Startseite Erkunden Hilfe
Registrieren Anmelden
hebinlong
/
aria2
1
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Struktur: c5c38bf3a4
Branches Tags
aria2
/
src
/
WinTLSSession.cc

WinTLSSession.cc 26 KB
Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881 
  1. /* <!-- copyright */
    2. 

  2. /*
    3. 

  3.  * aria2 - The high speed download utility
    4. 

  4.  *
    5. 

  5.  * Copyright (C) 2013 Nils Maier
    6. 

  6.  *
    7. 

  7.  * This program is free software; you can redistribute it and/or modify
    8. 

  8.  * it under the terms of the GNU General Public License as published by
    9. 

  9.  * the Free Software Foundation; either version 2 of the License, or
    10. 

  10.  * (at your option) any later version.
    11. 

  11.  *
    12. 

  12.  * This program is distributed in the hope that it will be useful,
    13. 

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.  * GNU General Public License for more details.
    16. 

  16.  *
    17. 

  17.  * You should have received a copy of the GNU General Public License
    18. 

  18.  * along with this program; if not, write to the Free Software
    19. 

  19.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
    20. 

  20.  *
    21. 

  21.  * In addition, as a special exception, the copyright holders give
    22. 

  22.  * permission to link the code of portions of this program with the
    23. 

  23.  * OpenSSL library under certain conditions as described in each
    24. 

  24.  * individual source file, and distribute linked combinations
    25. 

  25.  * including the two.
    26. 

  26.  * You must obey the GNU General Public License in all respects
    27. 

  27.  * for all of the code used other than OpenSSL.  If you modify
    28. 

  28.  * file(s) with this exception, you may extend this exception to your
    29. 

  29.  * version of the file(s), but you are not obligated to do so.  If you
    30. 

  30.  * do not wish to do so, delete this exception statement from your
    31. 

  31.  * version.  If you delete this exception statement from all source
    32. 

  32.  * files in the program, then also delete it here.
    33. 

  33.  */
    34. 

  34. /* copyright --> */
    35. 

  35. 

  36. #include "WinTLSSession.h"
    37. 

  37. 

  38. #include <cassert>
    39. 

  39. #include <sstream>
    40. 

  40. 

  41. #include "LogFactory.h"
    42. 

  42. #include "a2functional.h"
    43. 

  43. #include "fmt.h"
    44. 

  44. #include "util.h"
    45. 

  45. 

  46. #ifndef SECBUFFER_ALERT
    47. 

  47. #define SECBUFFER_ALERT 17
    48. 

  48. #endif
    49. 

  49. 

  50. #ifndef SZ_ALG_MAX_SIZE
    51. 

  51. #define SZ_ALG_MAX_SIZE 64
    52. 

  52. #endif
    53. 

  53. #ifndef SECPKGCONTEXT_CIPHERINFO_V1
    54. 

  54. #define SECPKGCONTEXT_CIPHERINFO_V1 1
    55. 

  55. #endif
    56. 

  56. #ifndef SECPKG_ATTR_CIPHER_INFO
    57. 

  57. #define SECPKG_ATTR_CIPHER_INFO 0x64
    58. 

  58. #endif
    59. 

  59. 

  60. namespace {
    61. 

  61. using namespace aria2;
    62. 

  62. 

  63. struct WinSecPkgContext_CipherInfo
    64. 

  64. {
    65. 

  65.   DWORD dwVersion;
    66. 

  66.   DWORD dwProtocol;
    67. 

  67.   DWORD dwCipherSuite;
    68. 

  68.   DWORD dwBaseCipherSuite;
    69. 

  69.   WCHAR szCipherSuite[SZ_ALG_MAX_SIZE];
    70. 

  70.   WCHAR szCipher[SZ_ALG_MAX_SIZE];
    71. 

  71.   DWORD dwCipherLen;
    72. 

  72.   DWORD dwCipherBlockLen; // in bytes
    73. 

  73.   WCHAR szHash[SZ_ALG_MAX_SIZE];
    74. 

  74.   DWORD dwHashLen;
    75. 

  75.   WCHAR szExchange[SZ_ALG_MAX_SIZE];
    76. 

  76.   DWORD dwMinExchangeLen;
    77. 

  77.   DWORD dwMaxExchangeLen;
    78. 

  78.   WCHAR szCertificate[SZ_ALG_MAX_SIZE];
    79. 

  79.   DWORD dwKeyType;
    80. 

  80. };
    81. 

  81. 

  82. static const ULONG kReqFlags =
    83. 

  83.     ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT | ISC_REQ_CONFIDENTIALITY |
    84. 

  84.     ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_USE_SUPPLIED_CREDS | ISC_REQ_STREAM;
    85. 

  85. 

  86. static const ULONG kReqAFlags =
    87. 

  87.     ASC_REQ_SEQUENCE_DETECT | ASC_REQ_REPLAY_DETECT | ASC_REQ_CONFIDENTIALITY |
    88. 

  88.     ASC_REQ_EXTENDED_ERROR | ASC_REQ_ALLOCATE_MEMORY | ASC_REQ_STREAM;
    89. 

  89. 

  90. class TLSBuffer : public ::SecBuffer
    91. 

  91. {
    92. 

  92. public:
    93. 

  93.   explicit TLSBuffer(ULONG type, ULONG size, void* data)
    94. 

  94.   {
    95. 

  95.     cbBuffer = size;
    96. 

  96.     BufferType = type;
    97. 

  97.     pvBuffer = data;
    98. 

  98.   }
    99. 

  99. };
    100. 

  100. 

  101. class TLSBufferDesc : public ::SecBufferDesc
    102. 

  102. {
    103. 

  103. public:
    104. 

  104.   explicit TLSBufferDesc(SecBuffer* arr, ULONG buffers)
    105. 

  105.   {
    106. 

  106.     ulVersion = SECBUFFER_VERSION;
    107. 

  107.     cBuffers = buffers;
    108. 

