github/OpenVPNAdapter
4
0
Fork 0
mirror of https://github.com/deneraraujo/OpenVPNAdapter.git synced 2026-04-24 00:00:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

Squashed 'OpenVPN Adapter/Vendors/openvpn/' content from commit da99df6

Browse Source 
git-subtree-dir: OpenVPN Adapter/Vendors/openvpn
git-subtree-split: da99df69492256d7a18bbea303ae98457782a4bf
This commit is contained in:
Sergey Abramchuk
2017-04-09 14:13:07 +03:00
commit f65d76170b
519 changed files with 88163 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
openvpn/applecrypto/cf/cf.hpp
+464
View File
@@ -0,0 +1,464 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
#ifndef OPENVPN_APPLECRYPTO_CF_CF_H
#define OPENVPN_APPLECRYPTO_CF_CF_H
#include <string>
#include <iostream>
#include <sstream>
#include <algorithm>
#include <CoreFoundation/CoreFoundation.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/buffer/buffer.hpp>
// Wrapper classes for Apple Core Foundation objects.
#define OPENVPN_CF_WRAP(cls, castmeth, cftype, idmeth) \
template <> \
struct Type<cftype> \
{ \
static CFTypeRef cast(CFTypeRef obj) \
{ \
if (obj && CFGetTypeID(obj) == idmeth()) \
return obj; \
else \
return nullptr; \
} \
}; \
typedef Wrap<cftype> cls; \
inline cls castmeth(CFTypeRef obj) \
{ \
CFTypeRef o = Type<cftype>::cast(obj); \
if (o) \
return cls(cftype(o), BORROW); \
else \
return cls(); \
}
namespace openvpn {
namespace CF
{
enum Own {
OWN,
BORROW
};
template <typename T> struct Type {};
template <typename T>
class Wrap
{
public:
Wrap() : obj_(nullptr) {}
// Set own=BORROW if we don't currently own the object
explicit Wrap(T obj, const Own own=OWN)
{
if (own == BORROW && obj)
CFRetain(obj);
obj_ = obj;
}
Wrap(const Wrap& other)
{
obj_ = other.obj_;
if (obj_)
CFRetain(obj_);
}
Wrap& operator=(const Wrap& other)
{
if (other.obj_)
CFRetain(other.obj_);
if (obj_)
CFRelease(obj_);
obj_ = other.obj_;
return *this;
}
Wrap(Wrap&& other) noexcept
{
obj_ = other.obj_;
other.obj_ = nullptr;
}
Wrap& operator=(Wrap&& other) noexcept
{
if (obj_)
CFRelease(obj_);
obj_ = other.obj_;
other.obj_ = nullptr;
return *this;
}
void swap(Wrap& other)
{
std::swap(obj_, other.obj_);
}
void reset(T obj=nullptr, const Own own=OWN)
{
if (own == BORROW && obj)
CFRetain(obj);
if (obj_)
CFRelease(obj_);
obj_ = obj;
}
bool defined() const { return obj_ != nullptr; }
T operator()() const { return obj_; }
CFTypeRef generic() const { return (CFTypeRef)obj_; }
static T cast(CFTypeRef obj) { return T(Type<T>::cast(obj)); }
static Wrap from_generic(CFTypeRef obj, const Own own=OWN)
{
return Wrap(cast(obj), own);
}
T release()
{
T ret = obj_;
obj_ = nullptr;
return ret;
}
CFTypeRef generic_release()
{
T ret = obj_;
obj_ = nullptr;
return (CFTypeRef)ret;
}
// Intended for use with Core Foundation methods that require
// a T* for saving a (non-borrowed) return value
T* mod_ref()
{
if (obj_)
{
CFRelease(obj_);
obj_ = nullptr;
}
return &obj_;
}
void show() const
{
if (obj_)
CFShow(obj_);
else
std::cerr << "CF_UNDEFINED" << std::endl;
}
virtual ~Wrap()
{
if (obj_)
CFRelease(obj_);
}
private:
Wrap& operator=(T obj); // prevent use because no way to pass ownership parameter
T obj_;
};
// essentially a vector of void *, used as source for array and dictionary constructors
typedef BufferAllocatedType<CFTypeRef> SrcList;
// common CF types
OPENVPN_CF_WRAP(String, string_cast, CFStringRef, CFStringGetTypeID)
OPENVPN_CF_WRAP(Number, number_cast, CFNumberRef, CFNumberGetTypeID)
OPENVPN_CF_WRAP(Bool, bool_cast, CFBooleanRef, CFBooleanGetTypeID)
OPENVPN_CF_WRAP(Data, data_cast, CFDataRef, CFDataGetTypeID)
OPENVPN_CF_WRAP(Array, array_cast, CFArrayRef, CFArrayGetTypeID)
OPENVPN_CF_WRAP(MutableArray, mutable_array_cast, CFMutableArrayRef, CFArrayGetTypeID)
OPENVPN_CF_WRAP(Dict, dict_cast, CFDictionaryRef, CFDictionaryGetTypeID)
OPENVPN_CF_WRAP(MutableDict, mutable_dict_cast, CFMutableDictionaryRef, CFDictionaryGetTypeID)
OPENVPN_CF_WRAP(Error, error_cast, CFErrorRef, CFErrorGetTypeID);
// generic CFTypeRef wrapper
typedef Wrap<CFTypeRef> Generic;
inline Generic generic_cast(CFTypeRef obj)
{
return Generic(obj, BORROW);
}
// constructors
inline String string(const char *str)
{
return String(CFStringCreateWithCString(kCFAllocatorDefault, str, kCFStringEncodingUTF8));
}
inline String string(CFStringRef str)
{
return String(str, BORROW);
}
inline String string(const String& str)
{
return String(str);
}
inline String string(const std::string& str)
{
return String(CFStringCreateWithCString(kCFAllocatorDefault, str.c_str(), kCFStringEncodingUTF8));
}
inline String string(const std::string* str)
{
return String(CFStringCreateWithCString(kCFAllocatorDefault, str->c_str(), kCFStringEncodingUTF8));
}
inline Number number_from_int(const int n)
{
return Number(CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &n));
}
inline Number number_from_int32(const SInt32 n)
{
return Number(CFNumberCreate(kCFAllocatorDefault, kCFNumberSInt32Type, &n));
}
inline Number number_from_long_long(const long long n)
{
return Number(CFNumberCreate(kCFAllocatorDefault, kCFNumberLongLongType, &n));
}
inline Number number_from_index(const CFIndex n)
{
return Number(CFNumberCreate(kCFAllocatorDefault, kCFNumberCFIndexType, &n));
}
inline Data data(const void *bytes, CFIndex length)
{
return Data(CFDataCreate(kCFAllocatorDefault, (const UInt8 *)bytes, length));
}
inline Array array(const void **values, CFIndex numValues)
{
return Array(CFArrayCreate(kCFAllocatorDefault, values, numValues, &kCFTypeArrayCallBacks));
}
inline Array array(const SrcList& values)
{
return array((const void **)values.c_data(), values.size());
}
inline Dict dict(const void **keys, const void **values, CFIndex numValues)
{
return Dict(CFDictionaryCreate(kCFAllocatorDefault,
keys,
values,
numValues,
&kCFTypeDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks));
}
inline Dict dict(const SrcList& keys, const SrcList& values)
{
return dict((const void **)keys.c_data(), (const void **)values.c_data(), std::min(keys.size(), values.size()));
}
inline Dict const_dict(MutableDict& mdict)
{
return Dict(mdict(), CF::BORROW);
}
inline Array const_array(MutableArray& marray)
{
return Array(marray(), CF::BORROW);
}
inline Dict empty_dict()
{
return Dict(CFDictionaryCreate(kCFAllocatorDefault,
nullptr,
nullptr,
0,
&kCFTypeDictionaryKeyCallBacks,
&kCFTypeDictionaryValueCallBacks));
}
inline MutableArray mutable_array(const CFIndex capacity=0)
{
return MutableArray(CFArrayCreateMutable(kCFAllocatorDefault, capacity, &kCFTypeArrayCallBacks));
}
inline MutableDict mutable_dict(const CFIndex capacity=0)
{
return MutableDict(CFDictionaryCreateMutable(kCFAllocatorDefault, capacity, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks));
}
template <typename DICT>
inline MutableDict mutable_dict_copy(const DICT& dict, const CFIndex capacity=0)
{
if (dict.defined())
return MutableDict(CFDictionaryCreateMutableCopy(kCFAllocatorDefault, capacity, dict()));
else
return mutable_dict(capacity);
}
inline Error error(CFStringRef domain, CFIndex code, CFDictionaryRef userInfo)
{
return Error(CFErrorCreate(kCFAllocatorDefault, domain, code, userInfo));
}
// accessors
template <typename ARRAY>
inline CFIndex array_len(const ARRAY& array)
{
if (array.defined())
return CFArrayGetCount(array());
else
return 0;
}
template <typename DICT>
inline CFIndex dict_len(const DICT& dict)
{
if (dict.defined())
return CFDictionaryGetCount(dict());
else
return 0;
}
template <typename ARRAY>
inline CFTypeRef array_index(const ARRAY& array, const CFIndex idx)
{
if (array.defined() && CFArrayGetCount(array()) > idx)
return CFArrayGetValueAtIndex(array(), idx);
else
return nullptr;
}
template <typename DICT, typename KEY>
inline CFTypeRef dict_index(const DICT& dict, const KEY& key)
{
if (dict.defined())
{
String keystr = string(key);
if (keystr.defined())
return CFDictionaryGetValue(dict(), keystr());
}
return nullptr;
}
// string methods
OPENVPN_SIMPLE_EXCEPTION(cppstring_error);
inline std::string cppstring(CFStringRef str)
{
const CFStringEncoding encoding = kCFStringEncodingUTF8;
if (str)
{
const CFIndex len = CFStringGetLength(str);
if (len > 0)
{
const CFIndex maxsize = CFStringGetMaximumSizeForEncoding(len, encoding);
char *buf = new char[maxsize];
