/*
* Copyright 2004 The WebRTC Project Authors. All rights reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#ifndef RTC_BASE_OPENSSL_STREAM_ADAPTER_H_
#define RTC_BASE_OPENSSL_STREAM_ADAPTER_H_
#include <openssl/ossl_typ.h>
#include <stddef.h>
#include <stdint.h>
#include <memory>
#include <optional>
#include <string>
#include <vector>
#include "absl/functional/any_invocable.h"
#include "absl/strings/string_view.h"
#include "api/array_view.h"
#include "rtc_base/buffer.h"
#ifdef OPENSSL_IS_BORINGSSL
#include <openssl/base.h>
#include "rtc_base/boringssl_identity.h"
#else
#include "rtc_base/openssl_identity.h"
#endif
#include "api/task_queue/pending_task_safety_flag.h"
#include "rtc_base/ssl_identity.h"
#include "rtc_base/ssl_stream_adapter.h"
#include "rtc_base/stream.h"
#include "rtc_base/task_utils/repeating_task.h"
#include "rtc_base/thread.h"
namespace rtc {
// This class was written with OpenSSLAdapter (a socket adapter) as a
// starting point. It has similar structure and functionality, but uses a
// "peer-to-peer" mode, verifying the peer's certificate using a digest
// sent over a secure signaling channel.
//
// Static methods to initialize and deinit the SSL library are in
// OpenSSLAdapter. These should probably be moved out to a neutral class.
//
// In a few cases I have factored out some OpenSSLAdapter code into static
// methods so it can be reused from this class. Eventually that code should
// probably be moved to a common support class. Unfortunately there remain a
// few duplicated sections of code. I have not done more restructuring because
// I did not want to affect existing code that uses OpenSSLAdapter.
//
// This class does not support the SSL connection restart feature present in
// OpenSSLAdapter. I am not entirely sure how the feature is useful and I am
// not convinced that it works properly.
//
// This implementation is careful to disallow data exchange after an SSL error,
// and it has an explicit SSL_CLOSED state. It should not be possible to send
// any data in clear after one of the StartSSL methods has been called.
// Look in ssl_stream_adapter.h for documentation of the methods.
///////////////////////////////////////////////////////////////////////////////
class OpenSSLStreamAdapter final :
public SSLStreamAdapter {
public:
OpenSSLStreamAdapter(
std::unique_ptr<StreamInterface> stream,
absl::AnyInvocable<
void(SSLHandshakeError)> handshake_error);
~OpenSSLStreamAdapter() override;
void SetIdentity(std::unique_ptr<SSLIdentity> identity) override;
SSLIdentity* GetIdentityForTesting()
const override;
// Default argument is for compatibility
void SetServerRole(SSLRole role = SSL_SERVER) override;
bool SetPeerCertificateDigest(
absl::string_view digest_alg,
const unsigned char* digest_val,
size_t digest_len,
SSLPeerCertificateDigestError* error = nullptr) override;
std::unique_ptr<SSLCertChain> GetPeerSSLCertChain()
const override;
// Goes from state SSL_NONE to either SSL_CONNECTING or SSL_WAIT, depending
// on whether the underlying stream is already open or not.
int StartSSL() override;
[[deprecated]]
void SetMode(SSLMode mode) override;
void SetMaxProtocolVersion(SSLProtocolVersion version) override;
void SetInitialRetransmissionTimeout(
int timeout_ms) override;
StreamResult Read(rtc::ArrayView<uint8_t> data,
size_t& read,
int& error) override;
StreamResult Write(rtc::ArrayView<
const uint8_t> data,
size_t& written,
int& error) override;
void Close() override;
StreamState GetState()
const override;
std::optional<absl::string_view> GetTlsCipherSuiteName()
const override;
bool GetSslCipherSuite(
int* cipher)
const override;
[[deprecated(
"Use GetSslVersionBytes")]] SSLProtocolVersion GetSslVersion()
const override;
bool GetSslVersionBytes(
int* version)
const override;
// Key Extractor interface
bool ExportSrtpKeyingMaterial(
rtc::ZeroOnFreeBuffer<uint8_t>& keying_material) override;
[[deprecated(
"Use ExportSrtpKeyingMaterial instead")]]
bool
ExportKeyingMaterial(absl::string_view label,
const uint8_t* context,
size_t context_len,
bool use_context,
uint8_t* result,
size_t result_len) override;
uint16_t GetPeerSignatureAlgorithm()
const override;
// DTLS-SRTP interface
bool SetDtlsSrtpCryptoSuites(
const std::vector<
int>& crypto_suites) override;
bool GetDtlsSrtpCryptoSuite(
int* crypto_suite)
const override;
bool IsTlsConnected() override;
// Capabilities interfaces.
static bool IsBoringSsl();
static bool IsAcceptableCipher(
int cipher, KeyType key_type);
static bool IsAcceptableCipher(absl::string_view cipher, KeyType key_type);
// Use our timeutils.h source of timing in BoringSSL, allowing us to test
// using a fake clock.
static void EnableTimeCallbackForTesting();
private:
enum SSLState {
// Before calling one of the StartSSL methods, data flows
// in clear text.
