Ecosystem/xmrig
Ecosystem/xmrig
1
0
Fork 0
mirror of https://github.com/xmrig/xmrig.git synced 2024-12-22 11:39:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added TLS support for API and many other TLS related changes.

Browse source
This commit is contained in:
XMRig 2020-03-18 20:09:11 +07:00
parent 92a258f142
commit 5b610e4dfe
No known key found for this signature in database
GPG key ID: 446A53638BE94409
38 changed files with 1601 additions and 178 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
README.md
View file

@ -94,6 +94,15 @@ CUDA backend:
--cuda-bsleep-hint=N bsleep hint for autoconfig
--no-nvml disable NVML (NVIDIA Management Library) support
TLS:
--tls-gen=HOSTNAME generate TLS certificate for specific hostname
--tls-cert=FILE load TLS certificate chain from a file in the PEM format
--tls-cert-key=FILE load TLS certificate private key from a file in the PEM format
--tls-dhparam=FILE load DH parameters for DHE ciphers from a file in the PEM format
--tls-protocols=N enable specified TLS protocols, example: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"
--tls-ciphers=S set list of available ciphers (TLSv1.2 and below)
--tls-ciphersuites=S set list of available TLSv1.3 ciphersuites
Logging:
-S, --syslog use system log for output messages
-l, --log-file=FILE log all output to a file

30
cmake/OpenSSL.cmake
View file

@ -13,11 +13,30 @@ if (WITH_TLS)
find_package(OpenSSL)
if (OPENSSL_FOUND)
set(TLS_SOURCES src/base/net/stratum/Tls.h src/base/net/stratum/Tls.cpp)
set(TLS_SOURCES
src/base/net/stratum/Tls.cpp
src/base/net/stratum/Tls.h
src/base/net/tls/ServerTls.cpp
src/base/net/tls/ServerTls.h
src/base/net/tls/TlsConfig.cpp
src/base/net/tls/TlsConfig.h
src/base/net/tls/TlsContext.cpp
src/base/net/tls/TlsContext.h
src/base/net/tls/TlsGen.cpp
src/base/net/tls/TlsGen.h
)
include_directories(${OPENSSL_INCLUDE_DIR})
if (WITH_HTTP)
set(TLS_SOURCES ${TLS_SOURCES} src/base/net/http/HttpsClient.h src/base/net/http/HttpsClient.cpp)
set(TLS_SOURCES ${TLS_SOURCES}
src/base/net/https/HttpsClient.cpp
src/base/net/https/HttpsClient.h
src/base/net/https/HttpsContext.cpp
src/base/net/https/HttpsContext.h
src/base/net/https/HttpsServer.cpp
src/base/net/https/HttpsServer.h
)
endif()
else()
message(FATAL_ERROR "OpenSSL NOT found: use `-DWITH_TLS=OFF` to build without TLS support")
@ -29,5 +48,12 @@ else()
set(OPENSSL_LIBRARIES "")
remove_definitions(/DXMRIG_FEATURE_TLS)
if (WITH_HTTP)
set(TLS_SOURCES ${TLS_SOURCES}
src/base/net/http/HttpServer.cpp
src/base/net/http/HttpServer.h
)
endif()
set(CMAKE_PROJECT_NAME "${CMAKE_PROJECT_NAME}-notls")
endif()

30
src/base/api/Httpd.cpp
View file

@ -29,12 +29,18 @@
#include "base/io/log/Log.h"
#include "base/net/http/HttpApiResponse.h"
#include "base/net/http/HttpData.h"
#include "base/net/http/HttpServer.h"
#include "base/net/tools/TcpServer.h"
#include "core/config/Config.h"
#include "core/Controller.h"
#ifdef XMRIG_FEATURE_TLS
# include "base/net/https/HttpsServer.h"
#else
# include "base/net/http/HttpServer.h"
#endif
namespace xmrig {
static const char *kAuthorization = "authorization";
@ -48,10 +54,7 @@ static size_t faviconSize = 0;
xmrig::Httpd::Httpd(Base *base) :
m_base(base),
m_http(nullptr),
m_server(nullptr),
m_port(0)
m_base(base)
{
m_httpListener = std::make_shared<HttpListener>(this);
@ -64,18 +67,27 @@ xmrig::Httpd::~Httpd() = default;
bool xmrig::Httpd::start()
{
const Http &config = m_base->config()->http();
const auto &config = m_base->config()->http();
if (!config.isEnabled()) {
return true;
}
m_http = new HttpServer(m_httpListener);
bool tls = false;
# ifdef XMRIG_FEATURE_TLS
m_http = new HttpsServer(m_httpListener);
tls = m_http->setTls(m_base->config()->tls());
# else
m_http = new HttpServer(m_httpListener);
# endif
m_server = new TcpServer(config.host(), config.port(), m_http);
const int rc = m_server->bind();
Log::print(GREEN_BOLD(" * ") WHITE_BOLD("%-13s") BLUE_BOLD("%s:%d") " " RED_BOLD("%s"),
Log::print(GREEN_BOLD(" * ") WHITE_BOLD("%-13s") CSI "1;%dm%s:%d" " " RED_BOLD("%s"),
"HTTP API",
tls ? 32 : 36,
config.host().data(),
rc < 0 ? config.port() : rc,
rc < 0 ? uv_strerror(rc) : ""
@ -143,7 +155,7 @@ void xmrig::Httpd::onHttpData(const HttpData &data)
}
# endif
return HttpResponse(data.id(), 404).end();
return HttpResponse(data.id(), HTTP_STATUS_NOT_FOUND).end();
}
if (data.method > 4) {

14
src/base/api/Httpd.h
View file

@ -40,6 +40,7 @@ namespace xmrig {
class Base;
class HttpServer;
class HttpsServer;
class TcpServer;
@ -61,11 +62,16 @@ protected:
private:
int auth(const HttpData &req) const;
Base *m_base;
HttpServer *m_http;
const Base *m_base;
std::shared_ptr<IHttpListener> m_httpListener;
TcpServer *m_server;
uint16_t m_port;
TcpServer *m_server = nullptr;
uint16_t m_port = 0;
# ifdef XMRIG_FEATURE_TLS
HttpsServer *m_http = nullptr;
# else
HttpServer *m_http = nullptr;
# endif
};

2
src/base/base.cmake
View file

@ -157,7 +157,6 @@ if (WITH_HTTP)
src/base/net/http/HttpContext.h
src/base/net/http/HttpData.h
src/base/net/http/HttpResponse.h
src/base/net/http/HttpServer.h
src/base/net/stratum/DaemonClient.h
src/base/net/stratum/SelfSelectClient.h
src/base/net/tools/TcpServer.h
@ -176,7 +175,6 @@ if (WITH_HTTP)
src/base/net/http/HttpData.cpp
src/base/net/http/HttpListener.cpp
src/base/net/http/HttpResponse.cpp
src/base/net/http/HttpServer.cpp
src/base/net/stratum/DaemonClient.cpp
src/base/net/stratum/SelfSelectClient.cpp
src/base/net/tools/TcpServer.cpp

11
src/base/kernel/config/BaseConfig.cpp
View file

@ -66,6 +66,11 @@ const char *BaseConfig::kVerbose = "verbose";
const char *BaseConfig::kWatch = "watch";
#ifdef XMRIG_FEATURE_TLS
const char *BaseConfig::kTls = "tls";
#endif
} // namespace xmrig
@ -85,11 +90,15 @@ bool xmrig::BaseConfig::read(const IJsonReader &reader, const char *fileName)
m_logFile = reader.getString(kLogFile);
m_userAgent = reader.getString(kUserAgent);
# ifdef XMRIG_FEATURE_TLS
m_tls = reader.getValue(kTls);
# endif
Log::setColors(reader.getBool(kColors, Log::isColors()));
setPrintTime(reader.getUint(kPrintTime, 60));
setVerbose(reader.getValue(kVerbose));
const rapidjson::Value &api = reader.getObject(kApi);
const auto &api = reader.getObject(kApi);
if (api.IsObject()) {
m_apiId = Json::getString(api, kApiId);
m_apiWorkerId = Json::getString(api, kApiWorkerId);

