Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2021 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #define LOG_TAG "RpcTransportTls" |
| 18 | #include <log/log.h> |
| 19 | |
| 20 | #include <poll.h> |
| 21 | |
| 22 | #include <openssl/bn.h> |
| 23 | #include <openssl/ssl.h> |
| 24 | |
Yifan Hong | bb24eea | 2021-09-17 18:21:56 -0700 | [diff] [blame] | 25 | #include <binder/RpcTlsUtils.h> |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 26 | #include <binder/RpcTransportTls.h> |
| 27 | |
| 28 | #include "FdTrigger.h" |
| 29 | #include "RpcState.h" |
Yifan Hong | 18ac947 | 2021-09-09 19:55:38 -0700 | [diff] [blame] | 30 | #include "Utils.h" |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 31 | |
| 32 | #define SHOULD_LOG_TLS_DETAIL false |
| 33 | |
| 34 | #if SHOULD_LOG_TLS_DETAIL |
| 35 | #define LOG_TLS_DETAIL(...) ALOGI(__VA_ARGS__) |
| 36 | #else |
| 37 | #define LOG_TLS_DETAIL(...) ALOGV(__VA_ARGS__) // for type checking |
| 38 | #endif |
| 39 | |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 40 | using android::base::ErrnoError; |
| 41 | using android::base::Error; |
| 42 | using android::base::Result; |
| 43 | |
| 44 | namespace android { |
| 45 | namespace { |
| 46 | |
Yifan Hong | d17353c | 2021-06-24 21:56:38 -0700 | [diff] [blame] | 47 | // Implement BIO for socket that ignores SIGPIPE. |
| 48 | int socketNew(BIO* bio) { |
| 49 | BIO_set_data(bio, reinterpret_cast<void*>(-1)); |
| 50 | BIO_set_init(bio, 0); |
| 51 | return 1; |
| 52 | } |
| 53 | int socketFree(BIO* bio) { |
| 54 | LOG_ALWAYS_FATAL_IF(bio == nullptr); |
| 55 | return 1; |
| 56 | } |
| 57 | int socketRead(BIO* bio, char* buf, int size) { |
| 58 | android::base::borrowed_fd fd(static_cast<int>(reinterpret_cast<intptr_t>(BIO_get_data(bio)))); |
| 59 | int ret = TEMP_FAILURE_RETRY(::recv(fd.get(), buf, size, MSG_NOSIGNAL)); |
| 60 | BIO_clear_retry_flags(bio); |
| 61 | if (errno == EAGAIN || errno == EWOULDBLOCK) { |
| 62 | BIO_set_retry_read(bio); |
| 63 | } |
| 64 | return ret; |
| 65 | } |
| 66 | |
| 67 | int socketWrite(BIO* bio, const char* buf, int size) { |
| 68 | android::base::borrowed_fd fd(static_cast<int>(reinterpret_cast<intptr_t>(BIO_get_data(bio)))); |
| 69 | int ret = TEMP_FAILURE_RETRY(::send(fd.get(), buf, size, MSG_NOSIGNAL)); |
| 70 | BIO_clear_retry_flags(bio); |
| 71 | if (errno == EAGAIN || errno == EWOULDBLOCK) { |
| 72 | BIO_set_retry_write(bio); |
| 73 | } |
| 74 | return ret; |
| 75 | } |
| 76 | |
| 77 | long socketCtrl(BIO* bio, int cmd, long num, void*) { // NOLINT |
| 78 | android::base::borrowed_fd fd(static_cast<int>(reinterpret_cast<intptr_t>(BIO_get_data(bio)))); |
| 79 | if (cmd == BIO_CTRL_FLUSH) return 1; |
| 80 | LOG_ALWAYS_FATAL("sockCtrl(fd=%d, %d, %ld)", fd.get(), cmd, num); |
| 81 | return 0; |
| 82 | } |
| 83 | |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 84 | bssl::UniquePtr<BIO> newSocketBio(android::base::borrowed_fd fd) { |
Yifan Hong | d17353c | 2021-06-24 21:56:38 -0700 | [diff] [blame] | 85 | static const BIO_METHOD* gMethods = ([] { |
| 86 | auto methods = BIO_meth_new(BIO_get_new_index(), "socket_no_signal"); |
| 87 | LOG_ALWAYS_FATAL_IF(0 == BIO_meth_set_write(methods, socketWrite), "BIO_meth_set_write"); |
| 88 | LOG_ALWAYS_FATAL_IF(0 == BIO_meth_set_read(methods, socketRead), "BIO_meth_set_read"); |
| 89 | LOG_ALWAYS_FATAL_IF(0 == BIO_meth_set_ctrl(methods, socketCtrl), "BIO_meth_set_ctrl"); |
| 90 | LOG_ALWAYS_FATAL_IF(0 == BIO_meth_set_create(methods, socketNew), "BIO_meth_set_create"); |
