init go-msspi

Author: deemru

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "msspi"]
+	path = msspi
+	url = https://github.com/deemru/msspi.git

README.md

@@ -1 +1,24 @@
-# go-msspi
+# go-msspi
+
+[go-msspi](https://github.com/deemru/go-msspi) is an adoption of [msspi](https://github.com/deemru/msspi) to crypto/tls like interface.
+
+## Notice
+
+- This is a demo implementation
+- There are very few functions available
+
+## Installation
+
+```bash
+git clone https://github.com/deemru/go-msspi --recursive
+cd go-msspi/msspi/build_linux
+make
+cd ../..
+go test
+```
+
+## Usage
+
+- import "github.com/deemru/go-msspi"
+- before: `tls.Client(conn, &tls.Config{})`
+- after: `msspi.Client(conn, &tls.Config{})`

msspi

@@ -0,0 +1,108 @@
+package msspi
+
+/*
+#cgo LDFLAGS: -Lmsspi/build_linux -lmsspi -lstdc++ -lcrypt32
+#include "msspi/src/msspi.h"
+extern int cgo_msspi_read( void * goPointer, void * buf, int len );
+extern int cgo_msspi_write( void * goPointer, void * buf, int len );
+MSSPI_HANDLE cgo_msspi_open( void * goPointer ) {
+	return msspi_open( goPointer, (msspi_read_cb)cgo_msspi_read, (msspi_write_cb)cgo_msspi_write );
+}
+*/
+import "C"
+
+import (
+	"crypto/tls"
+	"io"
+	"net"
+	"runtime"
+	"sync"
+	"unsafe"
+
+	"github.com/mattn/go-pointer"
+)
+
+// Conn with MSSPI
+type Conn struct {
+	conn net.Conn
+	tls  *tls.Conn
+	// MSSPI
+	handle    C.MSSPI_HANDLE
+	rerr      error
+	werr      error
+	isClient  bool
+	goPointer unsafe.Pointer
+	mu        sync.Mutex
+}
+
+func (c *Conn) error() (err error) {
+	state := C.msspi_state(c.handle)
+	if state&C.MSSPI_ERROR != 0 || state&(C.MSSPI_SENT_SHUTDOWN|C.MSSPI_RECEIVED_SHUTDOWN) != 0 {
+		err = io.EOF
+	}
+	return nil
+}
+
+func (c *Conn) Read(b []byte) (int, error) {
+	n := (int)(C.msspi_read(c.handle, unsafe.Pointer(&b[0]), C.int(len(b))))
+	if n > 0 {
+		return n, nil
+	}
+	return 0, c.error()
+}
+
+func (c *Conn) Write(b []byte) (int, error) {
+	len := len(b)
+	sent := 0
+	for len > 0 {
+		n := int(C.msspi_write(c.handle, unsafe.Pointer(&b[sent]), C.int(len)))
+		if n > 0 {
+			sent += n
+			len -= n
+			continue
+		}
+
+		return sent, c.error()
+	}
+	return sent, nil
+}
+
+// Close with MSSPI
+func (c *Conn) Close() (err error) {
+	if c.handle != nil {
+		C.msspi_shutdown(c.handle);
+		pointer.Unref(c.goPointer);
+	}
+	return c.conn.Close();
+}
+
+// Finalizer with MSSPI
+func (c *Conn) Finalizer() {
+	if c.handle != nil {
+		C.msspi_close(c.handle)
+	}
+}
+
+// Client with MSSPI
+func Client(conn net.Conn, config *tls.Config) *Conn {
+	c := &Conn{conn: conn, isClient: true}
+	c.tls = tls.Client(conn, config)
+
+	c.goPointer = pointer.Save(c)
+	c.handle = C.cgo_msspi_open(c.goPointer)
+
+	if c.handle != nil {
+		C.msspi_set_client(c.handle)
+		runtime.SetFinalizer(c, (*Conn).Finalizer)
+	} else {
+		pointer.Unref(c.goPointer)
+	}
+	return c
+}
+
+// Server with MSSPI (not implemented)
+func Server(conn net.Conn, config *tls.Config) *Conn {
+	c := &Conn{conn: conn, isClient: false}
+	c.tls = tls.Server(conn, config)
+	return nil
+}

