Chromium Code Reviews Chromium Code Reviews
Issue 10916081:
Add secure sockets to dart:io (Closed)
Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file | |
| 2 // for details. All rights reserved. Use of this source code is governed by a | |
| 3 // BSD-style license that can be found in the LICENSE file. | |
| 4 | |
| 5 #include "bin/tls_socket.h" | |
| 6 | |
| 7 #include <errno.h> | |
| 8 #include <fcntl.h> | |
| 9 #include <sys/stat.h> | |
| 10 #include <stdio.h> | |
| 11 #include <string.h> | |
| 12 | |
| 13 #include <prinit.h> | |
| 14 #include <prerror.h> | |
| 15 #include <prnetdb.h> | |
| 16 #include <nss.h> | |
| 17 #include <ssl.h> | |
| 18 | |
| 19 #include "bin/builtin.h" | |
| 20 #include "bin/dartutils.h" | |
| 21 #include "bin/thread.h" | |
| 22 #include "bin/utils.h" | |
| 23 #include "bin/net/nss_memio.h" | |
| 24 #include "platform/utils.h" | |
| 25 | |
| 26 #include "include/dart_api.h" | |
| 27 | |
| 28 bool TlsFilter::library_initialized_ = false; | |
| 29 static const int kTlsFilterNativeFieldIndex = 0; | |
| 30 | |
| 31 static TlsFilter* GetTlsFilter(Dart_NativeArguments args) { | |
| 32 TlsFilter* filter; | |
| 33 | |
| 34 Dart_Handle dart_this = HandleError(Dart_GetNativeArgument(args, 0)); | |
| 35 ASSERT(Dart_IsInstance(dart_this)); | |
| 36 HandleError(Dart_GetNativeInstanceField(dart_this, | |
| 37 kTlsFilterNativeFieldIndex, | |
| 38 reinterpret_cast<intptr_t*>(&filter))); | |
| 39 return filter; | |
| 40 } | |
| 41 | |
| 42 | |
| 43 static void SetTlsFilter(Dart_NativeArguments args, TlsFilter* filter) { | |
| 44 Dart_Handle dart_this = HandleError(Dart_GetNativeArgument(args, 0)); | |
| 45 ASSERT(Dart_IsInstance(dart_this)); | |
| 46 HandleError(Dart_SetNativeInstanceField(dart_this, | |
| 47 kTlsFilterNativeFieldIndex, | |
| 48 reinterpret_cast<intptr_t>(filter))); | |
| 49 } | |
| 50 | |
| 51 | |
| 52 void FUNCTION_NAME(TlsSocket_Init)(Dart_NativeArguments args) { | |
|
Søren Gjesse
2012/11/01 11:49:11
Maybe assert that filter is not already set.
Bill Hesse
2012/11/11 22:34:34
This is not easy. Filter is set by putting it in
| |
| 53 Dart_EnterScope(); | |
| 54 TlsFilter* filter = new TlsFilter; | |
| 55 Dart_Handle dart_this = Dart_GetNativeArgument(args, 0); | |
| 56 if (Dart_IsError(dart_this)) { | |
| 57 delete filter; | |
| 58 Dart_PropagateError(dart_this); | |
| 59 } | |
| 60 SetTlsFilter(args, filter); | |
| 61 filter->Init(dart_this); | |
| 62 Dart_ExitScope(); | |
| 63 } | |
| 64 | |
| 65 | |
| 66 void FUNCTION_NAME(TlsSocket_Connect)(Dart_NativeArguments args) { | |
| 67 Dart_EnterScope(); | |
| 68 GetTlsFilter(args)->Connect(); | |
| 69 Dart_SetReturnValue(args, Dart_Null()); | |
| 70 Dart_ExitScope(); | |
| 71 } | |
| 72 | |
| 73 | |
| 74 void FUNCTION_NAME(TlsSocket_Destroy)(Dart_NativeArguments args) { | |
| 75 Dart_EnterScope(); | |
| 76 TlsFilter* filter = GetTlsFilter(args); | |
| 77 SetTlsFilter(args, NULL); | |
| 78 filter->Destroy(); | |
| 79 delete filter; | |
| 80 Dart_ExitScope(); | |
| 81 } | |
| 82 | |
| 83 | |
| 84 void FUNCTION_NAME(TlsSocket_RegisterHandshakeCallbacks)( | |
| 85 Dart_NativeArguments args) { | |
| 86 Dart_EnterScope(); | |
| 87 Dart_Handle handshake_start = HandleError(Dart_GetNativeArgument(args, 1)); | |
| 88 Dart_Handle handshake_finish = HandleError(Dart_GetNativeArgument(args, 2)); | |
| 89 if (!Dart_IsClosure(handshake_start) || | |
| 90 !Dart_IsClosure(handshake_finish)) { | |
| 91 Dart_ThrowException(DartUtils::NewDartArgumentError( | |
