Add secure sockets to dart:io

runtime/bin/tls_socket.cc

Index: runtime/bin/tls_socket.cc
diff --git a/runtime/bin/tls_socket.cc b/runtime/bin/tls_socket.cc
new file mode 100644
index 0000000000000000000000000000000000000000..07ab350e615593b4ce5bbd98e49e9152f5361864
--- /dev/null
+++ b/runtime/bin/tls_socket.cc
@@ -0,0 +1,393 @@
+// Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
+// for details. All rights reserved. Use of this source code is governed by a
+// BSD-style license that can be found in the LICENSE file.
+
+#include "bin/tls_socket.h"
+
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <nss.h>
+#include <prerror.h>
+#include <prinit.h>
+#include <prnetdb.h>
+#include <ssl.h>
+
+#include "bin/builtin.h"
+#include "bin/dartutils.h"
+#include "bin/net/nss_memio.h"
+#include "bin/thread.h"
+#include "bin/utils.h"
+#include "platform/utils.h"
+
+#include "include/dart_api.h"
+
+bool TlsFilter::library_initialized_ = false;
+dart::Mutex TlsFilter::mutex_;  // To protect library initialization.
+static const int kTlsFilterNativeFieldIndex = 0;
+
+static TlsFilter* GetTlsFilter(Dart_NativeArguments args) {
+  TlsFilter* filter;
+  Dart_Handle dart_this = ThrowIfError(Dart_GetNativeArgument(args, 0));
+  ASSERT(Dart_IsInstance(dart_this));
+  ThrowIfError(Dart_GetNativeInstanceField(
+      dart_this,
+      kTlsFilterNativeFieldIndex,
+      reinterpret_cast<intptr_t*>(&filter)));
+  return filter;
+}
+
+
+static void SetTlsFilter(Dart_NativeArguments args, TlsFilter* filter) {
+  Dart_Handle dart_this = ThrowIfError(Dart_GetNativeArgument(args, 0));
+  ASSERT(Dart_IsInstance(dart_this));
+  ThrowIfError(Dart_SetNativeInstanceField(
+      dart_this,
+      kTlsFilterNativeFieldIndex,
+      reinterpret_cast<intptr_t>(filter)));
+}
+
+
+void FUNCTION_NAME(TlsSocket_Init)(Dart_NativeArguments args) {
+  Dart_EnterScope();
+  TlsFilter* filter = new TlsFilter;

[Søren Gjesse, 2012/11/14 08:18:59]

Move the creation of TlsFilter down to just before SetTlsFilter. You can then
avoid the delete filter in the if below.

[Bill Hesse, 2012/11/14 13:33:30]

Done.

