Context Navigation

ssl_sbb.pas

Last change on this file was 300, checked in by chronos, 13 years ago
Added: Synapse library with package file. Cryptlib units are not included in package file list.
File size: 20.6 KB

Line
1	{==============================================================================\|
2	\| Project : Ararat Synapse \| 001.000.003 \|
3	\|==============================================================================\|
4	\| Content: SSL support for SecureBlackBox \|
5	\|==============================================================================\|
6	\| Copyright (c)1999-2005, Lukas Gebauer \|
7	\| All rights reserved. \|
8	\| \|
9	\| Redistribution and use in source and binary forms, with or without \|
10	\| modification, are permitted provided that the following conditions are met: \|
11	\| \|
12	\| Redistributions of source code must retain the above copyright notice, this \|
13	\| list of conditions and the following disclaimer. \|
14	\| \|
15	\| Redistributions in binary form must reproduce the above copyright notice, \|
16	\| this list of conditions and the following disclaimer in the documentation \|
17	\| and/or other materials provided with the distribution. \|
18	\| \|
19	\| Neither the name of Lukas Gebauer nor the names of its contributors may \|
20	\| be used to endorse or promote products derived from this software without \|
21	\| specific prior written permission. \|
22	\| \|
23	\| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" \|
24	\| AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE \|
25	\| IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE \|
26	\| ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR \|
27	\| ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL \|
28	\| DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR \|
29	\| SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER \|
30	\| CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT \|
31	\| LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY \|
32	\| OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH \|
33	\| DAMAGE. \|
34	\|==============================================================================\|
35	\| The Initial Developer of the Original Code is Lukas Gebauer (Czech Republic).\|
36	\| Portions created by Lukas Gebauer are Copyright (c)2005. \|
37	\| All Rights Reserved. \|
38	\|==============================================================================\|
39	\| Contributor(s): \|
40	\| Allen Drennan (adrennan@wiredred.com) \|
41	\|==============================================================================\|
42	\| History: see HISTORY.HTM from distribution package \|
43	\| (Found at URL: http://www.ararat.cz/synapse/) \|
44	\|==============================================================================}
45
46	{:@abstract(SSL plugin for Eldos SecureBlackBox)
47
48	For handling keys and certificates you can use this properties:
49	@link(TCustomSSL.CertCAFile), @link(TCustomSSL.CertCA),
50	@link(TCustomSSL.TrustCertificateFile), @link(TCustomSSL.TrustCertificate),
51	@link(TCustomSSL.PrivateKeyFile), @link(TCustomSSL.PrivateKey),
52	@link(TCustomSSL.CertificateFile), @link(TCustomSSL.Certificate),
53	@link(TCustomSSL.PFXFile). For usage of this properties and for possible formats
54	of keys and certificates refer to SecureBlackBox documentation.
55	}
56
57	{$IFDEF FPC}
58	{$MODE DELPHI}
59	{$ENDIF}
60	{$H+}
61
62	unit ssl_sbb;
63
64	interface
65
66	uses
67	SysUtils, Classes, Windows, blcksock, synsock, synautil, synacode,
68	SBClient, SBServer, SBX509, SBWinCertStorage, SBCustomCertStorage,
69	SBUtils, SBConstants, SBSessionPool;
70
71
72	const
73	DEFAULT_RECV_BUFFER=32768;
74
75	type
76	{:@abstract(class implementing SecureBlackbox SSL plugin.)
