Add secure sockets to dart:io

runtime/bin/tls_socket.cc

+// Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
+// for details. All rights reserved. Use of this source code is governed by a
+// BSD-style license that can be found in the LICENSE file.
+
+#include "bin/tls_socket.h"
+
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <libgen.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <prinit.h>
+#include <prerror.h>
+#include <prnetdb.h>
+#include <nss.h>
+#include <ssl.h>
+
+#include "bin/builtin.h"
+#include "bin/dartutils.h"
+#include "bin/thread.h"
+#include "bin/utils.h"
+#include "bin/net/nss_memio.h"
+#include "platform/utils.h"
+
+#include "include/dart_api.h"
+
+bool TlsFilter::library_initialized_ = false;
+
+static TlsFilter* NativePeer(Dart_NativeArguments args) {

[Mads Ager (google), 2012/09/28 12:03:56]

Maybe call this GetTlsFiler?

[Bill Hesse, 2012/10/31 16:33:29]

Done.

+  TlsFilter* native_peer;
+
+  Dart_Handle dart_this = HandleError(Dart_GetNativeArgument(args, 0));
+  ASSERT(Dart_IsInstance(dart_this));
+  HandleError(Dart_GetNativeInstanceField(dart_this, 0,

[Mads Ager (google), 2012/09/28 12:03:56]

Introduce a named constant for the 0. 

static const int kTlsFilterNativeField = 0;

maybe?

[Bill Hesse, 2012/10/31 16:33:29]

Done.

+      reinterpret_cast<intptr_t*>(&native_peer)));
+  return native_peer;
+}
+
+
+static void SetNativePeer(Dart_NativeArguments args, TlsFilter* native_peer) {

[Mads Ager (google), 2012/09/28 12:03:56]

SetTlsFilter?

[Bill Hesse, 2012/10/31 16:33:29]

Done.

+  Dart_Handle dart_this = HandleError(Dart_GetNativeArgument(args, 0));

[Mads Ager (google), 2012/09/28 12:03:56]

Ditto on HandleError. 

+  ASSERT(Dart_IsInstance(dart_this));
+  HandleError(Dart_SetNativeInstanceField(dart_this, 0,
+      reinterpret_cast<intptr_t>(native_peer)));
+}
+
+
+void FUNCTION_NAME(TlsSocket_Init)(Dart_NativeArguments args) {
+  Dart_EnterScope();
+  TlsFilter* native_peer = new TlsFilter;

[Mads Ager (google), 2012/09/28 12:03:57]

native_peer -> filter?

[Bill Hesse, 2012/10/31 16:33:29]

Done.

+  Dart_Handle dart_this = Dart_GetNativeArgument(args, 0);
+  if (Dart_IsError(dart_this)) {
+    delete native_peer;
+    Dart_PropagateError(dart_this);
+  }
+  SetNativePeer(args, native_peer);
+  native_peer->Init(dart_this);
+
+  Dart_SetReturnValue(args, Dart_Null());

[Mads Ager (google), 2012/09/28 12:03:57]

This is the default behavior so you do not need this line. Similarly for the
methods below, you can drop the SetReturnValue when it is with Dart_Null().

[Bill Hesse, 2012/10/31 16:33:29]

Removed everywhere.

On 2012/09/28 12:03:57, Mads Ager wrote:

