2018-09-27 23:56:48 +02:00
|
|
|
/*
|
|
|
|
|
* IXSocketAppleSSL.cpp
|
|
|
|
|
* Author: Benjamin Sergeant
|
2020-04-24 21:47:47 +02:00
|
|
|
* Copyright (c) 2017-2020 Machine Zone, Inc. All rights reserved.
|
2018-09-27 23:56:48 +02:00
|
|
|
*
|
|
|
|
|
* Adapted from Satori SDK Apple SSL code.
|
|
|
|
|
*/
|
2020-04-24 21:47:47 +02:00
|
|
|
#ifdef IXWEBSOCKET_USE_SECURE_TRANSPORT
|
|
|
|
|
|
2018-09-27 23:56:48 +02:00
|
|
|
#include "IXSocketAppleSSL.h"
|
|
|
|
|
|
2019-09-23 19:25:23 +02:00
|
|
|
#include "IXSocketConnect.h"
|
|
|
|
|
#include <errno.h>
|
2018-09-27 23:56:48 +02:00
|
|
|
#include <fcntl.h>
|
|
|
|
|
#include <netdb.h>
|
|
|
|
|
#include <netinet/tcp.h>
|
2019-09-23 19:25:23 +02:00
|
|
|
#include <stdint.h>
|
2018-09-27 23:56:48 +02:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <sys/socket.h>
|
|
|
|
|
#include <sys/time.h>
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
#define socketerrno errno
|
|
|
|
|
|
|
|
|
|
#include <Security/SecureTransport.h>
|
|
|
|
|
|
2019-12-24 01:30:38 +01:00
|
|
|
namespace ix
|
2018-09-27 23:56:48 +02:00
|
|
|
{
|
2019-12-24 01:30:38 +01:00
|
|
|
SocketAppleSSL::SocketAppleSSL(const SocketTLSOptions& tlsOptions, int fd)
|
|
|
|
|
: Socket(fd)
|
|
|
|
|
, _sslContext(nullptr)
|
|
|
|
|
, _tlsOptions(tlsOptions)
|
|
|
|
|
{
|
|
|
|
|
;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SocketAppleSSL::~SocketAppleSSL()
|
|
|
|
|
{
|
|
|
|
|
SocketAppleSSL::close();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::string SocketAppleSSL::getSSLErrorDescription(OSStatus status)
|
|
|
|
|
{
|
|
|
|
|
std::string errMsg("Unknown SSL error.");
|
|
|
|
|
|
|
|
|
|
CFErrorRef error = CFErrorCreate(kCFAllocatorDefault, kCFErrorDomainOSStatus, status, NULL);
|
|
|
|
|
if (error)
|
|
|
|
|
{
|
|
|
|
|
CFStringRef message = CFErrorCopyDescription(error);
|
|
|
|
|
if (message)
|
|
|
|
|
{
|
|
|
|
|
char localBuffer[128];
|
|
|
|
|
Boolean success;
|
|
|
|
|
success = CFStringGetCString(message, localBuffer, 128, kCFStringEncodingUTF8);
|
|
|
|
|
if (success)
|
|
|
|
|
{
|
|
|
|
|
errMsg = localBuffer;
|
|
|
|
|
}
|
|
|
|
|
CFRelease(message);
|
|
|
|
|
}
|
|
|
|
|
CFRelease(error);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return errMsg;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
OSStatus SocketAppleSSL::readFromSocket(SSLConnectionRef connection, void* data, size_t* len)
|
2019-09-23 19:25:23 +02:00
|
|
|
{
|
|
|
|
|
int fd = (int) (long) connection;
|
|
|
|
|
if (fd < 0) return errSSLInternal;
|
2018-09-27 23:56:48 +02:00
|
|
|
|
2019-09-23 19:25:23 +02:00
|
|
|
assert(data != nullptr);
|
|
|
|
|
assert(len != nullptr);
|
2018-09-27 23:56:48 +02:00
|
|
|
|
2019-09-23 19:25:23 +02:00
|
|
|
size_t requested_sz = *len;
|
2018-09-27 23:56:48 +02:00
|
|
|
|
2019-09-23 19:25:23 +02:00
|
|
|
ssize_t status = read(fd, data, requested_sz);
|
2018-09-27 23:56:48 +02:00
|
|
|
|
2019-09-23 19:25:23 +02:00
|
|
|
if (status > 0)
|
|
|
|
|
{
|
|
|
|
|
*len = (size_t) status;