77	Instance of this class will be created for each @link(TTCPBlockSocket).
78	You not need to create instance of this class, all is done by Synapse itself!}
79	TSSLSBB=class(TCustomSSL)
80	protected
81	FServer: Boolean;
82	FElSecureClient:TElSecureClient;
83	FElSecureServer:TElSecureServer;
84	FElCertStorage:TElMemoryCertStorage;
85	FElX509Certificate:TElX509Certificate;
86	FElX509CACertificate:TElX509Certificate;
87	FCipherSuites:TBits;
88	private
89	FRecvBuffer:String;
90	FRecvBuffers:String;
91	FRecvBuffersLock:TRTLCriticalSection;
92	FRecvDecodedBuffers:String;
93	function GetCipherSuite:Integer;
94	procedure Reset;
95	function Prepare(Server:Boolean):Boolean;
96	procedure OnError(Sender:TObject; ErrorCode:Integer; Fatal:Boolean; Remote:Boolean);
97	procedure OnSend(Sender:TObject;Buffer:Pointer;Size:LongInt);
98	procedure OnReceive(Sender:TObject;Buffer:Pointer;MaxSize:LongInt;var Written:LongInt);
99	procedure OnData(Sender:TObject;Buffer:Pointer;Size:LongInt);
100	public
101	constructor Create(const Value: TTCPBlockSocket); override;
102	destructor Destroy; override;
103	{:See @inherited}
104	function LibVersion: String; override;
105	{:See @inherited}
106	function LibName: String; override;
107	{:See @inherited and @link(ssl_sbb) for more details.}
108	function Connect: boolean; override;
109	{:See @inherited and @link(ssl_sbb) for more details.}
110	function Accept: boolean; override;
111	{:See @inherited}
112	function Shutdown: boolean; override;
113	{:See @inherited}
114	function BiShutdown: boolean; override;
115	{:See @inherited}
116	function SendBuffer(Buffer: TMemory; Len: Integer): Integer; override;
117	{:See @inherited}
118	function RecvBuffer(Buffer: TMemory; Len: Integer): Integer; override;
119	{:See @inherited}
120	function WaitingData: Integer; override;
121	{:See @inherited}
122	function GetSSLVersion: string; override;
123	{:See @inherited}
124	function GetPeerSubject: string; override;
125	{:See @inherited}
126	function GetPeerIssuer: string; override;
127	{:See @inherited}
128	function GetPeerName: string; override;
129	{:See @inherited}
130	function GetPeerFingerprint: string; override;
131	{:See @inherited}
132	function GetCertInfo: string; override;
133	published
134	property ElSecureClient:TElSecureClient read FElSecureClient write FElSecureClient;
135	property ElSecureServer:TElSecureServer read FElSecureServer write FElSecureServer;
136	property CipherSuites:TBits read FCipherSuites write FCipherSuites;
137	property CipherSuite:Integer read GetCipherSuite;
138	end;
139
140	implementation
141
142	var
143	FAcceptThread:THandle=0;
144
145	// on error
146	procedure TSSLSBB.OnError(Sender:TObject; ErrorCode:Integer; Fatal:Boolean; Remote:Boolean);
147
148	begin
149	FLastErrorDesc:='';
150	FLastError:=ErrorCode;
151	end;
152
153	// on send
154	procedure TSSLSBB.OnSend(Sender:TObject;Buffer:Pointer;Size:LongInt);
155
156	var
157	lResult:Integer;
158
159	begin
160	if FSocket.Socket=INVALID_SOCKET then
161	Exit;
162	lResult:=Send(FSocket.Socket,Buffer,Size,0);
163	if lResult=SOCKET_ERROR then
164	begin
165	FLastErrorDesc:='';
166	FLastError:=WSAGetLastError;
167	end;
168	end;
169
170	// on receive
171	procedure TSSLSBB.OnReceive(Sender:TObject;Buffer:Pointer;MaxSize:LongInt;var Written:LongInt);