const Boolean status = CFStringGetCString(str, buf, maxsize, encoding);
if (status)
{
std::string ret(buf);
delete [] buf;
return ret;
}
else
{
delete [] buf;
throw cppstring_error();
}
}
}
return "";
}
inline std::string cppstring(const String& str)
{
return cppstring(str());
}
inline std::string description(CFTypeRef obj)
{
if (obj)
{
String s(CFCopyDescription(obj));
return cppstring(s);
}
else
return "UNDEF";
}
// format an array of strings (non-string elements in array are ignored)
template <typename ARRAY>
inline std::string array_to_string(const ARRAY& array, const char delim=',')
{
std::ostringstream os;
const CFIndex len = array_len(array);
if (len)
{
bool sep = false;
for (CFIndex i = 0; i < len; ++i)
{
const String v(string_cast(array_index(array, i)));
if (v.defined())
{
if (sep)
os << delim;
os << cppstring(v);
sep = true;
}
}
}
return os.str();
}
inline bool string_equal(const String& s1, const String& s2, const CFStringCompareFlags compareOptions = 0)
{
return s1.defined() && s2.defined() && CFStringCompare(s1(), s2(), compareOptions) == kCFCompareEqualTo;
}
// property lists
inline Data plist(CFTypeRef obj)
{
return Data(CFPropertyListCreateData(kCFAllocatorDefault,
obj,
kCFPropertyListBinaryFormat_v1_0,
0,
nullptr));
}
} // namespace CF
} // namespace openvpn
#endif // OPENVPN_APPLECRYPTO_CF_CF_H
openvpn/applecrypto/cf/cfhelper.hpp
+247
View File
@@ -0,0 +1,247 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
#ifndef OPENVPN_APPLECRYPTO_CF_CFHELPER_H
#define OPENVPN_APPLECRYPTO_CF_CFHELPER_H
#include <openvpn/applecrypto/cf/cf.hpp>
// These methods build on the Wrapper classes for Apple Core Foundation objects
// defined in cf.hpp. They add additional convenience methods, such as dictionary
// lookup.
namespace openvpn {
namespace CF {
inline CFTypeRef mutable_dict_new()
{
return CFDictionaryCreateMutable(kCFAllocatorDefault, 0, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
}
inline CFTypeRef mutable_array_new()
{
return CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
}
// Lookup or create (if absent) an item in a mutable dictionary.
// Return the item, which will be owned by base.
template <typename KEY>
inline CFTypeRef dict_get_create(CFMutableDictionaryRef base,
const KEY& key,
CFTypeRef (*create_method)())
{
if (base)
{
String keystr = string(key);
CFTypeRef ret = CFDictionaryGetValue(base, keystr()); // try lookup first
if (!ret)
{
// doesn't exist, must create
ret = (*create_method)();
CFDictionaryAddValue(base, keystr(), ret);
CFRelease(ret); // because ret is now owned by base
}
return ret;
}
return nullptr;
}
// lookup a dict in another dict (base) and return or create if absent
template <typename KEY>
inline MutableDict dict_get_create_dict(MutableDict& base, const KEY& key)
{
String keystr = string(key);
return mutable_dict_cast(dict_get_create(base(), keystr(), mutable_dict_new));
}
// lookup an array in a dict (base) and return or create if absent
template <typename KEY>
inline MutableArray dict_get_create_array(MutableDict& base, const KEY& key)
{
String keystr = string(key);
return mutable_array_cast(dict_get_create(base(), keystr(), mutable_array_new));
}
// lookup an object in a dictionary (DICT should be a Dict or a MutableDict)
template <typename DICT, typename KEY>
inline CFTypeRef dict_get_obj(const DICT& dict, const KEY& key)
{
return dict_index(dict, key);
}
// lookup a string in a dictionary (DICT should be a Dict or a MutableDict)
template <typename DICT, typename KEY>
inline std::string dict_get_str(const DICT& dict, const KEY& key)
{
return cppstring(string_cast(dict_index(dict, key)));
}
// lookup a string in a dictionary (DICT should be a Dict or a MutableDict)
template <typename DICT, typename KEY>
inline std::string dict_get_str(const DICT& dict, const KEY& key, const std::string& default_value)
{
String str(string_cast(dict_index(dict, key)));
if (str.defined())
return cppstring(str());
else
return default_value;
}
// lookup an integer in a dictionary (DICT should be a Dict or a MutableDict)
template <typename DICT, typename KEY>
inline int dict_get_int(const DICT& dict, const KEY& key, const int default_value)
{
int ret;
Number num = number_cast(dict_index(dict, key));
if (num.defined() && CFNumberGetValue(num(), kCFNumberIntType, &ret))
return ret;
else
return default_value;
}
// lookup a boolean in a dictionary (DICT should be a Dict or a MutableDict)
template <typename DICT, typename KEY>
inline bool dict_get_bool(const DICT& dict, const KEY& key, const bool default_value)
{
Bool b = bool_cast(dict_index(dict, key));
if (b.defined())
{
if (b() == kCFBooleanTrue)
return true;
else if (b() == kCFBooleanFalse)
return false;
}
return default_value;
}
// like CFDictionarySetValue, but no-op if any args are NULL
inline void dictionarySetValue(CFMutableDictionaryRef theDict, const void *key, const void *value)
{
if (theDict && key && value)
CFDictionarySetValue(theDict, key, value);
}
// like CFArrayAppendValue, but no-op if any args are NULL
inline void arrayAppendValue(CFMutableArrayRef theArray, const void *value)
{
if (theArray && value)
CFArrayAppendValue(theArray, value);
}
// set a CFTypeRef in a mutable dictionary
template <typename KEY>
inline void dict_set_obj(MutableDict& dict, const KEY& key, CFTypeRef value)
{
String keystr = string(key);
dictionarySetValue(dict(), keystr(), value);
}
// set a string in a mutable dictionary
template <typename KEY, typename VALUE>
inline void dict_set_str(MutableDict& dict, const KEY& key, const VALUE& value)
{
String keystr = string(key);
String valstr = string(value);
dictionarySetValue(dict(), keystr(), valstr());
}
// set a number in a mutable dictionary
template <typename KEY>
inline void dict_set_int(MutableDict& dict, const KEY& key, int value)
{
String keystr = string(key);
Number num = number_from_int(value);
dictionarySetValue(dict(), keystr(), num());
}
template <typename KEY>
inline void dict_set_int32(MutableDict& dict, const KEY& key, SInt32 value)
{
String keystr = string(key);
Number num = number_from_int32(value);
dictionarySetValue(dict(), keystr(), num());
}
template <typename KEY>
inline void dict_set_long_long(MutableDict& dict, const KEY& key, long long value)
{
String keystr = string(key);
Number num = number_from_long_long(value);
dictionarySetValue(dict(), keystr(), num());
}
template <typename KEY>
inline void dict_set_index(MutableDict& dict, const KEY& key, CFIndex value)
{
String keystr = string(key);
Number num = number_from_index(value);
dictionarySetValue((CFMutableDictionaryRef)dict(), keystr(), num());
}
// set a boolean in a mutable dictionary
template <typename KEY>
inline void dict_set_bool(MutableDict& dict, const KEY& key, bool value)
{
String keystr = string(key);
CFBooleanRef boolref = value ? kCFBooleanTrue : kCFBooleanFalse;
dictionarySetValue(dict(), keystr(), boolref);
}
// append string to a mutable array
template <typename VALUE>
inline void array_append_str(MutableArray& array, const VALUE& value)
{
String valstr = string(value);
arrayAppendValue(array(), valstr());
}
// append a number to a mutable array
inline void array_append_int(MutableArray& array, int value)
{
Number num = number_from_int(value);
arrayAppendValue(array(), num());
}
inline void array_append_int32(MutableArray& array, SInt32 value)
{
Number num = number_from_int32(value);
arrayAppendValue(array(), num());
}
inline void array_append_long_long(MutableArray& array, long long value)
{
Number num = number_from_long_long(value);
arrayAppendValue(array(), num());
}
inline void array_append_index(MutableArray& array, CFIndex value)
{
Number num = number_from_index(value);
arrayAppendValue(array(), num());
}
}
}
#endif
openvpn/applecrypto/cf/cfsec.hpp
+58
View File
@@ -0,0 +1,58 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
#ifndef OPENVPN_APPLECRYPTO_CF_CFSEC_H
#define OPENVPN_APPLECRYPTO_CF_CFSEC_H
#include <openvpn/common/platform.hpp>
#include <Security/SecCertificate.h>
#include <Security/SecIdentity.h>
#include <Security/SecPolicy.h>
#include <Security/SecTrust.h>
#ifndef OPENVPN_PLATFORM_IPHONE
#include <Security/SecKeychain.h>
#include <Security/SecAccess.h>
#endif
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/applecrypto/cf/cf.hpp>
// Define C++ wrappings for Apple security-related objects.