+  Dart_Handle dart_this = Dart_GetNativeArgument(args, 0);
+  if (Dart_IsError(dart_this)) {
+    delete filter;
+    Dart_PropagateError(dart_this);
+  }
+  SetTlsFilter(args, filter);
+  filter->Init(dart_this);
+  Dart_ExitScope();
+}
+
+
+void FUNCTION_NAME(TlsSocket_Connect)(Dart_NativeArguments args) {
+  Dart_EnterScope();
+  Dart_Handle host_name = ThrowIfError(Dart_GetNativeArgument(args, 1));
+  Dart_Handle port_object = ThrowIfError(Dart_GetNativeArgument(args, 2));
+
+  const char* host_name_string = NULL;
+  // TODO(whesse): Is truncating a Dart string containing \0 what we want?
+  ThrowIfError(Dart_StringToCString(host_name, &host_name_string));
+
+  int64_t port;
+  if (!DartUtils::GetInt64Value(port_object, &port) ||
+      port < 0 || port > 65535) {
+    Dart_ThrowException(DartUtils::NewDartArgumentError(
+      "Illegal port parameter in TlsSocket"));
+  }
+
+  GetTlsFilter(args)->Connect(host_name_string, static_cast<int>(port));
+  Dart_ExitScope();
+}
+
+
+void FUNCTION_NAME(TlsSocket_Destroy)(Dart_NativeArguments args) {
+  Dart_EnterScope();
+  TlsFilter* filter = GetTlsFilter(args);
+  SetTlsFilter(args, NULL);
+  filter->Destroy();
+  delete filter;
+  Dart_ExitScope();
+}
+
+
+void FUNCTION_NAME(TlsSocket_Handshake)(Dart_NativeArguments args) {
+  Dart_EnterScope();
+  GetTlsFilter(args)->Handshake();
+  Dart_ExitScope();
+}
+
+
+void FUNCTION_NAME(TlsSocket_RegisterHandshakeCallbacks)(
+    Dart_NativeArguments args) {
+  Dart_EnterScope();
+  Dart_Handle handshake_start = ThrowIfError(Dart_GetNativeArgument(args, 1));
+  Dart_Handle handshake_finish = ThrowIfError(Dart_GetNativeArgument(args, 2));
+  if (!Dart_IsClosure(handshake_start) ||
+      !Dart_IsClosure(handshake_finish)) {
+    Dart_ThrowException(DartUtils::NewDartArgumentError(
+        "Illegal argument to RegisterHandshakeCallbacks"));
+  }
+  GetTlsFilter(args)->RegisterHandshakeCallbacks(handshake_start,
+                                                 handshake_finish);
+  Dart_ExitScope();
+}
+
+
+void FUNCTION_NAME(TlsSocket_ProcessBuffer)(Dart_NativeArguments args) {
+  Dart_EnterScope();
+  Dart_Handle buffer_id_object = ThrowIfError(Dart_GetNativeArgument(args, 1));
+  int64_t buffer_id = DartUtils::GetIntegerValue(buffer_id_object);
+  if (buffer_id < 0 || buffer_id >= TlsFilter::kNumBuffers) {
+    Dart_ThrowException(DartUtils::NewDartArgumentError(
+        "Illegal argument to ProcessBuffer"));
+  }
+
+  intptr_t bytes_read =
+      GetTlsFilter(args)->ProcessBuffer(static_cast<int>(buffer_id));
+  Dart_SetReturnValue(args, Dart_NewInteger(bytes_read));
+  Dart_ExitScope();
+}
+
+
+void FUNCTION_NAME(TlsSocket_SetCertificateDatabase)
+    (Dart_NativeArguments args) {
+  Dart_EnterScope();
+  Dart_Handle dart_pkcert_dir = ThrowIfError(Dart_GetNativeArgument(args, 0));
+  // Check that the type is string, and get the UTF-8 C string value from it.
+  if (Dart_IsString(dart_pkcert_dir)) {
+    const char* pkcert_dir = NULL;
+    ThrowIfError(Dart_StringToCString(dart_pkcert_dir, &pkcert_dir));
+    TlsFilter::InitializeLibrary(pkcert_dir);
+  } else {
+    Dart_ThrowException(DartUtils::NewDartArgumentError(
+        "Non-String argument to SetCertificateDatabase"));
+  }
+  Dart_ExitScope();
+}
+
+
+void TlsFilter::Init(Dart_Handle dart_this) {
+  string_start_ = ThrowIfError(
+      Dart_NewPersistentHandle(DartUtils::NewString("start")));
+  string_length_ = ThrowIfError(
+      Dart_NewPersistentHandle(DartUtils::NewString("length")));
+
+  InitializeBuffers(dart_this);
+  memio_ = memio_CreateIOLayer(kMemioBufferSize);
+}
+
+
+void TlsFilter::InitializeBuffers(Dart_Handle dart_this) {
+  // Create TlsFilter buffers as ExternalUint8Array objects.
+  Dart_Handle dart_buffers_object = ThrowIfError(
+      Dart_GetField(dart_this, DartUtils::NewString("buffers")));
+  Dart_Handle dart_buffer_object =
+      Dart_ListGetAt(dart_buffers_object, kReadPlaintext);
+  Dart_Handle tls_external_buffer_class =
+      Dart_InstanceGetClass(dart_buffer_object);
+  Dart_Handle dart_buffer_size = ThrowIfError(
+      Dart_GetField(tls_external_buffer_class, DartUtils::NewString("SIZE")));
+  buffer_size_ = DartUtils::GetIntegerValue(dart_buffer_size);
+  if (buffer_size_ <= 0 || buffer_size_ > 1024 * 1024) {
+    Dart_ThrowException(
+        DartUtils::NewString("Invalid buffer size in _TlsExternalBuffer"));
+  }
+
+  Dart_Handle data_identifier = DartUtils::NewString("data");
+  for (int i = 0; i < kNumBuffers; ++i) {
+    dart_buffer_objects_[i] = ThrowIfError(
+        Dart_NewPersistentHandle(Dart_ListGetAt(dart_buffers_object, i)));
+    buffers_[i] = new uint8_t[buffer_size_];
+    Dart_Handle data = ThrowIfError(
+      Dart_NewExternalByteArray(buffers_[i], buffer_size_, NULL, NULL));

[Søren Gjesse, 2012/11/14 08:18:59]

You need to specify a peer pointer and callback here to free the buffer from the
C heap.

[Bill Hesse, 2012/11/14 13:33:30]

We are freeing the buffers manually in TlsFilter::Destroy, at the same time that
we delete the persistent handles to the _TlsExternalBuffer buffer objects
holding the ExternalByteArrays.