+  Dart_ExitScope();
+}
+
+
+void FUNCTION_NAME(TlsSocket_Connect)(Dart_NativeArguments args) {
+  Dart_EnterScope();
+  NativePeer(args)->Connect();
+  Dart_SetReturnValue(args, Dart_Null());
+  Dart_ExitScope();
+}
+
+
+void FUNCTION_NAME(TlsSocket_Destroy)(Dart_NativeArguments args) {
+  Dart_EnterScope();
+  TlsFilter* native_peer = NativePeer(args);
+  SetNativePeer(args, NULL);
+  native_peer->Destroy();
+  delete native_peer;
+  Dart_SetReturnValue(args, Dart_Null());
+  Dart_ExitScope();
+}
+
+
+void FUNCTION_NAME(TlsSocket_RegisterHandshakeCallbacks)(
+    Dart_NativeArguments args) {
+  Dart_EnterScope();
+  Dart_Handle handshake_start = HandleError(Dart_GetNativeArgument(args, 1));
+  Dart_Handle handshake_finish = HandleError(Dart_GetNativeArgument(args, 2));
+  if (!Dart_IsClosure(handshake_start) ||
+      !Dart_IsClosure(handshake_finish)) {
+    Dart_ThrowException(DartUtils::NewDartIllegalArgumentException(
+        "Illegal argument to RegisterHandshakeCallbacks"));
+  }
+  NativePeer(args)->RegisterHandshakeCallbacks(handshake_start,
+                                               handshake_finish);
+  Dart_SetReturnValue(args, Dart_Null());
+  Dart_ExitScope();
+}
+
+
+void FUNCTION_NAME(TlsSocket_ProcessBuffer)(Dart_NativeArguments args) {
+  Dart_EnterScope();
+  Dart_Handle buffer_id_object = HandleError(Dart_GetNativeArgument(args, 1));
+  int64_t buffer_id = DartUtils::GetIntegerValue(buffer_id_object);
+  if (buffer_id < 0 || buffer_id >= TlsFilter::kNumBuffers) {
+    Dart_ThrowException(DartUtils::NewDartIllegalArgumentException(
+        "Illegal argument to ProcessBuffer"));
+  }
+
+  intptr_t bytes_read =
+      NativePeer(args)->ProcessBuffer(static_cast<int>(buffer_id));
+  Dart_SetReturnValue(args, Dart_NewInteger(bytes_read));
+  Dart_ExitScope();
+}
+
+
+void FUNCTION_NAME(TlsSocket_SetCertificateDatabase)
+    (Dart_NativeArguments args) {
+  Dart_EnterScope();
+  Dart_Handle dart_pkcert_dir = HandleError(Dart_GetNativeArgument(args, 0));
+  // Check that the type is string, and get the UTF-8 C string value from it.
+  if (Dart_IsString(dart_pkcert_dir)) {
+    const char* pkcert_dir = NULL;
+    HandleError(Dart_StringToCString(dart_pkcert_dir, &pkcert_dir));
+    TlsFilter::InitializeLibrary(pkcert_dir);
+  } else {
+    Dart_ThrowException(DartUtils::NewDartIllegalArgumentException(
+        "Non-String argument to SetCertificateDatabase"));
+  }
+  Dart_SetReturnValue(args, Dart_Null());
+  Dart_ExitScope();
+}
+
+void TlsFilter::Init(Dart_Handle dart_this) {
+  stringStart_ = HandleError(
+      Dart_NewPersistentHandle(Dart_NewString("start")));
+  stringLength_ = HandleError(
+      Dart_NewPersistentHandle(Dart_NewString("length")));
+
+  InitializeBuffers(dart_this);
+  InitializePlatformData();
+}
+
+
+void TlsFilter::InitializeBuffers(Dart_Handle dart_this) {
+  // Create TlsFilter buffers as ExternalUint8Array objects.
+  Dart_Handle dart_buffers_object = HandleError(
+      Dart_GetField(dart_this, Dart_NewString("buffers")));
+  Dart_Handle dart_buffer_object = HandleError(
+      Dart_ListGetAt(dart_buffers_object, kReadPlaintext));
+  Dart_Handle tlsExternalBuffer_class = HandleError(

[Mads Ager (google), 2012/09/28 12:03:57]

Please use C++ naming convention: tls_external_buffer_class

[Bill Hesse, 2012/10/31 16:33:29]

Done.

