| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/socket/ssl_server_socket_nss.h" | |
| 6 | |
| 7 #include <utility> | |
| 8 | |
| 9 #if defined(OS_WIN) | |
| 10 #include <winsock2.h> | |
| 11 #endif | |
| 12 | |
| 13 #if defined(USE_SYSTEM_SSL) | |
| 14 #include <dlfcn.h> | |
| 15 #endif | |
| 16 #if defined(OS_MACOSX) | |
| 17 #include <Security/Security.h> | |
| 18 #endif | |
| 19 #include <certdb.h> | |
| 20 #include <cryptohi.h> | |
| 21 #include <hasht.h> | |
| 22 #include <keyhi.h> | |
| 23 #include <nspr.h> | |
| 24 #include <nss.h> | |
| 25 #include <pk11pub.h> | |
| 26 #include <secerr.h> | |
| 27 #include <sechash.h> | |
| 28 #include <ssl.h> | |
| 29 #include <sslerr.h> | |
| 30 #include <sslproto.h> | |
| 31 | |
| 32 #include <limits> | |
| 33 | |
| 34 #include "base/callback_helpers.h" | |
| 35 #include "base/lazy_instance.h" | |
| 36 #include "base/logging.h" | |
| 37 #include "base/memory/ref_counted.h" | |
| 38 #include "crypto/nss_util_internal.h" | |
| 39 #include "crypto/rsa_private_key.h" | |
| 40 #include "net/base/io_buffer.h" | |
| 41 #include "net/base/net_errors.h" | |
| 42 #include "net/log/net_log.h" | |
| 43 #include "net/socket/nss_ssl_util.h" | |
| 44 | |
| 45 // SSL plaintext fragments are shorter than 16KB. Although the record layer | |
| 46 // overhead is allowed to be 2K + 5 bytes, in practice the overhead is much | |
| 47 // smaller than 1KB. So a 17KB buffer should be large enough to hold an | |
| 48 // entire SSL record. | |
| 49 static const int kRecvBufferSize = 17 * 1024; | |
| 50 static const int kSendBufferSize = 17 * 1024; | |
| 51 | |
| 52 #define GotoState(s) next_handshake_state_ = s | |
| 53 | |
| 54 namespace net { | |
| 55 | |
| 56 namespace { | |
| 57 | |
| 58 bool g_nss_server_sockets_init = false; | |
| 59 | |
| 60 class NSSSSLServerInitSingleton { | |
| 61 public: | |
| 62 NSSSSLServerInitSingleton() { | |
| 63 EnsureNSSSSLInit(); | |
| 64 | |
| 65 SSL_ConfigServerSessionIDCache(64, 28800, 28800, NULL); | |
| 66 g_nss_server_sockets_init = true; | |
| 67 } | |
| 68 | |
| 69 ~NSSSSLServerInitSingleton() { | |
| 70 SSL_ShutdownServerSessionIDCache(); | |
| 71 g_nss_server_sockets_init = false; | |
| 72 } | |
| 73 }; | |
| 74 | |
| 75 static base::LazyInstance<NSSSSLServerInitSingleton>::Leaky | |
| 76 g_nss_ssl_server_init_singleton = LAZY_INSTANCE_INITIALIZER; | |
| 77 | |
| 78 class SSLServerSocketNSS : public SSLServerSocket { | |
| 79 public: | |
| 80 // See comments on CreateSSLServerSocket for details of how these | |
| 81 // parameters are used. | |
| 82 SSLServerSocketNSS(std::unique_ptr<StreamSocket> socket, | |
| 83 X509Certificate* certificate, | |
| 84 const crypto::RSAPrivateKey& key, | |
| 85 const SSLServerConfig& ssl_server_config); | |
| 86 ~SSLServerSocketNSS() override; | |
| 87 | |
| 88 // SSLServerSocket interface. | |
| 89 int Handshake(const CompletionCallback& callback) override; | |
| 90 | |
| 91 // SSLSocket interface. | |
| 92 int ExportKeyingMaterial(const base::StringPiece& label, | |
| 93 bool has_context, | |
| 94 const base::StringPiece& context, | |
| 95 unsigned char* out, | |
| 96 unsigned int outlen) override; | |
| 97 | |
| 98 // Socket interface (via StreamSocket). | |
| 99 int Read(IOBuffer* buf, | |
| 100 int buf_len, | |
| 101 const CompletionCallback& callback) override; | |
| 102 int Write(IOBuffer* buf, | |
| 103 int buf_len, | |
| 104 const CompletionCallback& callback) override; | |
| 105 int SetReceiveBufferSize(int32_t size) override; | |
| 106 int SetSendBufferSize(int32_t size) override; | |
| 107 | |
| 108 // StreamSocket implementation. | |
| 109 int Connect(const CompletionCallback& callback) override; | |
| 110 void Disconnect() override; | |
| 111 bool IsConnected() const override; | |
| 112 bool IsConnectedAndIdle() const override; | |
| 113 int GetPeerAddress(IPEndPoint* address) const override; | |
| 114 int GetLocalAddress(IPEndPoint* address) const override; | |
| 115 const BoundNetLog& NetLog() const override; | |
| 116 void SetSubresourceSpeculation() override; | |
| 117 void SetOmniboxSpeculation() override; | |
| 118 bool WasEverUsed() const override; | |
| 119 bool WasNpnNegotiated() const override; | |
| 120 NextProto GetNegotiatedProtocol() const override; | |
| 121 bool GetSSLInfo(SSLInfo* ssl_info) override; | |
| 122 void GetConnectionAttempts(ConnectionAttempts* out) const override; | |
| 123 void ClearConnectionAttempts() override {} | |
