| /* |
| * |
| * Copyright 2015 gRPC authors. |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| * |
| */ |
| |
| #include <grpc/support/port_platform.h> |
| |
| #include "src/core/lib/security/transport/security_handshaker.h" |
| |
| #include <stdbool.h> |
| #include <string.h> |
| |
| #include <grpc/slice_buffer.h> |
| #include <grpc/support/alloc.h> |
| #include <grpc/support/log.h> |
| |
| #include "src/core/lib/channel/channel_args.h" |
| #include "src/core/lib/channel/handshaker.h" |
| #include "src/core/lib/channel/handshaker_registry.h" |
| #include "src/core/lib/gprpp/ref_counted_ptr.h" |
| #include "src/core/lib/security/context/security_context.h" |
| #include "src/core/lib/security/transport/secure_endpoint.h" |
| #include "src/core/lib/security/transport/tsi_error.h" |
| #include "src/core/lib/slice/slice_internal.h" |
| #include "src/core/tsi/transport_security_grpc.h" |
| |
| #define GRPC_INITIAL_HANDSHAKE_BUFFER_SIZE 256 |
| |
| namespace { |
| struct security_handshaker { |
| security_handshaker(tsi_handshaker* handshaker, |
| grpc_security_connector* connector); |
| ~security_handshaker() { |
| gpr_mu_destroy(&mu); |
| tsi_handshaker_destroy(handshaker); |
| tsi_handshaker_result_destroy(handshaker_result); |
| if (endpoint_to_destroy != nullptr) { |
| grpc_endpoint_destroy(endpoint_to_destroy); |
| } |
| if (read_buffer_to_destroy != nullptr) { |
| grpc_slice_buffer_destroy_internal(read_buffer_to_destroy); |
| gpr_free(read_buffer_to_destroy); |
| } |
| gpr_free(handshake_buffer); |
| grpc_slice_buffer_destroy_internal(&outgoing); |
| auth_context.reset(DEBUG_LOCATION, "handshake"); |
| connector.reset(DEBUG_LOCATION, "handshake"); |
| } |
| |
| void Ref() { refs.Ref(); } |
| void Unref() { |
| if (refs.Unref()) { |
| grpc_core::Delete(this); |
| } |
| } |
| |
| grpc_handshaker base; |
| |
| // State set at creation time. |
| tsi_handshaker* handshaker; |
| grpc_core::RefCountedPtr<grpc_security_connector> connector; |
| |
| gpr_mu mu; |
| grpc_core::RefCount refs; |
| |
| bool shutdown = false; |
| // Endpoint and read buffer to destroy after a shutdown. |
| grpc_endpoint* endpoint_to_destroy = nullptr; |
| grpc_slice_buffer* read_buffer_to_destroy = nullptr; |
| |
| // State saved while performing the handshake. |
| grpc_handshaker_args* args = nullptr; |
| grpc_closure* on_handshake_done = nullptr; |
| |
| size_t handshake_buffer_size; |
| unsigned char* handshake_buffer; |
| grpc_slice_buffer outgoing; |
| grpc_closure on_handshake_data_sent_to_peer; |
| grpc_closure on_handshake_data_received_from_peer; |
| grpc_closure on_peer_checked; |
| grpc_core::RefCountedPtr<grpc_auth_context> auth_context; |
| tsi_handshaker_result* handshaker_result = nullptr; |
| }; |
| } // namespace |
| |
| static size_t move_read_buffer_into_handshake_buffer(security_handshaker* h) { |
| size_t bytes_in_read_buffer = h->args->read_buffer->length; |
| if (h->handshake_buffer_size < bytes_in_read_buffer) { |
| h->handshake_buffer = static_cast<uint8_t*>( |
| gpr_realloc(h->handshake_buffer, bytes_in_read_buffer)); |
| h->handshake_buffer_size = bytes_in_read_buffer; |
| } |
| size_t offset = 0; |
| while (h->args->read_buffer->count > 0) { |
| grpc_slice next_slice = grpc_slice_buffer_take_first(h->args->read_buffer); |