+      Dart_InstanceGetClass(dart_buffer_object));
+  Dart_Handle dart_buffer_size = HandleError(
+      Dart_GetField(tlsExternalBuffer_class, Dart_NewString("kSize")));
+  buffer_size_ = DartUtils::GetIntegerValue(dart_buffer_size);
+  if (buffer_size_ <= 0 || buffer_size_ > 1024 * 1024) {
+    Dart_ThrowException(
+        Dart_NewString("Invalid buffer size in _TlsExternalBuffer"));
+  }
+
+  for (int i = 0; i < kNumBuffers; ++i) {
+    dart_buffer_objects_[i] = HandleError(
+        Dart_NewPersistentHandle(Dart_ListGetAt(dart_buffers_object, i)));
+    buffers_[i] = new uint8_t[buffer_size_];
+    Dart_Handle data = HandleError(
+      Dart_NewExternalByteArray(buffers_[i],
+                                buffer_size_, NULL, NULL));
+    HandleError(
+        Dart_SetField(dart_buffer_objects_[i], Dart_NewString("data"), data));
+  }
+}
+
+
+void TlsFilter::RegisterHandshakeCallbacks(Dart_Handle start,
+                                           Dart_Handle finish) {
+  handshake_start_ = HandleError(Dart_NewPersistentHandle(start));
+  handshake_finish_ = HandleError(Dart_NewPersistentHandle(finish));
+}
+
+
+void TlsFilter::DestroyPlatformIndependent() {
+  for (int i = 0; i < kNumBuffers; ++i) {
+    Dart_DeletePersistentHandle(dart_buffer_objects_[i]);
+  }
+  Dart_DeletePersistentHandle(stringStart_);
+  Dart_DeletePersistentHandle(stringLength_);
+}
+
+
+class TlsFilterPlatformData {
+ public:
+  PRFileDesc* memio;
+};
+
+
+TlsFilter::TlsFilter() : in_handshake_(false) { }
+
+
+void TlsFilter::InitializeLibrary(const char* pkcert_database) {
+  printf("Entering InitializeLibrary\n");
+  LockInitMutex();
+  if (!library_initialized_) {
+    PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
+    printf("%s\n", pkcert_database);

[Mads Ager (google), 2012/09/28 12:03:57]

Please remove debug printing.

+#ifdef CHROMIUM_NSS

[Søren Gjesse, 2012/09/28 09:17:31]

We should avoid #ifdefs like this. How about having platform_nss_chromium.cc and
platform_nss_mozilla.cc to handle the differences and having GYP handle which to
use?

[Mads Ager (google), 2012/09/28 12:03:57]

I'm not convinced that our build should have to support both. We are going to
build NSS ourselves and we know which version we are using. Just remove the
#ifdef?

[Bill Hesse, 2012/10/31 16:33:29]

All #ifdefs removed, only Chromium NSS supported, read-write bug is fixed.

On 2012/09/28 12:03:57, Mads Ager wrote:

+    // The Chromium version of the NSS libraries does not allow read-only here.
+    SECStatus status =
+        NSS_InitReadWrite(pkcert_database);
+#else
+    SECStatus status =
+        NSS_Init(pkcert_database);
+#endif
+    if (status == SECSuccess) {
+      printf("Successful NSS_Init call\n");

[Mads Ager (google), 2012/09/28 12:03:57]

Please remove debug printing. You should probably report back somehow that the
initialization failed here and deal with it by throwing a dart exception? So in
the failure cases, maybe you need to UnlockInitMutex and return false? Maybe it
would be a good idea to create a scoped object: LockInitMutexScope. That will
make sure that you unlock correctly.

+    } else {
+      PRErrorCode pr_error = PR_GetError();
+      printf("Unsuccessful NSS_Init call.  Error %d\n", pr_error);
+    }
+
+    status = NSS_SetDomesticPolicy();
+    if (status == SECSuccess) {
+      printf("Successful NSS_SetDomesticPolicy call\n");
+    } else {
+      PRErrorCode pr_error = PR_GetError();
+      printf("Unsuccessful NSS_SetDomesticPolicy call.  Error %d\n", pr_error);
+    }
+  } else {
+    printf("Called TlsFilter::InitializeLibrary more than once.\n");
+  }
+  UnlockInitMutex();
+  printf("Exiting InitializeLibrary\n");
+}
+
+
+void TlsFilter::InitializePlatformData() {
+  data_ = new TlsFilterPlatformData;
+  data_->memio = memio_CreateIOLayer(30000);

[Mads Ager (google), 2012/09/28 12:03:57]

Maybe we can create a named constant for this value. Is this a size in bytes or
something?

+}
+
+
+char host_entry_buffer[PR_NETDB_BUF_SIZE];
+PRHostEnt host_entry;
+PRNetAddr host_address;
+PRFileDesc* my_socket;
+
+bool SECURITY = true;

[Mads Ager (google), 2012/09/28 12:03:57]

Please remove.

