From 962e9ee345bc28749577c1fca2542a273404627d Mon Sep 17 00:00:00 2001 From: Andy Green Date: Mon, 28 Sep 2020 10:13:39 +0100 Subject: [PATCH] wip: ss c++ classes C++ APIs wrapping SS client These are intended to provide an experimental protocol-independent c++ api even more abstracted than secure streams, along the lines of "wget -Omyfile https://example.com/thing" WIP --- .gitignore | 1 + CMakeLists.txt | 4 +- cmake/lws_config.h.in | 1 + include/libwebsockets.hxx | 148 +++++++++++++++++ include/libwebsockets/lws-secure-streams.h | 8 + lib/misc/CMakeLists.txt | 3 + lib/misc/lwsac/lwsac.cxx | 80 +++++++++ lib/plat/unix/private-lib-plat-unix.h | 3 - lib/secure-streams/CMakeLists.txt | 11 ++ lib/secure-streams/cpp/README.md | 29 ++++ lib/secure-streams/cpp/lss.cxx | 154 ++++++++++++++++++ lib/secure-streams/cpp/lssFile.cxx | 132 +++++++++++++++ lib/secure-streams/cpp/lssMsg.cxx | 60 +++++++ lib/secure-streams/secure-streams.c | 44 +++-- .../minimal-secure-streams-cpp/CMakeLists.txt | 50 ++++++ .../minimal-secure-streams-cpp/main.cxx | 107 ++++++++++++ 16 files changed, 818 insertions(+), 17 deletions(-) create mode 100644 include/libwebsockets.hxx create mode 100644 lib/misc/lwsac/lwsac.cxx create mode 100644 lib/secure-streams/cpp/README.md create mode 100644 lib/secure-streams/cpp/lss.cxx create mode 100644 lib/secure-streams/cpp/lssFile.cxx create mode 100644 lib/secure-streams/cpp/lssMsg.cxx create mode 100644 minimal-examples/secure-streams/minimal-secure-streams-cpp/CMakeLists.txt create mode 100644 minimal-examples/secure-streams/minimal-secure-streams-cpp/main.cxx diff --git a/.gitignore b/.gitignore index 1fb8b7e09..fde9c9af4 100644 --- a/.gitignore +++ b/.gitignore @@ -62,3 +62,4 @@ doc /q/ /b1/ /destdir/ +/bb1/ diff --git a/CMakeLists.txt b/CMakeLists.txt index ed86af790..5e247ac52 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -63,7 +63,7 @@ if (ESP_PLATFORM) endif() # it's at this point any toolchain file is brought in -project(libwebsockets C) +project(libwebsockets C CXX) include(CTest) # @@ -125,6 +125,7 @@ endif() # Secure Streams # option(LWS_WITH_SECURE_STREAMS "Secure Streams protocol-agnostic API" OFF) +option(LWS_WITH_SECURE_STREAMS_CPP "Secure Streams C++ classes" OFF) option(LWS_WITH_SECURE_STREAMS_PROXY_API "Secure Streams support to work across processes" OFF) option(LWS_WITH_SECURE_STREAMS_SYS_AUTH_API_AMAZON_COM "Auth support for api.amazon.com" OFF) option(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY "Secure Streams Policy is hardcoded only" OFF) @@ -724,6 +725,7 @@ if ((CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX) AND NOT LWS_WITHOUT_TE # jeez clang understands -pthread but dies if he sees it at link time! # http://stackoverflow.com/questions/2391194/what-is-gs-pthread-equiv-in-clang set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -pthread" ) + list(APPEND LIB_LIST_AT_END -lpthread) endif() endif() diff --git a/cmake/lws_config.h.in b/cmake/lws_config.h.in index 7492d71d9..2c12a6107 100644 --- a/cmake/lws_config.h.in +++ b/cmake/lws_config.h.in @@ -121,6 +121,7 @@ #cmakedefine LWS_WITH_SYS_ASYNC_DNS #cmakedefine LWS_WITH_BORINGSSL #cmakedefine LWS_WITH_CGI +#cmakedefine LWS_WITH_SECURE_STREAMS_CPP #cmakedefine LWS_WITH_CUSTOM_HEADERS #cmakedefine LWS_WITH_DEPRECATED_LWS_DLL #cmakedefine LWS_WITH_DETAILED_LATENCY diff --git a/include/libwebsockets.hxx b/include/libwebsockets.hxx new file mode 100644 index 000000000..4e395a763 --- /dev/null +++ b/include/libwebsockets.hxx @@ -0,0 +1,148 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2020 Andy Green + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + * + * C++ classes for Secure Streams + */ + +#include +#include +#include +#include +#include +#include + +#include "libwebsockets.h" + +class lss; + +/* + * Exception subclass for lss-specific issues + */ + +class lssException : public std::exception +{ +private: + std::string details; +public: + lssException(std::string _details) { details = _details; } + ~lssException() throw() { } + virtual const char *what() const throw() { return details.c_str(); } +}; + +typedef struct lssbuf { + uint8_t *buf; + size_t len; +} lssbuf_t; + +class lssAc +{ +private: + struct lwsac *ac; + struct lwsac *iter; + lssAc() { ac = NULL; } + ~lssAc() { lwsac_free(&ac); } + +public: + void append(lssbuf_t *lb); + void start(bool atomic); + int get(lssbuf_t *lb); +}; + +/* + * Fixed userdata priv used with ss creation... userdata lives in the lss + * subclasses' members + */ + +class lssPriv +{ +public: + struct lws_ss_handle *m_ss; + void *m_plss; +}; + +#define userobj_to_lss(uo) ((lss *)(((lssPriv *)userobj)->m_plss)) + +/* + * The completion callback... it's called once, and state will be one of + * + * LWSSSCS_QOS_ACK_REMOTE: it completed OK + * LWSSSCS_DESTROYING: we didn't complete + * LWSSSCS_ALL_RETRIES_FAILED: " + * LWSSSCS_QOS_NACK_REMOTE: " + */ + +typedef int (*lsscomp_t)(lss *lss, lws_ss_constate_t state, void *arg); + +/* + * Base class for Secure Stream objects + */ + +class lss +{ +public: + lss(lws_ctx_t _ctx, std::string _uri, lsscomp_t _comp, bool _psh, + lws_sscb_rx rx, lws_sscb_tx tx, lws_sscb_state state); + virtual ~lss(); + int call_completion(lws_ss_constate_t state); + + lsscomp_t comp; + struct lws_ss_handle *m_ss; + uint64_t rxlen; + lws_usec_t us_start; + +private: + lws_ctx_t ctx; + char *uri; + lws_ss_policy_t pol; + bool comp_done; +}; + +/* + * Subclass of lss for atomic messages on heap + */ + +class lssMsg : public lss +{ +public: + lssMsg(lws_ctx_t _ctx, lsscomp_t _comp, std::string _uri); + virtual ~lssMsg(); +}; + +/* + * Subclass of lss for file transactions + */ + +class lssFile : public lss +{ +public: + lssFile(lws_ctx_t _ctx, std::string _uri, std::string _path, + lsscomp_t _comp, bool _psh); + virtual ~lssFile(); + lws_ss_state_return_t write(const uint8_t *buf, size_t len, int flags); + + std::string path; + +private: + lws_filefd_type fd; + bool push; +}; diff --git a/include/libwebsockets/lws-secure-streams.h b/include/libwebsockets/lws-secure-streams.h index 0daadd442..8d65691a8 100644 --- a/include/libwebsockets/lws-secure-streams.h +++ b/include/libwebsockets/lws-secure-streams.h @@ -327,6 +327,8 @@ typedef lws_ss_state_return_t (*lws_sscb_state)(void *userobj, void *h_src, lws_ss_constate_t state, lws_ss_tx_ordinal_t ack); +struct