Página inicial Explorar Ajuda
Registrar Entrar
hebinlong
/
aria2
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Tree: 3b9a385305
Branches Tags
aria2
/
src
/
AppleTLSSession.cc

AppleTLSSession.cc 20 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656 
  1. /* <!-- copyright */
    2. 

  2. /*
    3. 

  3.  * aria2 - The high speed download utility
    4. 

  4.  *
    5. 

  5.  * Copyright (C) 2013 Nils Maier
    6. 

  6.  *
    7. 

  7.  * This program is free software; you can redistribute it and/or modify
    8. 

  8.  * it under the terms of the GNU General Public License as published by
    9. 

  9.  * the Free Software Foundation; either version 2 of the License, or
    10. 

  10.  * (at your option) any later version.
    11. 

  11.  *
    12. 

  12.  * This program is distributed in the hope that it will be useful,
    13. 

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.  * GNU General Public License for more details.
    16. 

  16.  *
    17. 

  17.  * You should have received a copy of the GNU General Public License
    18. 

  18.  * along with this program; if not, write to the Free Software
    19. 

  19.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
    20. 

  20.  *
    21. 

  21.  * In addition, as a special exception, the copyright holders give
    22. 

  22.  * permission to link the code of portions of this program with the
    23. 

  23.  * OpenSSL library under certain conditions as described in each
    24. 

  24.  * individual source file, and distribute linked combinations
    25. 

  25.  * including the two.
    26. 

  26.  * You must obey the GNU General Public License in all respects
    27. 

  27.  * for all of the code used other than OpenSSL.  If you modify
    28. 

  28.  * file(s) with this exception, you may extend this exception to your
    29. 

  29.  * version of the file(s), but you are not obligated to do so.  If you
    30. 

  30.  * do not wish to do so, delete this exception statement from your
    31. 

  31.  * version.  If you delete this exception statement from all source
    32. 

  32.  * files in the program, then also delete it here.
    33. 

  33.  */
    34. 

  34. /* copyright --> */
    35. 

  35. 

  36. #include "AppleTLSSession.h"
    37. 

  37. 

  38. #include <vector>
    39. 

  39. 

  40. #include <CoreFoundation/CoreFoundation.h>
    41. 

  41. 

  42. #include "LogFactory.h"
    43. 

  43. #include "a2functional.h"
    44. 

  44. #include "fmt.h"
    45. 

  45. 

  46. #define ioErr -36
    47. 

  47. #define paramErr -50
    48. 

  48. #define errSSLServerAuthCompleted -9841
    49. 

  49. 

  50. namespace {
    51. 

  51. #if !defined(__MAC_10_8)
    52. 

  52.   static const SSLProtocol kTLSProtocol11 = (SSLProtocol)(kSSLProtocolAll + 1);
    53. 

  53.   static const SSLProtocol kTLSProtocol12 = (SSLProtocol)(kSSLProtocolAll + 2);
    54. 

  54. #endif
    55. 

  55. 

  56. #ifndef CIPHER_NO_DHPARAM
    57. 

  57.   // Diffie-Hellman params, to seed the engine instead of having it spend up
    58. 

  58.   // to 30 seconds on generating them. It should be save to share these. :p
    59. 

  59.   // This was generated using: openssl dhparam -outform DER 2048
    60. 

  60.   static const uint8_t dhparam[] =
    61. 

  61.     "\x30\x82\x01\x08\x02\x82\x01\x01\x00\x97\xea\xd0\x46\xf7\xae\xa7\x76\x80"
    62. 

  62.     "\x9c\x74\x56\x98\xd8\x56\x97\x2b\x20\x6c\x77\xe2\x82\xbb\xc8\x84\xbe\xe7"
    63. 

  63.     "\x63\xaf\xcc\x30\xd0\x67\x97\x7d\x1b\xab\x59\x30\xa9\x13\x67\x21\xd7\xd4"
    64. 

  64.     "\x0e\x46\xcf\xe5\x80\xdf\xc9\xb9\xba\x54\x9b\x46\x2f\x3b\x45\xfc\x2f\xaf"
    65. 

  65.     "\xad\xc0\x17\x56\xdd\x52\x42\x57\x45\x70\x14\xe5\xbe\x67\xaa\xde\x69\x75"
    66. 

  66.     "\x30\x0d\xf9\xa2\xc4\x63\x4d\x7a\x39\xef\x14\x62\x18\x33\x44\xa1\xf9\xc1"
    67. 

  67.     "\x52\xd1\xb6\x72\x21\x98\xf8\xab\x16\x1b\x7b\x37\x65\xe3\xc5\x11\x00\xf6"
    68. 

  68.     "\x36\x1f\xd8\x5f\xd8\x9f\x43\xa8\xce\x9d\xbf\x5e\xd6\x2d\xfa\x0a\xc2\x01"
    69. 

