libwebsockets/lib/secure-streams/CMakeLists.txt

#
# libwebsockets - small server side websockets and web server implementation
#
# Copyright (C) 2010 - 2020 Andy Green <andy@warmcat.com>
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
#

include_directories(.)

if (LWS_WITH_CLIENT)
	list(APPEND SOURCES
			secure-streams/secure-streams.c
			secure-streams/policy-common.c
			secure-streams/system/captive-portal-detect/captive-portal-detect.c
			secure-streams/protocols/ss-raw.c
		)
		if (NOT LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY)
			list(APPEND SOURCES
				secure-streams/policy-json.c
				secure-streams/system/fetch-policy/fetch-policy.c
			)
		endif()
		if (LWS_ROLE_H1)
			list(APPEND SOURCES
				secure-streams/protocols/ss-h1.c
			)
		endif()
		if (LWS_ROLE_H2)
			list(APPEND SOURCES
				secure-streams/protocols/ss-h2.c
			)
		endif()
		if (LWS_ROLE_WS)
			list(APPEND SOURCES
				secure-streams/protocols/ss-ws.c
			)
		endif()
		if (LWS_ROLE_MQTT)
			list(APPEND SOURCES
				secure-streams/protocols/ss-mqtt.c
			)
		endif()

		if (LWS_WITH_SECURE_STREAMS_PROXY_API)
			list(APPEND SOURCES
				secure-streams/serialized/proxy/proxy.c
				secure-streams/serialized/proxy/proxy-transport.c
				secure-streams/serialized/proxy/proxy-transport-wsi.c
				secure-streams/serialized/proxy/proxy-deserialize.c
				secure-streams/serialized/client/sspc.c
				secure-streams/serialized/client/sspc-transport.c
				secure-streams/serialized/client/sspc-transport-wsi.c
				secure-streams/serialized/client/sspc-deserialize.c
				core-net/transport-mux-client.c
				core-net/transport-mux-common.c
				core-net/transport-mux-proxy.c
			)
		endif()

		if (LWS_WITH_SECURE_STREAMS_SYS_AUTH_API_AMAZON_COM AND
		    LWS_WITH_SYS_STATE)
			list(APPEND SOURCES
				secure-streams/system/auth-api.amazon.com/auth.c
			)
		endif()

		if (LWS_WITH_SECURE_STREAMS_AUTH_SIGV4)
			list(APPEND SOURCES
				secure-streams/system/auth-sigv4/sign.c
			)
		endif()


		if (LWS_WITH_SECURE_STREAMS_CPP)
			list(APPEND SOURCES secure-streams/cpp/lss.cxx)

			if (LWS_ROLE_H1 OR LWS_ROLE_H2)
				list(APPEND SOURCES secure-streams/cpp/lssFile.cxx)
			endif()

			if (LWS_ROLE_WS)
				list(APPEND SOURCES secure-streams/cpp/lssMsg.cxx)
			endif()
		endif()

	#
	# Helper function for adding a secure stream plugin
	#
	macro(create_ss_plugin NAME S2 S3 S4 S5 S6)

		set(SSP_SRCS)
		set(SSP_PUBLIC_HDR)
		set(SSP_HDR)

		if ("${S2}" STREQUAL "")
		else()
			list(APPEND SSP_SRCS plugins/${NAME}/${S2})
		endif()
		if ("${S3}" STREQUAL "")
		else()
			list(APPEND SSP_SRCS plugins/${NAME}/${S3})
		endif()
		if ("${S4}" STREQUAL "")
		else()
			list(APPEND SSP_SRCS plugins/${NAME}/${S4})
		endif()
		if ("${S5}" STREQUAL "")
		else()
			list(APPEND SSP_SRCS plugins/${NAME}/${S5})
		endif()
		if ("${S6}" STREQUAL "")
		else()
			list(APPEND SSP_SRCS plugins/${NAME}/${S6})
		endif()

		source_group("Headers Private"  FILES ${SSP_HDR})
		source_group("Sources"		FILES ${SSP_SRCS})

		add_library( ${NAME} STATIC
			     ${SSP_HDR} ${SSP_PUBLIC_HDR} ${SSP_SRCS} )

		target_include_directories(${NAME} PRIVATE "${LWS_LIB_INCLUDES}" ${LWS_LIB_BUILD_INC_PATHS})

		if (NOT LWS_PLAT_FREERTOS)
	                add_dependencies(${NAME} websockets_shared)
		endif()
		list(APPEND SS_PLUGINS_LIST ${NAME})
	endmacro()