lws_ss_policy; + typedef struct lws_ss_info { const char *streamtype; /**< type of stream we want to create */ size_t user_alloc; /**< size of user allocation */ @@ -336,6 +338,12 @@ typedef struct lws_ss_info { /**< offset of opaque user data ptr in user_alloc type, set to offsetof(mytype, opaque_ud_member) */ +#if defined(LWS_WITH_SECURE_STREAMS_CPP) + const struct lws_ss_policy *policy; + /**< Normally NULL, or a locally-generated policy to apply to this + * connection instead of a named streamtype */ +#endif + lws_sscb_rx rx; /**< callback with rx payload for this stream */ lws_sscb_tx tx; diff --git a/lib/misc/CMakeLists.txt b/lib/misc/CMakeLists.txt index d1ec93bff..d8979f918 100644 --- a/lib/misc/CMakeLists.txt +++ b/lib/misc/CMakeLists.txt @@ -80,6 +80,9 @@ if (LWS_WITH_LWSAC) list(APPEND SOURCES misc/lwsac/cached-file.c) endif() + if (LWS_WITH_SECURE_STREAMS_CPP) + list(APPEND SOURCES misc/lwsac/lwsac.cxx) + endif() endif() if (NOT LWS_WITHOUT_BUILTIN_SHA1) diff --git a/lib/misc/lwsac/lwsac.cxx b/lib/misc/lwsac/lwsac.cxx new file mode 100644 index 000000000..cea3fb2f7 --- /dev/null +++ b/lib/misc/lwsac/lwsac.cxx @@ -0,0 +1,80 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2020 Andy Green + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + * + * C++ classes for Secure Streams - atomic heap messages + */ + +#include +#include "private-lib-misc-lwsac.h" + +void +lssAc::start(bool atomic) +{ + if (atomic && ac->next) { + struct lwsac *ac2 = NULL, *i; + size_t total = (size_t)lwsac_total_alloc(ac); + uint8_t *p = (uint8_t *)lwsac_use(&ac2, total, total); + + /* + * He wants a single linear buffer, and we have more than one + * piece... let's make a new, single one, copy the fragments + * in and replace the fragmented one with the unified copy. + */ + + i = ac; + while (i) { + size_t bl = lwsac_get_tail_pos(i) - + lwsac_sizeof(i == ac); + memcpy(p, (uint8_t *)i + lwsac_sizeof(i == ac), bl); + p += bl; + } + + lwsac_free(&ac); + ac = ac2; + } + + iter = ac; +} + +int +lssAc::get(lssbuf_t *lb) +{ + if (!ac) + return 1; + + lb->buf = (uint8_t *)iter + lwsac_sizeof(iter == ac); + lb->len = lwsac_get_tail_pos(iter) - lwsac_sizeof(iter == ac); + iter = iter->next; + + return 0; +} + +void +lssAc::append(lssbuf_t *lb) +{ + uint8_t *p = (uint8_t *)lwsac_use(&ac, lb->len, lb->len); + + if (!p) + throw lssException("oom"); + memcpy(p, lb->buf, lb->len); +} diff --git a/lib/plat/unix/private-lib-plat-unix.h b/lib/plat/unix/private-lib-plat-unix.h index c894aff22..6d0ab8490 100644 --- a/lib/plat/unix/private-lib-plat-unix.h +++ b/lib/plat/unix/private-lib-plat-unix.h @@ -196,9 +196,6 @@ delete_from_fd(const struct lws_context *context, int fd); #define MSG_NOSIGNAL 0 #endif -int -lws_plat_BINDTODEVICE(int fd, const char *ifname); - int lws_plat_rawudp_broadcast(uint8_t *p, const uint8_t *canned, int canned_len, int n, int fd, const char *iface); diff --git a/lib/secure-streams/CMakeLists.txt b/lib/secure-streams/CMakeLists.txt index ba3d13c48..38e73c419 100644 --- a/lib/secure-streams/CMakeLists.txt +++ b/lib/secure-streams/CMakeLists.txt @@ -78,6 +78,17 @@ if (LWS_WITH_CLIENT) ) endif() + if (LWS_WITH_SECURE_STREAMS_CPP) + list(APPEND SOURCES secure-streams/cpp/lss.cxx) + + if (LWS_ROLE_H1 OR LWS_ROLE_H2) + list(APPEND SOURCES secure-streams/cpp/lssFile.cxx) + endif() + + if (LWS_ROLE_WS) + list(APPEND SOURCES secure-streams/cpp/lssMsg.cxx) + endif() + endif() # # Helper function for adding a secure stream plugin diff --git a/lib/secure-streams/cpp/README.md b/lib/secure-streams/cpp/README.md new file mode 100644 index 000000000..975c92e47 --- /dev/null +++ b/lib/secure-streams/cpp/README.md @@ -0,0 +1,29 @@ +## Secure Streams client C++ API + +Enable for build by selecting `-DLWS_WITH_SECURE_STREAMS=1 -DLWS_WITH_SECURE_STREAMS_CPP=1` at +cmake. + +Because it's designed for OpenSSL + system trust bundle, the minimal +example minimal-secure-streams-cpp requires `-DLWS_WITH_MINIMAL_EXAMPLES=1 -DLWS_WITH_MBEDTLS=0` + +By default the -cpp example downloads https://warmcat.com/test-a.bin to the local +file /tmp/test-a.bin. By giving, eg, -c 4, you can run four concurrent downloads of +files test-a.bin through test-d.bin... up to 12 files may be downloaded concurrently. + +By default it will connect over h2 and share the single connection between all the +downloads. + +### File level api + +``` +#include + +... + + new lssFile(context, "https://warmcat.com/index.html", + "/tmp/index.html", lss_completion, 0); +``` + +This will copy the remote url to the given local file, and call the +completion callback when it has succeeded or failed. + diff --git a/lib/secure-streams/cpp/lss.cxx b/lib/secure-streams/cpp/lss.cxx new file mode 100644 index 000000000..d25eed55e --- /dev/null +++ b/lib/secure-streams/cpp/lss.cxx @@ -0,0 +1,154 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2020 Andy Green + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + * + * C++ classes for Secure Streams + */ + +#include + +static const char *pcols[] = { + "http://", /* LWSSSP_H1 */ + "https://", + "h2://", /* LWSSSP_H2 */ + "h2s://", + "ws://", /* LWSSSP_WS */ + "wss://", + "mqtt://", /* LWSSSP_MQTT */ + "mqtts://", + "raw://", /* LWSSSP_RAW */ + "raws://", +}; + +static const uint8_t pcols_len[] = { + 7, 8, 5, 6, 5, 6, 7, 8, 6, 7 +}; + +static const uint16_t pcols_port[] = { + 80, 443, 443, 443, 80, 443, 1883, 8883, 80, 443 +}; + +lss::lss(lws_ctx_t _ctx, std::string _uri, lsscomp_t _comp, bool _psh, + lws_sscb_rx rx, lws_sscb_tx tx, lws_sscb_state state) +{ + const char *p, *urlpath; + lws_ss_info_t ssi; + int n, port; + + memset(&ssi, 0, sizeof(ssi)); + memset(&pol, 0, sizeof(pol)); + + ctx = _ctx; + comp = _comp; + comp_done = 0; + rxlen = 0; + + /* + * We have a common stub userdata, our "real" userdata is in the + * derived class members. The Opaque user pointer points to the + * lss itself. + */ + + ssi.handle_offset = offsetof(lssPriv, lssPriv::m_ss); + ssi.opaque_user_data_offset = offsetof(lssPriv, lssPriv::m_plss); + + ssi.user_alloc = sizeof(lssPriv); + ssi.rx = rx; + ssi.tx = tx; + ssi.state = state; + ssi.policy = &pol; /* we will provide our own policy */ + + /* + * _uri is like "https://warmcat.com:443/index.html"... we need to + * deconstruct it into its policy implications + */ + + uri = strdup(_uri.c_str()); + + for (n = 0; n < LWS_ARRAY_SIZE(pcols); n++) + if (!strncmp(uri, pcols[n], pcols_len[n])) + break; + + if (n == LWS_ARRAY_SIZE(pcols)) + throw lssException("unknown uri protocol://"); + + pol.protocol = n >> 1; + if (n & 1) + pol.flags |= LWSSSPOLF_TLS; + + n = pcols_port[n]; + + if (lws_parse_uri(uri, &p, &pol.endpoint, &n, &urlpath)) + throw lssException("unable to parse uri://"); + + pol.port = (uint16_t)n; + + if (pol.protocol <= LWSSSP_WS) { + pol.u.http.url = urlpath; + + /* + * These are workarounds for common h2 server noncompliances + */ + + pol.flags |= LWSSSPOLF_QUIRK_NGHTTP2_END_STREAM | + LWSSSPOLF_H2_QUIRK_OVERFLOWS_TXCR | + LWSSSPOLF_H2_QUIRK_UNCLEAN_HPACK_STATE; + + if (pol.protocol < LWSSSP_WS) + pol.u.http.method = _psh ? "POST" : "GET"; + } + + us_start = lws_now_usecs(); + + if (lws_ss_create(ctx, 0, &ssi, (void *)this, &m_ss, NULL, NULL)) + goto blow; + + if (pol.protocol <= LWSSSP_WS) + lws_ss_client_connect(m_ss); + + return; + +blow: + if (uri) + free(uri); + throw lssException("ss creation failed"); +} + +lss::~lss() +{ + if (uri) + free(uri); + if (m_ss) + lws_ss_destroy(&m_ss); +} + +int lss::call_completion(lws_ss_constate_t state) +{ + if (comp_done) + return 0; + if (!comp) + return 0; + + comp_done = 1; + + return comp(this, state, NULL); +} diff --git a/lib/secure-streams/cpp/lssFile.cxx b/lib/secure-streams/cpp/lssFile.cxx new file mode 100644 index 000000000..838a89d61 --- /dev/null +++ b/lib/secure-streams/cpp/lssFile.cxx @@ -0,0 +1,132 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2020 Andy Green + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + * + * C++ classes for Secure Streams - file transaction + */ + +#include + +#include +#include +#include + +static lws_ss_state_return_t +lssfile_rx(void *userobj, const uint8_t *buf, size_t len, int flags) +{ + lssFile *lf = (lssFile *)userobj_to_lss(userobj); + + return lf->write(buf, len, flags); +} + +static lws_ss_state_return_t +lssfile_tx(void *userobj, lws_ss_tx_ordinal_t ord,uint8_t *buf, size_t *len, + int *flags) +{ + /* + * TODO: we don't know how to send things yet + */ + return LWSSSSRET_TX_DONT_SEND; +} + +static lws_ss_state_return_t +lssfile_state(void *userobj, void *h_src, lws_ss_constate_t state, + lws_ss_tx_ordinal_t ack) +{ + lssFile *lf = (lssFile *)userobj_to_lss(userobj); + + lwsl_info("%s: state %s\n", __func__, lws_ss_state_name(state)); + + switch (state) { + + /* + * These reflect some kind of final disposition for the transaction, + * that we want to report along with the completion. If no other chance + * we'll report DESTROYING + */ + + case LWSSSCS_DESTROYING: + case LWSSSCS_ALL_RETRIES_FAILED: + case LWSSSCS_QOS_ACK_REMOTE: + case LWSSSCS_QOS_NACK_REMOTE: + lf->call_completion(state); + + if (state == LWSSSCS_DESTROYING) { + /* + * we get DESTROYING because we are already in the + * middle of destroying the m_ss, unlink the C++ lss + * from the ss handle so it won't recursively try to + * destroy it + */ + lf->m_ss = NULL; + delete lf; + } + + break; + } + + return LWSSSSRET_OK; +} + +lws_ss_state_return_t lssFile::write(const uint8_t *buf, size_t len, int flags) +{ + if (fd == LWS_INVALID_FILE) { + + fd = open(path.c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0640); + if (fd == LWS_INVALID_FILE) + return LWSSSSRET_DESTROY_ME; + } + + if (::write(fd, buf, len) != len) { + close(fd); + fd = LWS_INVALID_FILE; + + return LWSSSSRET_DESTROY_ME; + } + + rxlen += len; + + if (flags & LWSSS_FLAG_EOM) { + close(fd); + fd = LWS_INVALID_FILE; + } + + return LWSSSSRET_OK; +} + +lssFile::lssFile(lws_ctx_t ctx, std::string uri, std::string _path, + lsscomp_t comp, bool _psh) : + lss(ctx, uri, comp, _psh, lssfile_rx, lssfile_tx, lssfile_state) +{ + path = _path; + push = _psh; + fd = LWS_INVALID_FILE; +} + +lssFile::~lssFile() +{ + if (fd == LWS_INVALID_FILE) + return; + + close(fd); + fd = LWS_INVALID_FILE; +} diff --git a/lib/secure-streams/cpp/lssMsg.cxx b/lib/secure-streams/cpp/lssMsg.cxx new file mode 100644 index 000000000..13092d7df --- /dev/null +++ b/lib/secure-streams/cpp/lssMsg.cxx @@ -0,0 +1,60 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2020 Andy Green + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + * + * C++ classes for Secure Streams - atomic heap messages + */ + +#include + +static lws_ss_state_return_t +lssmsg_rx(void *userobj, const uint8_t *buf, size_t len, int flags) +{ + return LWSSSSRET_OK; +} + +static lws_ss_state_return_t +lssmsg_tx(void *userobj, lws_ss_tx_ordinal_t ord,uint8_t *buf, size_t *len, + int *flags) +{ + /* + * TODO: we don't know how to send things yet + */ + return LWSSSSRET_TX_DONT_SEND; +} + +static lws_ss_state_return_t +lssmsg_state(void *userobj, void *h_src, lws_ss_constate_t state, + lws_ss_tx_ordinal_t ack) +{ + return LWSSSSRET_OK; +} + + +lssMsg::lssMsg(lws_ctx_t ctx, lsscomp_t _comp, std::string uri) : + lss(ctx, uri, comp, 0, lssmsg_rx, lssmsg_tx, lssmsg_state) +{ +} + +lssMsg::~lssMsg() +{ +} diff --git a/lib/secure-streams/secure-streams.c b/lib/secure-streams/secure-streams.c index aecb0e3f0..9af6b15f0 100644 --- a/lib/secure-streams/secure-streams.c +++ b/lib/secure-streams/secure-streams.c @@ -517,12 +517,19 @@ lws_ss_create(struct lws_context *context, int tsi, const lws_ss_info_t *ssi, char *p; int n; - pol = lws_ss_policy_lookup(context, ssi->streamtype); +#if defined(LWS_WITH_SECURE_STREAMS_CPP) + pol = ssi->policy; if (!pol) { - lwsl_info("%s: unknown stream type %s\n", __func__, - ssi->streamtype); - return 1; +#endif + pol = lws_ss_policy_lookup(context, ssi->streamtype); + if (!pol) { + lwsl_info("%s: unknown stream type %s\n", __func__, + ssi->streamtype); + return 1; + } +#if defined(LWS_WITH_SECURE_STREAMS_CPP) } +#endif if (ssi->flags & LWSSSINFLAGS_REGISTER_SINK) { /* @@ -562,7 +569,8 @@ lws_ss_create(struct lws_context *context, int tsi, const lws_ss_info_t *ssi, * ... when we come to destroy it, just one free to do. */ - size = sizeof(*h) + ssi->user_alloc + strlen(ssi->streamtype) + 1; + size = sizeof(*h) + ssi->user_alloc + + (ssi->streamtype ? strlen(ssi->streamtype): 0) + 1; #if defined(LWS_WITH_SSPLUGINS) if (pol->plugins[0]) size += pol->plugins[0]->alloc; @@ -623,7 +631,8 @@ lws_ss_create(struct lws_context *context, int tsi, const lws_ss_info_t *ssi, smd = smd->next; } - memcpy(p, ssi->streamtype, strlen(ssi->streamtype) + 