source-git / libgit2

Clone
Source Code
GIT

Blame src/stransport_stream.c

c8 c8s master
  1.   4a3a0f1451f645a91a30e3d40608660e4b9e1b98
  2.   src
  3.   stransport_stream.c
Blob History Raw
Packit ae9e2a 
/*
Packit ae9e2a 
 * Copyright (C) the libgit2 contributors. All rights reserved.
Packit ae9e2a 
 *
Packit ae9e2a 
 * This file is part of libgit2, distributed under the GNU GPL v2 with
Packit ae9e2a 
 * a Linking Exception. For full terms see the included COPYING file.
Packit ae9e2a 
 */
Packit ae9e2a
Packit ae9e2a 
#ifdef GIT_SECURE_TRANSPORT
Packit ae9e2a
Packit ae9e2a 
#include <CoreFoundation/CoreFoundation.h>
Packit ae9e2a 
#include <Security/SecureTransport.h>
Packit ae9e2a 
#include <Security/SecCertificate.h>
Packit ae9e2a
Packit ae9e2a 
#include "git2/transport.h"
Packit ae9e2a
Packit ae9e2a 
#include "socket_stream.h"
Packit ae9e2a 
#include "curl_stream.h"
Packit ae9e2a
Packit ae9e2a 
static int stransport_error(OSStatus ret)
Packit ae9e2a 
{
Packit ae9e2a 
	CFStringRef message;
Packit ae9e2a
Packit ae9e2a 
	if (ret == noErr || ret == errSSLClosedGraceful) {
Packit ae9e2a 
		giterr_clear();
Packit ae9e2a 
		return 0;
Packit ae9e2a 
	}
Packit ae9e2a
Packit ae9e2a 
#if !TARGET_OS_IPHONE
Packit ae9e2a 
	message = SecCopyErrorMessageString(ret, NULL);
Packit ae9e2a 
	GITERR_CHECK_ALLOC(message);
Packit ae9e2a
Packit ae9e2a 
	giterr_set(GITERR_NET, "SecureTransport error: %s", CFStringGetCStringPtr(message, kCFStringEncodingUTF8));
Packit ae9e2a 
	CFRelease(message);
Packit ae9e2a 
#else
Packit ae9e2a 
    giterr_set(GITERR_NET, "SecureTransport error: OSStatus %d", (unsigned int)ret);
Packit ae9e2a 
    GIT_UNUSED(message);
Packit ae9e2a 
#endif
Packit ae9e2a
Packit ae9e2a 
	return -1;
Packit ae9e2a 
}
Packit ae9e2a
Packit ae9e2a 
typedef struct {
Packit ae9e2a 
	git_stream parent;
Packit ae9e2a 
	git_stream *io;
Packit ae9e2a 
	SSLContextRef ctx;
Packit ae9e2a 
	CFDataRef der_data;
Packit ae9e2a 
	git_cert_x509 cert_info;
Packit ae9e2a 
} stransport_stream;
Packit ae9e2a
Packit ae9e2a 
static int stransport_connect(git_stream *stream)
Packit ae9e2a 
{
Packit ae9e2a 
	stransport_stream *st = (stransport_stream *) stream;
Packit ae9e2a 
	int error;
Packit ae9e2a 
	SecTrustRef trust = NULL;
Packit ae9e2a 
	SecTrustResultType sec_res;
Packit ae9e2a 
	OSStatus ret;
Packit ae9e2a
Packit ae9e2a 
	if ((error = git_stream_connect(st->io)) < 0)
Packit ae9e2a 
		return error;
Packit ae9e2a
Packit ae9e2a 
	ret = SSLHandshake(st->ctx);
Packit ae9e2a 
	if (ret != errSSLServerAuthCompleted) {
Packit ae9e2a 
		giterr_set(GITERR_SSL, "unexpected return value from ssl handshake %d", ret);
Packit ae9e2a 
		return -1;
Packit ae9e2a 
	}
Packit ae9e2a
Packit ae9e2a 
	if ((ret = SSLCopyPeerTrust(st->ctx, &trust)) != noErr)
Packit ae9e2a 
		goto on_error;
Packit ae9e2a
Packit ae9e2a 
	if (!trust)
Packit ae9e2a 
		return GIT_ECERTIFICATE;
Packit ae9e2a
Packit ae9e2a 
	if ((ret = SecTrustEvaluate(trust, &sec_res)) != noErr)
Packit ae9e2a 
		goto on_error;
