libwebsockets
Lightweight C library for HTML5 websockets
lws-secure-streams.h
1/*
2 * libwebsockets - small server side websockets and web server implementation
3 *
4 * Copyright (C) 2019 - 2020 Andy Green <andy@warmcat.com>
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to
8 * deal in the Software without restriction, including without limitation the
9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10 * sell copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22 * IN THE SOFTWARE.
23 *
24 * included from libwebsockets.h
25 *
26 *
27 * Secure Streams is a *payload-only* client communication channel where all the
28 * details about the connection are held in a systemwide policy database and
29 * are keyed by the streamtype field... the user of the communication channel
30 * does not know or manage the choice of endpoint, tls CA, or even wire
31 * protocol. The advantage is he then does not have any dependency on any of
32 * those and they can be changed just by changing the policy database without
33 * touching the code using the stream.
34 *
35 * There are two ways secure streams interfaces to user code:
36 *
37 * 1) [Linux / RTOS] the natural, smallest interface is to call back to user
38 * code that only operates directly from the lws event loop thread context
39 * (direct callbacks from lws_ss_t)
40 *
41 * lws_thread( [user code] ---- lws )
42 *
43 * 2) [Linux] where the user code is in a different process and communicates
44 * asynchronously via a proxy socket
45 *
46 * user_process{ [user code] | shim | socket-}------ lws_process{ lws }
47 *
48 * In the second, IPC, case, all packets are prepended by one or more bytes
49 * indicating the packet type and serializing any associated data, known as
50 * Serialized Secure Streams or SSS.
51 *
52 * Serialized Secure Streams
53 * -------------------------
54 *
55 * On the transport, adjacent packets may be coalesced, that is, the original
56 * packet sizes are lost and two or more packets are combined. For that reason
57 * the serialization format always contains a 1-byte type and then a 2-byte
58 * frame length.
59 *
60 * Client to proxy
61 *
62 * - Proxied connection setup
63 *
64 * - 0: LWSSS_SER_TXPRE_STREAMTYPE
65 * - 1: 2-byte MSB-first rest-of-frame length
66 * - 3: 1-byte Client SSS protocol version (introduced in SSSv1)
67 * - 4: 4-byte Client PID (introduced in SSSv1)
68 * - 8: 4-byte MSB-first initial tx credit
69 * - 12: the streamtype name with no NUL
70 *
71 * - Proxied tx
72 *
73 * - 0: LWSSS_SER_TXPRE_TX_PAYLOAD
74 * - 1: 2 byte MSB-first rest-of-frame length
75 * - 3: 4-byte MSB-first flags
76 * - 7: 4-byte MSB-first us between client requested write and wrote to proxy
77 * - 11: 8-byte MSB-first us resolution unix time client wrote to proxy
78 * - 19: payload
79 *
80 * - Proxied secure stream destroy
81 *
82 * - 0: LWSSS_SER_TXPRE_DESTROYING
83 * - 1: 00, 00
84 *
85 * - Proxied metadata - sent when one metadata item set clientside
86 *
87 * - 0: LWSSS_SER_TXPRE_METADATA
88 * - 1: 2-byte MSB-first rest-of-frame length
89 * - 3: 1-byte metadata name length
90 * - 4: metadata name
91 * - ...: metadata value (for rest of packet)
92 *
93 * - TX credit management - sent when using tx credit apis, cf METADATA
94 *
95 * - 0: LWSSS_SER_TXPRE_TXCR_UPDATE
96 * - 1: 2-byte MSB-first rest-of-frame length 00, 04
97 * - 3: 4-byte additional tx credit adjust value
98 *
99 * - Stream timeout management - forwarded when user applying or cancelling t.o.