|
|
|
|
|
if (requested_sz > *len)
|
2020-01-06 23:45:05 +01:00
|
|
|
{
|
2019-09-23 19:25:23 +02:00
|
|
|
return errSSLWouldBlock;
|
2020-01-06 23:45:05 +01:00
|
|
|
}
|
2019-09-23 19:25:23 +02:00
|
|
|
else
|
2020-01-06 23:45:05 +01:00
|
|
|
{
|
2019-09-23 19:25:23 +02:00
|
|
|
return noErr;
|
2020-01-06 23:45:05 +01:00
|
|
|
}
|
2019-09-23 19:25:23 +02:00
|
|
|
}
|
2020-01-06 23:45:05 +01:00
|
|
|
else if (status == 0)
|
2019-09-23 19:25:23 +02:00
|
|
|
{
|
|
|
|
|
*len = 0;
|
|
|
|
|
return errSSLClosedGraceful;
|
|
|
|
|
}
|
2018-09-27 23:56:48 +02:00
|
|
|
else
|
2019-09-23 19:25:23 +02:00
|
|
|
{
|
|
|
|
|
*len = 0;
|
|
|
|
|
switch (errno)
|
|
|
|
|
{
|
|
|
|
|
case ENOENT: return errSSLClosedGraceful;
|
2018-09-27 23:56:48 +02:00
|
|
|
|
2020-01-07 00:19:14 +01:00
|
|
|
case EAGAIN: return errSSLWouldBlock; // EWOULDBLOCK is a define for EAGAIN on osx
|
|
|
|
|
case EINPROGRESS: return errSSLWouldBlock;
|
2018-09-27 23:56:48 +02:00
|
|
|
|
2019-09-23 19:25:23 +02:00
|
|
|
case ECONNRESET: return errSSLClosedAbort;
|
2018-09-27 23:56:48 +02:00
|
|
|
|
2019-09-23 19:25:23 +02:00
|
|
|
default: return errSecIO;
|
|
|
|
|
}
|
2018-09-27 23:56:48 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-30 17:46:18 +01:00
|
|
|
OSStatus SocketAppleSSL::writeToSocket(SSLConnectionRef connection,
|
|
|
|
|
const void* data,
|
2020-01-13 07:30:16 +01:00
|
|
|
size_t* len)
|
2019-09-23 19:25:23 +02:00
|
|
|
{
|
2020-01-13 07:30:16 +01:00
|
|
|
int fd = (int) (long) connection;
|
|
|
|
|
if (fd < 0) return errSSLInternal;
|
2018-09-27 23:56:48 +02:00
|
|
|
|
2019-09-23 19:25:23 +02:00
|
|
|
assert(data != nullptr);
|
|
|
|
|
assert(len != nullptr);
|
2018-09-27 23:56:48 +02:00
|
|
|
|
2019-09-23 19:25:23 +02:00
|
|
|
size_t to_write_sz = *len;
|
|
|
|
|
ssize_t status = write(fd, data, to_write_sz);
|
2018-09-27 23:56:48 +02:00
|
|
|
|
2019-09-23 19:25:23 +02:00
|
|
|
if (status > 0)
|
|
|
|
|
{
|
|
|
|
|
*len = (size_t) status;
|
|
|
|
|
if (to_write_sz > *len)
|
2020-01-06 23:45:05 +01:00
|
|
|
{
|
2019-09-23 19:25:23 +02:00
|
|
|
return errSSLWouldBlock;
|
2020-01-06 23:45:05 +01:00
|
|
|
}
|
2019-09-23 19:25:23 +02:00
|
|
|
else
|
2020-01-06 23:45:05 +01:00
|
|
|
{
|
2019-09-23 19:25:23 +02:00
|
|
|
return noErr;
|
2020-01-06 23:45:05 +01:00
|
|
|
}
|
2019-09-23 19:25:23 +02:00
|
|
|
}
|
2020-01-06 23:45:05 +01:00
|
|
|
else if (status == 0)
|
2018-09-27 23:56:48 +02:00
|
|
|
{
|
2019-09-23 19:25:23 +02:00
|
|
|
*len = 0;
|
|
|
|
|
return errSSLClosedGraceful;
|
2018-09-27 23:56:48 +02:00
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2019-09-23 19:25:23 +02:00
|
|
|
*len = 0;
|
2020-01-07 00:19:14 +01:00
|
|
|
switch (errno)
|
2019-09-23 19:25:23 +02:00
|
|
|
{
|
2020-01-07 00:19:14 +01:00
|
|
|
case ENOENT: return errSSLClosedGraceful;
|
|
|
|
|
|
|
|
|
|
case EAGAIN: return errSSLWouldBlock; // EWOULDBLOCK is a define for EAGAIN on osx
|
|
|
|
|
case EINPROGRESS: return errSSLWouldBlock;
|
|
|
|
|
|
|
|
|
|