| memcpy(h->handshake_buffer + offset, GRPC_SLICE_START_PTR(next_slice), |
| GRPC_SLICE_LENGTH(next_slice)); |
| offset += GRPC_SLICE_LENGTH(next_slice); |
| grpc_slice_unref_internal(next_slice); |
| } |
| return bytes_in_read_buffer; |
| } |
| |
| // Set args fields to NULL, saving the endpoint and read buffer for |
| // later destruction. |
| static void cleanup_args_for_failure_locked(security_handshaker* h) { |
| h->endpoint_to_destroy = h->args->endpoint; |
| h->args->endpoint = nullptr; |
| h->read_buffer_to_destroy = h->args->read_buffer; |
| h->args->read_buffer = nullptr; |
| grpc_channel_args_destroy(h->args->args); |
| h->args->args = nullptr; |
| } |
| |
| // If the handshake failed or we're shutting down, clean up and invoke the |
| // callback with the error. |
| static void security_handshake_failed_locked(security_handshaker* h, |
| grpc_error* error) { |
| if (error == GRPC_ERROR_NONE) { |
| // If we were shut down after the handshake succeeded but before an |
| // endpoint callback was invoked, we need to generate our own error. |
| error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("Handshaker shutdown"); |
| } |
| const char* msg = grpc_error_string(error); |
| gpr_log(GPR_DEBUG, "Security handshake failed: %s", msg); |
| |
| if (!h->shutdown) { |
| // TODO(ctiller): It is currently necessary to shutdown endpoints |
| // before destroying them, even if we know that there are no |
| // pending read/write callbacks. This should be fixed, at which |
| // point this can be removed. |
| grpc_endpoint_shutdown(h->args->endpoint, GRPC_ERROR_REF(error)); |
| // Not shutting down, so the write failed. Clean up before |
| // invoking the callback. |
| cleanup_args_for_failure_locked(h); |
| // Set shutdown to true so that subsequent calls to |
| // security_handshaker_shutdown() do nothing. |
| h->shutdown = true; |
| } |
| // Invoke callback. |
| GRPC_CLOSURE_SCHED(h->on_handshake_done, error); |
| } |
| |
| static void on_peer_checked_inner(security_handshaker* h, grpc_error* error) { |
| if (error != GRPC_ERROR_NONE || h->shutdown) { |
| security_handshake_failed_locked(h, GRPC_ERROR_REF(error)); |
| return; |
| } |
| // Create zero-copy frame protector, if implemented. |
| tsi_zero_copy_grpc_protector* zero_copy_protector = nullptr; |
| tsi_result result = tsi_handshaker_result_create_zero_copy_grpc_protector( |
| h->handshaker_result, nullptr, &zero_copy_protector); |
| if (result != TSI_OK && result != TSI_UNIMPLEMENTED) { |
| error = grpc_set_tsi_error_result( |
| GRPC_ERROR_CREATE_FROM_STATIC_STRING( |
| "Zero-copy frame protector creation failed"), |
| result); |
| security_handshake_failed_locked(h, error); |
| return; |
| } |
| // Create frame protector if zero-copy frame protector is NULL. |
| tsi_frame_protector* protector = nullptr; |
| if (zero_copy_protector == nullptr) { |
| result = tsi_handshaker_result_create_frame_protector(h->handshaker_result, |
| nullptr, &protector); |
| if (result != TSI_OK) { |
| error = grpc_set_tsi_error_result(GRPC_ERROR_CREATE_FROM_STATIC_STRING( |
| "Frame protector creation failed"), |
| result); |
| security_handshake_failed_locked(h, error); |
| return; |
| } |
| } |
| // Get unused bytes. |
| const unsigned char* unused_bytes = nullptr; |