[Søren Gjesse, 2012/11/14 13:43:12]

Even though we are freeing the persistent handles there is no guarantee that the
Dart object will not stay alive for some time. It will then reference an already
freed memory area. I think we should just let the GC do the work.

[Bill Hesse, 2012/11/14 16:06:46]

OK.  Will change.

+    ThrowIfError(Dart_SetField(dart_buffer_objects_[i],
+                               data_identifier,
+                               data));
+  }
+}
+
+
+void TlsFilter::RegisterHandshakeCallbacks(Dart_Handle start,
+                                           Dart_Handle finish) {
+  ASSERT(NULL == handshake_start_);
+  ASSERT(NULL == handshake_finish_);
+  handshake_start_ = ThrowIfError(Dart_NewPersistentHandle(start));
+  handshake_finish_ = ThrowIfError(Dart_NewPersistentHandle(finish));
+}
+
+
+void TlsFilter::InitializeLibrary(const char* pkcert_database) {
+  MutexLocker locker(&mutex_);
+  if (!library_initialized_) {
+    PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
+    SECStatus status = NSS_Init(pkcert_database);

[Søren Gjesse, 2012/11/14 08:18:59]

There might or might not be some UFT-8 issues here. Most likely only on Windows.
Depends on how NSS_Init handles non ASCII paths. See
http://code.google.com/p/dart/source/detail?r=14851. You can postpone that to a
follow-up CL.

[Bill Hesse, 2012/11/14 13:33:30]

TODO added.

+    if (status != SECSuccess) {
+      ReportPRError("Unsuccessful NSS_Init call.");
+    }
+
+    status = NSS_SetDomesticPolicy();
+    if (status != SECSuccess) {
+      ReportPRError("Unsuccessful NSS_SetDomesticPolicy call.");
+    }
+  } else {
+    ReportError("Called TlsFilter::InitializeLibrary more than once");
+  }
+}
+
+
+void TlsFilter::Connect(const char* host, int port) {
+  if (in_handshake_) {
+    ReportError("Connect called while already in handshake state.");
+  }
+  PRFileDesc* my_socket = memio_;
+
+  my_socket = SSL_ImportFD(NULL, my_socket);
+  if (my_socket == NULL) {
+    ReportPRError("Unsuccessful SSL_ImportFD call");
+  }
+
+  if (SSL_SetURL(my_socket, host) == -1) {
+    ReportPRError("Unsuccessful SetURL call");
+  }
+
+  SECStatus status = SSL_ResetHandshake(my_socket, PR_FALSE);
+  if (status != SECSuccess) {
+    ReportPRError("Unsuccessful SSL_ResetHandshake call");
+  }
+
+  // SetPeerAddress
+  PRNetAddr host_address;
+  char host_entry_buffer[PR_NETDB_BUF_SIZE];
+  PRHostEnt host_entry;
+  PRStatus rv = PR_GetHostByName(host, host_entry_buffer,
+                                 PR_NETDB_BUF_SIZE, &host_entry);
+  if (rv != PR_SUCCESS) {
+    ReportPRError("Unsuccessful PR_GetHostByName call");
+  }
+
+  int index = PR_EnumerateHostEnt(0, &host_entry, port, &host_address);
+  if (index == -1 || index == 0) {
+    ReportPRError("Unsuccessful PR_EnumerateHostEnt call");
+  }
+
+  memio_SetPeerName(my_socket, &host_address);
+  memio_ = my_socket;
+}
+
+
+void TlsFilter::Handshake() {
+  SECStatus status = SSL_ForceHandshake(memio_);
+  if (status == SECSuccess) {
+    if (in_handshake_) {
+      ThrowIfError(Dart_InvokeClosure(handshake_finish_, 0, NULL));
+      in_handshake_ = false;
+    }
+  } else {
+    PRErrorCode error = PR_GetError();
+    if (error == PR_WOULD_BLOCK_ERROR) {
+      if (!in_handshake_) {
+        ThrowIfError(Dart_InvokeClosure(handshake_start_, 0, NULL));
+        in_handshake_ = true;
+      }
+    } else {
+      ReportPRError("Unexpected handshake error");
+    }
+  }
+}
+
+
+void TlsFilter::Destroy() {
+  for (int i = 0; i < kNumBuffers; ++i) {
+    Dart_DeletePersistentHandle(dart_buffer_objects_[i]);
+  }
+  Dart_DeletePersistentHandle(string_start_);
+  Dart_DeletePersistentHandle(string_length_);
+  Dart_DeletePersistentHandle(handshake_start_);
+  Dart_DeletePersistentHandle(handshake_finish_);
+  // TODO(whesse): Free NSS objects here.
+}
+
+
+intptr_t TlsFilter::ProcessBuffer(int buffer_index) {
+  Dart_Handle buffer_object = dart_buffer_objects_[buffer_index];
+  Dart_Handle start_object = ThrowIfError(
+      Dart_GetField(buffer_object, string_start_));
+  Dart_Handle length_object = ThrowIfError(
+      Dart_GetField(buffer_object, string_length_));
+  int64_t unsafe_start = DartUtils::GetIntegerValue(start_object);
+  int64_t unsafe_length = DartUtils::GetIntegerValue(length_object);
+  ASSERT(unsafe_start >= 0);
+  ASSERT(unsafe_start < buffer_size_);
+  ASSERT(unsafe_length >= 0);
+  ASSERT(unsafe_length <= buffer_size_);
+  intptr_t start = static_cast<intptr_t>(unsafe_start);
+  intptr_t length = static_cast<intptr_t>(unsafe_length);