	#	create_ss_plugin(ssp-h1url "h1url.c" "" "" "" "")
endif()

#
# Keep explicit parent scope exports at end
#

exports_to_parent_scope()
cmakelist: Augean Stables refactor Establish a new distributed CMake architecture with CMake code related to a source directory moving to be in the subdir in its own CMakeLists.txt. In particular, there's now one in ./lib which calls through to ones further down the directory tree like ./lib/plat/xxx, ./lib/roles/xxx etc. This cuts the main CMakelists.txt from 98KB -> 33KB, about a 66% reduction, and it's much easier to maintain sub-CMakeLists.txt that are in the same directory as the sources they manage, and conceal all the details that that level. Child CMakelists.txt become responsible for: - include_directories() definition (this is not supported by CMake directly, it passes it back up via PARENT_SCOPE vars in helper macros) - Addition child CMakeLists.txt inclusion, for example toplevel -> role -> role subdir - Source file addition to the build - Dependent library path resolution... this is now a private thing in the child CMakeLists.txt, it just passes back any adaptations to include_directories() and the LIB_LIST without filling the parent namespace with the details 2020-05-22 16:47:40 +01:00			`#`
			`# libwebsockets - small server side websockets and web server implementation`
			`#`
			`# Copyright (C) 2010 - 2020 Andy Green <andy@warmcat.com>`
			`#`
			`# Permission is hereby granted, free of charge, to any person obtaining a copy`
			`# of this software and associated documentation files (the "Software"), to`
			`# deal in the Software without restriction, including without limitation the`
			`# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or`
			`# sell copies of the Software, and to permit persons to whom the Software is`
			`# furnished to do so, subject to the following conditions:`
			`#`
			`# The above copyright notice and this permission notice shall be included in`
			`# all copies or substantial portions of the Software.`
			`#`
			`# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR`
			`# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,`
			`# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE`
			`# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER`
			`# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING`
			`# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS`
			`# IN THE SOFTWARE.`
			`#`

			`include_directories(.)`

content_info: make members conditional 2020-06-17 11:13:01 +01:00			`if (LWS_WITH_CLIENT)`
cmakelist: Augean Stables refactor Establish a new distributed CMake architecture with CMake code related to a source directory moving to be in the subdir in its own CMakeLists.txt. In particular, there's now one in ./lib which calls through to ones further down the directory tree like ./lib/plat/xxx, ./lib/roles/xxx etc. This cuts the main CMakelists.txt from 98KB -> 33KB, about a 66% reduction, and it's much easier to maintain sub-CMakeLists.txt that are in the same directory as the sources they manage, and conceal all the details that that level. Child CMakelists.txt become responsible for: - include_directories() definition (this is not supported by CMake directly, it passes it back up via PARENT_SCOPE vars in helper macros) - Addition child CMakeLists.txt inclusion, for example toplevel -> role -> role subdir - Source file addition to the build - Dependent library path resolution... this is now a private thing in the child CMakeLists.txt, it just passes back any adaptations to include_directories() and the LIB_LIST without filling the parent namespace with the details 2020-05-22 16:47:40 +01:00			`list(APPEND SOURCES`
			`secure-streams/secure-streams.c`
			`secure-streams/policy-common.c`
			`secure-streams/system/captive-portal-detect/captive-portal-detect.c`
			`secure-streams/protocols/ss-raw.c`
			`)`
			`if (NOT LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY)`
			`list(APPEND SOURCES`
			`secure-streams/policy-json.c`
			`secure-streams/system/fetch-policy/fetch-policy.c`
			`)`
			`endif()`
			`if (LWS_ROLE_H1)`
			`list(APPEND SOURCES`
			`secure-streams/protocols/ss-h1.c`
			`)`
			`endif()`
			`if (LWS_ROLE_H2)`
			`list(APPEND SOURCES`
			`secure-streams/protocols/ss-h2.c`
			`)`
			`endif()`
			`if (LWS_ROLE_WS)`
			`list(APPEND SOURCES`
			`secure-streams/protocols/ss-ws.c`
			`)`
			`endif()`
			`if (LWS_ROLE_MQTT)`
			`list(APPEND SOURCES`
			`secure-streams/protocols/ss-mqtt.c`
			`)`
			`endif()`

