extmod/modssl_mbedtls: Implement SSLSession support.

DvdGiessen · DvdGiessen · commit 57c5d7895d34 · 2023-10-23T18:12:48.000+02:00
Signed-off-by: Daniël van de Giessen &lt;daniel@dvdgiessen.nl&gt;
diff --git a/extmod/modssl_mbedtls.c b/extmod/modssl_mbedtls.c
@@ -61,6 +61,12 @@ typedef struct _mp_obj_ssl_context_t {
     int authmode;
 } mp_obj_ssl_context_t;
 
+// This corresponds to an SSLSession object.
+typedef struct _mp_obj_ssl_session_t {
+    mp_obj_base_t base;
+    mbedtls_ssl_session session;
+} mp_obj_ssl_session_t;
+
 // This corresponds to an SSLSocket object.
 typedef struct _mp_obj_ssl_socket_t {
     mp_obj_base_t base;
@@ -72,11 +78,12 @@ typedef struct _mp_obj_ssl_socket_t {
     int last_error; // The last error code, if any
 } mp_obj_ssl_socket_t;
 
+STATIC const mp_obj_type_t ssl_session_type;
 STATIC const mp_obj_type_t ssl_context_type;
 STATIC const mp_obj_type_t ssl_socket_type;
 
 STATIC mp_obj_t ssl_socket_make_new(mp_obj_ssl_context_t *ssl_context, mp_obj_t sock,
-    bool server_side, bool do_handshake_on_connect, mp_obj_t server_hostname);
+    bool server_side, bool do_handshake_on_connect, mp_obj_t server_hostname, mp_obj_t ssl_session);
 
 /******************************************************************************/
 // Helper functions.
@@ -138,6 +145,60 @@ STATIC NORETURN void mbedtls_raise_error(int err) {
     #endif
 }
 
+/******************************************************************************/
+// SSLSession type.
+
+STATIC mp_obj_t ssl_session_make_new(const mp_obj_type_t *type_in, size_t n_args, size_t n_kw, const mp_obj_t *args) {
+    mp_arg_check_num(n_args, n_kw, 1, 1, false);
+
+    mp_buffer_info_t bufinfo;
+    mp_get_buffer_raise(args[0], &bufinfo, MP_BUFFER_READ);
+
+    mp_obj_ssl_session_t *self = m_new_obj(mp_obj_ssl_session_t);
+    self->base.type = type_in;
+
+    mbedtls_ssl_session_init(&self->session);
+    int ret = mbedtls_ssl_session_load(&self->session, bufinfo.buf, bufinfo.len);
+    if (ret != 0) {
+        mbedtls_raise_error(ret);
+    }
+
+    return MP_OBJ_FROM_PTR(self);
+}
+
+STATIC mp_obj_t ssl_session_serialize(mp_obj_t self_in) {
+    mp_obj_ssl_session_t *self = MP_OBJ_TO_PTR(self_in);
+    size_t len;
+    vstr_t vstr;
+    mbedtls_ssl_session_save(&self->session, NULL, 0, &len);
+    vstr_init_len(&vstr, len);
+    mbedtls_ssl_session_save(&self->session, (unsigned char*) vstr.buf, len, &len);
+    return mp_obj_new_bytes_from_vstr(&vstr);
+}
+STATIC MP_DEFINE_CONST_FUN_OBJ_1(ssl_session_serialize_obj, ssl_session_serialize);
+
+STATIC mp_int_t ssl_session_get_buffer(mp_obj_t self_in, mp_buffer_info_t *bufinfo, mp_uint_t flags) {
+    if (flags != MP_BUFFER_READ) {
+        return 1;
+    }
+    mp_get_buffer_raise(ssl_session_serialize(self_in), bufinfo, flags);
+    return 0;
+}
+
+STATIC const mp_rom_map_elem_t ssl_session_locals_dict_table[] = {
+    { MP_ROM_QSTR(MP_QSTR_serialize), MP_ROM_PTR(&ssl_session_serialize_obj) },
+};
+STATIC MP_DEFINE_CONST_DICT(ssl_session_locals_dict, ssl_session_locals_dict_table);
+
+STATIC MP_DEFINE_CONST_OBJ_TYPE(
+    ssl_session_type,
+    MP_QSTR_SSLSession,
+    MP_TYPE_FLAG_NONE,
+    make_new, ssl_session_make_new,
+    buffer, ssl_session_get_buffer,
+    locals_dict, &ssl_session_locals_dict
+    );
+
 /******************************************************************************/
 // SSLContext type.
 