  108.     pBuffers = arr;
    109. 

  109.   }
    110. 

  110. };
    111. 

  111. 

  112. inline static std::string getCipherSuite(CtxtHandle* handle)
    113. 

  113. {
    114. 

  114.   WinSecPkgContext_CipherInfo info = {SECPKGCONTEXT_CIPHERINFO_V1};
    115. 

  115.   if (QueryContextAttributes(handle, SECPKG_ATTR_CIPHER_INFO, &info) ==
    116. 

  116.       SEC_E_OK) {
    117. 

  117.     return wCharToUtf8(info.szCipherSuite);
    118. 

  118.   }
    119. 

  119.   return "Unknown";
    120. 

  120. }
    121. 

  121. 

  122. inline static uint32_t getProtocolVersion(CtxtHandle* handle)
    123. 

  123. {
    124. 

  124.   WinSecPkgContext_CipherInfo info = {SECPKGCONTEXT_CIPHERINFO_V1};
    125. 

  125.   if (QueryContextAttributes(handle, SECPKG_ATTR_CIPHER_INFO, &info) ==
    126. 

  126.       SEC_E_OK) {
    127. 

  127.     return info.dwProtocol;
    128. 

  128.   }
    129. 

  129.   // XXX Assume the best?!
    130. 

  130.   return std::numeric_limits<uint32_t>::max();
    131. 

  131. }
    132. 

  132. 

  133. } // namespace
    134. 

  134. 

  135. namespace aria2 {
    136. 

  136. 

  137. TLSSession* TLSSession::make(TLSContext* ctx)
    138. 

  138. {
    139. 

  139.   return new WinTLSSession(static_cast<WinTLSContext*>(ctx));
    140. 

  140. }
    141. 

  141. 

  142. WinTLSSession::WinTLSSession(WinTLSContext* ctx)
    143. 

  143.   : sockfd_(0),
    144. 

  144.     side_(ctx->getSide()),
    145. 

  145.     cred_(ctx->getCredHandle()),
    146. 

  146.     writeBuffered_(0),
    147. 

  147.     state_(st_constructed),
    148. 

  148.     status_(SEC_E_OK)
    149. 

  149. {
    150. 

  150.   memset(&handle_, 0, sizeof(handle_));
    151. 

  151. }
    152. 

  152. 

  153. WinTLSSession::~WinTLSSession()
    154. 

  154. {
    155. 

  155.   ::DeleteSecurityContext(&handle_);
    156. 

  156.   state_ = st_error;
    157. 

  157. }
    158. 

  158. 

  159. int WinTLSSession::init(sock_t sockfd)
    160. 

  160. {
    161. 

  161.   if (state_ != st_constructed) {
    162. 

  162.     status_ = SEC_E_INVALID_HANDLE;
    163. 

  163.     return TLS_ERR_ERROR;
    164. 

  164.   }
    165. 

  165.   sockfd_ = sockfd;
    166. 

  166.   state_ = st_initialized;
    167. 

  167. 

  168.   return TLS_ERR_OK;
    169. 

  169. }
    170. 

  170. 

  171. int WinTLSSession::setSNIHostname(const std::string& hostname)
    172. 

  172. {
    173. 

  173.   if (state_ != st_initialized) {
    174. 

  174.     status_ = SEC_E_INVALID_HANDLE;
    175. 

  175.     return TLS_ERR_ERROR;
    176. 

  176.   }
    177. 

  177.   hostname_ = hostname;
    178. 

  178.   return TLS_ERR_OK;
    179. 

  179. }
    180. 

  180. 

  181. int WinTLSSession::closeConnection()
    182. 

  182. {
    183. 

  183.   if (state_ != st_connected && state_ != st_closing) {
    184. 

  184.     if (state_ != st_error) {
    185. 

  185.       status_ = SEC_E_INVALID_HANDLE;
    186. 

  186.       state_ = st_error;
    187. 

  187.     }
    188. 

  188.     A2_LOG_DEBUG("WinTLS: Cannot close connection");
    189. 

  189.     return TLS_ERR_ERROR;
    190. 

  190.   }
    191. 

  191. 

  192.   if (state_ == st_connected) {
    193. 

  193.     A2_LOG_DEBUG("WinTLS: Closing connection");
    194. 

  194.     state_ = st_closing;
    195. 

  195. 

  196.     DWORD dwShut = SCHANNEL_SHUTDOWN;
    197. 

  197.     TLSBuffer shut(SECBUFFER_TOKEN, sizeof(dwShut), &dwShut);
    198. 

  198.     TLSBufferDesc shutDesc(&shut, 1);
    199. 

  199.     status_ = ::ApplyControlToken(&handle_, &shutDesc);
    200. 

  200.     if (status_ != SEC_E_OK) {
    201. 

  201.       state_ = st_error;
    202. 

  202.       return TLS_ERR_ERROR;
    203. 

  203.     }
    204. 

  204.     TLSBuffer ctx(SECBUFFER_EMPTY, 0, nullptr);
    205. 

  205.     TLSBufferDesc desc(&ctx, 1);
    206. 

  206.     ULONG flags = 0;
    207. 

  207.     if (side_ == TLS_CLIENT) {
    208. 

  208.       SEC_CHAR* host = hostname_.empty() ?
    209. 

  209.                            nullptr :
    210. 

  210.                            const_cast<SEC_CHAR*>(hostname_.c_str());
    211. 

  211.       status_ = ::InitializeSecurityContext(cred_,
    212. 

  212.                                             &handle_,
    213. 

  213.                                             host,
    214. 

  214.                                             kReqFlags,
    215. 

  215.                                             0,
    216. 

  216.                                             0,
    217. 

  217.                                             nullptr,
    218. 

  218.                                             0,
    219. 

  219.                                             &handle_,
    220. 

  220.                                             &desc,
    221. 

  221.                                             &flags,
    222. 

  222.                                             nullptr);
    223. 