| 91 | LOG_ALWAYS_FATAL_IF(0 == BIO_meth_set_destroy(methods, socketFree), "BIO_meth_set_destroy"); |
| 92 | return methods; |
| 93 | })(); |
| 94 | bssl::UniquePtr<BIO> ret(BIO_new(gMethods)); |
| 95 | if (ret == nullptr) return nullptr; |
| 96 | BIO_set_data(ret.get(), reinterpret_cast<void*>(fd.get())); |
| 97 | BIO_set_init(ret.get(), 1); |
| 98 | return ret; |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 99 | } |
| 100 | |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 101 | [[maybe_unused]] void sslDebugLog(const SSL* ssl, int type, int value) { |
| 102 | switch (type) { |
| 103 | case SSL_CB_HANDSHAKE_START: |
| 104 | LOG_TLS_DETAIL("Handshake started."); |
| 105 | break; |
| 106 | case SSL_CB_HANDSHAKE_DONE: |
| 107 | LOG_TLS_DETAIL("Handshake done."); |
| 108 | break; |
| 109 | case SSL_CB_ACCEPT_LOOP: |
| 110 | LOG_TLS_DETAIL("Handshake progress: %s", SSL_state_string_long(ssl)); |
| 111 | break; |
| 112 | default: |
| 113 | LOG_TLS_DETAIL("SSL Debug Log: type = %d, value = %d", type, value); |
| 114 | break; |
| 115 | } |
| 116 | } |
| 117 | |
Yifan Hong | 87a379c | 2021-08-12 18:53:24 -0700 | [diff] [blame] | 118 | // Helper class to ErrorQueue::toString |
| 119 | class ErrorQueueString { |
| 120 | public: |
| 121 | static std::string toString() { |
| 122 | ErrorQueueString thiz; |
| 123 | ERR_print_errors_cb(staticCallback, &thiz); |
| 124 | return thiz.mSs.str(); |
| 125 | } |
| 126 | |
| 127 | private: |
| 128 | static int staticCallback(const char* str, size_t len, void* ctx) { |
| 129 | return reinterpret_cast<ErrorQueueString*>(ctx)->callback(str, len); |
| 130 | } |
| 131 | int callback(const char* str, size_t len) { |
| 132 | if (len == 0) return 1; // continue |
| 133 | // ERR_print_errors_cb place a new line at the end, but it doesn't say so in the API. |
| 134 | if (str[len - 1] == '\n') len -= 1; |
| 135 | if (!mIsFirst) { |
| 136 | mSs << '\n'; |
| 137 | } |
| 138 | mSs << std::string_view(str, len); |
| 139 | mIsFirst = false; |
| 140 | return 1; // continue |
| 141 | } |
| 142 | std::stringstream mSs; |
| 143 | bool mIsFirst = true; |
| 144 | }; |
| 145 | |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 146 | // Handles libssl's error queue. |
| 147 | // |
| 148 | // Call into any of its member functions to ensure the error queue is properly handled or cleared. |
| 149 | // If the error queue is not handled or cleared, the destructor will abort. |
| 150 | class ErrorQueue { |
| 151 | public: |
| 152 | ~ErrorQueue() { LOG_ALWAYS_FATAL_IF(!mHandled); } |
| 153 | |
| 154 | // Clear the error queue. |
| 155 | void clear() { |
| 156 | ERR_clear_error(); |
| 157 | mHandled = true; |
| 158 | } |
| 159 | |
| 160 | // Stores the error queue in |ssl| into a string, then clears the error queue. |
| 161 | std::string toString() { |
Yifan Hong | 87a379c | 2021-08-12 18:53:24 -0700 | [diff] [blame] | 162 | auto ret = ErrorQueueString::toString(); |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 163 | // Though ERR_print_errors_cb should have cleared it, it is okay to clear again. |
| 164 | clear(); |
Yifan Hong | 87a379c | 2021-08-12 18:53:24 -0700 | [diff] [blame] | 165 | return ret; |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 166 | } |
| 167 | |
| 168 | // |sslError| should be from Ssl::getError(). |
| 169 | // If |sslError| is WANT_READ / WANT_WRITE, poll for POLLIN / POLLOUT respectively. Otherwise |
| 170 | // return error. Also return error if |fdTrigger| is triggered before or during poll(). |
| 171 | status_t pollForSslError(android::base::borrowed_fd fd, int sslError, FdTrigger* fdTrigger, |