1); + if (ssi->streamtype) + memcpy(p, ssi->streamtype, strlen(ssi->streamtype) + 1); /* don't mark accepted ss as being the server */ if (ssi->flags & LWSSSINFLAGS_SERVER) h->info.flags &= ~LWSSSINFLAGS_SERVER; @@ -804,6 +813,9 @@ void lws_ss_destroy(lws_ss_handle_t **ppss) { struct lws_context_per_thread *pt; +#if defined(LWS_WITH_SERVER) + struct lws_vhost *v = NULL; +#endif lws_ss_handle_t *h = *ppss; lws_ss_metadata_t *pmd; @@ -847,7 +859,18 @@ lws_ss_destroy(lws_ss_handle_t **ppss) lws_dll2_remove(&h->to_list); lws_sul_cancel(&h->sul_timeout); + /* + * for lss, DESTROYING deletes the C++ lss object, making the + * self-defined h->policy radioactive + */ + +#if defined(LWS_WITH_SERVER) + if (h->policy->flags & LWSSSPOLF_SERVER) + v = lws_get_vhost_by_name(h->context, h->policy->streamtype); +#endif + (void)lws_ss_event_helper(h, LWSSSCS_DESTROYING); + lws_pt_unlock(pt); /* in proxy case, metadata value on heap may need cleaning up */ @@ -879,18 +902,13 @@ lws_ss_destroy(lws_ss_handle_t **ppss) #endif #if defined(LWS_WITH_SERVER) - if (h->policy->flags & LWSSSPOLF_SERVER) { - struct lws_vhost *v = lws_get_vhost_by_name(h->context, - h->policy->streamtype); - + if (v) /* * For server, the policy describes a vhost that implements the * server, when we take down the ss, we take down the related * vhost (if it got that far) */ - if (v) - lws_vhost_destroy(v); - } + lws_vhost_destroy(v); #endif /* confirm no sul left scheduled in handle or user allocation object */ diff --git a/minimal-examples/secure-streams/minimal-secure-streams-cpp/CMakeLists.txt b/minimal-examples/secure-streams/minimal-secure-streams-cpp/CMakeLists.txt new file mode 100644 index 000000000..1f26c572c --- /dev/null +++ b/minimal-examples/secure-streams/minimal-secure-streams-cpp/CMakeLists.txt @@ -0,0 +1,50 @@ +project(lws-minimal-secure-streams-cpp CXX) +cmake_minimum_required(VERSION 2.8.12) +find_package(libwebsockets CONFIG REQUIRED) +list(APPEND CMAKE_MODULE_PATH ${LWS_CMAKE_DIR}) +include(CheckCSourceCompiles) +include(LwsCheckRequirements) + +set(SAMP lws-minimal-secure-streams-cpp) + +set(requirements 1) +require_lws_config(LWS_ROLE_H1 1 requirements) +require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) +require_lws_config(LWS_WITH_MBEDTLS 0 requirements) +require_lws_config(LWS_WITH_SECURE_STREAMS 1 requirements) +require_lws_config(LWS_WITH_SECURE_STREAMS_CPP 1 requirements) +require_lws_config(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY 0 requirements) + +if (requirements) + add_executable(${SAMP} main.cxx) + + if (LWS_CTEST_INTERNET_AVAILABLE) + add_test(NAME sscpp-warmcat COMMAND lws-minimal-secure-streams-cpp) + set_tests_properties(sscpp-warmcat + PROPERTIES + WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/minimal-examples/secure-streams/minimal-secure-streams-cpp + TIMEOUT 20) + endif() + + if (websockets_shared) + target_link_libraries(${SAMP} websockets_shared ${LIBWEBSOCKETS_DEP_LIBS}) + add_dependencies(${SAMP} websockets_shared) + else() + target_link_libraries(${SAMP} websockets ${LIBWEBSOCKETS_DEP_LIBS}) + endif() + + CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\ni#if