namespace openvpn {
namespace CF {
OPENVPN_CF_WRAP(Cert, cert_cast, SecCertificateRef, SecCertificateGetTypeID)
OPENVPN_CF_WRAP(Key, key_cast, SecKeyRef, SecKeyGetTypeID)
OPENVPN_CF_WRAP(Identity, identity_cast, SecIdentityRef, SecIdentityGetTypeID)
OPENVPN_CF_WRAP(Policy, policy_cast, SecPolicyRef, SecPolicyGetTypeID)
OPENVPN_CF_WRAP(Trust, trust_cast, SecTrustRef, SecTrustGetTypeID)
#ifndef OPENVPN_PLATFORM_IPHONE
OPENVPN_CF_WRAP(Keychain, keychain_cast, SecKeychainRef, SecKeychainGetTypeID)
OPENVPN_CF_WRAP(Access, access_cast, SecAccessRef, SecAccessGetTypeID)
#endif
} // namespace CF
} // namespace openvpn
#endif // OPENVPN_APPLECRYPTO_CF_CFSEC_H
openvpn/applecrypto/cf/cftimer.hpp
+33
View File
@@ -0,0 +1,33 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
#ifndef OPENVPN_APPLECRYPTO_CF_CFTIMER_H
#define OPENVPN_APPLECRYPTO_CF_CFTIMER_H
#include <openvpn/applecrypto/cf/cf.hpp>
namespace openvpn {
namespace CF {
OPENVPN_CF_WRAP(Timer, timer_cast, CFRunLoopTimerRef, CFRunLoopTimerGetTypeID)
}
}
#endif
openvpn/applecrypto/cf/error.hpp
+67
View File
@@ -0,0 +1,67 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
#ifndef OPENVPN_APPLECRYPTO_CF_ERROR_H
#define OPENVPN_APPLECRYPTO_CF_ERROR_H
#include <string>
#include <CoreFoundation/CFBase.h>
#include <openvpn/common/exception.hpp>
// An exception object that encapsulates Apple Core Foundation errors.
namespace openvpn {
// string exception class
class CFException : public std::exception
{
public:
CFException(const std::string& text)
{
errtxt = text;
}
CFException(const std::string& text, const OSStatus status)
{
set_errtxt(text, status);
}
virtual const char* what() const throw() { return errtxt.c_str(); }
std::string what_str() const { return errtxt; }
virtual ~CFException() throw() {}
private:
void set_errtxt(const std::string& text, const OSStatus status)
{
std::ostringstream s;
s << text << ": OSX Error code=" << status;
errtxt = s.str();
}
std::string errtxt;
};
} // namespace openvpn
#endif // OPENVPN_APPLECRYPTO_CF_ERROR_H
openvpn/applecrypto/crypto/api.hpp
+46
View File
@@ -0,0 +1,46 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
#ifndef OPENVPN_APPLECRYPTO_CRYPTO_API_H
#define OPENVPN_APPLECRYPTO_CRYPTO_API_H
#include <openvpn/applecrypto/crypto/cipher.hpp>
#include <openvpn/applecrypto/crypto/ciphergcm.hpp>
#include <openvpn/applecrypto/crypto/digest.hpp>
#include <openvpn/applecrypto/crypto/hmac.hpp>
namespace openvpn {
// type container for Apple Crypto-level API
struct AppleCryptoAPI {
// cipher
typedef AppleCrypto::CipherContext CipherContext;
typedef AppleCrypto::CipherContextGCM CipherContextGCM;
// digest
typedef AppleCrypto::DigestContext DigestContext;
// HMAC
typedef AppleCrypto::HMACContext HMACContext;
};
}
#endif
openvpn/applecrypto/crypto/cipher.hpp
+200
View File
@@ -0,0 +1,200 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap the Apple cipher API defined in <CommonCrypto/CommonCryptor.h> so
// that it can be used as part of the crypto layer of the OpenVPN core.
#ifndef OPENVPN_APPLECRYPTO_CRYPTO_CIPHER_H
#define OPENVPN_APPLECRYPTO_CRYPTO_CIPHER_H
#include <string>
#include <cstring>
#include <CommonCrypto/CommonCryptor.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/platform.hpp>
#include <openvpn/common/string.hpp>
#include <openvpn/crypto/static_key.hpp>
#include <openvpn/crypto/cryptoalgs.hpp>
#include <openvpn/applecrypto/cf/error.hpp>
namespace openvpn {
namespace AppleCrypto {
class CipherContext
{
CipherContext(const CipherContext&) = delete;
CipherContext& operator=(const CipherContext&) = delete;
public:
OPENVPN_SIMPLE_EXCEPTION(apple_cipher_mode_error);
OPENVPN_SIMPLE_EXCEPTION(apple_cipher_uninitialized);
OPENVPN_EXCEPTION(apple_cipher_error);
// mode parameter for constructor
enum {
MODE_UNDEF = -1,
ENCRYPT = kCCEncrypt,
DECRYPT = kCCDecrypt
};
enum {
MAX_IV_LENGTH = 16,
CIPH_CBC_MODE = 0
};
CipherContext()
: cinfo(nullptr), cref(nullptr)
{
}
~CipherContext() { erase() ; }
void init(const CryptoAlgs::Type alg, const unsigned char *key, const int mode)
{
erase();
// check that mode is valid
if (!(mode == ENCRYPT || mode == DECRYPT))
throw apple_cipher_mode_error();
// initialize cipher context with cipher type
const CCCryptorStatus status = CCCryptorCreate(mode,
cipher_type(alg),
kCCOptionPKCS7Padding,
key,
CryptoAlgs::key_length(alg),
nullptr,
&cref);
if (status != kCCSuccess)
throw CFException("CipherContext: CCCryptorCreate", status);
cinfo = CryptoAlgs::get_ptr(alg);
}
void reset(const unsigned char *iv)
{
check_initialized();
const CCCryptorStatus status = CCCryptorReset(cref, iv);
if (status != kCCSuccess)
throw CFException("CipherContext: CCCryptorReset", status);
}
bool update(unsigned char *out, const size_t max_out_size,
const unsigned char *in, const size_t in_size,
size_t& out_acc)
{
check_initialized();
size_t dataOutMoved;
const CCCryptorStatus status = CCCryptorUpdate(cref, in, in_size, out, max_out_size, &dataOutMoved);
if (status == kCCSuccess)
{
out_acc += dataOutMoved;
return true;
}
else
return false;
}
bool final(unsigned char *out, const size_t max_out_size, size_t& out_acc)
{
check_initialized();
size_t dataOutMoved;
const CCCryptorStatus status = CCCryptorFinal(cref, out, max_out_size, &dataOutMoved);
if (status == kCCSuccess)
{
out_acc += dataOutMoved;
return true;
}
else
return false;
}
bool is_initialized() const { return cinfo != nullptr; }
size_t iv_length() const
{
check_initialized();
return cinfo->iv_length();
}
size_t block_size() const
{
check_initialized();
return cinfo->block_size();
}
// return cipher mode (such as CIPH_CBC_MODE, etc.)