Packit ae9e2a
Packit ae9e2a 
	CFRelease(trust);
Packit ae9e2a
Packit ae9e2a 
	if (sec_res == kSecTrustResultInvalid || sec_res == kSecTrustResultOtherError) {
Packit ae9e2a 
		giterr_set(GITERR_SSL, "internal security trust error");
Packit ae9e2a 
		return -1;
Packit ae9e2a 
	}
Packit ae9e2a
Packit ae9e2a 
	if (sec_res == kSecTrustResultDeny || sec_res == kSecTrustResultRecoverableTrustFailure ||
Packit ae9e2a 
	    sec_res == kSecTrustResultFatalTrustFailure) {
Packit ae9e2a 
		giterr_set(GITERR_SSL, "untrusted connection error");
Packit ae9e2a 
		return GIT_ECERTIFICATE;
Packit ae9e2a 
	}
Packit ae9e2a
Packit ae9e2a 
	return 0;
Packit ae9e2a
Packit ae9e2a 
on_error:
Packit ae9e2a 
	if (trust)
Packit ae9e2a 
		CFRelease(trust);
Packit ae9e2a
Packit ae9e2a 
	return stransport_error(ret);
Packit ae9e2a 
}
Packit ae9e2a
Packit ae9e2a 
static int stransport_certificate(git_cert **out, git_stream *stream)
Packit ae9e2a 
{
Packit ae9e2a 
	stransport_stream *st = (stransport_stream *) stream;
Packit ae9e2a 
	SecTrustRef trust = NULL;
Packit ae9e2a 
	SecCertificateRef sec_cert;
Packit ae9e2a 
	OSStatus ret;
Packit ae9e2a
Packit ae9e2a 
	if ((ret = SSLCopyPeerTrust(st->ctx, &trust)) != noErr)
Packit ae9e2a 
		return stransport_error(ret);
Packit ae9e2a
Packit ae9e2a 
	sec_cert = SecTrustGetCertificateAtIndex(trust, 0);
Packit ae9e2a 
	st->der_data = SecCertificateCopyData(sec_cert);
Packit ae9e2a 
	CFRelease(trust);
Packit ae9e2a
Packit ae9e2a 
	if (st->der_data == NULL) {
Packit ae9e2a 
		giterr_set(GITERR_SSL, "retrieved invalid certificate data");
Packit ae9e2a 
		return -1;
Packit ae9e2a 
	}
Packit ae9e2a
Packit ae9e2a 
	st->cert_info.parent.cert_type = GIT_CERT_X509;
Packit ae9e2a 
	st->cert_info.data = (void *) CFDataGetBytePtr(st->der_data);
Packit ae9e2a 
	st->cert_info.len = CFDataGetLength(st->der_data);
Packit ae9e2a
Packit ae9e2a 
	*out = (git_cert *)&st->cert_info;
Packit ae9e2a 
	return 0;
Packit ae9e2a 
}
Packit ae9e2a
Packit ae9e2a 
static int stransport_set_proxy(
Packit ae9e2a 
	git_stream *stream,
Packit ae9e2a 
	const git_proxy_options *proxy_opts)
Packit ae9e2a 
{
Packit ae9e2a 
	stransport_stream *st = (stransport_stream *) stream;
Packit ae9e2a
Packit ae9e2a 
	return git_stream_set_proxy(st->io, proxy_opts);
Packit ae9e2a 
}
Packit ae9e2a
Packit ae9e2a 
/*
Packit ae9e2a 
 * Contrary to typical network IO callbacks, Secure Transport write callback is
Packit ae9e2a 
 * expected to write *all* passed data, not just as much as it can, and any
Packit ae9e2a 
 * other case would be considered a failure.
Packit ae9e2a 
 *
Packit ae9e2a 
 * This behavior is actually not specified in the Apple documentation, but is
Packit ae9e2a 
 * required for things to work correctly (and incidentally, that's also how
Packit ae9e2a 
 * Apple implements it in its projects at opensource.apple.com).
Packit ae9e2a 
 *
Packit ae9e2a 
 * Libgit2 streams happen to already have this very behavior so this is just
Packit ae9e2a 
 * passthrough.