  223.     }
    224. 

  224.     else {
    225. 

  225.       status_ = ::AcceptSecurityContext(cred_,
    226. 

  226.                                         &handle_,
    227. 

  227.                                         nullptr,
    228. 

  228.                                         kReqAFlags,
    229. 

  229.                                         0,
    230. 

  230.                                         &handle_,
    231. 

  231.                                         &desc,
    232. 

  232.                                         &flags,
    233. 

  233.                                         nullptr);
    234. 

  234.     }
    235. 

  235.     if (status_ == SEC_E_OK || status_ == SEC_I_CONTEXT_EXPIRED) {
    236. 

  236.       size_t len = ctx.cbBuffer;
    237. 

  237.       ssize_t rv = writeData(ctx.pvBuffer, ctx.cbBuffer);
    238. 

  238.       ::FreeContextBuffer(ctx.pvBuffer);
    239. 

  239.       if (rv == TLS_ERR_WOULDBLOCK) {
    240. 

  240.         return rv;
    241. 

  241.       }
    242. 

  242. 

  243.       // Alright data is sent or buffered
    244. 

  244.       if (rv - len != 0) {
    245. 

  245.         return TLS_ERR_WOULDBLOCK;
    246. 

  246.       }
    247. 

  247.     }
    248. 

  248.   }
    249. 

  249. 

  250.   // Send remaining data.
    251. 

  251.   while (writeBuf_.size()) {
    252. 

  252.     int rv = writeData(nullptr, 0);
    253. 

  253.     if (rv == TLS_ERR_WOULDBLOCK) {
    254. 

  254.       return rv;
    255. 

  255.     }
    256. 

  256.   }
    257. 

  257. 

  258.   A2_LOG_DEBUG("WinTLS: Closed Connection");
    259. 

  259.   state_ = st_closed;
    260. 

  260.   return TLS_ERR_OK;
    261. 

  261. }
    262. 

  262. 

  263. int WinTLSSession::checkDirection()
    264. 

  264. {
    265. 

  265.   if (state_ == st_handshake_write || state_ == st_handshake_write_last) {
    266. 

  266.     return TLS_WANT_WRITE;
    267. 

  267.   }
    268. 

  268.   if (state_ == st_handshake_read) {
    269. 

  269.     return TLS_WANT_READ;
    270. 

  270.   }
    271. 

  271.   if (readBuf_.size() || decBuf_.size()) {
    272. 

  272.     return TLS_WANT_READ;
    273. 

  273.   }
    274. 

  274.   if (writeBuf_.size()) {
    275. 

  275.     return TLS_WANT_WRITE;
    276. 

  276.   }
    277. 

  277.   return TLS_WANT_READ;
    278. 

  278. }
    279. 

  279. 

  280. ssize_t WinTLSSession::writeData(const void* data, size_t len)
    281. 

  281. {
    282. 

  282.   if (state_ == st_handshake_write || state_ == st_handshake_write_last ||
    283. 

  283.       state_ == st_handshake_read) {
    284. 

  284.     // Renegotiating
    285. 

  285.     std::string hn, err;
    286. 

  286.     auto connect = tlsConnect(hn, err);
    287. 

  287.     if (connect != TLS_ERR_OK) {
    288. 

  288.       return connect;
    289. 

  289.     }
    290. 

  290.     // Continue.
    291. 

  291.   }
    292. 

  292. 

  293.   if (state_ != st_connected && state_ != st_closing) {
    294. 

  294.     status_ = SEC_E_INVALID_HANDLE;
    295. 

  295.     return TLS_ERR_ERROR;
    296. 

  296.   }
    297. 

  297. 

  298.   A2_LOG_DEBUG(fmt("WinTLS: Write request: %" PRIu64 " buffered: %" PRIu64,
    299. 

  299.                    (uint64_t)len,
    300. 

  300.                    (uint64_t)writeBuf_.size()));
    301. 

  301. 

  302.   // Write remaining buffered data, if any.
    303. 

  303.   size_t written = 0;
    304. 

  304.   while (writeBuf_.size()) {
    305. 

  305.     written = ::send(sockfd_, writeBuf_.data(), writeBuf_.size(), 0);
    306. 

  306.     errno = ::WSAGetLastError();
    307. 

  307.     if (written < 0 && errno == WSAEINTR) {
    308. 

  308.       continue;
    309. 

  309.     }
    310. 

  310.     if (written < 0 && errno == WSAEWOULDBLOCK) {
    311. 

  311.       return TLS_ERR_WOULDBLOCK;
    312. 

  312.     }
    313. 

  313.     if (written == 0) {
    314. 

  314.       return written;
    315. 

  315.     }
    316. 

  316.     if (written < 0) {
    317. 

  317.       status_ = SEC_E_INVALID_HANDLE;
    318. 

  318.       state_ = st_error;
    319. 

  319.       return TLS_ERR_ERROR;
    320. 

  320.     }
    321. 

  321.     writeBuf_.eat(written);
    322. 

  322.   }
    323. 

  323. 

  324.   if (len == 0) {
    325. 

  325.     return 0;
    326. 

  326.   }
    327. 

  327. 

  328.   if (!streamSizes_) {
    329. 

  329.     streamSizes_.reset(new SecPkgContext_StreamSizes());
    330. 

  330.     status_ = ::QueryContextAttributes(
    331. 

  331.         &handle_, SECPKG_ATTR_STREAM_SIZES, streamSizes_.get());
    332. 

  332.     if (status_ != SEC_E_OK || !streamSizes_->cbMaximumMessage) {
    333. 

  333.       state_ = st_error;
    334. 

  334.       return TLS_ERR_ERROR;
    335. 

  335.     }
    336. 

  336.   }
    337. 

  337. 

  338.   size_t process = len;
    339. 

  339.   auto bytes = reinterpret_cast<const char*>(data);
    340. 

  340.   if (writeBuffered_) {
    341. 