| size_t unused_bytes_size = 0; |
| result = tsi_handshaker_result_get_unused_bytes( |
| h->handshaker_result, &unused_bytes, &unused_bytes_size); |
| // Create secure endpoint. |
| if (unused_bytes_size > 0) { |
| grpc_slice slice = |
| grpc_slice_from_copied_buffer((char*)unused_bytes, unused_bytes_size); |
| h->args->endpoint = grpc_secure_endpoint_create( |
| protector, zero_copy_protector, h->args->endpoint, &slice, 1); |
| grpc_slice_unref_internal(slice); |
| } else { |
| h->args->endpoint = grpc_secure_endpoint_create( |
| protector, zero_copy_protector, h->args->endpoint, nullptr, 0); |
| } |
| tsi_handshaker_result_destroy(h->handshaker_result); |
| h->handshaker_result = nullptr; |
| // Add auth context to channel args. |
| grpc_arg auth_context_arg = grpc_auth_context_to_arg(h->auth_context.get()); |
| grpc_channel_args* tmp_args = h->args->args; |
| h->args->args = |
| grpc_channel_args_copy_and_add(tmp_args, &auth_context_arg, 1); |
| grpc_channel_args_destroy(tmp_args); |
| // Invoke callback. |
| GRPC_CLOSURE_SCHED(h->on_handshake_done, GRPC_ERROR_NONE); |
| // Set shutdown to true so that subsequent calls to |
| // security_handshaker_shutdown() do nothing. |
| h->shutdown = true; |
| } |
| |
| static void on_peer_checked(void* arg, grpc_error* error) { |
| security_handshaker* h = static_cast<security_handshaker*>(arg); |
| gpr_mu_lock(&h->mu); |
| on_peer_checked_inner(h, error); |
| gpr_mu_unlock(&h->mu); |
| h->Unref(); |
| } |
| |
| static grpc_error* check_peer_locked(security_handshaker* h) { |
| tsi_peer peer; |
| tsi_result result = |
| tsi_handshaker_result_extract_peer(h->handshaker_result, &peer); |
| if (result != TSI_OK) { |
| return grpc_set_tsi_error_result( |
| GRPC_ERROR_CREATE_FROM_STATIC_STRING("Peer extraction failed"), result); |
| } |
| h->connector->check_peer(peer, h->args->endpoint, &h->auth_context, |
| &h->on_peer_checked); |
| return GRPC_ERROR_NONE; |
| } |
| |
| static grpc_error* on_handshake_next_done_locked( |
| security_handshaker* h, tsi_result result, |
| const unsigned char* bytes_to_send, size_t bytes_to_send_size, |
| tsi_handshaker_result* handshaker_result) { |
| grpc_error* error = GRPC_ERROR_NONE; |
| // Handshaker was shutdown. |
| if (h->shutdown) { |
| return GRPC_ERROR_CREATE_FROM_STATIC_STRING("Handshaker shutdown"); |
| } |
| // Read more if we need to. |
| if (result == TSI_INCOMPLETE_DATA) { |
| GPR_ASSERT(bytes_to_send_size == 0); |
| grpc_endpoint_read(h->args->endpoint, h->args->read_buffer, |
| &h->on_handshake_data_received_from_peer); |
| return error; |
| } |
| if (result != TSI_OK) { |
| return grpc_set_tsi_error_result( |
| GRPC_ERROR_CREATE_FROM_STATIC_STRING("Handshake failed"), result); |
| } |
| // Update handshaker result. |
| if (handshaker_result != nullptr) { |
| GPR_ASSERT(h->handshaker_result == nullptr); |
| h->handshaker_result = handshaker_result; |
| } |
| if (bytes_to_send_size > 0) { |
| // Send data to peer, if needed. |
| grpc_slice to_send = grpc_slice_from_copied_buffer( |
| reinterpret_cast<const char*>(bytes_to_send), bytes_to_send_size); |
| grpc_slice_buffer_reset_and_unref_internal(&h->outgoing); |
| grpc_slice_buffer_add(&h->outgoing, to_send); |
| grpc_endpoint_write(h->args->endpoint, &h->outgoing, |
