factor/extra/io/unix/sockets/secure/secure.factor

! Copyright (C) 2007, 2008, Slava Pestov, Elie CHAFTARI.
! See http://factorcode.org/license.txt for BSD license.
USING: accessors byte-arrays kernel debugger sequences namespaces math
math.order combinators init alien alien.c-types alien.strings libc
continuations destructors
openssl openssl.libcrypto openssl.libssl
io.files io.ports io.unix.backend io.unix.sockets
io.encodings.ascii io.buffers io.sockets io.sockets.secure
unix system inspector ;
IN: io.unix.sockets.secure

M: ssl-handle handle-fd file>> handle-fd ;

: syscall-error ( r -- * )
    ERR_get_error dup zero? [
        drop
        {
            { -1 [ (io-error) ] }
            { 0 [ premature-close ] }
        } case
    ] [
        nip (ssl-error)
    ] if ;

: check-response ( port r -- port r n )
    over handle>> handle>> over SSL_get_error ; inline

! Input ports
: check-read-response ( port r -- event ) USING: namespaces io prettyprint ;
    check-response
    {
        { SSL_ERROR_NONE [ swap buffer>> n>buffer f ] }
        { SSL_ERROR_ZERO_RETURN [ 2drop f ] }
        { SSL_ERROR_WANT_READ [ 2drop +input+ ] }
        { SSL_ERROR_WANT_WRITE [ 2drop +output+ ] }
        { SSL_ERROR_SYSCALL [ syscall-error ] }
        { SSL_ERROR_SSL [ (ssl-error) ] }
    } case ;

M: ssl-handle refill
    handle>> ! ssl
    over buffer>>
    [ buffer-end ] ! buf
    [ buffer-capacity ] bi ! len
    SSL_read
    check-read-response ;

! Output ports
: check-write-response ( port r -- event )
    check-response
    {
        { SSL_ERROR_NONE [ swap buffer>> buffer-consume f ] }
        { SSL_ERROR_WANT_READ [ 2drop +input+ ] }
        { SSL_ERROR_WANT_WRITE [ 2drop +output+ ] }
        { SSL_ERROR_SYSCALL [ syscall-error ] }
        { SSL_ERROR_SSL [ (ssl-error) ] }
    } case ;

M: ssl-handle drain
    handle>> ! ssl
    over buffer>>
    [ buffer@ ] ! buf
    [ buffer-length ] bi ! len
    SSL_write
    check-write-response ;

! Client sockets
: <ssl-socket> ( fd -- ssl )
    [ fd>> BIO_NOCLOSE BIO_new_socket dup ssl-error ] keep <ssl-handle>
    [ handle>> swap dup SSL_set_bio ] keep ;

M: secure ((client)) ( addrspec -- handle )
    addrspec>> ((client)) <ssl-socket> ;

M: secure parse-sockaddr addrspec>> parse-sockaddr <secure> ;

M: secure (get-local-address) addrspec>> (get-local-address) ;

: check-connect-response ( port r -- event )
    check-response
    {
        { SSL_ERROR_NONE [ 2drop f ] }
        { SSL_ERROR_WANT_READ [ 2drop +input+ ] }
        { SSL_ERROR_WANT_WRITE [ 2drop +output+ ] }
        { SSL_ERROR_SYSCALL [ syscall-error ] }
        { SSL_ERROR_SSL [ (ssl-error) ] }
    } case ;

: do-ssl-connect ( port -- )
    dup dup handle>> handle>> SSL_connect
    check-connect-response dup
    [ dupd wait-for-port do-ssl-connect ] [ 2drop ] if ;

M: secure establish-connection ( client-out remote -- )
    [ addrspec>> establish-connection ]
    [ drop do-ssl-connect ]
    [ drop handle>> t >>connected drop ]
    2tri ;

M: secure (server) addrspec>> (server) ;

: check-accept-response ( handle r -- event )
    over handle>> over SSL_get_error
    {
        { SSL_ERROR_NONE [ 2drop f ] }
        { SSL_ERROR_WANT_READ [ 2drop +input+ ] }
        { SSL_ERROR_WANT_WRITE [ 2drop +output+ ] }
        { SSL_ERROR_SYSCALL [ syscall-error ] }
        { SSL_ERROR_SSL [ (ssl-error) ] }
    } case ;

: do-ssl-accept ( ssl-handle -- )
    dup dup handle>> SSL_accept check-accept-response dup
    [ >r dup file>> r> wait-for-fd drop do-ssl-accept ] [ 2drop ] if ;

M: secure (accept)
    [
        addrspec>> (accept) >r
        |dispose <ssl-socket> t >>connected |dispose
        dup do-ssl-accept r>
    ] with-destructors ;

