Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / e8212f2bd77615cc65d62560d32ed74c855685e1 / . / libs / binder / RpcTransportTls.cpp
blob: 057b62e66cdbc13e37d44f3642326407b7f35649 [file] [log] [blame]
Yifan Honge8212f22021-06-28 15:49:08 -0700[diff] [blame^]1/*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "RpcTransportTls"
18#include <log/log.h>
19
20#include <poll.h>
21
22#include <openssl/bn.h>
23#include <openssl/ssl.h>
24
25#include <binder/RpcTransportTls.h>
26
27#include "FdTrigger.h"
28#include "RpcState.h"
29
30#define SHOULD_LOG_TLS_DETAIL false
31
32#if SHOULD_LOG_TLS_DETAIL
33#define LOG_TLS_DETAIL(...) ALOGI(__VA_ARGS__)
34#else
35#define LOG_TLS_DETAIL(...) ALOGV(__VA_ARGS__) // for type checking
36#endif
37
38#define TEST_AND_RETURN(value, expr) \
39 do { \
40 if (!(expr)) { \
41 ALOGE("Failed to call: %s", #expr); \
42 return value; \
43 } \
44 } while (0)
45
46using android::base::ErrnoError;
47using android::base::Error;
48using android::base::Result;
49
50namespace android {
51namespace {
52
53constexpr const int kCertValidDays = 30;
54
55bssl::UniquePtr<BIO> newSocketBio(android::base::borrowed_fd fd) {
56 return bssl::UniquePtr<BIO>(BIO_new_socket(fd.get(), BIO_NOCLOSE));
57}
58
59bssl::UniquePtr<EVP_PKEY> makeKeyPairForSelfSignedCert() {
60 bssl::UniquePtr<EC_KEY> ec_key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
61 if (ec_key == nullptr || !EC_KEY_generate_key(ec_key.get())) {
62 ALOGE("Failed to generate key pair.");
63 return nullptr;
64 }
65 bssl::UniquePtr<EVP_PKEY> evp_pkey(EVP_PKEY_new());
66 // Use set1 instead of assign to avoid leaking ec_key when assign fails. set1 increments
67 // the refcount of the ec_key, so it is okay to release it at the end of this function.
68 if (evp_pkey == nullptr || !EVP_PKEY_set1_EC_KEY(evp_pkey.get(), ec_key.get())) {
69 ALOGE("Failed to assign key pair.");
70 return nullptr;
71 }
72 return evp_pkey;
73}
74
75bssl::UniquePtr<X509> makeSelfSignedCert(EVP_PKEY* evp_pkey, const int valid_days) {
76 bssl::UniquePtr<X509> x509(X509_new());
77 bssl::UniquePtr<BIGNUM> serial(BN_new());
78 bssl::UniquePtr<BIGNUM> serialLimit(BN_new());
79 TEST_AND_RETURN(nullptr, BN_lshift(serialLimit.get(), BN_value_one(), 128));
80 TEST_AND_RETURN(nullptr, BN_rand_range(serial.get(), serialLimit.get()));
81 TEST_AND_RETURN(nullptr, BN_to_ASN1_INTEGER(serial.get(), X509_get_serialNumber(x509.get())));
82 TEST_AND_RETURN(nullptr, X509_gmtime_adj(X509_getm_notBefore(x509.get()), 0));
83 TEST_AND_RETURN(nullptr,
84 X509_gmtime_adj(X509_getm_notAfter(x509.get()), 60 * 60 * 24 * valid_days));
85
86 X509_NAME* subject = X509_get_subject_name(x509.get());
87 TEST_AND_RETURN(nullptr,
88 X509_NAME_add_entry_by_txt(subject, "O", MBSTRING_ASC,
89 reinterpret_cast<const uint8_t*>("Android"), -1, -1,
90 0));
91 TEST_AND_RETURN(nullptr,
92 X509_NAME_add_entry_by_txt(subject, "CN", MBSTRING_ASC,
93 reinterpret_cast<const uint8_t*>("BinderRPC"), -1,
94 -1, 0));
95 TEST_AND_RETURN(nullptr, X509_set_issuer_name(x509.get(), subject));
96
97 TEST_AND_RETURN(nullptr, X509_set_pubkey(x509.get(), evp_pkey));
98 TEST_AND_RETURN(nullptr, X509_sign(x509.get(), evp_pkey, EVP_sha256()));
99 return x509;
100}
101
102[[maybe_unused]] void sslDebugLog(const SSL* ssl, int type, int value) {
103 switch (type) {
104 case SSL_CB_HANDSHAKE_START:
105 LOG_TLS_DETAIL("Handshake started.");
106 break;
107 case SSL_CB_HANDSHAKE_DONE:
108 LOG_TLS_DETAIL("Handshake done.");
109 break;
110 case SSL_CB_ACCEPT_LOOP:
111 LOG_TLS_DETAIL("Handshake progress: %s", SSL_state_string_long(ssl));
112 break;
113 default:
114 LOG_TLS_DETAIL("SSL Debug Log: type = %d, value = %d", type, value);
115 break;
116 }
117}
118
119// Handles libssl's error queue.