			`if (LWS_WITH_SECURE_STREAMS_PROXY_API)`
			`list(APPEND SOURCES`
sspc: refactor to allow different transports This is a NOP for existing usecases. At the moment the only implemented transport for serialized SS is wsi, it's typically used with Unix Domain Sockets, but it also works over tcp the same. It generalizes the interface between serialized chunks and the transport, separately for client and proxy. The wsi transport is migrated to use the new transport ops structs. It will then be possible to "bring your own transport", so long as it is reliable, and in-order, both for proxy and client / sspc. We also adapt minimal-secure-streams-binance to build the -client variant via SS proxy as well. LWS_ONLY_SSPC is added so libwebsockets can be produced with just sspc client support even for tiny targets. A new embedded minimal example for rpi pico is also provided that demonstrates using Serialized SS over a UART to an SS proxy, to implement the SS Binance example on the pico, even though it has no networking itself. 2021-08-25 09:35:07 +01:00			`secure-streams/serialized/proxy/proxy.c`
			`secure-streams/serialized/proxy/proxy-transport.c`
			`secure-streams/serialized/proxy/proxy-transport-wsi.c`
			`secure-streams/serialized/proxy/proxy-deserialize.c`
			`secure-streams/serialized/client/sspc.c`
			`secure-streams/serialized/client/sspc-transport.c`
			`secure-streams/serialized/client/sspc-transport-wsi.c`
			`secure-streams/serialized/client/sspc-deserialize.c`
			`core-net/transport-mux-client.c`
			`core-net/transport-mux-common.c`
			`core-net/transport-mux-proxy.c`
cmakelist: Augean Stables refactor Establish a new distributed CMake architecture with CMake code related to a source directory moving to be in the subdir in its own CMakeLists.txt. In particular, there's now one in ./lib which calls through to ones further down the directory tree like ./lib/plat/xxx, ./lib/roles/xxx etc. This cuts the main CMakelists.txt from 98KB -> 33KB, about a 66% reduction, and it's much easier to maintain sub-CMakeLists.txt that are in the same directory as the sources they manage, and conceal all the details that that level. Child CMakelists.txt become responsible for: - include_directories() definition (this is not supported by CMake directly, it passes it back up via PARENT_SCOPE vars in helper macros) - Addition child CMakeLists.txt inclusion, for example toplevel -> role -> role subdir - Source file addition to the build - Dependent library path resolution... this is now a private thing in the child CMakeLists.txt, it just passes back any adaptations to include_directories() and the LIB_LIST without filling the parent namespace with the details 2020-05-22 16:47:40 +01:00			`)`
			`endif()`

context: option to disable system state management 2020-06-23 13:19:30 +01:00			`if (LWS_WITH_SECURE_STREAMS_SYS_AUTH_API_AMAZON_COM AND`
			`LWS_WITH_SYS_STATE)`
cmakelist: Augean Stables refactor Establish a new distributed CMake architecture with CMake code related to a source directory moving to be in the subdir in its own CMakeLists.txt. In particular, there's now one in ./lib which calls through to ones further down the directory tree like ./lib/plat/xxx, ./lib/roles/xxx etc. This cuts the main CMakelists.txt from 98KB -> 33KB, about a 66% reduction, and it's much easier to maintain sub-CMakeLists.txt that are in the same directory as the sources they manage, and conceal all the details that that level. Child CMakelists.txt become responsible for: - include_directories() definition (this is not supported by CMake directly, it passes it back up via PARENT_SCOPE vars in helper macros) - Addition child CMakeLists.txt inclusion, for example toplevel -> role -> role subdir - Source file addition to the build - Dependent library path resolution... this is now a private thing in the child CMakeLists.txt, it just passes back any adaptations to include_directories() and the LIB_LIST without filling the parent namespace with the details 2020-05-22 16:47:40 +01:00			`list(APPEND SOURCES`
			`secure-streams/system/auth-api.amazon.com/auth.c`
			`)`
			`endif()`

ss: auth: sigv4 Add SS pieces for Sigv4 auth support 2020-12-29 16:42:25 -08:00			`if (LWS_WITH_SECURE_STREAMS_AUTH_SIGV4)`
			`list(APPEND SOURCES`
			`secure-streams/system/auth-sigv4/sign.c`
			`)`
			`endif()`


wip: ss c++ classes C++ APIs wrapping SS client These are intended to provide an experimental protocol-independent c++ api even more abstracted than secure streams, along the lines of "wget -Omyfile https://example.com/thing" WIP 2020-09-28 10:13:39 +01:00			`if (LWS_WITH_SECURE_STREAMS_CPP)`
			`list(APPEND SOURCES secure-streams/cpp/lss.cxx)`