  69.     "\x54\xc2\xd9\x81\x54\x55\xb5\x26\xf8\x88\x37\xf5\xfe\xe0\xef\x4a\x34\x81"
    70. 

  70.     "\xdc\x5a\xb3\x71\x46\x27\xe3\xcd\x24\xf6\x1b\xf1\xe2\x0f\xc2\xa1\x39\x53"
    71. 

  71.     "\x5b\xc5\x38\x46\x8e\x67\x4c\xd9\xdd\xe4\x37\x06\x03\x16\xf1\x1d\x7a\xba"
    72. 

  72.     "\x2d\xc1\xe4\x03\x1a\x58\xe5\x29\x5a\x29\x06\x69\x61\x7a\xd8\xa9\x05\x9f"
    73. 

  73.     "\xc1\xa2\x45\x9c\x17\xad\x52\x69\x33\xdc\x18\x8d\x15\xa6\x5e\xcd\x94\xf4"
    74. 

  74.     "\x45\xbb\x9f\xc2\x7b\x85\x00\x61\xb0\x1a\xdc\x3c\x86\xaa\x9f\x5c\x04\xb3"
    75. 

  75.     "\x90\x0b\x35\x64\xff\xd9\xe3\xac\xf2\xf2\xeb\x3a\x63\x02\x01\x02";
    76. 

  76. #endif // CIPHER_NO_DHPARAM
    77. 

  77. 

  78.   static inline const char *protoToString(SSLProtocol proto) {
    79. 

  79.     switch (proto) {
    80. 

  80.       case kSSLProtocol2:
    81. 

  81.         return "SSLv2 (!)";
    82. 

  82.       case kSSLProtocol3:
    83. 

  83.         return "SSLv3";
    84. 

  84.       case kTLSProtocol1:
    85. 

  85.         return "TLSv1";
    86. 

  86.       case kTLSProtocol11:
    87. 

  87.         return "TLSv1.1";
    88. 

  88.       case kTLSProtocol12:
    89. 

  89.         return "TLSv1.2";
    90. 

  90.       default:
    91. 

  91.         return "Unknown";
    92. 

  92.     }
    93. 

  93.   }
    94. 

  94. 

  95. #define SUITE(s) { s, #s }
    96. 

  96.   static struct {
    97. 

  97.     SSLCipherSuite suite;
    98. 

  98.     const char *name;
    99. 

  99.   } kSuites[] = {
    100. 

