From 4b2919c207a4bee259698c13cbb7aace0e45c942 Mon Sep 17 00:00:00 2001
From: Alexey Shchepin <alexey@process-one.net>
Date: Sun, 25 Jul 2004 21:27:56 +0000
Subject: * src/tls/: Library for TLS support (not completed)

* src/ejabberd_auth.erl: Now uses two LDAP connections

* src/ejabberd_c2s.erl: Return resource on get_presence request
(thanks to Mickael Remond)

* src/mod_configure2.erl: Bugfix (thanks to Sergei Golovan)

* src/msgs/ua.msg: New Ukrainian translation (thanks to usercard)

* src/msgs/nl.msg: Updated (thanks to Sander Devrieze)

SVN Revision: 247
---
 src/tls/tls.erl   | 138 +++++++++++++++++++++++++++++++++++++++
 src/tls/tls_drv.c | 188 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 326 insertions(+)
 create mode 100644 src/tls/tls.erl
 create mode 100644 src/tls/tls_drv.c

(limited to 'src/tls')

diff --git a/src/tls/tls.erl b/src/tls/tls.erl
new file mode 100644
index 000000000..d444bb7ee
--- /dev/null
+++ b/src/tls/tls.erl
@@ -0,0 +1,138 @@
+%%%----------------------------------------------------------------------
+%%% File    : tls.erl
+%%% Author  : Alexey Shchepin <alexey@sevcom.net>
+%%% Purpose : Interface to openssl
+%%% Created : 24 Jul 2004 by Alexey Shchepin <alexey@sevcom.net>
+%%% Id      : $Id$
+%%%----------------------------------------------------------------------
+
+-module(tls).
+-author('alexey@sevcom.net').
+-vsn('$Revision$ ').
+
+-behaviour(gen_server).
+
+-export([start/0, start_link/0, convert/3, test/0]).
+
+%% Internal exports, call-back functions.
+-export([init/1,
+	 handle_call/3,
+	 handle_cast/2,
+	 handle_info/2,
+	 code_change/3,
+	 terminate/2]).
+
+-define(SET_CERTIFICATE_FILE, 1).
+-define(SET_ENCRYPTED_INPUT,  2).
+-define(SET_DECRYPTED_OUTPUT, 3).
+-define(GET_ENCRYPTED_OUTPUT, 4).
+-define(GET_DECRYPTED_INPUT,  5).
+
+-define(DECRYPTED_INPUT, 1).
+-define(ENCRYPTED_OUTPUT, 2).
+
+
+start() ->
+    gen_server:start({local, ?MODULE}, ?MODULE, [], []).
+
+start_link() ->
+    gen_server:start_link({local, ?MODULE}, ?MODULE, [], []).
+
+init([]) ->
+    ok = erl_ddll:load_driver(ejabberd:get_so_path(), tls_drv),
+    Port = open_port({spawn, tls_drv}, [binary]),
+    Res = port_control(Port, ?SET_CERTIFICATE_FILE, "./ssl.pem" ++ [0]),
+    case Res of
+	[0] ->
+	    %ets:new(iconv_table, [set, public, named_table]),
+	    %ets:insert(iconv_table, {port, Port}),
+	    {ok, Port};
+	[1 | Error] ->
+	    {error, Error}
+    end.
+
+
+%%% --------------------------------------------------------
+%%% The call-back functions.
+%%% --------------------------------------------------------
+
+handle_call(_, _, State) ->
+    {noreply, State}.
+
+handle_cast(_, State) ->
+    {noreply, State}.
+
+handle_info({'EXIT', Pid, Reason}, Port) ->
+    {noreply, Port};
+
+handle_info({'EXIT', Port, Reason}, Port) ->
+    {stop, {port_died, Reason}, Port};
+handle_info(_, State) ->
+    {noreply, State}.
+
+code_change(OldVsn, State, Extra) ->
+    {ok, State}.
+
+terminate(_Reason, Port) ->
+    Port ! {self, close},
+    ok.
+
+
+
+convert(From, To, String) ->
+    [{port, Port} | _] = ets:lookup(iconv_table, port),
+    Bin = term_to_binary({From, To, String}),
+    BRes = port_control(Port, 1, Bin),