defined(LWS_WITH_SECURE_STREAMS_PROXY_API)\n return 0;\n #else\n fail\n #endif\n return 0;\n}\n" HAS_LWS_WITH_SECURE_STREAMS_PROXY_API) + + if (HAS_LWS_WITH_SECURE_STREAMS_PROXY_API OR LWS_WITH_SECURE_STREAMS_PROXY_API) + add_compile_options(-DLWS_SS_USE_SSPC) + + add_executable(${SAMP}-client main.cxx) + if (websockets_shared) + target_link_libraries(${SAMP}-client websockets_shared ${LIBWEBSOCKETS_DEP_LIBS}) + add_dependencies(${SAMP}-client websockets_shared) + else() + target_link_libraries(${SAMP}-client websockets ${LIBWEBSOCKETS_DEP_LIBS}) + endif() + endif() + +endif() diff --git a/minimal-examples/secure-streams/minimal-secure-streams-cpp/main.cxx b/minimal-examples/secure-streams/minimal-secure-streams-cpp/main.cxx new file mode 100644 index 000000000..e6f051fd7 --- /dev/null +++ b/minimal-examples/secure-streams/minimal-secure-streams-cpp/main.cxx @@ -0,0 +1,107 @@ +/* + * lws-minimal-secure-streams-cpp + * + * Written in 2020 by Andy Green + * + * This file is made available under the Creative Commons CC0 1.0 + * Universal Public Domain Dedication. + * + * This demonstrates a minimal http client using secure streams C++ api to + * fetch files over https to the local filesystem + */ + +#include +#include +#include + +static int interrupted, bad = 1, concurrent = 1, completed; + +static int +lss_completion(lss *lss, lws_ss_constate_t state, void *arg) +{ + lssFile *lf = (lssFile *)lss; + + if (state == LWSSSCS_QOS_ACK_REMOTE) { + lwsl_notice("%s: %s: len %llu, done OK %dms\n", __func__, + lf->path.c_str(), (unsigned long long)lf->rxlen, + (int)((lws_now_usecs() - lf->us_start) / 1000)); + } else + lwsl_notice("%s: %s: failed\n", __func__, lf->path.c_str()); + + if (++completed == concurrent) { + interrupted = 1; + bad = 0; + } + + return 0; +} + +static void +sigint_handler(int sig) +{ + interrupted = 1; +} + +int main(int argc, const char **argv) +{ + struct lws_context_creation_info info; + struct lws_context *context; + const char *p; + + signal(SIGINT, sigint_handler); + + memset(&info, 0, sizeof info); + lws_cmdline_option_handle_builtin(argc, argv, &info); + + if ((p = lws_cmdline_option(argc, argv, "-c"))) + concurrent = atoi(p); + + if (concurrent > 12) + concurrent = 12; + + lwsl_user("LWS secure streams cpp test client " + "[-d] [-c]\n"); + + info.fd_limit_per_thread = 1 + 12 + 1; + info.port = CONTEXT_PORT_NO_LISTEN; + info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; + + /* create the context */ + + context = lws_create_context(&info); + if (!context) { + lwsl_err("lws init failed\n"); + return 1; + } + + try { + + for (int n = 0; n < concurrent; n++) { + std::string url, filepath; + + url = "https://warmcat.com/test-"; + url += ('a' + n); + url += ".bin"; + + filepath = "/tmp/test-"; + filepath += ('a' + n); + filepath += ".bin"; + + new lssFile(context, url, filepath, lss_completion, 0); + } + } catch (std::exception &e) { + lwsl_err("%s: failed to create ss: %s\n", __func__, e.what()); + interrupted = 1; + } + + /* the event loop */ + + while (!interrupted && lws_service(context, 0) >= 0) + ; + + lws_context_destroy(context); + + lwsl_user("Completed: %s\n", bad ? "failed" : "OK"); + + return bad; +}