From 21939ae34a969ee5cf598ddbadd9e10663181343 Mon Sep 17 00:00:00 2001 From: Jackson Coxson Date: Sat, 5 Apr 2025 14:10:41 -0600 Subject: [PATCH] Replace openssl with rustls --- Cargo.lock | 449 ++++++++++++++++-------------------- ffi/Cargo.toml | 1 - ffi/src/errors.rs | 8 +- idevice/Cargo.toml | 15 +- idevice/src/lib.rs | 42 ++-- idevice/src/mounter.rs | 4 +- idevice/src/pairing_file.rs | 55 +++-- idevice/src/sni.rs | 82 +++++++ 8 files changed, 342 insertions(+), 314 deletions(-) create mode 100644 idevice/src/sni.rs diff --git a/Cargo.lock b/Cargo.lock index ae3e8c2..04196f5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -146,6 +146,29 @@ dependencies = [ "cc", ] +[[package]] +name = "aws-lc-rs" +version = "1.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "19b756939cb2f8dc900aa6dcd505e6e2428e9cae7ff7b028c49e3946efa70878" +dependencies = [ + "aws-lc-sys", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.28.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9f7720b74ed28ca77f90769a71fd8c637a0137f6fae4ae947e1050229cff57f" +dependencies = [ + "bindgen 0.69.5", + "cc", + "cmake", + "dunce", + "fs_extra", +] + [[package]] name = "backtrace" version = "0.3.74" @@ -185,11 +208,34 @@ dependencies = [ "proc-macro2", "quote", "regex", - "rustc-hash", + "rustc-hash 1.1.0", "shlex", "which", ] +[[package]] +name = "bindgen" +version = "0.69.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" +dependencies = [ + "bitflags 2.8.0", + "cexpr", + "clang-sys", + "itertools", + "lazy_static", + "lazycell", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash 1.1.0", + "shlex", + "syn 2.0.100", + "which", +] + [[package]] name = "bitflags" version = "1.3.2" @@ -307,6 +353,8 @@ version = "1.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "13208fcbb66eaeffe09b99fffbe1af420f00a7b35aa99ad683dfc1aa76145229" dependencies = [ + "jobserver", + "libc", "shlex", ] @@ -412,6 +460,15 @@ version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6" +[[package]] +name = "cmake" +version = "0.1.54" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0" +dependencies = [ + "cc", +] + [[package]] name = "colorchoice" version = "1.0.3" @@ -456,22 +513,6 @@ dependencies = [ "url", ] -[[package]] -name = "core-foundation" -version = "0.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" -dependencies = [ - "core-foundation-sys", - "libc", -] - -[[package]] -name = "core-foundation-sys" -version = "0.8.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" - [[package]] name = "cpufeatures" version = "0.2.17" @@ -545,6 +586,12 @@ dependencies = [ "litrs", ] +[[package]] +name = "dunce" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" + [[package]] name = "either" version = "1.15.0" @@ -655,21 +702,6 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" -[[package]] -name = "foreign-types" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" -dependencies = [ - "foreign-types-shared", -] - -[[package]] -name = "foreign-types-shared" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" - [[package]] name = "form_urlencoded" version = "1.2.1" @@ -679,6 +711,12 @@ dependencies = [ "percent-encoding", ] +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + [[package]] name = "futures" version = "0.3.31" @@ -806,8 +844,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", + "js-sys", "libc", "wasi 0.11.0+wasi-snapshot-preview1", + "wasm-bindgen", ] [[package]] @@ -817,8 +857,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "43a49c392881ce6d5c3b8cb70f98717b7c07aabbdff06687b9030dbfbe2725f8" dependencies = [ "cfg-if", + "js-sys", "libc", "wasi 0.13.3+wasi-0.2.2", + "wasm-bindgen", "windows-targets 0.52.6", ] @@ -834,25 +876,6 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" -[[package]] -name = "h2" -version = "0.4.