| 124 void AddConnectionAttempts(const ConnectionAttempts& attempts) override {} | |
| 125 int64_t GetTotalReceivedBytes() const override; | |
| 126 | |
| 127 private: | |
| 128 enum State { | |
| 129 STATE_NONE, | |
| 130 STATE_HANDSHAKE, | |
| 131 }; | |
| 132 | |
| 133 int InitializeSSLOptions(); | |
| 134 | |
| 135 void OnSendComplete(int result); | |
| 136 void OnRecvComplete(int result); | |
| 137 void OnHandshakeIOComplete(int result); | |
| 138 | |
| 139 int BufferSend(); | |
| 140 void BufferSendComplete(int result); | |
| 141 int BufferRecv(); | |
| 142 void BufferRecvComplete(int result); | |
| 143 bool DoTransportIO(); | |
| 144 int DoPayloadRead(); | |
| 145 int DoPayloadWrite(); | |
| 146 | |
| 147 int DoHandshakeLoop(int last_io_result); | |
| 148 int DoReadLoop(int result); | |
| 149 int DoWriteLoop(int result); | |
| 150 int DoHandshake(); | |
| 151 void DoHandshakeCallback(int result); | |
| 152 void DoReadCallback(int result); | |
| 153 void DoWriteCallback(int result); | |
| 154 | |
| 155 static SECStatus OwnAuthCertHandler(void* arg, | |
| 156 PRFileDesc* socket, | |
| 157 PRBool checksig, | |
| 158 PRBool is_server); | |
| 159 static void HandshakeCallback(PRFileDesc* socket, void* arg); | |
| 160 | |
| 161 int Init(); | |
| 162 | |
| 163 // Members used to send and receive buffer. | |
| 164 bool transport_send_busy_; | |
| 165 bool transport_recv_busy_; | |
| 166 | |
| 167 scoped_refptr<IOBuffer> recv_buffer_; | |
| 168 | |
| 169 BoundNetLog net_log_; | |
| 170 | |
| 171 CompletionCallback user_handshake_callback_; | |
| 172 CompletionCallback user_read_callback_; | |
| 173 CompletionCallback user_write_callback_; | |
| 174 | |
| 175 // Used by Read function. | |
| 176 scoped_refptr<IOBuffer> user_read_buf_; | |
| 177 int user_read_buf_len_; | |
| 178 | |
| 179 // Used by Write function. | |
| 180 scoped_refptr<IOBuffer> user_write_buf_; | |
| 181 int user_write_buf_len_; | |
| 182 | |
| 183 // The NSS SSL state machine | |
| 184 PRFileDesc* nss_fd_; | |
| 185 | |
| 186 // Buffers for the network end of the SSL state machine | |
| 187 memio_Private* nss_bufs_; | |
| 188 | |
| 189 // StreamSocket for sending and receiving data. | |
| 190 std::unique_ptr<StreamSocket> transport_socket_; | |
| 191 | |
| 192 // Options for the SSL socket. | |
| 193 SSLServerConfig ssl_server_config_; | |
| 194 | |
| 195 // Certificate for the server. | |
| 196 scoped_refptr<X509Certificate> cert_; | |
| 197 | |
| 198 // Private key used by the server. | |
| 199 std::unique_ptr<crypto::RSAPrivateKey> key_; | |
| 200 | |
| 201 State next_handshake_state_; | |
| 202 bool completed_handshake_; | |
| 203 | |
| 204 DISALLOW_COPY_AND_ASSIGN(SSLServerSocketNSS); | |
| 205 }; | |
| 206 | |
| 207 SSLServerSocketNSS::SSLServerSocketNSS( | |
| 208 std::unique_ptr<StreamSocket> transport_socket, | |
| 209 X509Certificate* cert, | |
| 210 const crypto::RSAPrivateKey& key, | |
| 211 const SSLServerConfig& ssl_server_config) | |
| 212 : transport_send_busy_(false), | |
| 213 transport_recv_busy_(false), | |
| 214 user_read_buf_len_(0), | |
| 215 user_write_buf_len_(0), | |
| 216 nss_fd_(NULL), | |
| 217 nss_bufs_(NULL), | |
| 218 transport_socket_(std::move(transport_socket)), | |
| 219 ssl_server_config_(ssl_server_config), | |
| 220 cert_(cert), | |
| 221 key_(key.Copy()), | |
| 222 next_handshake_state_(STATE_NONE), | |
| 223 completed_handshake_(false) { | |
| 224 CHECK(key_); | |
| 225 } | |
| 226 | |
| 227 SSLServerSocketNSS::~SSLServerSocketNSS() { | |
| 228 if (nss_fd_ != NULL) { | |
| 229 PR_Close(nss_fd_); | |
| 230 nss_fd_ = NULL; | |
| 231 } | |
| 232 } | |
| 233 | |
| 234 int SSLServerSocketNSS::Handshake(const CompletionCallback& callback) { | |
| 235 net_log_.BeginEvent(NetLog::TYPE_SSL_SERVER_HANDSHAKE); | |
| 236 | |
| 237 int rv = Init(); | |
| 238 if (rv != OK) { | |
| 239 LOG(ERROR) << "Failed to initialize NSS"; | |
| 240 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv); | |
| 241 return rv; | |
| 242 } | |
| 243 | |
| 244 rv = InitializeSSLOptions(); | |
| 245 if (rv != OK) { | |
| 246 LOG(ERROR) << "Failed to initialize SSL options"; | |
| 247 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv); | |
| 248 return rv; | |
| 249 } | |
| 250 | |
| 251 // Set peer address. TODO(hclam): This should be in a separate method. | |
| 252 PRNetAddr peername; | |
| 253 memset(&peername, 0, sizeof(peername)); | |
| 254 peername.raw.family = AF_INET; | |
| 255 memio_SetPeerName(nss_fd_, &peername); | |