| 92 "Illegal argument to RegisterHandshakeCallbacks")); | |
| 93 } | |
| 94 GetTlsFilter(args)->RegisterHandshakeCallbacks(handshake_start, | |
| 95 handshake_finish); | |
| 96 Dart_ExitScope(); | |
| 97 } | |
| 98 | |
| 99 | |
| 100 void FUNCTION_NAME(TlsSocket_ProcessBuffer)(Dart_NativeArguments args) { | |
| 101 Dart_EnterScope(); | |
| 102 Dart_Handle buffer_id_object = HandleError(Dart_GetNativeArgument(args, 1)); | |
| 103 int64_t buffer_id = DartUtils::GetIntegerValue(buffer_id_object); | |
| 104 if (buffer_id < 0 || buffer_id >= TlsFilter::kNumBuffers) { | |
| 105 Dart_ThrowException(DartUtils::NewDartArgumentError( | |
| 106 "Illegal argument to ProcessBuffer")); | |
| 107 } | |
| 108 | |
| 109 intptr_t bytes_read = | |
| 110 GetTlsFilter(args)->ProcessBuffer(static_cast<int>(buffer_id)); | |
| 111 Dart_SetReturnValue(args, Dart_NewInteger(bytes_read)); | |
| 112 Dart_ExitScope(); | |
| 113 } | |
| 114 | |
| 115 | |
| 116 void FUNCTION_NAME(TlsSocket_SetCertificateDatabase) | |
| 117 (Dart_NativeArguments args) { | |
| 118 Dart_EnterScope(); | |
| 119 Dart_Handle dart_pkcert_dir = HandleError(Dart_GetNativeArgument(args, 0)); | |
| 120 // Check that the type is string, and get the UTF-8 C string value from it. | |
| 121 if (Dart_IsString(dart_pkcert_dir)) { | |
| 122 const char* pkcert_dir = NULL; | |
| 123 HandleError(Dart_StringToCString(dart_pkcert_dir, &pkcert_dir)); | |
| 124 TlsFilter::InitializeLibrary(pkcert_dir); | |
| 125 } else { | |
| 126 Dart_ThrowException(DartUtils::NewDartArgumentError( | |
| 127 "Non-String argument to SetCertificateDatabase")); | |
| 128 } | |
| 129 Dart_ExitScope(); | |
| 130 } | |
| 131 | |
| 132 void TlsFilter::Init(Dart_Handle dart_this) { | |
| 133 stringStart_ = HandleError( | |
| 134 Dart_NewPersistentHandle(Dart_NewString("start"))); | |
| 135 stringLength_ = HandleError( | |
| 136 Dart_NewPersistentHandle(Dart_NewString("length"))); | |
| 137 | |
| 138 InitializeBuffers(dart_this); | |
| 139 InitializePlatformData(); | |
| 140 } | |
| 141 | |
| 142 | |
| 143 void TlsFilter::InitializeBuffers(Dart_Handle dart_this) { | |
| 144 // Create TlsFilter buffers as ExternalUint8Array objects. | |
| 145 Dart_Handle dart_buffers_object = HandleError( | |
| 146 Dart_GetField(dart_this, Dart_NewString("buffers"))); | |
| 147 Dart_Handle dart_buffer_object = HandleError( | |
| 148 Dart_ListGetAt(dart_buffers_object, kReadPlaintext)); | |
| 149 Dart_Handle tls_external_buffer_class = HandleError( | |
| 150 Dart_InstanceGetClass(dart_buffer_object)); | |
| 151 Dart_Handle dart_buffer_size = HandleError( | |
| 152 Dart_GetField(tls_external_buffer_class, Dart_NewString("kSize"))); | |
| 153 buffer_size_ = DartUtils::GetIntegerValue(dart_buffer_size); | |
| 154 if (buffer_size_ <= 0 || buffer_size_ > 1024 * 1024) { | |
| 155 Dart_ThrowException( | |
| 156 Dart_NewString("Invalid buffer size in _TlsExternalBuffer")); | |
| 157 } | |
| 158 | |
| 159 for (int i = 0; i < kNumBuffers; ++i) { | |
| 160 dart_buffer_objects_[i] = HandleError( | |
| 161 Dart_NewPersistentHandle(Dart_ListGetAt(dart_buffers_object, i))); | |
| 162 buffers_[i] = new uint8_t[buffer_size_]; | |
| 163 Dart_Handle data = HandleError( | |
| 164 Dart_NewExternalByteArray(buffers_[i], | |
| 165 buffer_size_, NULL, NULL)); | |
| 166 HandleError( | |
| 167 Dart_SetField(dart_buffer_objects_[i], Dart_NewString("data"), data)); | |
| 168 } | |
| 169 } | |
| 170 | |
| 171 | |
| 172 void TlsFilter::RegisterHandshakeCallbacks(Dart_Handle start, | |