  341.     // There was buffered data, hence we need to "remove" that data from the
    342. 

  342.     // incoming buffer to avoid writing it again
    343. 

  343.     if (len < writeBuffered_) {
    344. 

  344.       // We didn't get called with the same data again, obviously.
    345. 

  345.       status_ = SEC_E_INVALID_HANDLE;
    346. 

  346.       status_ = st_error;
    347. 

  347.       return TLS_ERR_ERROR;
    348. 

  348.     }
    349. 

  349.     // just advance the buffer by writeBuffered_ bytes
    350. 

  350.     bytes += writeBuffered_;
    351. 

  351.     process -= writeBuffered_;
    352. 

  352.     writeBuffered_ = 0;
    353. 

  353.   }
    354. 

  354.   if (!process) {
    355. 

  355.     // The buffer contained the full remainder. At this point, the buffer has
    356. 

  356.     // been written, so the request is done in its entirety;
    357. 

  357.     return len;
    358. 

  358.   }
    359. 

  359. 

  360.   // Buffered data was already written ;)
    361. 

  361.   // If there was no buffered data, this will be len - len = 0.
    362. 

  362.   len = len - process;
    363. 

  363.   while (process) {
    364. 

  364.     // Set up an outgoing message, according to streamSizes_
    365. 

  365.     writeBuffered_ = std::min(process, (size_t)streamSizes_->cbMaximumMessage);
    366. 

  366.     size_t dl =
    367. 

  367.         streamSizes_->cbHeader + writeBuffered_ + streamSizes_->cbTrailer;
    368. 

  368.     auto buf = make_unique<char[]>(dl);
    369. 

  369.     TLSBuffer buffers[] = {
    370. 

  370.         TLSBuffer(SECBUFFER_STREAM_HEADER, streamSizes_->cbHeader, buf.get()),
    371. 

  371.         TLSBuffer(
    372. 

  372.             SECBUFFER_DATA, writeBuffered_, buf.get() + streamSizes_->cbHeader),
    373. 

  373.         TLSBuffer(SECBUFFER_STREAM_TRAILER,
    374. 

  374.                   streamSizes_->cbTrailer,
    375. 

  375.                   buf.get() + streamSizes_->cbHeader + writeBuffered_),
    376. 

  376.         TLSBuffer(SECBUFFER_EMPTY, 0, nullptr),
    377. 

  377.     };
    378. 

  378.     TLSBufferDesc desc(buffers, 4);
    379. 

  379.     memcpy(buffers[1].pvBuffer, bytes, writeBuffered_);
    380. 

  380.     status_ = ::EncryptMessage(&handle_, 0, &desc, 0);
    381. 

  381.     if (status_ != SEC_E_OK) {
    382. 

  382.       A2_LOG_ERROR(fmt("WinTLS: Failed to encrypt a message! %s",
    383. 

  383.                        getLastErrorString().c_str()));
    384. 

  384.       state_ = st_error;
    385. 

  385.       return TLS_ERR_ERROR;
    386. 

  386.     }
    387. 

  387. 

  388.     // EncryptMessage may have truncated the buffers.
    389. 

  389.     // Should rarely happen, if ever, except for the trailer.
    390. 

  390.     dl = buffers[0].cbBuffer;
    391. 

  391.     if (dl < streamSizes_->cbHeader) {
    392. 

  392.       // Move message.
    393. 

  393.       memmove(buf.get() + dl, buffers[1].pvBuffer, buffers[1].cbBuffer);
    394. 

  394.     }
    395. 

  395.     dl += buffers[1].cbBuffer;
    396. 

  396.     if (dl < streamSizes_->cbHeader + writeBuffered_) {
    397. 

  397.       // Move tailer.
    398. 

  398.       memmove(buf.get() + dl, buffers[2].pvBuffer, buffers[2].cbBuffer);
    399. 

  399.     }
    400. 

  400.     dl += buffers[2].cbBuffer;
    401. 

  401. 

  402.     // Write (or buffer) the message.
    403. 

  403.     char* p = buf.get();
    404. 

  404.     while (dl) {
    405. 

  405.       written = ::send(sockfd_, p, dl, 0);
    406. 

  406.       errno = ::WSAGetLastError();
    407. 

  407.       if (written < 0 && errno == WSAEINTR) {
    408. 

  408.         continue;
    409. 

  409.       }
    410. 

  410.       if (written < 0 && errno == WSAEWOULDBLOCK) {
    411. 

  411.         // Buffer the rest of the message...
    412. 

  412.         writeBuf_.write(p, dl);
    413. 

  413.         // and return...
    414. 

  414.         return len;
    415. 

  415.       }
    416. 

  416.       if (written == 0) {
    417. 

  417.         A2_LOG_ERROR("WinTLS: Connection closed while writing");
    418. 

  418.         status_ = SEC_E_INCOMPLETE_MESSAGE;
    419. 

  419.         state_ = st_error;
    420. 

  420.         return TLS_ERR_ERROR;
    421. 

  421.       }
    422. 

  422.       if (written < 0) {
    423. 

  423.         A2_LOG_ERROR("WinTLS: Connection error while writing");
    424. 

  424.         status_ = SEC_E_INCOMPLETE_MESSAGE;
    425. 

  425.         state_ = st_error;
    426. 

  426.         return TLS_ERR_ERROR;
    427. 

  427.       }
    428. 

  428.       dl -= written;
    429. 

  429.       p += written;
    430. 

  430.     }
    431. 

  431. 

  432.     len += writeBuffered_;
    433. 

  433.     bytes += writeBuffered_;
    434. 

  434.     process -= writeBuffered_;
    435. 

  435.     writeBuffered_ = 0;
    436. 

  436.   }
    437. 

  437. 

  438.   A2_LOG_DEBUG(fmt("WinTLS: Write result: %" PRIu64 " buffered: %" PRIu64,
    439. 

  439.                    (uint64_t)len,
    440. 

