1 /*
2  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 #ifndef RTC_BASE_OPENSSL_STREAM_ADAPTER_H_
12 #define RTC_BASE_OPENSSL_STREAM_ADAPTER_H_
13 
14 #include <openssl/ossl_typ.h>
15 #include <stddef.h>
16 #include <stdint.h>
17 
18 #include <memory>
19 #include <string>
20 #include <vector>
21 
22 #include "rtc_base/buffer.h"
23 #include "rtc_base/openssl_identity.h"
24 #include "rtc_base/ssl_identity.h"
25 #include "rtc_base/ssl_stream_adapter.h"
26 #include "rtc_base/stream.h"
27 
28 namespace rtc {
29 
30 // This class was written with OpenSSLAdapter (a socket adapter) as a
31 // starting point. It has similar structure and functionality, but uses a
32 // "peer-to-peer" mode, verifying the peer's certificate using a digest
33 // sent over a secure signaling channel.
34 //
35 // Static methods to initialize and deinit the SSL library are in
36 // OpenSSLAdapter. These should probably be moved out to a neutral class.
37 //
38 // In a few cases I have factored out some OpenSSLAdapter code into static
39 // methods so it can be reused from this class. Eventually that code should
40 // probably be moved to a common support class. Unfortunately there remain a
41 // few duplicated sections of code. I have not done more restructuring because
42 // I did not want to affect existing code that uses OpenSSLAdapter.
43 //
44 // This class does not support the SSL connection restart feature present in
45 // OpenSSLAdapter. I am not entirely sure how the feature is useful and I am
46 // not convinced that it works properly.
47 //
48 // This implementation is careful to disallow data exchange after an SSL error,
49 // and it has an explicit SSL_CLOSED state. It should not be possible to send
50 // any data in clear after one of the StartSSL methods has been called.
51 
52 // Look in sslstreamadapter.h for documentation of the methods.
53 
54 class SSLCertChain;
55 
56 ///////////////////////////////////////////////////////////////////////////////
57 
58 class OpenSSLStreamAdapter final : public SSLStreamAdapter {
59  public:
60   explicit OpenSSLStreamAdapter(std::unique_ptr<StreamInterface> stream);
61   ~OpenSSLStreamAdapter() override;
62 
63   void SetIdentity(std::unique_ptr<SSLIdentity> identity) override;
64   OpenSSLIdentity* GetIdentityForTesting() const override;
65 
66   // Default argument is for compatibility
67   void SetServerRole(SSLRole role = SSL_SERVER) override;
68   bool SetPeerCertificateDigest(
69       const std::string& digest_alg,
70       const unsigned char* digest_val,
71       size_t digest_len,
72       SSLPeerCertificateDigestError* error = nullptr) override;
73 
74   std::unique_ptr<SSLCertChain> GetPeerSSLCertChain() const override;
75 
76   // Goes from state SSL_NONE to either SSL_CONNECTING or SSL_WAIT, depending
77   // on whether the underlying stream is already open or not.
78   int StartSSL() override;
79   void SetMode(SSLMode mode) override;
80   void SetMaxProtocolVersion(SSLProtocolVersion version) override;
81   void SetInitialRetransmissionTimeout(int timeout_ms) override;
82 
83   StreamResult Read(void* data,
84                     size_t data_len,
85                     size_t* read,
86                     int* error) override;
87   StreamResult Write(const void* data,
88                      size_t data_len,
89                      size_t* written,
90                      int* error) override;
91   void Close() override;
92   StreamState GetState() const override;
93 
94   // TODO(guoweis): Move this away from a static class method.
95   static std::string SslCipherSuiteToName(int crypto_suite);
96 
97   bool GetSslCipherSuite(int* cipher) override;
98 
99   SSLProtocolVersion GetSslVersion() const override;
100   bool GetSslVersionBytes(int* version) const override;
101   // Key Extractor interface
102   bool ExportKeyingMaterial(const std::string& label,
103                             const uint8_t* context,
104                             size_t context_len,
105                             bool use_context,
106                             uint8_t* result,
107                             size_t result_len) override;
108 
109   // DTLS-SRTP interface
110   bool SetDtlsSrtpCryptoSuites(const std::vector<int>& crypto_suites) override;
111   bool GetDtlsSrtpCryptoSuite(int* crypto_suite) override;
112 
113   bool IsTlsConnected() override;
114 
115   // Capabilities interfaces.