172
173	begin
174	if GetCurrentThreadId<>FAcceptThread then EnterCriticalSection(FRecvBuffersLock);
175	try
176	if Length(FRecvBuffers)<=MaxSize then
177	begin
178	Written:=Length(FRecvBuffers);
179	Move(FRecvBuffers[1],Buffer^,Written);
180	FRecvBuffers:='';
181	end
182	else
183	begin
184	Written:=MaxSize;
185	Move(FRecvBuffers[1],Buffer^,Written);
186	Delete(FRecvBuffers,1,Written);
187	end;
188	finally
189	if GetCurrentThreadId<>FAcceptThread then LeaveCriticalSection(FRecvBuffersLock);
190	end;
191	end;
192
193	// on data
194	procedure TSSLSBB.OnData(Sender:TObject;Buffer:Pointer;Size:LongInt);
195
196	var
197	lString:String;
198
199	begin
200	SetLength(lString,Size);
201	Move(Buffer^,lString[1],Size);
202	FRecvDecodedBuffers:=FRecvDecodedBuffers+lString;
203	end;
204
205	{ inherited }
206
207	constructor TSSLSBB.Create(const Value: TTCPBlockSocket);
208
209	var
210	loop1:Integer;
211
212	begin
213	inherited Create(Value);
214	FServer:=FALSE;
215	FElSecureClient:=NIL;
216	FElSecureServer:=NIL;
217	FElCertStorage:=NIL;
218	FElX509Certificate:=NIL;
219	FElX509CACertificate:=NIL;
220	SetLength(FRecvBuffer,DEFAULT_RECV_BUFFER);
221	FRecvBuffers:='';
222	InitializeCriticalSection(FRecvBuffersLock);
223	FRecvDecodedBuffers:='';
224	FCipherSuites:=TBits.Create;
225	if FCipherSuites<>NIL then
226	begin
227	FCipherSuites.Size:=SB_SUITE_LAST+1;
228	for loop1:=SB_SUITE_FIRST to SB_SUITE_LAST do
229	FCipherSuites[loop1]:=TRUE;
230	end;
231	end;
232
233	destructor TSSLSBB.Destroy;
234
235	begin
236	Reset;
237	inherited Destroy;
238	if FCipherSuites<>NIL then
239	FreeAndNIL(FCipherSuites);
240	DeleteCriticalSection(FRecvBuffersLock);
241	end;
242
243	function TSSLSBB.LibVersion: String;
244
245	begin
246	Result:='SecureBlackBox';
247	end;
248
249	function TSSLSBB.LibName: String;
250
251	begin
252	Result:='ssl_sbb';
253	end;
254
255	function FileToString(lFile:String):String;
256
257	var
258	lStream:TMemoryStream;
259
260	begin
261	Result:='';
262	lStream:=TMemoryStream.Create;
263	if lStream<>NIL then
264	begin
265	lStream.LoadFromFile(lFile);
266	if lStream.Size>0 then
267	begin
268	lStream.Position:=0;
269	SetLength(Result,lStream.Size);
270	Move(lStream.Memory^,Result[1],lStream.Size);
271	end;
272	lStream.Free;
273	end;
274	end;
275
276	function TSSLSBB.GetCipherSuite:Integer;
277
278	begin
279	if FServer then
280	Result:=FElSecureServer.CipherSuite
281	else
282	Result:=FElSecureClient.CipherSuite;
283	end;
284
285	procedure TSSLSBB.Reset;
286
287	begin
288	if FElSecureServer<>NIL then
289	FreeAndNIL(FElSecureServer);
290	if FElSecureClient<>NIL then
291	FreeAndNIL(FElSecureClient);
292	if FElX509Certificate<>NIL then
293	FreeAndNIL(FElX509Certificate);
294	if FElX509CACertificate<>NIL then
295	FreeAndNIL(FElX509CACertificate);
296	if FElCertStorage<>NIL then
297	FreeAndNIL(FElCertStorage);
298	FSSLEnabled:=FALSE;
299	end;
300
301	function TSSLSBB.Prepare(Server:Boolean): Boolean;
302
303	var
304	loop1:Integer;
305	lStream:TMemoryStream;
306	lCertificate,lPrivateKey,lCertCA:String;
307
308	begin
309	Result:=FALSE;
310	FServer:=Server;
311
312	// reset, if necessary
313	Reset;
314
315	// init, certificate
316	if FCertificateFile<>'' then