  100.     SUITE(SSL_NULL_WITH_NULL_NULL),
    101. 

  101.     SUITE(SSL_RSA_WITH_NULL_MD5),
    102. 

  102.     SUITE(SSL_RSA_WITH_NULL_SHA),
    103. 

  103.     SUITE(SSL_RSA_EXPORT_WITH_RC4_40_MD5),
    104. 

  104.     SUITE(SSL_RSA_WITH_RC4_128_MD5),
    105. 

  105.     SUITE(SSL_RSA_WITH_RC4_128_SHA),
    106. 

  106.     SUITE(SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5),
    107. 

  107.     SUITE(SSL_RSA_WITH_IDEA_CBC_SHA),
    108. 

  108.     SUITE(SSL_RSA_EXPORT_WITH_DES40_CBC_SHA),
    109. 

  109.     SUITE(SSL_RSA_WITH_DES_CBC_SHA),
    110. 

  110.     SUITE(SSL_RSA_WITH_3DES_EDE_CBC_SHA),
    111. 

  111.     SUITE(SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA),
    112. 

  112.     SUITE(SSL_DH_DSS_WITH_DES_CBC_SHA),
    113. 

  113.     SUITE(SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA),
    114. 

  114.     SUITE(SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA),
    115. 

  115.     SUITE(SSL_DH_RSA_WITH_DES_CBC_SHA),
    116. 

  116.     SUITE(SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA),
    117. 

  117.     SUITE(SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA),
    118. 

  118.     SUITE(SSL_DHE_DSS_WITH_DES_CBC_SHA),
    119. 

  119.     SUITE(SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA),
    120. 

  120.     SUITE(SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA),
    121. 

  121.     SUITE(SSL_DHE_RSA_WITH_DES_CBC_SHA),
    122. 

  122.     SUITE(SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA),
    123. 

  123.     SUITE(SSL_DH_anon_EXPORT_WITH_RC4_40_MD5),
    124. 

  124.     SUITE(SSL_DH_anon_WITH_RC4_128_MD5),
    125. 

  125.     SUITE(SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA),
    126. 

  126.     SUITE(SSL_DH_anon_WITH_DES_CBC_SHA),
    127. 

  127.     SUITE(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA),
    128. 

  128.     SUITE(SSL_FORTEZZA_DMS_WITH_NULL_SHA),
    129. 

  129.     SUITE(SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA),
    130. 

  130.     SUITE(TLS_RSA_WITH_AES_128_CBC_SHA),
    131. 

  131.     SUITE(TLS_DH_DSS_WITH_AES_128_CBC_SHA),
    132. 

  132.     SUITE(TLS_DH_RSA_WITH_AES_128_CBC_SHA),
    133. 

  133.     SUITE(TLS_DHE_DSS_WITH_AES_128_CBC_SHA),
    134. 

  134.     SUITE(TLS_DHE_RSA_WITH_AES_128_CBC_SHA),
    135. 

  135.     SUITE(TLS_DH_anon_WITH_AES_128_CBC_SHA),
    136. 

  136.     SUITE(TLS_RSA_WITH_AES_256_CBC_SHA),
    137. 

  137.     SUITE(TLS_DH_DSS_WITH_AES_256_CBC_SHA),
    138. 

  138.     SUITE(TLS_DH_RSA_WITH_AES_256_CBC_SHA),
    139. 

  139.     SUITE(TLS_DHE_DSS_WITH_AES_256_CBC_SHA),
    140. 

  140.     SUITE(TLS_DHE_RSA_WITH_AES_256_CBC_SHA),
    141. 

  141.     SUITE(TLS_DH_anon_WITH_AES_256_CBC_SHA),
    142. 

  142.     SUITE(TLS_ECDH_ECDSA_WITH_NULL_SHA),
    143. 

  143.     SUITE(TLS_ECDH_ECDSA_WITH_RC4_128_SHA),
    144. 

  144.     SUITE(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA),
    145. 

  145.     SUITE(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA),
    146. 

  146.     SUITE(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA),
    147. 

  147.     SUITE(TLS_ECDHE_ECDSA_WITH_NULL_SHA),
    148. 

  148.     SUITE(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA),
    149. 

  149.     SUITE(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA),
    150. 

  150.     SUITE(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA),
    151. 

  151.     SUITE(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA),
    152. 

  152.     SUITE(TLS_ECDH_RSA_WITH_NULL_SHA),
    153. 

  153.     SUITE(TLS_ECDH_RSA_WITH_RC4_128_SHA),
    154. 

  154.     SUITE(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA),
    155. 

  155.     SUITE(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA),
    156. 

  156.     SUITE(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA),
    157. 

  157.     SUITE(TLS_ECDHE_RSA_WITH_NULL_SHA),
    158. 

  158.     SUITE(TLS_ECDHE_RSA_WITH_RC4_128_SHA),
    159. 

  159.     SUITE(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA),
    160. 

  160.     SUITE(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA),
    161. 

  161.     SUITE(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA),
    162. 

  162.     SUITE(TLS_ECDH_anon_WITH_NULL_SHA),
    163. 

  163.     SUITE(TLS_ECDH_anon_WITH_RC4_128_SHA),
    164. 

  164.     SUITE(SSL_RSA_WITH_RC2_CBC_MD5),
    165. 

  165.     SUITE(SSL_RSA_WITH_IDEA_CBC_MD5),
    166. 

  166.     SUITE(SSL_RSA_WITH_DES_CBC_MD5),
    167. 

  167.     SUITE(SSL_RSA_WITH_3DES_EDE_CBC_MD5),
    168. 

  168. 

  169. #if defined(__MAC_10_8)
    170. 

