Merge branch 'feature/tls'

Add TLS support to the client and server. What is known working is
support of anonymous mode with generated DH params. Mildly tested
by hand over localhost.

5 files changed, 125 insertions, 2 deletions

diff --git a/include/osmo-pcap/Makefile.am b/include/osmo-pcap/Makefile.am
index 1a446bc..b71e70c 100644
--- a/include/osmo-pcap/Makefile.am
+++ b/include/osmo-pcap/Makefile.am
@@ -1 +1 @@
-noinst_HEADERS = common.h osmo_pcap_client.h osmo_pcap_server.h wireformat.h
+noinst_HEADERS = common.h osmo_pcap_client.h osmo_pcap_server.h wireformat.h osmo_tls.h
diff --git a/include/osmo-pcap/common.h b/include/osmo-pcap/common.h
index b8f8110..fff452f 100644
--- a/include/osmo-pcap/common.h
+++ b/include/osmo-pcap/common.h
@@ -34,6 +34,7 @@ enum {
 	DCLIENT,
 	DSERVER,
 	DVTY,
+	DTLS,
 	Debug_LastEntry,
 };
 
diff --git a/include/osmo-pcap/osmo_pcap_client.h b/include/osmo-pcap/osmo_pcap_client.h
index ee81e50..b8ceb38 100644
--- a/include/osmo-pcap/osmo_pcap_client.h
+++ b/include/osmo-pcap/osmo_pcap_client.h
@@ -20,6 +20,8 @@
  *
  */
 
+#include "osmo_tls.h"
+
 #include <inttypes.h>
 #include <pcap.h>
 
@@ -64,6 +66,20 @@ struct osmo_pcap_client {
 	struct osmo_wqueue wqueue;
 	struct osmo_timer_list timer;
 
+	/* TLS handling */
+	bool tls_on;
+	bool tls_verify;
+	char *tls_hostname;
+	char *tls_capath;
+	char *tls_priority;
+
+	char *tls_client_cert;
+	char *tls_client_key;
+
+	unsigned tls_log_level;
+
+	struct osmo_tls_session tls_session;
+
 	/* statistics */
 	struct rate_ctr_group *ctrg;
 };
@@ -79,3 +95,5 @@ void osmo_client_send_data(struct osmo_pcap_client *client,
 			   struct pcap_pkthdr *hdr, const uint8_t *data);
 void osmo_client_send_link(struct osmo_pcap_client *client);
 void osmo_client_connect(struct osmo_pcap_client *);
+
+void osmo_client_reconnect(struct osmo_pcap_client *);
diff --git a/include/osmo-pcap/osmo_pcap_server.h b/include/osmo-pcap/osmo_pcap_server.h
index a386a2a..c1d318e 100644
--- a/include/osmo-pcap/osmo_pcap_server.h
+++ b/include/osmo-pcap/osmo_pcap_server.h
@@ -24,9 +24,11 @@
 #define OSMO_PCAP_SERVER_H
 
 #include "wireformat.h"
+#include "osmo_tls.h"
 
 #include <osmocom/core/select.h>
 #include <osmocom/core/linuxlist.h>
+#include <osmocom/core/write_queue.h>
 
 #include <sys/socket.h>
 #include <netinet/in.h>
@@ -34,6 +36,7 @@
 
 #include <pcap.h>
 
+#include <stdbool.h>
 #include <time.h>
 
 struct rate_ctr_group;
@@ -74,7 +77,7 @@ struct osmo_pcap_conn {
 	struct in_addr remote_addr;
 
 	/* Remote connection */
-	struct osmo_fd rem_fd;
+	struct osmo_wqueue rem_wq;
 	int local_fd;
 	char *curr_filename;
 
@@ -93,6 +96,12 @@ struct osmo_pcap_conn {
 
 	/* statistics */
 	struct rate_ctr_group *ctrg;
+
+	/* tls */
+	bool tls_use;
+	bool direct_read;
+	size_t tls_limit_read;
+	struct osmo_tls_session tls_session;
 };
 
 struct osmo_pcap_server {
@@ -108,6 +117,20 @@ struct osmo_pcap_server {
 	void *zmq_ctx;
 	void *zmq_publ;
 
+	/* tls base */
+	bool tls_on;
+	bool tls_allow_anon;
+	bool tls_allow_x509;
+	unsigned tls_log_level;
+	char *tls_priority;
+	char *tls_capath;
+	char *tls_crlfile;
+	char *tls_server_cert;
+	char *tls_server_key;
+	char *tls_dh_pkcs3;
+	gnutls_dh_params_t dh_params;
+	bool dh_params_allocated;
+
 	char *base_path;
 	off_t max_size;
 
@@ -125,5 +148,6 @@ struct osmo_pcap_conn *osmo_pcap_server_find(struct osmo_pcap_server *ser,
 void osmo_pcap_server_delete(struct osmo_pcap_conn *conn);
 void vty_server_init(struct osmo_pcap_server *server);
 void osmo_pcap_server_close_trace(struct osmo_pcap_conn *conn);
+void osmo_pcap_server_close_conn(struct osmo_pcap_conn *conn);
 
 #endif
diff --git a/include/osmo-pcap/osmo_tls.h b/include/osmo-pcap/osmo_tls.h
new file mode 100644
index 0000000..0637739
--- /dev/null
+++ b/include/osmo-pcap/osmo_tls.h
@@ -0,0 +1,80 @@
+/*
+ * osmo-pcap TLS code
+ *
+ * (C) 2016 by Holger Hans Peter Freyther <holger@moiji-mobile.com>
+ * All Rights Reserved
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+#pragma once
+
+#include <gnutls/gnutls.h>
+#include <gnutls/abstract.h>
+
+#include <stdbool.h>
+#include <stdint.h>
+
+struct osmo_fd;
+struct osmo_wqueue;
+struct osmo_pcap_client;
+struct osmo_pcap_conn;
+struct osmo_pcap_server;
+
+struct osmo_tls_session {
+	bool in_use;
+	bool need_handshake;
+	bool need_resend;
+	gnutls_session_t session;
+
+	/* any credentials */
+	bool anon_alloc;
+	gnutls_anon_client_credentials_t anon_cred;
+	bool anon_serv_alloc;
+	gnutls_anon_server_credentials_t anon_serv_cred;
+
+	/* a x509 cert credential */
+	bool cert_alloc;
+	gnutls_certificate_credentials_t cert_cred;
+
+	/* the private certificate */
+	bool pcert_alloc;
+	gnutls_pcert_st pcert;
+
+	/* the private key in _RAM_ */
+	bool privk_alloc;
+	gnutls_privkey_t privk;
+
+	struct osmo_wqueue *wqueue;
+
+	int (*read)(struct osmo_tls_session *session);
+	void (*error)(struct osmo_tls_session *session);
+	void (*handshake_done)(struct osmo_tls_session *session);
+};
+
+void osmo_tls_init(void);
+
+bool osmo_tls_init_client_session(struct osmo_pcap_client *client);
+
+
+bool osmo_tls_init_server_session(struct osmo_pcap_conn *conn, struct osmo_pcap_server *server);
+void osmo_tls_release(struct osmo_tls_session *);
+
+int osmo_tls_client_bfd_cb(struct osmo_fd *fd, unsigned int what);
+
+size_t osmo_tls_pending(struct osmo_tls_session *session);
+void osmo_tls_server_init(struct osmo_pcap_server *server);
+
+void osmo_tls_dh_load(struct osmo_pcap_server *server);
+void osmo_tls_dh_generate(struct osmo_pcap_server *server);