2009-11-06 00:43:29 +00:00
|
|
|
// Copyright 2009 The Go Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
// This package partially implements the TLS 1.1 protocol, as specified in RFC 4346.
|
|
|
|
package tls
|
|
|
|
|
|
|
|
import (
|
2009-12-15 23:33:31 +00:00
|
|
|
"io"
|
|
|
|
"os"
|
|
|
|
"net"
|
|
|
|
"time"
|
2009-11-06 00:43:29 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// A Conn represents a secure connection.
|
|
|
|
type Conn struct {
|
2009-12-15 23:33:31 +00:00
|
|
|
net.Conn
|
|
|
|
writeChan chan<- []byte
|
|
|
|
readChan <-chan []byte
|
|
|
|
requestChan chan<- interface{}
|
|
|
|
readBuf []byte
|
|
|
|
eof bool
|
|
|
|
readTimeout, writeTimeout int64
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func timeout(c chan<- bool, nsecs int64) {
|
2009-12-15 23:33:31 +00:00
|
|
|
time.Sleep(nsecs)
|
|
|
|
c <- true
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (tls *Conn) Read(p []byte) (int, os.Error) {
|
|
|
|
if len(tls.readBuf) == 0 {
|
|
|
|
if tls.eof {
|
2009-11-09 20:07:39 +00:00
|
|
|
return 0, os.EOF
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
2009-12-15 23:33:31 +00:00
|
|
|
var timeoutChan chan bool
|
2009-11-06 00:43:29 +00:00
|
|
|
if tls.readTimeout > 0 {
|
2009-12-15 23:33:31 +00:00
|
|
|
timeoutChan = make(chan bool)
|
|
|
|
go timeout(timeoutChan, tls.readTimeout)
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
select {
|
|
|
|
case b := <-tls.readChan:
|
2009-11-09 20:07:39 +00:00
|
|
|
tls.readBuf = b
|
2009-11-06 00:43:29 +00:00
|
|
|
case <-timeoutChan:
|
2009-11-09 20:07:39 +00:00
|
|
|
return 0, os.EAGAIN
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// TLS distinguishes between orderly closes and truncations. An
|
|
|
|
// orderly close is represented by a zero length slice.
|
|
|
|
if closed(tls.readChan) {
|
2009-11-09 20:07:39 +00:00
|
|
|
return 0, io.ErrUnexpectedEOF
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
if len(tls.readBuf) == 0 {
|
2009-12-15 23:33:31 +00:00
|
|
|
tls.eof = true
|
|
|
|
return 0, os.EOF
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-12-15 23:33:31 +00:00
|
|
|
n := copy(p, tls.readBuf)
|
|
|
|
tls.readBuf = tls.readBuf[n:]
|
|
|
|
return n, nil
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (tls *Conn) Write(p []byte) (int, os.Error) {
|
|
|
|
if tls.eof || closed(tls.readChan) {
|
2009-11-09 20:07:39 +00:00
|
|
|
return 0, os.EOF
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
2009-12-15 23:33:31 +00:00
|
|
|
var timeoutChan chan bool
|
2009-11-06 00:43:29 +00:00
|
|
|
if tls.writeTimeout > 0 {
|
2009-12-15 23:33:31 +00:00
|
|
|
timeoutChan = make(chan bool)
|
|
|
|
go timeout(timeoutChan, tls.writeTimeout)
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
select {
|
|
|
|
case tls.writeChan <- p:
|
|
|
|
case <-timeoutChan:
|
2009-11-09 20:07:39 +00:00
|
|
|
return 0, os.EAGAIN
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
2009-12-15 23:33:31 +00:00
|
|
|
return len(p), nil
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (tls *Conn) Close() os.Error {
|
2009-12-15 23:33:31 +00:00
|
|
|
close(tls.writeChan)
|
|
|
|
close(tls.requestChan)
|
|
|
|
tls.eof = true
|
|
|
|
return nil
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (tls *Conn) SetTimeout(nsec int64) os.Error {
|
2009-12-15 23:33:31 +00:00
|
|
|
tls.readTimeout = nsec
|
|
|
|
tls.writeTimeout = nsec
|
|
|
|
return nil
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (tls *Conn) SetReadTimeout(nsec int64) os.Error {
|
2009-12-15 23:33:31 +00:00
|
|
|
tls.readTimeout = nsec
|
|
|
|
return nil
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (tls *Conn) SetWriteTimeout(nsec int64) os.Error {
|
2009-12-15 23:33:31 +00:00
|
|
|
tls.writeTimeout = nsec
|
|
|
|
return nil
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (tls *Conn) GetConnectionState() ConnectionState {
|
2009-12-15 23:33:31 +00:00
|
|
|
replyChan := make(chan ConnectionState)
|
|
|
|
tls.requestChan <- getConnectionState{replyChan}
|
|
|
|
return <-replyChan
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
2009-11-21 23:53:03 +00:00
|
|
|
func (tls *Conn) WaitConnectionState() ConnectionState {
|
2009-12-15 23:33:31 +00:00
|
|
|
replyChan := make(chan ConnectionState)
|
|
|
|
tls.requestChan <- waitConnectionState{replyChan}
|
|
|
|
return <-replyChan
|
2009-11-21 23:53:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type handshaker interface {
|
2009-12-15 23:33:31 +00:00
|
|
|
loop(writeChan chan<- interface{}, controlChan chan<- interface{}, msgChan <-chan interface{}, config *Config)
|
2009-11-21 23:53:03 +00:00
|
|
|
}
|
|
|
|
|
2009-11-06 00:43:29 +00:00
|
|
|
// Server establishes a secure connection over the given connection and acts
|
|
|
|
// as a TLS server.