case ECONNRESET: return errSSLClosedAbort;
|
|
|
|
|
|
|
|
|
|
default: return errSecIO;
|
2019-09-23 19:25:23 +02:00
|
|
|
}
|
2018-09-27 23:56:48 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-12-18 19:43:05 +01:00
|
|
|
bool SocketAppleSSL::accept(std::string& errMsg)
|
|
|
|
|
{
|
|
|
|
|
errMsg = "TLS not supported yet in server mode with apple ssl backend";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-21 00:57:27 +01:00
|
|
|
OSStatus SocketAppleSSL::tlsHandShake(std::string& errMsg,
|
|
|
|
|
const CancellationRequest& isCancellationRequested)
|
|
|
|
|
{
|
|
|
|
|
OSStatus status;
|
|
|
|
|
|
|
|
|
|
do
|
|
|
|
|
{
|
|
|
|
|
status = SSLHandshake(_sslContext);
|
|
|
|
|
|
|
|
|
|
// Interrupt the handshake
|
|
|
|
|
if (isCancellationRequested())
|
|
|
|
|
{
|
|
|
|
|
errMsg = "Cancellation requested";
|
|
|
|
|
return errSSLInternal;
|
|
|
|
|
}
|
|
|
|
|
} while (status == errSSLWouldBlock || status == errSSLServerAuthCompleted);
|
|
|
|
|
|
|
|
|
|
return status;
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-27 23:56:48 +02:00
|
|
|
// No wait support
|
|
|
|
|
bool SocketAppleSSL::connect(const std::string& host,
|
|
|
|
|
int port,
|
2018-12-10 02:56:20 +01:00
|
|
|
std::string& errMsg,
|
2018-12-15 01:28:11 +01:00
|
|
|
const CancellationRequest& isCancellationRequested)
|
2018-09-27 23:56:48 +02:00
|
|
|
{
|
|
|
|
|
OSStatus status;
|
|
|
|
|
{
|
|
|
|
|
std::lock_guard<std::mutex> lock(_mutex);
|
|
|
|
|
|
2018-12-10 02:56:20 +01:00
|
|
|
_sockfd = SocketConnect::connect(host, port, errMsg, isCancellationRequested);
|
2018-09-27 23:56:48 +02:00
|
|
|
if (_sockfd == -1) return false;
|
|
|
|
|
|
|
|
|
|
_sslContext = SSLCreateContext(kCFAllocatorDefault, kSSLClientSide, kSSLStreamType);
|
|
|
|
|
|
2019-12-30 17:46:18 +01:00
|
|
|
SSLSetIOFuncs(
|
|
|
|
|
_sslContext, SocketAppleSSL::readFromSocket, SocketAppleSSL::writeToSocket);
|
2019-09-23 19:25:23 +02:00
|
|
|
SSLSetConnection(_sslContext, (SSLConnectionRef)(long) _sockfd);
|
2018-09-27 23:56:48 +02:00
|
|
|
SSLSetProtocolVersionMin(_sslContext, kTLSProtocol12);
|
|
|
|
|
SSLSetPeerDomainName(_sslContext, host.c_str(), host.size());
|
|
|
|
|
|
2019-11-20 22:58:08 +01:00
|
|
|
if (_tlsOptions.isPeerVerifyDisabled())
|
2019-09-23 19:25:23 +02:00
|
|
|
{
|
2019-11-20 22:58:08 +01:00
|
|
|
Boolean option(1);
|
|
|
|
|
SSLSetSessionOption(_sslContext, kSSLSessionOptionBreakOnServerAuth, option);
|
|
|
|
|
|
2020-03-21 00:57:27 +01:00
|
|
|
status = tlsHandShake(errMsg, isCancellationRequested);
|
2019-11-20 22:58:08 +01:00
|
|
|
|
|
|
|
|
if (status == errSSLServerAuthCompleted)
|
|
|
|
|
{
|
|
|
|
|
// proceed with the handshake
|
2020-03-21 00:57:27 +01:00
|
|
|
status = tlsHandShake(errMsg, isCancellationRequested);
|
2019-11-20 22:58:08 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2020-03-21 00:57:27 +01:00
|
|
|
status = tlsHandShake(errMsg, isCancellationRequested);
|
2019-11-20 22:58:08 +01:00
|
|
|
}
|
2018-09-27 23:56:48 +02:00
|
|
|
}
|