| 173 Dart_Handle finish) { | |
| 174 handshake_start_ = HandleError(Dart_NewPersistentHandle(start)); | |
| 175 handshake_finish_ = HandleError(Dart_NewPersistentHandle(finish)); | |
| 176 } | |
| 177 | |
| 178 | |
| 179 void TlsFilter::DestroyPlatformIndependent() { | |
| 180 for (int i = 0; i < kNumBuffers; ++i) { | |
| 181 Dart_DeletePersistentHandle(dart_buffer_objects_[i]); | |
| 182 } | |
| 183 Dart_DeletePersistentHandle(stringStart_); | |
| 184 Dart_DeletePersistentHandle(stringLength_); | |
| 185 } | |
| 186 | |
| 187 | |
| 188 class TlsFilterPlatformData { | |
| 189 public: | |
| 190 PRFileDesc* memio; | |
| 191 }; | |
| 192 | |
| 193 | |
| 194 TlsFilter::TlsFilter() : in_handshake_(false) { } | |
| 195 | |
| 196 | |
| 197 void TlsFilter::InitializeLibrary(const char* pkcert_database) { | |
| 198 TlsLog("Entering InitializeLibrary"); | |
| 199 LockInitMutex(); | |
| 200 if (!library_initialized_) { | |
| 201 PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); | |
| 202 // TODO: Allow read-write opening of pkcert_database using | |
| 203 // NSS_InitReadWrite, controlled by an optional argument. | |
| 204 SECStatus status = | |
| 205 NSS_Init(pkcert_database); | |
| 206 if (status != SECSuccess) { | |
| 207 ReportError("Unsuccessful NSS_Init call.\n", PR_GetError()); | |
| 208 } | |
| 209 | |
| 210 status = NSS_SetDomesticPolicy(); | |
| 211 if (status != SECSuccess) { | |
| 212 ReportError("Unsuccessful NSS_SetDomesticPolicy call.\n", PR_GetError()); | |
| 213 } | |
| 214 } else { | |
| 215 ReportError("Called TlsFilter::InitializeLibrary more than once", 0); | |
| 216 } | |
| 217 UnlockInitMutex(); | |
| 218 TlsLog("Exiting InitializeLibrary"); | |
| 219 } | |
| 220 | |
| 221 | |
| 222 void TlsFilter::InitializePlatformData() { | |
| 223 data_ = new TlsFilterPlatformData; | |
| 224 data_->memio = memio_CreateIOLayer(30000); | |
| 225 } | |
| 226 | |
| 227 | |
| 228 char host_entry_buffer[PR_NETDB_BUF_SIZE]; | |
| 229 PRHostEnt host_entry; | |
| 230 PRNetAddr host_address; | |
| 231 PRFileDesc* my_socket; | |
| 232 | |
| 233 bool SECURITY = true; | |
| 234 SECStatus status; | |
| 235 | |
| 236 void TlsFilter::Connect() { | |
| 237 TlsLog("Entering InitSocket"); | |
| 238 if (!in_handshake_) { | |
| 239 my_socket = data_->memio; | |
| 240 | |
| 241 my_socket = SSL_ImportFD(NULL, my_socket); | |
| 242 if (my_socket == NULL) { | |
| 243 ReportError("Unsuccessful SSL_ImportFD call", 0); | |
| 244 } | |
| 245 | |
| 246 if (SSL_SetURL(my_socket, "www.google.dk") == -1) { | |
| 247 ReportError("Unsuccessful SetURL call", 0); | |
| 248 } | |
| 249 | |
| 250 status = SSL_ResetHandshake(my_socket, PR_FALSE); | |
| 251 if (status != SECSuccess) { | |
| 252 ReportError("Unsuccessful SSL_ResetHandshake call", PR_GetError()); | |
| 253 } | |
| 254 | |
| 255 // SetPeerAddress | |
| 256 PRNetAddr host_address; | |
| 257 char host_entry_buffer[PR_NETDB_BUF_SIZE]; | |
| 258 PRHostEnt host_entry; | |
| 259 PRStatus rv = PR_GetHostByName("www.google.dk", host_entry_buffer, | |
| 260 PR_NETDB_BUF_SIZE, &host_entry); | |
| 261 if (rv != PR_SUCCESS) { | |
| 262 ReportError("Unsuccessful PR_GetHostByName call", PR_GetError()); | |
| 263 } | |
| 264 | |
| 265 int index = PR_EnumerateHostEnt(0, &host_entry, 443, &host_address); | |
| 266 if (index == -1 || index == 0) { | |
| 267 ReportError("Unsuccessful PR_EnumerateHostEnt call", 0); | |
| 268 } | |
| 269 if (host_address.inet.family == PR_AF_INET) { | |
|
Søren Gjesse
2012/11/01 11:49:11
Debug code.
