1 files changed, 94 insertions, 65 deletions
diff --git a/libtransport/src/implementation/tls_socket_producer.cc b/libtransport/src/implementation/tls_socket_producer.cc
index 9a5b94a1c..339a1ad58 100644
--- a/libtransport/src/implementation/tls_socket_producer.cc
+++ b/libtransport/src/implementation/tls_socket_producer.cc
@@ -48,18 +48,17 @@ int TLSProducerSocket::readOld(BIO *b, char *buf, int size) {
   TLSProducerSocket *socket;
   socket = (TLSProducerSocket *)BIO_get_data(b);
 
-  /* take a lock on the mutex. It will be unlocked by */
   std::unique_lock<std::mutex> lck(socket->mtx_);
+
   if (!socket->something_to_read_) {
     (socket->cv_).wait(lck);
   }
 
-  /* Either there already is something to read, or the thread has been waken up
-   */
-  /* must return the payload in the interest */
-
-  utils::MemBuf *membuf = socket->packet_->next();
+  /* Either there already is something to read, or the thread has been waken up.
+   * We must return the payload in the interest anyway */
+  utils::MemBuf *membuf = socket->handshake_packet_->next();
   int size_to_read;
+
   if ((int)membuf->length() > size) {
     size_to_read = size;
   } else {
@@ -97,11 +96,11 @@ int TLSProducerSocket::writeOld(BIO *b, const char *buf, int num) {
   TLSProducerSocket *socket;
   socket = (TLSProducerSocket *)BIO_get_data(b);
 
-  if ((SSL_in_before(socket->ssl_) || SSL_in_init(socket->ssl_)) &&
-      socket->first_) {
+  if (socket->getHandshakeState() != SERVER_FINISHED && socket->first_) {
+    bool making_manifest = socket->parent_->making_manifest_;
+
     //! socket->tls_chunks_ corresponds to is_last
     socket->tls_chunks_--;
-    bool making_manifest = socket->parent_->making_manifest_;
     socket->parent_->setSocketOption(GeneralTransportOptions::MAKE_MANIFEST,
                                      false);
     socket->parent_->ProducerSocket::produce(
@@ -116,16 +115,21 @@ int TLSProducerSocket::writeOld(BIO *b, const char *buf, int num) {
     std::unique_ptr<utils::MemBuf> mbuf =
         utils::MemBuf::copyBuffer(buf, (std::size_t)num, 0, 0);
     auto a = mbuf.release();
+
     socket->async_thread_.add([socket = socket, a]() {
+      auto mbuf = std::unique_ptr<utils::MemBuf>(a);
+
       socket->tls_chunks_--;
       socket->to_call_oncontentproduced_--;
-      auto mbuf = std::unique_ptr<utils::MemBuf>(a);
+
       socket->last_segment_ += socket->ProducerSocket::produce(
           socket->name_, std::move(mbuf), socket->tls_chunks_ == 0,
           socket->last_segment_);
+
       ProducerContentCallback on_content_produced_application;
       socket->getSocketOption(ProducerCallbacksOptions::CONTENT_PRODUCED,
                               on_content_produced_application);
+
       if (socket->to_call_oncontentproduced_ == 0 &&
           on_content_produced_application) {
         on_content_produced_application(*socket->getInterface(),
@@ -144,8 +148,10 @@ TLSProducerSocket::TLSProducerSocket(interface::ProducerSocket *producer_socket,
       on_content_produced_application_(),
       mtx_(),
       cv_(),
-      something_to_read_(),
+      something_to_read_(false),
+      handshake_state_(UNINITIATED),
       name_(),
+      handshake_packet_(),
       last_segment_(0),
       parent_(parent),
       first_(true),
@@ -157,9 +163,7 @@ TLSProducerSocket::TLSProducerSocket(interface::ProducerSocket *producer_socket,
   const SSL_METHOD *meth = TLS_server_method();
   ctx_ = SSL_CTX_new(meth);
 
