static void test_protector_invalid_args(void) {
GPR_ASSERT(tsi_frame_protector_protect(NULL, NULL, NULL, NULL, NULL) ==
TSI_INVALID_ARGUMENT);
GPR_ASSERT(tsi_frame_protector_protect_flush(NULL, NULL, NULL, NULL) ==
TSI_INVALID_ARGUMENT);
GPR_ASSERT(tsi_frame_protector_unprotect(NULL, NULL, NULL, NULL, NULL) ==
TSI_INVALID_ARGUMENT);
}
static grpc_endpoint_test_fixture secure_endpoint_create_fixture_tcp_socketpair(
size_t slice_size, gpr_slice *leftover_slices, size_t leftover_nslices) {
grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
tsi_frame_protector *fake_read_protector = tsi_create_fake_protector(NULL);
tsi_frame_protector *fake_write_protector = tsi_create_fake_protector(NULL);
grpc_endpoint_test_fixture f;
grpc_endpoint_pair tcp;
tcp = grpc_iomgr_create_endpoint_pair("fixture", slice_size);
grpc_endpoint_add_to_pollset(&exec_ctx, tcp.client, g_pollset);
grpc_endpoint_add_to_pollset(&exec_ctx, tcp.server, g_pollset);
if (leftover_nslices == 0) {
f.client_ep =
grpc_secure_endpoint_create(fake_read_protector, tcp.client, NULL, 0);
} else {
unsigned i;
tsi_result result;
size_t still_pending_size;
size_t total_buffer_size = 8192;
size_t buffer_size = total_buffer_size;
uint8_t *encrypted_buffer = gpr_malloc(buffer_size);
uint8_t *cur = encrypted_buffer;
gpr_slice encrypted_leftover;
for (i = 0; i < leftover_nslices; i++) {
gpr_slice plain = leftover_slices[i];
uint8_t *message_bytes = GPR_SLICE_START_PTR(plain);
size_t message_size = GPR_SLICE_LENGTH(plain);
while (message_size > 0) {
size_t protected_buffer_size_to_send = buffer_size;
size_t processed_message_size = message_size;
result = tsi_frame_protector_protect(
fake_write_protector, message_bytes, &processed_message_size, cur,
&protected_buffer_size_to_send);
GPR_ASSERT(result == TSI_OK);
message_bytes += processed_message_size;
message_size -= processed_message_size;
cur += protected_buffer_size_to_send;
GPR_ASSERT(buffer_size >= protected_buffer_size_to_send);
buffer_size -= protected_buffer_size_to_send;
}
gpr_slice_unref(plain);
}
do {
size_t protected_buffer_size_to_send = buffer_size;
result = tsi_frame_protector_protect_flush(fake_write_protector, cur,
&protected_buffer_size_to_send,
&still_pending_size);
GPR_ASSERT(result == TSI_OK);
cur += protected_buffer_size_to_send;
GPR_ASSERT(buffer_size >= protected_buffer_size_to_send);
buffer_size -= protected_buffer_size_to_send;
} while (still_pending_size > 0);
encrypted_leftover = gpr_slice_from_copied_buffer(
(const char *)encrypted_buffer, total_buffer_size - buffer_size);
f.client_ep = grpc_secure_endpoint_create(fake_read_protector, tcp.client,
&encrypted_leftover, 1);
gpr_slice_unref(encrypted_leftover);
gpr_free(encrypted_buffer);
}
f.server_ep =
grpc_secure_endpoint_create(fake_write_protector, tcp.server, NULL, 0);
grpc_exec_ctx_finish(&exec_ctx);
return f;
}
static void endpoint_write(grpc_exec_ctx *exec_ctx, grpc_endpoint *secure_ep,
gpr_slice_buffer *slices, grpc_closure *cb) {
unsigned i;
tsi_result result = TSI_OK;
secure_endpoint *ep = (secure_endpoint *)secure_ep;
uint8_t *cur = GPR_SLICE_START_PTR(ep->write_staging_buffer);
uint8_t *end = GPR_SLICE_END_PTR(ep->write_staging_buffer);
gpr_slice_buffer_reset_and_unref(&ep->output_buffer);
if (false && grpc_trace_secure_endpoint) {
for (i = 0; i < slices->count; i++) {
char *data =
gpr_dump_slice(slices->slices[i], GPR_DUMP_HEX | GPR_DUMP_ASCII);
gpr_log(GPR_DEBUG, "WRITE %p: %s", ep, data);
gpr_free(data);
}
}
for (i = 0; i < slices->count; i++) {
gpr_slice plain = slices->slices[i];
uint8_t *message_bytes = GPR_SLICE_START_PTR(plain);
size_t message_size = GPR_SLICE_LENGTH(plain);
while (message_size > 0) {
size_t protected_buffer_size_to_send = (size_t)(end - cur);
size_t processed_message_size = message_size;
gpr_mu_lock(&ep->protector_mu);
result = tsi_frame_protector_protect(ep->protector, message_bytes,
&processed_message_size, cur,
&protected_buffer_size_to_send);
gpr_mu_unlock(&ep->protector_mu);
if (result != TSI_OK) {
gpr_log(GPR_ERROR, "Encryption error: %s",
tsi_result_to_string(result));
break;
}
message_bytes += processed_message_size;