  170.     SUITE(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA),
    171. 

  171.     SUITE(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256),
    172. 

  172.     SUITE(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256),
    173. 

  173.     SUITE(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256),
    174. 

  174.     SUITE(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384),
    175. 

  175.     SUITE(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA),
    176. 

  176.     SUITE(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256),
    177. 

  177.     SUITE(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256),
    178. 

  178.     SUITE(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256),
    179. 

  179.     SUITE(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384),
    180. 

  180.     SUITE(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA),
    181. 

  181.     SUITE(TLS_DH_DSS_WITH_AES_128_CBC_SHA256),
    182. 

  182.     SUITE(TLS_DH_DSS_WITH_AES_128_GCM_SHA256),
    183. 

  183.     SUITE(TLS_DH_DSS_WITH_AES_256_CBC_SHA256),
    184. 

  184.     SUITE(TLS_DH_DSS_WITH_AES_256_GCM_SHA384),
    185. 

  185.     SUITE(TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA),
    186. 

  186.     SUITE(TLS_DH_RSA_WITH_AES_128_CBC_SHA256),
    187. 

  187.     SUITE(TLS_DH_RSA_WITH_AES_128_GCM_SHA256),
    188. 

  188.     SUITE(TLS_DH_RSA_WITH_AES_256_CBC_SHA256),
    189. 

  189.     SUITE(TLS_DH_RSA_WITH_AES_256_GCM_SHA384),
    190. 

  190.     SUITE(TLS_DH_anon_WITH_3DES_EDE_CBC_SHA),
    191. 

  191.     SUITE(TLS_DH_anon_WITH_AES_128_CBC_SHA256),
    192. 

  192.     SUITE(TLS_DH_anon_WITH_AES_128_GCM_SHA256),
    193. 

  193.     SUITE(TLS_DH_anon_WITH_AES_256_CBC_SHA256),
    194. 

  194.     SUITE(TLS_DH_anon_WITH_AES_256_GCM_SHA384),
    195. 

  195.     SUITE(TLS_DH_anon_WITH_RC4_128_MD5),
    196. 

  196.     SUITE(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256),
    197. 

  197.     SUITE(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256),
    198. 

  198.     SUITE(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384),
    199. 

  199.     SUITE(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384),
    200. 

  200.     SUITE(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256),
    201. 

  201.     SUITE(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256),
    202. 

  202.     SUITE(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384),
    203. 

  203.     SUITE(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384),
    204. 

  204.     SUITE(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256),
    205. 

  205.     SUITE(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256),
    206. 

  206.     SUITE(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384),
    207. 

  207.     SUITE(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384),
    208. 

  208.     SUITE(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256),
    209. 

  209.     SUITE(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256),
    210. 

  210.     SUITE(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384),
    211. 

  211.     SUITE(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384),
    212. 

  212.     SUITE(TLS_EMPTY_RENEGOTIATION_INFO_SCSV),
    213. 

  213.     SUITE(TLS_NULL_WITH_NULL_NULL),
    214. 

  214.     SUITE(TLS_RSA_WITH_3DES_EDE_CBC_SHA),
    215. 

  215.     SUITE(TLS_RSA_WITH_AES_128_CBC_SHA256),
    216. 

  216.     SUITE(TLS_RSA_WITH_AES_128_GCM_SHA256),
    217. 

  217.     SUITE(TLS_RSA_WITH_AES_256_CBC_SHA256),
    218. 

  218.     SUITE(TLS_RSA_WITH_AES_256_GCM_SHA384),
    219. 

  219.     SUITE(TLS_RSA_WITH_NULL_MD5),
    220. 

  220.     SUITE(TLS_RSA_WITH_NULL_SHA),
    221. 

  221.     SUITE(TLS_RSA_WITH_NULL_SHA256),
    222. 

  222.     SUITE(TLS_RSA_WITH_RC4_128_MD5),
    223. 

  223.     SUITE(TLS_RSA_WITH_RC4_128_SHA),
    224. 

  224. #endif
    225. 

  225. 

  226.     SUITE(SSL_NO_SUCH_CIPHERSUITE)
    227. 

  227.   };
    228. 

  228. #undef SUITE
    229. 

  229. 

  230.   static inline const char* suiteToString(const SSLCipherSuite suite)
    231. 

  231.   {
    232. 

  232.     for (auto & s : kSuites) {
    233. 

  233.       if (s.suite == suite) {
    234. 

  234.         return s.name;
    235. 

  235.       }
    236. 

  236.     }
    237. 

  237.     return "Unknown suite";
    238. 

  238.   }
    239. 

  239. 

  240.   static const char* kBlocked[] = {
    241. 

  241.     "NULL", "anon", "MD5", "EXPORT", "DES", "IDEA", "NO_SUCH", "EMPTY"
    242. 

  242.   };
    243. 

  243. 

  244.   static inline bool isBlockedSuite(SSLCipherSuite suite)
    245. 

  245.   {
    246. 

  246.     const char* name = suiteToString(suite);
    247. 

  247.     for (auto& blocked : kBlocked) {
    248. 

  248.       if (strstr(name, blocked)) {
    249. 

  249.         return true;
    250. 

  250.       }
    251. 

  251.     }
    252. 

  252.     return false;
    253. 

  253.   }
    254. 

  254. 

  255.   typedef std::vector<SSLCipherSuite> SSLCipherSuiteList;
    256. 

  256.   static SSLCipherSuiteList constructEnabledSuites(SSLContextRef ctx)
    257. 

  257.   {
    258. 

  258. #ifndef CIPHER_CONSTRUCT_ALWAYS
    259. 

  259.     static
    260. 

  260. #endif
    261. 

  261.     SSLCipherSuiteList rv(0);
    262. 

  262. 

  263. #ifndef CIPHER_CONSTRUCT_ALWAYS
    264. 

  264.     if (!rv.empty()) {
    265. 

  265.       return rv;
    266. 

  266.     }
    267. 

  267. #endif
    268. 

  268. 

  269.     size_t supported = 0;
    270. 

  270.     OSStatus err = SSLGetNumberSupportedCiphers(ctx, &supported);
    271. 

  271.     if (err != noErr || !supported) {
    272. 

  272.       return rv;
    273. 

  273.     }
    274. 

  274. 

  275.     rv.resize(supported, SSL_NO_SUCH_CIPHERSUITE);
    276. 

  276.     err = SSLGetSupportedCiphers(ctx, &rv[0], &supported);
    277. 

  277.     if (err != noErr || !supported) {
    278. 

  278.       rv.clear();
    279. 

  279.       return rv;
    280. 

  280.     }
    281. 

  281. 