+SECStatus status;
+
+// Callback that always returns SECSuccess.
+static SECStatus AlwaysSucceed(void* arg, PRFileDesc *fd,
+                               PRBool check, PRBool server) {
+  return SECSuccess;
+}
+
+void TlsFilter::Connect() {
+  printf("Entering InitSocket\n");
+  if (!in_handshake_) {
+  my_socket = data_->memio;
+
+  my_socket = SSL_ImportFD(NULL, my_socket);
+  if (my_socket == NULL) {
+    printf("SSL_ImportFD failed.\n");

[Mads Ager (google), 2012/09/28 12:03:57]

Similarly here. We should report this error back to the user.

+  }
+
+  if (SSL_SetURL(my_socket, "www.google.dk") == -1) {
+    printf("SetURL call failed\n");
+  }
+
+  if (!SECURITY) {
+    status = SSL_OptionSet(my_socket, SSL_SECURITY, PR_FALSE);
+  }
+  if (status == SECSuccess) {
+    printf("Successful SSL_OptionSetDefault call\n");
+  } else {
+    PRErrorCode pr_error = PR_GetError();
+    printf("Unsuccessful SSL_OptionSetDefault call.  Error %d\n", pr_error);
+  }
+
+#ifdef CHROMIUM_NSS

[Mads Ager (google), 2012/09/28 12:03:57]

Since we always use CHROMIUM_NSS we can get rid of this #ifdef.

+  // Certificate chain verification is not yet working with Chromium NSS.
+  status = SSL_AuthCertificateHook(my_socket, AlwaysSucceed, NULL);
+  if (status == SECSuccess) {
+    printf("Successful SSL_AuthCertificateHook call\n");
+  } else {
+    PRErrorCode pr_error = PR_GetError();
+    printf("Unsuccessful SSL_AuthCertificateHook call.  Error %d\n", pr_error);
+  }
+#endif
+
+  status = SSL_ResetHandshake(my_socket, PR_FALSE);
+  if (status == SECSuccess) {
+    printf("Successful SSL_ResetHandshake call\n");
+  } else {
+    PRErrorCode pr_error = PR_GetError();
+    printf("Unsuccessful SSL_ResetHandshake call.  Error %d\n", pr_error);
+  }
+
+  // SetPeerAddress
+  PRNetAddr host_address;
+  char host_entry_buffer[PR_NETDB_BUF_SIZE];
+  PRHostEnt host_entry;
+  PRStatus rv = PR_GetHostByName("www.google.dk", host_entry_buffer,
+                            PR_NETDB_BUF_SIZE, &host_entry);
+  if (rv == PR_SUCCESS) {
+    printf("Successful PR_GetHostByName call\n");
+  } else {
+    PRErrorCode pr_error = PR_GetError();
+    printf("Unsuccessful PR_GetHostByName call.  Error %d\n", pr_error);
+  }
+
+  int index = PR_EnumerateHostEnt(0, &host_entry, 443, &host_address);
+  if (index == -1 || index == 0) {
+    printf("Unsuccessful PR_EnumerateHostEnt call.\n");
+  }
+  if (host_address.inet.family == PR_AF_INET) {
+    printf("Got IP V4 address\n");
+  }
+
+  memio_SetPeerName(my_socket, &host_address);
+
+  data_->memio = my_socket;
+  }
+
+  // Handshake
+  int er;
+  if ((er = SSL_ForceHandshake(my_socket)) == SECSuccess) {
+    printf("Successful SSL_ForceHandshake call\n");
+    if (in_handshake_) {
+      printf("Exiting handshake state\n");
+      HandleError(Dart_InvokeClosure(handshake_finish_, 0, NULL));
+      in_handshake_ = false;
+    }
+  } else {
+    printf("Unsuccessful SSL_ForceHandshake call\n");
+    PRErrorCode pr_error = PR_GetError();
+    printf("Error code %d %d\n", er, pr_error);
+    if (!in_handshake_) {
+      printf("Entering handshake state\n");
+      // int writable = ProcessBuffer(kWriteEncrypted);
+      // printf("ProcessBuffer(kWriteEncrypted) returns %d\n", writable);
+      HandleError(Dart_InvokeClosure(handshake_start_, 0, NULL));
+      in_handshake_ = true;
+    }
+  }
+
+  if (!SECURITY) {
+    // Handshake doesn't happen.
+    HandleError(Dart_InvokeClosure(handshake_start_, 0, NULL));
+    HandleError(Dart_InvokeClosure(handshake_finish_, 0, NULL));
+  }
+}
+
+
+void TlsFilter::Destroy() {
+  DestroyPlatformIndependent();
+  // TODO(whesse): Destroy OpenSSL objects here.