Steven Moreland | 43921d5 | 2021-09-27 17:15:56 -0700 | [diff] [blame] | 172 | const char* fnString, int additionalEvent, |
| 173 | const std::function<status_t()>& altPoll) { |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 174 | switch (sslError) { |
| 175 | case SSL_ERROR_WANT_READ: |
Steven Moreland | 43921d5 | 2021-09-27 17:15:56 -0700 | [diff] [blame] | 176 | return handlePoll(POLLIN | additionalEvent, fd, fdTrigger, fnString, altPoll); |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 177 | case SSL_ERROR_WANT_WRITE: |
Steven Moreland | 43921d5 | 2021-09-27 17:15:56 -0700 | [diff] [blame] | 178 | return handlePoll(POLLOUT | additionalEvent, fd, fdTrigger, fnString, altPoll); |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 179 | case SSL_ERROR_SYSCALL: { |
| 180 | auto queue = toString(); |
| 181 | LOG_TLS_DETAIL("%s(): %s. Treating as DEAD_OBJECT. Error queue: %s", fnString, |
| 182 | SSL_error_description(sslError), queue.c_str()); |
| 183 | return DEAD_OBJECT; |
| 184 | } |
| 185 | default: { |
| 186 | auto queue = toString(); |
| 187 | ALOGE("%s(): %s. Error queue: %s", fnString, SSL_error_description(sslError), |
| 188 | queue.c_str()); |
| 189 | return UNKNOWN_ERROR; |
| 190 | } |
| 191 | } |
| 192 | } |
| 193 | |
| 194 | private: |
| 195 | bool mHandled = false; |
| 196 | |
| 197 | status_t handlePoll(int event, android::base::borrowed_fd fd, FdTrigger* fdTrigger, |
Steven Moreland | 43921d5 | 2021-09-27 17:15:56 -0700 | [diff] [blame] | 198 | const char* fnString, const std::function<status_t()>& altPoll) { |
| 199 | status_t ret; |
| 200 | if (altPoll) { |
| 201 | ret = altPoll(); |
| 202 | if (fdTrigger->isTriggered()) ret = DEAD_OBJECT; |
| 203 | } else { |
| 204 | ret = fdTrigger->triggerablePoll(fd, event); |
| 205 | } |
| 206 | |
Steven Moreland | c591b47 | 2021-09-16 13:56:11 -0700 | [diff] [blame] | 207 | if (ret != OK && ret != DEAD_OBJECT) { |
Steven Moreland | 43921d5 | 2021-09-27 17:15:56 -0700 | [diff] [blame] | 208 | ALOGE("poll error while after %s(): %s", fnString, statusToString(ret).c_str()); |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 209 | } |
| 210 | clear(); |
| 211 | return ret; |
| 212 | } |
| 213 | }; |
| 214 | |
| 215 | // Helper to call a function, with its return value instantiable. |
| 216 | template <typename Fn, typename... Args> |
| 217 | struct FuncCaller { |
| 218 | struct Monostate {}; |
| 219 | static constexpr bool sIsVoid = std::is_void_v<std::invoke_result_t<Fn, Args...>>; |
| 220 | using Result = std::conditional_t<sIsVoid, Monostate, std::invoke_result_t<Fn, Args...>>; |
| 221 | static inline Result call(Fn fn, Args&&... args) { |
| 222 | if constexpr (std::is_void_v<std::invoke_result_t<Fn, Args...>>) { |
| 223 | std::invoke(fn, std::forward<Args>(args)...); |
| 224 | return {}; |
| 225 | } else { |
| 226 | return std::invoke(fn, std::forward<Args>(args)...); |
| 227 | } |
| 228 | } |
| 229 | }; |
| 230 | |
| 231 | // Helper to Ssl::call(). Returns the result to the SSL_* function as well as an ErrorQueue object. |
| 232 | template <typename Fn, typename... Args> |
| 233 | struct SslCaller { |
| 234 | using RawCaller = FuncCaller<Fn, SSL*, Args...>; |
| 235 | struct ResultAndErrorQueue { |
| 236 | typename RawCaller::Result result; |
| 237 | ErrorQueue errorQueue; |
| 238 | }; |
| 239 | static inline ResultAndErrorQueue call(Fn fn, SSL* ssl, Args&&... args) { |
| 240 | LOG_ALWAYS_FATAL_IF(ssl == nullptr); |
| 241 | auto result = RawCaller::call(fn, std::forward<SSL*>(ssl), std::forward<Args>(args)...); |