116   static bool IsBoringSsl();
117 
118   static bool IsAcceptableCipher(int cipher, KeyType key_type);
119   static bool IsAcceptableCipher(const std::string& cipher, KeyType key_type);
120 
121   // Use our timeutils.h source of timing in BoringSSL, allowing us to test
122   // using a fake clock.
123   static void EnableTimeCallbackForTesting();
124 
125  protected:
126   void OnEvent(StreamInterface* stream, int events, int err) override;
127 
128  private:
129   enum SSLState {
130     // Before calling one of the StartSSL methods, data flows
131     // in clear text.
132     SSL_NONE,
133     SSL_WAIT,        // waiting for the stream to open to start SSL negotiation
134     SSL_CONNECTING,  // SSL negotiation in progress
135     SSL_CONNECTED,   // SSL stream successfully established
136     SSL_ERROR,       // some SSL error occurred, stream is closed
137     SSL_CLOSED       // Clean close
138   };
139 
140   enum { MSG_TIMEOUT = MSG_MAX + 1 };
141 
142   // The following three methods return 0 on success and a negative
143   // error code on failure. The error code may be from OpenSSL or -1
144   // on some other error cases, so it can't really be interpreted
145   // unfortunately.
146 
147   // Prepare SSL library, state is SSL_CONNECTING.
148   int BeginSSL();
149   // Perform SSL negotiation steps.
150   int ContinueSSL();
151 
152   // Error handler helper. signal is given as true for errors in
153   // asynchronous contexts (when an error method was not returned
154   // through some other method), and in that case an SE_CLOSE event is
155   // raised on the stream with the specified error.
156   // A 0 error means a graceful close, otherwise there is not really enough
157   // context to interpret the error code.
158   // |alert| indicates an alert description (one of the SSL_AD constants) to
159   // send to the remote endpoint when closing the association. If 0, a normal
160   // shutdown will be performed.
161   void Error(const char* context, int err, uint8_t alert, bool signal);
162   void Cleanup(uint8_t alert);
163 
164   // Override MessageHandler
165   void OnMessage(Message* msg) override;
166 
167   // Flush the input buffers by reading left bytes (for DTLS)
168   void FlushInput(unsigned int left);
169 
170   // SSL library configuration
171   SSL_CTX* SetupSSLContext();
172   // Verify the peer certificate matches the signaled digest.
173   bool VerifyPeerCertificate();
174   // SSL certificate verification callback. See
175   // SSL_CTX_set_cert_verify_callback.
176   static int SSLVerifyCallback(X509_STORE_CTX* store, void* arg);
177 
WaitingToVerifyPeerCertificate()178   bool WaitingToVerifyPeerCertificate() const {
179     return GetClientAuthEnabled() && !peer_certificate_verified_;
180   }
181 
HasPeerCertificateDigest()182   bool HasPeerCertificateDigest() const {
183     return !peer_certificate_digest_algorithm_.empty() &&
184            !peer_certificate_digest_value_.empty();
185   }
186 
187   SSLState state_;
188   SSLRole role_;
189   int ssl_error_code_;  // valid when state_ == SSL_ERROR or SSL_CLOSED
190   // Whether the SSL negotiation is blocked on needing to read or
191   // write to the wrapped stream.
192   bool ssl_read_needs_write_;
193   bool ssl_write_needs_read_;
194 
195   SSL* ssl_;
196   SSL_CTX* ssl_ctx_;
197 
198   // Our key and certificate.
199   std::unique_ptr<OpenSSLIdentity> identity_;
200   // The certificate chain that the peer presented. Initially null, until the
201   // connection is established.
202   std::unique_ptr<SSLCertChain> peer_cert_chain_;
203   bool peer_certificate_verified_ = false;
204   // The digest of the certificate that the peer must present.
205   Buffer peer_certificate_digest_value_;
206   std::string peer_certificate_digest_algorithm_;
207 
208   // The DtlsSrtp ciphers
209   std::string srtp_ciphers_;
210 
211   // Do DTLS or not
212   SSLMode ssl_mode_;
213 
214   // Max. allowed protocol version
215   SSLProtocolVersion ssl_max_version_;
216 
217   // A 50-ms initial timeout ensures rapid setup on fast connections, but may
218   // be too aggressive for low bandwidth links.
219   int dtls_handshake_timeout_ms_ = 50;
220 
221   // TODO(https://bugs.webrtc.org/10261): Completely remove this option in M84.
222   const bool support_legacy_tls_protocols_flag_;
223 };
224 
225 /////////////////////////////////////////////////////////////////////////////
226 
227 }  // namespace rtc
228 
229 #endif  // RTC_BASE_OPENSSL_STREAM_ADAPTER_H_
230