-  /*
-   * Setup SSL context (identity and parameter to use TLS 1.3)
-   */
+  /* Setup SSL context (identity and parameter to use TLS 1.3) */
   SSL_CTX_use_certificate(ctx_, parent->cert_509_);
   SSL_CTX_use_PrivateKey(ctx_, parent->pkey_rsa_);
 
@@ -167,6 +171,7 @@ TLSProducerSocket::TLSProducerSocket(interface::ProducerSocket *producer_socket,
       SSL_CTX_set_ciphersuites(ctx_,
                                "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_"
                                "SHA256:TLS_AES_128_GCM_SHA256");
+
   if (result != 1) {
     throw errors::RuntimeException(
         "Unable to set cipher list on TLS subsystem. Aborting.");
@@ -184,10 +189,9 @@ TLSProducerSocket::TLSProducerSocket(interface::ProducerSocket *producer_socket,
       this, TLSProducerSocket::parseHicnKeyIdCb, NULL);
 
   ssl_ = SSL_new(ctx_);
-  /*
-   * Setup this producer socker as the bio that TLS will use to write and read
-   * data (in stream mode)
-   */
+
+  /* Setup this producer socker as the bio that TLS will use to write and read
+   * data (in stream mode) */
   BIO_METHOD *bio_meth =
       BIO_meth_new(BIO_TYPE_ACCEPT, "secure producer socket");
   BIO_meth_set_read(bio_meth, TLSProducerSocket::readOld);
@@ -197,15 +201,15 @@ TLSProducerSocket::TLSProducerSocket(interface::ProducerSocket *producer_socket,
   BIO_set_init(bio, 1);
   BIO_set_data(bio, this);
   SSL_set_bio(ssl_, bio, bio);
-  /*
-   * Set the callback so that when an interest is received we catch it and we
-   * decrypt the payload before passing it to the application.
-   */
+
+  /* Set the callback so that when an interest is received we catch it and we
+   * decrypt the payload before passing it to the application.  */
   this->ProducerSocket::setSocketOption(
       ProducerCallbacksOptions::CACHE_MISS,
       (ProducerInterestCallback)std::bind(&TLSProducerSocket::cacheMiss, this,
                                           std::placeholders::_1,
                                           std::placeholders::_2));
+
   this->ProducerSocket::setSocketOption(
       ProducerCallbacksOptions::CONTENT_PRODUCED,
       (ProducerContentCallback)bind(
@@ -213,35 +217,39 @@ TLSProducerSocket::TLSProducerSocket(interface::ProducerSocket *producer_socket,
           std::placeholders::_2, std::placeholders::_3));
 }
 
-/*
- * The producer interface is not owned by the application, so is TLSSocket task
- * to deallocate the memory
- */
+/* The producer interface is not owned by the application, so is TLSSocket task
+ * to deallocate the memory */
 TLSProducerSocket::~TLSProducerSocket() { delete producer_interface_; }
 
 void TLSProducerSocket::accept() {
-  if (SSL_in_before(ssl_) || SSL_in_init(ssl_)) {
+  HandshakeState handshake_state = getHandshakeState();
+
+  if (handshake_state == UNINITIATED || handshake_state == CLIENT_HELLO) {
     tls_chunks_ = 1;
     int result = SSL_accept(ssl_);
+
     if (result != 1)
       throw errors::RuntimeException("Unable to perform client handshake");
   }
-  TRANSPORT_LOGD("Handshake performed!");
-  parent_->list_secure_producers.push_front(
-      std::move(parent_->map_secure_producers[handshake_name_]));
-  parent_->map_secure_producers.erase(handshake_name_);
+
+  parent_->list_producers.push_front(
+      std::move(parent_->map_producers[handshake_name_]));
+  parent_->map_producers.erase(handshake_name_);
 