| 242 | return ResultAndErrorQueue{std::move(result), ErrorQueue()}; |
| 243 | } |
| 244 | }; |
| 245 | |
| 246 | // A wrapper over bssl::UniquePtr<SSL>. This class ensures that all SSL_* functions are called |
| 247 | // through call(), which returns an ErrorQueue object that requires the caller to either handle |
| 248 | // or clear it. |
| 249 | // Example: |
| 250 | // auto [ret, errorQueue] = ssl.call(SSL_read, buf, size); |
| 251 | // if (ret >= 0) errorQueue.clear(); |
| 252 | // else ALOGE("%s", errorQueue.toString().c_str()); |
| 253 | class Ssl { |
| 254 | public: |
| 255 | explicit Ssl(bssl::UniquePtr<SSL> ssl) : mSsl(std::move(ssl)) { |
| 256 | LOG_ALWAYS_FATAL_IF(mSsl == nullptr); |
| 257 | } |
| 258 | |
| 259 | template <typename Fn, typename... Args> |
| 260 | inline typename SslCaller<Fn, Args...>::ResultAndErrorQueue call(Fn fn, Args&&... args) { |
| 261 | return SslCaller<Fn, Args...>::call(fn, mSsl.get(), std::forward<Args>(args)...); |
| 262 | } |
| 263 | |
| 264 | int getError(int ret) { |
| 265 | LOG_ALWAYS_FATAL_IF(mSsl == nullptr); |
| 266 | return SSL_get_error(mSsl.get(), ret); |
| 267 | } |
| 268 | |
| 269 | private: |
| 270 | bssl::UniquePtr<SSL> mSsl; |
| 271 | }; |
| 272 | |
| 273 | class RpcTransportTls : public RpcTransport { |
| 274 | public: |
| 275 | RpcTransportTls(android::base::unique_fd socket, Ssl ssl) |
| 276 | : mSocket(std::move(socket)), mSsl(std::move(ssl)) {} |
| 277 | Result<size_t> peek(void* buf, size_t size) override; |
Steven Moreland | 43921d5 | 2021-09-27 17:15:56 -0700 | [diff] [blame] | 278 | status_t interruptableWriteFully(FdTrigger* fdTrigger, const void* data, size_t size, |
| 279 | const std::function<status_t()>& altPoll) override; |
| 280 | status_t interruptableReadFully(FdTrigger* fdTrigger, void* data, size_t size, |
| 281 | const std::function<status_t()>& altPoll) override; |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 282 | |
| 283 | private: |
| 284 | android::base::unique_fd mSocket; |
| 285 | Ssl mSsl; |
| 286 | }; |
| 287 | |
| 288 | // Error code is errno. |
| 289 | Result<size_t> RpcTransportTls::peek(void* buf, size_t size) { |
| 290 | size_t todo = std::min<size_t>(size, std::numeric_limits<int>::max()); |
| 291 | auto [ret, errorQueue] = mSsl.call(SSL_peek, buf, static_cast<int>(todo)); |
| 292 | if (ret < 0) { |
| 293 | int err = mSsl.getError(ret); |
| 294 | if (err == SSL_ERROR_WANT_WRITE || err == SSL_ERROR_WANT_READ) { |
| 295 | // Seen EAGAIN / EWOULDBLOCK on recv(2) / send(2). |
| 296 | // Like RpcTransportRaw::peek(), don't handle it here. |
| 297 | return Error(EWOULDBLOCK) << "SSL_peek(): " << errorQueue.toString(); |
| 298 | } |
| 299 | return Error() << "SSL_peek(): " << errorQueue.toString(); |
| 300 | } |
| 301 | errorQueue.clear(); |
| 302 | LOG_TLS_DETAIL("TLS: Peeked %d bytes!", ret); |
| 303 | return ret; |
| 304 | } |
| 305 | |
| 306 | status_t RpcTransportTls::interruptableWriteFully(FdTrigger* fdTrigger, const void* data, |
Steven Moreland | 43921d5 | 2021-09-27 17:15:56 -0700 | [diff] [blame] | 307 | size_t size, |
| 308 | const std::function<status_t()>& altPoll) { |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 309 | auto buffer = reinterpret_cast<const uint8_t*>(data); |
| 310 | const uint8_t* end = buffer + size; |
| 311 | |
| 312 | MAYBE_WAIT_IN_FLAKE_MODE; |
| 313 | |
Yifan Hong | 15fff8c | 2021-08-10 15:07:56 -0700 | [diff] [blame] | 314 | // Before doing any I/O, check trigger once. This ensures the trigger is checked at least |