[Søren Gjesse, 2012/11/14 08:18:59]

Maybe add local variable

uint8_t* buffer = buffers_[buffer_index]

and use that instead of buffers_[buffer_index] below.

[Bill Hesse, 2012/11/14 13:33:30]

Done.

+
+  int bytes_processed = 0;
+  switch (buffer_index) {
+    case kReadPlaintext: {
+      int bytes_free = buffer_size_ - start - length;
+      bytes_processed = PR_Read(memio_,
+                                buffers_[buffer_index] + start + length,
+                                bytes_free);

[Søren Gjesse, 2012/11/14 08:18:59]

As the buffers are circular shouldn't we try to fill the interval [0, start[
with data as well? That of cause would mean that start + length could become >
buffer_size_.

+      if (bytes_processed < 0) {
+        ASSERT(bytes_processed == -1);
+        // TODO(whesse): Handle unexpected errors here.
+        PRErrorCode pr_error = PR_GetError();
+        if (PR_WOULD_BLOCK_ERROR != pr_error) {
+          ReportPRError("Error reading plaintext from TlsFilter");
+        }
+        bytes_processed = 0;
+      }
+      break;
+    }
+
+    case kWriteEncrypted: {
+      const uint8_t* buf1;
+      const uint8_t* buf2;
+      unsigned int len1;
+      unsigned int len2;
+      int bytes_free = buffer_size_ - start - length;
+      memio_Private* secret = memio_GetSecret(memio_);
+      memio_GetWriteParams(secret, &buf1, &len1, &buf2, &len2);
+      int bytes_to_send =
+          dart::Utils::Minimum(len1, static_cast<unsigned>(bytes_free));
+      if (bytes_to_send > 0) {
+        memmove(buffers_[buffer_index] + start + length, buf1, bytes_to_send);
+        bytes_processed = bytes_to_send;
+      }
+      bytes_to_send = dart::Utils::Minimum(len2,
+          static_cast<unsigned>(bytes_free - bytes_processed));
+      if (bytes_to_send > 0) {
+        memmove(buffers_[buffer_index] + start + length + bytes_processed, buf2,
+                bytes_to_send);
+        bytes_processed += bytes_to_send;
+      }
+      if (bytes_processed > 0) {
+        memio_PutWriteResult(secret, bytes_processed);
+      }
+      break;
+    }
+
+    case kReadEncrypted: {
+      if (length > 0) {
+        bytes_processed = length;
+        memio_Private* secret = memio_GetSecret(memio_);
+        uint8_t* memio_buf;
+        int free_bytes = memio_GetReadParams(secret, &memio_buf);
+        if (free_bytes < bytes_processed) bytes_processed = free_bytes;
+        memmove(memio_buf,
+                buffers_[buffer_index] + start,
+                bytes_processed);
+        memio_PutReadResult(secret, bytes_processed);
+      }
+      break;
+    }
+
+    case kWritePlaintext: {
+      if (length > 0) {
+        bytes_processed = PR_Write(memio_,
+                                   buffers_[buffer_index] + start,
+                                   length);
+      }
+
+      if (bytes_processed < 0) {
+        ASSERT(bytes_processed == -1);
+        // TODO(whesse): Handle unexpected errors here.
+        PRErrorCode pr_error = PR_GetError();
+        if (PR_WOULD_BLOCK_ERROR != pr_error) {
+          ReportPRError("Error reading plaintext from TlsFilter");
+        }
+        bytes_processed = 0;
+      }
+      break;
+    }
+  }
+  return bytes_processed;
+}