Packit ae9e2a 
 */
Packit ae9e2a 
static OSStatus write_cb(SSLConnectionRef conn, const void *data, size_t *len)
Packit ae9e2a 
{
Packit ae9e2a 
	git_stream *io = (git_stream *) conn;
Packit ae9e2a
Packit ae9e2a 
	if (git_stream_write(io, data, *len, 0) < 0) {
Packit ae9e2a 
		return -36; /* "ioErr" from MacErrors.h which is not available on iOS */
Packit ae9e2a 
	}
Packit ae9e2a
Packit ae9e2a 
	return noErr;
Packit ae9e2a 
}
Packit ae9e2a
Packit ae9e2a 
static ssize_t stransport_write(git_stream *stream, const char *data, size_t len, int flags)
Packit ae9e2a 
{
Packit ae9e2a 
	stransport_stream *st = (stransport_stream *) stream;
Packit ae9e2a 
	size_t data_len, processed;
Packit ae9e2a 
	OSStatus ret;
Packit ae9e2a
Packit ae9e2a 
	GIT_UNUSED(flags);
Packit ae9e2a
Packit ae9e2a 
	data_len = len;
Packit ae9e2a 
	if ((ret = SSLWrite(st->ctx, data, data_len, &processed)) != noErr)
Packit ae9e2a 
		return stransport_error(ret);
Packit ae9e2a
Packit ae9e2a 
	return processed;
Packit ae9e2a 
}
Packit ae9e2a
Packit ae9e2a 
/*
Packit ae9e2a 
 * Contrary to typical network IO callbacks, Secure Transport read callback is
Packit ae9e2a 
 * expected to read *exactly* the requested number of bytes, not just as much
Packit ae9e2a 
 * as it can, and any other case would be considered a failure.
Packit ae9e2a 
 *
Packit ae9e2a 
 * This behavior is actually not specified in the Apple documentation, but is
Packit ae9e2a 
 * required for things to work correctly (and incidentally, that's also how
Packit ae9e2a 
 * Apple implements it in its projects at opensource.apple.com).
Packit ae9e2a 
 */
Packit ae9e2a 
static OSStatus read_cb(SSLConnectionRef conn, void *data, size_t *len)
Packit ae9e2a 
{
Packit ae9e2a 
	git_stream *io = (git_stream *) conn;
Packit ae9e2a 
	OSStatus error = noErr;
Packit ae9e2a 
	size_t off = 0;
Packit ae9e2a 
	ssize_t ret;
Packit ae9e2a
Packit ae9e2a 
	do {
Packit ae9e2a 
		ret = git_stream_read(io, data + off, *len - off);
Packit ae9e2a 
		if (ret < 0) {
Packit ae9e2a 
			error = -36; /* "ioErr" from MacErrors.h which is not available on iOS */
Packit ae9e2a 
			break;
Packit ae9e2a 
		}
Packit ae9e2a 
		if (ret == 0) {
Packit ae9e2a 
			error = errSSLClosedGraceful;
Packit ae9e2a 
			break;
Packit ae9e2a 
		}
Packit ae9e2a
Packit ae9e2a 
		off += ret;
Packit ae9e2a 
	} while (off < *len);
Packit ae9e2a
Packit ae9e2a 
	*len = off;
Packit ae9e2a 
	return error;
Packit ae9e2a 
}
Packit ae9e2a
Packit ae9e2a 
static ssize_t stransport_read(git_stream *stream, void *data, size_t len)
Packit ae9e2a 
{
Packit ae9e2a 
	stransport_stream *st = (stransport_stream *) stream;
Packit ae9e2a 
	size_t processed;
Packit ae9e2a 
	OSStatus ret;
Packit ae9e2a
Packit ae9e2a 
	if ((ret = SSLRead(st->ctx, data, len, &processed)) != noErr)
Packit ae9e2a 
		return stransport_error(ret);
Packit ae9e2a
Packit ae9e2a 
	return processed;
Packit ae9e2a 
}
Packit ae9e2a
Packit ae9e2a 
static int stransport_close(git_stream *stream)
Packit ae9e2a 
{
Packit ae9e2a 
	stransport_stream *st = (stransport_stream *) stream;
Packit ae9e2a 
	OSStatus ret;
Packit ae9e2a