  440.                    (uint64_t)writeBuf_.size()));
    441. 

  441.   if (!len) {
    442. 

  442.     return TLS_ERR_WOULDBLOCK;
    443. 

  443.   }
    444. 

  444.   return len;
    445. 

  445. }
    446. 

  446. 

  447. ssize_t WinTLSSession::readData(void* data, size_t len)
    448. 

  448. {
    449. 

  449.   A2_LOG_DEBUG(fmt("WinTLS: Read request: %" PRIu64 " buffered: %" PRIu64,
    450. 

  450.                    (uint64_t)len,
    451. 

  451.                    (uint64_t)readBuf_.size()));
    452. 

  452.   if (len == 0) {
    453. 

  453.     return 0;
    454. 

  454.   }
    455. 

  455. 

  456.   // Can be filled from decBuffer entirely?
    457. 

  457.   if (decBuf_.size() >= len) {
    458. 

  458.     A2_LOG_DEBUG("WinTLS: Fullfilling req from buffer");
    459. 

  459.     memcpy(data, decBuf_.data(), len);
    460. 

  460.     decBuf_.eat(len);
    461. 

  461.     return len;
    462. 

  462.   }
    463. 

  463. 

  464.   if (state_ == st_closing || state_ == st_closed || state_ == st_error) {
    465. 

  465.     auto nread = decBuf_.size();
    466. 

  466.     if (nread) {
    467. 

  467.       assert(nread < len);
    468. 

  468.       memcpy(data, decBuf_.data(), nread);
    469. 

  469.       decBuf_.clear();
    470. 

  470.       A2_LOG_DEBUG("WinTLS: Sending out decrypted buffer after EOF");
    471. 

  471.       return nread;
    472. 

  472.     }
    473. 

  473. 

  474.     A2_LOG_DEBUG("WinTLS: Read request aborted. Connection already closed");
    475. 

  475.     return state_ == st_error ? TLS_ERR_ERROR : 0;
    476. 

  476.   }
    477. 

  477. 

  478.   if (state_ == st_handshake_write || state_ == st_handshake_write_last ||
    479. 

  479.       state_ == st_handshake_read) {
    480. 

  480.     // Renegotiating
    481. 

  481.     std::string hn, err;
    482. 

  482.     auto connect = tlsConnect(hn, err);
    483. 

  483.     if (connect != TLS_ERR_OK) {
    484. 

  484.       return connect;
    485. 

  485.     }
    486. 

  486.     // Continue.
    487. 

  487.   }
    488. 

  488. 

  489.   if (state_ != st_connected) {
    490. 

  490.     status_ = SEC_E_INVALID_HANDLE;
    491. 

  491.     return TLS_ERR_ERROR;
    492. 

  492.   }
    493. 

  493. 

  494.   // Read as many bytes as available from the connection, up to len + 4k.
    495. 

  495.   readBuf_.resize(len + 4096);
    496. 

  496.   while (readBuf_.free()) {
    497. 

  497.     ssize_t read = ::recv(sockfd_, readBuf_.end(), readBuf_.free(), 0);
    498. 

  498.     errno = ::WSAGetLastError();
    499. 

  499.     if (read < 0 && errno == WSAEINTR) {
    500. 

  500.       continue;
    501. 

  501.     }
    502. 

  502.     if (read < 0 && errno == WSAEWOULDBLOCK) {
    503. 

  503.       break;
    504. 

  504.     }
    505. 

  505.     if (read < 0) {
    506. 

  506.       status_ = SEC_E_INCOMPLETE_MESSAGE;
    507. 

  507.       state_ = st_error;
    508. 

  508.       return TLS_ERR_ERROR;
    509. 

  509.     }
    510. 

  510.     if (read == 0) {
    511. 

  511.       A2_LOG_DEBUG("WinTLS: Connection abruptly closed!");
    512. 

  512.       // At least try to gracefully close our write end.
    513. 

  513.       closeConnection();
    514. 

  514.       break;
    515. 

  515.     }
    516. 

  516.     readBuf_.advance(read);
    517. 

  517.   }
    518. 

  518. 

  519.   // Try to decrypt as many messages as possible from the readBuf_.
    520. 

  520.   while (readBuf_.size()) {
    521. 

  521.     TLSBuffer bufs[] = {
    522. 

  522.         TLSBuffer(SECBUFFER_DATA, readBuf_.size(), readBuf_.data()),
    523. 

  523.         TLSBuffer(SECBUFFER_EMPTY, 0, nullptr),
    524. 

  524.         TLSBuffer(SECBUFFER_EMPTY, 0, nullptr),
    525. 

  525.         TLSBuffer(SECBUFFER_EMPTY, 0, nullptr),
    526. 

  526.     };
    527. 

  527.     TLSBufferDesc desc(bufs, 4);
    528. 

  528.     status_ = ::DecryptMessage(&handle_, &desc, 0, nullptr);
    529. 

  529.     if (status_ == SEC_E_INCOMPLETE_MESSAGE) {
    530. 

  530.       // Need to stop now, and wait for more bytes to arrive on the socket.
    531. 

  531.       break;
    532. 

  532.     }
    533. 

  533. 

  534.     if (status_ != SEC_E_OK && status_ != SEC_I_CONTEXT_EXPIRED &&
    535. 

  535.         status_ != SEC_I_RENEGOTIATE) {
    536. 

  536.       A2_LOG_ERROR(fmt("WinTLS: Failed to decrypt a message! %s",
    537. 

  537.                        getLastErrorString().c_str()));
    538. 

  538.       state_ = st_error;
    539. 

  539.       return TLS_ERR_ERROR;
    540. 

  540.     }
    541. 

  541. 

  542.     // Decrypted message successfully.
    543. 

  543.     bool ate = false;
    544. 

  544.     for (auto& buf : bufs) {
    545. 

  545.       if (buf.BufferType == SECBUFFER_DATA && buf.cbBuffer > 0) {
    546. 