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ccae279728d634d083c00f6099cb58f01cc99c145b84b8be2f6c74618d79922e" -dependencies = [ - "atomic-waker", - "bytes", - "fnv", - "futures-core", - "futures-sink", - "http", - "indexmap", - "slab", - "tokio", - "tokio-util", - "tracing", -] - [[package]] name = "hashbrown" version = "0.15.2" @@ -944,7 +967,6 @@ dependencies = [ "bytes", "futures-channel", "futures-util", - "h2", "http", "http-body", "httparse", @@ -970,22 +992,7 @@ dependencies = [ "tokio", "tokio-rustls", "tower-service", -] - -[[package]] -name = "hyper-tls" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0" -dependencies = [ - "bytes", - "http-body-util", - "hyper", - "hyper-util", - "native-tls", - "tokio", - "tokio-native-tls", - "tower-service", + "webpki-roots", ] [[package]] @@ -1140,16 +1147,16 @@ dependencies = [ "json", "log", "ns-keyed-archive", - "openssl", "plist", "rand 0.9.0", "reqwest", + "rustls", "serde", "serde_json", "sha2", "thiserror", "tokio", - "tokio-openssl", + "tokio-rustls", "tun-rs 2.0.8", "uuid", ] @@ -1163,7 +1170,6 @@ dependencies = [ "libc", "log", "once_cell", - "openssl-sys", "plist", "plist_plus", "simplelog", @@ -1230,6 +1236,15 @@ version = "1.70.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf" +[[package]] +name = "itertools" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" +dependencies = [ + "either", +] + [[package]] name = "itoa" version = "1.0.14" @@ -1260,6 +1275,15 @@ dependencies = [ "syn 2.0.100", ] +[[package]] +name = "jobserver" +version = "0.1.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0" +dependencies = [ + "libc", +] + [[package]] name = "js-sys" version = "0.3.77" @@ -1395,23 +1419,6 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "native-tls" -version = "0.2.13" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0dab59f8e050d5df8e4dd87d9206fb6f65a483e20ac9fda365ade4fab353196c" -dependencies = [ - "libc", - "log", - "openssl", - "openssl-probe", - "openssl-sys", - "schannel", - "security-framework", - "security-framework-sys", - "tempfile", -] - [[package]] name = "nix" version = "0.28.0" @@ -1507,60 +1514,6 @@ version = "1.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d75b0bedcc4fe52caa0e03d9f1151a323e4aa5e2d78ba3580400cd3c9e2bc4bc" -[[package]] -name = "openssl" -version = "0.10.69" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f5e534d133a060a3c19daec1eb3e98ec6f4685978834f2dbadfe2ec215bab64e" -dependencies = [ - "bitflags 2.8.0", - "cfg-if", - "foreign-types", - "libc", - "once_cell", - "openssl-macros", - "openssl-sys", -] - -[[package]] -name = "openssl-macros" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.100", -] - -[[package]] -name = "openssl-probe" -version = "0.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e" - -[[package]] -name = "openssl-src" -version = "300.4.1+3.