| 315 | // once. The trigger is also checked via triggerablePoll() after every SSL_write(). |
Steven Moreland | c591b47 | 2021-09-16 13:56:11 -0700 | [diff] [blame] | 316 | if (fdTrigger->isTriggered()) return DEAD_OBJECT; |
Yifan Hong | 15fff8c | 2021-08-10 15:07:56 -0700 | [diff] [blame] | 317 | |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 318 | while (buffer < end) { |
| 319 | size_t todo = std::min<size_t>(end - buffer, std::numeric_limits<int>::max()); |
| 320 | auto [writeSize, errorQueue] = mSsl.call(SSL_write, buffer, todo); |
| 321 | if (writeSize > 0) { |
| 322 | buffer += writeSize; |
| 323 | errorQueue.clear(); |
| 324 | continue; |
| 325 | } |
| 326 | // SSL_write() should never return 0 unless BIO_write were to return 0. |
| 327 | int sslError = mSsl.getError(writeSize); |
| 328 | // TODO(b/195788248): BIO should contain the FdTrigger, and send(2) / recv(2) should be |
| 329 | // triggerablePoll()-ed. Then additionalEvent is no longer necessary. |
Steven Moreland | 43921d5 | 2021-09-27 17:15:56 -0700 | [diff] [blame] | 330 | status_t pollStatus = errorQueue.pollForSslError(mSocket.get(), sslError, fdTrigger, |
| 331 | "SSL_write", POLLIN, altPoll); |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 332 | if (pollStatus != OK) return pollStatus; |
| 333 | // Do not advance buffer. Try SSL_write() again. |
| 334 | } |
| 335 | LOG_TLS_DETAIL("TLS: Sent %zu bytes!", size); |
| 336 | return OK; |
| 337 | } |
| 338 | |
Steven Moreland | 43921d5 | 2021-09-27 17:15:56 -0700 | [diff] [blame] | 339 | status_t RpcTransportTls::interruptableReadFully(FdTrigger* fdTrigger, void* data, size_t size, |
| 340 | const std::function<status_t()>& altPoll) { |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 341 | auto buffer = reinterpret_cast<uint8_t*>(data); |
| 342 | uint8_t* end = buffer + size; |
| 343 | |
| 344 | MAYBE_WAIT_IN_FLAKE_MODE; |
| 345 | |
Yifan Hong | 15fff8c | 2021-08-10 15:07:56 -0700 | [diff] [blame] | 346 | // Before doing any I/O, check trigger once. This ensures the trigger is checked at least |
| 347 | // once. The trigger is also checked via triggerablePoll() after every SSL_write(). |
Steven Moreland | c591b47 | 2021-09-16 13:56:11 -0700 | [diff] [blame] | 348 | if (fdTrigger->isTriggered()) return DEAD_OBJECT; |
Yifan Hong | 15fff8c | 2021-08-10 15:07:56 -0700 | [diff] [blame] | 349 | |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 350 | while (buffer < end) { |
| 351 | size_t todo = std::min<size_t>(end - buffer, std::numeric_limits<int>::max()); |
| 352 | auto [readSize, errorQueue] = mSsl.call(SSL_read, buffer, todo); |
| 353 | if (readSize > 0) { |
| 354 | buffer += readSize; |
| 355 | errorQueue.clear(); |
| 356 | continue; |
| 357 | } |
| 358 | if (readSize == 0) { |
| 359 | // SSL_read() only returns 0 on EOF. |
| 360 | errorQueue.clear(); |
| 361 | return DEAD_OBJECT; |
| 362 | } |
| 363 | int sslError = mSsl.getError(readSize); |
Steven Moreland | 43921d5 | 2021-09-27 17:15:56 -0700 | [diff] [blame] | 364 | status_t pollStatus = errorQueue.pollForSslError(mSocket.get(), sslError, fdTrigger, |
| 365 | "SSL_read", 0, altPoll); |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 366 | if (pollStatus != OK) return pollStatus; |
| 367 | // Do not advance buffer. Try SSL_read() again. |
| 368 | } |
| 369 | LOG_TLS_DETAIL("TLS: Received %zu bytes!", size); |
| 370 | return OK; |
| 371 | } |
| 372 | |
| 373 | // For |ssl|, set internal FD to |fd|, and do handshake. Handshake is triggerable by |fdTrigger|. |
| 374 | bool setFdAndDoHandshake(Ssl* ssl, android::base::borrowed_fd fd, FdTrigger* fdTrigger) { |