45
src/base/kernel/config/BaseConfig.h
View file

@ -31,6 +31,11 @@
#include "base/net/stratum/Pools.h"
#ifdef XMRIG_FEATURE_TLS
# include "base/net/tls/TlsConfig.h"
#endif
namespace xmrig {
@ -55,23 +60,31 @@ public:
static const char *kVerbose;
static const char *kWatch;
# ifdef XMRIG_FEATURE_TLS
static const char *kTls;
# endif
BaseConfig() = default;
inline bool isAutoSave() const { return m_autoSave; }
inline bool isBackground() const { return m_background; }
inline bool isDryRun() const { return m_dryRun; }
inline bool isSyslog() const { return m_syslog; }
inline const char *logFile() const { return m_logFile.data(); }
inline const char *userAgent() const { return m_userAgent.data(); }
inline const Http &http() const { return m_http; }
inline const Pools &pools() const { return m_pools; }
inline const String &apiId() const { return m_apiId; }
inline const String &apiWorkerId() const { return m_apiWorkerId; }
inline uint32_t printTime() const { return m_printTime; }
inline bool isAutoSave() const { return m_autoSave; }
inline bool isBackground() const { return m_background; }
inline bool isDryRun() const { return m_dryRun; }
inline bool isSyslog() const { return m_syslog; }
inline const char *logFile() const { return m_logFile.data(); }
inline const char *userAgent() const { return m_userAgent.data(); }
inline const Http &http() const { return m_http; }
inline const Pools &pools() const { return m_pools; }
inline const String &apiId() const { return m_apiId; }
inline const String &apiWorkerId() const { return m_apiWorkerId; }
inline uint32_t printTime() const { return m_printTime; }
inline bool isWatch() const override { return m_watch && !m_fileName.isNull(); }
inline const String &fileName() const override { return m_fileName; }
inline void setFileName(const char *fileName) override { m_fileName = fileName; }
# ifdef XMRIG_FEATURE_TLS
inline const TlsConfig &tls() const { return m_tls; }
# endif
inline bool isWatch() const override { return m_watch && !m_fileName.isNull(); }
inline const String &fileName() const override { return m_fileName; }
inline void setFileName(const char *fileName) override { m_fileName = fileName; }
bool read(const IJsonReader &reader, const char *fileName) override;
bool save() override;
@ -94,6 +107,10 @@ protected:
String m_userAgent;
uint32_t m_printTime = 60;
# ifdef XMRIG_FEATURE_TLS
TlsConfig m_tls;
# endif
private:
inline void setPrintTime(uint32_t printTime) { if (printTime <= 3600) { m_printTime = printTime; } }

28
src/base/kernel/config/BaseTransform.cpp
View file

@ -44,6 +44,11 @@
#include "core/config/Config_platform.h"
#ifdef XMRIG_FEATURE_TLS
# include "base/net/tls/TlsConfig.h"
#endif
void xmrig::BaseTransform::load(JsonChain &chain, Process *process, IConfigTransform &transform)
{
using namespace rapidjson;
@ -199,6 +204,29 @@ void xmrig::BaseTransform::transform(rapidjson::Document &doc, int key, const ch
case IConfig::UserAgentKey: /* --user-agent */
return set(doc, BaseConfig::kUserAgent, arg);
# ifdef XMRIG_FEATURE_TLS
case IConfig::TlsCertKey: /* --tls-cert */
return set(doc, BaseConfig::kTls, TlsConfig::kCert, arg);
case IConfig::TlsCertKeyKey: /* --tls-cert-key */
return set(doc, BaseConfig::kTls, TlsConfig::kCertKey, arg);
case IConfig::TlsDHparamKey: /* --tls-dhparam */
return set(doc, BaseConfig::kTls, TlsConfig::kDhparam, arg);
case IConfig::TlsCiphersKey: /* --tls-ciphers */
return set(doc, BaseConfig::kTls, TlsConfig::kCiphers, arg);
case IConfig::TlsCipherSuitesKey: /* --tls-ciphersuites */
return set(doc, BaseConfig::kTls, TlsConfig::kCipherSuites, arg);
case IConfig::TlsProtocolsKey: /* --tls-protocols */
return set(doc, BaseConfig::kTls, TlsConfig::kProtocols, arg);
case IConfig::TlsGenKey: /* --tls-gen */
return set(doc, BaseConfig::kTls, TlsConfig::kGen, arg);
# endif
case IConfig::RetriesKey: /* --retries */
case IConfig::RetryPauseKey: /* --retry-pause */
case IConfig::PrintTimeKey: /* --print-time */

1
src/base/kernel/interfaces/IConfig.h
View file

@ -132,6 +132,7 @@ public:
TlsCiphersKey = 1112,
TlsCipherSuitesKey = 1113,
TlsProtocolsKey = 1114,
TlsGenKey = 1117,
AlgoExtKey = 1115,
ProxyPasswordKey = 1116,
LoginFileKey = 'L',

2
src/base/net/http/Fetch.cpp
View file

@ -27,7 +27,7 @@
#ifdef XMRIG_FEATURE_TLS
# include "base/net/http/HttpsClient.h"
# include "base/net/https/HttpsClient.h"
#endif

36
src/base/net/http/HttpClient.cpp
View file

@ -29,7 +29,6 @@
#include "base/io/log/Log.h"
#include "base/kernel/Platform.h"
#include "base/net/dns/Dns.h"
#include "base/tools/Baton.h"
#include <sstream>
@ -41,31 +40,6 @@ namespace xmrig {
static const char *kCRLF = "\r\n";
class HttpClientWriteBaton : public Baton<uv_write_t>
{
public:
inline HttpClientWriteBaton(const std::string &header, std::string &&body) :
m_body(std::move(body)),
m_header(header)
{
m_bufs[0] = uv_buf_init(const_cast<char *>(m_header.c_str()), m_header.size());
m_bufs[1] = m_body.empty() ? uv_buf_init(nullptr, 0) : uv_buf_init(const_cast<char *>(m_body.c_str()), m_body.size());
}
void write(uv_stream_t *stream)
{
uv_write(&req, stream, m_bufs, nbufs(), [](uv_write_t *req, int) { delete reinterpret_cast<HttpClientWriteBaton *>(req->data); });
}
private:
inline size_t nbufs() const { return m_bufs[1].len > 0 ? 2 : 1; }
std::string m_body;
std::string m_header;
uv_buf_t m_bufs[2]{};
};
} // namespace xmrig
@ -137,7 +111,8 @@ void xmrig::HttpClient::handshake()
headers.clear();
write(ss.str());
body.insert(0, ss.str());
write(std::move(body), false);
}
@ -149,13 +124,6 @@ void xmrig::HttpClient::read(const char *data, size_t size)
}
void xmrig::HttpClient::write(const std::string &header)
{
auto baton = new HttpClientWriteBaton(header, std::move(body));
baton->write(stream());
}
void xmrig::HttpClient::onConnect(uv_connect_t *req, int status)
{
auto client = static_cast<HttpClient *>(req->data);

1
src/base/net/http/HttpClient.h
View file

@ -59,7 +59,6 @@ protected:
virtual void handshake();
virtual void read(const char *data, size_t size);
virtual void write(const std::string &header);
protected:
inline const FetchRequest &req() const { return m_req; }

43
src/base/net/http/HttpContext.cpp
View file

@ -27,6 +27,7 @@
#include "base/net/http/HttpContext.h"
#include "3rdparty/http-parser/http_parser.h"
#include "base/kernel/interfaces/IHttpListener.h"
#include "base/tools/Baton.h"
#include "base/tools/Chrono.h"
@ -42,6 +43,37 @@ static std::map<uint64_t, HttpContext *> storage;
static uint64_t SEQUENCE = 0;
class HttpWriteBaton : public Baton<uv_write_t>
{
public:
XMRIG_DISABLE_COPY_MOVE_DEFAULT(HttpWriteBaton)
inline HttpWriteBaton(std::string &&body, HttpContext *ctx) :
m_ctx(ctx),
m_body(std::move(body))
{
m_buf = uv_buf_init(const_cast<char *>(m_body.c_str()), m_body.size());
}
inline ~HttpWriteBaton()
{
if (m_ctx) {
m_ctx->close();
}
}
void write(uv_stream_t *stream)
{
uv_write(&req, stream, &m_buf, 1, [](uv_write_t *req, int) { delete reinterpret_cast<HttpWriteBaton *>(req->data); });
}
private:
HttpContext *m_ctx;
std::string m_body;
uv_buf_t m_buf{};
};
} // namespace xmrig
@ -75,6 +107,17 @@ xmrig::HttpContext::~HttpContext()
}
void xmrig::HttpContext::write(std::string &&data, bool close)
{
if (uv_is_writable(stream()) != 1) {
return;
}
auto baton = new HttpWriteBaton(std::move(data), close ? this : nullptr);
baton->write(stream());
}
bool xmrig::HttpContext::isRequest() const
{
return m_parser->type == HTTP_REQUEST;