| &h->on_handshake_data_sent_to_peer, nullptr); |
| } else if (handshaker_result == nullptr) { |
| // There is nothing to send, but need to read from peer. |
| grpc_endpoint_read(h->args->endpoint, h->args->read_buffer, |
| &h->on_handshake_data_received_from_peer); |
| } else { |
| // Handshake has finished, check peer and so on. |
| error = check_peer_locked(h); |
| } |
| return error; |
| } |
| |
| static void on_handshake_next_done_grpc_wrapper( |
| tsi_result result, void* user_data, const unsigned char* bytes_to_send, |
| size_t bytes_to_send_size, tsi_handshaker_result* handshaker_result) { |
| security_handshaker* h = static_cast<security_handshaker*>(user_data); |
| gpr_mu_lock(&h->mu); |
| grpc_error* error = on_handshake_next_done_locked( |
| h, result, bytes_to_send, bytes_to_send_size, handshaker_result); |
| if (error != GRPC_ERROR_NONE) { |
| security_handshake_failed_locked(h, error); |
| gpr_mu_unlock(&h->mu); |
| h->Unref(); |
| } else { |
| gpr_mu_unlock(&h->mu); |
| } |
| } |
| |
| static grpc_error* do_handshaker_next_locked( |
| security_handshaker* h, const unsigned char* bytes_received, |
| size_t bytes_received_size) { |
| // Invoke TSI handshaker. |
| const unsigned char* bytes_to_send = nullptr; |
| size_t bytes_to_send_size = 0; |
| tsi_handshaker_result* handshaker_result = nullptr; |
| tsi_result result = tsi_handshaker_next( |
| h->handshaker, bytes_received, bytes_received_size, &bytes_to_send, |
| &bytes_to_send_size, &handshaker_result, |
| &on_handshake_next_done_grpc_wrapper, h); |
| if (result == TSI_ASYNC) { |
| // Handshaker operating asynchronously. Nothing else to do here; |
| // callback will be invoked in a TSI thread. |
| return GRPC_ERROR_NONE; |
| } |
| // Handshaker returned synchronously. Invoke callback directly in |
| // this thread with our existing exec_ctx. |
| return on_handshake_next_done_locked(h, result, bytes_to_send, |
| bytes_to_send_size, handshaker_result); |
| } |
| |
| static void on_handshake_data_received_from_peer(void* arg, grpc_error* error) { |
| security_handshaker* h = static_cast<security_handshaker*>(arg); |
| gpr_mu_lock(&h->mu); |
| if (error != GRPC_ERROR_NONE || h->shutdown) { |
| security_handshake_failed_locked( |
| h, GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING( |
| "Handshake read failed", &error, 1)); |
| gpr_mu_unlock(&h->mu); |
| h->Unref(); |
| return; |
| } |
| // Copy all slices received. |
| size_t bytes_received_size = move_read_buffer_into_handshake_buffer(h); |
| // Call TSI handshaker. |
| error = |
| do_handshaker_next_locked(h, h->handshake_buffer, bytes_received_size); |
| |
| if (error != GRPC_ERROR_NONE) { |
| security_handshake_failed_locked(h, error); |
| gpr_mu_unlock(&h->mu); |
| h->Unref(); |
| } else { |
| gpr_mu_unlock(&h->mu); |
| } |
| } |
| |
| static void on_handshake_data_sent_to_peer(void* arg, grpc_error* error) { |
| security_handshaker* h = static_cast<security_handshaker*>(arg); |
| gpr_mu_lock(&h->mu); |
| if (error != GRPC_ERROR_NONE || h->shutdown) { |
| security_handshake_failed_locked( |
| h, GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING( |
| "Handshake write failed", &error, 1)); |
| gpr_mu_unlock(&h->mu); |
| h->Unref(); |
| return; |
| } |
| // We may be done. |
| if (h->handshaker_result == nullptr) { |