SSL_NONE,
SSL_WAIT,
// waiting for the stream to open to start SSL negotiation
SSL_CONNECTING,
// SSL negotiation in progress
SSL_CONNECTED,
// SSL stream successfully established
SSL_ERROR,
// some SSL error occurred, stream is closed
SSL_CLOSED
// Clean close
};
void OnEvent(
int events,
int err);
void PostEvent(
int events,
int err);
void SetTimeout(
int delay_ms);
// The following three methods return 0 on success and a negative
// error code on failure. The error code may be from OpenSSL or -1
// on some other error cases, so it can't really be interpreted
// unfortunately.
// Prepare SSL library, state is SSL_CONNECTING.
int BeginSSL();
// Perform SSL negotiation steps.
int ContinueSSL();
// Error handler helper. signal is given as true for errors in
// asynchronous contexts (when an error method was not returned
// through some other method), and in that case an SE_CLOSE event is
// raised on the stream with the specified error.
// A 0 error means a graceful close, otherwise there is not really enough
// context to interpret the error code.
// `alert` indicates an alert description (one of the SSL_AD constants) to
// send to the remote endpoint when closing the association. If 0, a normal
// shutdown will be performed.
void Error(absl::string_view context,
int err, uint8_t alert,
bool signal);
void Cleanup(uint8_t alert);
// Flush the input buffers by reading left bytes (for DTLS)
void FlushInput(
unsigned int left);
// SSL library configuration
SSL_CTX* SetupSSLContext();
// Verify the peer certificate matches the signaled digest.
bool VerifyPeerCertificate();
#ifdef OPENSSL_IS_BORINGSSL
// SSL certificate verification callback. See SSL_CTX_set_custom_verify.
static enum ssl_verify_result_t SSLVerifyCallback(SSL* ssl,
uint8_t* out_alert);
#else
// SSL certificate verification callback. See
// SSL_CTX_set_cert_verify_callback.
static int SSLVerifyCallback(X509_STORE_CTX* store,
void* arg);
#endif
bool WaitingToVerifyPeerCertificate()
const {
return GetClientAuthEnabled() && !peer_certificate_verified_;
}
bool HasPeerCertificateDigest()
const {
return !peer_certificate_digest_algorithm_.empty() &&
!peer_certificate_digest_value_.empty();
}
const std::unique_ptr<StreamInterface> stream_;
absl::AnyInvocable<
void(SSLHandshakeError)> handshake_error_;
rtc::Thread*
const owner_;
webrtc::ScopedTaskSafety task_safety_;
webrtc::RepeatingTaskHandle timeout_task_;
SSLState state_;
SSLRole role_;
int ssl_error_code_;
// valid when state_ == SSL_ERROR or SSL_CLOSED
// Whether the SSL negotiation is blocked on needing to read or
// write to the wrapped stream.
bool ssl_read_needs_write_;
bool ssl_write_needs_read_;
SSL* ssl_;
SSL_CTX* ssl_ctx_;
// Our key and certificate.
#ifdef OPENSSL_IS_BORINGSSL
std::unique_ptr<BoringSSLIdentity> identity_;
#else
std::unique_ptr<OpenSSLIdentity> identity_;
#endif
// The certificate chain that the peer presented. Initially null, until the
// connection is established.
std::unique_ptr<SSLCertChain> peer_cert_chain_;
bool peer_certificate_verified_ =
false;
// The digest of the certificate that the peer must present.
Buffer peer_certificate_digest_value_;
std::string peer_certificate_digest_algorithm_;
// The DtlsSrtp ciphers
std::string srtp_ciphers_;
// Do DTLS or not
SSLMode ssl_mode_;
// Max. allowed protocol version
SSLProtocolVersion ssl_max_version_;
// A 50-ms initial timeout ensures rapid setup on fast connections, but may
// be too aggressive for low bandwidth links.
int dtls_handshake_timeout_ms_ = 50;
// Rollout killswitch for disabling session tickets.
const bool disable_handshake_ticket_;
};
/////////////////////////////////////////////////////////////////////////////
}
// namespace rtc
#endif // RTC_BASE_OPENSSL_STREAM_ADAPTER_H_