100 *
101 * - 0: LWSSS_SER_TXPRE_TIMEOUT_UPDATE
102 * - 1: 2-byte MSB-first rest-of-frame length 00, 04
103 * - 3: 4-byte MSB-first unsigned 32-bit timeout, 0 = use policy, -1 = cancel
104 *
105 * - Passing up payload length hint
106 *
107 * - 0: LWSSS_SER_TXPRE_PAYLOAD_LENGTH_HINT
108 * - 1: 2-byte MSB-first rest-of-frame length 00, 04
109 * - 3: 4-byte MSB-first unsigned 32-bit payload length hint
110 *
111 * Proxy to client
112 *
113 * - Proxied connection setup result
114 *
115 * - 0: LWSSS_SER_RXPRE_CREATE_RESULT
116 * - 1: 2 byte MSB-first rest-of-frame length (usually 00, 03)
117 * - 3: 1 byte result, 0 = success. On failure, proxy will close connection.
118 * - 4: 4 byte client dsh allocation recommended for stream type, from policy
119 * (introduced in SSSv1)
120 * - 8: 2 byte MSB-first initial tx credit
121 * - 10: if present, comma-sep list of rideshare types from policy
122 *
123 * - Proxied rx
124 *
125 * - 0: LWSSS_SER_RXPRE_RX_PAYLOAD
126 * - 1: 2 byte MSB-first rest-of-frame length
127 * - 3: 4-byte MSB-first flags
128 * - 7: 4-byte MSB-first us between inbound read and wrote to client
129 * - 11: 8-byte MSB-first us resolution unix time proxy wrote to client
130 * - 17: (rideshare name len + rideshare name if flags & LWSSS_FLAG_RIDESHARE)
131 * payload
132 *
133 * - Proxied tx credit
134 *
135 * - 0: LWSSS_SER_RXPRE_TXCR_UPDATE
136 * - 1: 00, 04
137 * - 3: 4-byte MSB-first addition tx credit bytes
138 *
139 * - Proxied rx metadata
140 *
141 * - 0: LWSSS_SER_RXPRE_METADATA
142 * - 1: 2-byte MSB-first rest-of-frame length
143 * - 3: 1-byte metadata name length
144 * - 4: metadata name
145 * - ...: metadata value (for rest of packet)
146 *
147 * - Proxied state (8 or 11 byte packet)
148 *
149 * - 0: LWSSS_SER_RXPRE_CONNSTATE
150 * - 1: 00, 05 if state < 256, else 00, 08
151 * - 3: 1 byte state index if state < 256, else 4-byte MSB-first state index
152 * - 4 or 7: 4-byte MSB-first ordinal
153 *
154 * - Proxied performance information
155 *
156 * - 0: LWSSS_SER_RXPRE_PERF
157 * - 1: 2-byte MSB-first rest-of-frame length
158 * - 3: ... performance JSON (for rest of packet)
159 *
160 * Proxied tx may be read by the proxy but rejected due to lack of buffer space
161 * at the proxy. For that reason, tx must be held at the sender until it has
162 * been acknowledged or denied.
163 *
164 * Sinks
165 * -----
166 *
167 * Sinks are logical "servers", you can register as a sink for a particular
168 * streamtype by using the lws_ss_create() api with ssi->register_sink set to 1.
169 *
170 * For directly fulfilled Secure Streams, new streams of that streamtype bind
171 * to the rx, tx and state handlers given when it was registered.
172 *
173 * - When new streams are created the registered sink handler for (*state) is
174 * called with event LWSSSCS_SINK_JOIN and the new client stream handle in
175 * the h_src parameter.