  546.         decBuf_.write(buf.pvBuffer, buf.cbBuffer);
    547. 

  547.       }
    548. 

  548.       else if (buf.BufferType == SECBUFFER_EXTRA && buf.cbBuffer > 0) {
    549. 

  549.         readBuf_.eat(readBuf_.size() - buf.cbBuffer);
    550. 

  550.         ate = true;
    551. 

  551.       }
    552. 

  552.     }
    553. 

  553.     if (!ate) {
    554. 

  554.       readBuf_.clear();
    555. 

  555.     }
    556. 

  556. 

  557.     if (status_ == SEC_I_RENEGOTIATE) {
    558. 

  558.       // Renegotiation basically means performing another handshake
    559. 

  559.       state_ = st_initialized;
    560. 

  560.       A2_LOG_INFO("WinTLS: Renegotiate");
    561. 

  561.       std::string hn, err;
    562. 

  562.       auto connect = tlsConnect(hn, err);
    563. 

  563.       if (connect == TLS_ERR_WOULDBLOCK) {
    564. 

  564.         break;
    565. 

  565.       }
    566. 

  566.       if (connect == TLS_ERR_ERROR) {
    567. 

  567.         return connect;
    568. 

  568.       }
    569. 

  569.       // Still good.
    570. 

  570.     }
    571. 

  571.     if (status_ == SEC_I_CONTEXT_EXPIRED) {
    572. 

  572.       // Connection is gone now, but the buffered bytes are still valid.
    573. 

  573.       A2_LOG_DEBUG("WinTLS: Connection gracefully closed!");
    574. 

  574.       closeConnection();
    575. 

  575.       break;
    576. 

  576.     }
    577. 

  577.   }
    578. 

  578. 

  579.   len = std::min(decBuf_.size(), len);
    580. 

  580.   if (len == 0) {
    581. 

  581.     if (state_ != st_connected) {
    582. 

  582.       return state_ == st_error ? TLS_ERR_ERROR : 0;
    583. 

  583.     }
    584. 

  584. 

  585.     return TLS_ERR_WOULDBLOCK;
    586. 

  586.   }
    587. 

  587.   memcpy(data, decBuf_.data(), len);
    588. 

  588.   decBuf_.eat(len);
    589. 

  589.   return len;
    590. 

  590. }
    591. 

  591. 

  592. int WinTLSSession::tlsConnect(const std::string& hostname,
    593. 

  593.                               std::string& handshakeErr)
    594. 

  594. {
    595. 

  595.   // Handshaking will require sending multiple read/write exchanges until the
    596. 

  596.   // handshake is actually done. The client will first generate the initial
    597. 

  597.   // handshake message, then write that to the server, read the response
    598. 

  598.   // message, and write and/or read additional messages until the handshake is
    599. 

  599.   // either complete and successful, or something went wrong.
    600. 

  600.   // The server works analog to that.
    601. 

  601. 

  602.   A2_LOG_DEBUG("WinTLS: Starting/Resuming TLS Connect");
    603. 

  603.   ULONG flags = 0;
    604. 

  604. 

  605. restart:
    606. 

  606. 

  607.   switch (state_) {
    608. 

  608.   default:
    609. 

  609.     A2_LOG_ERROR("WinTLS: Invalid state");
    610. 

  610.     status_ = SEC_E_INVALID_HANDLE;
    611. 

  611.     return TLS_ERR_ERROR;
    612. 

  612. 

  613.   case st_initialized: {
    614. 

  614.     if (side_ == TLS_SERVER) {
    615. 

  615.       goto read;
    616. 

  616.     }
    617. 

  617. 

  618.     if (!hostname.empty()) {
    619. 

  619.       setSNIHostname(hostname);
    620. 

  620.     }
    621. 

  621.     A2_LOG_DEBUG("WinTLS: Initializing handshake");
    622. 

  622.     TLSBuffer buf(SECBUFFER_EMPTY, 0, nullptr);
    623. 

  623.     TLSBufferDesc desc(&buf, 1);
    624. 

  624.     SEC_CHAR* host =
    625. 

  625.         hostname_.empty() ? nullptr : const_cast<SEC_CHAR*>(hostname_.c_str());
    626. 

  626.     status_ = ::InitializeSecurityContext(cred_,
    627. 

  627.                                           nullptr,
    628. 

  628.                                           host,
    629. 

  629.                                           kReqFlags,
    630. 

  630.                                           0,
    631. 

  631.                                           0,
    632. 

  632.                                           nullptr,
    633. 

  633.                                           0,
    634. 

  634.                                           &handle_,
    635. 

  635.                                           &desc,
    636. 

  636.                                           &flags,
    637. 

  637.                                           nullptr);
    638. 

  638.     if (status_ != SEC_I_CONTINUE_NEEDED) {
    639. 

  639.       // Has to be SEC_I_CONTINUE_NEEDED, as we did not actually send data
    640. 

  640.       // at this point.
    641. 

  641.       state_ = st_error;
    642. 

  642.       return TLS_ERR_ERROR;
    643. 

  643.     }
    644. 

  644. 

  645.     // Queue the initial message...
    646. 

  646.     writeBuf_.write(buf.pvBuffer, buf.cbBuffer);
    647. 

  647.     FreeContextBuffer(buf.pvBuffer);
    648. 

  648. 

  649.     // ... and start sending it
    650. 

  650.     state_ = st_handshake_write;
    651. 

  651.   }
    652. 

  652.   // Fall through
    653. 

  653. 

  654.   case st_handshake_write_last:
    655. 

  655.   case st_handshake_write: {
    656. 

  656.     A2_LOG_DEBUG("WinTLS: Writing handshake");
    657. 

  657. 

  658.     // Write the currently queued handshake message until all data is sent.
    659. 

  659.     while (writeBuf_.size()) {
    660. 

  660.       ssize_t writ = ::send(sockfd_, writeBuf_.data(), writeBuf_.size(), 0);
    661. 