2
src/base/net/http/HttpContext.h
View file

@ -65,6 +65,8 @@ public:
inline const char *tlsVersion() const override { return nullptr; }
inline uint16_t port() const override { return 0; }
void write(std::string &&data, bool close) override;
bool isRequest() const override;
size_t parse(const char *data, size_t size);
std::string ip() const override;

13
src/base/net/http/HttpData.h
View file

@ -53,12 +53,13 @@ public:
inline uint64_t id() const { return m_id; }
virtual bool isRequest() const = 0;
virtual const char *host() const = 0;
virtual const char *tlsFingerprint() const = 0;
virtual const char *tlsVersion() const = 0;
virtual std::string ip() const = 0;
virtual uint16_t port() const = 0;
virtual bool isRequest() const = 0;
virtual const char *host() const = 0;
virtual const char *tlsFingerprint() const = 0;
virtual const char *tlsVersion() const = 0;
virtual std::string ip() const = 0;
virtual uint16_t port() const = 0;
virtual void write(std::string &&data, bool close) = 0;
int method = 0;
int status = 0;

60
src/base/net/http/HttpResponse.cpp
View file

@ -6,8 +6,8 @@
* Copyright 2016 Jay D Dee <jayddee246@gmail.com>
* Copyright 2017-2018 XMR-Stak <https://github.com/fireice-uk>, <https://github.com/psychocrypt>
* Copyright 2014-2019 heapwolf <https://github.com/heapwolf>
* Copyright 2018-2019 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2019 XMRig <https://github.com/xmrig>, <support@xmrig.com>
* Copyright 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -28,8 +28,6 @@
#include "3rdparty/http-parser/http_parser.h"
#include "base/io/log/Log.h"
#include "base/net/http/HttpContext.h"
#include "base/tools/Baton.h"
#include "base/tools/Object.h"
#include <cinttypes>
@ -45,52 +43,6 @@ static const char *kCRLF = "\r\n";
static const char *kUserAgent = "user-agent";
class WriteBaton : public Baton<uv_write_t>
{
public:
XMRIG_DISABLE_COPY_MOVE_DEFAULT(WriteBaton)
inline WriteBaton(const std::stringstream &ss, const char *data, size_t size, HttpContext *ctx) :
m_ctx(ctx),
m_header(ss.str())
{
bufs[0].len = m_header.size();
bufs[0].base = const_cast<char *>(m_header.c_str());
if (data) {
bufs[1].len = size;
bufs[1].base = new char[size];
memcpy(bufs[1].base, data, size);
}
else {
bufs[1].base = nullptr;
bufs[1].len = 0;
}
}
inline ~WriteBaton()
{
if (count() == 2) {
delete [] bufs[1].base;
}
m_ctx->close();
}
inline size_t count() const { return bufs[1].base == nullptr ? 1 : 2; }
inline size_t size() const { return bufs[0].len + bufs[1].len; }
inline static void onWrite(uv_write_t *req, int) { delete reinterpret_cast<WriteBaton *>(req->data); }
uv_buf_t bufs[2]{};
private:
HttpContext *m_ctx;
std::string m_header;
};
} // namespace xmrig
@ -134,8 +86,8 @@ void xmrig::HttpResponse::end(const char *data, size_t size)
ss << kCRLF;
auto ctx = HttpContext::get(m_id);
auto baton = new WriteBaton(ss, data, size, ctx);
auto ctx = HttpContext::get(m_id);
std::string body = data ? (ss.str() + std::string(data, size)) : ss.str();
# ifndef APP_DEBUG
if (statusCode() >= 400)
@ -149,11 +101,11 @@ void xmrig::HttpResponse::end(const char *data, size_t size)
ctx->url.c_str(),
err ? 31 : 32,
statusCode(),
baton->size(),
body.size(),
ctx->elapsed(),
ctx->headers.count(kUserAgent) ? ctx->headers.at(kUserAgent).c_str() : nullptr
);
}
uv_write(&baton->req, ctx->stream(), baton->bufs, baton->count(), WriteBaton::onWrite);
ctx->write(std::move(body), true);
}

4
src/base/net/http/HttpResponse.h
View file

@ -6,8 +6,8 @@
* Copyright 2016 Jay D Dee <jayddee246@gmail.com>
* Copyright 2017-2018 XMR-Stak <https://github.com/fireice-uk>, <https://github.com/psychocrypt>
* Copyright 2014-2019 heapwolf <https://github.com/heapwolf>
* Copyright 2018-2019 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2019 XMRig <https://github.com/xmrig>, <support@xmrig.com>
* Copyright 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by

9
src/base/net/http/HttpServer.cpp
View file

@ -28,11 +28,11 @@
#include <uv.h>
#include "base/net/http/HttpServer.h"
#include "3rdparty/http-parser/http_parser.h"
#include "base/kernel/interfaces/IHttpListener.h"
#include "base/net/http/HttpContext.h"
#include "base/net/http/HttpResponse.h"
#include "base/net/http/HttpServer.h"
xmrig::HttpServer::HttpServer(const std::shared_ptr<IHttpListener> &listener) :
@ -56,12 +56,7 @@ void xmrig::HttpServer::onConnection(uv_stream_t *stream, uint16_t)
[](uv_handle_t *, size_t suggested_size, uv_buf_t *buf)
{
buf->base = new char[suggested_size];
# ifdef _WIN32
buf->len = static_cast<unsigned int>(suggested_size);
# else
buf->len = suggested_size;
# endif
buf->len = suggested_size;
},
[](uv_stream_t *tcp, ssize_t nread, const uv_buf_t *buf)
{

54
src/base/net/http/HttpsClient.cpp → src/base/net/https/HttpsClient.cpp
View file

@ -29,7 +29,7 @@
#include <uv.h>
#include "base/net/http/HttpsClient.h"
#include "base/net/https/HttpsClient.h"
#include "base/io/log/Log.h"
#include "base/tools/Buffer.h"
@ -49,8 +49,8 @@ xmrig::HttpsClient::HttpsClient(FetchRequest &&req, const std::weak_ptr<IHttpLis
return;
}
m_writeBio = BIO_new(BIO_s_mem());
m_readBio = BIO_new(BIO_s_mem());
m_write = BIO_new(BIO_s_mem());
m_read = BIO_new(BIO_s_mem());
SSL_CTX_set_options(m_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
}
@ -89,24 +89,24 @@ void xmrig::HttpsClient::handshake()
}
SSL_set_connect_state(m_ssl);
SSL_set_bio(m_ssl, m_readBio, m_writeBio);
SSL_set_bio(m_ssl, m_read, m_write);
SSL_set_tlsext_host_name(m_ssl, host());
SSL_do_handshake(m_ssl);
flush();
flush(false);
}
void xmrig::HttpsClient::read(const char *data, size_t size)
{
BIO_write(m_readBio, data, size);
BIO_write(m_read, data, size);
if (!SSL_is_init_finished(m_ssl)) {
const int rc = SSL_connect(m_ssl);
if (rc < 0 && SSL_get_error(m_ssl, rc) == SSL_ERROR_WANT_READ) {
flush();
flush(false);
} else if (rc == 1) {
X509 *cert = SSL_get_peer_certificate(m_ssl);
if (!verify(cert)) {
@ -123,19 +123,25 @@ void xmrig::HttpsClient::read(const char *data, size_t size)
return;
}
int bytes_read = 0;
while ((bytes_read = SSL_read(m_ssl, m_buf, sizeof(m_buf))) > 0) {
HttpClient::read(m_buf, static_cast<size_t>(bytes_read));
static char buf[16384]{};
int rc = 0;
while ((rc = SSL_read(m_ssl, buf, sizeof(buf))) > 0) {
HttpClient::read(buf, static_cast<size_t>(rc));
}
if (rc == 0) {
close(UV_EOF);
}
}
void xmrig::HttpsClient::write(const std::string &header)
void xmrig::HttpsClient::write(std::string &&data, bool close)
{
SSL_write(m_ssl, (header + body).c_str(), header.size() + body.size());
body.clear();
const std::string body = std::move(data);
SSL_write(m_ssl, body.data(), body.size());
flush();
flush(close);
}
@ -182,23 +188,17 @@ bool xmrig::HttpsClient::verifyFingerprint(X509 *cert)
}
void xmrig::HttpsClient::flush()
void xmrig::HttpsClient::flush(bool close)
{
uv_buf_t buf;
buf.len = BIO_get_mem_data(m_writeBio, &buf.base);
if (buf.len == 0) {
if (uv_is_writable(stream()) != 1) {
return;
}
bool result = false;
if (uv_is_writable(stream())) {
result = uv_try_write(stream(), &buf, 1) == static_cast<int>(buf.len);
char *data = nullptr;
const size_t size = BIO_get_mem_data(m_write, &data);
std::string body(data, size);
if (!result) {
close(UV_EIO);
}
}
(void) BIO_reset(m_write);
(void) BIO_reset(m_writeBio);
HttpContext::write(std::move(body), close);
}