  282.     rv.erase(std::remove_if(rv.begin(), rv.end(), isBlockedSuite), rv.end());
    283. 

  283.     return rv;
    284. 

  284.   }
    285. 

  285. }
    286. 

  286. 

  287. namespace aria2 {
    288. 

  288. 

  289. TLSSession* TLSSession::make(TLSContext* ctx)
    290. 

  290. {
    291. 

  291.   return new AppleTLSSession(static_cast<AppleTLSContext*>(ctx));
    292. 

  292. }
    293. 

  293. 

  294. AppleTLSSession::AppleTLSSession(AppleTLSContext* ctx)
    295. 

  295.   : sslCtx_(nullptr),
    296. 

  296.     sockfd_(0),
    297. 

  297.     state_(st_constructed),
    298. 

  298.     lastError_(noErr),
    299. 

  299.     writeBuffered_(0)
    300. 

  300. {
    301. 

  301.   lastError_ = SSLNewContext(ctx->getSide() == TLS_SERVER, &sslCtx_) == noErr;
    302. 

  302.   if (lastError_ == noErr) {
    303. 

  303.     state_ = st_error;
    304. 

  304.     return;
    305. 

  305.   }
    306. 

  306. #if defined(__MAC_10_8)
    307. 

  307.   (void)SSLSetProtocolVersionMin(sslCtx_, kSSLProtocol3);
    308. 

  308.   (void)SSLSetProtocolVersionMax(sslCtx_, kTLSProtocol12);
    309. 

  309. #else
    310. 

  310.   (void)SSLSetProtocolVersionEnabled(sslCtx_, kSSLProtocolAll, false);
    311. 

  311.   (void)SSLSetProtocolVersionEnabled(sslCtx_, kSSLProtocol3, true);
    312. 

  312.   (void)SSLSetProtocolVersionEnabled(sslCtx_, kTLSProtocol1, true);
    313. 

  313.   (void)SSLSetProtocolVersionEnabled(sslCtx_, kTLSProtocol11, true);
    314. 

  314.   (void)SSLSetProtocolVersionEnabled(sslCtx_, kTLSProtocol12, true);
    315. 

  315. #endif
    316. 

  316. 

  317.   (void)SSLSetEnableCertVerify(sslCtx_, ctx->getVerifyPeer());
    318. 

  318. 

  319. #ifndef CIPHER_ENABLE_ALL
    320. 

  320.   SSLCipherSuiteList enabled = constructEnabledSuites(sslCtx_);
    321. 

  321.   if (enabled.empty()) {
    322. 

  322.     A2_LOG_ERROR("AppleTLS: Failed to construct enabled ciphers list");
    323. 

  323.     state_ = st_error;
    324. 

  324.     return;
    325. 

  325.   }
    326. 

  326.   for (const auto& suite: enabled) {
    327. 

  327.     A2_LOG_INFO(fmt("AppleTLS: Enabled suite %s", suiteToString(suite)));
    328. 

  328.   }
    329. 

  329.   if (SSLSetEnabledCiphers(sslCtx_, &enabled[0], enabled.size()) != noErr) {
    330. 

  330.     A2_LOG_ERROR("AppleTLS: Failed to set enabled ciphers list");
    331. 

  331.     state_ = st_error;
    332. 

  332.     return;
    333. 

  333.   }
    334. 

  334. #endif
    335. 

  335. 

  336.   SecIdentityRef creds = ctx->getCredentials();
    337. 

  337.   if (!creds) {
    338. 

  338.     if (ctx->getSide() != TLS_SERVER) {
    339. 

  339.       // Done with client-only initialization
    340. 

  340.       return;
    341. 

  341.     }
    342. 

  342. 

  343.     A2_LOG_ERROR("AppleTLS: No credentials");
    344. 

  344.     state_ = st_error;
    345. 

  345.     return;
    346. 

  346.   }
    347. 

  347.   CFArrayRef certs = CFArrayCreate(nullptr, (const void**)&creds, 1, nullptr);
    348. 

  348.   if (!certs) {
    349. 

  349.     A2_LOG_ERROR("AppleTLS: Failed to setup credentials");
    350. 

  350.     state_ = st_error;
    351. 

  351.     return;
    352. 

  352.   }
    353. 

  353.   std::unique_ptr<void, decltype(&CFRelease)> del_certs((void*)certs, CFRelease);
    354. 

  354.   lastError_ = SSLSetCertificate(sslCtx_, certs);
    355. 

  355.   if (lastError_ != noErr) {
    356. 

  356.     A2_LOG_ERROR(fmt("AppleTLS: Failed to set credentials: %s", getLastErrorString().c_str()));
    357. 

  357.     state_ = st_error;
    358. 

  358.     return;
    359. 

  359.   }
    360. 

  360. 

  361. #ifndef CIPHER_NO_DHPARAM
    362. 

  362.   lastError_ = SSLSetDiffieHellmanParams(sslCtx_, dhparam, sizeof(dhparam));
    363. 