int cipher_mode() const
{
check_initialized();
return CIPH_CBC_MODE;
}
private:
static CCAlgorithm cipher_type(const CryptoAlgs::Type alg)
{
switch (alg)
{
case CryptoAlgs::AES_128_CBC:
case CryptoAlgs::AES_192_CBC:
case CryptoAlgs::AES_256_CBC:
return kCCAlgorithmAES128;
case CryptoAlgs::DES_CBC:
return kCCAlgorithmDES;
case CryptoAlgs::DES_EDE3_CBC:
return kCCAlgorithm3DES;
#ifdef OPENVPN_PLATFORM_IPHONE
case CryptoAlgs::BF_CBC:
return kCCAlgorithmBlowfish;
#endif
default:
OPENVPN_THROW(apple_cipher_error, CryptoAlgs::name(alg) << ": not usable");
}
}
void erase()
{
if (cinfo)
{
if (cref)
CCCryptorRelease(cref);
cref = nullptr;
cinfo = nullptr;
}
}
void check_initialized() const
{
#ifdef OPENVPN_ENABLE_ASSERT
if (!cinfo)
throw apple_cipher_uninitialized();
#endif
}
const CryptoAlgs::Alg* cinfo;
CCCryptorRef cref;
};
}
}
#endif
openvpn/applecrypto/crypto/digest.hpp
+255
View File
@@ -0,0 +1,255 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap the Apple digest API defined in <CommonCrypto/CommonDigest.h>
// so that it can be used as part of the crypto layer of the OpenVPN core.
#ifndef OPENVPN_APPLECRYPTO_CRYPTO_DIGEST_H
#define OPENVPN_APPLECRYPTO_CRYPTO_DIGEST_H
#include <string>
#include <CommonCrypto/CommonDigest.h>
#include <CommonCrypto/CommonHMAC.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/string.hpp>
#include <openvpn/crypto/cryptoalgs.hpp>
#include <openvpn/applecrypto/cf/error.hpp>
#define OPENVPN_DIGEST_CONTEXT(TYPE) CC_##TYPE##_CTX TYPE##_ctx
#define OPENVPN_DIGEST_ALG_CLASS(TYPE) \
class DigestAlgorithm##TYPE : public DigestAlgorithm \
{ \
public: \
DigestAlgorithm##TYPE() {} \
virtual int init(DigestCTX& ctx) const \
{ \
return CC_##TYPE##_Init(&ctx.u.TYPE##_ctx); \
} \
virtual int update(DigestCTX& ctx, const unsigned char *data, size_t size) const \
{ \
return CC_##TYPE##_Update(&ctx.u.TYPE##_ctx, data, size); \
} \
virtual int final(DigestCTX& ctx, unsigned char *md) const \
{ \
return CC_##TYPE##_Final(md, &ctx.u.TYPE##_ctx); \
} \
}
#define OPENVPN_DIGEST_ALG_DECLARE(TYPE) const DigestAlgorithm##TYPE alg_##TYPE;
#define OPENVPN_DIGEST_INFO_DECLARE(TYPE) const DigestInfo info_##TYPE(CryptoAlgs::TYPE, &alg_##TYPE, kCCHmacAlg##TYPE)
#define OPENVPN_DIGEST_INFO_DECLARE_NO_HMAC(TYPE) const DigestInfo info_##TYPE(CryptoAlgs::TYPE, &alg_##TYPE, DigestInfo::NO_HMAC_ALG)
namespace openvpn {
namespace AppleCrypto {
typedef CC_SHA256_CTX CC_SHA224_CTX;
typedef CC_SHA512_CTX CC_SHA384_CTX;
struct DigestCTX {
union {
OPENVPN_DIGEST_CONTEXT(MD4);
OPENVPN_DIGEST_CONTEXT(MD5);
OPENVPN_DIGEST_CONTEXT(SHA1);
OPENVPN_DIGEST_CONTEXT(SHA224);
OPENVPN_DIGEST_CONTEXT(SHA256);
OPENVPN_DIGEST_CONTEXT(SHA384);
OPENVPN_DIGEST_CONTEXT(SHA512);
} u;
};
struct DigestAlgorithm {
virtual int init(DigestCTX& ctx) const = 0;
virtual int update(DigestCTX& ctx, const unsigned char *data, size_t size) const = 0;
virtual int final(DigestCTX& ctx, unsigned char *md) const = 0;
};
// individual digest algorithm classes (each inherits from DigestAlgorithm)
OPENVPN_DIGEST_ALG_CLASS(MD4);
OPENVPN_DIGEST_ALG_CLASS(MD5);
OPENVPN_DIGEST_ALG_CLASS(SHA1);
OPENVPN_DIGEST_ALG_CLASS(SHA224);
OPENVPN_DIGEST_ALG_CLASS(SHA256);
OPENVPN_DIGEST_ALG_CLASS(SHA384);
OPENVPN_DIGEST_ALG_CLASS(SHA512);
class DigestInfo
{
public:
enum {
NO_HMAC_ALG = -1
};
DigestInfo(CryptoAlgs::Type type,
const DigestAlgorithm* digest_alg,
const CCHmacAlgorithm hmac_alg)
: type_(type),
digest_alg_(digest_alg),
hmac_alg_(hmac_alg) {}
CryptoAlgs::Type type() const { return type_; }
const char *name() const { return CryptoAlgs::name(type_); }
size_t size() const { return CryptoAlgs::size(type_); }
const DigestAlgorithm* digest_alg() const { return digest_alg_; }
CCHmacAlgorithm hmac_alg() const { return hmac_alg_; }
private:
CryptoAlgs::Type type_;
const DigestAlgorithm* digest_alg_;
CCHmacAlgorithm hmac_alg_;
};
// instantiate individual digest algorithm class instances (each inherits from DigestAlgorithm),
// naming convention is alg_TYPE
OPENVPN_DIGEST_ALG_DECLARE(MD4);
OPENVPN_DIGEST_ALG_DECLARE(MD5);
OPENVPN_DIGEST_ALG_DECLARE(SHA1);
OPENVPN_DIGEST_ALG_DECLARE(SHA224);
OPENVPN_DIGEST_ALG_DECLARE(SHA256);
OPENVPN_DIGEST_ALG_DECLARE(SHA384);
OPENVPN_DIGEST_ALG_DECLARE(SHA512);
// instantiate individual digest info class instances (each is a DigestInfo),
// naming convention is info_TYPE
OPENVPN_DIGEST_INFO_DECLARE_NO_HMAC(MD4);
OPENVPN_DIGEST_INFO_DECLARE(MD5);
OPENVPN_DIGEST_INFO_DECLARE(SHA1);
OPENVPN_DIGEST_INFO_DECLARE(SHA224);
OPENVPN_DIGEST_INFO_DECLARE(SHA256);
OPENVPN_DIGEST_INFO_DECLARE(SHA384);
OPENVPN_DIGEST_INFO_DECLARE(SHA512);
class HMACContext;
class DigestContext
{
DigestContext(const DigestContext&) = delete;
DigestContext& operator=(const DigestContext&) = delete;
public:
friend class HMACContext;
OPENVPN_SIMPLE_EXCEPTION(apple_digest_uninitialized);
OPENVPN_SIMPLE_EXCEPTION(apple_digest_final_overflow);
OPENVPN_EXCEPTION(apple_digest_error);
enum {
MAX_DIGEST_SIZE = CC_SHA512_DIGEST_LENGTH // largest known is SHA512
};
DigestContext()
{
clear();
}
DigestContext(const CryptoAlgs::Type alg)
{
init(alg);
}
void init(const CryptoAlgs::Type alg)
{
clear();
info = digest_type(alg);
meth = info->digest_alg();
if (meth->init(ctx) != 1)
throw apple_digest_error("init");
initialized = true;
}
void update(const unsigned char *in, const size_t size)
{
check_initialized();
if (meth->update(ctx, in, size) != 1)
throw apple_digest_error("update");
}
size_t final(unsigned char *out)
{
check_initialized();
if (meth->final(ctx, out) != 1)
throw apple_digest_error("final");
return info->size();
}
size_t size() const
{
check_initialized();
return info->size();
}
bool is_initialized() const { return initialized; }
private:
static const DigestInfo *digest_type(const CryptoAlgs::Type alg)
{
switch (alg)
{
case CryptoAlgs::MD4:
return &info_MD4;
case CryptoAlgs::MD5:
return &info_MD5;
case CryptoAlgs::SHA1:
return &info_SHA1;
case CryptoAlgs::SHA224:
return &info_SHA224;
case CryptoAlgs::SHA256:
return &info_SHA256;
case CryptoAlgs::SHA384:
return &info_SHA384;
case CryptoAlgs::SHA512:
return &info_SHA512;
default:
OPENVPN_THROW(apple_digest_error, CryptoAlgs::name(alg) << ": not usable");
}
}
void clear()
{
initialized = false;
}
void check_initialized() const
{
#ifdef OPENVPN_ENABLE_ASSERT
if (!initialized)
throw apple_digest_uninitialized();
#endif
}
bool initialized;
const DigestInfo *info;
const DigestAlgorithm *meth;
DigestCTX ctx;
};
}
}
#undef OPENVPN_DIGEST_CONTEXT
#undef OPENVPN_DIGEST_ALG_CLASS
#undef OPENVPN_DIGEST_ALG_DECLARE
#undef OPENVPN_DIGEST_INFO_DECLARE
#endif
openvpn/applecrypto/crypto/hmac.hpp
+145
View File
@@ -0,0 +1,145 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
#ifndef OPENVPN_APPLECRYPTO_CRYPTO_HMAC_H
#define OPENVPN_APPLECRYPTO_CRYPTO_HMAC_H
// Wrap the Apple HMAC API defined in <CommonCrypto/CommonHMAC.h> so that
// it can be used as part of the crypto layer of the OpenVPN core.