120//
121// Call into any of its member functions to ensure the error queue is properly handled or cleared.
122// If the error queue is not handled or cleared, the destructor will abort.
123class ErrorQueue {
124public:
125 ~ErrorQueue() { LOG_ALWAYS_FATAL_IF(!mHandled); }
126
127 // Clear the error queue.
128 void clear() {
129 ERR_clear_error();
130 mHandled = true;
131 }
132
133 // Stores the error queue in |ssl| into a string, then clears the error queue.
134 std::string toString() {
135 std::stringstream ss;
136 ERR_print_errors_cb(
137 [](const char* str, size_t len, void* ctx) {
138 auto ss = (std::stringstream*)ctx;
139 (*ss) << std::string_view(str, len) << "\n";
140 return 1; // continue
141 },
142 &ss);
143 // Though ERR_print_errors_cb should have cleared it, it is okay to clear again.
144 clear();
145 return ss.str();
146 }
147
148 // |sslError| should be from Ssl::getError().
149 // If |sslError| is WANT_READ / WANT_WRITE, poll for POLLIN / POLLOUT respectively. Otherwise
150 // return error. Also return error if |fdTrigger| is triggered before or during poll().
151 status_t pollForSslError(android::base::borrowed_fd fd, int sslError, FdTrigger* fdTrigger,
152 const char* fnString, int additionalEvent = 0) {
153 switch (sslError) {
154 case SSL_ERROR_WANT_READ:
155 return handlePoll(POLLIN | additionalEvent, fd, fdTrigger, fnString);
156 case SSL_ERROR_WANT_WRITE:
157 return handlePoll(POLLOUT | additionalEvent, fd, fdTrigger, fnString);
158 case SSL_ERROR_SYSCALL: {
159 auto queue = toString();
160 LOG_TLS_DETAIL("%s(): %s. Treating as DEAD_OBJECT. Error queue: %s", fnString,
161 SSL_error_description(sslError), queue.c_str());
162 return DEAD_OBJECT;
163 }
164 default: {
165 auto queue = toString();
166 ALOGE("%s(): %s. Error queue: %s", fnString, SSL_error_description(sslError),
167 queue.c_str());
168 return UNKNOWN_ERROR;
169 }
170 }
171 }
172
173private:
174 bool mHandled = false;
175
176 status_t handlePoll(int event, android::base::borrowed_fd fd, FdTrigger* fdTrigger,
177 const char* fnString) {
178 status_t ret = fdTrigger->triggerablePoll(fd, event);
179 if (ret != OK && ret != DEAD_OBJECT && ret != -ECANCELED) {
180 ALOGE("triggerablePoll error while poll()-ing after %s(): %s", fnString,
181 statusToString(ret).c_str());
182 }
183 clear();
184 return ret;
185 }
186};
187
188// Helper to call a function, with its return value instantiable.
189template <typename Fn, typename... Args>
190struct FuncCaller {
191 struct Monostate {};
192 static constexpr bool sIsVoid = std::is_void_v<std::invoke_result_t<Fn, Args...>>;
193 using Result = std::conditional_t<sIsVoid, Monostate, std::invoke_result_t<Fn, Args...>>;
194 static inline Result call(Fn fn, Args&&... args) {
195 if constexpr (std::is_void_v<std::invoke_result_t<Fn, Args...>>) {
196 std::invoke(fn, std::forward<Args>(args)...);
197 return {};
198 } else {
199 return std::invoke(fn, std::forward<Args>(args)...);
200 }
201 }
202};
203
204// Helper to Ssl::call(). Returns the result to the SSL_* function as well as an ErrorQueue object.