  363.   if (lastError_ != noErr) {
    364. 

  364.     A2_LOG_WARN(fmt("AppleTLS: Failed to set DHParams: %s", getLastErrorString().c_str()));
    365. 

  365.     // Engine will still generate some for us, so this is no problem, except
    366. 

  366.     // it will take longer.
    367. 

  367.   }
    368. 

  368. #endif // CIPHER_NO_DHPARAM
    369. 

  369. }
    370. 

  370. 

  371. AppleTLSSession::~AppleTLSSession()
    372. 

  372. {
    373. 

  373.   closeConnection();
    374. 

  374.   if (sslCtx_) {
    375. 

  375.     SSLDisposeContext(sslCtx_);
    376. 

  376.     sslCtx_ = nullptr;
    377. 

  377.   }
    378. 

  378.   state_ = st_error;
    379. 

  379. }
    380. 

  380. 

  381. int AppleTLSSession::init(sock_t sockfd)
    382. 

  382. {
    383. 

  383.   if (state_ != st_constructed) {
    384. 

  384.     lastError_ = noErr;
    385. 

  385.     return TLS_ERR_ERROR;
    386. 

  386.   }
    387. 

  387.   lastError_ = SSLSetIOFuncs(sslCtx_, SocketRead, SocketWrite);
    388. 

  388.   if (lastError_ != noErr) {
    389. 

  389.     state_ = st_error;
    390. 

  390.     return TLS_ERR_ERROR;
    391. 

  391.   }
    392. 

  392.   lastError_ = SSLSetConnection(sslCtx_, this);
    393. 

  393.   if (lastError_ != noErr) {
    394. 

  394.     state_ = st_error;
    395. 

  395.     return TLS_ERR_ERROR;
    396. 

  396.   }
    397. 

  397.   sockfd_ = sockfd;
    398. 

  398.   state_ = st_initialized;
    399. 

  399.   return TLS_ERR_OK;
    400. 

  400. }
    401. 

  401. 

  402. int AppleTLSSession::setSNIHostname(const std::string& hostname)
    403. 

  403. {
    404. 

  404.   if (state_ != st_initialized) {
    405. 

  405.     lastError_ = noErr;
    406. 

  406.     return TLS_ERR_ERROR;
    407. 

  407.   }
    408. 

  408.   lastError_ = SSLSetPeerDomainName(sslCtx_, hostname.c_str(), hostname.length());
    409. 

  409.   return (lastError_ != noErr) ? TLS_ERR_ERROR : TLS_ERR_OK;
    410. 

  410. }
    411. 

  411. 

  412. int AppleTLSSession::closeConnection()
    413. 

  413. {
    414. 

  414.   if (state_ != st_connected) {
    415. 

  415.     lastError_ = noErr;
    416. 

  416.     return TLS_ERR_ERROR;
    417. 

  417.   }
    418. 

  418.   lastError_ = SSLClose(sslCtx_);
    419. 

  419.   state_ = st_closed;
    420. 

  420.   return lastError_ == noErr ?  TLS_ERR_OK : TLS_ERR_ERROR;
    421. 

  421. }
    422. 

  422. 

  423. int AppleTLSSession::checkDirection() {
    424. 

  424.   // See: https://github.com/tatsuhiro-t/aria2/pull/61#issuecomment-16051793
    425. 

  425.   if (state_ == st_connected) {
    426. 

  426.     // Need to check read first, as SocketCore kinda expects this
    427. 

  427.     size_t buffered;
    428. 

  428.     lastError_ = SSLGetBufferedReadSize(sslCtx_, &buffered);
    429. 

  429.     if (lastError_ == noErr && buffered) {
    430. 

  430.       return TLS_WANT_READ;
    431. 

  431.     }
    432. 

  432.   }
    433. 

  433. 

  434.   if (writeBuffered_) {
    435. 

  435.     return TLS_WANT_WRITE;
    436. 

  436.   }
    437. 

  437. 

  438.   // Default to WANT_READ, as SocketCore kinda expects this
    439. 

  439.   return TLS_WANT_READ;
    440. 

  440. }
    441. 

  441. 

  442. ssize_t AppleTLSSession::writeData(const void* data, size_t len)
    443. 

  443. {
    444. 

  444.   if (state_ != st_connected) {
    445. 

  445.     lastError_ = noErr;
    446. 

  446.     return TLS_ERR_ERROR;
    447. 

  447.   }
    448. 

  448.   size_t processed = 0;
    449. 

  449.   if (writeBuffered_) {
    450. 

  450.     lastError_ = SSLWrite(sslCtx_, nullptr, 0, &processed);
    451. 

  451.     switch (lastError_) {
    452. 

  452.       case noErr:
    453. 

  453.         processed = writeBuffered_;
    454. 

  454.         writeBuffered_ = 0;
    455. 

  455.         return processed;
    456. 