|
|
|
|
|
2020-01-06 23:45:05 +01:00
|
|
|
if (status != noErr)
|
2018-09-27 23:56:48 +02:00
|
|
|
{
|
|
|
|
|
errMsg = getSSLErrorDescription(status);
|
|
|
|
|
close();
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void SocketAppleSSL::close()
|
|
|
|
|
{
|
|
|
|
|
std::lock_guard<std::mutex> lock(_mutex);
|
|
|
|
|
|
|
|
|
|
if (_sslContext == nullptr) return;
|
|
|
|
|
|
|
|
|
|
SSLClose(_sslContext);
|
|
|
|
|
CFRelease(_sslContext);
|
|
|
|
|
_sslContext = nullptr;
|
|
|
|
|
|
|
|
|
|
Socket::close();
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-06 05:53:50 +01:00
|
|
|
ssize_t SocketAppleSSL::send(char* buf, size_t nbyte)
|
2018-09-27 23:56:48 +02:00
|
|
|
{
|
2020-01-13 07:30:16 +01:00
|
|
|
OSStatus status = errSSLWouldBlock;
|
|
|
|
|
while (status == errSSLWouldBlock)
|
|
|
|
|
{
|
|
|
|
|
size_t processed = 0;
|
|
|
|
|
std::lock_guard<std::mutex> lock(_mutex);
|
|
|
|
|
status = SSLWrite(_sslContext, buf, nbyte, &processed);
|
2018-09-27 23:56:48 +02:00
|
|
|
|
2020-01-13 07:30:16 +01:00
|
|
|
if (processed > 0) return (ssize_t) processed;
|
2020-01-07 00:19:14 +01:00
|
|
|
|
2020-01-13 07:30:16 +01:00
|
|
|
// The connection was reset, inform the caller that this
|
|
|
|
|
// Socket should close
|
|
|
|
|
if (status == errSSLClosedGraceful || status == errSSLClosedNoNotify ||
|
|
|
|
|
status == errSSLClosedAbort)
|
|
|
|
|
{
|
|
|
|
|
errno = ECONNRESET;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2018-09-27 23:56:48 +02:00
|
|
|
|
2020-01-13 07:30:16 +01:00
|
|
|
if (status == errSSLWouldBlock)
|
|
|
|
|
{
|
|
|
|
|
errno = EWOULDBLOCK;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return -1;
|
2018-09-27 23:56:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// No wait support
|
2019-01-06 05:53:50 +01:00
|
|
|
ssize_t SocketAppleSSL::recv(void* buf, size_t nbyte)
|
2018-09-27 23:56:48 +02:00
|
|
|
{
|
|
|
|
|
OSStatus status = errSSLWouldBlock;
|
2020-01-06 23:45:05 +01:00
|
|
|
while (status == errSSLWouldBlock)
|
2018-09-27 23:56:48 +02:00
|
|
|
{
|
|
|
|
|
size_t processed = 0;
|
|
|
|
|
std::lock_guard<std::mutex> lock(_mutex);
|
|
|
|
|
status = SSLRead(_sslContext, buf, nbyte, &processed);
|
|
|
|
|
|
2019-09-23 19:25:23 +02:00
|
|
|
if (processed > 0) return (ssize_t) processed;
|
2018-09-27 23:56:48 +02:00
|
|
|
|
2019-02-21 03:59:07 +01:00
|
|
|
// The connection was reset, inform the caller that this
|
2018-09-27 23:56:48 +02:00
|
|
|
// Socket should close
|
2019-09-23 19:25:23 +02:00
|
|
|
if (status == errSSLClosedGraceful || status == errSSLClosedNoNotify ||
|
2018-09-27 23:56:48 +02:00
|
|
|
status == errSSLClosedAbort)
|
|
|
|
|
{
|
|
|
|
|
errno = ECONNRESET;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (status == errSSLWouldBlock)
|
|
|
|
|
{
|
|
|
|
|
errno = EWOULDBLOCK;
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-23 19:25:23 +02:00
|
|
|
} // namespace ix
|
2020-04-24 21:47:47 +02:00
|
|
|
|
|
|
|
|
#endif // IXWEBSOCKET_USE_SECURE_TRANSPORT
|