#include <string>
#include <cstring>
#include <CommonCrypto/CommonHMAC.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/applecrypto/crypto/digest.hpp>
namespace openvpn {
namespace AppleCrypto {
class HMACContext
{
HMACContext(const HMACContext&) = delete;
HMACContext& operator=(const HMACContext&) = delete;
public:
OPENVPN_EXCEPTION(digest_cannot_be_used_with_hmac);
OPENVPN_SIMPLE_EXCEPTION(hmac_uninitialized);
OPENVPN_SIMPLE_EXCEPTION(hmac_keysize_error);
enum {
MAX_HMAC_SIZE = DigestContext::MAX_DIGEST_SIZE,
MAX_HMAC_KEY_SIZE = 128,
};
HMACContext()
{
state = PRE;
}
HMACContext(const CryptoAlgs::Type digest, const unsigned char *key, const size_t key_size)
{
init(digest, key, key_size);
}
~HMACContext()
{
}
void init(const CryptoAlgs::Type digest, const unsigned char *key, const size_t key_size)
{
state = PRE;
info = DigestContext::digest_type(digest);
digest_size_ = CryptoAlgs::size(digest);
hmac_alg = info->hmac_alg();
if (hmac_alg == DigestInfo::NO_HMAC_ALG)
throw digest_cannot_be_used_with_hmac(info->name());
if (key_size > MAX_HMAC_KEY_SIZE)
throw hmac_keysize_error();
std::memcpy(key_, key, key_size_ = key_size);
state = PARTIAL;
}
void reset() // Apple HMAC API is missing reset method, so we have to reinit
{
cond_reset(true);
}
void update(const unsigned char *in, const size_t size)
{
cond_reset(false);
CCHmacUpdate(&ctx, in, size);
}
size_t final(unsigned char *out)
{
cond_reset(false);
CCHmacFinal(&ctx, out);
return digest_size_;
}
size_t size() const
{
if (!is_initialized())
throw hmac_uninitialized();
return digest_size_;
}
bool is_initialized() const
{
return state >= PARTIAL;
}
private:
void cond_reset(const bool force_init)
{
switch (state)
{
case PRE:
throw hmac_uninitialized();
case READY:
if (!force_init)
return;
case PARTIAL:
CCHmacInit(&ctx, hmac_alg, key_, key_size_);
state = READY;
}
}
enum State {
PRE=0,
PARTIAL,
READY
};
int state;
const DigestInfo *info;
CCHmacAlgorithm hmac_alg;
size_t key_size_;
size_t digest_size_;
unsigned char key_[MAX_HMAC_KEY_SIZE];
CCHmacContext ctx;
};
}
}
#endif
openvpn/applecrypto/ssl/sslctx.hpp
+493
View File
@@ -0,0 +1,493 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap the Apple SSL API as defined in <Security/SecureTransport.h>
// so that it can be used as the SSL layer by the OpenVPN core.
// NOTE: not used in production code.
// Note that the Apple SSL API is missing some functionality (as of
// Mac OS X 10.8) that makes it difficult to use as a drop in replacement
// for OpenSSL or MbedTLS. The biggest issue is that the API doesn't
// allow an SSL context to be built out of PEM-based certificates and
// keys. It requires an "Identity" in the Keychain that was imported
// by the user as a PKCS#12 file.
#ifndef OPENVPN_APPLECRYPTO_SSL_SSLCTX_H
#define OPENVPN_APPLECRYPTO_SSL_SSLCTX_H
#include <string>
#include <Security/SecImportExport.h>
#include <Security/SecItem.h>
#include <Security/SecureTransport.h>
#include <Security/SecKey.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/mode.hpp>
#include <openvpn/buffer/buffer.hpp>
#include <openvpn/frame/frame.hpp>
#include <openvpn/frame/memq_stream.hpp>
#include <openvpn/pki/epkibase.hpp>
#include <openvpn/applecrypto/cf/cfsec.hpp>
#include <openvpn/applecrypto/cf/error.hpp>
#include <openvpn/ssl/tlsver.hpp>
#include <openvpn/ssl/sslconsts.hpp>
#include <openvpn/ssl/sslapi.hpp>
// An SSL Context is essentially a configuration that can be used
// to generate an arbitrary number of actual SSL connections objects.
// AppleSSLContext is an SSL Context implementation that uses the
// Mac/iOS SSL library as a backend.
namespace openvpn {
// Represents an SSL configuration that can be used
// to instantiate actual SSL sessions.
class AppleSSLContext : public SSLFactoryAPI
{
public:
typedef RCPtr<AppleSSLContext> Ptr;
enum {
MAX_CIPHERTEXT_IN = 64
};
// The data needed to construct an AppleSSLContext.