317	lCertificate:=FileToString(FCertificateFile)
318	else
319	lCertificate:=FCertificate;
320	if FPrivateKeyFile<>'' then
321	lPrivateKey:=FileToString(FPrivateKeyFile)
322	else
323	lPrivateKey:=FPrivateKey;
324	if FCertCAFile<>'' then
325	lCertCA:=FileToString(FCertCAFile)
326	else
327	lCertCA:=FCertCA;
328	if (lCertificate<>'') and (lPrivateKey<>'') then
329	begin
330	FElCertStorage:=TElMemoryCertStorage.Create(NIL);
331	if FElCertStorage<>NIL then
332	FElCertStorage.Clear;
333
334	// apply ca certificate
335	if lCertCA<>'' then
336	begin
337	FElX509CACertificate:=TElX509Certificate.Create(NIL);
338	if FElX509CACertificate<>NIL then
339	begin
340	with FElX509CACertificate do
341	begin
342	lStream:=TMemoryStream.Create;
343	try
344	WriteStrToStream(lStream,lCertCA);
345	lStream.Seek(0,soFromBeginning);
346	LoadFromStream(lStream);
347	finally
348	lStream.Free;
349	end;
350	end;
351	if FElCertStorage<>NIL then
352	FElCertStorage.Add(FElX509CACertificate);
353	end;
354	end;
355
356	// apply certificate
357	FElX509Certificate:=TElX509Certificate.Create(NIL);
358	if FElX509Certificate<>NIL then
359	begin
360	with FElX509Certificate do
361	begin
362	lStream:=TMemoryStream.Create;
363	try
364	WriteStrToStream(lStream,lCertificate);
365	lStream.Seek(0,soFromBeginning);
366	LoadFromStream(lStream);
367	finally
368	lStream.Free;
369	end;
370	lStream:=TMemoryStream.Create;
371	try
372	WriteStrToStream(lStream,lPrivateKey);
373	lStream.Seek(0,soFromBeginning);
374	LoadKeyFromStream(lStream);
375	finally
376	lStream.Free;
377	end;
378	if FElCertStorage<>NIL then
379	FElCertStorage.Add(FElX509Certificate);
380	end;
381	end;
382	end;
383
384	// init, as server
385	if FServer then
386	begin
387	FElSecureServer:=TElSecureServer.Create(NIL);
388	if FElSecureServer<>NIL then
389	begin
390	// init, ciphers
391	for loop1:=SB_SUITE_FIRST to SB_SUITE_LAST do
392	FElSecureServer.CipherSuites[loop1]:=FCipherSuites[loop1];
393	FElSecureServer.Versions:=[sbSSL2,sbSSL3,sbTLS1];
394	FElSecureServer.ClientAuthentication:=FALSE;
395	FElSecureServer.OnError:=OnError;
396	FElSecureServer.OnSend:=OnSend;
397	FElSecureServer.OnReceive:=OnReceive;
398	FElSecureServer.OnData:=OnData;
399	FElSecureServer.CertStorage:=FElCertStorage;
400	Result:=TRUE;
401	end;
402	end
403	else
404	// init, as client
405	begin
406	FElSecureClient:=TElSecureClient.Create(NIL);
407	if FElSecureClient<>NIL then
408	begin
409	// init, ciphers
410	for loop1:=SB_SUITE_FIRST to SB_SUITE_LAST do
411	FElSecureClient.CipherSuites[loop1]:=FCipherSuites[loop1];
412	FElSecureClient.Versions:=[sbSSL3,sbTLS1];
413	FElSecureClient.OnError:=OnError;
414	FElSecureClient.OnSend:=OnSend;
415	FElSecureClient.OnReceive:=OnReceive;
416	FElSecureClient.OnData:=OnData;
417	FElSecureClient.CertStorage:=FElCertStorage;
418	Result:=TRUE;
419	end;
420	end;
421	end;
422
423	function TSSLSBB.Connect:Boolean;
424
425	var
426	lResult:Integer;
427
428	begin
429	Result:=FALSE;
430	if FSocket.Socket=INVALID_SOCKET then
431	Exit;
432	if Prepare(FALSE) then
433	begin
434	FElSecureClient.Open;
435
436	// reset
437	FRecvBuffers:='';
438	FRecvDecodedBuffers:='';
439
440	// wait for open or error
441	while (not FElSecureClient.Active) and
442	(FLastError=0) do
443	begin
444	// data available?
