currently iterates through the addrinfo linked list.
314 * Future versions may implement different behaviour (e.g. RFC6555).
316 * @return a transport layer socket on success or NULL on error
318 VLC_API vlc_tls_t
*vlc_tls_SocketOpenTCP(vlc_object_t
*obj
,
319 const char *hostname
, unsigned port
);
322 * Initiates a TLS session over TCP.
324 * This function resolves a hostname, attempts to establish a TCP/IP
325 * connection to the specified host and port number, and finally attempts to
326 * establish a TLS session over the TCP/IP stream.
328 * See also vlc_tls_SocketOpenTCP() and vlc_tls_SessionCreate().
330 VLC_API vlc_tls_t
*vlc_tls_SocketOpenTLS(vlc_tls_creds_t
*crd
,
331 const char *hostname
, unsigned port
,
333 const char *const *alpn
, char **alp
);
336 static inline vlc_tls_t
*
337 vlc_tls_ClientSessionCreateFD(vlc_tls_creds_t
*crd
, int fd
, const char *host
,
338 const char *srv
, const char *const *lp
, char **p
)
340 vlc_tls_t
*sock
= vlc_tls_SocketOpen(fd
);
341 if (unlikely(sock
== NULL
))
344 vlc_tls_t
*tls
= vlc_tls_ClientSessionCreate(crd
, sock
, host
, srv
, lp
, p
);
345 if (unlikely(tls
== NULL
))