| 375 | bssl::UniquePtr<BIO> bio = newSocketBio(fd); |
| 376 | TEST_AND_RETURN(false, bio != nullptr); |
| 377 | auto [_, errorQueue] = ssl->call(SSL_set_bio, bio.get(), bio.get()); |
| 378 | (void)bio.release(); // SSL_set_bio takes ownership. |
| 379 | errorQueue.clear(); |
| 380 | |
| 381 | MAYBE_WAIT_IN_FLAKE_MODE; |
| 382 | |
| 383 | while (true) { |
| 384 | auto [ret, errorQueue] = ssl->call(SSL_do_handshake); |
| 385 | if (ret > 0) { |
| 386 | errorQueue.clear(); |
| 387 | return true; |
| 388 | } |
| 389 | if (ret == 0) { |
| 390 | // SSL_do_handshake() only returns 0 on EOF. |
| 391 | ALOGE("SSL_do_handshake(): EOF: %s", errorQueue.toString().c_str()); |
| 392 | return false; |
| 393 | } |
| 394 | int sslError = ssl->getError(ret); |
| 395 | status_t pollStatus = |
Steven Moreland | 43921d5 | 2021-09-27 17:15:56 -0700 | [diff] [blame] | 396 | errorQueue.pollForSslError(fd, sslError, fdTrigger, "SSL_do_handshake", 0, {}); |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 397 | if (pollStatus != OK) return false; |
| 398 | } |
| 399 | } |
| 400 | |
Yifan Hong | 1af4858 | 2021-08-16 17:13:30 -0700 | [diff] [blame] | 401 | class RpcTransportCtxTls : public RpcTransportCtx { |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 402 | public: |
Yifan Hong | 1af4858 | 2021-08-16 17:13:30 -0700 | [diff] [blame] | 403 | template <typename Impl, |
| 404 | typename = std::enable_if_t<std::is_base_of_v<RpcTransportCtxTls, Impl>>> |
Yifan Hong | 180c2da | 2021-09-09 15:36:30 -0700 | [diff] [blame] | 405 | static std::unique_ptr<RpcTransportCtxTls> create( |
Yifan Hong | ffdaf95 | 2021-09-17 18:08:38 -0700 | [diff] [blame] | 406 | std::shared_ptr<RpcCertificateVerifier> verifier, RpcAuth* auth); |
Yifan Hong | 1af4858 | 2021-08-16 17:13:30 -0700 | [diff] [blame] | 407 | std::unique_ptr<RpcTransport> newTransport(android::base::unique_fd fd, |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 408 | FdTrigger* fdTrigger) const override; |
Yifan Hong | 9734cfc | 2021-09-13 16:14:09 -0700 | [diff] [blame] | 409 | std::vector<uint8_t> getCertificate(RpcCertificateFormat) const override; |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 410 | |
Yifan Hong | 1af4858 | 2021-08-16 17:13:30 -0700 | [diff] [blame] | 411 | protected: |
Yifan Hong | 180c2da | 2021-09-09 15:36:30 -0700 | [diff] [blame] | 412 | static ssl_verify_result_t sslCustomVerify(SSL* ssl, uint8_t* outAlert); |
Yifan Hong | 1af4858 | 2021-08-16 17:13:30 -0700 | [diff] [blame] | 413 | virtual void preHandshake(Ssl* ssl) const = 0; |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 414 | bssl::UniquePtr<SSL_CTX> mCtx; |
Yifan Hong | 180c2da | 2021-09-09 15:36:30 -0700 | [diff] [blame] | 415 | std::shared_ptr<RpcCertificateVerifier> mCertVerifier; |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 416 | }; |
| 417 | |
Yifan Hong | 9734cfc | 2021-09-13 16:14:09 -0700 | [diff] [blame] | 418 | std::vector<uint8_t> RpcTransportCtxTls::getCertificate(RpcCertificateFormat format) const { |
Yifan Hong | 1deca4b | 2021-09-10 16:16:44 -0700 | [diff] [blame] | 419 | X509* x509 = SSL_CTX_get0_certificate(mCtx.get()); // does not own |
| 420 | return serializeCertificate(x509, format); |
Yifan Hong | 588d59c | 2021-08-16 17:13:58 -0700 | [diff] [blame] | 421 | } |
| 422 | |
Yifan Hong | 180c2da | 2021-09-09 15:36:30 -0700 | [diff] [blame] | 423 | // Verify by comparing the leaf of peer certificate with every certificate in |
| 424 | // mTrustedPeerCertificates. Does not support certificate chains. |