| 256 | |
| 257 GotoState(STATE_HANDSHAKE); | |
| 258 rv = DoHandshakeLoop(OK); | |
| 259 if (rv == ERR_IO_PENDING) { | |
| 260 user_handshake_callback_ = callback; | |
| 261 } else { | |
| 262 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv); | |
| 263 } | |
| 264 | |
| 265 return rv > OK ? OK : rv; | |
| 266 } | |
| 267 | |
| 268 int SSLServerSocketNSS::ExportKeyingMaterial(const base::StringPiece& label, | |
| 269 bool has_context, | |
| 270 const base::StringPiece& context, | |
| 271 unsigned char* out, | |
| 272 unsigned int outlen) { | |
| 273 if (!IsConnected()) | |
| 274 return ERR_SOCKET_NOT_CONNECTED; | |
| 275 SECStatus result = SSL_ExportKeyingMaterial( | |
| 276 nss_fd_, label.data(), label.size(), has_context, | |
| 277 reinterpret_cast<const unsigned char*>(context.data()), | |
| 278 context.length(), out, outlen); | |
| 279 if (result != SECSuccess) { | |
| 280 LogFailedNSSFunction(net_log_, "SSL_ExportKeyingMaterial", ""); | |
| 281 return MapNSSError(PORT_GetError()); | |
| 282 } | |
| 283 return OK; | |
| 284 } | |
| 285 | |
| 286 int SSLServerSocketNSS::Connect(const CompletionCallback& callback) { | |
| 287 NOTIMPLEMENTED(); | |
| 288 return ERR_NOT_IMPLEMENTED; | |
| 289 } | |
| 290 | |
| 291 int SSLServerSocketNSS::Read(IOBuffer* buf, | |
| 292 int buf_len, | |
| 293 const CompletionCallback& callback) { | |
| 294 DCHECK(user_read_callback_.is_null()); | |
| 295 DCHECK(user_handshake_callback_.is_null()); | |
| 296 DCHECK(!user_read_buf_); | |
| 297 DCHECK(nss_bufs_); | |
| 298 DCHECK(!callback.is_null()); | |
| 299 | |
| 300 user_read_buf_ = buf; | |
| 301 user_read_buf_len_ = buf_len; | |
| 302 | |
| 303 DCHECK(completed_handshake_); | |
| 304 | |
| 305 int rv = DoReadLoop(OK); | |
| 306 | |
| 307 if (rv == ERR_IO_PENDING) { | |
| 308 user_read_callback_ = callback; | |
| 309 } else { | |
| 310 user_read_buf_ = NULL; | |
| 311 user_read_buf_len_ = 0; | |
| 312 } | |
| 313 return rv; | |
| 314 } | |
| 315 | |
| 316 int SSLServerSocketNSS::Write(IOBuffer* buf, | |
| 317 int buf_len, | |
| 318 const CompletionCallback& callback) { | |
| 319 DCHECK(user_write_callback_.is_null()); | |
| 320 DCHECK(!user_write_buf_); | |
| 321 DCHECK(nss_bufs_); | |
| 322 DCHECK(!callback.is_null()); | |
| 323 | |
| 324 user_write_buf_ = buf; | |
| 325 user_write_buf_len_ = buf_len; | |
| 326 | |
| 327 int rv = DoWriteLoop(OK); | |
| 328 | |
| 329 if (rv == ERR_IO_PENDING) { | |
| 330 user_write_callback_ = callback; | |
| 331 } else { | |
| 332 user_write_buf_ = NULL; | |
| 333 user_write_buf_len_ = 0; | |
| 334 } | |
| 335 return rv; | |
| 336 } | |
| 337 | |
| 338 int SSLServerSocketNSS::SetReceiveBufferSize(int32_t size) { | |
| 339 return transport_socket_->SetReceiveBufferSize(size); | |
| 340 } | |
| 341 | |
| 342 int SSLServerSocketNSS::SetSendBufferSize(int32_t size) { | |
| 343 return transport_socket_->SetSendBufferSize(size); | |
| 344 } | |
| 345 | |
| 346 bool SSLServerSocketNSS::IsConnected() const { | |
| 347 // TODO(wtc): Find out if we should check transport_socket_->IsConnected() | |
| 348 // as well. | |
| 349 return completed_handshake_; | |
| 350 } | |
| 351 | |
| 352 void SSLServerSocketNSS::Disconnect() { | |
| 353 transport_socket_->Disconnect(); | |
| 354 } | |
| 355 | |
| 356 bool SSLServerSocketNSS::IsConnectedAndIdle() const { | |
| 357 return completed_handshake_ && transport_socket_->IsConnectedAndIdle(); | |
| 358 } | |
| 359 | |
| 360 int SSLServerSocketNSS::GetPeerAddress(IPEndPoint* address) const { | |
| 361 if (!IsConnected()) | |
| 362 return ERR_SOCKET_NOT_CONNECTED; | |
| 363 return transport_socket_->GetPeerAddress(address); | |
| 364 } | |
| 365 | |
| 366 int SSLServerSocketNSS::GetLocalAddress(IPEndPoint* address) const { | |
| 367 if (!IsConnected()) | |
| 368 return ERR_SOCKET_NOT_CONNECTED; | |
| 369 return transport_socket_->GetLocalAddress(address); | |
| 370 } | |
| 371 | |
| 372 const BoundNetLog& SSLServerSocketNSS::NetLog() const { | |
| 373 return net_log_; | |
| 374 } | |
| 375 | |
| 376 void SSLServerSocketNSS::SetSubresourceSpeculation() { | |
| 377 transport_socket_->SetSubresourceSpeculation(); | |
| 378 } | |
| 379 | |
| 380 void SSLServerSocketNSS::SetOmniboxSpeculation() { | |
| 381 transport_socket_->SetOmniboxSpeculation(); | |
| 382 } | |
| 383 | |
| 384 bool SSLServerSocketNSS::WasEverUsed() const { | |
| 385 return transport_socket_->WasEverUsed(); | |
| 386 } | |
| 387 | |