| grpc_endpoint_read(h->args->endpoint, h->args->read_buffer, |
| &h->on_handshake_data_received_from_peer); |
| } else { |
| error = check_peer_locked(h); |
| if (error != GRPC_ERROR_NONE) { |
| security_handshake_failed_locked(h, error); |
| gpr_mu_unlock(&h->mu); |
| h->Unref(); |
| return; |
| } |
| } |
| gpr_mu_unlock(&h->mu); |
| } |
| |
| // |
| // public handshaker API |
| // |
| |
| static void security_handshaker_destroy(grpc_handshaker* handshaker) { |
| security_handshaker* h = reinterpret_cast<security_handshaker*>(handshaker); |
| h->Unref(); |
| } |
| |
| static void security_handshaker_shutdown(grpc_handshaker* handshaker, |
| grpc_error* why) { |
| security_handshaker* h = reinterpret_cast<security_handshaker*>(handshaker); |
| gpr_mu_lock(&h->mu); |
| if (!h->shutdown) { |
| h->shutdown = true; |
| tsi_handshaker_shutdown(h->handshaker); |
| grpc_endpoint_shutdown(h->args->endpoint, GRPC_ERROR_REF(why)); |
| cleanup_args_for_failure_locked(h); |
| } |
| gpr_mu_unlock(&h->mu); |
| GRPC_ERROR_UNREF(why); |
| } |
| |
| static void security_handshaker_do_handshake(grpc_handshaker* handshaker, |
| grpc_tcp_server_acceptor* acceptor, |
| grpc_closure* on_handshake_done, |
| grpc_handshaker_args* args) { |
| security_handshaker* h = reinterpret_cast<security_handshaker*>(handshaker); |
| gpr_mu_lock(&h->mu); |
| h->args = args; |
| h->on_handshake_done = on_handshake_done; |
| h->Ref(); |
| size_t bytes_received_size = move_read_buffer_into_handshake_buffer(h); |
| grpc_error* error = |
| do_handshaker_next_locked(h, h->handshake_buffer, bytes_received_size); |
| if (error != GRPC_ERROR_NONE) { |
| security_handshake_failed_locked(h, error); |
| gpr_mu_unlock(&h->mu); |
| h->Unref(); |
| return; |
| } |
| gpr_mu_unlock(&h->mu); |
| } |
| |
| static const grpc_handshaker_vtable security_handshaker_vtable = { |
| security_handshaker_destroy, security_handshaker_shutdown, |
| security_handshaker_do_handshake, "security"}; |
| |
| namespace { |
| security_handshaker::security_handshaker(tsi_handshaker* handshaker, |
| grpc_security_connector* connector) |
| : handshaker(handshaker), |
| connector(connector->Ref(DEBUG_LOCATION, "handshake")), |
| handshake_buffer_size(GRPC_INITIAL_HANDSHAKE_BUFFER_SIZE), |
| handshake_buffer( |
| static_cast<uint8_t*>(gpr_malloc(handshake_buffer_size))) { |
| grpc_handshaker_init(&security_handshaker_vtable, &base); |
| gpr_mu_init(&mu); |
| grpc_slice_buffer_init(&outgoing); |
| GRPC_CLOSURE_INIT(&on_handshake_data_sent_to_peer, |
| ::on_handshake_data_sent_to_peer, this, |
| grpc_schedule_on_exec_ctx); |
| GRPC_CLOSURE_INIT(&on_handshake_data_received_from_peer, |
| ::on_handshake_data_received_from_peer, this, |
| grpc_schedule_on_exec_ctx); |
| GRPC_CLOSURE_INIT(&on_peer_checked, ::on_peer_checked, this, |
| grpc_schedule_on_exec_ctx); |
| } |
| } // namespace |
| |
| static grpc_handshaker* security_handshaker_create( |
| tsi_handshaker* handshaker, grpc_security_connector* connector) { |
| security_handshaker* h = |
| grpc_core::New<security_handshaker>(handshaker, connector); |
| return &h->base; |
| } |
| |
| // |
| // fail_handshaker |
| // |
| |
| static void fail_handshaker_destroy(grpc_handshaker* handshaker) { |
| gpr_free(handshaker); |
| } |
| |