message_size -= processed_message_size;
cur += protected_buffer_size_to_send;
if (cur == end) {
flush_write_staging_buffer(ep, &cur, &end);
}
}
if (result != TSI_OK) break;
}
if (result == TSI_OK) {
size_t still_pending_size;
do {
size_t protected_buffer_size_to_send = (size_t)(end - cur);
gpr_mu_lock(&ep->protector_mu);
result = tsi_frame_protector_protect_flush(ep->protector, cur,
&protected_buffer_size_to_send,
&still_pending_size);
gpr_mu_unlock(&ep->protector_mu);
if (result != TSI_OK) break;
cur += protected_buffer_size_to_send;
if (cur == end) {
flush_write_staging_buffer(ep, &cur, &end);
}
} while (still_pending_size > 0);
if (cur != GPR_SLICE_START_PTR(ep->write_staging_buffer)) {
gpr_slice_buffer_add(
&ep->output_buffer,
gpr_slice_split_head(
&ep->write_staging_buffer,
(size_t)(cur - GPR_SLICE_START_PTR(ep->write_staging_buffer))));
}
}
if (result != TSI_OK) {
/* TODO(yangg) do different things according to the error type? */
gpr_slice_buffer_reset_and_unref(&ep->output_buffer);
grpc_exec_ctx_sched(
exec_ctx, cb,
grpc_set_tsi_error_result(GRPC_ERROR_CREATE("Wrap failed"), result),
NULL);
return;
}
grpc_endpoint_write(exec_ctx, ep->wrapped_ep, &ep->output_buffer, cb);
}
static grpc_endpoint_write_status endpoint_write(grpc_endpoint *secure_ep,
gpr_slice *slices,
size_t nslices,
grpc_endpoint_write_cb cb,
void *user_data) {
unsigned i;
size_t output_buffer_count = 0;
tsi_result result = TSI_OK;
secure_endpoint *ep = (secure_endpoint *)secure_ep;
gpr_uint8 *cur = GPR_SLICE_START_PTR(ep->write_staging_buffer);
gpr_uint8 *end = GPR_SLICE_END_PTR(ep->write_staging_buffer);
grpc_endpoint_write_status status;
GPR_ASSERT(ep->output_buffer.count == 0);
if (grpc_trace_secure_endpoint) {
for (i = 0; i < nslices; i++) {
char *data = gpr_dump_slice(slices[i], GPR_DUMP_HEX | GPR_DUMP_ASCII);
gpr_log(GPR_DEBUG, "WRITE %p: %s", ep, data);
gpr_free(data);
}
}
for (i = 0; i < nslices; i++) {
gpr_slice plain = slices[i];
gpr_uint8 *message_bytes = GPR_SLICE_START_PTR(plain);
size_t message_size = GPR_SLICE_LENGTH(plain);
while (message_size > 0) {
size_t protected_buffer_size_to_send = (size_t)(end - cur);
size_t processed_message_size = message_size;
gpr_mu_lock(&ep->protector_mu);
result = tsi_frame_protector_protect(ep->protector, message_bytes,
&processed_message_size, cur,
&protected_buffer_size_to_send);
gpr_mu_unlock(&ep->protector_mu);
if (result != TSI_OK) {
gpr_log(GPR_ERROR, "Encryption error: %s",
tsi_result_to_string(result));
break;
}
message_bytes += processed_message_size;
message_size -= processed_message_size;
cur += protected_buffer_size_to_send;
if (cur == end) {
flush_write_staging_buffer(ep, &cur, &end);
}
}
if (result != TSI_OK) break;
}
if (result == TSI_OK) {
size_t still_pending_size;
do {
size_t protected_buffer_size_to_send = (size_t)(end - cur);
gpr_mu_lock(&ep->protector_mu);
result = tsi_frame_protector_protect_flush(ep->protector, cur,
&protected_buffer_size_to_send,
&still_pending_size);
gpr_mu_unlock(&ep->protector_mu);
if (result != TSI_OK) break;
cur += protected_buffer_size_to_send;
if (cur == end) {
flush_write_staging_buffer(ep, &cur, &end);
}
} while (still_pending_size > 0);
if (cur != GPR_SLICE_START_PTR(ep->write_staging_buffer)) {
gpr_slice_buffer_add(
&ep->output_buffer,
gpr_slice_split_head(
&ep->write_staging_buffer,
(size_t)(cur - GPR_SLICE_START_PTR(ep->write_staging_buffer))));
}
}
for (i = 0; i < nslices; i++) {
gpr_slice_unref(slices[i]);
}
if (result != TSI_OK) {
/* TODO(yangg) do different things according to the error type? */
gpr_slice_buffer_reset_and_unref(&ep->output_buffer);
return GRPC_ENDPOINT_WRITE_ERROR;
}
/* clear output_buffer and let the lower level handle its slices. */
output_buffer_count = ep->output_buffer.count;
ep->output_buffer.count = 0;
ep->write_cb = cb;
ep->write_user_data = user_data;
/* Need to keep the endpoint alive across a transport */
secure_endpoint_ref(ep);
status = grpc_endpoint_write(ep->wrapped_ep, ep->output_buffer.slices,
output_buffer_count, on_write, ep);
if (status != GRPC_ENDPOINT_WRITE_PENDING) {
secure_endpoint_unref(ep);
}
return status;
}
