godotengine/godot
1
0
Fork 0
mirror of https://github.com/godotengine/godot.git synced 2025-11-07 12:30:27 +00:00
Code Releases Wiki Activity

New PacketPeerDTLS and DTLSServer classes.

Browse Source 
Custom instance implementation via the mbedtls module.
This commit is contained in:
Fabio Alessandrelli
2019-08-21 22:52:24 +02:00
parent d06af89874
commit 6fc50d785e
12 changed files with 849 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
modules/mbedtls/ssl_context_mbedtls.cpp
View File

@@ -43,6 +43,48 @@ void SSLContextMbedTLS::print_mbedtls_error(int p_ret) {
fflush(stdout);
}
/// CookieContextMbedTLS
Error CookieContextMbedTLS::setup() {
ERR_FAIL_COND_V_MSG(inited, ERR_ALREADY_IN_USE, "This cookie context is already in use");
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
mbedtls_ssl_cookie_init(&cookie_ctx);
inited = true;
int ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0);
if (ret != 0) {
clear(); // Never leave unusable resources around.
ERR_FAIL_V_MSG(FAILED, "mbedtls_ctr_drbg_seed returned an error " + itos(ret));
}
ret = mbedtls_ssl_cookie_setup(&cookie_ctx, mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
clear();
ERR_FAIL_V_MSG(FAILED, "mbedtls_ssl_cookie_setup returned an error " + itos(ret));
}
return OK;
}
void CookieContextMbedTLS::clear() {
if (!inited)
return;
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_ssl_cookie_free(&cookie_ctx);
}
CookieContextMbedTLS::CookieContextMbedTLS() {
inited = false;
}
CookieContextMbedTLS::~CookieContextMbedTLS() {
clear();
}
/// SSLContextMbedTLS
Error SSLContextMbedTLS::_setup(int p_endpoint, int p_transport, int p_authmode) {
ERR_FAIL_COND_V_MSG(inited, ERR_ALREADY_IN_USE, "This SSL context is already active");
@@ -55,7 +97,7 @@ Error SSLContextMbedTLS::_setup(int p_endpoint, int p_transport, int p_authmode)
int ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0);
if (ret != 0) {
clear(); // Never leave unusable resources around.
ERR_FAIL_V_MSG(FAILED, "mbedtls_ctr_drbg_seed returned an error" + itos(ret));
ERR_FAIL_V_MSG(FAILED, "mbedtls_ctr_drbg_seed returned an error " + itos(ret));
}
ret = mbedtls_ssl_config_defaults(&conf, p_endpoint, p_transport, MBEDTLS_SSL_PRESET_DEFAULT);
@@ -69,7 +111,7 @@ Error SSLContextMbedTLS::_setup(int p_endpoint, int p_transport, int p_authmode)
return OK;
}
Error SSLContextMbedTLS::init_server(int p_transport, int p_authmode, Ref<CryptoKeyMbedTLS> p_pkey, Ref<X509CertificateMbedTLS> p_cert) {
Error SSLContextMbedTLS::init_server(int p_transport, int p_authmode, Ref<CryptoKeyMbedTLS> p_pkey, Ref<X509CertificateMbedTLS> p_cert, Ref<CookieContextMbedTLS> p_cookies) {
ERR_FAIL_COND_V(!p_pkey.is_valid(), ERR_INVALID_PARAMETER);
ERR_FAIL_COND_V(!p_cert.is_valid(), ERR_INVALID_PARAMETER);
@@ -94,6 +136,15 @@ Error SSLContextMbedTLS::init_server(int p_transport, int p_authmode, Ref<Crypto
if (certs->cert.next) {
mbedtls_ssl_conf_ca_chain(&conf, certs->cert.next, NULL);
}
// DTLS Cookies
if (p_transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
if (p_cookies.is_null() || !p_cookies->inited) {
clear();
ERR_FAIL_V(ERR_BUG);
}
cookies = p_cookies;
mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &(cookies->cookie_ctx));
}
mbedtls_ssl_setup(&ssl, &conf);
return OK;
}
@@ -139,6 +190,7 @@ void SSLContextMbedTLS::clear() {
if (pkey.is_valid())
pkey->unlock();
pkey = Ref<CryptoKeyMbedTLS>();
cookies = Ref<CookieContextMbedTLS>();
inited = false;
}