|
2009-11-21 23:53:03 +00:00
|
|
|
func startTLSGoroutines(conn net.Conn, h handshaker, config *Config) *Conn {
|
2010-04-05 22:38:02 +01:00
|
|
|
if config == nil {
|
|
|
|
config = defaultConfig()
|
|
|
|
}
|
2009-12-15 23:33:31 +00:00
|
|
|
tls := new(Conn)
|
|
|
|
tls.Conn = conn
|
2009-11-06 00:43:29 +00:00
|
|
|
|
2009-12-15 23:33:31 +00:00
|
|
|
writeChan := make(chan []byte)
|
|
|
|
readChan := make(chan []byte)
|
|
|
|
requestChan := make(chan interface{})
|
2009-11-06 00:43:29 +00:00
|
|
|
|
2009-12-15 23:33:31 +00:00
|
|
|
tls.writeChan = writeChan
|
|
|
|
tls.readChan = readChan
|
|
|
|
tls.requestChan = requestChan
|
2009-11-06 00:43:29 +00:00
|
|
|
|
2009-12-15 23:33:31 +00:00
|
|
|
handshakeWriterChan := make(chan interface{})
|
|
|
|
processorHandshakeChan := make(chan interface{})
|
|
|
|
handshakeProcessorChan := make(chan interface{})
|
|
|
|
readerProcessorChan := make(chan *record)
|
2009-11-06 00:43:29 +00:00
|
|
|
|
2009-12-15 23:33:31 +00:00
|
|
|
go new(recordWriter).loop(conn, writeChan, handshakeWriterChan)
|
|
|
|
go recordReader(readerProcessorChan, conn)
|
|
|
|
go new(recordProcessor).loop(readChan, requestChan, handshakeProcessorChan, readerProcessorChan, processorHandshakeChan)
|
|
|
|
go h.loop(handshakeWriterChan, handshakeProcessorChan, processorHandshakeChan, config)
|
2009-11-06 00:43:29 +00:00
|
|
|
|
2009-12-15 23:33:31 +00:00
|
|
|
return tls
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
2009-11-21 23:53:03 +00:00
|
|
|
func Server(conn net.Conn, config *Config) *Conn {
|
|
|
|
return startTLSGoroutines(conn, new(serverHandshake), config)
|
|
|
|
}
|
|
|
|
|
|
|
|
func Client(conn net.Conn, config *Config) *Conn {
|
|
|
|
return startTLSGoroutines(conn, new(clientHandshake), config)
|
|
|
|
}
|
|
|
|
|
2009-11-06 00:43:29 +00:00
|
|
|
type Listener struct {
|
2009-12-15 23:33:31 +00:00
|
|
|
listener net.Listener
|
|
|
|
config *Config
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
2009-12-28 19:40:01 +00:00
|
|
|
func (l *Listener) Accept() (c net.Conn, err os.Error) {
|
2009-12-15 23:33:31 +00:00
|
|
|
c, err = l.listener.Accept()
|
2009-11-06 00:43:29 +00:00
|
|
|
if err != nil {
|
2009-11-09 20:07:39 +00:00
|
|
|
return
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
2009-12-15 23:33:31 +00:00
|
|
|
c = Server(c, l.config)
|
|
|
|
return
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
|
|
|
|
2009-12-28 19:40:01 +00:00
|
|
|
func (l *Listener) Close() os.Error { return l.listener.Close() }
|
2009-11-06 00:43:29 +00:00
|
|
|
|
2009-12-28 19:40:01 +00:00
|
|
|
func (l *Listener) Addr() net.Addr { return l.listener.Addr() }
|
2009-11-06 00:43:29 +00:00
|
|
|
|
|
|
|
// NewListener creates a Listener which accepts connections from an inner
|
|
|
|
// Listener and wraps each connection with Server.
|
2009-12-28 19:40:01 +00:00
|
|
|
func NewListener(listener net.Listener, config *Config) (l *Listener) {
|
2010-04-05 22:38:02 +01:00
|
|
|
if config == nil {
|
|
|
|
config = defaultConfig()
|
|
|
|
}
|
2009-12-28 19:40:01 +00:00
|
|
|
l = new(Listener)
|
2009-12-15 23:33:31 +00:00
|
|
|
l.listener = listener
|
|
|
|
l.config = config
|
|
|
|
return
|
2009-11-06 00:43:29 +00:00
|
|
|
}
|
2010-04-05 22:38:02 +01:00
|
|
|
|
|
|
|
func Listen(network, laddr string) (net.Listener, os.Error) {
|
|
|
|
l, err := net.Listen(network, laddr)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return NewListener(l, nil), nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func Dial(network, laddr, raddr string) (net.Conn, os.Error) {
|
|
|
|
c, err := net.Dial(network, laddr, raddr)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return Client(c, nil), nil
|
|
|
|
}
|