| 388 bool SSLServerSocketNSS::WasNpnNegotiated() const { | |
| 389 NOTIMPLEMENTED(); | |
| 390 return false; | |
| 391 } | |
| 392 | |
| 393 NextProto SSLServerSocketNSS::GetNegotiatedProtocol() const { | |
| 394 // NPN is not supported by this class. | |
| 395 return kProtoUnknown; | |
| 396 } | |
| 397 | |
| 398 bool SSLServerSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { | |
| 399 NOTIMPLEMENTED(); | |
| 400 return false; | |
| 401 } | |
| 402 | |
| 403 void SSLServerSocketNSS::GetConnectionAttempts(ConnectionAttempts* out) const { | |
| 404 out->clear(); | |
| 405 } | |
| 406 | |
| 407 int64_t SSLServerSocketNSS::GetTotalReceivedBytes() const { | |
| 408 NOTIMPLEMENTED(); | |
| 409 return 0; | |
| 410 } | |
| 411 | |
| 412 int SSLServerSocketNSS::InitializeSSLOptions() { | |
| 413 // Transport connected, now hook it up to nss | |
| 414 nss_fd_ = memio_CreateIOLayer(kRecvBufferSize, kSendBufferSize); | |
| 415 if (nss_fd_ == NULL) { | |
| 416 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR error code. | |
| 417 } | |
| 418 | |
| 419 // Grab pointer to buffers | |
| 420 nss_bufs_ = memio_GetSecret(nss_fd_); | |
| 421 | |
| 422 /* Create SSL state machine */ | |
| 423 /* Push SSL onto our fake I/O socket */ | |
| 424 nss_fd_ = SSL_ImportFD(NULL, nss_fd_); | |
| 425 if (nss_fd_ == NULL) { | |
| 426 LogFailedNSSFunction(net_log_, "SSL_ImportFD", ""); | |
| 427 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR/NSS error code. | |
| 428 } | |
| 429 // TODO(port): set more ssl options! Check errors! | |
| 430 | |
| 431 int rv; | |
| 432 | |
| 433 if (ssl_server_config_.client_cert_type == | |
| 434 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT) { | |
| 435 rv = SSL_OptionSet(nss_fd_, SSL_REQUEST_CERTIFICATE, PR_TRUE); | |
| 436 if (rv != SECSuccess) { | |
| 437 LogFailedNSSFunction(net_log_, "SSL_OptionSet", | |
| 438 "SSL_REQUEST_CERTIFICATE"); | |
| 439 return ERR_UNEXPECTED; | |
| 440 } | |
| 441 } | |
| 442 | |
| 443 rv = SSL_OptionSet(nss_fd_, SSL_SECURITY, PR_TRUE); | |
| 444 if (rv != SECSuccess) { | |
| 445 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_SECURITY"); | |
| 446 return ERR_UNEXPECTED; | |
| 447 } | |
| 448 | |
| 449 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SSL2, PR_FALSE); | |
| 450 if (rv != SECSuccess) { | |
| 451 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL2"); | |
| 452 return ERR_UNEXPECTED; | |
| 453 } | |
| 454 | |
| 455 SSLVersionRange version_range; | |
| 456 version_range.min = ssl_server_config_.version_min; | |
| 457 version_range.max = ssl_server_config_.version_max; | |
| 458 rv = SSL_VersionRangeSet(nss_fd_, &version_range); | |
| 459 if (rv != SECSuccess) { | |
| 460 LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", ""); | |
| 461 return ERR_NO_SSL_VERSIONS_ENABLED; | |
| 462 } | |
| 463 | |
| 464 if (ssl_server_config_.require_ecdhe) { | |
| 465 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); | |
| 466 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); | |
| 467 | |
| 468 // Iterate over the cipher suites and disable those that don't use ECDHE. | |
| 469 for (unsigned i = 0; i < num_ciphers; i++) { | |
| 470 SSLCipherSuiteInfo info; | |
| 471 if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) == | |
| 472 SECSuccess) { | |
| 473 if (strcmp(info.keaTypeName, "ECDHE") != 0) { | |
| 474 SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE); | |
| 475 } | |
| 476 } | |
| 477 } | |
| 478 } | |
| 479 | |
| 480 for (std::vector<uint16_t>::const_iterator it = | |
| 481 ssl_server_config_.disabled_cipher_suites.begin(); | |
| 482 it != ssl_server_config_.disabled_cipher_suites.end(); ++it) { | |
| 483 // This will fail if the specified cipher is not implemented by NSS, but | |
| 484 // the failure is harmless. | |
| 485 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); | |
| 486 } | |
| 487 | |
| 488 // Server socket doesn't need session tickets. | |
| 489 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_FALSE); | |
| 490 if (rv != SECSuccess) { | |
| 491 LogFailedNSSFunction( | |
| 492 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS"); | |
| 493 } | |
| 494 | |
| 495 // Doing this will force PR_Accept perform handshake as server. | |
| 496 rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_FALSE); | |
| 497 if (rv != SECSuccess) { | |
| 498 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT"); | |
| 499 return ERR_UNEXPECTED; | |
| 500 } | |
| 501 | |