445	if FRecvBuffers<>'' then
446	FElSecureClient.DataAvailable
447	else
448	begin
449	// socket recv
450	lResult:=Recv(FSocket.Socket,@FRecvBuffer[1],Length(FRecvBuffer),0);
451	if lResult=SOCKET_ERROR then
452	begin
453	FLastErrorDesc:='';
454	FLastError:=WSAGetLastError;
455	end
456	else
457	begin
458	if lResult>0 then
459	FRecvBuffers:=FRecvBuffers+Copy(FRecvBuffer,1,lResult)
460	else
461	Break;
462	end;
463	end;
464	end;
465	if FLastError<>0 then
466	Exit;
467	FSSLEnabled:=FElSecureClient.Active;
468	Result:=FSSLEnabled;
469	end;
470	end;
471
472	function TSSLSBB.Accept:Boolean;
473
474	var
475	lResult:Integer;
476
477	begin
478	Result:=FALSE;
479	if FSocket.Socket=INVALID_SOCKET then
480	Exit;
481	if Prepare(TRUE) then
482	begin
483	FAcceptThread:=GetCurrentThreadId;
484	FElSecureServer.Open;
485
486	// reset
487	FRecvBuffers:='';
488	FRecvDecodedBuffers:='';
489
490	// wait for open or error
491	while (not FElSecureServer.Active) and
492	(FLastError=0) do
493	begin
494	// data available?
495	if FRecvBuffers<>'' then
496	FElSecureServer.DataAvailable
497	else
498	begin
499	// socket recv
500	lResult:=Recv(FSocket.Socket,@FRecvBuffer[1],Length(FRecvBuffer),0);
501	if lResult=SOCKET_ERROR then
502	begin
503	FLastErrorDesc:='';
504	FLastError:=WSAGetLastError;
505	end
506	else
507	begin
508	if lResult>0 then
509	FRecvBuffers:=FRecvBuffers+Copy(FRecvBuffer,1,lResult)
510	else
511	Break;
512	end;
513	end;
514	end;
515	if FLastError<>0 then
516	Exit;
517	FSSLEnabled:=FElSecureServer.Active;
518	Result:=FSSLEnabled;
519	end;
520	end;
521
522	function TSSLSBB.Shutdown:Boolean;
523
524	begin
525	Result:=BiShutdown;
526	end;
527
528	function TSSLSBB.BiShutdown: boolean;
529
530	begin
531	Reset;
532	Result:=TRUE;
533	end;
534
535	function TSSLSBB.SendBuffer(Buffer: TMemory; Len: Integer): Integer;
536
537	begin
538	if FServer then
539	FElSecureServer.SendData(Buffer,Len)
540	else
541	FElSecureClient.SendData(Buffer,Len);
542	Result:=Len;
543	end;
544
545	function TSSLSBB.RecvBuffer(Buffer: TMemory; Len: Integer): Integer;
546
547	begin
548	Result:=0;
549	try
550	// recv waiting, if necessary
551	if FRecvDecodedBuffers='' then
552	WaitingData;
553
554	// received
555	if Length(FRecvDecodedBuffers)<Len then
556	begin
557	Result:=Length(FRecvDecodedBuffers);
558	Move(FRecvDecodedBuffers[1],Buffer^,Result);
559	FRecvDecodedBuffers:='';
560	end
561	else
562	begin
563	Result:=Len;
564	Move(FRecvDecodedBuffers[1],Buffer^,Result);
565	Delete(FRecvDecodedBuffers,1,Result);
566	end;
567	except
568	// ignore
569	end;
570	end;
571
572	function TSSLSBB.WaitingData: Integer;
573
574	var
575	lResult:Integer;
576	lRecvBuffers:Boolean;
577
578	begin
579	Result:=0;
580	if FSocket.Socket=INVALID_SOCKET then
581	Exit;
582	// data available?