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "faa4eac4138c62414b5622d1b31c5c304f34b406b013c079c2bbc652fdd6678c" -dependencies = [ - "cc", -] - -[[package]] -name = "openssl-sys" -version = "0.9.104" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "45abf306cbf99debc8195b66b7346498d7b10c210de50418b5ccd7ceba08c741" -dependencies = [ - "cc", - "libc", - "openssl-src", - "pkg-config", - "vcpkg", -] - [[package]] name = "parking" version = "2.2.1" @@ -1625,12 +1578,6 @@ dependencies = [ "futures-io", ] -[[package]] -name = "pkg-config" -version = "0.3.31" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2" - [[package]] name = "plist" version = "1.7.1" @@ -1651,7 +1598,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "167429a361cacecf5cab907c235e620b3faf5f36b97d7f72c32907ccdca700cf" dependencies = [ "autotools", - "bindgen", + "bindgen 0.59.2", "cc", "libc", "log", @@ -1688,6 +1635,16 @@ dependencies = [ "zerocopy", ] +[[package]] +name = "prettyplease" +version = "0.2.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5316f57387668042f561aae71480de936257848f9c43ce528e311d89a07cadeb" +dependencies = [ + "proc-macro2", + "syn 2.0.100", +] + [[package]] name = "proc-macro2" version = "1.0.93" @@ -1706,6 +1663,60 @@ dependencies = [ "memchr", ] +[[package]] +name = "quinn" +version = "0.11.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3bd15a6f2967aef83887dcb9fec0014580467e33720d073560cf015a5683012" +dependencies = [ + "bytes", + "cfg_aliases 0.2.1", + "pin-project-lite", + "quinn-proto", + "quinn-udp", + "rustc-hash 2.1.1", + "rustls", + "socket2", + "thiserror", + "tokio", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-proto" +version = "0.11.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b820744eb4dc9b57a3398183639c511b5a26d2ed702cedd3febaa1393caa22cc" +dependencies = [ + "bytes", + "getrandom 0.3.1", + "rand 0.9.0", + "ring", + "rustc-hash 2.1.1", + "rustls", + "rustls-pki-types", + "slab", + "thiserror", + "tinyvec", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-udp" +version = "0.5.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "541d0f57c6ec747a90738a52741d3221f7960e8ac2f0ff4b1a63680e033b4ab5" +dependencies = [ + "cfg_aliases 0.2.1", + "libc", + "once_cell", + "socket2", + "tracing", + "windows-sys 0.52.0", +] + [[package]] name = "quote" version = "1.0.38" @@ -1821,39 +1832,38 @@ checksum = "43e734407157c3c2034e0258f5e4473ddb361b1e85f95a66690d67264d7cd1da" dependencies = [ "base64", "bytes", - "encoding_rs", "futures-core", "futures-util", - "h2", "http", "http-body", "http-body-util", "hyper", "hyper-rustls", - "hyper-tls", "hyper-util", "ipnet", "js-sys", "log", "mime", - "native-tls", "once_cell", "percent-encoding", "pin-project-lite", + "quinn", + "rustls", "rustls-pemfile", + "rustls-pki-types", "serde", "serde_json", "serde_urlencoded", "sync_wrapper", - "system-configuration", "tokio", - "tokio-native-tls", + "tokio-rustls", "tower", "tower-service", "url", "wasm-bindgen", "wasm-bindgen-futures", "web-sys", + "webpki-roots", "windows-registry", ] @@ -1884,6 +1894,12 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" +[[package]] +name = "rustc-hash" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" + [[package]] name = "rustix" version = "0.38.44" @@ -1903,6 +1919,7 @@ version = "0.23.21" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8f287924602bf649d949c63dc8ac8b235fa5387d394020705b80c4eb597ce5b8" dependencies = [ + "aws-lc-rs", "log", "once_cell", "ring", @@ -1926,6 +1943,9 @@ name = "rustls-pki-types" version = "1.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d2bf47e6ff922db3825eb750c4e2ff784c6ff8fb9e13046ef6a1d1c5401b0b37" +dependencies = [ + "web-time", +] [[package]] name = "rustls-webpki" @@ -1933,6 +1953,7 @@ version = "0.102.