| 502 rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_SERVER, PR_TRUE); | |
| 503 if (rv != SECSuccess) { | |
| 504 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_SERVER"); | |
| 505 return ERR_UNEXPECTED; | |
| 506 } | |
| 507 | |
| 508 rv = SSL_OptionSet(nss_fd_, SSL_REQUEST_CERTIFICATE, PR_FALSE); | |
| 509 if (rv != SECSuccess) { | |
| 510 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUEST_CERTIFICATE"); | |
| 511 return ERR_UNEXPECTED; | |
| 512 } | |
| 513 | |
| 514 rv = SSL_OptionSet(nss_fd_, SSL_REQUIRE_CERTIFICATE, PR_FALSE); | |
| 515 if (rv != SECSuccess) { | |
| 516 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUIRE_CERTIFICATE"); | |
| 517 return ERR_UNEXPECTED; | |
| 518 } | |
| 519 | |
| 520 rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this); | |
| 521 if (rv != SECSuccess) { | |
| 522 LogFailedNSSFunction(net_log_, "SSL_AuthCertificateHook", ""); | |
| 523 return ERR_UNEXPECTED; | |
| 524 } | |
| 525 | |
| 526 rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this); | |
| 527 if (rv != SECSuccess) { | |
| 528 LogFailedNSSFunction(net_log_, "SSL_HandshakeCallback", ""); | |
| 529 return ERR_UNEXPECTED; | |
| 530 } | |
| 531 | |
| 532 // Get a certificate of CERTCertificate structure. | |
| 533 std::string der_string; | |
| 534 if (!X509Certificate::GetDEREncoded(cert_->os_cert_handle(), &der_string)) | |
| 535 return ERR_UNEXPECTED; | |
| 536 | |
| 537 SECItem der_cert; | |
| 538 der_cert.data = reinterpret_cast<unsigned char*>(const_cast<char*>( | |
| 539 der_string.data())); | |
| 540 der_cert.len = der_string.length(); | |
| 541 der_cert.type = siDERCertBuffer; | |
| 542 | |
| 543 // Parse into a CERTCertificate structure. | |
| 544 CERTCertificate* cert = CERT_NewTempCertificate( | |
| 545 CERT_GetDefaultCertDB(), &der_cert, NULL, PR_FALSE, PR_TRUE); | |
| 546 if (!cert) { | |
| 547 LogFailedNSSFunction(net_log_, "CERT_NewTempCertificate", ""); | |
| 548 return MapNSSError(PORT_GetError()); | |
| 549 } | |
| 550 | |
| 551 // Get a key of SECKEYPrivateKey* structure. | |
| 552 std::vector<uint8_t> key_vector; | |
| 553 if (!key_->ExportPrivateKey(&key_vector)) { | |
| 554 CERT_DestroyCertificate(cert); | |
| 555 return ERR_UNEXPECTED; | |
| 556 } | |
| 557 | |
| 558 SECKEYPrivateKeyStr* private_key = NULL; | |
| 559 PK11SlotInfo* slot = PK11_GetInternalSlot(); | |
| 560 if (!slot) { | |
| 561 CERT_DestroyCertificate(cert); | |
| 562 return ERR_UNEXPECTED; | |
| 563 } | |
| 564 | |
| 565 SECItem der_private_key_info; | |
| 566 der_private_key_info.data = | |
| 567 const_cast<unsigned char*>(&key_vector.front()); | |
| 568 der_private_key_info.len = key_vector.size(); | |
| 569 // The server's RSA private key must be imported into NSS with the | |
| 570 // following key usage bits: | |
| 571 // - KU_KEY_ENCIPHERMENT, required for the RSA key exchange algorithm. | |
| 572 // - KU_DIGITAL_SIGNATURE, required for the DHE_RSA and ECDHE_RSA key | |
| 573 // exchange algorithms. | |
| 574 const unsigned int key_usage = KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE; | |
| 575 rv = PK11_ImportDERPrivateKeyInfoAndReturnKey( | |
| 576 slot, &der_private_key_info, NULL, NULL, PR_FALSE, PR_FALSE, | |
| 577 key_usage, &private_key, NULL); | |
| 578 PK11_FreeSlot(slot); | |
| 579 if (rv != SECSuccess) { | |
| 580 CERT_DestroyCertificate(cert); | |
| 581 return ERR_UNEXPECTED; | |
| 582 } | |
| 583 | |
| 584 // Assign server certificate and private key. | |
| 585 SSLKEAType cert_kea = NSS_FindCertKEAType(cert); | |
| 586 rv = SSL_ConfigSecureServer(nss_fd_, cert, private_key, cert_kea); | |
| 587 CERT_DestroyCertificate(cert); | |
| 588 SECKEY_DestroyPrivateKey(private_key); | |
| 589 | |
| 590 if (rv != SECSuccess) { | |
| 591 PRErrorCode prerr = PR_GetError(); | |
| 592 LOG(ERROR) << "Failed to config SSL server: " << prerr; | |
| 593 LogFailedNSSFunction(net_log_, "SSL_ConfigureSecureServer", ""); | |
| 594 return ERR_UNEXPECTED; | |
| 595 } | |
| 596 | |
| 597 // Tell SSL we're a server; needed if not letting NSPR do socket I/O | |
| 598 rv = SSL_ResetHandshake(nss_fd_, PR_TRUE); | |
| 599 if (rv != SECSuccess) { | |
| 600 LogFailedNSSFunction(net_log_, "SSL_ResetHandshake", ""); | |
| 601 return ERR_UNEXPECTED; | |
| 602 } | |
| 603 | |
| 604 return OK; | |
| 605 } | |
| 606 | |
| 607 void SSLServerSocketNSS::OnSendComplete(int result) { | |
| 608 if (next_handshake_state_ == STATE_HANDSHAKE) { | |
| 609 // In handshake phase. | |