[Mads Ager (google), 2012/09/28 12:03:57]

OpenSSL?

+}
+
+intptr_t TlsFilter::ProcessBuffer(int buffer_index) {
+  printf("Entering processBuffer(%d)\n", buffer_index);
+  Dart_Handle buffer_object = dart_buffer_objects_[buffer_index];
+  Dart_Handle start_object = HandleError(
+      Dart_GetField(buffer_object, stringStart_));
+  Dart_Handle length_object = HandleError(
+      Dart_GetField(buffer_object, stringLength_));
+  int64_t unsafe_start = DartUtils::GetIntegerValue(start_object);
+  int64_t unsafe_length = DartUtils::GetIntegerValue(length_object);
+  if (unsafe_start < 0 || unsafe_start >= buffer_size_ ||
+      unsafe_length < 0 || unsafe_length > buffer_size_) {
+     Dart_ThrowException(DartUtils::NewDartIllegalArgumentException(
+         "Illegal .start or .length on a _TlsExternalBuffer"));
+  }
+  intptr_t start = static_cast<intptr_t>(unsafe_start);
+  intptr_t length = static_cast<intptr_t>(unsafe_length);
+
+  int bytes_sent = 0;
+  switch (buffer_index) {
+    case kReadPlaintext: {
+      int bytes_free = buffer_size_ - start - length;
+      bytes_sent = PR_Read(data_->memio,
+                           buffers_[buffer_index] + start + length,
+                           bytes_free);
+      printf("  plaintext bytes read %d (into %d)\n",
+             bytes_sent, bytes_free);
+      if (bytes_sent < 0) bytes_sent = 0;
+      break;
+    }
+
+    case kWriteEncrypted: {
+      const uint8_t* buf1;
+      const uint8_t* buf2;
+      unsigned int len1;
+      unsigned int len2;
+      int bytes_free = buffer_size_ - start - length;
+      memio_Private* secret = memio_GetSecret(data_->memio);
+      memio_GetWriteParams(secret, &buf1, &len1, &buf2, &len2);
+      int bytes_to_send =
+          dart::Utils::Minimum(len1, static_cast<unsigned>(bytes_free));
+      if (bytes_to_send > 0) {
+        memmove(buffers_[buffer_index] + start + length, buf1, bytes_to_send);
+        bytes_sent = bytes_to_send;
+      }
+      bytes_to_send = dart::Utils::Minimum(len2,
+          static_cast<unsigned>(bytes_free - bytes_sent));
+      if (bytes_to_send > 0) {
+        memmove(buffers_[buffer_index] + start + length + bytes_sent, buf2,
+                bytes_to_send);
+        bytes_sent += bytes_to_send;
+      }
+      printf("  encrypted bytes written %d (into %d)\n",
+             bytes_sent, bytes_free);
+      if (bytes_sent > 0) {
+        memio_PutWriteResult(secret, bytes_sent);
+      }
+      break;
+    }
+
+    case kReadEncrypted: {
+      if (length > 0) {
+        bytes_sent = length;
+        // NEW
+        memio_Private* secret = memio_GetSecret(data_->memio);
+        uint8_t* memio_buf;
+        int free_bytes = memio_GetReadParams(secret, &memio_buf);
+        if (free_bytes < bytes_sent) bytes_sent = free_bytes;
+        printf("  encrypted bytes read %d (out of %d)\n",
+               bytes_sent, static_cast<int>(length));
+        memmove(memio_buf,
+                buffers_[buffer_index] + start,
+                bytes_sent);
+        memio_PutReadResult(secret, bytes_sent);
+      }
+      break;
+    }
+
+    case kWritePlaintext: {
+      if (length > 0) {
+        bytes_sent = PR_Write(data_->memio,
+                              buffers_[buffer_index] + start,
+                              length);
+        printf("  plaintext bytes written %d out of %d\n",
+               static_cast<int>(bytes_sent), static_cast<int>(length));
+      } else {
+        printf("  no plaintext bytes to write.\n");
+      }
+      if (bytes_sent < 0) bytes_sent = 0;
+      break;
+    }
+  }
+  return bytes_sent;
+}