static void on_peer_checked(grpc_exec_ctx *exec_ctx, void *arg, grpc_error *error) { security_handshaker *h = arg; gpr_mu_lock(&h->mu); if (error != GRPC_ERROR_NONE || h->shutdown) { security_handshake_failed_locked(exec_ctx, h, GRPC_ERROR_REF(error)); goto done; } // Create frame protector. tsi_frame_protector *protector; tsi_result result = tsi_handshaker_result_create_frame_protector( h->handshaker_result, NULL, &protector); if (result != TSI_OK) { error = grpc_set_tsi_error_result( GRPC_ERROR_CREATE_FROM_STATIC_STRING("Frame protector creation failed"), result); security_handshake_failed_locked(exec_ctx, h, error); goto done; } // Get unused bytes. unsigned char *unused_bytes = NULL; size_t unused_bytes_size = 0; result = tsi_handshaker_result_get_unused_bytes( h->handshaker_result, &unused_bytes, &unused_bytes_size); // Create secure endpoint. if (unused_bytes_size > 0) { grpc_slice slice = grpc_slice_from_copied_buffer((char *)unused_bytes, unused_bytes_size); h->args->endpoint = grpc_secure_endpoint_create(protector, h->args->endpoint, &slice, 1); grpc_slice_unref_internal(exec_ctx, slice); } else { h->args->endpoint = grpc_secure_endpoint_create(protector, h->args->endpoint, NULL, 0); } tsi_handshaker_result_destroy(h->handshaker_result); h->handshaker_result = NULL; // Clear out the read buffer before it gets passed to the transport. grpc_slice_buffer_reset_and_unref_internal(exec_ctx, h->args->read_buffer); // Add auth context to channel args. grpc_arg auth_context_arg = grpc_auth_context_to_arg(h->auth_context); grpc_channel_args *tmp_args = h->args->args; h->args->args = grpc_channel_args_copy_and_add(tmp_args, &auth_context_arg, 1); grpc_channel_args_destroy(exec_ctx, tmp_args); // Invoke callback. GRPC_CLOSURE_SCHED(exec_ctx, h->on_handshake_done, GRPC_ERROR_NONE); // Set shutdown to true so that subsequent calls to // security_handshaker_shutdown() do nothing. h->shutdown = true; done: gpr_mu_unlock(&h->mu); security_handshaker_unref(exec_ctx, h); }
static void on_peer_checked(grpc_exec_ctx *exec_ctx, void *user_data, grpc_security_status status, grpc_auth_context *auth_context) { grpc_security_handshake *h = user_data; tsi_frame_protector *protector; tsi_result result; if (status != GRPC_SECURITY_OK) { security_handshake_done( exec_ctx, h, grpc_error_set_int(GRPC_ERROR_CREATE("Error checking peer."), GRPC_ERROR_INT_SECURITY_STATUS, status)); return; } h->auth_context = GRPC_AUTH_CONTEXT_REF(auth_context, "handshake"); result = tsi_handshaker_create_frame_protector(h->handshaker, NULL, &protector); if (result != TSI_OK) { security_handshake_done( exec_ctx, h, grpc_set_tsi_error_result( GRPC_ERROR_CREATE("Frame protector creation failed"), result)); return; } h->secure_endpoint = grpc_secure_endpoint_create(protector, h->wrapped_endpoint, h->left_overs.slices, h->left_overs.count); h->left_overs.count = 0; h->left_overs.length = 0; security_handshake_done(exec_ctx, h, GRPC_ERROR_NONE); return; }
static void on_peer_checked(grpc_exec_ctx *exec_ctx, void *arg, grpc_error *error) { security_handshaker *h = arg; gpr_mu_lock(&h->mu); if (error != GRPC_ERROR_NONE || h->shutdown) { security_handshake_failed_locked(exec_ctx, h, GRPC_ERROR_REF(error)); goto done; } // Get frame protector. tsi_frame_protector *protector; tsi_result result = tsi_handshaker_create_frame_protector(h->handshaker, NULL, &protector); if (result != TSI_OK) { error = grpc_set_tsi_error_result( GRPC_ERROR_CREATE("Frame protector creation failed"), result); security_handshake_failed_locked(exec_ctx, h, error); goto done; } // Success. // Create secure endpoint. h->args->endpoint = grpc_secure_endpoint_create( protector, h->args->endpoint, h->left_overs.slices, h->left_overs.count); h->left_overs.count = 0; h->left_overs.length = 0; // Clear out the read buffer before it gets passed to the transport, // since any