| 610 OnHandshakeIOComplete(result); | |
| 611 return; | |
| 612 } | |
| 613 | |
| 614 // TODO(byungchul): This state machine is not correct. Copy the state machine | |
| 615 // of SSLClientSocketNSS::OnSendComplete() which handles it better. | |
| 616 if (!completed_handshake_) | |
| 617 return; | |
| 618 | |
| 619 if (user_write_buf_) { | |
| 620 int rv = DoWriteLoop(result); | |
| 621 if (rv != ERR_IO_PENDING) | |
| 622 DoWriteCallback(rv); | |
| 623 } else { | |
| 624 // Ensure that any queued ciphertext is flushed. | |
| 625 DoTransportIO(); | |
| 626 } | |
| 627 } | |
| 628 | |
| 629 void SSLServerSocketNSS::OnRecvComplete(int result) { | |
| 630 if (next_handshake_state_ == STATE_HANDSHAKE) { | |
| 631 // In handshake phase. | |
| 632 OnHandshakeIOComplete(result); | |
| 633 return; | |
| 634 } | |
| 635 | |
| 636 // Network layer received some data, check if client requested to read | |
| 637 // decrypted data. | |
| 638 if (!user_read_buf_ || !completed_handshake_) | |
| 639 return; | |
| 640 | |
| 641 int rv = DoReadLoop(result); | |
| 642 if (rv != ERR_IO_PENDING) | |
| 643 DoReadCallback(rv); | |
| 644 } | |
| 645 | |
| 646 void SSLServerSocketNSS::OnHandshakeIOComplete(int result) { | |
| 647 int rv = DoHandshakeLoop(result); | |
| 648 if (rv == ERR_IO_PENDING) | |
| 649 return; | |
| 650 | |
| 651 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv); | |
| 652 if (!user_handshake_callback_.is_null()) | |
| 653 DoHandshakeCallback(rv); | |
| 654 } | |
| 655 | |
| 656 // Return 0 for EOF, | |
| 657 // > 0 for bytes transferred immediately, | |
| 658 // < 0 for error (or the non-error ERR_IO_PENDING). | |
| 659 int SSLServerSocketNSS::BufferSend(void) { | |
| 660 if (transport_send_busy_) | |
| 661 return ERR_IO_PENDING; | |
| 662 | |
| 663 const char* buf1; | |
| 664 const char* buf2; | |
| 665 unsigned int len1, len2; | |
| 666 if (memio_GetWriteParams(nss_bufs_, &buf1, &len1, &buf2, &len2)) { | |
| 667 // The error code itself is ignored, so just return ERR_ABORTED. | |
| 668 return ERR_ABORTED; | |
| 669 } | |
| 670 const size_t len = len1 + len2; | |
| 671 | |
| 672 int rv = 0; | |
| 673 if (len) { | |
| 674 scoped_refptr<IOBuffer> send_buffer(new IOBuffer(len)); | |
| 675 memcpy(send_buffer->data(), buf1, len1); | |
| 676 memcpy(send_buffer->data() + len1, buf2, len2); | |
| 677 rv = transport_socket_->Write( | |
| 678 send_buffer.get(), len, | |
| 679 base::Bind(&SSLServerSocketNSS::BufferSendComplete, | |
| 680 base::Unretained(this))); | |
| 681 if (rv == ERR_IO_PENDING) { | |
| 682 transport_send_busy_ = true; | |
| 683 } else { | |
| 684 memio_PutWriteResult(nss_bufs_, MapErrorToNSS(rv)); | |
| 685 } | |
| 686 } | |
| 687 | |
| 688 return rv; | |
| 689 } | |
| 690 | |
| 691 void SSLServerSocketNSS::BufferSendComplete(int result) { | |
| 692 memio_PutWriteResult(nss_bufs_, MapErrorToNSS(result)); | |
| 693 transport_send_busy_ = false; | |
| 694 OnSendComplete(result); | |
| 695 } | |
| 696 | |
| 697 int SSLServerSocketNSS::BufferRecv(void) { | |
| 698 if (transport_recv_busy_) return ERR_IO_PENDING; | |
| 699 | |
| 700 char* buf; | |
| 701 int nb = memio_GetReadParams(nss_bufs_, &buf); | |
| 702 int rv; | |
| 703 if (!nb) { | |
| 704 // buffer too full to read into, so no I/O possible at moment | |
| 705 rv = ERR_IO_PENDING; | |
| 706 } else { | |
| 707 recv_buffer_ = new IOBuffer(nb); | |
| 708 rv = transport_socket_->Read( | |
| 709 recv_buffer_.get(), nb, | |
| 710 base::Bind(&SSLServerSocketNSS::BufferRecvComplete, | |
| 711 base::Unretained(this))); | |
| 712 if (rv == ERR_IO_PENDING) { | |
| 713 transport_recv_busy_ = true; | |
| 714 } else { | |
| 715 if (rv > 0) | |
| 716 memcpy(buf, recv_buffer_->data(), rv); | |
| 717 memio_PutReadResult(nss_bufs_, MapErrorToNSS(rv)); | |
| 718 recv_buffer_ = NULL; | |
| 719 } | |
| 720 } | |
| 721 return rv; | |
| 722 } | |
| 723 | |
| 724 void SSLServerSocketNSS::BufferRecvComplete(int result) { | |
| 725 if (result > 0) { | |
| 726 char* buf; | |
| 727 memio_GetReadParams(nss_bufs_, &buf); | |
| 728 memcpy(buf, recv_buffer_->data(), result); | |
| 729 } | |
| 730 recv_buffer_ = NULL; | |
| 731 memio_PutReadResult(nss_bufs_, MapErrorToNSS(result)); | |
| 732 transport_recv_busy_ = false; | |
| 733 OnRecvComplete(result); | |
| 734 } | |
| 735 | |
| 736 // Do as much network I/O as possible between the buffer and the | |
| 737 // transport socket. Return true if some I/O performed, false | |
