1 /*
2  * Copyright (C) 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <memory>
20 #include <mutex>
21 #include <vector>
22 
23 #include <binder/RpcAuth.h>
24 #include <binder/RpcCertificateFormat.h>
25 #include <binder/RpcCertificateVerifier.h>
26 #include <binder/RpcTransport.h>
27 #include <openssl/ssl.h>
28 #include <utils/Errors.h>
29 
30 namespace android {
31 
32 constexpr const uint32_t kCertValidSeconds = 30 * (60 * 60 * 24); // 30 days
33 bssl::UniquePtr<EVP_PKEY> makeKeyPairForSelfSignedCert();
34 bssl::UniquePtr<X509> makeSelfSignedCert(EVP_PKEY* pKey, uint32_t validSeconds);
35 
36 // An implementation of RpcAuth that generates a key pair and a self-signed
37 // certificate every time configure() is called.
38 class RpcAuthSelfSigned : public RpcAuth {
39 public:
mValidSeconds(validSeconds)40     RpcAuthSelfSigned(uint32_t validSeconds = kCertValidSeconds) : mValidSeconds(validSeconds) {}
41     status_t configure(SSL_CTX* ctx) override;
42 
43 private:
44     const uint32_t mValidSeconds;
45 };
46 
47 class RpcAuthPreSigned : public RpcAuth {
48 public:
RpcAuthPreSigned(bssl::UniquePtr<EVP_PKEY> pkey,bssl::UniquePtr<X509> cert)49     RpcAuthPreSigned(bssl::UniquePtr<EVP_PKEY> pkey, bssl::UniquePtr<X509> cert)
50           : mPkey(std::move(pkey)), mCert(std::move(cert)) {}
51     status_t configure(SSL_CTX* ctx) override;
52 
53 private:
54     bssl::UniquePtr<EVP_PKEY> mPkey;
55     bssl::UniquePtr<X509> mCert;
56 };
57 
58 // A simple certificate verifier for testing.
59 // Keep a list of leaf certificates as trusted. No certificate chain support.
60 //
61 // All APIs are thread-safe. However, if verify() and addTrustedPeerCertificate() are called
62 // simultaneously in different threads, it is not deterministic whether verify() will use the
63 // certificate being added.
64 class RpcCertificateVerifierSimple : public RpcCertificateVerifier {
65 public:
66     status_t verify(const SSL*, uint8_t*) override;
67 
68     // Add a trusted peer certificate. Peers presenting this certificate are accepted.
69     //
70     // Caller must ensure that RpcTransportCtx::newTransport() are called after all trusted peer
71     // certificates are added. Otherwise, RpcTransport-s created before may not trust peer
72     // certificates added later.
73     [[nodiscard]] status_t addTrustedPeerCertificate(RpcCertificateFormat format,
74                                                      const std::vector<uint8_t>& cert);
75 
76 private:
77     std::mutex mMutex; // for below
78     std::vector<bssl::UniquePtr<X509>> mTrustedPeerCertificates;
79 };
80 
81 // A RpcCertificateVerifier that does not verify anything.
82 class RpcCertificateVerifierNoOp : public RpcCertificateVerifier {
83 public:
RpcCertificateVerifierNoOp(status_t status)84     RpcCertificateVerifierNoOp(status_t status) : mStatus(status) {}
verify(const SSL *,uint8_t *)85     status_t verify(const SSL*, uint8_t*) override { return mStatus; }
86 
87 private:
88     status_t mStatus;
89 };
90 
91 } // namespace android
92