   ProducerInterestCallback on_interest_process_decrypted;
   getSocketOption(ProducerCallbacksOptions::CACHE_MISS,
                   on_interest_process_decrypted);
 
   if (on_interest_process_decrypted) {
-    Interest inter(std::move(packet_));
+    Interest inter(std::move(handshake_packet_));
     on_interest_process_decrypted(*getInterface(), inter);
   } else {
     throw errors::RuntimeException(
-        "On interest process unset. Unable to perform handshake");
+        "On interest process unset: unable to perform handshake");
   }
+
+  handshake_state_ = SERVER_FINISHED;
+  TRANSPORT_LOGD("Handshake performed!");
 }
 
 int TLSProducerSocket::async_accept() {
@@ -249,71 +257,88 @@ int TLSProducerSocket::async_accept() {
     async_thread_.add([this]() { this->accept(); });
   } else {
     throw errors::RuntimeException(
-        "Async thread not running, impossible to perform handshake");
+        "Async thread not running: unable to perform handshake");
   }
 
   return 1;
 }
 
 void TLSProducerSocket::onInterest(ProducerSocket &p, Interest &interest) {
-  /* Based on the state machine of (D)TLS, we know what action to do */
-  if (SSL_in_before(ssl_) || SSL_in_init(ssl_)) {
+  HandshakeState handshake_state = getHandshakeState();
+
+  if (handshake_state == UNINITIATED || handshake_state == CLIENT_HELLO) {
     std::unique_lock<std::mutex> lck(mtx_);
+
     name_ = interest.getName();
+    interest.separateHeaderPayload();
+    handshake_packet_ = interest.acquireMemBufReference();
     something_to_read_ = true;
-    packet_ = interest.acquireMemBufReference();
-    if (head_) {
-      payload_->prependChain(interest.getPayload());
-    } else {
-      payload_ = interest.getPayload();  // std::move(interest.getPayload());
-    }
+
     cv_.notify_one();
-  } else {
-    name_ = interest.getName();
-    packet_ = interest.acquireMemBufReference();
-    payload_ = interest.getPayload();
+    return;
+  } else if (handshake_state == SERVER_FINISHED) {
+    interest.separateHeaderPayload();
+    handshake_packet_ = interest.acquireMemBufReference();
     something_to_read_ = true;
 
-    if (interest.getPayload()->length() > 0)
+    if (interest.getPayload()->length() > 0) {
       SSL_read(
           ssl_,
           const_cast<unsigned char *>(interest.getPayload()->writableData()),
           interest.getPayload()->length());
-  }
+    }
+
+    ProducerInterestCallback on_interest_input_decrypted;
+    getSocketOption(ProducerCallbacksOptions::INTEREST_INPUT,
+                    on_interest_input_decrypted);
 
-  ProducerInterestCallback on_interest_input_decrypted;
-  getSocketOption(ProducerCallbacksOptions::INTEREST_INPUT,
-                  on_interest_input_decrypted);
-  if (on_interest_input_decrypted)
-    (on_interest_input_decrypted)(*getInterface(), interest);
+    if (on_interest_input_decrypted)
+      (on_interest_input_decrypted)(*getInterface(), interest);
+  }
 }
 
 void TLSProducerSocket::cacheMiss(interface::ProducerSocket &p,
                                   Interest &interest) {
-  if (SSL_in_before(ssl_) || SSL_in_init(ssl_)) {
+  HandshakeState handshake_state = getHandshakeState();
+
+  if (handshake_state == CLIENT_HELLO) {
     std::unique_lock<std::mutex> lck(mtx_);
-    name_ = interest.getName();
+
+    interest.separateHeaderPayload();
+    handshake_packet_ = interest.acquireMemBufReference();
     something_to_read_ = true;
-    packet_ = interest.acquireMemBufReference();
-    payload_ = interest.getPayload();
+    handshake_state_ = CLIENT_FINISHED;
+
     cv_.notify_one();
-  } else {
-    name_ = interest.getName();
-    packet_ = interest.acquireMemBufReference();
-    payload_ = interest.getPayload();
+  } else if (handshake_state == SERVER_FINISHED) {
+    interest.separateHeaderPayload();
+    handshake_packet_ = interest.acquireMemBufReference();
     something_to_read_ = true;
 