excess bytes were already copied to h->left_overs. grpc_slice_buffer_reset_and_unref(h->args->read_buffer); // Add auth context to channel args. grpc_arg auth_context_arg = grpc_auth_context_to_arg(h->auth_context); grpc_channel_args *tmp_args = h->args->args; h->args->args = grpc_channel_args_copy_and_add(tmp_args, &auth_context_arg, 1); grpc_channel_args_destroy(tmp_args); // Invoke callback. grpc_exec_ctx_sched(exec_ctx, h->on_handshake_done, GRPC_ERROR_NONE, NULL); // Set shutdown to true so that subsequent calls to // security_handshaker_shutdown() do nothing. h->shutdown = true; done: gpr_mu_unlock(&h->mu); security_handshaker_unref(exec_ctx, h); }
static void on_peer_checked(void *user_data, grpc_security_status status) { grpc_secure_transport_setup *s = user_data; tsi_frame_protector *protector; tsi_result result; if (status != GRPC_SECURITY_OK) { gpr_log(GPR_ERROR, "Error checking peer."); secure_transport_setup_done(s, 0); return; } result = tsi_handshaker_create_frame_protector(s->handshaker, NULL, &protector); if (result != TSI_OK) { gpr_log(GPR_ERROR, "Frame protector creation failed with error %s.", tsi_result_to_string(result)); secure_transport_setup_done(s, 0); return; } s->endpoint = grpc_secure_endpoint_create( protector, s->endpoint, s->left_overs.slices, s->left_overs.count); secure_transport_setup_done(s, 1); return; }
static grpc_endpoint_test_fixture secure_endpoint_create_fixture_tcp_socketpair( size_t slice_size, gpr_slice *leftover_slices, size_t leftover_nslices) { grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT; tsi_frame_protector *fake_read_protector = tsi_create_fake_protector(NULL); tsi_frame_protector *fake_write_protector = tsi_create_fake_protector(NULL); grpc_endpoint_test_fixture f; grpc_endpoint_pair tcp; tcp = grpc_iomgr_create_endpoint_pair("fixture", slice_size); grpc_endpoint_add_to_pollset(&exec_ctx, tcp.client, g_pollset); grpc_endpoint_add_to_pollset(&exec_ctx, tcp.server, g_pollset); if (leftover_nslices == 0) { f.client_ep = grpc_secure_endpoint_create(fake_read_protector, tcp.client, NULL, 0); } else { unsigned i; tsi_result result; size_t still_pending_size; size_t total_buffer_size = 8192; size_t buffer_size = total_buffer_size; uint8_t *encrypted_buffer = gpr_malloc(buffer_size); uint8_t *cur = encrypted_buffer; gpr_slice encrypted_leftover; for (i = 0; i < leftover_nslices; i++) { gpr_slice plain = leftover_slices[i]; uint8_t *message_bytes = GPR_SLICE_START_PTR(plain); size_t message_size = GPR_SLICE_LENGTH(plain); while (message_size > 0) { size_t protected_buffer_size_to_send = buffer_size; size_t processed_message_size = message_size; result = tsi_frame_protector_protect( fake_write_protector, message_bytes, &processed_message_size, cur, &protected_buffer_size_to_send); GPR_ASSERT(result == TSI_OK); message_bytes += processed_message_size; message_size -= processed_message_size; cur += protected_buffer_size_to_send; GPR_ASSERT(buffer_size >= protected_buffer_size_to_send); buffer_size -= protected_buffer_size_to_send; } gpr_slice_unref(plain); } do { size_t protected_buffer_size_to_send = buffer_size; result = tsi_frame_protector_protect_flush(fake_write_protector, cur, &protected_buffer_size_to_send, &still_pending_size); GPR_ASSERT(result == TSI_OK); cur += protected_buffer_size_to_send; GPR_ASSERT(buffer_size >= protected_buffer_size_to_send); buffer_size -= protected_buffer_size_to_send; } while (still_pending_size > 0); encrypted_leftover = gpr_slice_from_copied_buffer( (const char *)encrypted_buffer, total_buffer_size - buffer_size); f.client_ep = grpc_secure_endpoint_create(fake_read_protector, tcp.client, &encrypted_leftover, 1); gpr_slice_unref(encrypted_leftover); gpr_free(encrypted_buffer); } f.server_ep = grpc_secure_endpoint_create(fake_write_protector, tcp.server, NULL, 0); grpc_exec_ctx_finish(&exec_ctx); return f; }