| 738 // otherwise (error or ERR_IO_PENDING). | |
| 739 bool SSLServerSocketNSS::DoTransportIO() { | |
| 740 bool network_moved = false; | |
| 741 if (nss_bufs_ != NULL) { | |
| 742 int rv; | |
| 743 // Read and write as much data as we can. The loop is neccessary | |
| 744 // because Write() may return synchronously. | |
| 745 do { | |
| 746 rv = BufferSend(); | |
| 747 if (rv > 0) | |
| 748 network_moved = true; | |
| 749 } while (rv > 0); | |
| 750 if (BufferRecv() >= 0) | |
| 751 network_moved = true; | |
| 752 } | |
| 753 return network_moved; | |
| 754 } | |
| 755 | |
| 756 int SSLServerSocketNSS::DoPayloadRead() { | |
| 757 DCHECK(user_read_buf_); | |
| 758 DCHECK_GT(user_read_buf_len_, 0); | |
| 759 int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_); | |
| 760 if (rv >= 0) | |
| 761 return rv; | |
| 762 PRErrorCode prerr = PR_GetError(); | |
| 763 if (prerr == PR_WOULD_BLOCK_ERROR) { | |
| 764 return ERR_IO_PENDING; | |
| 765 } | |
| 766 rv = MapNSSError(prerr); | |
| 767 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR, | |
| 768 CreateNetLogSSLErrorCallback(rv, prerr)); | |
| 769 return rv; | |
| 770 } | |
| 771 | |
| 772 int SSLServerSocketNSS::DoPayloadWrite() { | |
| 773 DCHECK(user_write_buf_); | |
| 774 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_); | |
| 775 if (rv >= 0) | |
| 776 return rv; | |
| 777 PRErrorCode prerr = PR_GetError(); | |
| 778 if (prerr == PR_WOULD_BLOCK_ERROR) { | |
| 779 return ERR_IO_PENDING; | |
| 780 } | |
| 781 rv = MapNSSError(prerr); | |
| 782 net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR, | |
| 783 CreateNetLogSSLErrorCallback(rv, prerr)); | |
| 784 return rv; | |
| 785 } | |
| 786 | |
| 787 int SSLServerSocketNSS::DoHandshakeLoop(int last_io_result) { | |
| 788 int rv = last_io_result; | |
| 789 do { | |
| 790 // Default to STATE_NONE for next state. | |
| 791 // (This is a quirk carried over from the windows | |
| 792 // implementation. It makes reading the logs a bit harder.) | |
| 793 // State handlers can and often do call GotoState just | |
| 794 // to stay in the current state. | |
| 795 State state = next_handshake_state_; | |
| 796 GotoState(STATE_NONE); | |
| 797 switch (state) { | |
| 798 case STATE_HANDSHAKE: | |
| 799 rv = DoHandshake(); | |
| 800 break; | |
| 801 case STATE_NONE: | |
| 802 default: | |
| 803 rv = ERR_UNEXPECTED; | |
| 804 LOG(DFATAL) << "unexpected state " << state; | |
| 805 break; | |
| 806 } | |
| 807 | |
| 808 // Do the actual network I/O | |
| 809 bool network_moved = DoTransportIO(); | |
| 810 if (network_moved && next_handshake_state_ == STATE_HANDSHAKE) { | |
| 811 // In general we exit the loop if rv is ERR_IO_PENDING. In this | |
| 812 // special case we keep looping even if rv is ERR_IO_PENDING because | |
| 813 // the transport IO may allow DoHandshake to make progress. | |
| 814 rv = OK; // This causes us to stay in the loop. | |
| 815 } | |
| 816 } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE); | |
| 817 return rv; | |
| 818 } | |
| 819 | |
| 820 int SSLServerSocketNSS::DoReadLoop(int result) { | |
| 821 DCHECK(completed_handshake_); | |
| 822 DCHECK(next_handshake_state_ == STATE_NONE); | |
| 823 | |
| 824 if (result < 0) | |
| 825 return result; | |
| 826 | |
| 827 if (!nss_bufs_) { | |
| 828 LOG(DFATAL) << "!nss_bufs_"; | |
| 829 int rv = ERR_UNEXPECTED; | |
| 830 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR, | |
| 831 CreateNetLogSSLErrorCallback(rv, 0)); | |
| 832 return rv; | |
| 833 } | |
| 834 | |
| 835 bool network_moved; | |
| 836 int rv; | |
| 837 do { | |
| 838 rv = DoPayloadRead(); | |
| 839 network_moved = DoTransportIO(); | |
| 840 } while (rv == ERR_IO_PENDING && network_moved); | |
| 841 return rv; | |
| 842 } | |
| 843 | |
| 844 int SSLServerSocketNSS::DoWriteLoop(int result) { | |
| 845 DCHECK(completed_handshake_); | |
| 846 DCHECK_EQ(next_handshake_state_, STATE_NONE); | |
| 847 | |
| 848 if (result < 0) | |
| 849 return result; | |
| 850 | |
| 851 if (!nss_bufs_) { | |
| 852 LOG(DFATAL) << "!nss_bufs_"; | |
| 853 int rv = ERR_UNEXPECTED; | |
| 854 net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR, | |
| 855 CreateNetLogSSLErrorCallback(rv, 0)); | |
| 856 return rv; | |
| 857 } | |
| 858 | |
| 859 bool network_moved; | |
| 860 int rv; | |
| 861 do { | |
| 862 rv = DoPayloadWrite(); | |
| 863 network_moved = DoTransportIO(); | |
| 864 } while (rv == ERR_IO_PENDING && network_moved); | |
| 865 return rv; | |
| 866 } | |
| 867 | |