205template <typename Fn, typename... Args>
206struct SslCaller {
207 using RawCaller = FuncCaller<Fn, SSL*, Args...>;
208 struct ResultAndErrorQueue {
209 typename RawCaller::Result result;
210 ErrorQueue errorQueue;
211 };
212 static inline ResultAndErrorQueue call(Fn fn, SSL* ssl, Args&&... args) {
213 LOG_ALWAYS_FATAL_IF(ssl == nullptr);
214 auto result = RawCaller::call(fn, std::forward<SSL*>(ssl), std::forward<Args>(args)...);
215 return ResultAndErrorQueue{std::move(result), ErrorQueue()};
216 }
217};
218
219// A wrapper over bssl::UniquePtr<SSL>. This class ensures that all SSL_* functions are called
220// through call(), which returns an ErrorQueue object that requires the caller to either handle
221// or clear it.
222// Example:
223// auto [ret, errorQueue] = ssl.call(SSL_read, buf, size);
224// if (ret >= 0) errorQueue.clear();
225// else ALOGE("%s", errorQueue.toString().c_str());
226class Ssl {
227public:
228 explicit Ssl(bssl::UniquePtr<SSL> ssl) : mSsl(std::move(ssl)) {
229 LOG_ALWAYS_FATAL_IF(mSsl == nullptr);
230 }
231
232 template <typename Fn, typename... Args>
233 inline typename SslCaller<Fn, Args...>::ResultAndErrorQueue call(Fn fn, Args&&... args) {
234 return SslCaller<Fn, Args...>::call(fn, mSsl.get(), std::forward<Args>(args)...);
235 }
236
237 int getError(int ret) {
238 LOG_ALWAYS_FATAL_IF(mSsl == nullptr);
239 return SSL_get_error(mSsl.get(), ret);
240 }
241
242private:
243 bssl::UniquePtr<SSL> mSsl;
244};
245
246class RpcTransportTls : public RpcTransport {
247public:
248 RpcTransportTls(android::base::unique_fd socket, Ssl ssl)
249 : mSocket(std::move(socket)), mSsl(std::move(ssl)) {}
250 Result<size_t> peek(void* buf, size_t size) override;
251 status_t interruptableWriteFully(FdTrigger* fdTrigger, const void* data, size_t size) override;
252 status_t interruptableReadFully(FdTrigger* fdTrigger, void* data, size_t size) override;
253
254private:
255 android::base::unique_fd mSocket;
256 Ssl mSsl;
257};
258
259// Error code is errno.
260Result<size_t> RpcTransportTls::peek(void* buf, size_t size) {
261 size_t todo = std::min<size_t>(size, std::numeric_limits<int>::max());
262 auto [ret, errorQueue] = mSsl.call(SSL_peek, buf, static_cast<int>(todo));
263 if (ret < 0) {
264 int err = mSsl.getError(ret);
265 if (err == SSL_ERROR_WANT_WRITE || err == SSL_ERROR_WANT_READ) {
266 // Seen EAGAIN / EWOULDBLOCK on recv(2) / send(2).
267 // Like RpcTransportRaw::peek(), don't handle it here.
268 return Error(EWOULDBLOCK) << "SSL_peek(): " << errorQueue.toString();
269 }
270 return Error() << "SSL_peek(): " << errorQueue.toString();
271 }
272 errorQueue.clear();
273 LOG_TLS_DETAIL("TLS: Peeked %d bytes!", ret);
274 return ret;
275}
276
277status_t RpcTransportTls::interruptableWriteFully(FdTrigger* fdTrigger, const void* data,
278 size_t size) {
279 auto buffer = reinterpret_cast<const uint8_t*>(data);
280 const uint8_t* end = buffer + size;
281
282 MAYBE_WAIT_IN_FLAKE_MODE;
283
284 while (buffer < end) {
285 size_t todo = std::min<size_t>(end - buffer, std::numeric_limits<int>::max());
286 auto [writeSize, errorQueue] = mSsl.call(SSL_write, buffer, todo);
287 if (writeSize > 0) {
288 buffer += writeSize;
289 errorQueue.clear();
290 continue;
291 }
292 // SSL_write() should never return 0 unless BIO_write were to return 0.