+    binary_to_list(BRes).
+
+
+test() ->
+    ok = erl_ddll:load_driver(ejabberd:get_so_path(), tls_drv),
+    Port = open_port({spawn, tls_drv}, [binary]),
+    io:format("open_port: ~p~n", [Port]),
+    PCRes = port_control(Port, ?SET_CERTIFICATE_FILE, "./ssl.pem" ++ [0]),
+    io:format("port_control: ~p~n", [PCRes]),
+    {ok, ListenSocket} = gen_tcp:listen(1234, [binary,
+					       {packet, 0}, 
+					       {active, true},
+					       {reuseaddr, true},
+					       {nodelay, true}]),
+    io:format("listen: ~p~n", [ListenSocket]),
+    {ok, Socket} = gen_tcp:accept(ListenSocket),
+    io:format("accept: ~p~n", [Socket]),
+    loop(Port, Socket).
+
+
+loop(Port, Socket) ->
+    receive
+	{tcp, Socket, Data} ->
+	    %io:format("read: ~p~n", [Data]),
+	    Res = port_control(Port, ?SET_ENCRYPTED_INPUT, Data),
+	    %io:format("SET_ENCRYPTED_INPUT: ~p~n", [Res]),
+
+	    DIRes = port_control(Port, ?GET_DECRYPTED_INPUT, Data),
+	    %io:format("GET_DECRYPTED_INPUT: ~p~n", [DIRes]),
+	    case DIRes of
+		[0 | In] ->
+		    io:format("input: ~s~n", [In]);
+		[1 | DIError] ->
+		    io:format("GET_DECRYPTED_INPUT error: ~p~n", [DIError])
+	    end,
+
+	    EORes = port_control(Port, ?GET_ENCRYPTED_OUTPUT, Data),
+	    %io:format("GET_ENCRYPTED_OUTPUT: ~p~n", [EORes]),
+	    case EORes of
+		[0 | Out] ->
+		    gen_tcp:send(Socket, Out);
+		[1 | EOError] ->
+		    io:format("GET_ENCRYPTED_OUTPUT error: ~p~n", [EOError])
+	    end,
+		    
+
+	    loop(Port, Socket);
+	Msg ->
+	    io:format("receive: ~p~n", [Msg]),
+	    loop(Port, Socket)
+    end.
+
+
diff --git a/src/tls/tls_drv.c b/src/tls/tls_drv.c
new file mode 100644
index 000000000..23d42b464
--- /dev/null
+++ b/src/tls/tls_drv.c
@@ -0,0 +1,188 @@
+/* $Id$ */
+
+#include <stdio.h>
+#include <string.h>
+#include <erl_driver.h>
+#include <openssl/ssl.h>
+
+
+#define BUF_SIZE 1024
+
+typedef struct {
+      ErlDrvPort port;
+      SSL_CTX *ctx;
+      BIO *bio_read;
+      BIO *bio_write;
+      SSL *ssl;
+} tls_data;
+
+
+static ErlDrvData tls_drv_start(ErlDrvPort port, char *buff)
+{
+   tls_data *d = (tls_data *)driver_alloc(sizeof(tls_data));
+   d->port = port;
+   d->ctx = NULL;
+   d->bio_read = NULL;
+   d->bio_write = NULL;
+   d->ssl = NULL;
+
+   return (ErlDrvData)d;
+}
+
+static void tls_drv_stop(ErlDrvData handle)
+{
+   // TODO
+   //XML_ParserFree(((tls_data *)handle)->parser);
+   driver_free((char *)handle);
+}
+
+
+#define SET_CERTIFICATE_FILE 1
+#define SET_ENCRYPTED_INPUT  2
+#define SET_DECRYPTED_OUTPUT 3
+#define GET_ENCRYPTED_OUTPUT 4
+#define GET_DECRYPTED_INPUT  5
+
+#define DECRYPTED_INPUT 1
+#define ENCRYPTED_OUTPUT 2
+
+#define die_unless(cond, errstr)			\
+	 if (!(cond))					\
+	 {						\
+	    rlen = strlen(errstr) + 1;			\
+	    *rbuf = driver_alloc(rlen);			\
+	    *rbuf[0] = 1;				\
+	    strncpy(*rbuf + 1, errstr, rlen - 1);	\
+	    return rlen;				\
+	 }
+
+
+static int tls_drv_control(ErlDrvData handle,
+			   unsigned int command,
+			   char *buf, int len,
+			   char **rbuf, int rlen)
+{
+   tls_data *d = (tls_data *)handle;
+   int res;
+   int size;
+
+   switch (command)
+   {
+      case SET_CERTIFICATE_FILE:
+	 d->ctx = SSL_CTX_new(SSLv23_server_method());