			`if (LWS_ROLE_H1 OR LWS_ROLE_H2)`
			`list(APPEND SOURCES secure-streams/cpp/lssFile.cxx)`
			`endif()`

			`if (LWS_ROLE_WS)`
			`list(APPEND SOURCES secure-streams/cpp/lssMsg.cxx)`
			`endif()`
			`endif()`
cmakelist: Augean Stables refactor Establish a new distributed CMake architecture with CMake code related to a source directory moving to be in the subdir in its own CMakeLists.txt. In particular, there's now one in ./lib which calls through to ones further down the directory tree like ./lib/plat/xxx, ./lib/roles/xxx etc. This cuts the main CMakelists.txt from 98KB -> 33KB, about a 66% reduction, and it's much easier to maintain sub-CMakeLists.txt that are in the same directory as the sources they manage, and conceal all the details that that level. Child CMakelists.txt become responsible for: - include_directories() definition (this is not supported by CMake directly, it passes it back up via PARENT_SCOPE vars in helper macros) - Addition child CMakeLists.txt inclusion, for example toplevel -> role -> role subdir - Source file addition to the build - Dependent library path resolution... this is now a private thing in the child CMakeLists.txt, it just passes back any adaptations to include_directories() and the LIB_LIST without filling the parent namespace with the details 2020-05-22 16:47:40 +01:00
			`#`
			`# Helper function for adding a secure stream plugin`
			`#`
			`macro(create_ss_plugin NAME S2 S3 S4 S5 S6)`

			`set(SSP_SRCS)`
			`set(SSP_PUBLIC_HDR)`
			`set(SSP_HDR)`

			`if ("${S2}" STREQUAL "")`
			`else()`
			`list(APPEND SSP_SRCS plugins/${NAME}/${S2})`
			`endif()`
			`if ("${S3}" STREQUAL "")`
			`else()`
			`list(APPEND SSP_SRCS plugins/${NAME}/${S3})`
			`endif()`
			`if ("${S4}" STREQUAL "")`
			`else()`
			`list(APPEND SSP_SRCS plugins/${NAME}/${S4})`
			`endif()`
			`if ("${S5}" STREQUAL "")`
			`else()`
			`list(APPEND SSP_SRCS plugins/${NAME}/${S5})`
			`endif()`
			`if ("${S6}" STREQUAL "")`
			`else()`
			`list(APPEND SSP_SRCS plugins/${NAME}/${S6})`
			`endif()`

			`source_group("Headers Private" FILES ${SSP_HDR})`
			`source_group("Sources" FILES ${SSP_SRCS})`

			`add_library( ${NAME} STATIC`
			`${SSP_HDR} ${SSP_PUBLIC_HDR} ${SSP_SRCS} )`
ss: static policy: dynamic vhost instantiation Presently a vh is allocated per trust store at policy parsing-time, this is no problem on a linux-class device or if you decide you need a dynamic policy for functionality reasons. However if you're in a constrained enough situation that the static policy makes sense, in the case your trust stores do not have 100% duty cycle, ie, are anyway always in use, the currently-unused vhosts and their x.509 stack are sitting there taking up heap for no immediate benefit. This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and associated x.509 tls contexts are not instantiated until a secure stream using them is created; they are refcounted, and when the last logical secure stream using a vhost is destroyed, the vhost and its tls context is also destroyed. If another ss connection is created that wants to use the trust store, the vhost and x.509 context is regenerated again as needed. Currently the refcounting is by ss, it's also possible to move the refcounting to be by connection. The choice is between the delay to generate the vh being visisble at logical ss creation-time, or at connection-time. It's anyway not preferable to have ss instantiated and taking up space with no associated connection or connection attempt underway. NB you will need to reprocess any static policies after this patch so they conform to the trust_store changes. 2020-07-20 07:28:28 +01:00
cmakelist: Augean Stables refactor Establish a new distributed CMake architecture with CMake code related to a source directory moving to be in the subdir in its own CMakeLists.txt. In particular, there's now one in ./lib which calls through to ones further down the directory tree like ./lib/plat/xxx, ./lib/roles/xxx etc. This cuts the main CMakelists.txt from 98KB -> 33KB, about a 66% reduction, and it's much easier to maintain sub-CMakeLists.txt that are in the same directory as the sources they manage, and conceal all the details that that level. Child CMakelists.txt become responsible for: - include_directories() definition (this is not supported by CMake directly, it passes it back up via PARENT_SCOPE vars in helper macros) - Addition child CMakeLists.txt inclusion, for example toplevel -> role -> role subdir - Source file addition to the build - Dependent library path resolution... this is now a private thing in the child CMakeLists.txt, it just passes back any adaptations to include_directories() and the LIB_LIST without filling the parent namespace with the details 2020-05-22 16:47:40 +01:00			`target_include_directories(${NAME} PRIVATE "${LWS_LIB_INCLUDES}" ${LWS_LIB_BUILD_INC_PATHS})`