583	if GetCurrentThreadId<>FAcceptThread then EnterCriticalSection(FRecvBuffersLock);
584	try
585	lRecvBuffers:=FRecvBuffers<>'';
586	finally
587	if GetCurrentThreadId<>FAcceptThread then LeaveCriticalSection(FRecvBuffersLock);
588	end;
589	if lRecvBuffers then
590	begin
591	if FServer then
592	FElSecureServer.DataAvailable
593	else
594	FElSecureClient.DataAvailable;
595	end
596	else
597	begin
598	// socket recv
599	lResult:=Recv(FSocket.Socket,@FRecvBuffer[1],Length(FRecvBuffer),0);
600	if lResult=SOCKET_ERROR then
601	begin
602	FLastErrorDesc:='';
603	FLastError:=WSAGetLastError;
604	end
605	else
606	begin
607	if GetCurrentThreadId<>FAcceptThread then EnterCriticalSection(FRecvBuffersLock);
608	try
609	FRecvBuffers:=FRecvBuffers+Copy(FRecvBuffer,1,lResult);
610	finally
611	if GetCurrentThreadId<>FAcceptThread then LeaveCriticalSection(FRecvBuffersLock);
612	end;
613
614	// data available?
615	if GetCurrentThreadId<>FAcceptThread then EnterCriticalSection(FRecvBuffersLock);
616	try
617	lRecvBuffers:=FRecvBuffers<>'';
618	finally
619	if GetCurrentThreadId<>FAcceptThread then LeaveCriticalSection(FRecvBuffersLock);
620	end;
621	if lRecvBuffers then
622	begin
623	if FServer then
624	FElSecureServer.DataAvailable
625	else
626	FElSecureClient.DataAvailable;
627	end;
628	end;
629	end;
630
631	// decoded buffers result
632	Result:=Length(FRecvDecodedBuffers);
633	end;
634
635	function TSSLSBB.GetSSLVersion: string;
636
637	begin
638	Result:='SSLv3 or TLSv1';
639	end;
640
641	function TSSLSBB.GetPeerSubject: string;
642
643	begin
644	Result := '';
645	// if FServer then
646	// must return subject of the client certificate
647	// else
648	// must return subject of the server certificate
649	end;
650
651	function TSSLSBB.GetPeerName: string;
652
653	begin
654	Result := '';
655	// if FServer then
656	// must return commonname of the client certificate
657	// else
658	// must return commonname of the server certificate
659	end;
660
661	function TSSLSBB.GetPeerIssuer: string;
662
663	begin
664	Result := '';
665	// if FServer then
666	// must return issuer of the client certificate
667	// else
668	// must return issuer of the server certificate
669	end;
670
671	function TSSLSBB.GetPeerFingerprint: string;
672
673	begin
674	Result := '';
675	// if FServer then
676	// must return a unique hash string of the client certificate
677	// else
678	// must return a unique hash string of the server certificate
679	end;
680
681	function TSSLSBB.GetCertInfo: string;
682
683	begin
684	Result := '';
685	// if FServer then
686	// must return a text representation of the ASN of the client certificate
687	// else
688	// must return a text representation of the ASN of the server certificate
689	end;
690
691	{==============================================================================}
692
693	initialization
694	SSLImplementation := TSSLSBB;
695
696	finalization
697
698	end.

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: Network/synapse/ssl_sbb.pas

Download in other formats: