From f47a45ea2d4ff0f7b725e0c069948c81ef8b67a1 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Wed, 16 Dec 2020 13:29:06 +0000 Subject: [iphone] Add iPhone tethering driver USB tethering via an iPhone is unreasonably complicated due to the requirement to perform a pairing operation that involves establishing a TLS session over a completely unrelated USB function that speaks a protocol that is almost, but not quite, entirely unlike TCP. Signed-off-by: Michael Brown --- src/drivers/net/iphone.c | 2268 ++++++++++++++++++++++++++++++++++++++++++++ src/drivers/net/iphone.h | 291 ++++++ src/include/ipxe/errfile.h | 1 + 3 files changed, 2560 insertions(+) create mode 100644 src/drivers/net/iphone.c create mode 100644 src/drivers/net/iphone.h diff --git a/src/drivers/net/iphone.c b/src/drivers/net/iphone.c new file mode 100644 index 000000000..7d0eb4b64 --- /dev/null +++ b/src/drivers/net/iphone.c @@ -0,0 +1,2268 @@ +/* + * Copyright (C) 2020 Michael Brown . + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + * + * You can also choose to distribute this program under the terms of + * the Unmodified Binary Distribution Licence (as given in the file + * COPYING.UBDL), provided that you have satisfied its requirements. + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "iphone.h" + +/** @file + * + * iPhone USB Ethernet driver + * + */ + +/* Disambiguate the various error causes */ +#define EPIPE_NO_MUX __einfo_error ( EINFO_EPIPE_NO_MUX ) +#define EINFO_EPIPE_NO_MUX \ + __einfo_uniqify ( EINFO_EPIPE, 0x01, \ + "No USB multiplexer" ) +#define EINPROGRESS_PAIRING __einfo_error ( EINFO_EINPROGRESS_PAIRING ) +#define EINFO_EINPROGRESS_PAIRING \ + __einfo_uniqify ( EINFO_EINPROGRESS, 0x01, \ + "Pairing in progress" ) +#define ENOTCONN_DISABLED __einfo_error ( EINFO_ENOTCONN_DISABLED ) +#define EINFO_ENOTCONN_DISABLED \ + __einfo_uniqify ( EINFO_ENOTCONN, IPHONE_LINK_DISABLED, \ + "Personal Hotspot disabled" ) +#define ENOTCONN_STATUS( status ) \ + EUNIQ ( EINFO_ENOTCONN, ( (status) & 0x1f ), \ + ENOTCONN_DISABLED ) + +static int ipair_create ( struct interface *xfer, unsigned int flags ); + +/** Bulk IN completion profiler */ +static struct profiler iphone_in_profiler __profiler = + { .name = "iphone.in" }; + +/** Bulk OUT profiler */ +static struct profiler iphone_out_profiler __profiler = + { .name = "iphone.out" }; + +/** List of USB multiplexers */ +static LIST_HEAD ( imuxes ); + +/** List of iPhone network devices */ +static LIST_HEAD ( iphones ); + +/****************************************************************************** + * + * iPhone pairing certificates + * + ****************************************************************************** + */ + +/** iPhone root certificate fingerprint */ +static uint8_t icert_root_fingerprint[SHA256_DIGEST_SIZE]; + +/** Root of trust for iPhone certificates */ +static struct x509_root icert_root = { + .refcnt = REF_INIT ( ref_no_free ), + .digest = &sha256_algorithm, + .count = 1, + .fingerprints = icert_root_fingerprint, +}; + +/** Single zero byte used in constructed certificates */ +static const uint8_t icert_nul[] = { 0x00 }; + +/** "RSA algorithm" identifier used in constructed certificates */ +static const uint8_t icert_rsa[] = { + /* algorithm */ + ASN1_SHORT ( ASN1_SEQUENCE, + ASN1_SHORT ( ASN1_OID, ASN1_OID_RSAENCRYPTION ), + ASN1_NULL, 0x00 ) +}; + +/** "SHA-256 with RSA algorithm" identifier used in constructed certificates */ +static const uint8_t icert_sha256_rsa[] = { + ASN1_SHORT ( ASN1_SEQUENCE, + ASN1_SHORT ( ASN1_OID, ASN1_OID_SHA256WITHRSAENCRYPTION ), + ASN1_NULL, 0x00 ), +}; + +/** Extensions used in constructed root certificate */ +static const uint8_t icert_root_exts_data[] = { + /* extensions */ + ASN1_SHORT ( ASN1_EXPLICIT_TAG ( 3 ), ASN1_SHORT ( ASN1_SEQUENCE, + /* basicConstraints */ + ASN1_SHORT ( ASN1_SEQUENCE, + /* extnID */ + ASN1_SHORT ( ASN1_OID, ASN1_OID_BASICCONSTRAINTS ), + /* critical */ + ASN1_SHORT ( ASN1_BOOLEAN, 0xff ), + /* extnValue */ + ASN1_SHORT ( ASN1_OCTET_STRING, + ASN1_SHORT ( ASN1_SEQUENCE, + ASN1_SHORT ( ASN1_BOOLEAN, + 0xff ) ) ) ) ) ) +}; + +/** Extensions used in constructed root certificate */ +static struct asn1_cursor icert_root_exts = + ASN1_CURSOR ( icert_root_exts_data ); + +/** Extensions used in constructed leaf certificates */ +static const uint8_t icert_leaf_exts_data[] = { + /* extensions */ + ASN1_SHORT ( ASN1_EXPLICIT_TAG ( 3 ), ASN1_SHORT ( ASN1_SEQUENCE, + /* basicConstraints */ + ASN1_SHORT ( ASN1_SEQUENCE, + /* extnID */ + ASN1_SHORT ( ASN1_OID, ASN1_OID_BASICCONSTRAINTS ), + /* critical */ + ASN1_SHORT ( ASN1_BOOLEAN, 0xff ), + /* extnValue */ + ASN1_SHORT ( ASN1_OCTET_STRING, + ASN1_SHORT ( ASN1_SEQUENCE, + ASN1_SHORT ( ASN1_BOOLEAN, + 0x00 ) ) ) ), + /* keyUsage */ + ASN1_SHORT ( ASN1_SEQUENCE, + /* extnID */ + ASN1_SHORT ( ASN1_OID, ASN1_OID_KEYUSAGE ), + /* critical */ + ASN1_SHORT ( ASN1_BOOLEAN, 0xff ), + /* extnValue */ + ASN1_SHORT ( ASN1_OCTET_STRING, + ASN1_SHORT ( ASN1_BIT_STRING, 0x07, + ( X509_DIGITAL_SIGNATURE | + X509_KEY_ENCIPHERMENT ), + 0x00 ) ) ) ) ) +}; + +/** Extensions used in constructed leaf certificates */ +static struct asn1_cursor icert_leaf_exts = + ASN1_CURSOR ( icert_leaf_exts_data ); + +/** "TBSCertificate" prefix in constructed certificates */ +static const uint8_t icert_tbs_prefix[] = { + /* version */ + ASN1_SHORT ( ASN1_EXPLICIT_TAG ( 0 ), ASN1_SHORT ( ASN1_INTEGER, 2 ) ), + /* serialNumber */ + ASN1_SHORT ( ASN1_INTEGER, 0 ), + /* signature */ + ASN1_SHORT ( ASN1_SEQUENCE, + ASN1_SHORT ( ASN1_OID, ASN1_OID_SHA256WITHRSAENCRYPTION ), + ASN1_NULL, 0x00 ) +}; + +/** Validity period in constructed certificates */ +static const uint8_t icert_validity[] = { + /* validity */ + ASN1_SHORT ( ASN1_SEQUENCE, + /* notBefore */ + ASN1_SHORT ( ASN1_GENERALIZED_TIME, + '1', '9', '7', '8', '1', '2', '1', '0', + '2', '2', '0', '0', '0', '0', 'Z' ), + /* notAfter */ + ASN1_SHORT ( ASN1_GENERALIZED_TIME, + '2', '9', '9', '9', '0', '1', '0', '1', + '0', '0', '0', '0', '0', '0', 'Z' ) ) +}; + +/** "Root" subject name */ +static const uint8_t icert_name_root_data[] = { + ASN1_SHORT ( ASN1_SEQUENCE, ASN1_SHORT ( ASN1_SET, + ASN1_SHORT ( ASN1_SEQUENCE, + ASN1_SHORT ( ASN1_OID, ASN1_OID_COMMON_NAME ), + ASN1_SHORT ( ASN1_UTF8_STRING, 'R', 'o', 'o', 't' ) ) ) ) +}; + +/** "Root" subject name */ +static struct asn1_cursor icert_name_root = + ASN1_CURSOR ( icert_name_root_data ); + +/** "iPXE" subject name */ +static const uint8_t icert_name_ipxe_data[] = { + ASN1_SHORT ( ASN1_SEQUENCE, ASN1_SHORT ( ASN1_SET, + ASN1_SHORT ( ASN1_SEQUENCE, + ASN1_SHORT ( ASN1_OID, ASN1_OID_COMMON_NAME ), + ASN1_SHORT ( ASN1_UTF8_STRING, 'i', 'P', 'X', 'E' ) ) ) ) +}; + +/** "iPXE" subject name */ +static struct asn1_cursor icert_name_ipxe = + ASN1_CURSOR ( icert_name_ipxe_data ); + +/** "iPhone" subject name */ +static const uint8_t icert_name_iphone_data[] = { + ASN1_SHORT ( ASN1_SEQUENCE, ASN1_SHORT ( ASN1_SET, + ASN1_SHORT ( ASN1_SEQUENCE, + ASN1_SHORT ( ASN1_OID, ASN1_OID_COMMON_NAME ), + ASN1_SHORT ( ASN1_UTF8_STRING, + 'i', 'P', 'h', 'o', 'n', 'e' ) ) ) ) +}; + +/** "iPhone" subject name */ +static struct asn1_cursor icert_name_iphone = + ASN1_CURSOR ( icert_name_iphone_data ); + +/** Public key(s) used for pairing */ +static const uint8_t icert_public_a[] __unused = { + 0x02, 0x81, 0x81, 0x00, 0xc9, 0xc0, 0xdd, 0xa6, 0xd5, 0xf9, 0x05, 0x3e, + 0x1d, 0xcb, 0x67, 0x08, 0xa8, 0x50, 0x27, 0x63, 0x95, 0x87, 0x42, 0x7e, + 0xfb, 0xff, 0x55, 0x55, 0xb8, 0xc0, 0x6f, 0x13, 0xcb, 0xf7, 0xc5, 0x1b, + 0xda, 0x44, 0x3c, 0xbc, 0x1a, 0xe1, 0x15, 0x1e, 0xab, 0x56, 0x74, 0x02, + 0x8b, 0xb3, 0xcd, 0x42, 0x56, 0xcd, 0x9c, 0xc3, 0x15, 0xe2, 0x33, 0x97, + 0x6d, 0x77, 0xdd, 0x20, 0x3a, 0x74, 0xb1, 0x4c, 0xee, 0xeb, 0xe8, 0xaa, + 0x20, 0x71, 0x5a, 0xa2, 0x5b, 0xf8, 0x1a, 0xcb, 0xd2, 0x7b, 0x96, 0xb6, + 0x42, 0xb4, 0x7c, 0x7a, 0x13, 0xec, 0x55, 0xd3, 0x36, 0x8b, 0xe3, 0x17, + 0xc5, 0xc4, 0xcc, 0xe0, 0x27, 0x8c, 0xed, 0xa1, 0x4c, 0x8a, 0x50, 0x4a, + 0x1c, 0xc4, 0x58, 0xf6, 0xcd, 0xcc, 0xc3, 0x5f, 0xe6, 0x3c, 0xff, 0x97, + 0x51, 0xed, 0xf5, 0xaa, 0x89, 0xcc, 0x3f, 0x63, 0x67, 0x46, 0x9f, 0xbf, + 0x02, 0x03, 0x01, 0x00, 0x01 +}; +static const uint8_t icert_public_b[] __unused = { + 0x02, 0x81, 0x81, 0x00, 0xcd, 0x96, 0x81, 0x78, 0xbb, 0x2e, 0x64, 0xda, + 0xd3, 0x7e, 0xd7, 0x3a, 0xac, 0x3f, 0x00, 0xe5, 0x41, 0x65, 0x56, 0xac, + 0x2d, 0x77, 0xc0, 0x1a, 0xad, 0x32, 0xca, 0x0c, 0x72, 0xae, 0xdb, 0x57, + 0xc1, 0xc7, 0x79, 0xef, 0xc6, 0x71, 0x9f, 0xad, 0x82, 0x14, 0x94, 0x4b, + 0xf9, 0xd8, 0x78, 0xf1, 0xca, 0x99, 0xf5, 0x71, 0x07, 0x88, 0xd7, 0x55, + 0xc7, 0xcb, 0x36, 0x5d, 0xdb, 0x84, 0x46, 0xac, 0x05, 0xea, 0xf1, 0xe1, + 0xbe, 0x91, 0x50, 0x85, 0x1e, 0x64, 0xab, 0x02, 0x82, 0xab, 0xba, 0x42, + 0x06, 0x5a, 0xe3, 0xc3, 0x25, 0xd0, 0x95, 0x04, 0x54, 0xb4, 0x44, 0x40, + 0x5a, 0x42, 0x06, 0x04, 0x7d, 0x3b, 0x9e, 0xaf, 0x2e, 0xe9, 0xc8, 0xad, + 0x46, 0x3a, 0xff, 0xe2, 0x39, 0xc8, 0x48, 0x0a, 0x49, 0xaa, 0xfe, 0x1f, + 0x6c, 0x91, 0x5d, 0x1d, 0xd6, 0xb0, 0x04, 0xd1, 0x6c, 0xb2, 0x43, 0xaf, + 0x02, 0x03, 0x01, 0x00, 0x01 +}; + +/** + * "Private" key(s) used for pairing + * + * Yes, this publicly visible "private" key completely obviates any + * nominal security provided by the pairing process. Looked at + * another way, this modifies the iPhone to behave like every other + * USB tethering device: if the cable is physically connected and + * tethering is enabled then the device will Just Work. + * + * Unlike Android, the iPhone seems to have no meaningful permissions + * model: any device that is trusted to use the phone for tethering + * seems to also be trusted to use the iPhone for any other purpose + * (e.g. accessing files, reading messages, etc). Apple should + * probably fix this at some point, e.g. via defining extended key + * usages in the root and host certificates. + */ +static const uint8_t icert_private_a[] __unused = { + 0x02, 0x81, 0x80, 0x1d, 0x60, 0xb7, 0x25, 0xdf, 0x0c, 0x76, 0xc5, 0xf7, + 0xc2, 0xb1, 0x8b, 0x22, 0x2f, 0x21, 0xbd, 0x2f, 0x7d, 0xd5, 0xa1, 0xf6, + 0x01, 0xd5, 0x24, 0x39, 0x55, 0xd4, 0x16, 0xd6, 0xe1, 0x8a, 0x53, 0x26, + 0xf2, 0x3e, 0xc1, 0xc9, 0x4c, 0x33, 0x2e, 0x17, 0x16, 0xec, 0xa7, 0x9e, + 0x3e, 0x1d, 0x4a, 0x66, 0xa7, 0x64, 0x07, 0x48, 0x3d, 0x7a, 0xf3, 0xb6, + 0xdd, 0xf8, 0x56, 0x04, 0x0d, 0x0f, 0xef, 0xf8, 0xbd, 0xbc, 0x73, 0xe2, + 0xc2, 0xae, 0x1b, 0x87, 0x90, 0x18, 0x2a, 0x68, 0xff, 0xae, 0x49, 0xdf, + 0x7c, 0xff, 0xe8, 0x44, 0xa8, 0x3e, 0x4e, 0x4f, 0xf5, 0xfa, 0x51, 0x96, + 0xb8, 0x08, 0xf3, 0x18, 0xd6, 0x52, 0xdf, 0x3a, 0x8a, 0xed, 0xda, 0xcd, + 0xb4, 0x06, 0x99, 0x41, 0xcb, 0x23, 0x17, 0xaf, 0xc3, 0x3e, 0xfe, 0xdf, + 0x97, 0xf3, 0xd6, 0x18, 0x7e, 0x03, 0xaf, 0x62, 0xb2, 0xc8, 0xc9 +}; +static const uint8_t icert_private_b[] __unused = { + 0x02, 0x81, 0x80, 0x45, 0xbd, 0xc0, 0xbe, 0x0c, 0x01, 0x79, 0x05, 0x22, + 0xa9, 0xec, 0xa9, 0x62, 0xb5, 0x1c, 0xc0, 0xa8, 0xa6, 0x8f, 0xf8, 0x68, + 0x94, 0x2e, 0xfe, 0xdd, 0xb2, 0x55, 0x08, 0x53, 0xff, 0x2d, 0x39, 0x5f, + 0xeb, 0x23, 0x5a, 0x4b, 0x9f, 0x4f, 0xe3, 0xb4, 0x34, 0xf6, 0xf9, 0xaf, + 0x0f, 0xd8, 0x37, 0x6d, 0xdb, 0x3c, 0x7f, 0xd3, 0x66, 0x80, 0x66, 0x01, + 0x18, 0xd6, 0xa0, 0x90, 0x4f, 0x17, 0x09, 0xb8, 0x68, 0x44, 0xf0, 0xde, + 0x16, 0x4a, 0x8a, 0x0d, 0xa7, 0x5f, 0xb5, 0x4c, 0x53, 0xcc, 0x21, 0xdd, + 0x4f, 0x05, 0x64, 0xa5, 0xc5, 0xac, 0x2c, 0xd8, 0x0a, 0x7b, 0xf5, 0xa4, + 0x63, 0x32, 0xb0, 0x2c, 0xf8, 0xef, 0x8c, 0xf8, 0x2c, 0xba, 0x1c, 0x2c, + 0xc7, 0x0a, 0xf3, 0xe9, 0x8f, 0xfb, 0x0a, 0x61, 0x1b, 0x3a, 0xdd, 0x9f, + 0x74, 0x7d, 0xb3, 0x42, 0x59, 0x52, 0x07, 0x59, 0x8e, 0xb7, 0x41 +}; + +/** Key pair selection + * + * This exists only to allow for testing of the process for handling a + * failed TLS negotiation. + */ +#define icert_key_suffix a +#define icert_key_variable( prefix ) _C2 ( prefix, icert_key_suffix ) +#define icert_public icert_key_variable ( icert_public_ ) +#define icert_private icert_key_variable ( icert_private_ ) + +/** PEM certificate prefix */ +static const char icert_begin[] = "-----BEGIN CERTIFICATE-----\n"; + +/** PEM certificate suffix */ +static const char icert_end[] = "\n-----END CERTIFICATE-----\n"; + +/** + * Free pairing certificates + * + * @v icert Pairing certificates + */ +static void icert_free ( struct icert *icert ) { + + privkey_put ( icert->key ); + x509_put ( icert->root ); + x509_put ( icert->host ); + x509_put ( icert->device ); + memset ( icert, 0, sizeof ( *icert ) ); +} + +/** + * Construct certificate + * + * @v icert Pairing certificates + * @v subject Subject name + * @v issuer Issuer name + * @v private Private key + * @v public Public key + * @v exts Certificate extensions + * @v cert Certificate to fill in + * @ret rc Return status code + * + * On success, the caller is responsible for eventually calling + * x509_put() on the allocated encoded certificate. + */ +static int icert_cert ( struct icert *icert, struct asn1_cursor *subject, + struct asn1_cursor *issuer, struct asn1_cursor *private, + struct asn1_cursor *public, struct asn1_cursor *exts, + struct x509_certificate **cert ) { + struct digest_algorithm *digest = &sha256_algorithm; + struct pubkey_algorithm *pubkey = &rsa_algorithm; + struct asn1_builder spki = { NULL, 0 }; + struct asn1_builder tbs = { NULL, 0 }; + struct asn1_builder raw = { NULL, 0 }; + uint8_t digest_ctx[SHA256_CTX_SIZE]; + uint8_t digest_out[SHA256_DIGEST_SIZE]; + uint8_t pubkey_ctx[RSA_CTX_SIZE]; + int len; + int rc; + + /* Initialise "private" key */ + if ( ( rc = pubkey_init ( pubkey, pubkey_ctx, private->data, + private->len ) ) != 0 ) { + DBGC ( icert, "ICERT %p could not initialise private key: " + "%s\n", icert, strerror ( rc ) ); + goto err_pubkey_init; + } + + /* Construct subjectPublicKeyInfo */ + if ( ( rc = ( asn1_prepend_raw ( &spki, public->data, public->len ), + asn1_prepend_raw ( &spki, icert_nul, + sizeof ( icert_nul ) ), + asn1_wrap ( &spki, ASN1_BIT_STRING ), + asn1_prepend_raw ( &spki, icert_rsa, + sizeof ( icert_rsa ) ), + asn1_wrap ( &spki, ASN1_SEQUENCE ) ) ) != 0 ) { + DBGC ( icert, "ICERT %p could not build subjectPublicKeyInfo: " + "%s\n", icert, strerror ( rc ) ); + goto err_spki; + } + + /* Construct tbsCertificate */ + if ( ( rc = ( asn1_prepend_raw ( &tbs, exts->data, exts->len ), + asn1_prepend_raw ( &tbs, spki.data, spki.len ), + asn1_prepend_raw ( &tbs, subject->data, subject->len ), + asn1_prepend_raw ( &tbs, icert_validity, + sizeof ( icert_validity ) ), + asn1_prepend_raw ( &tbs, issuer->data, issuer->len ), + asn1_prepend_raw ( &tbs, icert_tbs_prefix, + sizeof ( icert_tbs_prefix ) ), + asn1_wrap ( &tbs, ASN1_SEQUENCE ) ) ) != 0 ) { + DBGC ( icert, "ICERT %p could not build tbsCertificate: %s\n", + icert, strerror ( rc ) ); + goto err_tbs; + } + + /* Calculate certificate digest */ + digest_init ( digest, digest_ctx ); + digest_update ( digest, digest_ctx, tbs.data, tbs.len ); + digest_final ( digest, digest_ctx, digest_out ); + + /* Construct signature */ + if ( ( rc = asn1_grow ( &raw, pubkey_max_len ( pubkey, + pubkey_ctx ) ) ) != 0 ) { + DBGC ( icert, "ICERT %p could not build signature: %s\n", + icert, strerror ( rc ) ); + goto err_grow; + } + if ( ( len = pubkey_sign ( pubkey, pubkey_ctx, digest, digest_out, + raw.data ) ) < 0 ) { + rc = len; + DBGC ( icert, "ICERT %p could not sign: %s\n", + icert, strerror ( rc ) ); + goto err_pubkey_sign; + } + assert ( ( ( size_t ) len ) == raw.len ); + + /* Construct raw certificate data */ + if ( ( rc = ( asn1_prepend_raw ( &raw, icert_nul, + sizeof ( icert_nul ) ), + asn1_wrap ( &raw, ASN1_BIT_STRING ), + asn1_prepend_raw ( &raw, icert_sha256_rsa, + sizeof ( icert_sha256_rsa ) ), + asn1_prepend_raw ( &raw, tbs.data, tbs.len ), + asn1_wrap ( &raw, ASN1_SEQUENCE ) ) ) != 0 ) { + DBGC ( icert, "ICERT %p could not build certificate: %s\n", + icert, strerror ( rc ) ); + goto err_raw; + } + + /* Parse certificate */ + if ( ( rc = x509_certificate ( raw.data, raw.len, cert ) ) != 0 ) { + DBGC ( icert, "ICERT %p invalid certificate: %s\n", + icert, strerror ( rc ) ); + DBGC_HDA ( icert, 0, raw.data, raw.len ); + goto err_x509; + } + + err_x509: + err_raw: + err_pubkey_sign: + free ( raw.data ); + err_grow: + free ( tbs.data ); + err_tbs: + free ( spki.data ); + err_spki: + pubkey_final ( pubkey, pubkey_ctx ); + err_pubkey_init: + return rc; +} + +/** + * Construct certificates + * + * @v icert Certificate set + * @v pubkey Device public key + * @ret rc Return status code + */ +static int icert_certs ( struct icert *icert, struct asn1_cursor *key ) { + struct digest_algorithm *digest = icert_root.digest; + struct asn1_builder public = { NULL, 0 }; + struct asn1_builder *private; + int rc; + + /* Free any existing key and certificates */ + icert_free ( icert ); + + /* Allocate "private" key */ + icert->key = zalloc ( sizeof ( *icert->key ) ); + if ( ! icert->key ) { + rc = -ENOMEM; + goto error; + } + privkey_init ( icert->key ); + private = &icert->key->builder; + + /* Construct our "private" key */ + if ( ( rc = ( asn1_prepend_raw ( private, icert_private, + sizeof ( icert_private ) ), + asn1_prepend_raw ( private, icert_public, + sizeof ( icert_public ) ), + asn1_prepend ( private, ASN1_INTEGER, icert_nul, + sizeof ( icert_nul ) ), + asn1_wrap ( private, ASN1_SEQUENCE ) ) ) != 0 ) { + DBGC ( icert, "ICERT %p could not build private key: %s\n", + icert, strerror ( rc ) ); + goto error; + } + + /* Construct our own public key */ + if ( ( rc = ( asn1_prepend_raw ( &public, icert_public, + sizeof ( icert_public ) ), + asn1_wrap ( &public, ASN1_SEQUENCE ) ) ) != 0 ) { + DBGC ( icert, "ICERT %p could not build public key: %s\n", + icert, strerror ( rc ) ); + goto error; + } + + /* Construct root certificate */ + if ( ( rc = icert_cert ( icert, &icert_name_root, &icert_name_root, + asn1_built ( private ), asn1_built ( &public ), + &icert_root_exts, &icert->root ) ) != 0 ) + goto error; + + /* Construct host certificate */ + if ( ( rc = icert_cert ( icert, &icert_name_ipxe, &icert_name_root, + asn1_built ( private ), asn1_built ( &public ), + &icert_leaf_exts, &icert->host ) ) != 0 ) + goto error; + + /* Construct device certificate */ + if ( ( rc = icert_cert ( icert, &icert_name_iphone, &icert_name_root, + asn1_built ( private ), key, + &icert_leaf_exts, &icert->device ) ) != 0 ) + goto error; + + /* Construct root of trust */ + assert ( digest->digestsize == sizeof ( icert_root_fingerprint ) ); + x509_fingerprint ( icert->root, digest, icert_root_fingerprint ); + + /* Free constructed keys */ + free ( public.data ); + return 0; + + error: + icert_free ( icert ); + free ( public.data ); + return rc; +} + +/** + * Construct doubly base64-encoded certificate + * + * @v icert Pairing certificates + * @v cert X.509 certificate + * @v encenc Doubly base64-encoded certificate to construct + * @ret rc Return status code + * + * On success, the caller is responsible for eventually calling free() + * on the allocated doubly encoded encoded certificate. + */ +static int icert_encode ( struct icert *icert, struct x509_certificate *cert, + char **encenc ) { + size_t encencoded_len; + size_t encoded_len; + size_t pem_len; + char *pem; + int rc; + + /* Sanity check */ + assert ( cert != NULL ); + + /* Create PEM */ + encoded_len = ( base64_encoded_len ( cert->raw.len ) + 1 /* NUL */ ); + pem_len = ( ( sizeof ( icert_begin ) - 1 /* NUL */ ) + + ( encoded_len - 1 /* NUL */ ) + + ( sizeof ( icert_end ) - 1 /* NUL */ ) + + 1 /* NUL */ ); + pem = malloc ( pem_len ); + if ( ! pem ) { + rc = -ENOMEM; + goto err_alloc_pem; + } + strcpy ( pem, icert_begin ); + base64_encode ( cert->raw.data, cert->raw.len, + ( pem + sizeof ( icert_begin ) - 1 /* NUL */ ), + encoded_len ); + strcpy ( ( pem + + ( sizeof ( icert_begin ) - 1 /* NUL */ ) + + ( encoded_len - 1 /* NUL */ ) ), icert_end ); + DBGC2 ( icert, "ICERT %p \"%s\" certificate:\n%s", + icert, x509_name ( cert ), pem ); + + /* Base64-encode the PEM (sic) */ + encencoded_len = ( base64_encoded_len ( pem_len - 1 /* NUL */ ) + + 1 /* NUL */ ); + *encenc = malloc ( encencoded_len ); + if ( ! *encenc ) { + rc = -ENOMEM; + goto err_alloc_encenc; + } + base64_encode ( pem, ( pem_len - 1 /* NUL */ ), *encenc, + encencoded_len ); + + /* Success */ + rc = 0; + + err_alloc_encenc: + free ( pem ); + err_alloc_pem: + return rc; +} + +/****************************************************************************** + * + * iPhone USB multiplexer + * + ****************************************************************************** + * + * The iPhone USB multiplexer speaks a protocol that is almost, but + * not quite, entirely unlike TCP. + * + */ + +/** + * Transmit message + * + * @v imux USB multiplexer + * @v iobuf I/O buffer + * @ret rc Return status code + */ +static int imux_tx ( struct imux *imux, struct io_buffer *iobuf ) { + struct imux_header *hdr = iobuf->data; + size_t len = iob_len ( iobuf ); + int rc; + + /* Populate header */ + assert ( len >= sizeof ( *hdr ) ); + hdr->len = htonl ( len ); + hdr->in_seq = htons ( imux->in_seq ); + hdr->out_seq = htons ( imux->out_seq ); + DBGCP ( imux, "IMUX %p transmitting:\n", imux ); + DBGCP_HDA ( imux, 0, hdr, len ); + + /* Transmit message */ + if ( ( rc = usb_stream ( &imux->usbnet.out, iobuf, 1 ) ) != 0 ) + goto err; + + /* Increment sequence number */ + imux->out_seq++; + + return 0; + + err: + free_iob ( iobuf ); + return rc; +} + +/** + * Transmit version message + * + * @v imux USB multiplexer + * @ret rc Return status code + */ +static int imux_tx_version ( struct imux *imux ) { + struct io_buffer *iobuf; + struct imux_header_version *vers; + int rc; + + /* Allocate I/O buffer */ + iobuf = alloc_iob ( sizeof ( *vers ) ); + if ( ! iobuf ) + return -ENOMEM; + vers = iob_put ( iobuf, sizeof ( *vers ) ); + + /* Construct version message */ + memset ( vers, 0, sizeof ( *vers ) ); + vers->hdr.protocol = htonl ( IMUX_VERSION ); + + /* Transmit message */ + if ( ( rc = imux_tx ( imux, iob_disown ( iobuf ) ) ) != 0 ) + return rc; + + return 0; +} + +/** + * Transmit pseudo-TCP message + * + * @v imux USB multiplexer + * @v iobuf I/O buffer + * @ret rc Return status code + */ +static int imux_tx_tcp ( struct imux *imux, struct io_buffer *iobuf ) { + struct imux_header_tcp *tcp = iobuf->data; + size_t len = iob_len ( iobuf ); + int rc; + + /* Populate TCP header */ + assert ( len >= sizeof ( *tcp ) ); + tcp->hdr.protocol = htonl ( IMUX_TCP ); + tcp->tcp.src = htons ( imux->port ); + tcp->tcp.dest = htons ( IMUX_PORT_LOCKDOWND ); + tcp->tcp.seq = htonl ( imux->tcp_seq ); + tcp->tcp.ack = htonl ( imux->tcp_ack ); + tcp->tcp.hlen = ( ( sizeof ( tcp->tcp ) / 4 ) << 4 ); + tcp->tcp.win = htons ( IMUX_WINDOW ); + + /* Transmit message */ + if ( ( rc = imux_tx ( imux, iob_disown ( iobuf ) ) ) != 0 ) + return rc; + + /* Update TCP sequence */ + imux->tcp_seq += ( len - sizeof ( *tcp ) ); + + return 0; +} + +/** + * Transmit pseudo-TCP SYN + * + * @v imux USB multiplexer + * @ret rc Return status code + */ +static int imux_tx_syn ( struct imux *imux ) { + struct io_buffer *iobuf; + struct imux_header_tcp *syn; + int rc; + + /* Allocate I/O buffer */ + iobuf = alloc_iob ( sizeof ( *syn ) ); + if ( ! iobuf ) + return -ENOMEM; + syn = iob_put ( iobuf, sizeof ( *syn ) ); + + /* Construct TCP SYN message */ + memset ( syn, 0, sizeof ( *syn ) ); + syn->tcp.flags = TCP_SYN; + + /* Transmit message */ + if ( ( rc = imux_tx_tcp ( imux, iob_disown ( iobuf ) ) ) != 0 ) + return rc; + + /* Increment TCP sequence to compensate for SYN */ + imux->tcp_seq++; + + return 0; +} + +/** + * Open pairing client + * + * @v imux USB multiplexer + * @ret rc Return status code + */ +static int imux_start_pair ( struct imux *imux ) { + int rc; + + /* Disconnect any existing pairing client */ + intf_restart ( &imux->tcp, -EPIPE ); + + /* Create pairing client */ + if ( ( rc = ipair_create ( &imux->tcp, imux->flags ) ) != 0 ) + return rc; + + return 0; +} + +/** + * Receive version message + * + * @v imux USB multiplexer + */ +static void imux_rx_version ( struct imux *imux ) { + + /* Reset output sequence */ + imux->out_seq = 0; + + /* Send TCP SYN */ + imux->action = imux_tx_syn; +} + +/** + * Receive log message + * + * @v imux USB multiplexer + * @v hdr Message header + * @v len Length of message + */ +static void imux_rx_log ( struct imux *imux, struct imux_header *hdr, + size_t len ) { + struct imux_header_log *log = + container_of ( hdr, struct imux_header_log, hdr ); + unsigned int level; + size_t msg_len; + char *tmp; + + /* Sanity check */ + if ( len < sizeof ( *log ) ) { + DBGC ( imux, "IMUX %p malformed log message:\n", imux ); + DBGC_HDA ( imux, 0, log, len ); + return; + } + + /* First byte is the log level, followed by a printable + * message with no NUL terminator. Extract the log level, + * then shuffle the message down within the buffer and append + * a NUL terminator. + */ + msg_len = ( len - sizeof ( *hdr ) ); + level = log->level; + tmp = ( ( void * ) &log->level ); + memmove ( tmp, &log->msg, msg_len ); + tmp[msg_len] = '\0'; + + /* Print log message */ + DBGC ( imux, "IMUX %p <%d>: %s\n", imux, level, tmp ); +} + +/** + * Receive pseudo-TCP SYN+ACK + * + * @v imux USB multiplexer + */ +static void imux_rx_syn ( struct imux *imux ) { + + /* Increment TCP acknowledgement to compensate for SYN */ + imux->tcp_ack++; + + /* Start pairing client */ + imux->action = imux_start_pair; +} + +/** + * Receive pseudo-TCP message + * + * @v imux USB multiplexer + * @v iobuf I/O buffer + */ +static void imux_rx_tcp ( struct imux *imux, struct io_buffer *iobuf ) { + struct imux_header_tcp *tcp = iobuf->data; + size_t len = iob_len ( iobuf ); + int rc; + + /* Sanity check */ + if ( len < sizeof ( *tcp ) ) { + DBGC ( imux, "IMUX %p malformed TCP message:\n", imux ); + DBGC_HDA ( imux, 0, tcp, len ); + goto error; + } + + /* Ignore unexpected packets */ + if ( tcp->tcp.dest != htons ( imux->port ) ) { + DBGC ( imux, "IMUX %p ignoring unexpected TCP port %d:\n", + imux, ntohs ( tcp->tcp.dest ) ); + DBGC_HDA ( imux, 0, tcp, len ); + goto error; + } + + /* Ignore resets */ + if ( tcp->tcp.flags & TCP_RST ) { + DBGC ( imux, "IMUX %p ignoring TCP RST\n", imux ); + DBGC2_HDA ( imux, 0, tcp, len ); + goto error; + } + + /* Record ACK number */ + imux->tcp_ack = ( ntohl ( tcp->tcp.seq ) + len - sizeof ( *tcp ) ); + + /* Handle received message */ + if ( tcp->tcp.flags & TCP_SYN ) { + + /* Received SYN+ACK */ + imux_rx_syn ( imux ); + + } else { + + /* Strip header */ + iob_pull ( iobuf, sizeof ( *tcp ) ); + + /* Deliver via socket */ + if ( ( rc = xfer_deliver_iob ( &imux->tcp, + iob_disown ( iobuf ) ) ) != 0 ) + goto error; + } + + error: + free_iob ( iobuf ); +} + +/** + * Complete bulk IN transfer + * + * @v ep USB endpoint + * @v iobuf I/O buffer + * @v rc Completion status code + */ +static void imux_in_complete ( struct usb_endpoint *ep, + struct io_buffer *iobuf, int rc ) { + struct imux *imux = container_of ( ep, struct imux, usbnet.in ); + struct imux_header *hdr = iobuf->data; + size_t len = iob_len ( iobuf ); + + /* Ignore packets cancelled when the endpoint closes */ + if ( ! ep->open ) + goto drop; + + /* Report USB errors */ + if ( rc != 0 ) { + DBGC ( imux, "IMUX %p bulk IN failed: %s\n", + imux, strerror ( rc ) ); + goto drop; + } + + /* Sanity check */ + if ( len < sizeof ( *hdr ) ) { + DBGC ( imux, "IMUX %p malformed message:\n", imux ); + DBGC_HDA ( imux, 0, hdr, len ); + goto drop; + } + + /* Record input sequence */ + imux->in_seq = ntohs ( hdr->in_seq ); + + /* Handle according to protocol */ + DBGCP ( imux, "IMUX %p received:\n", imux ); + DBGCP_HDA ( imux, 0, hdr, len ); + switch ( hdr->protocol ) { + case htonl ( IMUX_VERSION ): + imux_rx_version ( imux ); + break; + case htonl ( IMUX_LOG ): + imux_rx_log ( imux, hdr, len ); + break; + case htonl ( IMUX_TCP ): + imux_rx_tcp ( imux, iob_disown ( iobuf ) ); + break; + default: + DBGC ( imux, "IMUX %p unknown message type %d:\n", + imux, ntohl ( hdr->protocol ) ); + DBGC_HDA ( imux, 0, hdr, len ); + break; + } + + drop: + free_iob ( iobuf ); +} + +/** Bulk IN endpoint operations */ +static struct usb_endpoint_driver_operations imux_in_operations = { + .complete = imux_in_complete, +}; + +/** + * Complete bulk OUT transfer + * + * @v ep USB endpoint + * @v iobuf I/O buffer + * @v rc Completion status code + */ +static void imux_out_complete ( struct usb_endpoint *ep, + struct io_buffer *iobuf, int rc ) { + struct imux *imux = container_of ( ep, struct imux, usbnet.out ); + + /* Report USB errors */ + if ( rc != 0 ) { + DBGC ( imux, "IMUX %p bulk OUT failed: %s\n", + imux, strerror ( rc ) ); + goto error; + } + + error: + free_iob ( iobuf ); +} + +/** Bulk OUT endpoint operations */ +static struct usb_endpoint_driver_operations imux_out_operations = { + .complete = imux_out_complete, +}; + +/** + * Shut down USB multiplexer + * + * @v imux USB multiplexer + */ +static void imux_shutdown ( struct imux *imux ) { + + /* Shut down interfaces */ + intf_shutdown ( &imux->tcp, -ECANCELED ); + + /* Close USB network device, if open */ + if ( process_running ( &imux->process ) ) { + process_del ( &imux->process ); + usbnet_close ( &imux->usbnet ); + } +} + +/** + * Close USB multiplexer + * + * @v imux USB multiplexer + * @v rc Reason for close + */ +static void imux_close ( struct imux *imux, int rc ) { + struct iphone *iphone; + + /* Restart interfaces */ + intf_restart ( &imux->tcp, rc ); + + /* Record pairing status */ + imux->rc = rc; + + /* Trigger link check on any associated iPhones */ + list_for_each_entry ( iphone, &iphones, list ) { + if ( iphone->usb == imux->usb ) + start_timer_nodelay ( &iphone->timer ); + } + + /* Retry pairing on any error */ + if ( rc != 0 ) { + + /* Increment port number */ + imux->port++; + + /* Request pairing on any retry attempt */ + imux->flags = IPAIR_REQUEST; + + /* Send new pseudo-TCP SYN */ + imux->action = imux_tx_syn; + + DBGC ( imux, "IMUX %p retrying pairing: %s\n", + imux, strerror ( rc ) ); + return; + } + + /* Shut down multiplexer on pairing success */ + imux_shutdown ( imux ); +} + +/** + * Allocate I/O buffer for pseudo-TCP socket + * + * @v imux USB multiplexer + * @v len I/O buffer payload length + * @ret iobuf I/O buffer + */ +static struct io_buffer * imux_alloc_iob ( struct imux *imux __unused, + size_t len ) { + struct imux_header_tcp *tcp; + struct io_buffer *iobuf; + + /* Allocate I/O buffer */ + iobuf = alloc_iob ( sizeof ( *tcp ) + len ); + if ( ! iobuf ) + return NULL; + + /* Reserve space for pseudo-TCP message header */ + iob_reserve ( iobuf, sizeof ( *tcp ) ); + + return iobuf; +} + +/** + * Transmit packet via pseudo-TCP socket + * + * @v imux USB multiplexer + * @v iobuf I/O buffer + * @v meta Data transfer metadata + * @ret rc Return status code + */ +static int imux_deliver ( struct imux *imux, struct io_buffer *iobuf, + struct xfer_metadata *meta __unused ) { + struct imux_header_tcp *tcp; + + /* Prepend pseudo-TCP header */ + tcp = iob_push ( iobuf, sizeof ( *tcp ) ); + memset ( tcp, 0, sizeof ( *tcp ) ); + tcp->tcp.flags = TCP_ACK; + + /* Transmit pseudo-TCP packet */ + return imux_tx_tcp ( imux, iob_disown ( iobuf ) ); +} + +/** Pseudo-TCP socket interface operations */ +static struct interface_operation imux_tcp_operations[] = { + INTF_OP ( xfer_deliver, struct imux *, imux_deliver ), + INTF_OP ( xfer_alloc_iob, struct imux *, imux_alloc_iob ), + INTF_OP ( intf_close, struct imux *, imux_close ), +}; + +/** Pseudo-TCP socket interface descriptor */ +static struct interface_descriptor imux_tcp_desc = + INTF_DESC ( struct imux, tcp, imux_tcp_operations ); + +/** + * Multiplexer process + * + * @v imux USB multiplexer + */ +static void imux_step ( struct imux *imux ) { + int rc; + + /* Poll USB bus */ + usb_poll ( imux->bus ); + + /* Do nothing more if multiplexer has been closed */ + if ( ! process_running ( &imux->process ) ) + return; + + /* Refill endpoints */ + if ( ( rc = usbnet_refill ( &imux->usbnet ) ) != 0 ) { + /* Wait for next poll */ + return; + } + + /* Perform pending action, if any */ + if ( imux->action ) { + if ( ( rc = imux->action ( imux ) ) != 0 ) + imux_close ( imux, rc ); + imux->action = NULL; + } +} + +/** Multiplexer process descriptor */ +static struct process_descriptor imux_process_desc = + PROC_DESC ( struct imux, process, imux_step ); + +/** + * Probe device + * + * @v func USB function + * @v config Configuration descriptor + * @ret rc Return status code + */ +static int imux_probe ( struct usb_function *func, + struct usb_configuration_descriptor *config ) { + struct usb_device *usb = func->usb; + struct imux *imux; + int rc; + + /* Allocate and initialise structure */ + imux = zalloc ( sizeof ( *imux ) ); + if ( ! imux ) { + rc = -ENOMEM; + goto err_alloc; + } + ref_init ( &imux->refcnt, NULL ); + imux->usb = usb; + imux->bus = usb->port->hub->bus; + usbnet_init ( &imux->usbnet, func, NULL, &imux_in_operations, + &imux_out_operations ); + usb_refill_init ( &imux->usbnet.in, 0, IMUX_IN_MTU, IMUX_IN_MAX_FILL ); + process_init ( &imux->process, &imux_process_desc, &imux->refcnt ); + imux->action = imux_tx_version; + imux->port = IMUX_PORT_LOCAL; + intf_init ( &imux->tcp, &imux_tcp_desc, &imux->refcnt ); + imux->rc = -EINPROGRESS_PAIRING; + + /* Describe USB network device */ + if ( ( rc = usbnet_describe ( &imux->usbnet, config ) ) != 0 ) { + DBGC ( imux, "IMUX %p could not describe: %s\n", + imux, strerror ( rc ) ); + goto err_describe; + } + + /* Open USB network device */ + if ( ( rc = usbnet_open ( &imux->usbnet ) ) != 0 ) { + DBGC ( imux, "IMUX %p could not open: %s\n", + imux, strerror ( rc ) ); + goto err_open; + } + + /* Start polling process */ + process_add ( &imux->process ); + + /* Add to list of multiplexers */ + list_add ( &imux->list, &imuxes ); + + usb_func_set_drvdata ( func, imux ); + return 0; + + list_del ( &imux->list ); + imux_shutdown ( imux ); + err_open: + err_describe: + ref_put ( &imux->refcnt ); + err_alloc: + return rc; +} + +/** + * Remove device + * + * @v func USB function + */ +static void imux_remove ( struct usb_function *func ) { + struct imux *imux = usb_func_get_drvdata ( func ); + + list_del ( &imux->list ); + imux_shutdown ( imux ); + ref_put ( &imux->refcnt ); +} + +/** USB multiplexer device IDs */ +static struct usb_device_id imux_ids[] = { + { + .name = "imux", + .vendor = 0x05ac, + .product = USB_ANY_ID, + }, +}; + +/** USB multiplexer driver */ +struct usb_driver imux_driver __usb_driver = { + .ids = imux_ids, + .id_count = ( sizeof ( imux_ids ) / sizeof ( imux_ids[0] ) ), + .class = USB_CLASS_ID ( 0xff, 0xfe, 0x02 ), + .score = USB_SCORE_NORMAL, + .probe = imux_probe, + .remove = imux_remove, +}; + +/****************************************************************************** + * + * iPhone pairing client + * + ****************************************************************************** + */ + +/** Common prefix for all pairing messages */ +static const char ipair_prefix[] = + "\n" + "\n" + "\n" + "\n" + "Label\n" + "iPXE\n" + "Request\n"; + +/** Common suffix for all pairing messages */ +static const char ipair_suffix[] = + "\n" + "\n"; + +/** Arbitrary system BUID used for pairing */ +static const char ipair_system_buid[] = "E4DB92D2-248A-469A-AC34-92045D07E695"; + +/** Arbitrary host ID used for pairing */ +static const char ipair_host_id[] = "93CEBC27-8457-4804-9108-F42549DF6143"; + +static int ipair_tx_pubkey ( struct ipair *ipair ); +static int ipair_rx_pubkey ( struct ipair *ipair, char *msg ); +static int ipair_tx_pair ( struct ipair *ipair ); +static int ipair_rx_pair ( struct ipair *ipair, char *msg ); +static int ipair_tx_session ( struct ipair *ipair ); +static int ipair_rx_session ( struct ipair *ipair, char *msg ); + +/** + * Free pairing client + * + * @v refcnt Reference counter + */ +static void ipair_free ( struct refcnt *refcnt ) { + struct ipair *ipair = container_of ( refcnt, struct ipair, refcnt ); + + icert_free ( &ipair->icert ); + free ( ipair ); +} + +/** + * Shut down pairing client + * + * @v ipair Pairing client + * @v rc Reason for close + */ +static void ipair_close ( struct ipair *ipair, int rc ) { + + /* Shut down interfaces */ + intf_shutdown ( &ipair->xfer, rc ); + + /* Stop timer */ + stop_timer ( &ipair->timer ); +} + +/** + * Transmit XML message + * + * @v ipair Pairing client + * @v fmt Format string + * @v ... Arguments + * @ret rc Return status code + */ +static int __attribute__ (( format ( printf, 2, 3 ) )) +ipair_tx ( struct ipair *ipair, const char *fmt, ... ) { + struct io_buffer *iobuf; + struct ipair_header *hdr; + va_list args; + size_t len; + char *msg; + int rc; + + /* Calculate length of formatted string */ + va_start ( args, fmt ); + len = ( vsnprintf ( NULL, 0, fmt, args ) + 1 /* NUL */ ); + va_end ( args ); + + /* Allocate I/O buffer */ + iobuf = xfer_alloc_iob ( &ipair->xfer, ( sizeof ( *hdr ) + len ) ); + if ( ! iobuf ) + return -ENOMEM; + hdr = iob_put ( iobuf, sizeof ( *hdr ) ); + + /* Construct XML message */ + memset ( hdr, 0, sizeof ( *hdr ) ); + hdr->len = htonl ( len ); + msg = iob_put ( iobuf, len ); + vsnprintf ( msg, len, fmt, args ); + DBGC2 ( ipair, "IPAIR %p transmitting:\n%s\n", ipair, msg ); + + /* Transmit message */ + if ( ( rc = xfer_deliver_iob ( &ipair->xfer, + iob_disown ( iobuf ) ) ) != 0 ) + return rc; + + return 0; +} + +/** + * Receive XML message payload + * + * @v ipair Pairing client + * @v msg Message payload + * @v len Length of message + * @ret rc Return status code + */ +static int ipair_rx ( struct ipair *ipair, char *msg, size_t len ) { + int ( * rx ) ( struct ipair *ipair, char *msg ); + int rc; + + /* Ignore empty messages */ + if ( ! len ) + return 0; + + /* Sanity check */ + if ( ( msg[ len - 1 ] != '\0' ) && ( msg[ len - 1 ] != '\n' ) ) { + DBGC ( ipair, "IPAIR %p malformed XML:\n", ipair ); + DBGC_HDA ( ipair, 0, msg, len ); + return -EPROTO; + } + + /* Add NUL terminator (potentially overwriting final newline) */ + msg[ len - 1 ] = '\0'; + DBGC2 ( ipair, "IPAIR %p received:\n%s\n\n", ipair, msg ); + + /* Handle according to current state */ + rx = ipair->rx; + if ( ! rx ) { + DBGC ( ipair, "IPAIR %p unexpected XML:\n%s\n", ipair, msg ); + return -EPROTO; + } + ipair->rx = NULL; + if ( ( rc = rx ( ipair, msg ) ) != 0 ) + return rc; + + return 0; +} + +/** + * Locate XML tag + * + * @v ipair Pairing client + * @v msg XML message + * @v tag Tag name + * @ret start Start of tag content + * @ret end End of tag content + * @ret rc Return status code + */ +static int ipair_tag ( struct ipair *ipair, const char *msg, const char *tag, + char **start, char **end ) { + char buf[ 2 /* "" */ + 1 /* NUL */ ]; + + /* Locate opening tag */ + sprintf ( buf, "<%s>", tag ); + *start = strstr ( msg, buf ); + if ( ! *start ) + return -ENOENT; + *start += strlen ( buf ); + + /* Locate closing tag */ + sprintf ( buf, "", tag ); + *end = strstr ( *start, buf ); + if ( ! *end ) { + DBGC ( ipair, "IPAIR %p missing closing tag %s in:\n%s\n", + ipair, buf, msg ); + return -ENOENT; + } + + return 0; +} + +/** + * Locate XML property list dictionary value + * + * @v ipair Pairing client + * @v msg XML message + * @v key Key name + * @v type Key type + * @ret start Start of value content + * @ret end End of value content + * @ret rc Return status code + */ +static int ipair_key ( struct ipair *ipair, const char *msg, const char *key, + const char *type, char **start, char **end ) { + int rc; + + /* Iterate over keys */ + while ( 1 ) { + + /* Locate key */ + if ( ( rc = ipair_tag ( ipair, msg, "key", start, + end ) ) != 0 ) + return rc; + msg = *end; + + /* Check key name */ + if ( memcmp ( *start, key, ( *end - *start ) ) != 0 ) + continue; + + /* Locate value */ + return ipair_tag ( ipair, msg, type, start, end ); + } +} + +/** + * Transmit DevicePublicKey message + * + * @v ipair Pairing client + * @ret rc Return status code + */ +static int ipair_tx_pubkey ( struct ipair *ipair ) { + int rc; + + /* Transmit message */ + if ( ( rc = ipair_tx ( ipair, + "%s" + "GetValue\n" + "Key\n" + "DevicePublicKey\n" + "%s", + ipair_prefix, ipair_suffix ) ) != 0 ) + return rc; + + return 0; +} + +/** + * Receive DevicePublicKey message + * + * @v ipair Pairing client + * @v msg XML message + * @ret rc Return status code + */ +static int ipair_rx_pubkey ( struct ipair *ipair, char *msg ) { + struct asn1_cursor *key; + char *data; + char *end; + char *decoded; + size_t max_len; + int len; + int next; + int rc; + + /* Locate "Value" value */ + if ( ( rc = ipair_key ( ipair, msg, "Value", "data", &data, + &end ) ) != 0 ) { + DBGC ( ipair, "IPAIR %p unexpected public key message:\n%s\n", + ipair, msg ); + goto err_tag; + } + *end = '\0'; + + /* Decode outer layer of Base64 */ + max_len = base64_decoded_max_len ( data ); + decoded = malloc ( max_len ); + if ( ! decoded ) { + rc = -ENOMEM; + goto err_alloc; + } + len = base64_decode ( data, decoded, max_len ); + if ( len < 0 ) { + rc = len; + DBGC ( ipair, "IPAIR %p invalid outer public key:\n%s\n", + ipair, data ); + goto err_decode; + } + + /* Decode inner layer of Base64 */ + next = pem_asn1 ( virt_to_user ( decoded ), len, 0, &key ); + if ( next < 0 ) { + rc = next; + DBGC ( ipair, "IPAIR %p invalid inner public key:\n%s\n", + ipair, decoded ); + goto err_asn1; + } + DBGC ( ipair, "IPAIR %p received public key\n", ipair ); + DBGC2_HDA ( ipair, 0, key->data, key->len ); + + /* Construct certificates */ + if ( ( rc = icert_certs ( &ipair->icert, key ) ) != 0 ) + goto err_certs; + + /* Send session request or pair request as applicable */ + if ( ipair->flags & IPAIR_REQUEST ) { + ipair->tx = ipair_tx_pair; + ipair->rx = ipair_rx_pair; + } else { + ipair->tx = ipair_tx_session; + ipair->rx = ipair_rx_session; + } + start_timer_nodelay ( &ipair->timer ); + + /* Free key */ + free ( key ); + + /* Free intermediate Base64 */ + free ( decoded ); + + return 0; + + err_certs: + free ( key ); + err_asn1: + err_decode: + free ( decoded ); + err_alloc: + err_tag: + return rc; +} + +/** + * Transmit Pair message + * + * @v ipair Pairing client + * @ret rc Return status code + */ +static int ipair_tx_pair ( struct ipair *ipair ) { + char *root; + char *host; + char *device; + int rc; + + /* Construct doubly encoded certificates */ + if ( ( rc = icert_encode ( &ipair->icert, ipair->icert.root, + &root ) ) != 0 ) + goto err_root; + if ( ( rc = icert_encode ( &ipair->icert, ipair->icert.host, + &host ) ) != 0 ) + goto err_host; + if ( ( rc = icert_encode ( &ipair->icert, ipair->icert.device, + &device ) ) != 0 ) + goto err_device; + + /* Transmit message */ + if ( ( rc = ipair_tx ( ipair, + "%s" + "Pair\n" + "PairRecord\n" + "\n" + "RootCertificate\n" + "%s\n" + "HostCertificate\n" + "%s\n" + "DeviceCertificate\n" + "%s\n" + "SystemBUID\n" + "%s\n" + "HostID\n" + "%s\n" + "\n" + "ProtocolVersion\n" + "2\n" + "PairingOptions\n" + "\n" + "ExtendedPairingErrors\n" + "\n" + "\n" + "%s", + ipair_prefix, root, host, device, + ipair_system_buid, ipair_host_id, + ipair_suffix + ) ) != 0 ) + goto err_tx; + + err_tx: + free ( device ); + err_device: + free ( host ); + err_host: + free ( root ); + err_root: + return rc; +} + +/** + * Receive Pair message error + * + * @v ipair Pairing client + * @v error Pairing error + * @ret rc Return status code + */ +static int ipair_rx_pair_error ( struct ipair *ipair, char *error ) { + + /* Check for actual errors */ + if ( strcmp ( error, "PairingDialogResponsePending" ) != 0 ) { + DBGC ( ipair, "IPAIR %p pairing error \"%s\"\n", ipair, error ); + return -EPERM; + } + + /* Retransmit pairing request */ + ipair->tx = ipair_tx_pair; + ipair->rx = ipair_rx_pair; + start_timer_fixed ( &ipair->timer, IPAIR_RETRY_DELAY ); + + DBGC ( ipair, "IPAIR %p waiting for pairing dialog\n", ipair ); + return 0; +} + +/** + * Receive Pair message + * + * @v ipair Pairing client + * @v msg XML message + * @ret rc Return status code + */ +static int ipair_rx_pair ( struct ipair *ipair, char *msg ) { + char *error; + char *escrow; + char *end; + int rc; + + /* Check for pairing errors */ + if ( ( rc = ipair_key ( ipair, msg, "Error", "string", &error, + &end ) ) == 0 ) { + *end = '\0'; + return ipair_rx_pair_error ( ipair, error ); + } + + /* Get EscrowBag */ + if ( ( rc = ipair_key ( ipair, msg, "EscrowBag", "data", &escrow, + &end ) ) != 0 ) { + DBGC ( ipair, "IPAIR %p unexpected pairing response:\n%s\n", + ipair, msg ); + return rc; + } + DBGC ( ipair, "IPAIR %p pairing successful\n", ipair ); + + /* Send session request */ + ipair->tx = ipair_tx_session; + ipair->rx = ipair_rx_session; + start_timer_nodelay ( &ipair->timer ); + + return 0; +} + +/** + * Transmit StartSession message + * + * @v ipair Pairing client + * @ret rc Return status code + */ +static int ipair_tx_session ( struct ipair *ipair ) { + int rc; + + /* Transmit message */ + if ( ( rc = ipair_tx ( ipair, + "%s" + "StartSession\n" + "SystemBUID\n" + "%s\n" + "HostID\n" + "%s\n" + "%s", + ipair_prefix, ipair_system_buid, + ipair_host_id, ipair_suffix + ) ) != 0 ) + return rc; + + return 0; +} + +/** + * Receive StartSession message error + * + * @v ipair Pairing client + * @v error Pairing error + * @ret rc Return status code + */ +static int ipair_rx_session_error ( struct ipair *ipair, char *error ) { + + /* Check for actual errors */ + if ( strcmp ( error, "InvalidHostID" ) != 0 ) { + DBGC ( ipair, "IPAIR %p session error \"%s\"\n", ipair, error ); + return -EPERM; + } + + /* Transmit pairing request */ + ipair->tx = ipair_tx_pair; + ipair->rx = ipair_rx_pair; + start_timer_nodelay ( &ipair->timer ); + + DBGC ( ipair, "IPAIR %p unknown host: requesting pairing\n", ipair ); + return 0; +} + +/** + * Receive StartSession message + * + * @v ipair Pairing client + * @v msg XML message + * @ret rc Return status code + */ +static int ipair_rx_session ( struct ipair *ipair, char *msg ) { + char *error; + char *session; + char *end; + int rc; + + /* Check for session errors */ + if ( ( rc = ipair_key ( ipair, msg, "Error", "string", &error, + &end ) ) == 0 ) { + *end = '\0'; + return ipair_rx_session_error ( ipair, error ); + } + + /* Check for session ID */ + if ( ( rc = ipair_key ( ipair, msg, "SessionID", "string", &session, + &end ) ) != 0 ) { + DBGC ( ipair, "IPAIR %p unexpected session response:\n%s\n", + ipair, msg ); + return rc; + } + *end = '\0'; + DBGC ( ipair, "IPAIR %p starting session \"%s\"\n", ipair, session ); + + /* Start TLS */ + if ( ( rc = add_tls ( &ipair->xfer, "iPhone", &icert_root, + ipair->icert.key ) ) != 0 ) { + DBGC ( ipair, "IPAIR %p could not start TLS: %s\n", + ipair, strerror ( rc ) ); + return rc; + } + + /* Record that TLS has been started */ + ipair->flags |= IPAIR_TLS; + + return 0; +} + +/** + * Handle window change notification + * + * @v ipair Pairing client + */ +static void ipair_window_changed ( struct ipair *ipair ) { + + /* Report pairing as complete once TLS session has been established */ + if ( ( ipair->flags & IPAIR_TLS ) && xfer_window ( &ipair->xfer ) ) { + + /* Sanity checks */ + assert ( x509_is_valid ( ipair->icert.root, &icert_root ) ); + assert ( x509_is_valid ( ipair->icert.device, &icert_root ) ); + assert ( ! x509_is_valid ( ipair->icert.root, NULL ) ); + assert ( ! x509_is_valid ( ipair->icert.host, NULL ) ); + assert ( ! x509_is_valid ( ipair->icert.device, NULL ) ); + + /* Report pairing as complete */ + DBGC ( ipair, "IPAIR %p established TLS session\n", ipair ); + ipair_close ( ipair, 0 ); + return; + } +} + +/** + * Handle received data + * + * @v ipair Pairing client + * @v iobuf I/O buffer + * @v meta Data transfer metadata + * @ret rc Return status code + */ +static int ipair_deliver ( struct ipair *ipair, struct io_buffer *iobuf, + struct xfer_metadata *meta __unused ) { + struct ipair_header *hdr; + int rc; + + /* Strip header (which may appear in a separate packet) */ + if ( ( ! ( ipair->flags & IPAIR_RX_LEN ) ) && + ( iob_len ( iobuf ) >= sizeof ( *hdr ) ) ) { + iob_pull ( iobuf, sizeof ( *hdr ) ); + ipair->flags |= IPAIR_RX_LEN; + } + + /* Clear received header flag if we have a message */ + if ( iob_len ( iobuf ) ) + ipair->flags &= ~IPAIR_RX_LEN; + + /* Receive message */ + if ( ( rc = ipair_rx ( ipair, iobuf->data, iob_len ( iobuf ) ) ) != 0 ) + goto error; + + /* Free I/O buffer */ + free_iob ( iobuf ); + + return 0; + + error: + ipair_close ( ipair, rc ); + free_iob ( iobuf ); + return rc; +} + +/** + * Pairing transmission timer + * + * @v timer Retransmission timer + * @v over Failure indicator + */ +static void ipair_expired ( struct retry_timer *timer, int over __unused ) { + struct ipair *ipair = container_of ( timer, struct ipair, timer ); + int ( * tx ) ( struct ipair *ipair ); + int rc; + + /* Sanity check */ + tx = ipair->tx; + assert ( tx != NULL ); + + /* Clear pending transmission */ + ipair->tx = NULL; + + /* Transmit data, if applicable */ + if ( ( rc = tx ( ipair ) ) != 0 ) + ipair_close ( ipair, rc ); +} + +/** Pairing client interface operations */ +static struct interface_operation ipair_xfer_operations[] = { + INTF_OP ( xfer_deliver, struct ipair *, ipair_deliver ), + INTF_OP ( xfer_window_changed, struct ipair *, ipair_window_changed ), + INTF_OP ( intf_close, struct ipair *, ipair_close ), +}; + +/** Pairing client interface descriptor */ +static struct interface_descriptor ipair_xfer_desc = + INTF_DESC ( struct ipair, xfer, ipair_xfer_operations ); + +/** + * Create a pairing client + * + * @v xfer Data transfer interface + * @v flags Initial state flags + * @ret rc Return status code + */ +static int ipair_create ( struct interface *xfer, unsigned int flags ) { + struct ipair *ipair; + int rc; + + /* Allocate and initialise structure */ + ipair = zalloc ( sizeof ( *ipair ) ); + if ( ! ipair ) { + rc = -ENOMEM; + goto err_alloc; + } + ref_init ( &ipair->refcnt, ipair_free ); + intf_init ( &ipair->xfer, &ipair_xfer_desc, &ipair->refcnt ); + timer_init ( &ipair->timer, ipair_expired, &ipair->refcnt ); + ipair->tx = ipair_tx_pubkey; + ipair->rx = ipair_rx_pubkey; + ipair->flags = flags; + + /* Schedule initial transmission */ + start_timer_nodelay ( &ipair->timer ); + + /* Attach to parent interface, mortalise