293 int sslError = mSsl.getError(writeSize);
294 // TODO(b/195788248): BIO should contain the FdTrigger, and send(2) / recv(2) should be
295 // triggerablePoll()-ed. Then additionalEvent is no longer necessary.
296 status_t pollStatus =
297 errorQueue.pollForSslError(mSocket.get(), sslError, fdTrigger, "SSL_write", POLLIN);
298 if (pollStatus != OK) return pollStatus;
299 // Do not advance buffer. Try SSL_write() again.
300 }
301 LOG_TLS_DETAIL("TLS: Sent %zu bytes!", size);
302 return OK;
303}
304
305status_t RpcTransportTls::interruptableReadFully(FdTrigger* fdTrigger, void* data, size_t size) {
306 auto buffer = reinterpret_cast<uint8_t*>(data);
307 uint8_t* end = buffer + size;
308
309 MAYBE_WAIT_IN_FLAKE_MODE;
310
311 while (buffer < end) {
312 size_t todo = std::min<size_t>(end - buffer, std::numeric_limits<int>::max());
313 auto [readSize, errorQueue] = mSsl.call(SSL_read, buffer, todo);
314 if (readSize > 0) {
315 buffer += readSize;
316 errorQueue.clear();
317 continue;
318 }
319 if (readSize == 0) {
320 // SSL_read() only returns 0 on EOF.
321 errorQueue.clear();
322 return DEAD_OBJECT;
323 }
324 int sslError = mSsl.getError(readSize);
325 status_t pollStatus =
326 errorQueue.pollForSslError(mSocket.get(), sslError, fdTrigger, "SSL_read");
327 if (pollStatus != OK) return pollStatus;
328 // Do not advance buffer. Try SSL_read() again.
329 }
330 LOG_TLS_DETAIL("TLS: Received %zu bytes!", size);
331 return OK;
332}
333
334// For |ssl|, set internal FD to |fd|, and do handshake. Handshake is triggerable by |fdTrigger|.
335bool setFdAndDoHandshake(Ssl* ssl, android::base::borrowed_fd fd, FdTrigger* fdTrigger) {
336 bssl::UniquePtr<BIO> bio = newSocketBio(fd);
337 TEST_AND_RETURN(false, bio != nullptr);
338 auto [_, errorQueue] = ssl->call(SSL_set_bio, bio.get(), bio.get());
339 (void)bio.release(); // SSL_set_bio takes ownership.
340 errorQueue.clear();
341
342 MAYBE_WAIT_IN_FLAKE_MODE;
343
344 while (true) {
345 auto [ret, errorQueue] = ssl->call(SSL_do_handshake);
346 if (ret > 0) {
347 errorQueue.clear();
348 return true;
349 }
350 if (ret == 0) {
351 // SSL_do_handshake() only returns 0 on EOF.
352 ALOGE("SSL_do_handshake(): EOF: %s", errorQueue.toString().c_str());
353 return false;
354 }
355 int sslError = ssl->getError(ret);
356 status_t pollStatus =
357 errorQueue.pollForSslError(fd, sslError, fdTrigger, "SSL_do_handshake");
358 if (pollStatus != OK) return false;
359 }
360}
361
362class RpcTransportCtxTlsServer : public RpcTransportCtx {
363public:
364 static std::unique_ptr<RpcTransportCtxTlsServer> create();
365 std::unique_ptr<RpcTransport> newTransport(android::base::unique_fd acceptedFd,
366 FdTrigger* fdTrigger) const override;
367
368private:
369 bssl::UniquePtr<SSL_CTX> mCtx;
370};
371
372std::unique_ptr<RpcTransportCtxTlsServer> RpcTransportCtxTlsServer::create() {
373 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
374 TEST_AND_RETURN(nullptr, ctx != nullptr);
375
376 // Server use self-signing cert
377 auto evp_pkey = makeKeyPairForSelfSignedCert();
378 TEST_AND_RETURN(nullptr, evp_pkey != nullptr);
379 auto cert = makeSelfSignedCert(evp_pkey.get(), kCertValidDays);
380 TEST_AND_RETURN(nullptr, cert != nullptr);
381 TEST_AND_RETURN(nullptr, SSL_CTX_use_PrivateKey(ctx.get(), evp_pkey.get()));