| 425 | ssl_verify_result_t RpcTransportCtxTls::sslCustomVerify(SSL* ssl, uint8_t* outAlert) { |
| 426 | LOG_ALWAYS_FATAL_IF(outAlert == nullptr); |
| 427 | const char* logPrefix = SSL_is_server(ssl) ? "Server" : "Client"; |
| 428 | |
Yifan Hong | 180c2da | 2021-09-09 15:36:30 -0700 | [diff] [blame] | 429 | auto ctx = SSL_get_SSL_CTX(ssl); // Does not set error queue |
| 430 | LOG_ALWAYS_FATAL_IF(ctx == nullptr); |
| 431 | // void* -> RpcTransportCtxTls* |
| 432 | auto rpcTransportCtxTls = reinterpret_cast<RpcTransportCtxTls*>(SSL_CTX_get_app_data(ctx)); |
| 433 | LOG_ALWAYS_FATAL_IF(rpcTransportCtxTls == nullptr); |
| 434 | |
Yifan Hong | b160f8c | 2021-09-17 22:59:11 -0700 | [diff] [blame] | 435 | status_t verifyStatus = rpcTransportCtxTls->mCertVerifier->verify(ssl, outAlert); |
Yifan Hong | 180c2da | 2021-09-09 15:36:30 -0700 | [diff] [blame] | 436 | if (verifyStatus == OK) { |
| 437 | return ssl_verify_ok; |
| 438 | } |
| 439 | LOG_TLS_DETAIL("%s: Failed to verify client: status = %s, alert = %s", logPrefix, |
| 440 | statusToString(verifyStatus).c_str(), SSL_alert_desc_string_long(*outAlert)); |
| 441 | return ssl_verify_invalid; |
| 442 | } |
| 443 | |
Yifan Hong | 1af4858 | 2021-08-16 17:13:30 -0700 | [diff] [blame] | 444 | // Common implementation for creating server and client contexts. The child class, |Impl|, is |
| 445 | // provided as a template argument so that this function can initialize an |Impl| object. |
| 446 | template <typename Impl, typename> |
Yifan Hong | 180c2da | 2021-09-09 15:36:30 -0700 | [diff] [blame] | 447 | std::unique_ptr<RpcTransportCtxTls> RpcTransportCtxTls::create( |
Yifan Hong | ffdaf95 | 2021-09-17 18:08:38 -0700 | [diff] [blame] | 448 | std::shared_ptr<RpcCertificateVerifier> verifier, RpcAuth* auth) { |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 449 | bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method())); |
| 450 | TEST_AND_RETURN(nullptr, ctx != nullptr); |
| 451 | |
Yifan Hong | ffdaf95 | 2021-09-17 18:08:38 -0700 | [diff] [blame] | 452 | if (status_t authStatus = auth->configure(ctx.get()); authStatus != OK) { |
| 453 | ALOGE("%s: Failed to configure auth info: %s", __PRETTY_FUNCTION__, |
| 454 | statusToString(authStatus).c_str()); |
| 455 | return nullptr; |
| 456 | }; |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 457 | |
Yifan Hong | 180c2da | 2021-09-09 15:36:30 -0700 | [diff] [blame] | 458 | // Enable two-way authentication by setting SSL_VERIFY_FAIL_IF_NO_PEER_CERT on server. |
| 459 | // Client ignores SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag. |
| 460 | SSL_CTX_set_custom_verify(ctx.get(), SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, |
| 461 | sslCustomVerify); |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 462 | |
| 463 | // Require at least TLS 1.3 |
| 464 | TEST_AND_RETURN(nullptr, SSL_CTX_set_min_proto_version(ctx.get(), TLS1_3_VERSION)); |
| 465 | |
| 466 | if constexpr (SHOULD_LOG_TLS_DETAIL) { // NOLINT |
| 467 | SSL_CTX_set_info_callback(ctx.get(), sslDebugLog); |
| 468 | } |
| 469 | |
Yifan Hong | 1af4858 | 2021-08-16 17:13:30 -0700 | [diff] [blame] | 470 | auto ret = std::make_unique<Impl>(); |
Yifan Hong | 180c2da | 2021-09-09 15:36:30 -0700 | [diff] [blame] | 471 | // RpcTransportCtxTls* -> void* |
| 472 | TEST_AND_RETURN(nullptr, SSL_CTX_set_app_data(ctx.get(), reinterpret_cast<void*>(ret.get()))); |
Yifan Hong | 1af4858 | 2021-08-16 17:13:30 -0700 | [diff] [blame] | 473 | ret->mCtx = std::move(ctx); |
Yifan Hong | 180c2da | 2021-09-09 15:36:30 -0700 | [diff] [blame] | 474 | ret->mCertVerifier = std::move(verifier); |