176 *
177 * - When the client stream sends something to the sink, it calls the sink's
178 * (*rx) with the client stream's
179 */
180
187
188#define LWS_SS_MTU 1540
189
190struct lws_ss_handle;
191typedef uint32_t lws_ss_tx_ordinal_t;
192
193/*
194 * connection state events
195 *
196 * If you add states, take care about the state names and state transition
197 * validity enforcement tables too
198 */
199typedef enum {
200 /* zero means unset */
201 LWSSSCS_CREATING = 1,
202 LWSSSCS_DISCONNECTED,
203 LWSSSCS_UNREACHABLE, /* oridinal arg = 1 = caused by dns
204 * server reachability failure */
205 LWSSSCS_AUTH_FAILED,
206 LWSSSCS_CONNECTED,
207 LWSSSCS_CONNECTING,
208 LWSSSCS_DESTROYING,
209 LWSSSCS_POLL,
210 LWSSSCS_ALL_RETRIES_FAILED, /* all retries in bo policy failed */
211 LWSSSCS_QOS_ACK_REMOTE, /* remote peer received and acked tx */
212 LWSSSCS_QOS_NACK_REMOTE,
213 LWSSSCS_QOS_ACK_LOCAL, /* local proxy accepted our tx */
214 LWSSSCS_QOS_NACK_LOCAL, /* local proxy refused our tx */
215 LWSSSCS_TIMEOUT, /* optional timeout timer fired */
216
217 LWSSSCS_SERVER_TXN,
218 LWSSSCS_SERVER_UPGRADE, /* the server protocol upgraded */
219
220 LWSSSCS_EVENT_WAIT_CANCELLED, /* somebody called lws_cancel_service */
221
222 LWSSSCS_UPSTREAM_LINK_RETRY, /* if we are being proxied over some
223 * intermediate link, this transient
224 * state may be sent to indicate we are
225 * waiting to establish that link before
226 * creation can proceed.. ack is the
227 * number of ms we have been trying */
228
229 LWSSSCS_SINK_JOIN, /* sinks get this when a new source
230 * stream joins the sink */
231 LWSSSCS_SINK_PART, /* sinks get this when a new source
232 * stream leaves the sink */
233
234 LWSSSCS_USER_BASE = 1000
235} lws_ss_constate_t;
236
237enum {
238 LWSSS_FLAG_SOM = (1 << 0),
239 /* payload contains the start of new message */
240 LWSSS_FLAG_EOM = (1 << 1),
241 /* payload contains the end of message */
242 LWSSS_FLAG_POLL = (1 << 2),
243 /* Not a real transmit... poll for rx if protocol needs it */
244 LWSSS_FLAG_RELATED_START = (1 << 3),
245 /* Appears in a zero-length message indicating a message group of zero
246 * or more messages is now starting. */
247 LWSSS_FLAG_RELATED_END = (1 << 4),
248 /* Appears in a zero-length message indicating a message group of zero
249 * or more messages has now finished. */
250 LWSSS_FLAG_RIDESHARE = (1 << 5),
251 /* Serialized payload starts with non-default rideshare name length and
252 * name string without NUL, then payload */
253 LWSSS_FLAG_PERF_JSON = (1 << 6),
254 /* This RX is JSON performance data, only on streams with "perf" flag
255 * set */
256
257 /*
258 * In the case the secure stream is proxied across a process or thread
259 * boundary, eg by proxying through a socket for IPC, metadata must be
260 * carried in-band. A byte is prepended to each rx payload to
261 * differentiate what it is.
262 *
263 * Secure streams where the user is called back directly does not need
264 * any of this and only pure payloads are passed.