msspi.go

@@ -0,0 +1,77 @@
+package msspi
+
+/*
+#include <memory.h> // memcpy
+int cgo_msspi_read( void * goPointer, void * buf, int len );
+int cgo_msspi_write( void * goPointer, void * buf, int len );
+*/
+import "C"
+
+import (
+	"io"
+	"os"
+	"unsafe"
+
+	"github.com/mattn/go-pointer"
+)
+
+//export cgo_msspi_read
+func cgo_msspi_read(goPointer, buffer unsafe.Pointer, length C.int) C.int {
+	c := pointer.Restore(goPointer).(*Conn)
+	if c == nil {
+		return 0
+	}
+
+	b := make([]byte, length)
+	n, err := c.conn.Read(b)
+
+	// Read can be made to time out and return a net.Error with Timeout() == true
+	// after a fixed time limit; see SetDeadline and SetReadDeadline.
+
+	if n > 0 {
+		c.rerr = nil
+		C.memcpy(buffer, unsafe.Pointer(&b[0]), C.size_t(n))
+		b = C.GoBytes(buffer, C.int(n))
+		return C.int(n)
+	}
+
+	// RFC 8446, Section 6.1 suggests that EOF without an alertCloseNotify
+	// is an error, but popular web sites seem to do this, so we accept it
+	// if and only if at the record boundary.
+	if err == io.ErrUnexpectedEOF {
+		err = io.EOF
+	}
+	c.rerr = err
+	if os.IsTimeout(err) {
+		return -1
+	}
+	return 0
+}
+
+//export cgo_msspi_write
+func cgo_msspi_write(goPointer, buffer unsafe.Pointer, length C.int) C.int {
+	c := pointer.Restore(goPointer).(*Conn)
+	if c == nil {
+		return 0
+	}
+
+	b := C.GoBytes(buffer, length)
+	n, err := c.conn.Write(b)
+
+	if n > 0 {
+		c.werr = nil
+		return C.int(n)
+	}
+
+	// RFC 8446, Section 6.1 suggests that EOF without an alertCloseNotify
+	// is an error, but popular web sites seem to do this, so we accept it
+	// if and only if at the record boundary.
+	if err == io.ErrUnexpectedEOF {
+		err = io.EOF
+	}
+	c.werr = err
+	if os.IsTimeout(err) {
+		return -1
+	}
+	return 0
+}

msspi_cgo.go

@@ -0,0 +1,36 @@
+package msspi
+
+import (
+	"net"
+	"time"
+)
+
+// LocalAddr returns the local network address.
+func (c *Conn) LocalAddr() net.Addr {
+	return c.conn.LocalAddr()
+}
+
+// RemoteAddr returns the remote network address.
+func (c *Conn) RemoteAddr() net.Addr {
+	return c.conn.RemoteAddr()
+}
+
+// SetDeadline sets the read and write deadlines associated with the connection.
+// A zero value for t means Read and Write will not time out.
+// After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.
+func (c *Conn) SetDeadline(t time.Time) error {
+	return c.conn.SetDeadline(t)
+}
+
+// SetReadDeadline sets the read deadline on the underlying connection.
+// A zero value for t means Read will not time out.
+func (c *Conn) SetReadDeadline(t time.Time) error {
+	return c.conn.SetReadDeadline(t)
+}
+
+// SetWriteDeadline sets the write deadline on the underlying connection.
+// A zero value for t means Write will not time out.
+// After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.
+func (c *Conn) SetWriteDeadline(t time.Time) error {
+	return c.conn.SetWriteDeadline(t)
+}

msspi_conn.go

@@ -0,0 +1,53 @@
+package msspi
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net"
+	"strings"
+	"testing"
+	"time"
+)
+
+func TestMsspiClient(t *testing.T) {
+	for i := 0; i < 2; i++ {
+		conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%d", "tls.cryptopro.ru", 443), 2*time.Second)
+		if err != nil {
+			t.Fatalf("Unexpected error on dial: %v", err)
+		}
+		defer conn.Close()
+
+		var tlsConn net.Conn
+		if i == 0 {
+			// crypto/tls
+			tlsConn = tls.Client(conn, &tls.Config{InsecureSkipVerify: true})
+		} else {
+			// github.com/deemru/go-msspi
+			tlsConn = /*msspi.*/ Client(conn, &tls.Config{InsecureSkipVerify: true})
+		}
+		defer tlsConn.Close()
+
+		wbuf := []byte("GET / HTTP/1.1\r\nHost: tls.cryptopro.ru\r\n\r\n")
+		if wlen, err := tlsConn.Write(wbuf); wlen != len(wbuf) || err != nil {
+			t.Fatalf("Error sending: %v", err)
+		}
+
+		rbuf := make([]byte, 16384)
+		if rlen, err := tlsConn.Read(rbuf); rlen == 0 || err != nil {
+			t.Fatalf("Error reading: %v", err)
+		} else {
+			s := string(rbuf[:rlen])
+			ms := "ssl_cipher</td><td class=\"wr\"><b>"
+			me := "</b>"
+			c1 := strings.Index(s, ms)
+			if c1 == -1 {
+				t.Fatalf("Marker not found")
+			}
+			c2 := strings.Index(s[c1:], me)
+			if c2 == -1 {
+				t.Fatalf("Marker not found")
+			}
+			fmt.Printf("%v) Cipher: %v\n", i+1, string(rbuf[c1+len(ms):c1+c2]))
+		}
+	}
+}