  661.       errno = ::WSAGetLastError();
    662. 

  662.       if (writ < 0 && errno == WSAEINTR) {
    663. 

  663.         continue;
    664. 

  664.       }
    665. 

  665.       if (writ < 0 && errno == WSAEWOULDBLOCK) {
    666. 

  666.         return TLS_ERR_WOULDBLOCK;
    667. 

  667.       }
    668. 

  668.       if (writ <= 0) {
    669. 

  669.         status_ = SEC_E_INCOMPLETE_MESSAGE;
    670. 

  670.         state_ = st_error;
    671. 

  671.         return TLS_ERR_ERROR;
    672. 

  672.       }
    673. 

  673.       writeBuf_.eat(writ);
    674. 

  674.     }
    675. 

  675. 

  676.     if (state_ == st_handshake_write_last) {
    677. 

  677.       state_ = st_handshake_done;
    678. 

  678.       goto restart;
    679. 

  679.     }
    680. 

  680. 

  681.     // Have to read one or more response messages.
    682. 

  682.     state_ = st_handshake_read;
    683. 

  683.   }
    684. 

  684.   // Fall through
    685. 

  685. 

  686.   case st_handshake_read: {
    687. 

  687.   read:
    688. 

  688.     A2_LOG_DEBUG("WinTLS: Reading handshake...");
    689. 

  689. 

  690.     // All write buffered data is invalid at this point!
    691. 

  691.     writeBuf_.clear();
    692. 

  692. 

  693.     // Read as many bytes as possible, up to 4k new bytes.
    694. 

  694.     // We do not know how many bytes will arrive from the server at this
    695. 

  695.     // point.
    696. 

  696.     readBuf_.resize(readBuf_.size() + 4096);
    697. 

  697.     while (readBuf_.free()) {
    698. 

  698.       ssize_t read = ::recv(sockfd_, readBuf_.end(), readBuf_.free(), 0);
    699. 

  699.       errno = ::WSAGetLastError();
    700. 

  700.       if (read < 0 && errno == WSAEINTR) {
    701. 

  701.         continue;
    702. 

  702.       }
    703. 

  703.       if (read < 0 && errno == WSAEWOULDBLOCK) {
    704. 

  704.         break;
    705. 

  705.       }
    706. 

  706.       if (read <= 0) {
    707. 

  707.         status_ = SEC_E_INCOMPLETE_MESSAGE;
    708. 

  708.         state_ = st_error;
    709. 

  709.         return TLS_ERR_ERROR;
    710. 

  710.       }
    711. 

  711.       if (read == 0) {
    712. 

  712.         A2_LOG_DEBUG("WinTLS: Connection abruptly closed during handshake!");
    713. 

  713.         status_ = SEC_E_INCOMPLETE_MESSAGE;
    714. 

  714.         state_ = st_error;
    715. 

  715.         return TLS_ERR_ERROR;
    716. 

  716.       }
    717. 

  717.       readBuf_.advance(read);
    718. 

  718.       break;
    719. 

  719.     }
    720. 

  720.     if (!readBuf_.size()) {
    721. 

  721.       return TLS_ERR_WOULDBLOCK;
    722. 

  722.     }
    723. 

  723. 

  724.     // Need to copy the data, as Schannel is free to mess with it. But we
    725. 

  725.     // might later need unmodified data from the original read buffer.
    726. 

  726.     auto bufcopy = make_unique<char[]>(readBuf_.size());
    727. 

  727.     memcpy(bufcopy.get(), readBuf_.data(), readBuf_.size());
    728. 

  728. 

  729.     // Set up buffers. inbufs will be the raw bytes the library has to decode.
    730. 

  730.     // outbufs will contain generated responses, if any.
    731. 

  731.     TLSBuffer inbufs[] = {
    732. 

  732.         TLSBuffer(SECBUFFER_TOKEN, readBuf_.size(), bufcopy.get()),
    733. 

  733.         TLSBuffer(SECBUFFER_EMPTY, 0, nullptr),
    734. 

  734.     };
    735. 

  735.     TLSBufferDesc indesc(inbufs, 2);
    736. 

  736.     TLSBuffer outbufs[] = {
    737. 

  737.       TLSBuffer(SECBUFFER_TOKEN, 0, nullptr),
    738. 

  738.       TLSBuffer(SECBUFFER_ALERT, 0, nullptr),
    739. 

  739.     };
    740. 

  740.     TLSBufferDesc outdesc(outbufs, 2);
    741. 

  741.     if (side_ == TLS_CLIENT) {
    742. 

  742.       SEC_CHAR* host = hostname_.empty() ?
    743. 

  743.                            nullptr :
    744. 

  744.                            const_cast<SEC_CHAR*>(hostname_.c_str());
    745. 

  745.       status_ = ::InitializeSecurityContext(cred_,
    746. 

  746.                                             &handle_,
    747. 

  747.                                             host,
    748. 

  748.                                             kReqFlags,
    749. 

  749.                                             0,
    750. 

  750.                                             0,
    751. 

  751.                                             &indesc,
    752. 

  752.                                             0,
    753. 

  753.                                             nullptr,
    754. 

  754.                                             &outdesc,
    755. 

  755.                                             &flags,
    756. 

  756.                                             nullptr);
    757. 

  757.     }
    758. 

  758.     else {
    759. 

  759.       status_ =
    760. 

  760.           ::AcceptSecurityContext(cred_,
    761. 

  761.                                   state_ == st_initialized ? nullptr : &handle_,
    762. 

  762.                                   &indesc,
    763. 

  763.                                   kReqAFlags,
    764. 

  764.                                   0,
    765. 

  765.                                   state_ == st_initialized ? &handle_ : nullptr,
    766. 

  766.                                   &outdesc,
    767. 

  767.                                   &flags,
    768. 

  768.                                   nullptr);
    769. 

  769.     }
    770. 