-    if (interest.getPayload()->length() > 0)
+    if (interest.getPayload()->length() > 0) {
       SSL_read(
           ssl_,
           const_cast<unsigned char *>(interest.getPayload()->writableData()),
           interest.getPayload()->length());
+    }
 
     if (on_interest_process_decrypted_ != VOID_HANDLER)
       on_interest_process_decrypted_(*getInterface(), interest);
   }
 }
 
+TLSProducerSocket::HandshakeState TLSProducerSocket::getHandshakeState() {
+  if (SSL_in_before(ssl_)) {
+    handshake_state_ = UNINITIATED;
+  }
+
+  if (SSL_in_init(ssl_) && handshake_state_ == UNINITIATED) {
+    handshake_state_ = CLIENT_HELLO;
+  }
+
+  return handshake_state_;
+}
+
 void TLSProducerSocket::onContentProduced(interface::ProducerSocket &p,
                                           const std::error_code &err,
                                           uint64_t bytes_written) {}
@@ -321,13 +346,13 @@ void TLSProducerSocket::onContentProduced(interface::ProducerSocket &p,
 uint32_t TLSProducerSocket::produce(Name content_name,
                                     std::unique_ptr<utils::MemBuf> &&buffer,
                                     bool is_last, uint32_t start_offset) {
-  if (SSL_in_before(ssl_) || SSL_in_init(ssl_)) {
+  if (getHandshakeState() != SERVER_FINISHED) {
     throw errors::RuntimeException(
         "New handshake on the same P2P secure producer socket not supported");
   }
+
   size_t buf_size = buffer->length();
   name_ = served_namespaces_.front().mapName(content_name);
-
   tls_chunks_ = to_call_oncontentproduced_ =
       ceil((float)buf_size / (float)SSL3_RT_MAX_PLAIN_LENGTH);
 
@@ -388,6 +413,7 @@ void TLSProducerSocket::produce(ContentObject &content_object) {
 long TLSProducerSocket::ctrl(BIO *b, int cmd, long num, void *ptr) {
   if (cmd == BIO_CTRL_FLUSH) {
   }
+
   return 1;
 }
 
@@ -397,6 +423,7 @@ int TLSProducerSocket::addHicnKeyIdCb(SSL *s, unsigned int ext_type,
                                       X509 *x, size_t chainidx, int *al,
                                       void *add_arg) {
   TLSProducerSocket *socket = reinterpret_cast<TLSProducerSocket *>(add_arg);
+
   if (ext_type == 100) {
     ip_prefix_t ip_prefix =
         socket->parent_->served_namespaces_.front().toIpPrefixStruct();
@@ -425,6 +452,7 @@ int TLSProducerSocket::addHicnKeyIdCb(SSL *s, unsigned int ext_type,
     ip_address_t keyId_component = {};
     u32 *mask_buf;
     u32 *keyId_component_buf;
+
     switch (inet_family) {
       case AF_INET:
         mask_buf = &(mask.v4.as_u32);
@@ -483,6 +511,7 @@ int TLSProducerSocket::setSocketOption(
       [this](int socket_option_key,
              ProducerInterestCallback socket_option_value) -> int {
         int result = SOCKET_OPTION_SET;
+
         switch (socket_option_key) {
           case ProducerCallbacksOptions::INTEREST_INPUT:
             on_interest_input_decrypted_ = socket_option_value;
@@ -508,6 +537,7 @@ int TLSProducerSocket::setSocketOption(
             result = SOCKET_OPTION_NOT_SET;
             break;
         }
+
         return result;
       });
 }
@@ -607,5 +637,4 @@ int TLSProducerSocket::getSocketOption(
 }
 
 }  // namespace implementation
-
 }  // namespace transport