| 868 int SSLServerSocketNSS::DoHandshake() { | |
| 869 int net_error = OK; | |
| 870 SECStatus rv = SSL_ForceHandshake(nss_fd_); | |
| 871 | |
| 872 if (rv == SECSuccess) { | |
| 873 completed_handshake_ = true; | |
| 874 } else { | |
| 875 PRErrorCode prerr = PR_GetError(); | |
| 876 net_error = MapNSSError(prerr); | |
| 877 | |
| 878 // If not done, stay in this state | |
| 879 if (net_error == ERR_IO_PENDING) { | |
| 880 GotoState(STATE_HANDSHAKE); | |
| 881 } else { | |
| 882 LOG(ERROR) << "handshake failed; NSS error code " << prerr | |
| 883 << ", net_error " << net_error; | |
| 884 net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR, | |
| 885 CreateNetLogSSLErrorCallback(net_error, prerr)); | |
| 886 } | |
| 887 } | |
| 888 return net_error; | |
| 889 } | |
| 890 | |
| 891 void SSLServerSocketNSS::DoHandshakeCallback(int rv) { | |
| 892 DCHECK_NE(rv, ERR_IO_PENDING); | |
| 893 base::ResetAndReturn(&user_handshake_callback_).Run(rv > OK ? OK : rv); | |
| 894 } | |
| 895 | |
| 896 void SSLServerSocketNSS::DoReadCallback(int rv) { | |
| 897 DCHECK(rv != ERR_IO_PENDING); | |
| 898 DCHECK(!user_read_callback_.is_null()); | |
| 899 | |
| 900 user_read_buf_ = NULL; | |
| 901 user_read_buf_len_ = 0; | |
| 902 base::ResetAndReturn(&user_read_callback_).Run(rv); | |
| 903 } | |
| 904 | |
| 905 void SSLServerSocketNSS::DoWriteCallback(int rv) { | |
| 906 DCHECK(rv != ERR_IO_PENDING); | |
| 907 DCHECK(!user_write_callback_.is_null()); | |
| 908 | |
| 909 user_write_buf_ = NULL; | |
| 910 user_write_buf_len_ = 0; | |
| 911 base::ResetAndReturn(&user_write_callback_).Run(rv); | |
| 912 } | |
| 913 | |
| 914 // static | |
| 915 // NSS calls this if an incoming certificate needs to be verified. | |
| 916 // Do nothing but return SECSuccess. | |
| 917 // This is called only in full handshake mode. | |
| 918 // Peer certificate is retrieved in HandshakeCallback() later, which is called | |
| 919 // in full handshake mode or in resumption handshake mode. | |
| 920 SECStatus SSLServerSocketNSS::OwnAuthCertHandler(void* arg, | |
| 921 PRFileDesc* socket, | |
| 922 PRBool checksig, | |
| 923 PRBool is_server) { | |
| 924 // TODO(hclam): Implement. | |
| 925 // Tell NSS to not verify the certificate. | |
| 926 return SECSuccess; | |
| 927 } | |
| 928 | |
| 929 // static | |
| 930 // NSS calls this when handshake is completed. | |
| 931 // After the SSL handshake is finished we need to verify the certificate. | |
| 932 void SSLServerSocketNSS::HandshakeCallback(PRFileDesc* socket, void* arg) { | |
| 933 // TODO(hclam): Implement. | |
| 934 } | |
| 935 | |
| 936 int SSLServerSocketNSS::Init() { | |
| 937 // Initialize the NSS SSL library in a threadsafe way. This also | |
| 938 // initializes the NSS base library. | |
| 939 EnsureNSSSSLInit(); | |
| 940 if (!NSS_IsInitialized()) | |
| 941 return ERR_UNEXPECTED; | |
| 942 | |
| 943 EnableSSLServerSockets(); | |
| 944 return OK; | |
| 945 } | |
| 946 | |
| 947 } // namespace | |
| 948 | |
| 949 std::unique_ptr<SSLServerContext> CreateSSLServerContext( | |
| 950 X509Certificate* certificate, | |
| 951 const crypto::RSAPrivateKey& key, | |
| 952 const SSLServerConfig& ssl_server_config) { | |
| 953 return std::unique_ptr<SSLServerContext>( | |
| 954 new SSLServerContextNSS(certificate, key, ssl_server_config)); | |
| 955 } | |
| 956 | |
| 957 SSLServerContextNSS::SSLServerContextNSS( | |
| 958 X509Certificate* certificate, | |
| 959 const crypto::RSAPrivateKey& key, | |
| 960 const SSLServerConfig& ssl_server_config) | |
| 961 : ssl_server_config_(ssl_server_config), | |
| 962 cert_(certificate), | |
| 963 key_(key.Copy()) { | |
| 964 CHECK(key_); | |
| 965 } | |
| 966 | |
| 967 SSLServerContextNSS::~SSLServerContextNSS() {} | |
| 968 | |
| 969 std::unique_ptr<SSLServerSocket> SSLServerContextNSS::CreateSSLServerSocket( | |
| 970 std::unique_ptr<StreamSocket> socket) { | |
| 971 DCHECK(g_nss_server_sockets_init) << "EnableSSLServerSockets() has not been" | |
| 972 << " called yet!"; | |
| 973 | |
| 974 return std::unique_ptr<SSLServerSocket>(new SSLServerSocketNSS( | |
| 975 std::move(socket), cert_.get(), *key_, ssl_server_config_)); | |
| 976 } | |
| 977 | |
| 978 void EnableSSLServerSockets() { | |
| 979 g_nss_ssl_server_init_singleton.Get(); | |
| 980 } | |
| 981 | |
| 982 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1882433002:
Removing NSS files and USE_OPENSSL flag (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master