265 *
266 * rx (received by client) prepends for proxied connections
267 */
268
269 LWSSS_SER_RXPRE_RX_PAYLOAD = 0x55,
270 LWSSS_SER_RXPRE_CREATE_RESULT,
271 LWSSS_SER_RXPRE_CONNSTATE,
272 LWSSS_SER_RXPRE_TXCR_UPDATE,
273 LWSSS_SER_RXPRE_METADATA,
274 LWSSS_SER_RXPRE_TLSNEG_ENCLAVE_SIGN,
275 LWSSS_SER_RXPRE_PERF,
276
277 /* tx (send by client) prepends for proxied connections */
278
279 LWSSS_SER_TXPRE_STREAMTYPE = 0xaa,
280 LWSSS_SER_TXPRE_ONWARD_CONNECT,
281 LWSSS_SER_TXPRE_DESTROYING,
282 LWSSS_SER_TXPRE_TX_PAYLOAD,
283 LWSSS_SER_TXPRE_METADATA,
284 LWSSS_SER_TXPRE_TXCR_UPDATE,
285 LWSSS_SER_TXPRE_TIMEOUT_UPDATE,
286 LWSSS_SER_TXPRE_PAYLOAD_LENGTH_HINT,
287 LWSSS_SER_TXPRE_TLSNEG_ENCLAVE_SIGNED,
288};
289
290typedef enum {
291 LPCSPROX_WAIT_INITIAL_TX = 1, /* after connect, must send streamtype */
292 LPCSPROX_REPORTING_FAIL, /* stream creation failed, wait to to tell */
293 LPCSPROX_REPORTING_OK, /* stream creation succeeded, wait to to tell */
294 LPCSPROX_OPERATIONAL, /* ready for payloads */
295 LPCSPROX_DESTROYED,
296
297 LPCSCLI_SENDING_INITIAL_TX, /* after connect, must send streamtype */
298 LPCSCLI_WAITING_CREATE_RESULT, /* wait to hear if proxy ss create OK */
299 LPCSCLI_LOCAL_CONNECTED, /* we are in touch with the proxy */
300 LPCSCLI_ONWARD_CONNECT, /* request onward ss connection */
301 LPCSCLI_OPERATIONAL, /* ready for payloads */
302
303} lws_ss_conn_states_t;
304
305/*
306 * Returns from state() callback can tell the caller what the user code
307 * wants to do
308 */
309
310typedef enum lws_ss_state_return {
311 LWSSSSRET_TX_DONT_SEND = 1, /* (*tx) only, or failure */
312
313 LWSSSSRET_OK = 0, /* no error */
314 LWSSSSRET_DISCONNECT_ME = -1, /* caller should disconnect us */
315 LWSSSSRET_DESTROY_ME = -2, /* caller should destroy us */
316} lws_ss_state_return_t;
317
326enum {
336 LWSSSINFLAGS_PROXIED = (1 << 1),
338 LWSSSINFLAGS_SERVER = (1 << 2),
342 LWSSSINFLAGS_ACCEPTED = (1 << 3),
345};
346
347typedef lws_ss_state_return_t (*lws_sscb_rx)(void *userobj, const uint8_t *buf,
348 size_t len, int flags);
349typedef lws_ss_state_return_t (*lws_sscb_tx)(void *userobj,
350 lws_ss_tx_ordinal_t ord,
351 uint8_t *buf, size_t *len,
352 int *flags);
353typedef lws_ss_state_return_t (*lws_sscb_state)(void *userobj, void *h_src,
354 lws_ss_constate_t state,
355 lws_ss_tx_ordinal_t ack);
356
357#if defined(LWS_WITH_SECURE_STREAMS_BUFFER_DUMP)
358typedef void (*lws_ss_buffer_dump_cb)(void *userobj, const uint8_t *buf,
359 size_t len, int done);
360#endif
361
362struct lws_ss_policy;
363
364typedef struct lws_ss_info {
365 const char *streamtype;
366 size_t user_alloc;
373#if defined(LWS_WITH_SECURE_STREAMS_CPP)
374 const struct lws_ss_policy *policy;
377#endif
378
379#if defined(LWS_WITH_SYS_FAULT_INJECTION)
380 lws_fi_ctx_t fic;
383#endif
384
385 lws_sscb_rx rx;
387 lws_sscb_tx tx;
390 lws_sscb_state state;
394#if defined(LWS_WITH_SECURE_STREAMS_BUFFER_DUMP)
395 lws_ss_buffer_dump_cb dump;
397#endif
406 uint32_t client_pid;
410 uint8_t flags;
420
457LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT
458lws_ss_create(struct lws_context *context, int tsi, const lws_ss_info_t *ssi,
459 void *opaque_user_data, struct lws_ss_handle **ppss,
460 struct lws_sequencer *seq_owner, const char **ppayload_fmt);
461
469LWS_VISIBLE LWS_EXTERN void
470lws_ss_destroy(struct lws_ss_handle **ppss);
471
483LWS_VISIBLE LWS_EXTERN lws_ss_state_return_t LWS_WARN_UNUSED_RESULT
484lws_ss_request_tx(struct lws_ss_handle *pss);
485
499LWS_VISIBLE LWS_EXTERN lws_ss_state_return_t LWS_WARN_UNUSED_RESULT
500lws_ss_request_tx_len(struct lws_ss_handle *pss, unsigned long len);
501
515LWS_VISIBLE LWS_EXTERN lws_ss_state_return_t LWS_WARN_UNUSED_RESULT
516lws_ss_client_connect(struct lws_ss_handle *h);
517
528LWS_VISIBLE LWS_EXTERN struct lws_sequencer *
529lws_ss_get_sequencer(struct lws_ss_handle *h);
530
547LWS_VISIBLE LWS_EXTERN int
548lws_ss_proxy_create(struct lws_context *context, const char *bind, int port);
549
557LWS_VISIBLE LWS_EXTERN const char *
559
568LWS_VISIBLE LWS_EXTERN struct lws_context *
569lws_ss_get_context(struct lws_ss_handle *h);
570
571#define LWSSS_TIMEOUT_FROM_POLICY 0
572
588LWS_VISIBLE LWS_EXTERN void
589lws_ss_start_timeout(struct lws_ss_handle *h, unsigned int timeout_ms);
590
598LWS_VISIBLE LWS_EXTERN void
599lws_ss_cancel_timeout(struct lws_ss_handle *h);
600
610LWS_VISIBLE LWS_EXTERN void *
611lws_ss_to_user_object(struct lws_ss_handle *h);
612
626LWS_VISIBLE LWS_EXTERN const char *
627lws_ss_rideshare(struct lws_ss_handle *h);
628
629
655LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT
656lws_ss_set_metadata(struct lws_ss_handle *h, const char *name,
657 const void *value, size_t len);
658
671LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT
672lws_ss_alloc_set_metadata(struct lws_ss_handle *h, const char *name,
673 const void *value, size_t len);
674
702LWS_VISIBLE LWS_EXTERN int
703lws_ss_get_metadata(struct lws_ss_handle *h, const char *name,
704 const void **value, size_t *len);
705
725LWS_VISIBLE LWS_EXTERN void
726lws_ss_server_ack(struct lws_ss_handle *h, int nack);
727
728typedef void (*lws_sssfec_cb)(struct lws_ss_handle *h, void *arg);
729
742LWS_VISIBLE LWS_EXTERN void
743lws_ss_server_foreach_client(struct lws_ss_handle *h, lws_sssfec_cb cb,
744 void *arg);
745
771LWS_VISIBLE LWS_EXTERN void
772lws_ss_change_handlers(struct lws_ss_handle *h, lws_sscb_rx rx, lws_sscb_tx tx,
773 lws_sscb_state state);
774
784LWS_VISIBLE LWS_EXTERN int
785lws_ss_add_peer_tx_credit(struct lws_ss_handle *h, int32_t add);
786
797LWS_VISIBLE LWS_EXTERN int
798lws_ss_get_est_peer_tx_credit(struct lws_ss_handle *h);
799
800LWS_VISIBLE LWS_EXTERN const char *
801lws_ss_tag(struct lws_ss_handle *h);
802
803
804#if defined(LWS_WITH_SECURE_STREAMS_AUTH_SIGV4)
818LWS_VISIBLE LWS_EXTERN int
819lws_ss_sigv4_set_aws_key(struct lws_context* context, uint8_t idx,
820 const char * keyid, const char * key);
821
838LWS_VISIBLE LWS_EXTERN int
839lws_aws_filesystem_credentials_helper(const char *path, const char *kid,
840 const char *ak, char **aws_keyid,
841 char **aws_key);
842
843#endif
844
846
LWS_VISIBLE LWS_EXTERN void lws_ss_destroy(struct lws_ss_handle **ppss)