10
src/base/net/http/HttpsClient.h → src/base/net/https/HttpsClient.h
View file

@ -55,17 +55,17 @@ public:
protected:
void handshake() override;
void read(const char *data, size_t size) override;
void write(const std::string &header) override;
private:
void write(std::string &&data, bool close) override;
bool verify(X509 *cert);
bool verifyFingerprint(X509 *cert);
void flush();
void flush(bool close);
BIO *m_readBio = nullptr;
BIO *m_writeBio = nullptr;
BIO *m_read = nullptr;
BIO *m_write = nullptr;
bool m_ready = false;
char m_buf[1024 * 2]{};
char m_fingerprint[32 * 2 + 8]{};
SSL *m_ssl = nullptr;
SSL_CTX *m_ctx = nullptr;

99
src/base/net/https/HttpsContext.cpp Normal file
View file

@ -0,0 +1,99 @@
/* XMRig
* Copyright 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "base/net/https/HttpsContext.h"
#include "3rdparty/http-parser/http_parser.h"
#include "base/net/tls/TlsContext.h"
#include <openssl/bio.h>
#include <uv.h>
xmrig::HttpsContext::HttpsContext(TlsContext *tls, const std::weak_ptr<IHttpListener> &listener) :
HttpContext(HTTP_REQUEST, listener),
ServerTls(tls ? tls->ctx() : nullptr)
{
if (!tls) {
m_mode = TLS_OFF;
}
}
xmrig::HttpsContext::~HttpsContext() = default;
void xmrig::HttpsContext::append(char *data, size_t size)
{
if (m_mode == TLS_AUTO) {
m_mode = isTLS(data, size) ? TLS_ON : TLS_OFF;
}
if (m_mode == TLS_ON) {
read(data, size);
}
else {
parse(data, size);
}
}
bool xmrig::HttpsContext::write(BIO *bio)
{
if (uv_is_writable(stream()) != 1) {
return false;
}
char *data = nullptr;
const size_t size = BIO_get_mem_data(bio, &data);
std::string body(data, size);
(void) BIO_reset(bio);
HttpContext::write(std::move(body), m_close);
return true;
}
void xmrig::HttpsContext::parse(char *data, size_t size)
{
if (HttpContext::parse(data, size) < size) {
close();
}
}
void xmrig::HttpsContext::shutdown()
{
close();
}
void xmrig::HttpsContext::write(std::string &&data, bool close)
{
m_close = close;
if (m_mode == TLS_ON) {
send(data.data(), data.size());
}
else {
HttpContext::write(std::move(data), close);
}
}

73
src/base/net/https/HttpsContext.h Normal file
View file

@ -0,0 +1,73 @@
/* XMRig
* Copyright 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef XMRIG_HTTPSCONTEXT_H
#define XMRIG_HTTPSCONTEXT_H
using BIO = struct bio_st;
using SSL = struct ssl_st;
#include "base/net/http/HttpContext.h"
#include "base/net/tls/ServerTls.h"
namespace xmrig {
class TlsContext;
class HttpsContext : public HttpContext, public ServerTls
{
public:
XMRIG_DISABLE_COPY_MOVE_DEFAULT(HttpsContext)
HttpsContext(TlsContext *tls, const std::weak_ptr<IHttpListener> &listener);
~HttpsContext() override;
void append(char *data, size_t size);
protected:
// ServerTls
bool write(BIO *bio) override;
void parse(char *data, size_t size) override;
void shutdown() override;
// HttpContext
void write(std::string &&data, bool close) override;
private:
enum TlsMode : uint32_t {
TLS_AUTO,
TLS_OFF,
TLS_ON
};
bool m_close = false;
TlsMode m_mode = TLS_AUTO;
};
} // namespace xmrig
#endif // XMRIG_HTTPSCONTEXT_H

81
src/base/net/https/HttpsServer.cpp Normal file
View file

@ -0,0 +1,81 @@
/* XMRig
* Copyright 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <functional>
#include <uv.h>
#include "base/net/https/HttpsServer.h"
#include "3rdparty/http-parser/http_parser.h"
#include "base/kernel/interfaces/IHttpListener.h"
#include "base/net/http/HttpResponse.h"
#include "base/net/https/HttpsContext.h"
#include "base/net/tls/TlsConfig.h"
#include "base/net/tls/TlsContext.h"
xmrig::HttpsServer::HttpsServer(const std::shared_ptr<IHttpListener> &listener) :
m_listener(listener)
{
}
xmrig::HttpsServer::~HttpsServer()
{
HttpContext::closeAll();
delete m_tls;
}
bool xmrig::HttpsServer::setTls(const TlsConfig &config)
{
m_tls = TlsContext::create(config);
return m_tls != nullptr;
}
void xmrig::HttpsServer::onConnection(uv_stream_t *stream, uint16_t)
{
auto ctx = new HttpsContext(m_tls, m_listener);
uv_accept(stream, ctx->stream());
uv_read_start(ctx->stream(),
[](uv_handle_t *, size_t suggested_size, uv_buf_t *buf)
{
buf->base = new char[suggested_size];
buf->len = suggested_size;
},
onRead);
}
void xmrig::HttpsServer::onRead(uv_stream_t *stream, ssize_t nread, const uv_buf_t *buf)
{
auto ctx = static_cast<HttpsContext*>(stream->data);
if (nread >= 0) {
ctx->append(buf->base, static_cast<size_t>(nread));
}
else {
ctx->close();
}
delete [] buf->base;
}

72
src/base/net/https/HttpsServer.h Normal file
View file

@ -0,0 +1,72 @@
/* XMRig
* Copyright 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef XMRIG_HTTPSSERVER_H
#define XMRIG_HTTPSSERVER_H
using uv_tcp_t = struct uv_tcp_s;
struct http_parser;
struct http_parser_settings;
struct uv_buf_t;
#include "base/kernel/interfaces/ITcpServerListener.h"
#include "base/tools/Object.h"
#include <memory>
namespace xmrig {
class IHttpListener;
class TlsContext;
class TlsConfig;
class HttpsServer : public ITcpServerListener
{
public:
XMRIG_DISABLE_COPY_MOVE_DEFAULT(HttpsServer)
HttpsServer(const std::shared_ptr<IHttpListener> &listener);
~HttpsServer() override;
bool setTls(const TlsConfig &config);
protected:
void onConnection(uv_stream_t *stream, uint16_t port) override;
private:
static void onRead(uv_stream_t *stream, ssize_t nread, const uv_buf_t *buf);
std::weak_ptr<IHttpListener> m_listener;
TlsContext *m_tls = nullptr;
uv_tcp_t *m_tcp = nullptr;
};
} // namespace xmrig
#endif // XMRIG_HTTPSSERVER_H

