Football transport implementations for Secure Transport (OS X). More...

#include <config.h>
#include <assert.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <stdlib.h>
#include "fb_public.h"
#include "fb_transport.h"
#include "fb_service.h"
#include <CoreFoundation/CoreFoundation.h>
#include <Security/SecCertificate.h>
#include <Security/SecIdentity.h>
#include <Security/SecureTransport.h>

Include dependency graph for fb_transport_osx.c:

Macros
#define	SSLHasClosed(status) (((status) == errSSLClosedAbort \|\| (status) == errSSLClosedGraceful \|\| (status) == errSSLClosedNoNotify))

Functions
static int	decodeblock (char in, unsigned char out)
	Decode 4 bytes of base-64 encoded data into 3 bytes of binary data. More...

char *	fb_base64_decode (const char data, const char end_data, int *length)
	Decode some base-64 encoded data. More...

char *	load_pem_thing (const char filename, const char object_type, int *length)
	Extract a base 64 encoded, delimited data block from a PEM formatted file. More...

bool	fb_securetransport_configure (const FB_TLS_CONFIG_FILENAMES *paths)

static OSStatus	fb_SSLReadFunc (SSLConnectionRef connection, void data, size_t dataLength)

OSStatus	fb_SSLWriteFunc (SSLConnectionRef connection, const void data, size_t dataLength)

bool	fb_securetransport_init (FB_CONNECTION *connection)

ssize_t	fb_securetransport_handshake (struct fb_connection_t *connection)
	Perform TLS handshaking on a new connection. Return incomplete, failure, or 0. More...

ssize_t	fb_securetransport_buffering (struct fb_connection_t *connection)
	Query number of bytes in TLS buffers. More...

ssize_t	fb_securetransport_read (struct fb_connection_t connection, char data, ssize_t byte_count)

ssize_t	fb_securetransport_write (struct fb_connection_t connection, const char data, ssize_t byte_count)

void	fb_securetransport_done (FB_CONNECTION *connection)

void	fb_securetransport_cleanup ()

Variables
static bool	fb_tls_initialized
	Procedure for creating a certificate and key for a Mac. More...

CFArrayRef	cert_array

const FB_TRANSPORT_FUNCS	fb_transport_encrypted

Detailed Description

Football transport implementations for Secure Transport (OS X).

Football socket abstraction layer
Author
Perette Barella

Date
2016-03-11

Copyright
Copyright 2016-2017 Devious Fish. All rights reserved.

Macro Definition Documentation

◆ SSLHasClosed

#define SSLHasClosed ( status ) (((status) == errSSLClosedAbort || (status) == errSSLClosedGraceful || (status) == errSSLClosedNoNotify))

Function Documentation

◆ decodeblock()

static int decodeblock	(	char *	in,
		unsigned char *	out
	)

static

Decode 4 bytes of base-64 encoded data into 3 bytes of binary data.

Parameters

in	Four characters.
out	1-3 bytes of decoded data.

Returns: 0 on failure, or number of binary bytes produced.

Here is the caller graph for this function:

◆ fb_base64_decode()

char* fb_base64_decode	(	const char *	data,
		const char *	end_data,
		int *	length
	)

Decode some base-64 encoded data.

Parameters

data	The start of the data. Whitespace in data is ignored.
end_data	The end of the data.
length	The length of the decoded binary data.

Returns: A pointer to malloc'ed data blocked, or nullptr on error.

Warning: The returned data block must be freed.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ fb_securetransport_buffering()

ssize_t fb_securetransport_buffering ( struct fb_connection_t * connection )

Query number of bytes in TLS buffers.

◆ fb_securetransport_cleanup()

void fb_securetransport_cleanup ( )

◆ fb_securetransport_configure()

bool fb_securetransport_configure ( const FB_TLS_CONFIG_FILENAMES * paths )

Initialize state, load certificates and keys.

Here is the call graph for this function:

◆ fb_securetransport_done()

void fb_securetransport_done ( FB_CONNECTION * connection )

◆ fb_securetransport_handshake()

ssize_t fb_securetransport_handshake ( struct fb_connection_t * connection )

Perform TLS handshaking on a new connection. Return incomplete, failure, or 0.