: check-shutdown-response ( handle r -- event )
    #! SSL_shutdown always returns 0 due to openssl bugs?
    {
        { 1 [ drop f ] }
        { 0 [
                dup handle>> SSL_want
                {
                    { SSL_NOTHING [ dup handle>> SSL_shutdown check-shutdown-response ] }
                    { SSL_READING [ drop +input+ ] }
                    { SSL_WRITING [ drop +output+ ] }
                } case
        ] }
        { -1 [
            handle>> -1 SSL_get_error
            {
                { SSL_ERROR_WANT_READ [ +input+ ] }
                { SSL_ERROR_WANT_WRITE [ +output+ ] }
                { SSL_ERROR_SYSCALL [ -1 syscall-error ] }
                { SSL_ERROR_SSL [ (ssl-error) ] }
            } case
        ] }
    } case ;

M: unix ssl-shutdown
    dup connected>> [
        dup dup handle>> SSL_shutdown check-shutdown-response
        dup [ dupd wait-for-fd drop ssl-shutdown ] [ 2drop ] if
    ] [ drop ] if ;
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00			`! Copyright (C) 2007, 2008, Slava Pestov, Elie CHAFTARI.`
			`! See http://factorcode.org/license.txt for BSD license.`
			`USING: accessors byte-arrays kernel debugger sequences namespaces math`
			`math.order combinators init alien alien.c-types alien.strings libc`
			`continuations destructors`
			`openssl openssl.libcrypto openssl.libssl`
Major I/O cleanup 2008-05-13 19:24:46 -04:00			`io.files io.ports io.unix.backend io.unix.sockets`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00			`io.encodings.ascii io.buffers io.sockets io.sockets.secure`
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`unix system inspector ;`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00			`IN: io.unix.sockets.secure`

Working on SSL server sockets 2008-05-14 04:55:33 -04:00			`M: ssl-handle handle-fd file>> handle-fd ;`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00
Working on SSL server sockets 2008-05-14 04:55:33 -04:00			`: syscall-error ( r -- * )`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00			`ERR_get_error dup zero? [`
			`drop`
			`{`
Major I/O cleanup 2008-05-13 19:24:46 -04:00			`{ -1 [ (io-error) ] }`
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`{ 0 [ premature-close ] }`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00			`} case`
			`] [`
Major I/O cleanup 2008-05-13 19:24:46 -04:00			`nip (ssl-error)`
			`] if ;`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00
			`: check-response ( port r -- port r n )`
			`over handle>> handle>> over SSL_get_error ; inline`

			`! Input ports`
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`: check-read-response ( port r -- event ) USING: namespaces io prettyprint ;`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00			`check-response`
			`{`
Major I/O cleanup 2008-05-13 19:24:46 -04:00			`{ SSL_ERROR_NONE [ swap buffer>> n>buffer f ] }`
Remove eof slot 2008-05-18 20:02:50 -04:00			`{ SSL_ERROR_ZERO_RETURN [ 2drop f ] }`
Major I/O cleanup 2008-05-13 19:24:46 -04:00			`{ SSL_ERROR_WANT_READ [ 2drop +input+ ] }`
			`{ SSL_ERROR_WANT_WRITE [ 2drop +output+ ] }`
			`{ SSL_ERROR_SYSCALL [ syscall-error ] }`
			`{ SSL_ERROR_SSL [ (ssl-error) ] }`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00			`} case ;`

			`M: ssl-handle refill`
Major I/O cleanup 2008-05-13 19:24:46 -04:00			`handle>> ! ssl`
			`over buffer>>`
			`[ buffer-end ] ! buf`
			`[ buffer-capacity ] bi ! len`
			`SSL_read`
			`check-read-response ;`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00
			`! Output ports`
Major I/O cleanup 2008-05-13 19:24:46 -04:00			`: check-write-response ( port r -- event )`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00			`check-response`
			`{`
			`{ SSL_ERROR_NONE [ swap buffer>> buffer-consume f ] }`
Major I/O cleanup 2008-05-13 19:24:46 -04:00			`{ SSL_ERROR_WANT_READ [ 2drop +input+ ] }`
			`{ SSL_ERROR_WANT_WRITE [ 2drop +output+ ] }`
			`{ SSL_ERROR_SYSCALL [ syscall-error ] }`
			`{ SSL_ERROR_SSL [ (ssl-error) ] }`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00			`} case ;`

			`M: ssl-handle drain`
Major I/O cleanup 2008-05-13 19:24:46 -04:00			`handle>> ! ssl`
			`over buffer>>`
			`[ buffer@ ] ! buf`
			`[ buffer-length ] bi ! len`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00			`SSL_write`
			`check-write-response ;`

			`! Client sockets`
Working on SSL server sockets 2008-05-14 04:55:33 -04:00			`: <ssl-socket> ( fd -- ssl )`
			`[ fd>> BIO_NOCLOSE BIO_new_socket dup ssl-error ] keep <ssl-handle>`
			`[ handle>> swap dup SSL_set_bio ] keep ;`

Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`M: secure ((client)) ( addrspec -- handle )`
Working on SSL server sockets 2008-05-14 04:55:33 -04:00			`addrspec>> ((client)) <ssl-socket> ;`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`M: secure parse-sockaddr addrspec>> parse-sockaddr <secure> ;`
More Unix I/O work 2008-05-14 00:36:15 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`M: secure (get-local-address) addrspec>> (get-local-address) ;`
Debugging SSL 2008-05-15 06:19:59 -04:00
Major I/O cleanup 2008-05-13 19:24:46 -04:00			`: check-connect-response ( port r -- event )`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00			`check-response`
			`{`
Major I/O cleanup 2008-05-13 19:24:46 -04:00			`{ SSL_ERROR_NONE [ 2drop f ] }`
			`{ SSL_ERROR_WANT_READ [ 2drop +input+ ] }`
			`{ SSL_ERROR_WANT_WRITE [ 2drop +output+ ] }`
			`{ SSL_ERROR_SYSCALL [ syscall-error ] }`
			`{ SSL_ERROR_SSL [ (ssl-error) ] }`
Working on SSL and refactoring related code to make things easier to plug in 2008-05-12 19:53:22 -04:00			`} case ;`

Debugging SSL 2008-05-15 06:19:59 -04:00			`: do-ssl-connect ( port -- )`
			`dup dup handle>> handle>> SSL_connect`
			`check-connect-response dup`
			`[ dupd wait-for-port do-ssl-connect ] [ 2drop ] if ;`
Major I/O cleanup 2008-05-13 19:24:46 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`M: secure establish-connection ( client-out remote -- )`
Debugging SSL 2008-05-15 06:19:59 -04:00			`[ addrspec>> establish-connection ]`
			`[ drop do-ssl-connect ]`
			`[ drop handle>> t >>connected drop ]`
Sockets fixes 2008-05-14 20:41:39 -04:00			`2tri ;`
Working on SSL server sockets 2008-05-14 04:55:33 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`M: secure (server) addrspec>> (server) ;`
Working on SSL server sockets 2008-05-14 04:55:33 -04:00
			`: check-accept-response ( handle r -- event )`
			`over handle>> over SSL_get_error`
			`{`
			`{ SSL_ERROR_NONE [ 2drop f ] }`
			`{ SSL_ERROR_WANT_READ [ 2drop +input+ ] }`
			`{ SSL_ERROR_WANT_WRITE [ 2drop +output+ ] }`
			`{ SSL_ERROR_SYSCALL [ syscall-error ] }`
			`{ SSL_ERROR_SSL [ (ssl-error) ] }`
			`} case ;`

			`: do-ssl-accept ( ssl-handle -- )`
			`dup dup handle>> SSL_accept check-accept-response dup`
$U-SLAVA-DFB8FF805\Slava$ Remove pending-error machinery 2008-05-18 00:50:11 -04:00			`[ >r dup file>> r> wait-for-fd drop do-ssl-accept ] [ 2drop ] if ;`
Working on SSL server sockets 2008-05-14 04:55:33 -04:00
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`M: secure (accept)`
Working on SSL server sockets 2008-05-14 04:55:33 -04:00			`[`
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`addrspec>> (accept) >r`
			`\|dispose <ssl-socket> t >>connected \|dispose`
			`dup do-ssl-accept r>`
Working on SSL server sockets 2008-05-14 04:55:33 -04:00			`] with-destructors ;`

			`: check-shutdown-response ( handle r -- event )`
Debugging SSL 2008-05-15 06:19:59 -04:00			`#! SSL_shutdown always returns 0 due to openssl bugs?`
Working on SSL server sockets 2008-05-14 04:55:33 -04:00			`{`
Debugging SSL 2008-05-15 06:19:59 -04:00			`{ 1 [ drop f ] }`
			`{ 0 [`
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`dup handle>> SSL_want`
			`{`
			`{ SSL_NOTHING [ dup handle>> SSL_shutdown check-shutdown-response ] }`
Debugging SSL 2008-05-15 06:19:59 -04:00			`{ SSL_READING [ drop +input+ ] }`
			`{ SSL_WRITING [ drop +output+ ] }`
			`} case`
			`] }`
			`{ -1 [`
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`handle>> -1 SSL_get_error`
Debugging SSL 2008-05-15 06:19:59 -04:00			`{`
			`{ SSL_ERROR_WANT_READ [ +input+ ] }`
			`{ SSL_ERROR_WANT_WRITE [ +output+ ] }`
			`{ SSL_ERROR_SYSCALL [ -1 syscall-error ] }`
			`{ SSL_ERROR_SSL [ (ssl-error) ] }`
			`} case`
			`] }`
Working on SSL server sockets 2008-05-14 04:55:33 -04:00			`} case ;`

			`M: unix ssl-shutdown`
			`dup connected>> [`
Fix SSL shutdown 2008-05-17 18:45:56 -04:00			`dup dup handle>> SSL_shutdown check-shutdown-response`
$U-SLAVA-DFB8FF805\Slava$ Remove pending-error machinery 2008-05-18 00:50:11 -04:00			`dup [ dupd wait-for-fd drop ssl-shutdown ] [ 2drop ] if`
Working on SSL server sockets 2008-05-14 04:55:33 -04:00			`] [ drop ] if ;`