103
src/base/net/tls/ServerTls.cpp Normal file
View file

@ -0,0 +1,103 @@
/* XMRig
* Copyright 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "base/net/tls/ServerTls.h"
#include <cassert>
#include <cstring>
#include <openssl/ssl.h>
xmrig::ServerTls::ServerTls(SSL_CTX *ctx) :
m_ctx(ctx)
{
}
xmrig::ServerTls::~ServerTls()
{
if (m_ssl) {
SSL_free(m_ssl);
}
}
bool xmrig::ServerTls::isTLS(const char *data, size_t size)
{
static const uint8_t test[3] = { 0x16, 0x03, 0x01 };
return size >= sizeof(test) && memcmp(data, test, sizeof(test)) == 0;
}
bool xmrig::ServerTls::send(const char *data, size_t size)
{
SSL_write(m_ssl, data, size);
return write(m_write);
}
void xmrig::ServerTls::read(const char *data, size_t size)
{
if (!m_ssl) {
m_ssl = SSL_new(m_ctx);
m_write = BIO_new(BIO_s_mem());
m_read = BIO_new(BIO_s_mem());
SSL_set_accept_state(m_ssl);
SSL_set_bio(m_ssl, m_read, m_write);
}
BIO_write(m_read, data, size);
if (!SSL_is_init_finished(m_ssl)) {
const int rc = SSL_do_handshake(m_ssl);
if (rc < 0 && SSL_get_error(m_ssl, rc) == SSL_ERROR_WANT_READ) {
write(m_write);
} else if (rc == 1) {
write(m_write);
m_ready = true;
read();
}
else {
shutdown();
}
return;
}
read();
}
void xmrig::ServerTls::read()
{
static char buf[16384]{};
int bytes_read = 0;
while ((bytes_read = SSL_read(m_ssl, buf, sizeof(buf))) > 0) {
parse(buf, bytes_read);
}
}

68
src/base/net/tls/ServerTls.h Normal file
View file

@ -0,0 +1,68 @@
/* XMRig
* Copyright 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef XMRIG_SERVERTLS_H
#define XMRIG_SERVERTLS_H
using BIO = struct bio_st;
using SSL = struct ssl_st;
using SSL_CTX = struct ssl_ctx_st;
#include "base/tools/Object.h"
namespace xmrig {
class ServerTls
{
public:
XMRIG_DISABLE_COPY_MOVE_DEFAULT(ServerTls)
ServerTls(SSL_CTX *ctx);
virtual ~ServerTls();
static bool isTLS(const char *data, size_t size);
bool send(const char *data, size_t size);
void read(const char *data, size_t size);
protected:
virtual bool write(BIO *bio) = 0;
virtual void parse(char *data, size_t size) = 0;
virtual void shutdown() = 0;
private:
void read();
BIO *m_read = nullptr;
BIO *m_write = nullptr;
bool m_ready = false;
SSL *m_ssl = nullptr;
SSL_CTX *m_ctx;
};
} // namespace xmrig
#endif /* XMRIG_SERVERTLS_H */

200
src/base/net/tls/TlsConfig.cpp Normal file
View file

@ -0,0 +1,200 @@
/* XMRig
* Copyright 2010 Jeff Garzik <jgarzik@pobox.com>
* Copyright 2012-2014 pooler <pooler@litecoinpool.org>
* Copyright 2014 Lucas Jones <https://github.com/lucasjones>
* Copyright 2014-2016 Wolf9466 <https://github.com/OhGodAPet>
* Copyright 2016 Jay D Dee <jayddee246@gmail.com>
* Copyright 2017-2018 XMR-Stak <https://github.com/fireice-uk>, <https://github.com/psychocrypt>
* Copyright 2018 Lee Clagett <https://github.com/vtnerd>
* Copyright 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "base/net/tls/TlsConfig.h"
#include "base/io/json/Json.h"
#include "base/io/log/Log.h"
#include "base/net/tls/TlsGen.h"
#include "rapidjson/document.h"
namespace xmrig {
const char *TlsConfig::kCert = "cert";
const char *TlsConfig::kEnabled = "enabled";
const char *TlsConfig::kCertKey = "cert_key";
const char *TlsConfig::kCiphers = "ciphers";
const char *TlsConfig::kCipherSuites = "ciphersuites";
const char *TlsConfig::kDhparam = "dhparam";
const char *TlsConfig::kGen = "gen";
const char *TlsConfig::kProtocols = "protocols";
static const char *kTLSv1 = "TLSv1";
static const char *kTLSv1_1 = "TLSv1.1";
static const char *kTLSv1_2 = "TLSv1.2";
static const char *kTLSv1_3 = "TLSv1.3";
} // namespace xmrig
/**
* "cert" load TLS certificate chain from file.
* "cert_key" load TLS private key from file.
* "ciphers" set list of available ciphers (TLSv1.2 and below).
* "ciphersuites" set list of available TLSv1.3 ciphersuites.
* "dhparam" load DH parameters for DHE ciphers from file.
*/
xmrig::TlsConfig::TlsConfig(const rapidjson::Value &value)
{
if (value.IsObject()) {
m_enabled = Json::getBool(value, kEnabled, m_enabled);
setProtocols(Json::getString(value, kProtocols));
setCert(Json::getString(value, kCert));
setKey(Json::getString(value, kCertKey));
setCiphers(Json::getString(value, kCiphers));
setCipherSuites(Json::getString(value, kCipherSuites));
setDH(Json::getString(value, kDhparam));
if (m_key.isNull()) {
setKey(Json::getString(value, "cert-key"));
}
if (m_enabled && !isValid()) {
generate(Json::getString(value, kGen));
}
}
else if (value.IsBool()) {
m_enabled = value.GetBool();
if (m_enabled) {
generate();
}
}
# ifdef XMRIG_PROXY_PROJECT
else if (value.IsNull()) {
generate();
}
# endif
else if (value.IsString()) {
generate(value.GetString());
}
else {
m_enabled = false;
}
}
bool xmrig::TlsConfig::generate(const char *commonName)
{
TlsGen gen;
try {
gen.generate(commonName);
}
catch (std::exception &ex) {
LOG_ERR("%s", ex.what());
return false;
}
setCert(gen.cert());
setKey(gen.certKey());
m_enabled = true;
return true;
}
rapidjson::Value xmrig::TlsConfig::toJSON(rapidjson::Document &doc) const
{
using namespace rapidjson;
auto &allocator = doc.GetAllocator();
Value obj(kObjectType);
obj.AddMember(StringRef(kEnabled), m_enabled, allocator);
if (m_protocols > 0) {
std::vector<String> protocols;
if (m_protocols & TLSv1) {
protocols.emplace_back(kTLSv1);
}
if (m_protocols & TLSv1_1) {
protocols.emplace_back(kTLSv1_1);
}
if (m_protocols & TLSv1_2) {
protocols.emplace_back(kTLSv1_2);
}
if (m_protocols & TLSv1_3) {
protocols.emplace_back(kTLSv1_3);
}
obj.AddMember(StringRef(kProtocols), String::join(protocols, ' ').toJSON(doc), allocator);
}
else {
obj.AddMember(StringRef(kProtocols), kNullType, allocator);
}
obj.AddMember(StringRef(kCert), m_cert.toJSON(), allocator);
obj.AddMember(StringRef(kCertKey), m_key.toJSON(), allocator);
obj.AddMember(StringRef(kCiphers), m_ciphers.toJSON(), allocator);
obj.AddMember(StringRef(kCipherSuites), m_cipherSuites.toJSON(), allocator);
obj.AddMember(StringRef(kDhparam), m_dhparam.toJSON(), allocator);
return obj;
}
void xmrig::TlsConfig::setProtocols(const char *protocols)
{
const std::vector<String> vec = String(protocols).split(' ');
for (const String &value : vec) {
if (value == kTLSv1) {
m_protocols |= TLSv1;
}
else if (value == kTLSv1_1) {
m_protocols |= TLSv1_1;
}
else if (value == kTLSv1_2) {
m_protocols |= TLSv1_2;
}
else if (value == kTLSv1_3) {
m_protocols |= TLSv1_3;
}
}
}
void xmrig::TlsConfig::setProtocols(const rapidjson::Value &protocols)
{
m_protocols = 0;
if (protocols.IsUint()) {
return setProtocols(protocols.GetUint());
}
if (protocols.IsString()) {
return setProtocols(protocols.GetString());
}
}

92
src/base/net/tls/TlsConfig.h Normal file
View file

@ -0,0 +1,92 @@
/* XMRig
* Copyright 2010 Jeff Garzik <jgarzik@pobox.com>
* Copyright 2012-2014 pooler <pooler@litecoinpool.org>
* Copyright 2014 Lucas Jones <https://github.com/lucasjones>
* Copyright 2014-2016 Wolf9466 <https://github.com/OhGodAPet>
* Copyright 2016 Jay D Dee <jayddee246@gmail.com>
* Copyright 2017-2018 XMR-Stak <https://github.com/fireice-uk>, <https://github.com/psychocrypt>
* Copyright 2018 Lee Clagett <https://github.com/vtnerd>
* Copyright 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef XMRIG_TLSCONFIG_H
#define XMRIG_TLSCONFIG_H
#include "base/tools/String.h"
#include "rapidjson/fwd.h"
namespace xmrig {
class TlsConfig
{
public:
static const char *kCert;
static const char *kCertKey;
static const char *kCiphers;
static const char *kCipherSuites;
static const char *kDhparam;
static const char *kEnabled;
static const char *kGen;
static const char *kProtocols;
enum Versions {
TLSv1 = 1,
TLSv1_1 = 2,
TLSv1_2 = 4,
TLSv1_3 = 8
};
TlsConfig() = default;
TlsConfig(const rapidjson::Value &object);
inline bool isEnabled() const { return m_enabled && isValid(); }
inline bool isValid() const { return !m_cert.isEmpty() && !m_key.isEmpty(); }
inline const char *cert() const { return m_cert.data(); }
inline const char *ciphers() const { return m_ciphers.isEmpty() ? nullptr : m_ciphers.data(); }
inline const char *cipherSuites() const { return m_cipherSuites.isEmpty() ? nullptr : m_cipherSuites.data(); }
inline const char *dhparam() const { return m_dhparam.isEmpty() ? nullptr : m_dhparam.data(); }
inline const char *key() const { return m_key.data(); }
inline uint32_t protocols() const { return m_protocols; }
inline void setCert(const char *cert) { m_cert = cert; }
inline void setCiphers(const char *ciphers) { m_ciphers = ciphers; }
inline void setCipherSuites(const char *ciphers) { m_cipherSuites = ciphers; }
inline void setDH(const char *dhparam) { m_dhparam = dhparam; }
inline void setKey(const char *key) { m_key = key; }
inline void setProtocols(uint32_t protocols) { m_protocols = protocols; }
bool generate(const char *commonName = nullptr);
rapidjson::Value toJSON(rapidjson::Document &doc) const;
void setProtocols(const char *protocols);
void setProtocols(const rapidjson::Value &protocols);
private:
bool m_enabled = true;
uint32_t m_protocols = 0;
String m_cert;
String m_ciphers;
String m_cipherSuites;
String m_dhparam;
String m_key;
};
} /* namespace xmrig */
#endif /* XMRIG_TLSCONFIG_H */

256
src/base/net/tls/TlsContext.cpp Normal file
View file

@ -0,0 +1,256 @@
/* XMRig
* Copyright 2010 Jeff Garzik <jgarzik@pobox.com>
* Copyright 2012-2014 pooler <pooler@litecoinpool.org>
* Copyright 2014 Lucas Jones <https://github.com/lucasjones>
* Copyright 2014-2016 Wolf9466 <https://github.com/OhGodAPet>
* Copyright 2016 Jay D Dee <jayddee246@gmail.com>
* Copyright 2017-2018 XMR-Stak <https://github.com/fireice-uk>, <https://github.com/psychocrypt>
* Copyright 2018 Lee Clagett <https://github.com/vtnerd>
* Copyright 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "base/net/tls/TlsContext.h"
#include "base/io/log/Log.h"
#include "base/kernel/Env.h"
#include "base/net/tls/TlsConfig.h"
#include <openssl/ssl.h>
#include <openssl/err.h>
namespace xmrig {
// https://wiki.openssl.org/index.php/Diffie-Hellman_parameters
static DH *get_dh2048()
{
static unsigned char dhp_2048[] = {
0xB2, 0x91, 0xA7, 0x05, 0x31, 0xCE, 0x12, 0x9D, 0x03, 0x43,
0xAF, 0x13, 0xAF, 0x4B, 0x8E, 0x4C, 0x04, 0x13, 0x4F, 0x72,
0x00, 0x73, 0x2C, 0x67, 0xC3, 0xE0, 0x50, 0xBF, 0x72, 0x5E,
0xBE, 0x45, 0x89, 0x4C, 0x01, 0x45, 0xA6, 0x5E, 0xA7, 0xA8,
0xDC, 0x2F, 0x1D, 0x91, 0x2D, 0x58, 0x0D, 0x71, 0x97, 0x3D,
0xAE, 0xFE, 0x86, 0x29, 0x37, 0x5F, 0x5E, 0x6D, 0x81, 0x56,
0x07, 0x83, 0xF2, 0xF8, 0xEC, 0x4E, 0xF8, 0x7A, 0xEC, 0xEA,
0xD9, 0xEA, 0x61, 0x3C, 0xAF, 0x51, 0x30, 0xB7, 0xA7, 0x67,
0x3F, 0x59, 0xAD, 0x2E, 0x23, 0x57, 0x64, 0xA2, 0x99, 0x15,
0xBD, 0xD9, 0x8D, 0xBA, 0xE6, 0x8F, 0xFB, 0xB3, 0x77, 0x3B,
0xE6, 0x5C, 0xC1, 0x03, 0xCF, 0x38, 0xD4, 0xF6, 0x2E, 0x0B,
0xF3, 0x20, 0xBE, 0xF0, 0xFC, 0x85, 0xEF, 0x5F, 0xCE, 0x0E,
0x42, 0x17, 0x3B, 0x72, 0x43, 0x4C, 0x3A, 0xF5, 0xC8, 0xB4,
0x40, 0x52, 0x03, 0x72, 0x9A, 0x2C, 0xA4, 0x23, 0x2A, 0xA2,
0x52, 0xA3, 0xC2, 0x76, 0x08, 0x1C, 0x2E, 0x60, 0x44, 0xE4,
0x12, 0x5D, 0x80, 0x47, 0x6C, 0x7A, 0x5A, 0x8E, 0x18, 0xC9,
0x8C, 0x22, 0xC8, 0x07, 0x75, 0xE2, 0x77, 0x3A, 0x90, 0x2E,
0x79, 0xC3, 0xF5, 0x4E, 0x4E, 0xDE, 0x14, 0x29, 0xA4, 0x5B,
0x32, 0xCC, 0xE5, 0x05, 0x09, 0x2A, 0xC9, 0x1C, 0xB4, 0x8E,
0x99, 0xCF, 0x57, 0xF2, 0x1B, 0x5F, 0x18, 0x89, 0x29, 0xF2,
0xB0, 0xF3, 0xAC, 0x67, 0x16, 0x90, 0x4A, 0x1D, 0xD6, 0xF5,
0x84, 0x71, 0x1D, 0x0E, 0x61, 0x5F, 0xE2, 0x2D, 0x52, 0x87,
0x0D, 0x8F, 0x84, 0xCB, 0xFC, 0xF0, 0x5D, 0x4C, 0x9F, 0x59,
0xA9, 0xD6, 0x83, 0x70, 0x4B, 0x98, 0x6A, 0xCA, 0x78, 0x53,
0x27, 0x32, 0x59, 0x35, 0x0A, 0xB8, 0x29, 0x18, 0xAF, 0x58,
0x45, 0x63, 0xEB, 0x43, 0x28, 0x7B
};
static unsigned char dhg_2048[] = { 0x02 };
auto dh = DH_new();
if (dh == nullptr) {
return nullptr;
}
auto p = BN_bin2bn(dhp_2048, sizeof(dhp_2048), nullptr);
auto g = BN_bin2bn(dhg_2048, sizeof(dhg_2048), nullptr);
if (p == nullptr || g == nullptr || !DH_set0_pqg(dh, p, nullptr, g)) {
DH_free(dh);
BN_free(p);
BN_free(g);
return nullptr;
}
return dh;
}
} // namespace xmrig
xmrig::TlsContext::~TlsContext()
{
SSL_CTX_free(m_ctx);
}
xmrig::TlsContext *xmrig::TlsContext::create(const TlsConfig &config)
{
if (!config.isEnabled()) {
return nullptr;
}
auto tls = new TlsContext();
if (!tls->load(config)) {
delete tls;
return nullptr;
}
return tls;
}
bool xmrig::TlsContext::load(const TlsConfig &config)
{
m_ctx = SSL_CTX_new(SSLv23_server_method());
if (m_ctx == nullptr) {
LOG_ERR("Unable to create SSL context");
return false;
}
const auto cert = Env::expand(config.cert());
if (SSL_CTX_use_certificate_chain_file(m_ctx, cert) <= 0) {
LOG_ERR("SSL_CTX_use_certificate_chain_file(\"%s\") failed.", config.cert());
return false;
}
const auto key = Env::expand(config.key());
if (SSL_CTX_use_PrivateKey_file(m_ctx, key, SSL_FILETYPE_PEM) <= 0) {
LOG_ERR("SSL_CTX_use_PrivateKey_file(\"%s\") failed.", config.key());
return false;
}
SSL_CTX_set_options(m_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
SSL_CTX_set_options(m_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
# if OPENSSL_VERSION_NUMBER >= 0x1010100fL
SSL_CTX_set_max_early_data(m_ctx, 0);
# endif
setProtocols(config.protocols());
return setCiphers(config.ciphers()) && setCipherSuites(config.cipherSuites()) && setDH(config.dhparam());
}
bool xmrig::TlsContext::setCiphers(const char *ciphers)
{
if (ciphers == nullptr || SSL_CTX_set_cipher_list(m_ctx, ciphers) == 1) {
return true;
}
LOG_ERR("SSL_CTX_set_cipher_list(\"%s\") failed.", ciphers);
return true;
}
bool xmrig::TlsContext::setCipherSuites(const char *ciphersuites)
{
if (ciphersuites == nullptr) {
return true;
}
# if OPENSSL_VERSION_NUMBER >= 0x1010100fL
if (SSL_CTX_set_ciphersuites(m_ctx, ciphersuites) == 1) {
return true;
}
# endif
LOG_ERR("SSL_CTX_set_ciphersuites(\"%s\") failed.", ciphersuites);
return false;
}
bool xmrig::TlsContext::setDH(const char *dhparam)
{
DH *dh = nullptr;
if (dhparam != nullptr) {
BIO *bio = BIO_new_file(Env::expand(dhparam), "r");
if (bio == nullptr) {
LOG_ERR("BIO_new_file(\"%s\") failed.", dhparam);
return false;
}
dh = PEM_read_bio_DHparams(bio, nullptr, nullptr, nullptr);
if (dh == nullptr) {
LOG_ERR("PEM_read_bio_DHparams(\"%s\") failed.", dhparam);
BIO_free(bio);
return false;
}
BIO_free(bio);
}
else {
dh = get_dh2048();
}
const int rc = SSL_CTX_set_tmp_dh(m_ctx, dh);
DH_free(dh);
if (rc == 0) {
LOG_ERR("SSL_CTX_set_tmp_dh(\"%s\") failed.", dhparam);
return false;
}
return true;
}
void xmrig::TlsContext::setProtocols(uint32_t protocols)
{
if (protocols == 0) {
return;
}
if (!(protocols & TlsConfig::TLSv1)) {
SSL_CTX_set_options(m_ctx, SSL_OP_NO_TLSv1);
}
# ifdef SSL_OP_NO_TLSv1_1
SSL_CTX_clear_options(m_ctx, SSL_OP_NO_TLSv1_1);
if (!(protocols & TlsConfig::TLSv1_1)) {
SSL_CTX_set_options(m_ctx, SSL_OP_NO_TLSv1_1);
}
# endif
# ifdef SSL_OP_NO_TLSv1_2
SSL_CTX_clear_options(m_ctx, SSL_OP_NO_TLSv1_2);
if (!(protocols & TlsConfig::TLSv1_2)) {
SSL_CTX_set_options(m_ctx, SSL_OP_NO_TLSv1_2);
}
# endif
# ifdef SSL_OP_NO_TLSv1_3
SSL_CTX_clear_options(m_ctx, SSL_OP_NO_TLSv1_3);
if (!(protocols & TlsConfig::TLSv1_3)) {
SSL_CTX_set_options(m_ctx, SSL_OP_NO_TLSv1_3);
}
# endif
}

71
src/base/net/tls/TlsContext.h Normal file
View file

@ -0,0 +1,71 @@
/* XMRig
* Copyright 2010 Jeff Garzik <jgarzik@pobox.com>
* Copyright 2012-2014 pooler <pooler@litecoinpool.org>
* Copyright 2014 Lucas Jones <https://github.com/lucasjones>
* Copyright 2014-2016 Wolf9466 <https://github.com/OhGodAPet>
* Copyright 2016 Jay D Dee <jayddee246@gmail.com>
* Copyright 2017-2018 XMR-Stak <https://github.com/fireice-uk>, <https://github.com/psychocrypt>
* Copyright 2018 Lee Clagett <https://github.com/vtnerd>
* Copyright 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef XMRIG_TLSCONTEXT_H
#define XMRIG_TLSCONTEXT_H
#include "base/tools/Object.h"
#include <cstdint>
using SSL_CTX = struct ssl_ctx_st;
namespace xmrig {
class TlsConfig;
class TlsContext
{
public:
XMRIG_DISABLE_COPY_MOVE(TlsContext)
~TlsContext();
static TlsContext *create(const TlsConfig &config);
inline SSL_CTX *ctx() const { return m_ctx; }
private:
TlsContext() = default;
bool load(const TlsConfig &config);
bool setCiphers(const char *ciphers);
bool setCipherSuites(const char *ciphersuites);
bool setDH(const char *dhparam);
void setProtocols(uint32_t protocols);
SSL_CTX *m_ctx = nullptr;
};
} /* namespace xmrig */
#endif /* XMRIG_TLSCONTEXT_H */

144
src/base/net/tls/TlsGen.cpp Normal file
View file

@ -0,0 +1,144 @@
/* XMRig
* Copyright 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "base/net/tls/TlsGen.h"
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <stdexcept>
#include <fstream>
namespace xmrig {
static const char *kLocalhost = "localhost";
static EVP_PKEY *generate_pkey()
{
auto pkey = EVP_PKEY_new();
if (!pkey) {
return nullptr;
}
auto exponent = BN_new();
auto rsa = RSA_new();
if (!exponent || !rsa || !BN_set_word(exponent, RSA_F4) || !RSA_generate_key_ex(rsa, 2048, exponent, nullptr) || !EVP_PKEY_assign_RSA(pkey, rsa)) {
EVP_PKEY_free(pkey);
BN_free(exponent);
RSA_free(rsa);
return nullptr;
}
BN_free(exponent);
return pkey;
}
bool isFileExist(const char *fileName)
{
std::ifstream in(fileName);
return in.good();
}
} // namespace xmrig
xmrig::TlsGen::~TlsGen()
{
EVP_PKEY_free(m_pkey);
X509_free(m_x509);
}
void xmrig::TlsGen::generate(const char *commonName)
{
if (isFileExist(m_cert) && isFileExist(m_certKey)) {
return;
}
m_pkey = generate_pkey();
if (!m_pkey) {
throw std::runtime_error("RSA key generation failed.");
}
if (!generate_x509(commonName == nullptr || strlen(commonName) == 0 ? kLocalhost : commonName)) {
throw std::runtime_error("x509 certificate generation failed.");
}
if (!write()) {
throw std::runtime_error("unable to write certificate to disk.");
}
}
bool xmrig::TlsGen::generate_x509(const char *commonName)
{
m_x509 = X509_new();
if (!m_x509) {
return false;
}
if (!X509_set_pubkey(m_x509, m_pkey)) {
return false;
}
ASN1_INTEGER_set(X509_get_serialNumber(m_x509), 1);
X509_gmtime_adj(X509_get_notBefore(m_x509), 0);
X509_gmtime_adj(X509_get_notAfter(m_x509), 315360000L);
auto name = X509_get_subject_name(m_x509);
X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC, reinterpret_cast<const uint8_t *>(commonName), -1, -1, 0);
X509_set_issuer_name(m_x509, name);
return X509_sign(m_x509, m_pkey, EVP_sha256());
}
bool xmrig::TlsGen::write()
{
auto pkey_file = fopen(m_certKey, "wb");
if (!pkey_file) {
return false;
}
bool ret = PEM_write_PrivateKey(pkey_file, m_pkey, nullptr, nullptr, 0, nullptr, nullptr);
fclose(pkey_file);
if (!ret) {
return false;
}
auto x509_file = fopen(m_cert, "wb");
if (!x509_file) {
return false;
}
ret = PEM_write_X509(x509_file, m_x509);
fclose(x509_file);
return ret;
}

61
src/base/net/tls/TlsGen.h Normal file
View file

@ -0,0 +1,61 @@
/* XMRig
* Copyright 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef XMRIG_TLSGEN_H
#define XMRIG_TLSGEN_H
#include "base/tools/Object.h"
#include "base/tools/String.h"
using EVP_PKEY = struct evp_pkey_st;
using X509 = struct x509_st;
namespace xmrig {
class TlsGen
{
public:
XMRIG_DISABLE_COPY_MOVE(TlsGen)
TlsGen() : m_cert("cert.pem"), m_certKey("cert_key.pem") {}
~TlsGen();
inline const String &cert() const { return m_cert; }
inline const String &certKey() const { return m_certKey; }
void generate(const char *commonName = nullptr);
private:
bool generate_x509(const char *commonName);
bool write();
const String m_cert;
const String m_certKey;
EVP_PKEY *m_pkey = nullptr;
X509 *m_x509 = nullptr;
};
} /* namespace xmrig */
#endif /* XMRIG_TLSGEN_H */

8
src/base/net/tools/TcpServer.cpp
View file

@ -5,8 +5,8 @@
* Copyright 2014-2016 Wolf9466 <https://github.com/OhGodAPet>
* Copyright 2016 Jay D Dee <jayddee246@gmail.com>
* Copyright 2017-2018 XMR-Stak <https://github.com/fireice-uk>, <https://github.com/psychocrypt>
* Copyright 2018-2019 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2019 XMRig <https://github.com/xmrig>, <support@xmrig.com>
* Copyright 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -34,11 +34,11 @@ static const xmrig::String kLocalHost("127.0.0.1");
xmrig::TcpServer::TcpServer(const String &host, uint16_t port, ITcpServerListener *listener) :
m_host(host.isNull() ? kLocalHost : host),
m_version(0),
m_listener(listener),
m_addr(),
m_port(port)
{
assert(m_listener != nullptr);
m_tcp = new uv_tcp_t;
uv_tcp_init(uv_default_loop(), m_tcp);
m_tcp->data = this;

13
src/base/net/tools/TcpServer.h
View file

@ -5,8 +5,8 @@
* Copyright 2014-2016 Wolf9466 <https://github.com/OhGodAPet>
* Copyright 2016 Jay D Dee <jayddee246@gmail.com>
* Copyright 2017-2018 XMR-Stak <https://github.com/fireice-uk>, <https://github.com/psychocrypt>
* Copyright 2018-2019 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2019 XMRig <https://github.com/xmrig>, <support@xmrig.com>
* Copyright 2018-2020 SChernykh <https://github.com/SChernykh>
* Copyright 2016-2020 XMRig <https://github.com/xmrig>, <support@xmrig.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@ -29,6 +29,9 @@
#include <uv.h>
#include "base/tools/Object.h"
namespace xmrig {
@ -39,6 +42,8 @@ class String;
class TcpServer
{
public:
XMRIG_DISABLE_COPY_MOVE_DEFAULT(TcpServer)
TcpServer(const String &host, uint16_t port, ITcpServerListener *listener);
~TcpServer();
@ -50,9 +55,9 @@ private:
static void onConnection(uv_stream_t *stream, int status);
const String &m_host;
int m_version;
int m_version = 0;
ITcpServerListener *m_listener;
sockaddr_storage m_addr;
sockaddr_storage m_addr{};
uint16_t m_port;
uv_tcp_t *m_tcp;
};

9
src/config.json
View file

@ -77,6 +77,15 @@
"retries": 5,
"retry-pause": 5,
"syslog": false,
"tls": {
"enabled": false,
"protocols": null,
"cert": null,
"cert_key": null,
"ciphers": null,
"ciphersuites": null,
"dhparam": null
},
"user-agent": null,
"verbose": 0,
"watch": true

7
src/core/config/Config.cpp
View file

@ -211,7 +211,7 @@ void xmrig::Config::getJSON(rapidjson::Document &doc) const
auto &allocator = doc.GetAllocator();
Value api(kObjectType);
api.AddMember(StringRef(kApiId), m_apiId.toJSON(), allocator);
api.AddMember(StringRef(kApiId), m_apiId.toJSON(), allocator);
api.AddMember(StringRef(kApiWorkerId), m_apiWorkerId.toJSON(), allocator);
doc.AddMember(StringRef(kApi), api, allocator);
@ -245,6 +245,11 @@ void xmrig::Config::getJSON(rapidjson::Document &doc) const
doc.AddMember(StringRef(Pools::kRetries), m_pools.retries(), allocator);
doc.AddMember(StringRef(Pools::kRetryPause), m_pools.retryPause(), allocator);
doc.AddMember(StringRef(kSyslog), isSyslog(), allocator);
# ifdef XMRIG_FEATURE_TLS
doc.AddMember(StringRef(kTls), m_tls.toJSON(doc), allocator);
# endif
doc.AddMember(StringRef(kUserAgent), m_userAgent.toJSON(), allocator);
doc.AddMember(StringRef(kVerbose), Log::verbose(), allocator);
doc.AddMember(StringRef(kWatch), m_watch, allocator);

7
src/core/config/Config_platform.h
View file

@ -93,6 +93,13 @@ static const option options[] = {
# ifdef XMRIG_FEATURE_TLS
{ "tls", 0, nullptr, IConfig::TlsKey },
{ "tls-fingerprint", 1, nullptr, IConfig::FingerprintKey },
{ "tls-cert", 1, nullptr, IConfig::TlsCertKey },
{ "tls-cert-key", 1, nullptr, IConfig::TlsCertKeyKey },
{ "tls-dhparam", 1, nullptr, IConfig::TlsDHparamKey },
{ "tls-protocols", 1, nullptr, IConfig::TlsProtocolsKey },
{ "tls-ciphers", 1, nullptr, IConfig::TlsCiphersKey },
{ "tls-ciphersuites", 1, nullptr, IConfig::TlsCipherSuitesKey },
{ "tls-gen", 1, nullptr, IConfig::TlsGenKey },
# endif
# ifdef XMRIG_FEATURE_ASM
{ "asm", 1, nullptr, IConfig::AssemblyKey },

11
src/core/config/usage.h
View file

@ -131,6 +131,17 @@ static inline const std::string &usage()
u += " --no-nvml disable NVML (NVIDIA Management Library) support\n";
# endif
# ifdef XMRIG_FEATURE_TLS
u += "\nTLS:\n";
u += " --tls-gen=HOSTNAME generate TLS certificate for specific hostname\n";
u += " --tls-cert=FILE load TLS certificate chain from a file in the PEM format\n";
u += " --tls-cert-key=FILE load TLS certificate private key from a file in the PEM format\n";
u += " --tls-dhparam=FILE load DH parameters for DHE ciphers from a file in the PEM format\n";
u += " --tls-protocols=N enable specified TLS protocols, example: \"TLSv1 TLSv1.1 TLSv1.2 TLSv1.3\"\n";
u += " --tls-ciphers=S set list of available ciphers (TLSv1.2 and below)\n";
u += " --tls-ciphersuites=S set list of available TLSv1.3 ciphersuites\n";
# endif
u += "\nLogging:\n";
# ifdef HAVE_SYSLOG_H