382 TEST_AND_RETURN(nullptr, SSL_CTX_use_certificate(ctx.get(), cert.get()));
383 // Require at least TLS 1.3
384 TEST_AND_RETURN(nullptr, SSL_CTX_set_min_proto_version(ctx.get(), TLS1_3_VERSION));
385
386 if constexpr (SHOULD_LOG_TLS_DETAIL) { // NOLINT
387 SSL_CTX_set_info_callback(ctx.get(), sslDebugLog);
388 }
389
390 auto rpcTransportTlsServerCtx = std::make_unique<RpcTransportCtxTlsServer>();
391 rpcTransportTlsServerCtx->mCtx = std::move(ctx);
392 return rpcTransportTlsServerCtx;
393}
394
395std::unique_ptr<RpcTransport> RpcTransportCtxTlsServer::newTransport(
396 android::base::unique_fd acceptedFd, FdTrigger* fdTrigger) const {
397 bssl::UniquePtr<SSL> ssl(SSL_new(mCtx.get()));
398 TEST_AND_RETURN(nullptr, ssl != nullptr);
399 Ssl wrapped(std::move(ssl));
400
401 wrapped.call(SSL_set_accept_state).errorQueue.clear();
402 TEST_AND_RETURN(nullptr, setFdAndDoHandshake(&wrapped, acceptedFd, fdTrigger));
403 return std::make_unique<RpcTransportTls>(std::move(acceptedFd), std::move(wrapped));
404}
405
406class RpcTransportCtxTlsClient : public RpcTransportCtx {
407public:
408 static std::unique_ptr<RpcTransportCtxTlsClient> create();
409 std::unique_ptr<RpcTransport> newTransport(android::base::unique_fd connectedFd,
410 FdTrigger* fdTrigger) const override;
411
412private:
413 bssl::UniquePtr<SSL_CTX> mCtx;
414};
415
416std::unique_ptr<RpcTransportCtxTlsClient> RpcTransportCtxTlsClient::create() {
417 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
418 TEST_AND_RETURN(nullptr, ctx != nullptr);
419
420 // TODO(b/195166979): server should send certificate in a different channel, and client
421 // should verify it here.
422 SSL_CTX_set_custom_verify(ctx.get(), SSL_VERIFY_PEER,
423 [](SSL*, uint8_t*) -> ssl_verify_result_t { return ssl_verify_ok; });
424
425 // Require at least TLS 1.3
426 TEST_AND_RETURN(nullptr, SSL_CTX_set_min_proto_version(ctx.get(), TLS1_3_VERSION));
427
428 if constexpr (SHOULD_LOG_TLS_DETAIL) { // NOLINT
429 SSL_CTX_set_info_callback(ctx.get(), sslDebugLog);
430 }
431
432 auto rpcTransportTlsClientCtx = std::make_unique<RpcTransportCtxTlsClient>();
433 rpcTransportTlsClientCtx->mCtx = std::move(ctx);
434 return rpcTransportTlsClientCtx;
435}
436
437std::unique_ptr<RpcTransport> RpcTransportCtxTlsClient::newTransport(
438 android::base::unique_fd connectedFd, FdTrigger* fdTrigger) const {
439 bssl::UniquePtr<SSL> ssl(SSL_new(mCtx.get()));
440 TEST_AND_RETURN(nullptr, ssl != nullptr);
441 Ssl wrapped(std::move(ssl));
442
443 wrapped.call(SSL_set_connect_state).errorQueue.clear();
444 TEST_AND_RETURN(nullptr, setFdAndDoHandshake(&wrapped, connectedFd, fdTrigger));
445 return std::make_unique<RpcTransportTls>(std::move(connectedFd), std::move(wrapped));
446}
447
448} // namespace
449
450std::unique_ptr<RpcTransportCtx> RpcTransportCtxFactoryTls::newServerCtx() const {
451 return android::RpcTransportCtxTlsServer::create();
452}
453
454std::unique_ptr<RpcTransportCtx> RpcTransportCtxFactoryTls::newClientCtx() const {
455 return android::RpcTransportCtxTlsClient::create();
456}
457
458const char* RpcTransportCtxFactoryTls::toCString() const {
459 return "tls";
460}
461
462std::unique_ptr<RpcTransportCtxFactory> RpcTransportCtxFactoryTls::make() {
463 return std::unique_ptr<RpcTransportCtxFactoryTls>(new RpcTransportCtxFactoryTls());
464}
465
466} // namespace android