self, and return */ + intf_plug_plug ( &ipair->xfer, xfer ); + ref_put ( &ipair->refcnt ); + return 0; + + ref_put ( &ipair->refcnt ); + err_alloc: + return rc; +} + +/****************************************************************************** + * + * iPhone USB networking + * + ****************************************************************************** + */ + +/** + * Complete bulk IN transfer + * + * @v ep USB endpoint + * @v iobuf I/O buffer + * @v rc Completion status code + */ +static void iphone_in_complete ( struct usb_endpoint *ep, + struct io_buffer *iobuf, int rc ) { + struct iphone *iphone = container_of ( ep, struct iphone, usbnet.in ); + struct net_device *netdev = iphone->netdev; + + /* Profile receive completions */ + profile_start ( &iphone_in_profiler ); + + /* Ignore packets cancelled when the endpoint closes */ + if ( ! ep->open ) + goto ignore; + + /* Record USB errors against the network device */ + if ( rc != 0 ) { + DBGC ( iphone, "IPHONE %p bulk IN failed: %s\n", + iphone, strerror ( rc ) ); + goto error; + } + + /* Strip padding */ + if ( iob_len ( iobuf ) < IPHONE_IN_PAD ) { + DBGC ( iphone, "IPHONE %p malformed bulk IN:\n", iphone ); + DBGC_HDA ( iphone, 0, iobuf->data, iob_len ( iobuf ) ); + rc = -EINVAL; + goto error; + } + iob_pull ( iobuf, IPHONE_IN_PAD ); + + /* Hand off to network stack */ + netdev_rx ( netdev, iob_disown ( iobuf ) ); + + profile_stop ( &iphone_in_profiler ); + return; + + error: + netdev_rx_err ( netdev, iob_disown ( iobuf ), rc ); + ignore: + free_iob ( iobuf ); +} + +/** Bulk IN endpoint operations */ +static struct usb_endpoint_driver_operations iphone_in_operations = { + .complete = iphone_in_complete, +}; + +/** + * Transmit packet + * + * @v iphone iPhone device + * @v iobuf I/O buffer + * @ret rc Return status code + */ +static int iphone_out_transmit ( struct iphone *iphone, + struct io_buffer *iobuf ) { + int rc; + + /* Profile transmissions */ + profile_start ( &iphone_out_profiler ); + + /* Enqueue I/O buffer */ + if ( ( rc = usb_stream ( &iphone->usbnet.out, iobuf, 1 ) ) != 0 ) + return rc; + + profile_stop ( &iphone_out_profiler ); + return 0; +} + +/** + * Complete bulk OUT transfer + * + * @v ep USB endpoint + * @v iobuf I/O buffer + * @v rc Completion status code + */ +static void iphone_out_complete ( struct usb_endpoint *ep, + struct io_buffer *iobuf, int rc ) { + struct iphone *iphone = container_of ( ep, struct iphone, usbnet.out ); + struct net_device *netdev = iphone->netdev; + + /* Report TX completion */ + netdev_tx_complete_err ( netdev, iobuf, rc ); +} + +/** Bulk OUT endpoint operations */ +static struct usb_endpoint_driver_operations iphone_out_operations = { + .complete = iphone_out_complete, +}; + +/** + * Check pairing status + * + * @v iphone iPhone device + * @ret rc Return status code + */ +static int iphone_check_pair ( struct iphone *iphone ) { + struct imux *imux; + + /* Find corresponding USB multiplexer */ + list_for_each_entry ( imux, &imuxes, list ) { + if ( imux->usb == iphone->usb ) + return imux->rc; + } + + return -EPIPE_NO_MUX; +} + +/** + * Check link status + * + * @v netdev Network device + */ +static void iphone_check_link ( struct net_device *netdev ) { + struct iphone *iphone = netdev->priv; + struct usb_device *usb = iphone->usb; + uint8_t status; + int rc; + + /* Check pairing status */ + if ( ( rc = iphone_check_pair ( iphone ) ) != 0 ) + goto err_pair; + + /* Get link status */ + if ( ( rc = usb_control ( usb, IPHONE_GET_LINK, 0, 0, &status, + sizeof ( status ) ) ) != 0 ) { + DBGC ( iphone, "IPHONE %p could not get link status: %s\n", + iphone, strerror ( rc ) ); + goto err_control; + } + + /* Check link status */ + if ( status != IPHONE_LINK_UP ) { + rc = -ENOTCONN_STATUS ( status ); + goto err_status; + } + + /* Success */ + rc = 0; + + err_status: + err_control: + err_pair: + /* Report link status. Since we have to check the link + * periodically (due to an absence of an interrupt endpoint), + * do this only if the link status has actually changed. + */ + if ( rc != netdev->link_rc ) { + if ( rc == 0 ) { + DBGC ( iphone, "IPHONE %p link up\n", iphone ); + } else { + DBGC ( iphone, "IPHONE %p link down: %s\n", + iphone, strerror ( rc ) ); + } + netdev_link_err ( netdev, rc ); + } +} + +/** + * Periodically update link status + * + * @v timer Link status timer + * @v over Failure indicator + */ +static void iphone_expired ( struct retry_timer *timer, int over __unused ) { + struct iphone *iphone = container_of ( timer, struct iphone, timer ); + struct net_device *netdev = iphone->netdev; + + /* Check link status */ + iphone_check_link ( netdev ); + + /* Restart timer, if device is open */ + if ( netdev_is_open ( netdev ) ) + start_timer_fixed ( timer, IPHONE_LINK_CHECK_INTERVAL ); +} + +/** + * Open network device + * + * @v netdev Network device + * @ret rc Return status code + */ +static int iphone_open ( struct net_device *netdev ) { + struct iphone *iphone = netdev->priv; + int rc; + + /* Open USB network device */ + if ( ( rc = usbnet_open ( &iphone->usbnet ) ) != 0 ) { + DBGC ( iphone, "IPHONE %p could not open: %s\n", + iphone, strerror ( rc ) ); + goto err_open; + } + + /* Start the link status check timer */ + start_timer_nodelay ( &iphone->timer ); + + return 0; + + usbnet_close ( &iphone->usbnet ); + err_open: + return rc; +} + +/** + * Close network device + * + * @v netdev Network device + */ +static void iphone_close ( struct net_device *netdev ) { + struct iphone *iphone = netdev->priv; + + /* Stop the link status check timer */ + stop_timer ( &iphone->timer ); + + /* Close USB network device */ + usbnet_close ( &iphone->usbnet ); +} + +/** + * Transmit packet + * + * @v netdev Network device + * @v iobuf I/O buffer + * @ret rc Return status code + */ +static int iphone_transmit ( struct net_device *netdev, + struct io_buffer *iobuf ) { + struct iphone *iphone = netdev->priv; + int rc; + + /* Transmit packet */ + if ( ( rc = iphone_out_transmit ( iphone, iobuf ) ) != 0 ) + return rc; + + return 0; +} + +/** + * Poll for completed and received packets + * + * @v netdev Network device + */ +static void iphone_poll ( struct net_device *netdev ) { + struct iphone *iphone = netdev->priv; + int rc; + + /* Poll USB bus */ + usb_poll ( iphone->bus ); + + /* Refill endpoints */ + if ( ( rc = usbnet_refill ( &iphone->usbnet ) ) != 0 ) + netdev_rx_err ( netdev, NULL, rc ); +} + +/** iPhone network device operations */ +static struct net_device_operations iphone_operations = { + .open = iphone_open, + .close = iphone_close, + .transmit = iphone_transmit, + .poll = iphone_poll, +}; + +/** + * Probe device + * + * @v func USB function + * @v config Configuration descriptor + * @ret rc Return status code + */ +static int iphone_probe ( struct usb_function *func, + struct usb_configuration_descriptor *config ) { + struct usb_device *usb = func->usb; + struct net_device *netdev; + struct iphone *iphone; + int rc; + + /* Allocate and initialise structure */ + netdev = alloc_etherdev ( sizeof ( *iphone ) ); + if ( ! netdev ) { + rc = -ENOMEM; + goto err_alloc; + } + netdev_init ( netdev, &iphone_operations ); + netdev->dev = &func->dev; + iphone = netdev->priv; + memset ( iphone, 0, sizeof ( *iphone ) ); + iphone->usb = usb; + iphone->bus = usb->port->hub->bus; + iphone->netdev = netdev; + usbnet_init ( &iphone->usbnet, func, NULL, &iphone_in_operations, + &iphone_out_operations ); + usb_refill_init ( &iphone->usbnet.in, 0, IPHONE_IN_MTU, + IPHONE_IN_MAX_FILL ); + timer_init ( &iphone->timer, iphone_expired, &netdev->refcnt ); + DBGC ( iphone, "IPHONE %p on %s\n", iphone, func->name ); + + /* Describe USB network device */ + if ( ( rc = usbnet_describe ( &iphone->usbnet, config ) ) != 0 ) { + DBGC ( iphone, "IPHONE %p could not describe: %s\n", + iphone, strerror ( rc ) ); + goto err_describe; + } + + /* Fetch MAC address */ + if ( ( rc = usb_control ( usb, IPHONE_GET_MAC, 0, 0, netdev->hw_addr, + ETH_ALEN ) ) != 0 ) { + DBGC ( iphone, "IPHONE %p could not fetch MAC address: %s\n", + iphone, strerror ( rc ) ); + goto err_fetch_mac; + } + + /* Register network device */ + if ( ( rc = register_netdev ( netdev ) ) != 0 ) + goto err_register; + + /* Set initial link status */ + iphone_check_link ( netdev ); + + /* Add to list of iPhone network devices */ + list_add ( &iphone->list, &iphones ); + + usb_func_set_drvdata ( func, iphone ); + return 0; + + list_del ( &iphone->list ); + unregister_netdev ( netdev ); + err_register: + err_fetch_mac: + err_describe: + netdev_nullify ( netdev ); + netdev_put ( netdev ); + err_alloc: + return rc; +} + +/** + * Remove device + * + * @v func USB function + */ +static void iphone_remove ( struct usb_function *func ) { + struct iphone *iphone = usb_func_get_drvdata ( func ); + struct net_device *netdev = iphone->netdev; + + list_del ( &iphone->list ); + unregister_netdev ( netdev ); + netdev_nullify ( netdev ); + netdev_put ( netdev ); +} + +/** iPhone device IDs */ +static struct usb_device_id iphone_ids[] = { + { + .name = "iphone", + .vendor = 0x05ac, + .product = USB_ANY_ID, + }, +}; + +/** iPhone driver */ +struct usb_driver iphone_driver __usb_driver = { + .ids = iphone_ids, + .id_count = ( sizeof ( iphone_ids ) / sizeof ( iphone_ids[0] ) ), + .class = USB_CLASS_ID ( 0xff, 0xfd, 0x01 ), + .score = USB_SCORE_NORMAL, + .probe = iphone_probe, + .remove = iphone_remove, +}; + +/* Drag in objects via iphone_driver */ +REQUIRING_SYMBOL ( iphone_driver ); + +/* Drag in RSA-with-SHA256 OID prefixes */ +REQUIRE_OBJECT ( rsa_sha256 ); diff --git a/src/drivers/net/iphone.h b/src/drivers/net/iphone.h new file mode 100644 index 000000000..2db6da7bd --- /dev/null +++ b/src/drivers/net/iphone.h @@ -0,0 +1,291 @@ +#ifndef _IPHONE_H +#define _IPHONE_H + +/** @file + * + * iPhone USB Ethernet driver + * + */ + +FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/****************************************************************************** + * + * iPhone pairing certificates + * + ****************************************************************************** + */ + +/** An iPhone pairing certificate set */ +struct icert { + /** "Private" key */ + struct private_key *key; + /** Root certificate */ + struct x509_certificate *root; + /** Host certificate */ + struct x509_certificate *host; + /** Device certificate */ + struct x509_certificate *device; +}; + +/****************************************************************************** + * + * iPhone USB multiplexer + * + ****************************************************************************** + */ + +/** An iPhone USB multiplexed packet header */ +struct imux_header { + /** Protocol */ + uint32_t protocol; + /** Length (including this header) */ + uint32_t len; + /** Reserved */ + uint32_t reserved; + /** Output sequence number */ + uint16_t out_seq; + /** Input sequence number */ + uint16_t in_seq; +} __attribute__ (( packed )); + +/** iPhone USB multiplexer protocols */ +enum imux_protocol { + /** Version number */ + IMUX_VERSION = 0, + /** Log message */ + IMUX_LOG = 1, + /** TCP packet */ + IMUX_TCP = IP_TCP, +}; + +/** An iPhone USB multiplexed version message header */ +struct imux_header_version { + /** Multiplexed packet header */ + struct imux_header hdr; + /** Reserved */ + uint32_t reserved; +} __attribute__ (( packed )); + +/** An iPhone USB multiplexed log message header */ +struct imux_header_log { + /** Multiplexed packet header */ + struct imux_header hdr; + /** Log level */ + uint8_t level; + /** Message */ + char msg[0]; +} __attribute__ (( packed )); + +/** An iPhone USB multiplexed pseudo-TCP message header */ +struct imux_header_tcp { + /** Multiplexed packet header */ + struct imux_header hdr; + /** Pseudo-TCP header */ + struct tcp_header tcp; +} __attribute__ (( packed )); + +/** Local port number + * + * This is a policy decision. + */ +#define IMUX_PORT_LOCAL 0x18ae + +/** Lockdown daemon port number */ +#define IMUX_PORT_LOCKDOWND 62078 + +/** Advertised TCP window + * + * This is a policy decision. + */ +#define IMUX_WINDOW 0x0200 + +/** An iPhone USB multiplexer */ +struct imux { + /** Reference counter */ + struct refcnt refcnt; + /** USB device */ + struct usb_device *usb; + /** USB bus */ + struct usb_bus *bus; + /** USB network device */ + struct usbnet_device usbnet; + /** List of USB multiplexers */ + struct list_head list; + + /** Polling process */ + struct process process; + /** Pending action + * + * @v imux USB multiplexer + * @ret rc Return status code + */ + int ( * action ) ( struct imux *imux ); + + /** Input sequence */ + uint16_t in_seq; + /** Output sequence */ + uint16_t out_seq; + /** Pseudo-TCP sequence number */ + uint32_t tcp_seq; + /** Pseudo-TCP acknowledgement number */ + uint32_t tcp_ack; + /** Pseudo-TCP local port number */ + uint16_t port; + + /** Pseudo-TCP lockdown socket interface */ + struct interface tcp; + /** Pairing flags */ + unsigned int flags; + /** Pairing status */ + int rc; +}; + +/** Multiplexer bulk IN maximum fill level + * + * This is a policy decision. + */ +#define IMUX_IN_MAX_FILL 1 + +/** Multiplexer bulk IN buffer size + * + * This is a policy decision. + */ +#define IMUX_IN_MTU 4096 + +/****************************************************************************** + * + * iPhone pairing client + * + ****************************************************************************** + */ + +/** An iPhone USB multiplexed pseudo-TCP XML message header */ +struct ipair_header { + /** Message length */ + uint32_t len; + /** Message */ + char msg[0]; +} __attribute__ (( packed )); + +/** An iPhone pairing client */ +struct ipair { + /** Reference counter */ + struct refcnt refcnt; + /** Data transfer interface */ + struct interface xfer; + + /** Pairing timer */ + struct retry_timer timer; + /** Transmit message + * + * @v ipair Pairing client + * @ret rc Return status code + */ + int ( * tx ) ( struct ipair *ipair ); + /** Receive message + * + * @v ipair Pairing client + * @v msg XML message + * @ret rc Return status code + */ + int ( * rx ) ( struct ipair *ipair, char *msg ); + /** State flags */ + unsigned int flags; + + /** Pairing certificates */ + struct icert icert; +}; + +/** Pairing client state flags */ +enum ipair_flags { + /** Request a new pairing */ + IPAIR_REQUEST = 0x0001, + /** Standalone length has been received */ + IPAIR_RX_LEN = 0x0002, + /** TLS session has been started */ + IPAIR_TLS = 0x0004, +}; + +/** Pairing retry delay + * + * This is a policy decision. + */ +#define IPAIR_RETRY_DELAY ( 1 * TICKS_PER_SEC ) + +/****************************************************************************** + * + * iPhone USB networking + * + ****************************************************************************** + */ + +/** Get MAC address */ +#define IPHONE_GET_MAC \ + ( USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE | \ + USB_REQUEST_TYPE ( 0x00 ) ) + +/** Get link status */ +#define IPHONE_GET_LINK \ + ( USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_DEVICE | \ + USB_REQUEST_TYPE ( 0x45 ) ) + +/** An iPhone link status */ +enum iphone_link_status { + /** Personal Hotspot is disabled */ + IPHONE_LINK_DISABLED = 0x03, + /** Link up */ + IPHONE_LINK_UP = 0x04, + /** Link not yet determined */ + IPHONE_LINK_UNKNOWN = -1U, +}; + +/** An iPhone network device */ +struct iphone { + /** USB device */ + struct usb_device *usb; + /** USB bus */ + struct usb_bus *bus; + /** Network device */ + struct net_device *netdev; + /** USB network device */ + struct usbnet_device usbnet; + + /** List of iPhone network devices */ + struct list_head list; + /** Link status check timer */ + struct retry_timer timer; +}; + +/** Bulk IN padding */ +#define IPHONE_IN_PAD 2 + +/** Bulk IN buffer size + * + * This is a policy decision. + */ +#define IPHONE_IN_MTU ( ETH_FRAME_LEN + IPHONE_IN_PAD ) + +/** Bulk IN maximum fill level + * + * This is a policy decision. + */ +#define IPHONE_IN_MAX_FILL 8 + +/** Link check interval + * + * This is a policy decision. + */ +#define IPHONE_LINK_CHECK_INTERVAL ( 5 * TICKS_PER_SEC ) + +#endif /* _IPHONE_H */ diff --git a/src/include/ipxe/errfile.h b/src/include/ipxe/errfile.h index 7c98909d1..3437a5217 100644 --- a/src/include/ipxe/errfile.h +++ b/src/include/ipxe/errfile.h @@ -210,6 +210,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #define ERRFILE_pcimsix ( ERRFILE_DRIVER | 0x00cc0000 ) #define ERRFILE_intelxlvf ( ERRFILE_DRIVER | 0x00cd0000 ) #define ERRFILE_usbblk ( ERRFILE_DRIVER | 0x00ce0000 ) +#define ERRFILE_iphone ( ERRFILE_DRIVER | 0x00cf0000 ) #define ERRFILE_aoe ( ERRFILE_NET | 0x00000000 ) #define ERRFILE_arp ( ERRFILE_NET | 0x00010000 ) -- cgit