| |
| 270 TlsLog("Got IP V4 address"); | |
| 271 } | |
| 272 | |
| 273 memio_SetPeerName(my_socket, &host_address); | |
| 274 | |
| 275 data_->memio = my_socket; | |
| 276 } | |
|
Søren Gjesse
2012/11/01 11:49:11
Indentation.
| |
| 277 | |
| 278 // Handshake | |
| 279 status = SSL_ForceHandshake(my_socket); | |
| 280 if (status == SECSuccess) { | |
| 281 TlsLog("Successful SSL_ForceHandshake call"); | |
|
Søren Gjesse
2012/11/01 11:49:11
Please remove logging.
Bill Hesse
2012/11/11 22:34:34
Removed - it is in a separate private patch, becau
| |
| 282 if (in_handshake_) { | |
| 283 TlsLog("Exiting handshake state"); | |
| 284 HandleError(Dart_InvokeClosure(handshake_finish_, 0, NULL)); | |
| 285 in_handshake_ = false; | |
| 286 } | |
| 287 } else { | |
| 288 TlsLogInt("Unsuccessful SSL_ForceHandshake call", PR_GetError()); | |
| 289 if (!in_handshake_) { | |
| 290 TlsLog("Entering handshake state"); | |
| 291 // int writable = ProcessBuffer(kWriteEncrypted); | |
|
Søren Gjesse
2012/11/01 11:49:11
Code in comments.
| |
| 292 // TlsLog("ProcessBuffer(kWriteEncrypted) returns %d\n", writable); | |
| 293 HandleError(Dart_InvokeClosure(handshake_start_, 0, NULL)); | |
| 294 in_handshake_ = true; | |
| 295 } | |
| 296 } | |
| 297 } | |
| 298 | |
| 299 | |
| 300 void TlsFilter::Destroy() { | |
| 301 DestroyPlatformIndependent(); | |
| 302 // TODO(whesse): Destroy OpenSSL objects here. | |
| 303 } | |
| 304 | |
| 305 intptr_t TlsFilter::ProcessBuffer(int buffer_index) { | |
| 306 TlsLogInt("Entering processBuffer with index", buffer_index); | |
| 307 Dart_Handle buffer_object = dart_buffer_objects_[buffer_index]; | |
| 308 Dart_Handle start_object = HandleError( | |
| 309 Dart_GetField(buffer_object, stringStart_)); | |
| 310 Dart_Handle length_object = HandleError( | |
| 311 Dart_GetField(buffer_object, stringLength_)); | |
| 312 int64_t unsafe_start = DartUtils::GetIntegerValue(start_object); | |
|
Søren Gjesse
2012/11/01 11:49:11
Maybe change the type to intptr_t here and do the
Bill Hesse
2012/11/11 22:34:34
I prefer doing the range check on unsafe_length be
| |
| 313 int64_t unsafe_length = DartUtils::GetIntegerValue(length_object); | |
| 314 if (unsafe_start < 0 || unsafe_start >= buffer_size_ || | |
| 315 unsafe_length < 0 || unsafe_length > buffer_size_) { | |
| 316 Dart_ThrowException(DartUtils::NewDartArgumentError( | |
| 317 "Illegal .start or .length on a _TlsExternalBuffer")); | |
| 318 } | |
| 319 intptr_t start = static_cast<intptr_t>(unsafe_start); | |
| 320 intptr_t length = static_cast<intptr_t>(unsafe_length); | |
| 321 | |
| 322 int bytes_sent = 0; | |
|
Søren Gjesse
2012/11/01 11:49:11
Maybe rename bytes_sent to bytes_processed, as thi
Bill Hesse
2012/11/11 22:34:34
Done.
