TCP input TLS - Add TlsDecoder.

Author: BonnyAD9

src/plugins/input/tcp/CMakeLists.txt

@@ -14,6 +14,7 @@ add_library(tcp-input MODULE
     src/Plugin.cpp
     src/IpxPlugin.cpp
     src/tls/Ssl.cpp
+    src/tls/TlsDecoder.cpp
 )
 
 find_package(LibLz4 REQUIRED)

src/plugins/input/tcp/src/tls/TlsDecoder.cpp

@@ -0,0 +1,66 @@
+/**
+ * \file
+ * \author Jakub Antonín Štigler <[email protected]>
+ * \brief TLS decoder for IPFIX plugin. (source file)
+ * \date 2025
+ *
+ * Copyright: (C) 2023 CESNET, z.s.p.o.
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include "TlsDecoder.hpp"
+
+namespace tcp_in {
+namespace tls {
+
+// Size of buffer for copying data from OpenSSL to DecodeBuffer.
+constexpr std::size_t BUFFER_SIZE = 4096;
+
+TlsDecoder::TlsDecoder(SslCtx &ctx, int fd) :
+    m_ssl(ctx.create_ssl()),
+    m_buffer(BUFFER_SIZE)
+{
+    SslBio bio(BIO_s_socket());
+    bio.set_fd(fd);
+    m_ssl.set_bio(std::move(bio));
+
+    // m_ssl.set_tlsext_host_name(host); // SNI hostname
+    // m_ssl.set1_host(host); // DNS names
+
+    m_handshake_complete = m_ssl.accept();
+}
+
+DecodeBuffer &TlsDecoder::decode() {
+    if (!m_handshake_complete) {
+        m_handshake_complete = m_ssl.accept();
+        if (!m_handshake_complete) {
+            return m_decoded;
+        }
+    }
+
+    // XXX: The copy to intermidiate `m_buffer` can be avoided by extending `DecodeBuffer` to be
+    //      able to read with generic read function.
+
+    while (!m_decoded.enough_data()) {
+        auto res = m_ssl.read_ex(m_buffer);
+        m_decoded.read_from(m_buffer.data(), m_buffer.size());
+        switch (res) {
+            case ReadResult::READ:
+                break;
+            case ReadResult::WAIT:
+                return m_decoded;
+            case ReadResult::FINISHED:
+                // FIXME: properly check that the shutdown is complete.
+                m_ssl.shutdown();
+                // Intentional falltrough
+            case ReadResult::CLOSED:
+                m_decoded.signal_eof();
+                return m_decoded;
+        }
+    }
+
+    return m_decoded;
+}
+
+} // namespace tls
+} // namespace tcp_in

src/plugins/input/tcp/src/tls/TlsDecoder.hpp

@@ -0,0 +1,44 @@
+/**
+ * \file
+ * \author Jakub Antonín Štigler <[email protected]>
+ * \brief TLS decoder for IPFIX plugin. (header file)
+ * \date 2025
+ *
+ * Copyright: (C) 2023 CESNET, z.s.p.o.
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#pragma once
+
+#include <vector>
+
+#include "../Decoder.hpp"
+#include "../UniqueFd.hpp"
+#include "SslCtx.hpp"
+#include "Ssl.hpp"
+
+namespace tcp_in {
+namespace tls {
+
+// TLS content type handshake
+/** Identifies data for which `TlsDecoder` should be used. */
+constexpr std::uint8_t TLS_MAGIC = 22;
+
+/** Decoder for TLS connections. */
+class TlsDecoder : public Decoder {
+public:
+    TlsDecoder(SslCtx &ctx, int fd);
+
+    virtual DecodeBuffer &decode() override;
+
+    virtual const char *get_name() const override { return "TLS"; }
+
+private:
+    Ssl m_ssl;
+    bool m_handshake_complete = false;
+    DecodeBuffer m_decoded;
+    std::vector<std::uint8_t> m_buffer;
+};
+
+} // namespace tls
+} // namespace tcp_in