  456.       case errSSLWouldBlock:
    457. 

  457.         return TLS_ERR_WOULDBLOCK;
    458. 

  458.       case errSSLClosedGraceful:
    459. 

  459.       case errSSLClosedNoNotify:
    460. 

  460.         closeConnection();
    461. 

  461.         return TLS_ERR_ERROR;
    462. 

  462.       default:
    463. 

  463.         closeConnection();
    464. 

  464.         state_ = st_error;
    465. 

  465.         return TLS_ERR_ERROR;
    466. 

  466.     }
    467. 

  467.   }
    468. 

  468. 

  469.   lastError_ = SSLWrite(sslCtx_, data, len, &processed);
    470. 

  470.   switch (lastError_) {
    471. 

  471.     case noErr:
    472. 

  472.       return processed;
    473. 

  473.     case errSSLWouldBlock:
    474. 

  474.       writeBuffered_ = len;
    475. 

  475.       return TLS_ERR_WOULDBLOCK;
    476. 

  476.     case errSSLClosedGraceful:
    477. 

  477.     case errSSLClosedNoNotify:
    478. 

  478.       closeConnection();
    479. 

  479.       return TLS_ERR_ERROR;
    480. 

  480.     default:
    481. 

  481.       closeConnection();
    482. 

  482.       state_ = st_error;
    483. 

  483.       return TLS_ERR_ERROR;
    484. 

  484.   }
    485. 

  485. }
    486. 

  486. OSStatus AppleTLSSession::sockWrite(const void* data, size_t* len)
    487. 

  487. {
    488. 

  488.   size_t remain = *len;
    489. 

  489.   const uint8_t *buffer = static_cast<const uint8_t*>(data);
    490. 

  490.   *len = 0;
    491. 

  491.   while (remain) {
    492. 

  492.     ssize_t w = write(sockfd_, buffer, remain);
    493. 

  493.     if (w <= 0) {
    494. 

  494.       switch (errno) {
    495. 

  495.         case EAGAIN:
    496. 

  496.           return errSSLWouldBlock;
    497. 

  497.         default:
    498. 

  498.           return errSSLClosedAbort;
    499. 

  499.       }
    500. 

  500.     }
    501. 

  501.     remain -= w;
    502. 

  502.     buffer += w;
    503. 

  503.     *len += w;
    504. 

  504.   }
    505. 

  505.   return noErr;
    506. 

  506. }
    507. 

  507. ssize_t AppleTLSSession::readData(void* data, size_t len)
    508. 

  508. {
    509. 

  509.   if (state_ != st_connected) {
    510. 

  510.     lastError_ = noErr;
    511. 

  511.     return TLS_ERR_ERROR;
    512. 

  512.   }
    513. 

  513.   size_t processed = 0;
    514. 

  514.   lastError_ = SSLRead(sslCtx_, data, len, &processed);
    515. 

  515.   switch (lastError_) {
    516. 

  516.     case noErr:
    517. 

  517.       return processed;
    518. 

  518.     case errSSLWouldBlock:
    519. 

  519.       if (processed) {
    520. 

  520.         return processed;
    521. 

  521.       }
    522. 

  522.       return TLS_ERR_WOULDBLOCK;
    523. 

  523.     case errSSLClosedGraceful:
    524. 

  524.     case errSSLClosedNoNotify:
    525. 

  525.       closeConnection();
    526. 

  526.       return TLS_ERR_ERROR;
    527. 

  527.     default:
    528. 

  528.       closeConnection();
    529. 

  529.       state_ = st_error;
    530. 

  530.       return TLS_ERR_ERROR;
    531. 

  531.   }
    532. 

  532. }
    533. 

  533. 

  534. OSStatus AppleTLSSession::sockRead(void* data, size_t* len)
    535. 

  535. {
    536. 

  536.   size_t remain = *len;
    537. 

  537.   uint8_t *buffer = static_cast<uint8_t*>(data);
    538. 

  538.   *len = 0;
    539. 

  539.   while (remain) {
    540. 

  540.     ssize_t r = read(sockfd_, buffer, remain);
    541. 

  541.     if (r == 0) {
    542. 

  542.       return errSSLClosedGraceful;
    543. 

  543.     }
    544. 

  544.     if (r < 0) {
    545. 

  545.       switch (errno) {
    546. 

  546.         case ENOENT:
    547. 

  547.           return errSSLClosedGraceful;
    548. 

  548.         case ECONNRESET:
    549. 

  549.           return errSSLClosedAbort;
    550. 

  550.         case EAGAIN:
    551. 

  551.           return errSSLWouldBlock;
    552. 

  552.         default:
    553. 

  553.           return errSSLClosedAbort;
    554. 

  554.       }
    555. 

  555.     }
    556. 

  556.     remain -= r;
    557. 

  557.     buffer += r;
    558. 

  558.     *len += r;
    559. 

  559.   }
    560. 

  560.   return noErr;
    561. 