LWS_VISIBLE LWS_EXTERN void lws_ss_change_handlers(struct lws_ss_handle *h, lws_sscb_rx rx, lws_sscb_tx tx, lws_sscb_state state)
LWS_VISIBLE LWS_EXTERN int lws_ss_add_peer_tx_credit(struct lws_ss_handle *h, int32_t add)
LWS_VISIBLE LWS_EXTERN const char * lws_ss_rideshare(struct lws_ss_handle *h)
LWS_VISIBLE LWS_EXTERN lws_ss_state_return_t LWS_WARN_UNUSED_RESULT lws_ss_request_tx_len(struct lws_ss_handle *pss, unsigned long len)
LWS_VISIBLE LWS_EXTERN int lws_ss_proxy_create(struct lws_context *context, const char *bind, int port)
LWS_VISIBLE LWS_EXTERN struct lws_sequencer * lws_ss_get_sequencer(struct lws_ss_handle *h)
LWS_VISIBLE LWS_EXTERN void lws_ss_start_timeout(struct lws_ss_handle *h, unsigned int timeout_ms)
LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT lws_ss_create(struct lws_context *context, int tsi, const lws_ss_info_t *ssi, void *opaque_user_data, struct lws_ss_handle **ppss, struct lws_sequencer *seq_owner, const char **ppayload_fmt)
LWS_VISIBLE LWS_EXTERN lws_ss_state_return_t LWS_WARN_UNUSED_RESULT lws_ss_client_connect(struct lws_ss_handle *h)
LWS_VISIBLE LWS_EXTERN lws_ss_state_return_t LWS_WARN_UNUSED_RESULT lws_ss_request_tx(struct lws_ss_handle *pss)
LWS_VISIBLE LWS_EXTERN const char * lws_ss_state_name(int state)
LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT lws_ss_alloc_set_metadata(struct lws_ss_handle *h, const char *name, const void *value, size_t len)
LWS_VISIBLE LWS_EXTERN void lws_ss_cancel_timeout(struct lws_ss_handle *h)
LWS_VISIBLE LWS_EXTERN struct lws_context * lws_ss_get_context(struct lws_ss_handle *h)
LWS_VISIBLE LWS_EXTERN int LWS_WARN_UNUSED_RESULT lws_ss_set_metadata(struct lws_ss_handle *h, const char *name, const void *value, size_t len)
LWS_VISIBLE LWS_EXTERN void lws_ss_server_foreach_client(struct lws_ss_handle *h, lws_sssfec_cb cb, void *arg)
LWS_VISIBLE LWS_EXTERN int lws_ss_get_est_peer_tx_credit(struct lws_ss_handle *h)
LWS_VISIBLE LWS_EXTERN void * lws_ss_to_user_object(struct lws_ss_handle *h)
LWS_VISIBLE LWS_EXTERN void lws_ss_server_ack(struct lws_ss_handle *h, int nack)
LWS_VISIBLE LWS_EXTERN int lws_ss_get_metadata(struct lws_ss_handle *h, const char *name, const void **value, size_t *len)
@ LWSSSINFLAGS_REGISTER_SINK
Definition: lws-secure-streams.h:327
@ LWSSSINFLAGS_SERVER
Definition: lws-secure-streams.h:338
@ LWSSSINFLAGS_ACCEPTED
Definition: lws-secure-streams.h:342
@ LWSSSINFLAGS_PROXIED
Definition: lws-secure-streams.h:336
Definition: lws-secure-streams.h:364
lws_sscb_state state
Definition: lws-secure-streams.h:390
uint32_t client_pid
Definition: lws-secure-streams.h:406
size_t handle_offset
Definition: lws-secure-streams.h:367
lws_sscb_tx tx
Definition: lws-secure-streams.h:387
uint8_t sss_protocol_version
Definition: lws-secure-streams.h:411
size_t user_alloc
Definition: lws-secure-streams.h:366
const char * streamtype
Definition: lws-secure-streams.h:365
int manual_initial_tx_credit
Definition: lws-secure-streams.h:398
lws_sscb_rx rx
Definition: lws-secure-streams.h:385
size_t opaque_user_data_offset
Definition: lws-secure-streams.h:369
Definition: lws-secure-streams-policy.h:249