◆ fb_securetransport_init()

bool fb_securetransport_init ( FB_CONNECTION * connection )

Initialize the TLS stuff for a new connection.

Parameters

connection The connection to initialize.

Returns: true on success, false on error.

Here is the call graph for this function:

◆ fb_securetransport_read()

ssize_t fb_securetransport_read	(	struct fb_connection_t *	connection,
		char *	data,
		ssize_t	byte_count
	)

Read data from a TLS connection using OpenSSL.

◆ fb_securetransport_write()

ssize_t fb_securetransport_write	(	struct fb_connection_t *	connection,
		const char *	data,
		ssize_t	byte_count
	)

Write data to a TLS connection using OpenSSL.

◆ fb_SSLReadFunc()

static OSStatus fb_SSLReadFunc	(	SSLConnectionRef	connection,
		void *	data,
		size_t *	dataLength
	)

static

Read callback function conforming to SecureTransport requirements.

Here is the caller graph for this function:

◆ fb_SSLWriteFunc()

OSStatus fb_SSLWriteFunc	(	SSLConnectionRef	connection,
		const void *	data,
		size_t *	dataLength
	)

Write callback function conforming to SecureTransport requirements.

Here is the caller graph for this function:

◆ load_pem_thing()

char* load_pem_thing	(	const char *	filename,
		const char *	object_type,
		int *	length
	)

Extract a base 64 encoded, delimited data block from a PEM formatted file.

Parameters

filename	The file.
object_type	The type of block to extract.
length	The length of the resulting data block.

Returns: A pointer to the extracted data blocked, or nullptr on error.

Warning: The returned data block must be freed.

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

◆ cert_array

CFArrayRef cert_array

◆ fb_tls_initialized

bool fb_tls_initialized

static

Procedure for creating a certificate and key for a Mac.

This is based on OS X 10.9 Mavericks.

Open KeyChain Access. Use "KeyChain Access -> Certificate Assistant -> Create a Certificate Authority..." to create a self-signed root CA. Use "KeyChain Access -> Certificate Assistant -> Create a Certificate..." to create a leaf for SSL server use. Select the CA you previously created as the issuing authority.

Note: The certificates are good for a year by default. If you enable custom options, you can adjust the longevity, but then there are a lot of other questions.

Select the leaf/SSL server certificate you just made, and "File -> Export Items..." Save the file in your home directory as Certificates.cer using Certificate file format.

On the command line: openssl x509 -inform der -in ~/Certificates.cer -out ~/.config/pianod2/x509-server.pem

Start pianod. On the command line again: openssl s_client -host localhost -port 4447

An authorization dialog should pop up asking if pianod is allowed to access your keychain item. Select "Allow Always".

◆ fb_transport_encrypted

const FB_TRANSPORT_FUNCS fb_transport_encrypted

Initial value:

= {
    .configure = fb_securetransport_configure,
    .cleanup = fb_securetransport_cleanup,
    .init = fb_securetransport_init,
    .handshake = fb_securetransport_handshake,
    .buffering = fb_securetransport_buffering,
    .read = fb_securetransport_read,
    .write = fb_securetransport_write,
    .done = fb_securetransport_done
}

Macros

Functions

Variables

Detailed Description

Macro Definition Documentation

◆ SSLHasClosed

Function Documentation

◆ decodeblock()

◆ fb_base64_decode()

◆ fb_securetransport_buffering()

◆ fb_securetransport_cleanup()

◆ fb_securetransport_configure()

◆ fb_securetransport_done()

◆ fb_securetransport_handshake()

◆ fb_securetransport_init()

◆ fb_securetransport_read()

◆ fb_securetransport_write()

◆ fb_SSLReadFunc()

◆ fb_SSLWriteFunc()

◆ load_pem_thing()

Variable Documentation

◆ cert_array

◆ fb_tls_initialized

◆ fb_transport_encrypted