class Config : public SSLConfigAPI
{
friend class AppleSSLContext;
public:
typedef RCPtr<Config> Ptr;
Config() {}
void load_identity(const std::string& subject_match)
{
identity = load_identity_(subject_match);
if (!identity())
OPENVPN_THROW(ssl_context_error, "AppleSSLContext: identity '" << subject_match << "' undefined");
}
virtual SSLFactoryAPI::Ptr new_factory()
{
return SSLFactoryAPI::Ptr(new AppleSSLContext(this));
}
virtual void set_mode(const Mode& mode_arg)
{
mode = mode_arg;
}
virtual const Mode& get_mode() const
{
return mode;
}
virtual void set_frame(const Frame::Ptr& frame_arg)
{
frame = frame_arg;
}
virtual void load(const OptionList& opt, const unsigned int lflags)
{
// client/server
if (lflags & LF_PARSE_MODE)
mode = opt.exists("client") ? Mode(Mode::CLIENT) : Mode(Mode::SERVER);
// identity
{
const std::string& subject_match = opt.get("identity", 1, 256);
load_identity(subject_match);
}
}
virtual void set_external_pki_callback(ExternalPKIBase* external_pki_arg)
{
not_implemented("set_external_pki_callback");
}
virtual void set_private_key_password(const std::string& pwd)
{
return not_implemented("set_private_key_password");
}
virtual void load_ca(const std::string& ca_txt, bool strict)
{
return not_implemented("load_ca");
}
virtual void load_crl(const std::string& crl_txt)
{
return not_implemented("load_crl");
}
virtual void load_cert(const std::string& cert_txt)
{
return not_implemented("load_cert");
}
virtual void load_cert(const std::string& cert_txt, const std::string& extra_certs_txt)
{
return not_implemented("load_cert");
}
virtual void load_private_key(const std::string& key_txt)
{
return not_implemented("load_private_key");
}
virtual void load_dh(const std::string& dh_txt)
{
return not_implemented("load_dh");
}
virtual void set_debug_level(const int debug_level)
{
return not_implemented("set_debug_level");
}
virtual void set_flags(const unsigned int flags_arg)
{
return not_implemented("set_flags");
}
virtual void set_ns_cert_type(const NSCert::Type ns_cert_type_arg)
{
return not_implemented("set_ns_cert_type");
}
virtual void set_remote_cert_tls(const KUParse::TLSWebType wt)
{
return not_implemented("set_remote_cert_tls");
}
virtual void set_tls_remote(const std::string& tls_remote_arg)
{
return not_implemented("set_tls_remote");
}
virtual void set_tls_version_min(const TLSVersion::Type tvm)
{
return not_implemented("set_tls_version_min");
}
virtual void set_local_cert_enabled(const bool v)
{
return not_implemented("set_local_cert_enabled");
}
virtual void set_enable_renegotiation(const bool v)
{
return not_implemented("set_enable_renegotiation");
}
virtual void set_force_aes_cbc_ciphersuites(const bool v)
{
return not_implemented("set_force_aes_cbc_ciphersuites");
}
virtual void set_rng(const RandomAPI::Ptr& rng_arg)
{
return not_implemented("set_rng");
}
private:
void not_implemented(const char *funcname)
{
OPENVPN_LOG("AppleSSL: " << funcname << " not implemented");
}
Mode mode;
CF::Array identity; // as returned by load_identity
Frame::Ptr frame;
};
// Represents an actual SSL session.
// Normally instantiated by AppleSSLContext::ssl().
class SSL : public SSLAPI
{
friend class AppleSSLContext;
public:
typedef RCPtr<SSL> Ptr;
virtual void start_handshake()
{
SSLHandshake(ssl);
}
virtual ssize_t write_cleartext_unbuffered(const void *data, const size_t size)
{
size_t actual = 0;
const OSStatus status = SSLWrite(ssl, data, size, &actual);
if (status < 0)
{
if (status == errSSLWouldBlock)
return SSLConst::SHOULD_RETRY;
else
throw CFException("AppleSSLContext::SSL::write_cleartext failed", status);
}
else
return actual;
}
virtual ssize_t read_cleartext(void *data, const size_t capacity)
{
if (!overflow)
{
size_t actual = 0;
const OSStatus status = SSLRead(ssl, data, capacity, &actual);
if (status < 0)
{
if (status == errSSLWouldBlock)
return SSLConst::SHOULD_RETRY;
else
throw CFException("AppleSSLContext::SSL::read_cleartext failed", status);
}
else
return actual;
}
else
throw ssl_ciphertext_in_overflow();
}
virtual bool read_cleartext_ready() const
{
// fixme: need to detect data buffered at SSL layer
return !ct_in.empty();
}
virtual void write_ciphertext(const BufferPtr& buf)
{
if (ct_in.size() < MAX_CIPHERTEXT_IN)
ct_in.write_buf(buf);
else
overflow = true;
}
virtual bool read_ciphertext_ready() const
{
return !ct_out.empty();
}
virtual BufferPtr read_ciphertext()
{
return ct_out.read_buf();
}
virtual std::string ssl_handshake_details() const // fixme -- code me
{
return "[AppleSSL not implemented]";
}
virtual const AuthCert::Ptr& auth_cert() const
{
OPENVPN_THROW(ssl_context_error, "AppleSSL::SSL: auth_cert() not implemented");
}
~SSL()
{
ssl_erase();
}
private:
SSL(const AppleSSLContext& ctx)
{
ssl_clear();
try {
OSStatus s;
#ifdef OPENVPN_PLATFORM_IPHONE
// init SSL object, select client or server mode
if (ctx.mode().is_server())
ssl = SSLCreateContext(kCFAllocatorDefault, kSSLServerSide, kSSLStreamType);
else if (ctx.mode().is_client())
ssl = SSLCreateContext(kCFAllocatorDefault, kSSLClientSide, kSSLStreamType);
else
OPENVPN_THROW(ssl_context_error, "AppleSSLContext::SSL: unknown client/server mode");
if (ssl == nullptr)
throw CFException("SSLCreateContext failed");
// use TLS v1
s = SSLSetProtocolVersionMin(ssl, kTLSProtocol1);
if (s)
throw CFException("SSLSetProtocolVersionMin failed", s);
#else
// init SSL object, select client or server mode
if (ctx.mode().is_server())
s = SSLNewContext(true, &ssl);
else if (ctx.mode().is_client())
s = SSLNewContext(false, &ssl);
else
OPENVPN_THROW(ssl_context_error, "AppleSSLContext::SSL: unknown client/server mode");
if (s)
throw CFException("SSLNewContext failed", s);
// use TLS v1
s = SSLSetProtocolVersionEnabled(ssl, kSSLProtocol2, false);
if (s)
throw CFException("SSLSetProtocolVersionEnabled !S2 failed", s);
s = SSLSetProtocolVersionEnabled(ssl, kSSLProtocol3, false);
if (s)
throw CFException("SSLSetProtocolVersionEnabled !S3 failed", s);
s = SSLSetProtocolVersionEnabled(ssl, kTLSProtocol1, true);
if (s)
throw CFException("SSLSetProtocolVersionEnabled T1 failed", s);
#endif
// configure cert, private key, and supporting CAs via identity wrapper
s = SSLSetCertificate(ssl, ctx.identity()());
if (s)
throw CFException("SSLSetCertificate failed", s);
// configure ciphertext buffers
ct_in.set_frame(ctx.frame());
ct_out.set_frame(ctx.frame());
// configure the "connection" object to be self
s = SSLSetConnection(ssl, this);
if (s)
throw CFException("SSLSetConnection", s);
// configure ciphertext read/write callbacks
s = SSLSetIOFuncs(ssl, ct_read_func, ct_write_func);
if (s)
throw CFException("SSLSetIOFuncs failed", s);
}
catch (...)
{
ssl_erase();
throw;
}
}
static OSStatus ct_read_func(SSLConnectionRef cref, void *data, size_t *length)
{
try {
SSL *self = (SSL *)cref;
const size_t actual = self->ct_in.read((unsigned char *)data, *length);
const OSStatus ret = (*length == actual) ? 0 : errSSLWouldBlock;
*length = actual;
return ret;
}
catch (...)
{
return errSSLInternal;
}
}
static OSStatus ct_write_func(SSLConnectionRef cref, const void *data, size_t *length)
{
try {
SSL *self = (SSL *)cref;
self->ct_out.write((const unsigned char *)data, *length);
return 0;
}
catch (...)
{
return errSSLInternal;
}
}
void ssl_clear()
{
ssl = nullptr;
overflow = false;
}
void ssl_erase()
{
if (ssl)
{
#ifdef OPENVPN_PLATFORM_IPHONE
CFRelease(ssl);
#else
SSLDisposeContext(ssl);
#endif
}
ssl_clear();
}
SSLContextRef ssl; // underlying SSL connection object
MemQStream ct_in; // write ciphertext to here
MemQStream ct_out; // read ciphertext from here
bool overflow;
};
/////// start of main class implementation
// create a new SSL instance
virtual SSLAPI::Ptr ssl()
{
return SSL::Ptr(new SSL(*this));
}
// like ssl() above but verify hostname against cert CommonName and/or SubjectAltName
virtual SSLAPI::Ptr ssl(const std::string& hostname)
{
OPENVPN_THROW(ssl_context_error, "AppleSSLContext: ssl session with CommonName and/or SubjectAltName verification not implemented");
}
virtual const Mode& mode() const
{
return config_->mode;
}
private:
AppleSSLContext(Config* config)
: config_(config)
{
if (!config_->identity())
OPENVPN_THROW(ssl_context_error, "AppleSSLContext: identity undefined");
}
const Frame::Ptr& frame() const { return config_->frame; }
const CF::Array& identity() const { return config_->identity; }
// load an identity from keychain, return as an array that can
// be passed to SSLSetCertificate
static CF::Array load_identity_(const std::string& subj_match)
{
const CF::String label = CF::string(subj_match);
const void *keys[] = { kSecClass, kSecMatchSubjectContains, kSecMatchTrustedOnly, kSecReturnRef };
const void *values[] = { kSecClassIdentity, label(), kCFBooleanTrue, kCFBooleanTrue };
const CF::Dict query = CF::dict(keys, values, sizeof(keys)/sizeof(keys[0]));
CF::Generic result;
const OSStatus s = SecItemCopyMatching(query(), result.mod_ref());
if (!s && result.defined())
{
const void *asrc[] = { result() };
return CF::array(asrc, 1);
}
else
return CF::Array(); // not found
}
Config::Ptr config_;
};
typedef AppleSSLContext::Ptr AppleSSLContextPtr;
} // namespace openvpn
#endif // OPENVPN_APPLECRYPTO_SSL_SSLCTX_H
openvpn/applecrypto/util/iosactiveiface.hpp
+74
View File
@@ -0,0 +1,74 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
#include <string>
#include <openvpn/applecrypto/util/reach.hpp>
#include <openvpn/netconf/enumiface.hpp>
#ifndef OPENVPN_APPLECRYPTO_UTIL_IOSACTIVEIFACE_H
#define OPENVPN_APPLECRYPTO_UTIL_IOSACTIVEIFACE_H
namespace openvpn {
class iOSActiveInterface : public ReachabilityInterface
{
public:
virtual Status reachable() const
{
if (ei.iface_up("en0"))
return ReachableViaWiFi;
else if (ei.iface_up("pdp_ip0"))
return ReachableViaWWAN;
else
return NotReachable;
}
virtual bool reachableVia(const std::string& net_type) const
{
const Status r = reachable();
if (net_type == "cellular")
return r == ReachableViaWWAN;
else if (net_type == "wifi")
return r == ReachableViaWiFi;
else
return r != NotReachable;
}
virtual std::string to_string() const
{
switch (reachable())
{
case ReachableViaWiFi:
return "ReachableViaWiFi";
case ReachableViaWWAN:
return "ReachableViaWWAN";
case NotReachable:
return "NotReachable";
}
}
private:
EnumIface ei;
};
}
#endif
openvpn/applecrypto/util/rand.hpp
+78
View File
@@ -0,0 +1,78 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap the Apple Cryptographic Random API defined in <Security/SecRandom.h>
// so that it can be used as the primary source of cryptographic entropy by
// the OpenVPN core.
#ifndef OPENVPN_APPLECRYPTO_UTIL_RAND_H
#define OPENVPN_APPLECRYPTO_UTIL_RAND_H
#include <Security/SecRandom.h>
#include <openvpn/random/randapi.hpp>
namespace openvpn {
class AppleRandom : public RandomAPI
{
public:
OPENVPN_EXCEPTION(rand_error_apple);
typedef RCPtr<AppleRandom> Ptr;
AppleRandom(const bool prng)
{
}
virtual std::string name() const
{
return "AppleRandom";
}
// Return true if algorithm is crypto-strength
virtual bool is_crypto() const
{
return true;
}
// Fill buffer with random bytes
virtual void rand_bytes(unsigned char *buf, size_t size)
{
if (!rndbytes(buf, size))
throw rand_error_apple("rand_bytes");
}
// Like rand_bytes, but don't throw exception.
// Return true on successs, false on fail.
virtual bool rand_bytes_noexcept(unsigned char *buf, size_t size)
{
return rndbytes(buf, size);
}
private:
bool rndbytes(unsigned char *buf, size_t size)
{
return SecRandomCopyBytes(kSecRandomDefault, size, buf) ? false : true;
}
};
}
#endif
openvpn/applecrypto/util/reach.hpp
+43
View File
@@ -0,0 +1,43 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
#ifndef OPENVPN_APPLECRYPTO_UTIL_REACH_H
#define OPENVPN_APPLECRYPTO_UTIL_REACH_H
// An interface to various network reachability implementations,
// primarily for iOS.
namespace openvpn {
struct ReachabilityInterface
{
enum Status {
NotReachable,
ReachableViaWiFi,
ReachableViaWWAN
};
virtual Status reachable() const = 0;
virtual bool reachableVia(const std::string& net_type) const = 0;
virtual std::string to_string() const = 0;
virtual ~ReachabilityInterface() {}
};
}
#endif
openvpn/applecrypto/util/reachable.hpp
+466
View File
@@ -0,0 +1,466 @@
// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2017 OpenVPN Technologies, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
//
// This code is derived from the Apple sample Reachability.m under
// the following license.
//
// Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple
// Inc. ("Apple") in consideration of your agreement to the following
// terms, and your use, installation, modification or redistribution of
// this Apple software constitutes acceptance of these terms. If you do
// not agree with these terms, please do not use, install, modify or
// redistribute this Apple software.
//
// In consideration of your agreement to abide by the following terms, and
// subject to these terms, Apple grants you a personal, non-exclusive
// license, under Apple's copyrights in this original Apple software (the
// "Apple Software"), to use, reproduce, modify and redistribute the Apple
// Software, with or without modifications, in source and/or binary forms;
// provided that if you redistribute the Apple Software in its entirety and
// without modifications, you must retain this notice and the following
// text and disclaimers in all such redistributions of the Apple Software.
// Neither the name, trademarks, service marks or logos of Apple Inc. may
// be used to endorse or promote products derived from the Apple Software
// without specific prior written permission from Apple. Except as
// expressly stated in this notice, no other rights or licenses, express or
// implied, are granted by Apple herein, including but not limited to any
// patent rights that may be infringed by your derivative works or by other
// works in which the Apple Software may be incorporated.
//
// The Apple Software is provided by Apple on an "AS IS" basis. APPLE
// MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
// THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS
// FOR A PARTICULAR PURPOSE, REGARDING THE APPLE SOFTWARE OR ITS USE AND
// OPERATION ALONE OR IN COMBINATION WITH YOUR PRODUCTS.
//
// IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL
// OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION,
// MODIFICATION AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED
// AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING NEGLIGENCE),
// STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE HAS BEEN ADVISED OF THE
// POSSIBILITY OF SUCH DAMAGE.
//
// Copyright (C) 2013 Apple Inc. All Rights Reserved.
// Wrapper for Apple SCNetworkReachability methods.
