1 /* 2 * Copyright (C) 2025 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef HDC_SSL_H 17 #define HDC_SSL_H 18 #include "common.h" 19 namespace Hdc { 20 class HdcSSLBase { 21 public: 22 explicit HdcSSLBase(SSLInfoPtr hSSLInfo); 23 HdcSSLBase(const HdcSSLBase&) = delete; 24 virtual ~HdcSSLBase(); 25 int Encrypt(const int bufLen, uint8_t *bufPtr); 26 int Decrypt(const int nread, const int bufLen, uint8_t *bufPtr, int &index); 27 int InitSSL(); 28 static int RsaPrikeyDecrypt(const unsigned char *inBuf, int inLen, unsigned char *outBuf, int outBufLen); 29 uint32_t sessionId; 30 int DoBIOWrite(uint8_t *bufPtr, const int nread) const; 31 int DoBIORead(uint8_t *bufPtr, const int bufLen) const; 32 bool IsHandshakeFinish() const; 33 int DoHandshake(); 34 void ShowSSLInfo(); 35 int GetOutPending() const; // use with BIO_read and SSL_write 36 int GetInPending() const; // use with BIO_write and SSL_read 37 bool ClearPsk(); 38 bool GenPsk(); 39 bool InputPsk(unsigned char *psk, int pskLen); 40 int GetPskEncrypt(unsigned char *bufPtr, const int bufLen, const string &pubkey); 41 static void SetSSLInfo(SSLInfoPtr hSSLInfo, HSession hsession); 42 int PerformHandshake(vector<uint8_t> &outBuf); 43 bool SetHandshakeLabel(HSession hSession); GetSSLBufLen(const int bufLen)44 inline static int GetSSLBufLen(const int bufLen) 45 { 46 return (bufLen + (((bufLen - 1) / BUF_SIZE_DEFAULT16) + 1) * BUF_SIZE_SSL_HEAD); 47 } 48 49 private: 50 static int RsaPubkeyEncrypt(const unsigned char *inBuf, int inLen, 51 unsigned char *outBuf, int outBufSize, const string &pubkey); 52 int DoSSLWrite(const int bufLen, uint8_t *bufPtr); 53 int DoSSLRead(const int bufLen, int &index, uint8_t *bufPtr); 54 bool isDaemon = false; 55 bool isInited = false; 56 57 protected: 58 static unsigned int PskServerCallback(SSL *ssl, const char *identity, 59 unsigned char *psk, unsigned int maxPskLen); 60 static unsigned int PskClientCallback(SSL *ssl, const char *hint, 61 char *identity, unsigned int maxIdentityLen, unsigned char *psk, unsigned int maxPskLen); 62 virtual bool SetPskCallback() = 0; 63 virtual void SetSSLState() = 0; 64 virtual const SSL_METHOD *SetSSLMethod() = 0; 65 unsigned char preSharedKey[BUF_SIZE_PSK]; // pre-shared key for TLS 1.3, TLS_AES_128_GCM_SHA256(password) 66 string cipher; 67 SSL_CTX *sslCtx = nullptr; 68 SSL *ssl = nullptr; 69 BIO *inBIO = nullptr; // SSL decrypt: BIO_write from buffer to "in" , then SSL read from "in" to another buffer. 70 BIO *outBIO = nullptr; // SSL encrypt: SSL_write form buffer, then BIO_read from "out" to another buffer. 71 }; 72 } // namespace Hdc 73 #endif // HDC_SSL_H