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" dependencies = [ + "aws-lc-rs", "ring", "rustls-pki-types", "untrusted", @@ -1950,44 +1971,12 @@ version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" -[[package]] -name = "schannel" -version = "0.1.27" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d" -dependencies = [ - "windows-sys 0.59.0", -] - [[package]] name = "scopeguard" version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" -[[package]] -name = "security-framework" -version = "2.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" -dependencies = [ - "bitflags 2.8.0", - "core-foundation", - "core-foundation-sys", - "libc", - "security-framework-sys", -] - -[[package]] -name = "security-framework-sys" -version = "2.14.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32" -dependencies = [ - "core-foundation-sys", - "libc", -] - [[package]] name = "serde" version = "1.0.217" @@ -2175,27 +2164,6 @@ dependencies = [ "syn 2.0.100", ] -[[package]] -name = "system-configuration" -version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c879d448e9d986b661742763247d3693ed13609438cf3d006f51f5368a5ba6b" -dependencies = [ - "bitflags 2.8.0", - "core-foundation", - "system-configuration-sys", -] - -[[package]] -name = "system-configuration-sys" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e1d1b10ced5ca923a1fcb8d03e96b8d3268065d724548c0211415ff6ac6bac4" -dependencies = [ - "core-foundation-sys", - "libc", -] - [[package]] name = "tempfile" version = "3.16.0" @@ -2291,6 +2259,21 @@ dependencies = [ "zerovec", ] +[[package]] +name = "tinyvec" +version = "1.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09b3661f17e86524eccd4371ab0429194e0d7c008abb45f7a7495b1719463c71" +dependencies = [ + "tinyvec_macros", +] + +[[package]] +name = "tinyvec_macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" + [[package]] name = "tokio" version = "1.44.1" @@ -2320,27 +2303,6 @@ dependencies = [ "syn 2.0.100", ] -[[package]] -name = "tokio-native-tls" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" -dependencies = [ - "native-tls", - "tokio", -] - -[[package]] -name = "tokio-openssl" -version = "0.6.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "59df6849caa43bb7567f9a36f863c447d95a11d5903c9cc334ba32576a27eadd" -dependencies = [ - "openssl", - "openssl-sys", - "tokio", -] - [[package]] name = "tokio-rustls" version = "0.26.1" @@ -2351,19 +2313,6 @@ dependencies = [ "tokio", ] -[[package]] -name = "tokio-util" -version = "0.7.13" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7fcaa8d55a2bdd6b83ace262b016eca0d79ee02818c5c1bcdf0305114081078" -dependencies = [ - "bytes", - "futures-core", - "futures-sink", - "pin-project-lite", - "tokio", -] - [[package]] name = "toml" version = "0.8.20" @@ -2610,12 +2559,6 @@ dependencies = [ "serde", ] -[[package]] -name = "vcpkg" -version = "0.2.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" - [[package]] name = "vec_map" version = "0.8.2" @@ -2733,6 +2676,16 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "web-time" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + [[package]] name = "webpki-roots" version = "0.26.7" diff --git a/ffi/Cargo.toml b/ffi/Cargo.toml index 2c97b82..cc6c97f 100644 --- a/ffi/Cargo.toml +++ b/ffi/Cargo.toml @@ -11,7 +11,6 @@ simplelog = "0.12.2" once_cell = "1.21.1" tokio = { version = "1.44.1", features = ["full"] } libc = "0.2.171" -openssl-sys = { version = "0.9", features = ["vendored"] } plist = "1.7.1" plist_plus = { version = "0.2.6", features = ["dynamic"] } diff --git a/ffi/src/errors.rs b/ffi/src/errors.rs index 668b923..0f49731 100644 --- a/ffi/src/errors.rs +++ b/ffi/src/errors.rs @@ -7,8 +7,8 @@ pub enum IdeviceErrorCode { IdeviceSuccess = 0, // Main library Socket = -1, - Ssl = -2, - SslSetup = -3, + Tls = -2, + TlsBuilderFailed = -3, Plist = -4, Utf8 = -5, UnexpectedResponse = -6, @@ -55,8 +55,8 @@ impl From for IdeviceErrorCode { fn from(err: IdeviceError) -> Self { match err { IdeviceError::Socket(_) => IdeviceErrorCode::Socket, - IdeviceError::Ssl(_) => IdeviceErrorCode::Ssl, - IdeviceError::SslSetup(_) => IdeviceErrorCode::SslSetup, + IdeviceError::Rustls(_) => IdeviceErrorCode::Tls, + IdeviceError::TlsBuilderFailed(_) => IdeviceErrorCode::TlsBuilderFailed, IdeviceError::Plist(_) => IdeviceErrorCode::Plist, IdeviceError::Utf8(_) => IdeviceErrorCode::Utf8, IdeviceError::UnexpectedResponse => IdeviceErrorCode::UnexpectedResponse, diff --git a/idevice/Cargo.toml b/idevice/Cargo.toml index 716053c..c29d53f 100644 --- a/idevice/Cargo.toml +++ b/idevice/Cargo.toml @@ -12,7 +12,8 @@ keywords = ["lockdownd", "ios"] [dependencies] tokio = { version = "1.43", features = ["io-util"] } -tokio-openssl = { version = "0.6" } +tokio-rustls = "0.26" +rustls = "0.23" plist = { version = "1.7" } serde = { version = "1", features = ["derive"] } @@ -32,7 +33,10 @@ serde_json = { version = "1", optional = true } json = { version = "0.12", optional = true } byteorder = { version = "1.5", optional = true } -reqwest = { version = "0.12", features = ["json"], optional = true } +reqwest = { version = "0.12", features = [ + "json", + "rustls-tls", +], optional = true, default-features = false } rand = { version = "0.9", optional = true } futures = { version = "0.3", optional = true } @@ -85,10 +89,3 @@ full = [ "tunneld", "sbservices", ] - -# Why: https://github.com/rust-lang/cargo/issues/1197 -[target.'cfg(windows)'.dependencies] -openssl = { version = "0.10", features = ["vendored"] } - -[target.'cfg(not(windows))'.dependencies] -openssl = { version = "0.10" } diff --git a/idevice/src/lib.rs b/idevice/src/lib.rs index 28ddc6a..f01e6d7 100644 --- a/idevice/src/lib.rs +++ b/idevice/src/lib.rs @@ -23,6 +23,7 @@ pub mod pairing_file; pub mod provider; #[cfg(feature = "sbservices")] pub mod sbservices; +mod sni; #[cfg(feature = "tunnel_tcp_stack")] pub mod tcp; #[cfg(feature = "tss")] @@ -36,9 +37,12 @@ mod util; pub mod xpc; use log::{debug, error, trace}; -use openssl::ssl::{SslConnector, SslMethod, SslVerifyMode}; use provider::IdeviceProvider; -use std::io::{self, BufWriter}; +use rustls::{crypto::CryptoProvider, pki_types::ServerName}; +use std::{ + io::{self, BufWriter}, + sync::Arc, +}; use thiserror::Error; use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt}; @@ -213,24 +217,18 @@ impl Idevice { &mut self, pairing_file: &pairing_file::PairingFile, ) -> Result<(), IdeviceError> { - let connector = SslConnector::builder(SslMethod::tls()).unwrap(); - - let mut connector = connector - .build() - .configure() - .unwrap() - .into_ssl("ur mom") - .unwrap(); - - connector.set_certificate(&pairing_file.host_certificate)?; - connector.set_private_key(&pairing_file.host_private_key)?; - connector.set_verify(SslVerifyMode::empty()); + if CryptoProvider::get_default().is_none() { + CryptoProvider::install_default(rustls::crypto::aws_lc_rs::default_provider()).unwrap(); + } + let config = sni::create_client_config(pairing_file)?; + let connector = tokio_rustls::TlsConnector::from(Arc::new(config)); let socket = self.socket.take().unwrap(); + let socket = connector + .connect(ServerName::try_from("iOS").unwrap(), socket) + .await?; - let mut ssl_stream = tokio_openssl::SslStream::new(connector, socket)?; - std::pin::Pin::new(&mut ssl_stream).connect().await?; - self.socket = Some(Box::new(ssl_stream)); + self.socket = Some(Box::new(socket)); Ok(()) } @@ -241,10 +239,12 @@ impl Idevice { pub enum IdeviceError { #[error("device socket io failed")] Socket(#[from] io::Error), - #[error("ssl io failed")] - Ssl(#[from] openssl::ssl::Error), - #[error("ssl failed to setup")] - SslSetup(#[from] openssl::error::ErrorStack), + #[error("PEM parse failed")] + PemParseFailed(#[from] rustls::pki_types::pem::Error), + #[error("TLS error")] + Rustls(#[from] rustls::Error), + #[error("TLS verifiction build failed")] + TlsBuilderFailed(#[from] rustls::server::VerifierBuilderError), #[error("io on plist")] Plist(#[from] plist::Error), #[error("can't convert bytes to utf8")] diff --git a/idevice/src/mounter.rs b/idevice/src/mounter.rs index 96c2b95..1ca0ce1 100644 --- a/idevice/src/mounter.rs +++ b/idevice/src/mounter.rs @@ -1,7 +1,6 @@ // Jackson Coxson use log::debug; -use openssl::sha::Sha384; use crate::{lockdownd::LockdowndClient, Idevice, IdeviceError, IdeviceService}; @@ -364,9 +363,10 @@ impl ImageMounter { S: Clone, { // Try to fetch personalization manifest + use sha2::{Digest, Sha384}; let mut hasher = Sha384::new(); hasher.update(&image); - let image_hash = hasher.finish(); + let image_hash = hasher.finalize(); let manifest = match self .query_personalization_manifest("DeveloperDiskImage", image_hash.to_vec()) .await diff --git a/idevice/src/pairing_file.rs b/idevice/src/pairing_file.rs index 9997da2..0f419a4 100644 --- a/idevice/src/pairing_file.rs +++ b/idevice/src/pairing_file.rs @@ -3,20 +3,17 @@ use std::path::Path; use log::warn; -use openssl::{ - pkey::{PKey, Private}, - x509::X509, -}; use plist::Data; +use rustls::pki_types::{pem::PemObject, CertificateDer}; use serde::{Deserialize, Serialize}; #[derive(Clone, Debug)] pub struct PairingFile { - pub device_certificate: X509, - pub host_private_key: PKey, - pub host_certificate: X509, - pub root_private_key: PKey, - pub root_certificate: X509, + pub device_certificate: CertificateDer<'static>, + pub host_private_key: Vec, // the private key doesn't implement clone... + pub host_certificate: CertificateDer<'static>, + pub root_private_key: Vec, + pub root_certificate: CertificateDer<'static>, pub system_buid: String, pub host_id: String, pub escrow_bag: Vec, @@ -74,7 +71,7 @@ impl PairingFile { } pub fn serialize(self) -> Result, crate::IdeviceError> { - let raw = RawPairingFile::try_from(self)?; + let raw = RawPairingFile::from(self); let mut buf = Vec::new(); plist::to_writer_xml(&mut buf, &raw)?; @@ -83,19 +80,21 @@ impl PairingFile { } impl TryFrom for PairingFile { - type Error = openssl::error::ErrorStack; + type Error = rustls::pki_types::pem::Error; fn try_from(value: RawPairingFile) -> Result { Ok(Self { - device_certificate: X509::from_pem(&Into::>::into(value.device_certificate))?, - host_private_key: PKey::private_key_from_pem(&Into::>::into( - value.host_private_key, + device_certificate: CertificateDer::from_pem_slice(&Into::>::into( + value.device_certificate, ))?, - host_certificate: X509::from_pem(&Into::>::into(value.host_certificate))?, - root_private_key: PKey::private_key_from_pem(&Into::>::into( - value.root_private_key, + host_private_key: Into::>::into(value.host_private_key), + host_certificate: CertificateDer::from_pem_slice(&Into::>::into( + value.host_certificate, + ))?, + root_private_key: Into::>::into(value.root_private_key), + root_certificate: CertificateDer::from_pem_slice(&Into::>::into( + value.root_certificate, ))?, - root_certificate: X509::from_pem(&Into::>::into(value.root_certificate))?, system_buid: value.system_buid, host_id: value.host_id, escrow_bag: value.escrow_bag.into(), @@ -105,22 +104,20 @@ impl TryFrom for PairingFile { } } -impl TryFrom for RawPairingFile { - type Error = openssl::error::ErrorStack; - - fn try_from(value: PairingFile) -> Result { - Ok(Self { - device_certificate: Data::new(value.device_certificate.to_pem()?), - host_private_key: Data::new(value.host_private_key.private_key_to_pem_pkcs8()?), - host_certificate: Data::new(value.host_certificate.to_pem()?), - root_private_key: Data::new(value.root_private_key.private_key_to_pem_pkcs8()?), - root_certificate: Data::new(value.root_certificate.to_pem()?), +impl From for RawPairingFile { + fn from(value: PairingFile) -> Self { + Self { + device_certificate: Data::new(value.device_certificate.to_vec()), + host_private_key: Data::new(value.host_private_key), + host_certificate: Data::new(value.host_certificate.to_vec()), + root_private_key: Data::new(value.root_private_key), + root_certificate: Data::new(value.root_certificate.to_vec()), system_buid: value.system_buid, host_id: value.host_id.clone(), escrow_bag: Data::new(value.escrow_bag), wifi_mac_address: value.wifi_mac_address, udid: value.udid, - }) + } } } diff --git a/idevice/src/sni.rs b/idevice/src/sni.rs new file mode 100644 index 0000000..965d12c --- /dev/null +++ b/idevice/src/sni.rs @@ -0,0 +1,82 @@ +// Jackson Coxson +// https://gist.github.com/doroved/2c92ddd5e33f257f901c763b728d1b61 +// +// Why: +// https://github.com/rustls/rustls/issues/578 +// We aren't in control of the certs served. +// Assuming that there's no use for unchecked certs is naive. + +use rustls::{ + client::{ + danger::{HandshakeSignatureValid, ServerCertVerified, ServerCertVerifier}, + WebPkiServerVerifier, + }, + pki_types::{pem::PemObject, CertificateDer, PrivateKeyDer, ServerName, UnixTime}, + ClientConfig, DigitallySignedStruct, +}; +use std::sync::Arc; + +use crate::{pairing_file::PairingFile, IdeviceError}; + +#[derive(Debug)] +pub struct NoServerNameVerification { + inner: Arc, +} + +impl NoServerNameVerification { + pub fn new(inner: Arc) -> Self { + Self { inner } + } +} + +impl ServerCertVerifier for NoServerNameVerification { + fn verify_server_cert( + &self, + _end_entity: &CertificateDer<'_>, + _intermediates: &[CertificateDer<'_>], + _server_name: &ServerName<'_>, + _ocsp: &[u8], + _now: UnixTime, + ) -> Result { + Ok(ServerCertVerified::assertion()) + } + + fn verify_tls12_signature( + &self, + _message: &[u8], + _cert: &CertificateDer<'_>, + _dss: &DigitallySignedStruct, + ) -> Result { + Ok(HandshakeSignatureValid::assertion()) + } + + fn verify_tls13_signature( + &self, + _message: &[u8], + _cert: &CertificateDer<'_>, + _dss: &DigitallySignedStruct, + ) -> Result { + Ok(HandshakeSignatureValid::assertion()) + } + + fn supported_verify_schemes(&self) -> Vec { + self.inner.supported_verify_schemes() + } +} + +pub fn create_client_config(pairing_file: &PairingFile) -> Result { + let mut root_store = rustls::RootCertStore::empty(); + root_store.add(pairing_file.root_certificate.clone())?; + let private_key = PrivateKeyDer::from_pem_slice(&pairing_file.host_private_key)?; + + let mut config = ClientConfig::builder() + .with_root_certificates(root_store.clone()) + .with_client_auth_cert(vec![pairing_file.host_certificate.clone()], private_key) + .unwrap(); + + let inner = rustls::client::WebPkiServerVerifier::builder(Arc::new(root_store)).build()?; + let verifier = Arc::new(NoServerNameVerification::new(inner)); + config.dangerous().set_certificate_verifier(verifier); + + Ok(config) +}