  770.     if (status_ == SEC_E_INCOMPLETE_MESSAGE) {
    771. 

  771.       // Not enough raw bytes read yet to decode a full message.
    772. 

  772.       return TLS_ERR_WOULDBLOCK;
    773. 

  773.     }
    774. 

  774.     if (status_ != SEC_E_OK && status_ != SEC_I_CONTINUE_NEEDED) {
    775. 

  775.       state_ = st_error;
    776. 

  776.       return TLS_ERR_ERROR;
    777. 

  777.     }
    778. 

  778. 

  779.     // Raw bytes where not entirely consumed, i.e. readBuf_ still contains
    780. 

  780.     // unprocessed data from the next message?
    781. 

  781.     if (inbufs[1].BufferType == SECBUFFER_EXTRA && inbufs[1].cbBuffer > 0) {
    782. 

  782.       readBuf_.eat(readBuf_.size() - inbufs[1].cbBuffer);
    783. 

  783.     }
    784. 

  784.     else {
    785. 

  785.       readBuf_.clear();
    786. 

  786.     }
    787. 

  787. 

  788.     // Check if the library produced a new outgoing message and queue it.
    789. 

  789.     for (auto& buf : outbufs) {
    790. 

  790.       if (buf.BufferType == SECBUFFER_TOKEN && buf.cbBuffer > 0) {
    791. 

  791.         writeBuf_.write(buf.pvBuffer, buf.cbBuffer);
    792. 

  792.         FreeContextBuffer(buf.pvBuffer);
    793. 

  793.         state_ = st_handshake_write;
    794. 

  794.       }
    795. 

  795.     }
    796. 

  796. 

  797.     // Need to read additional messages?
    798. 

  798.     if (status_ == SEC_I_CONTINUE_NEEDED) {
    799. 

  799.       A2_LOG_DEBUG("WinTLS: Continuing with handshake");
    800. 

  800.       goto restart;
    801. 

  801.     }
    802. 

  802. 

  803.     if (side_ == TLS_CLIENT && flags != kReqFlags) {
    804. 

  804.       A2_LOG_ERROR(fmt("WinTLS: Channel setup failed. Schannel provider did "
    805. 

  805.                        "not fulfill requested flags. "
    806. 

  806.                        "Excepted: %lu Actual: %lu",
    807. 

  807.                        kReqFlags,
    808. 

  808.                        flags));
    809. 

  809.       status_ = SEC_E_INTERNAL_ERROR;
    810. 

  810.       state_ = st_error;
    811. 

  811.       return TLS_ERR_ERROR;
    812. 

  812.     }
    813. 

  813. 

  814.     if (state_ == st_handshake_write) {
    815. 

  815.       A2_LOG_DEBUG("WinTLS: Continuing with handshake (last write)");
    816. 

  816.       state_ = st_handshake_write_last;
    817. 

  817.       goto restart;
    818. 

  818.     }
    819. 

  819.   }
    820. 

  820.   // Fall through
    821. 

  821. 

  822.   case st_handshake_done: {
    823. 

  823.     // All ready now :D
    824. 

  824.     state_ = st_connected;
    825. 

  825.     A2_LOG_INFO(
    826. 

  826.         fmt("WinTLS: connected with: %s", getCipherSuite(&handle_).c_str()));
    827. 

  827.     auto proto = getProtocolVersion(&handle_);
    828. 

  828.     if (proto < 0x301) {
    829. 

  829.       std::string protoAndSuite;
    830. 

  830.       switch (proto) {
    831. 

  831.       case 0x300:
    832. 

  832.         protoAndSuite = "SSLv3";
    833. 

  833.         break;
    834. 

  834.       default:
    835. 

  835.         protoAndSuite = "Unknown";
    836. 

  836.         break;
    837. 

  837.       }
    838. 

  838.       protoAndSuite += " " + getCipherSuite(&handle_);
    839. 

  839.       A2_LOG_WARN(fmt(MSG_WARN_OLD_TLS_CONNECTION, protoAndSuite.c_str()));
    840. 

  840.     }
    841. 

  841. 

  842.     return TLS_ERR_OK;
    843. 

  843.   }
    844. 

  844. 

  845.   }
    846. 

  846. 

  847.   A2_LOG_ERROR("WinTLS: Unreachable reached during tlsConnect! This is a bug!");
    848. 

  848.   state_ = st_error;
    849. 

  849.   return TLS_ERR_ERROR;
    850. 

  850. }
    851. 

  851. 

  852. int WinTLSSession::tlsAccept()
    853. 

  853. {
    854. 

  854.   std::string host, err;
    855. 

  855.   return tlsConnect(host, err);
    856. 

  856. }
    857. 

  857. 

  858. std::string WinTLSSession::getLastErrorString()
    859. 

  859. {
    860. 

  860.   std::stringstream ss;
    861. 

  861.   wchar_t* buf = nullptr;
    862. 

  862.   auto rv = FormatMessageW(FORMAT_MESSAGE_ALLOCATE_BUFFER |
    863. 

  863.                                FORMAT_MESSAGE_FROM_SYSTEM |
    864. 

  864.                                FORMAT_MESSAGE_IGNORE_INSERTS,
    865. 

  865.                            nullptr,
    866. 

  866.                            status_,
    867. 

  867.                            MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
    868. 

  868.                            (LPWSTR) & buf,
    869. 

  869.                            1024,
    870. 

  870.                            nullptr);
    871. 

  871.   if (rv && buf) {
    872. 

  872.     ss << "Error: " << wCharToUtf8(buf) << "(" << std::hex << status_ << ")";
    873. 

  873.     LocalFree(buf);
    874. 

  874.   }
    875. 

  875.   else {
    876. 

  876.     ss << "Error: " << std::hex << status_;
    877. 

  877.   }
    878. 

  878.   return ss.str();
    879. 

  879. }
    880. 

  880. 

  881. } // namespace aria2
    882.