| |
| 323 switch (buffer_index) { | |
| 324 case kReadPlaintext: { | |
| 325 int bytes_free = buffer_size_ - start - length; | |
| 326 bytes_sent = PR_Read(data_->memio, | |
| 327 buffers_[buffer_index] + start + length, | |
| 328 bytes_free); | |
| 329 TlsLogInt("plaintext read Dart buffer bytes free", bytes_free); | |
| 330 TlsLogInt("plaintext bytes read from filter", bytes_sent); | |
| 331 if (bytes_sent < 0) bytes_sent = 0; | |
| 332 break; | |
| 333 } | |
| 334 | |
| 335 case kWriteEncrypted: { | |
| 336 const uint8_t* buf1; | |
| 337 const uint8_t* buf2; | |
| 338 unsigned int len1; | |
| 339 unsigned int len2; | |
| 340 int bytes_free = buffer_size_ - start - length; | |
| 341 memio_Private* secret = memio_GetSecret(data_->memio); | |
| 342 memio_GetWriteParams(secret, &buf1, &len1, &buf2, &len2); | |
| 343 int bytes_to_send = | |
| 344 dart::Utils::Minimum(len1, static_cast<unsigned>(bytes_free)); | |
| 345 if (bytes_to_send > 0) { | |
| 346 memmove(buffers_[buffer_index] + start + length, buf1, bytes_to_send); | |
| 347 bytes_sent = bytes_to_send; | |
| 348 } | |
| 349 bytes_to_send = dart::Utils::Minimum(len2, | |
| 350 static_cast<unsigned>(bytes_free - bytes_sent)); | |
| 351 if (bytes_to_send > 0) { | |
| 352 memmove(buffers_[buffer_index] + start + length + bytes_sent, buf2, | |
| 353 bytes_to_send); | |
| 354 bytes_sent += bytes_to_send; | |
| 355 } | |
| 356 TlsLogInt("encrypted write Dart buffer bytes free", bytes_free); | |
| 357 TlsLogInt("encrypted bytes written from filter", bytes_sent); | |
| 358 if (bytes_sent > 0) { | |
| 359 memio_PutWriteResult(secret, bytes_sent); | |
| 360 } | |
| 361 break; | |
| 362 } | |
| 363 | |
| 364 case kReadEncrypted: { | |
| 365 if (length > 0) { | |
| 366 bytes_sent = length; | |
| 367 // NEW | |
|
Søren Gjesse
2012/11/01 11:49:11
Strange comment.
Bill Hesse
2012/11/11 22:34:34
Done.
| |
| 368 memio_Private* secret = memio_GetSecret(data_->memio); | |
| 369 uint8_t* memio_buf; | |
| 370 int free_bytes = memio_GetReadParams(secret, &memio_buf); | |
| 371 if (free_bytes < bytes_sent) bytes_sent = free_bytes; | |
| 372 TlsLogInt("encrypted read Dart buffer bytes available", length); | |
| 373 TlsLogInt("encrypted bytes read to filter", bytes_sent); | |
| 374 memmove(memio_buf, | |
| 375 buffers_[buffer_index] + start, | |
| 376 bytes_sent); | |
| 377 memio_PutReadResult(secret, bytes_sent); | |
| 378 } | |
| 379 break; | |
| 380 } | |
| 381 | |
| 382 case kWritePlaintext: { | |
| 383 if (length > 0) { | |
| 384 bytes_sent = PR_Write(data_->memio, | |
| 385 buffers_[buffer_index] + start, | |
| 386 length); | |
| 387 } | |
| 388 TlsLogInt("plaintext write Dart buffer bytes available", length); | |
| 389 TlsLogInt("plaintext bytes written to filter", bytes_sent); | |
| 390 | |
| 391 if (bytes_sent < 0) bytes_sent = 0; | |
|
Søren Gjesse
2012/11/01 11:49:11
Negative bytes_sent here is not an error?
Bill Hesse
2012/11/11 22:34:34
We should only normally get a blocking error due t
| |
| 392 break; | |
| 393 } | |
| 394 } | |
| 395 TlsLog("Exiting processBuffer"); | |
| 396 return bytes_sent; | |
| 397 } | |
| OLD | NEW |