  561. }
    562. 

  562. 

  563. int AppleTLSSession::tlsConnect(const std::string& hostname, std::string& handshakeErr)
    564. 

  564. {
    565. 

  565.   if (state_ != st_initialized) {
    566. 

  566.     return TLS_ERR_ERROR;
    567. 

  567.   }
    568. 

  568.   if (!hostname.empty()) {
    569. 

  569.     setSNIHostname(hostname);
    570. 

  570.   }
    571. 

  571.   lastError_ = SSLHandshake(sslCtx_);
    572. 

  572.   switch (lastError_) {
    573. 

  573.     case noErr:
    574. 

  574.       break;
    575. 

  575.     case errSSLWouldBlock:
    576. 

  576.       return TLS_ERR_WOULDBLOCK;
    577. 

  577.     case errSSLServerAuthCompleted:
    578. 

  578.       return tlsConnect(hostname, handshakeErr);
    579. 

  579.     default:
    580. 

  580.       handshakeErr = getLastErrorString();
    581. 

  581.       return TLS_ERR_ERROR;
    582. 

  582.   }
    583. 

  583.   state_ = st_connected;
    584. 

  584. 

  585.   SSLProtocol proto = kSSLProtocolUnknown;
    586. 

  586.   (void)SSLGetNegotiatedProtocolVersion(sslCtx_, &proto);
    587. 

  587.   SSLCipherSuite suite = SSL_NO_SUCH_CIPHERSUITE;
    588. 

  588.   (void)SSLGetNegotiatedCipher(sslCtx_, &suite);
    589. 

  589.   A2_LOG_INFO(fmt("AppleTLS: Connected to %s with %s (%s)",
    590. 

  590.                   hostname.c_str(),
    591. 

  591.                   protoToString(proto),
    592. 

  592.                   suiteToString(suite)));
    593. 

  593. 

  594.   return TLS_ERR_OK;
    595. 

  595. }
    596. 

  596. 

  597. int AppleTLSSession::tlsAccept()
    598. 

  598. {
    599. 

  599.   std::string hostname, err;
    600. 

  600.   return tlsConnect(hostname, err);
    601. 

  601. }
    602. 

  602. 

  603. std::string AppleTLSSession::getLastErrorString()
    604. 

  604. {
    605. 

  605.   switch (lastError_) {
    606. 

  606.     case errSSLProtocol:
    607. 

  607.       return "Protocol error";
    608. 

  608.     case errSSLNegotiation:
    609. 

  609.       return "No common cipher suites";
    610. 

  610.     case errSSLFatalAlert:
    611. 

  611.       return "Received fatal alert";
    612. 

  612.     case errSSLSessionNotFound:
    613. 

  613.       return "Unknown session";
    614. 

  614.     case errSSLClosedGraceful:
    615. 

  615.       return "Closed gracefully";
    616. 

  616.     case errSSLClosedAbort:
    617. 

  617.       return "Connection aborted";
    618. 

  618.     case errSSLXCertChainInvalid:
    619. 

  619.       return "Invalid certificate chain";
    620. 

  620.     case errSSLBadCert:
    621. 

  621.       return "Invalid certificate format";
    622. 

  622.     case errSSLCrypto:
    623. 

  623.       return "Cryptographic error";
    624. 

  624.     case paramErr:
    625. 

  625.     case errSSLInternal:
    626. 

  626.       return "Internal SSL error";
    627. 

  627.     case errSSLUnknownRootCert:
    628. 

  628.       return "Self-signed certificate";
    629. 

  629.     case errSSLNoRootCert:
    630. 

  630.       return "No root certificate";
    631. 

  631.     case errSSLCertExpired:
    632. 

  632.       return "Certificate expired";
    633. 

  633.     case errSSLCertNotYetValid:
    634. 

  634.       return "Certificate not yet valid";
    635. 

  635.     case errSSLClosedNoNotify:
    636. 

  636.       return "Closed without notification";
    637. 

  637.     case errSSLBufferOverflow:
    638. 

  638.       return "Buffer not large enough";
    639. 

  639.     case errSSLBadCipherSuite:
    640. 

  640.       return "Bad cipher suite";
    641. 

  641.     case errSSLPeerUnexpectedMsg:
    642. 

  642.       return "Unexpected peer message";
    643. 

  643.     case errSSLPeerBadRecordMac:
    644. 

  644.       return "Bad MAC";
    645. 

  645.     case errSSLPeerDecryptionFail:
    646. 

  646.       return "Decryption failure";
    647. 

  647.     case errSSLHostNameMismatch:
    648. 

  648.       return "Invalid hostname";
    649. 

  649.     case errSSLConnectionRefused:
    650. 

  650.       return "Connection refused";
    651. 

  651.     default:
    652. 

  652.       return fmt("Unspecified error %d", lastError_);
    653. 

  653.   }
    654. 

  654. }
    655. 

  655. 

  656. }
    657.