Yifan Hong | 1af4858 | 2021-08-16 17:13:30 -0700 | [diff] [blame] | 475 | return ret; |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 476 | } |
| 477 | |
Yifan Hong | 1af4858 | 2021-08-16 17:13:30 -0700 | [diff] [blame] | 478 | std::unique_ptr<RpcTransport> RpcTransportCtxTls::newTransport(android::base::unique_fd fd, |
| 479 | FdTrigger* fdTrigger) const { |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 480 | bssl::UniquePtr<SSL> ssl(SSL_new(mCtx.get())); |
| 481 | TEST_AND_RETURN(nullptr, ssl != nullptr); |
| 482 | Ssl wrapped(std::move(ssl)); |
| 483 | |
Yifan Hong | 1af4858 | 2021-08-16 17:13:30 -0700 | [diff] [blame] | 484 | preHandshake(&wrapped); |
| 485 | TEST_AND_RETURN(nullptr, setFdAndDoHandshake(&wrapped, fd, fdTrigger)); |
| 486 | return std::make_unique<RpcTransportTls>(std::move(fd), std::move(wrapped)); |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 487 | } |
| 488 | |
Yifan Hong | 1af4858 | 2021-08-16 17:13:30 -0700 | [diff] [blame] | 489 | class RpcTransportCtxTlsServer : public RpcTransportCtxTls { |
| 490 | protected: |
| 491 | void preHandshake(Ssl* ssl) const override { |
| 492 | ssl->call(SSL_set_accept_state).errorQueue.clear(); |
| 493 | } |
| 494 | }; |
| 495 | |
| 496 | class RpcTransportCtxTlsClient : public RpcTransportCtxTls { |
| 497 | protected: |
| 498 | void preHandshake(Ssl* ssl) const override { |
| 499 | ssl->call(SSL_set_connect_state).errorQueue.clear(); |
| 500 | } |
| 501 | }; |
| 502 | |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 503 | } // namespace |
| 504 | |
| 505 | std::unique_ptr<RpcTransportCtx> RpcTransportCtxFactoryTls::newServerCtx() const { |
Yifan Hong | ffdaf95 | 2021-09-17 18:08:38 -0700 | [diff] [blame] | 506 | return android::RpcTransportCtxTls::create<RpcTransportCtxTlsServer>(mCertVerifier, |
| 507 | mAuth.get()); |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 508 | } |
| 509 | |
| 510 | std::unique_ptr<RpcTransportCtx> RpcTransportCtxFactoryTls::newClientCtx() const { |
Yifan Hong | ffdaf95 | 2021-09-17 18:08:38 -0700 | [diff] [blame] | 511 | return android::RpcTransportCtxTls::create<RpcTransportCtxTlsClient>(mCertVerifier, |
| 512 | mAuth.get()); |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 513 | } |
| 514 | |
| 515 | const char* RpcTransportCtxFactoryTls::toCString() const { |
| 516 | return "tls"; |
| 517 | } |
| 518 | |
Yifan Hong | 13c9006 | 2021-09-09 14:59:53 -0700 | [diff] [blame] | 519 | std::unique_ptr<RpcTransportCtxFactory> RpcTransportCtxFactoryTls::make( |
Yifan Hong | ffdaf95 | 2021-09-17 18:08:38 -0700 | [diff] [blame] | 520 | std::shared_ptr<RpcCertificateVerifier> verifier, std::unique_ptr<RpcAuth> auth) { |
Yifan Hong | 13c9006 | 2021-09-09 14:59:53 -0700 | [diff] [blame] | 521 | if (verifier == nullptr) { |
| 522 | ALOGE("%s: Must provide a certificate verifier", __PRETTY_FUNCTION__); |
| 523 | return nullptr; |
| 524 | } |
Yifan Hong | ffdaf95 | 2021-09-17 18:08:38 -0700 | [diff] [blame] | 525 | if (auth == nullptr) { |
| 526 | ALOGE("%s: Must provide an auth provider", __PRETTY_FUNCTION__); |
| 527 | return nullptr; |
| 528 | } |
Yifan Hong | 13c9006 | 2021-09-09 14:59:53 -0700 | [diff] [blame] | 529 | return std::unique_ptr<RpcTransportCtxFactoryTls>( |
Yifan Hong | ffdaf95 | 2021-09-17 18:08:38 -0700 | [diff] [blame] | 530 | new RpcTransportCtxFactoryTls(std::move(verifier), std::move(auth))); |
Yifan Hong | e8212f2 | 2021-06-28 15:49:08 -0700 | [diff] [blame] | 531 | } |
| 532 | |
| 533 | } // namespace android |