Packit ae9e2a 
	ret = SSLClose(st->ctx);
Packit ae9e2a 
	if (ret != noErr && ret != errSSLClosedGraceful)
Packit ae9e2a 
		return stransport_error(ret);
Packit ae9e2a
Packit ae9e2a 
	return git_stream_close(st->io);
Packit ae9e2a 
}
Packit ae9e2a
Packit ae9e2a 
static void stransport_free(git_stream *stream)
Packit ae9e2a 
{
Packit ae9e2a 
	stransport_stream *st = (stransport_stream *) stream;
Packit ae9e2a
Packit ae9e2a 
	git_stream_free(st->io);
Packit ae9e2a 
	CFRelease(st->ctx);
Packit ae9e2a 
	if (st->der_data)
Packit ae9e2a 
		CFRelease(st->der_data);
Packit ae9e2a 
	git__free(st);
Packit ae9e2a 
}
Packit ae9e2a
Packit ae9e2a 
int git_stransport_stream_new(git_stream **out, const char *host, const char *port)
Packit ae9e2a 
{
Packit ae9e2a 
	stransport_stream *st;
Packit ae9e2a 
	int error;
Packit ae9e2a 
	OSStatus ret;
Packit ae9e2a
Packit ae9e2a 
	assert(out && host);
Packit ae9e2a
Packit ae9e2a 
	st = git__calloc(1, sizeof(stransport_stream));
Packit ae9e2a 
	GITERR_CHECK_ALLOC(st);
Packit ae9e2a
Packit ae9e2a 
#ifdef GIT_CURL
Packit ae9e2a 
	error = git_curl_stream_new(&st->io, host, port);
Packit ae9e2a 
#else
Packit ae9e2a 
	error = git_socket_stream_new(&st->io, host, port);
Packit ae9e2a 
#endif
Packit ae9e2a
Packit ae9e2a 
	if (error < 0){
Packit ae9e2a 
		git__free(st);
Packit ae9e2a 
		return error;
Packit ae9e2a 
	}
Packit ae9e2a
Packit ae9e2a 
	st->ctx = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType);
Packit ae9e2a 
	if (!st->ctx) {
Packit ae9e2a 
		giterr_set(GITERR_NET, "failed to create SSL context");
Packit ae9e2a 
		git__free(st);
Packit ae9e2a 
		return -1;
Packit ae9e2a 
	}
Packit ae9e2a
Packit ae9e2a 
	if ((ret = SSLSetIOFuncs(st->ctx, read_cb, write_cb)) != noErr ||
Packit ae9e2a 
	    (ret = SSLSetConnection(st->ctx, st->io)) != noErr ||
Packit ae9e2a 
	    (ret = SSLSetSessionOption(st->ctx, kSSLSessionOptionBreakOnServerAuth, true)) != noErr ||
Packit ae9e2a 
	    (ret = SSLSetProtocolVersionMin(st->ctx, kTLSProtocol1)) != noErr ||
Packit ae9e2a 
	    (ret = SSLSetProtocolVersionMax(st->ctx, kTLSProtocol12)) != noErr ||
Packit ae9e2a 
	    (ret = SSLSetPeerDomainName(st->ctx, host, strlen(host))) != noErr) {
Packit ae9e2a 
		CFRelease(st->ctx);
Packit ae9e2a 
		git__free(st);
Packit ae9e2a 
		return stransport_error(ret);
Packit ae9e2a 
	}
Packit ae9e2a
Packit ae9e2a 
	st->parent.version = GIT_STREAM_VERSION;
Packit ae9e2a 
	st->parent.encrypted = 1;
Packit ae9e2a 
	st->parent.proxy_support = git_stream_supports_proxy(st->io);
Packit ae9e2a 
	st->parent.connect = stransport_connect;
Packit ae9e2a 
	st->parent.certificate = stransport_certificate;
Packit ae9e2a 
	st->parent.set_proxy = stransport_set_proxy;
Packit ae9e2a 
	st->parent.read = stransport_read;
Packit ae9e2a 
	st->parent.write = stransport_write;
Packit ae9e2a 
	st->parent.close = stransport_close;
Packit ae9e2a 
	st->parent.free = stransport_free;
Packit ae9e2a
Packit ae9e2a 
	*out = (git_stream *) st;
Packit ae9e2a 
	return 0;
Packit ae9e2a 
}
Packit ae9e2a
Packit ae9e2a 
#endif

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation