Introducing MacSSL: A Modern TLS Library for Classic Macintosh Systems
A remarkable project has emerged for enthusiasts of vintage computing, particularly those who cherish the Classic Macintosh OS. Dubbed MacSSL, this project represents a port of MbedTLS designed specifically for Mac System 7, 8, and 9. While it is labeled a proof of concept and will not undergo further modifications, it serves as a template to demonstrate the feasibility of integrating modern security protocols into legacy systems.
The core of MacSSL is a port of MbedTLS, an established C library that implements cryptographic primitives and supports SSL/TLS protocols, aimed at enabling secure communication over the internet. This particular implementation is specifically tailored to compile under Metrowerks CodeWarrior Pro 4, with substantial effort required to adapt the code from C99 to the more restrictive C89/C90 standards.
The main application showcases a basic GET request to an API endpoint defined in api.h. The results are displayed in a text box, accompanied by extensive debug information, allowing users to observe the inner workings of the communication process. The aim was to create an application for 640by480, an Instagram-like platform for vintage digital cameras, where users can log in, post images, view posts, and read comments, all while requiring HTTPS for secure data transmission.
In this repository, users can find all necessary files located within the /Project folder. However, due to the resource management peculiarities of Mac OS, users should download the Archive.sit file, which contains the entire project folder, including the project file, source code, compiler output, and the PolarSSL library. This compressed archive can be easily extracted using Stuffit tools, enabling users to compile the application directly on their classic Macintosh.
While the full PolarSSL library isnt included in the project, necessary files for compilation are available in the /PolarSSL folder. A complete copy of the PolarSSL repository, omitting unutilized folders, is accessible in the /polarssl-repo directory, albeit this might be somewhat inconvenient for users.
In terms of capabilities, the MacSSL library supports various ciphersuites and elliptic curves required for secure communication:
MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHAMBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHAMBEDTLS_ECP_DP_SECP256R1
The library can handle RSA signatures as well, supporting SHA-1, SHA-256, and SHA-384 algorithms. The current configuration allows for TLS 1.1 support, which suffices for the projects goals, though it sets the groundwork for further improvements like TLS 1.2 and additional ciphersuites.
One of the key challenges faced during the implementation was the necessity to create compatibility layers to transition from C99 to C89/C90. This involved creating 64-bit integer emulation and restructuring the code to conform to the constraints imposed by C89, including variable declaration and include path limitations prevalent in the Mac file system.
Another notable hurdle was the lack of entropy sources in the Classic Mac OS, which is crucial for generating high-quality randomness needed in cryptographic operations. To address this, a custom entropy collection system was devised, drawing from various sources like system clock ticks, mouse movements, network packet timing, and TCP statistics.
Furthermore, the application also incorporates basic certificate handling, utilizing the ISRG Root X1 and Let's Encrypt R11 certificates, allowing for secure connections to the target server. Debugging features have also been implemented, providing comprehensive logs of SSL communication, which are saved both in a text box and to a text file to circumvent display limitations.
Despite the challenges inherent in working with a legacy system, the MacSSL project stands as a remarkable achievement in merging vintage computing with contemporary security practices, and it offers a unique opportunity for developers and enthusiasts alike to explore this uncharted territory.