@@ -277,11 +338,12 @@ STATIC void ssl_context_load_cadata(mp_obj_ssl_context_t *self, mp_obj_t cadata_
 }
 
 STATIC mp_obj_t ssl_context_wrap_socket(size_t n_args, const mp_obj_t *pos_args, mp_map_t *kw_args) {
-    enum { ARG_server_side, ARG_do_handshake_on_connect, ARG_server_hostname };
+    enum { ARG_server_side, ARG_do_handshake_on_connect, ARG_server_hostname, ARG_session };
     static const mp_arg_t allowed_args[] = {
         { MP_QSTR_server_side, MP_ARG_KW_ONLY | MP_ARG_BOOL, {.u_bool = false} },
         { MP_QSTR_do_handshake_on_connect, MP_ARG_KW_ONLY | MP_ARG_BOOL, {.u_bool = true} },
         { MP_QSTR_server_hostname, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} },
+        { MP_QSTR_session, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} },
     };
 
     // Parse arguments.
@@ -292,7 +354,7 @@ STATIC mp_obj_t ssl_context_wrap_socket(size_t n_args, const mp_obj_t *pos_args,
 
     // Create and return the new SSLSocket object.
     return ssl_socket_make_new(self, sock, args[ARG_server_side].u_bool,
-        args[ARG_do_handshake_on_connect].u_bool, args[ARG_server_hostname].u_obj);
+        args[ARG_do_handshake_on_connect].u_bool, args[ARG_server_hostname].u_obj, args[ARG_session].u_obj);
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_KW(ssl_context_wrap_socket_obj, 2, ssl_context_wrap_socket);
 
@@ -352,7 +414,7 @@ STATIC int _mbedtls_ssl_recv(void *ctx, byte *buf, size_t len) {
 }
 
 STATIC mp_obj_t ssl_socket_make_new(mp_obj_ssl_context_t *ssl_context, mp_obj_t sock,
-    bool server_side, bool do_handshake_on_connect, mp_obj_t server_hostname) {
+    bool server_side, bool do_handshake_on_connect, mp_obj_t server_hostname, mp_obj_t ssl_session) {
 
     // Verify the socket object has the full stream protocol
     mp_get_stream_raise(sock, MP_STREAM_OP_READ | MP_STREAM_OP_WRITE | MP_STREAM_OP_IOCTL);
@@ -384,6 +446,14 @@ STATIC mp_obj_t ssl_socket_make_new(mp_obj_ssl_context_t *ssl_context, mp_obj_t
         }
     }
 
+    if (ssl_session != mp_const_none) {
+        mp_obj_ssl_session_t *session = MP_OBJ_TO_PTR(ssl_session);
+        ret = mbedtls_ssl_set_session(&o->ssl, &session->session);
+        if (ret != 0) {
+            goto cleanup;
+        }
+    }
+
     mbedtls_ssl_set_bio(&o->ssl, &o->sock, _mbedtls_ssl_send, _mbedtls_ssl_recv, NULL);
 
     if (do_handshake_on_connect) {
@@ -553,6 +623,36 @@ STATIC mp_uint_t socket_ioctl(mp_obj_t o_in, mp_uint_t request, uintptr_t arg, i
     return ret;
 }
 