+	 die_unless(d->ctx, "SSL_CTX_new failed");
+
+	 res = SSL_CTX_use_certificate_file(d->ctx, buf, SSL_FILETYPE_PEM);
+	 die_unless(res > 0, "SSL_CTX_use_certificate_file failed");
+
+	 res = SSL_CTX_use_PrivateKey_file(d->ctx, buf, SSL_FILETYPE_PEM);
+	 die_unless(res > 0, "SSL_CTX_use_PrivateKey_file failed");
+
+	 res = SSL_CTX_check_private_key(d->ctx);
+	 die_unless(res > 0, "SSL_CTX_check_private_key failed");
+
+	 d->ssl = SSL_new(d->ctx);
+	 die_unless(d->ssl, "SSL_new failed");
+
+	 d->bio_read = BIO_new(BIO_s_mem());
+	 d->bio_write = BIO_new(BIO_s_mem());
+
+	 SSL_set_bio(d->ssl, d->bio_read, d->bio_write);
+
+	 SSL_set_accept_state(d->ssl);
+	 break;
+      case SET_ENCRYPTED_INPUT:
+	 BIO_write(d->bio_read, buf, len);
+	 break;
+      case SET_DECRYPTED_OUTPUT:
+	 res = SSL_write(d->ssl, buf, len);
+	 break;
+      case GET_ENCRYPTED_OUTPUT:
+	 size = BUF_SIZE + 1;
+	 rlen = 1;
+	 *rbuf = driver_alloc(size);
+	 *rbuf[0] = 0;
+	 while ((res = BIO_read(d->bio_write, *rbuf + rlen, BUF_SIZE)) > 0)
+	 {
+	    printf("%d bytes of encrypted data read from state machine\r\n", res);
+
+	    rlen += res;
+	    size += BUF_SIZE;
+	    *rbuf = driver_realloc(*rbuf, size);
+	 }
+	 return rlen;
+      case GET_DECRYPTED_INPUT:
+	 if (!SSL_is_init_finished(d->ssl))
+	 {
+	    printf("Doing SSL_accept\r\n");
+	    res = SSL_accept(d->ssl);
+	    if (res == 0)
+	       printf("SSL_accept returned zero\r\n");
+	    if (res < 0)
+	       die_unless(SSL_get_error(d->ssl, res) == SSL_ERROR_WANT_READ,
+			  "SSL_accept failed");
+	 } else {
+	    size = BUF_SIZE + 1;
+	    rlen = 1;
+	    *rbuf = driver_alloc(size);
+	    *rbuf[0] = 0;
+
+
+	    while ((res = SSL_read(d->ssl, *rbuf + rlen, BUF_SIZE)) > 0)
+	    {
+	       printf("%d bytes of decrypted data read from state machine\r\n",res);
+	       rlen += res;
+	       size += BUF_SIZE;
+	       *rbuf = driver_realloc(*rbuf, size);
+	    }
+
+	    if (res < 0)
+	    {
+	       int err = SSL_get_error(d->ssl, res);
+
+	       if (err == SSL_ERROR_WANT_READ)
+	       {
+		  printf("SSL_read wants more data\r\n");
+		  //return 0;
+	       }
+	       // TODO
+	    }
+	    return rlen;
+	 }
+	 break;
+   }
+
+   if (command == SET_ENCRYPTED_INPUT || command == SET_DECRYPTED_OUTPUT)
+   {
+
+   }
+
+   *rbuf = driver_alloc(1);
+   *rbuf[0] = 0;
+   return 1;
+}
+
+
+ErlDrvEntry tls_driver_entry = {
+   NULL,			/* F_PTR init, N/A */
+   tls_drv_start,		/* L_PTR start, called when port is opened */
+   tls_drv_stop,		/* F_PTR stop, called when port is closed */
+   NULL,			/* F_PTR output, called when erlang has sent */
+   NULL,			/* F_PTR ready_input, called when input descriptor ready */
+   NULL,			/* F_PTR ready_output, called when output descriptor ready */
+   "tls_drv",			/* char *driver_name, the argument to open_port */
+   NULL,			/* F_PTR finish, called when unloaded */
+   NULL,			/* handle */
+   tls_drv_control,		/* F_PTR control, port_command callback */
+   NULL,			/* F_PTR timeout, reserved */
+   NULL				/* F_PTR outputv, reserved */
+};
+
+DRIVER_INIT(tls_drv) /* must match name in driver_entry */
+{
+   OpenSSL_add_ssl_algorithms();
+   SSL_load_error_strings();
+   return &tls_driver_entry;
+}
+
+
-- 
cgit v1.2.3