#ifndef OPENVPN_APPLECRYPTO_UTIL_REACHABLE_H
#define OPENVPN_APPLECRYPTO_UTIL_REACHABLE_H
#import "TargetConditionals.h"
#include <netinet/in.h>
#include <SystemConfiguration/SCNetworkReachability.h>
#include <string>
#include <sstream>
#include <memory>
#include <openvpn/common/socktypes.hpp>
#include <openvpn/applecrypto/cf/cf.hpp>
#include <openvpn/applecrypto/util/reach.hpp>
namespace openvpn {
namespace CF {
OPENVPN_CF_WRAP(NetworkReachability, network_reachability_cast, SCNetworkReachabilityRef, SCNetworkReachabilityGetTypeID);
}
class ReachabilityBase
{
public:
typedef ReachabilityInterface::Status Status;
enum Type {
Internet,
WiFi,
};
std::string to_string() const
{
return to_string(flags());
}
std::string to_string(const SCNetworkReachabilityFlags f) const
{
const Status s = vstatus(f);
const Type t = vtype();
std::string ret;
ret += render_type(t);
ret += ':';
ret += render_status(s);
ret += '/';
ret += render_flags(f);
return ret;
}
Status status() const
{
return vstatus(flags());
}
SCNetworkReachabilityFlags flags() const
{
SCNetworkReachabilityFlags f = 0;
if (SCNetworkReachabilityGetFlags(reach(), &f) == TRUE)
return f;
else
return 0;
}
static std::string render_type(Type type)
{
switch (type) {
case Internet:
return "Internet";
case WiFi:
return "WiFi";
default:
return "Type???";
}
}
static std::string render_status(const Status status)
{
switch (status) {
case ReachabilityInterface::NotReachable:
return "NotReachable";
case ReachabilityInterface::ReachableViaWiFi:
return "ReachableViaWiFi";
case ReachabilityInterface::ReachableViaWWAN:
return "ReachableViaWWAN";
default:
return "ReachableVia???";
}
}
static std::string render_flags(const SCNetworkReachabilityFlags flags)
{
std::string ret;
#if TARGET_OS_IPHONE || TARGET_IPHONE_SIMULATOR // Mac OS X doesn't define WWAN flags
if (flags & kSCNetworkReachabilityFlagsIsWWAN)
ret += 'W';
else
#endif
ret += '-';
if (flags & kSCNetworkReachabilityFlagsReachable)
ret += 'R';
else
ret += '-';
ret += ' ';
if (flags & kSCNetworkReachabilityFlagsTransientConnection)
ret += 't';
else
ret += '-';
if (flags & kSCNetworkReachabilityFlagsConnectionRequired)
ret += 'c';
else
ret += '-';
if (flags & kSCNetworkReachabilityFlagsConnectionOnTraffic)
ret += 'C';
else
ret += '-';
if (flags & kSCNetworkReachabilityFlagsInterventionRequired)
ret += 'i';
else
ret += '-';
if (flags & kSCNetworkReachabilityFlagsConnectionOnDemand)
ret += 'D';
else
ret += '-';
if (flags & kSCNetworkReachabilityFlagsIsLocalAddress)
ret += 'l';
else
ret += '-';
if (flags & kSCNetworkReachabilityFlagsIsDirect)
ret += 'd';
else
ret += '-';
return ret;
}
virtual Type vtype() const = 0;
virtual Status vstatus(const SCNetworkReachabilityFlags flags) const = 0;
CF::NetworkReachability reach;
};
class ReachabilityViaInternet : public ReachabilityBase
{
public:
ReachabilityViaInternet()
{
struct sockaddr_in addr;
bzero(&addr, sizeof(addr));
addr.sin_len = sizeof(addr);
addr.sin_family = AF_INET;
reach.reset(SCNetworkReachabilityCreateWithAddress(kCFAllocatorDefault, (struct sockaddr*)&addr));
}
virtual Type vtype() const
{
return Internet;
}
virtual Status vstatus(const SCNetworkReachabilityFlags flags) const
{
return status_from_flags(flags);
}
static Status status_from_flags(const SCNetworkReachabilityFlags flags)
{
if ((flags & kSCNetworkReachabilityFlagsReachable) == 0)
{
// The target host is not reachable.
return ReachabilityInterface::NotReachable;
}
Status ret = ReachabilityInterface::NotReachable;
if ((flags & kSCNetworkReachabilityFlagsConnectionRequired) == 0)
{
// If the target host is reachable and no connection is required then
// we'll assume (for now) that you're on Wi-Fi...
ret = ReachabilityInterface::ReachableViaWiFi;
}
#if 0 // don't contaminate result by considering on-demand viability
if ((((flags & kSCNetworkReachabilityFlagsConnectionOnDemand ) != 0) ||
(flags & kSCNetworkReachabilityFlagsConnectionOnTraffic) != 0))
{
// ... and the connection is on-demand (or on-traffic) if the
// calling application is using the CFSocketStream or higher APIs...
if ((flags & kSCNetworkReachabilityFlagsInterventionRequired) == 0)
{
// ... and no [user] intervention is needed...
ret = ReachabilityInterface::ReachableViaWiFi;
}
}
#endif
#if TARGET_OS_IPHONE || TARGET_IPHONE_SIMULATOR // Mac OS X doesn't define WWAN flags
if ((flags & kSCNetworkReachabilityFlagsIsWWAN) == kSCNetworkReachabilityFlagsIsWWAN)
{
// ... but WWAN connections are OK if the calling application
// is using the CFNetwork APIs.
ret = ReachabilityInterface::ReachableViaWWAN;
}
#endif
return ret;
}
};
class ReachabilityViaWiFi : public ReachabilityBase
{
public:
ReachabilityViaWiFi()
{
struct sockaddr_in addr;
bzero(&addr, sizeof(addr));
addr.sin_len = sizeof(addr);
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = htonl(IN_LINKLOCALNETNUM); // 169.254.0.0.
reach.reset(SCNetworkReachabilityCreateWithAddress(kCFAllocatorDefault, (struct sockaddr*)&addr));
}
virtual Type vtype() const
{
return WiFi;
}
virtual Status vstatus(const SCNetworkReachabilityFlags flags) const
{
return status_from_flags(flags);
}
static Status status_from_flags(const SCNetworkReachabilityFlags flags)
{
Status ret = ReachabilityInterface::NotReachable;
if ((flags & kSCNetworkReachabilityFlagsReachable) && (flags & kSCNetworkReachabilityFlagsIsDirect))
ret = ReachabilityInterface::ReachableViaWiFi;
return ret;
}
};
class Reachability : public ReachabilityInterface
{
public:
Reachability(const bool enable_internet, const bool enable_wifi)
{
if (enable_internet)
internet.reset(new ReachabilityViaInternet);
if (enable_wifi)
wifi.reset(new ReachabilityViaWiFi);
}
bool reachableViaWiFi() const {
if (internet)
{
if (wifi)
return internet->status() == ReachableViaWiFi && wifi->status() == ReachableViaWiFi;
else
return internet->status() == ReachableViaWiFi;
}
else
{
if (wifi)
return wifi->status() == ReachableViaWiFi;
else
return false;
}
}
bool reachableViaCellular() const
{
if (internet)
return internet->status() == ReachableViaWWAN;
else
return false;
}
virtual Status reachable() const
{
if (reachableViaWiFi())
return ReachableViaWiFi;
else if (reachableViaCellular())
return ReachableViaWWAN;
else
return NotReachable;
}
virtual bool reachableVia(const std::string& net_type) const
{
if (net_type == "cellular")
return reachableViaCellular();
else if (net_type == "wifi")
return reachableViaWiFi();
else
return reachableViaWiFi() || reachableViaCellular();
}
virtual std::string to_string() const
{
std::string ret;
if (internet)
ret += internet->to_string();
if (internet && wifi)
ret += ' ';
if (wifi)
ret += wifi->to_string();
return ret;
}
std::unique_ptr<ReachabilityViaInternet> internet;
std::unique_ptr<ReachabilityViaWiFi> wifi;
};
class ReachabilityTracker
{
public:
ReachabilityTracker(const bool enable_internet, const bool enable_wifi)
: reachability(enable_internet, enable_wifi),
scheduled(false)
{
}
void reachability_tracker_schedule()
{
if (!scheduled)
{
if (reachability.internet)
schedule(*reachability.internet, internet_callback_static);
if (reachability.wifi)
schedule(*reachability.wifi, wifi_callback_static);
scheduled = true;
}
}
void reachability_tracker_cancel()
{
if (scheduled)
{
if (reachability.internet)
cancel(*reachability.internet);
if (reachability.wifi)
cancel(*reachability.wifi);
scheduled = false;
}
}
virtual void reachability_tracker_event(const ReachabilityBase& rb, SCNetworkReachabilityFlags flags) = 0;
virtual ~ReachabilityTracker()
{
reachability_tracker_cancel();
}
private:
bool schedule(ReachabilityBase& rb, SCNetworkReachabilityCallBack cb)
{
SCNetworkReachabilityContext context = { 0, this, nullptr, nullptr, nullptr };
if (rb.reach.defined())
{
if (SCNetworkReachabilitySetCallback(rb.reach(),
cb,
&context) == FALSE)
return false;
if (SCNetworkReachabilityScheduleWithRunLoop(rb.reach(),
CFRunLoopGetCurrent(),
kCFRunLoopCommonModes) == FALSE)
return false;
return true;
}
else
return false;
}
void cancel(ReachabilityBase& rb)
{
if (rb.reach.defined())
SCNetworkReachabilityUnscheduleFromRunLoop(rb.reach(), CFRunLoopGetCurrent(), kCFRunLoopCommonModes);
}
static void internet_callback_static(SCNetworkReachabilityRef target,
SCNetworkReachabilityFlags flags,
void *info)
{
ReachabilityTracker* self = (ReachabilityTracker*)info;
self->reachability_tracker_event(*self->reachability.internet, flags);
}
static void wifi_callback_static(SCNetworkReachabilityRef target,
SCNetworkReachabilityFlags flags,
void *info)
{
ReachabilityTracker* self = (ReachabilityTracker*)info;
self->reachability_tracker_event(*self->reachability.wifi, flags);
}
Reachability reachability;
bool scheduled;
};
}
#endif