+STATIC void ssl_socket_attr(mp_obj_t self_in, qstr attr, mp_obj_t *dest) {
+    mp_obj_ssl_socket_t *self = MP_OBJ_TO_PTR(self_in);
+    if (dest[0] == MP_OBJ_NULL) {
+        // Load attribute.
+        if (attr == MP_QSTR_session) {
+            mp_obj_ssl_session_t *o = m_new_obj(mp_obj_ssl_session_t);
+            o->base.type = &ssl_session_type;
+            mbedtls_ssl_session_init(&o->session);
+            int ret = mbedtls_ssl_get_session(&self->ssl, &o->session);
+            if (ret != 0) {
+                mbedtls_raise_error(ret);
+            }
+            dest[0] = o;
+        } else {
+            // Continue lookup in locals_dict.
+            dest[1] = MP_OBJ_SENTINEL;
+        }
+    } else if (dest[1] != MP_OBJ_NULL) {
+        // Store attribute.
+        if (attr == MP_QSTR_session) {
+            mp_obj_ssl_session_t *ssl_session = MP_OBJ_TO_PTR(dest[1]);
+            dest[0] = MP_OBJ_NULL;
+            int ret = mbedtls_ssl_set_session(&self->ssl, &ssl_session->session);
+            if (ret != 0) {
+                mbedtls_raise_error(ret);
+            }
+        }
+    }
+}
+
 STATIC const mp_rom_map_elem_t ssl_socket_locals_dict_table[] = {
     { MP_ROM_QSTR(MP_QSTR_read), MP_ROM_PTR(&mp_stream_read_obj) },
     { MP_ROM_QSTR(MP_QSTR_readinto), MP_ROM_PTR(&mp_stream_readinto_obj) },
@@ -581,6 +681,7 @@ STATIC MP_DEFINE_CONST_OBJ_TYPE(
     MP_QSTR_SSLSocket,
     MP_TYPE_FLAG_NONE,
     protocol, &ssl_socket_stream_p,
+    attr, ssl_socket_attr,
     locals_dict, &ssl_socket_locals_dict
     );
 
@@ -596,6 +697,7 @@ STATIC mp_obj_t mod_ssl_wrap_socket(size_t n_args, const mp_obj_t *pos_args, mp_
         ARG_cert_reqs,
         ARG_cadata,
         ARG_do_handshake,
+        ARG_session,
     };
     static const mp_arg_t allowed_args[] = {
         { MP_QSTR_key, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} },
@@ -605,6 +707,7 @@ STATIC mp_obj_t mod_ssl_wrap_socket(size_t n_args, const mp_obj_t *pos_args, mp_
         { MP_QSTR_cert_reqs, MP_ARG_KW_ONLY | MP_ARG_INT, {.u_int = MBEDTLS_SSL_VERIFY_NONE}},
         { MP_QSTR_cadata, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} },
         { MP_QSTR_do_handshake, MP_ARG_KW_ONLY | MP_ARG_BOOL, {.u_bool = true} },
+        { MP_QSTR_session, MP_ARG_KW_ONLY | MP_ARG_OBJ, {.u_rom_obj = MP_ROM_NONE} },
     };
 
     // Parse arguments.
@@ -633,7 +736,7 @@ STATIC mp_obj_t mod_ssl_wrap_socket(size_t n_args, const mp_obj_t *pos_args, mp_
 
     // Create and return the new SSLSocket object.
     return ssl_socket_make_new(ssl_context, sock, args[ARG_server_side].u_bool,
-        args[ARG_do_handshake].u_bool, args[ARG_server_hostname].u_obj);
+        args[ARG_do_handshake].u_bool, args[ARG_server_hostname].u_obj, args[ARG_session].u_obj);
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_KW(mod_ssl_wrap_socket_obj, 1, mod_ssl_wrap_socket);
 
@@ -645,6 +748,7 @@ STATIC const mp_rom_map_elem_t mp_module_ssl_globals_table[] = {
 
     // Classes.
     { MP_ROM_QSTR(MP_QSTR_SSLContext), MP_ROM_PTR(&ssl_context_type) },
+    { MP_ROM_QSTR(MP_QSTR_SSLSession), MP_ROM_PTR(&ssl_session_type) },
 
     // Constants.
     { MP_ROM_QSTR(MP_QSTR_PROTOCOL_TLS_CLIENT), MP_ROM_INT(MBEDTLS_SSL_IS_CLIENT) },