| static void fail_handshaker_shutdown(grpc_handshaker* handshaker, |
| grpc_error* why) { |
| GRPC_ERROR_UNREF(why); |
| } |
| |
| static void fail_handshaker_do_handshake(grpc_handshaker* handshaker, |
| grpc_tcp_server_acceptor* acceptor, |
| grpc_closure* on_handshake_done, |
| grpc_handshaker_args* args) { |
| GRPC_CLOSURE_SCHED(on_handshake_done, |
| GRPC_ERROR_CREATE_FROM_STATIC_STRING( |
| "Failed to create security handshaker")); |
| } |
| |
| static const grpc_handshaker_vtable fail_handshaker_vtable = { |
| fail_handshaker_destroy, fail_handshaker_shutdown, |
| fail_handshaker_do_handshake, "security_fail"}; |
| |
| static grpc_handshaker* fail_handshaker_create() { |
| grpc_handshaker* h = static_cast<grpc_handshaker*>(gpr_malloc(sizeof(*h))); |
| grpc_handshaker_init(&fail_handshaker_vtable, h); |
| return h; |
| } |
| |
| // |
| // handshaker factories |
| // |
| |
| static void client_handshaker_factory_add_handshakers( |
| grpc_handshaker_factory* handshaker_factory, const grpc_channel_args* args, |
| grpc_pollset_set* interested_parties, |
| grpc_handshake_manager* handshake_mgr) { |
| grpc_channel_security_connector* security_connector = |
| reinterpret_cast<grpc_channel_security_connector*>( |
| grpc_security_connector_find_in_args(args)); |
| if (security_connector) { |
| security_connector->add_handshakers(interested_parties, handshake_mgr); |
| } |
| } |
| |
| static void server_handshaker_factory_add_handshakers( |
| grpc_handshaker_factory* hf, const grpc_channel_args* args, |
| grpc_pollset_set* interested_parties, |
| grpc_handshake_manager* handshake_mgr) { |
| grpc_server_security_connector* security_connector = |
| reinterpret_cast<grpc_server_security_connector*>( |
| grpc_security_connector_find_in_args(args)); |
| if (security_connector) { |
| security_connector->add_handshakers(interested_parties, handshake_mgr); |
| } |
| } |
| |
| static void handshaker_factory_destroy( |
| grpc_handshaker_factory* handshaker_factory) {} |
| |
| static const grpc_handshaker_factory_vtable client_handshaker_factory_vtable = { |
| client_handshaker_factory_add_handshakers, handshaker_factory_destroy}; |
| |
| static grpc_handshaker_factory client_handshaker_factory = { |
| &client_handshaker_factory_vtable}; |
| |
| static const grpc_handshaker_factory_vtable server_handshaker_factory_vtable = { |
| server_handshaker_factory_add_handshakers, handshaker_factory_destroy}; |
| |
| static grpc_handshaker_factory server_handshaker_factory = { |
| &server_handshaker_factory_vtable}; |
| |
| // |
| // exported functions |
| // |
| |
| grpc_handshaker* grpc_security_handshaker_create( |
| tsi_handshaker* handshaker, grpc_security_connector* connector) { |
| // If no TSI handshaker was created, return a handshaker that always fails. |
| // Otherwise, return a real security handshaker. |
| if (handshaker == nullptr) { |
| return fail_handshaker_create(); |
| } else { |
| return security_handshaker_create(handshaker, connector); |
| } |
| } |
| |
| void grpc_security_register_handshaker_factories() { |
| grpc_handshaker_factory_register(false /* at_start */, HANDSHAKER_CLIENT, |
| &client_handshaker_factory); |
| grpc_handshaker_factory_register(false /* at_start */, HANDSHAKER_SERVER, |
| &server_handshaker_factory); |
| } |