ss: static policy: dynamic vhost instantiation Presently a vh is allocated per trust store at policy parsing-time, this is no problem on a linux-class device or if you decide you need a dynamic policy for functionality reasons. However if you're in a constrained enough situation that the static policy makes sense, in the case your trust stores do not have 100% duty cycle, ie, are anyway always in use, the currently-unused vhosts and their x.509 stack are sitting there taking up heap for no immediate benefit. This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and associated x.509 tls contexts are not instantiated until a secure stream using them is created; they are refcounted, and when the last logical secure stream using a vhost is destroyed, the vhost and its tls context is also destroyed. If another ss connection is created that wants to use the trust store, the vhost and x.509 context is regenerated again as needed. Currently the refcounting is by ss, it's also possible to move the refcounting to be by connection. The choice is between the delay to generate the vh being visisble at logical ss creation-time, or at connection-time. It's anyway not preferable to have ss instantiated and taking up space with no associated connection or connection attempt underway. NB you will need to reprocess any static policies after this patch so they conform to the trust_store changes. 2020-07-20 07:28:28 +01:00			`if (NOT LWS_PLAT_FREERTOS)`
			`add_dependencies(${NAME} websockets_shared)`
			`endif()`
cmakelist: Augean Stables refactor Establish a new distributed CMake architecture with CMake code related to a source directory moving to be in the subdir in its own CMakeLists.txt. In particular, there's now one in ./lib which calls through to ones further down the directory tree like ./lib/plat/xxx, ./lib/roles/xxx etc. This cuts the main CMakelists.txt from 98KB -> 33KB, about a 66% reduction, and it's much easier to maintain sub-CMakeLists.txt that are in the same directory as the sources they manage, and conceal all the details that that level. Child CMakelists.txt become responsible for: - include_directories() definition (this is not supported by CMake directly, it passes it back up via PARENT_SCOPE vars in helper macros) - Addition child CMakeLists.txt inclusion, for example toplevel -> role -> role subdir - Source file addition to the build - Dependent library path resolution... this is now a private thing in the child CMakeLists.txt, it just passes back any adaptations to include_directories() and the LIB_LIST without filling the parent namespace with the details 2020-05-22 16:47:40 +01:00			`list(APPEND SS_PLUGINS_LIST ${NAME})`
			`endmacro()`

ss: server: h1, h2, ws basic support Add initial support for defining servers using Secure Streams policy and api semantics. Serving h1, h2 and ws should be functional, the new minimal example shows a combined http + SS server with an incrementing ws message shown in the browser over tls, in around 200 lines of user code. NOP out anything to do with plugins, they're not currently used. Update the docs correspondingly. 2020-07-27 10:03:12 +01:00			`# create_ss_plugin(ssp-h1url "h1url.c" "" "" "" "")`
content_info: make members conditional 2020-06-17 11:13:01 +01:00			`endif()`
cmakelist: Augean Stables refactor Establish a new distributed CMake architecture with CMake code related to a source directory moving to be in the subdir in its own CMakeLists.txt. In particular, there's now one in ./lib which calls through to ones further down the directory tree like ./lib/plat/xxx, ./lib/roles/xxx etc. This cuts the main CMakelists.txt from 98KB -> 33KB, about a 66% reduction, and it's much easier to maintain sub-CMakeLists.txt that are in the same directory as the sources they manage, and conceal all the details that that level. Child CMakelists.txt become responsible for: - include_directories() definition (this is not supported by CMake directly, it passes it back up via PARENT_SCOPE vars in helper macros) - Addition child CMakeLists.txt inclusion, for example toplevel -> role -> role subdir - Source file addition to the build - Dependent library path resolution... this is now a private thing in the child CMakeLists.txt, it just passes back any adaptations to include_directories() and the LIB_LIST without filling the parent namespace with the details 2020-05-22 16:47:40 +01:00
			`#`
			`# Keep explicit parent scope exports at end`
			`#`

			`exports_to_parent_scope()`