diff options
author | Gil <mcg@google.com> | 2018-01-19 12:20:46 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-19 12:20:46 -0800 |
commit | 9f7c094f9f00a6efc0107071f109ef1bc4d7357d (patch) | |
tree | 98326bf2f1190338ddc451ea5418bbc4b3348008 /Firestore/core/src/firebase/firestore/util | |
parent | 6a6e14822fc8c4ec16e9045b23b515b4baad14fd (diff) |
Add platform detection logic for SecureRandom (#676)
* Add CMake platform detection logic for SecureRandom
Now only builds secure_random_arc4random.cc if available.
Remove firebase/firestore/base/port.h. Nothing else was in that
directory.
* Add a SecureRandom implementation that uses OpenSSL
This is usable on Linux, Windows, and Android
* Properly check return from RAND_bytes
Diffstat (limited to 'Firestore/core/src/firebase/firestore/util')
4 files changed, 125 insertions, 3 deletions
diff --git a/Firestore/core/src/firebase/firestore/util/CMakeLists.txt b/Firestore/core/src/firebase/firestore/util/CMakeLists.txt index 7283942..737173b 100644 --- a/Firestore/core/src/firebase/firestore/util/CMakeLists.txt +++ b/Firestore/core/src/firebase/firestore/util/CMakeLists.txt @@ -16,11 +16,12 @@ # libraries in here are an implementation detail of making this a # mutli-platform build. +include(CheckSymbolExists) +include(CheckIncludeFiles) + cc_library( firebase_firestore_util_base SOURCES - secure_random.h - secure_random_arc4random.cc string_printf.cc string_printf.h DEPENDS @@ -60,15 +61,55 @@ else() endif() +## secure_random + +check_symbol_exists(arc4random stdlib.h HAVE_ARC4RANDOM) +cc_library( + firebase_firestore_util_arc4random + SOURCES + secure_random_arc4random.cc +) + +get_target_property( + CMAKE_REQUIRED_INCLUDES + OpenSSL::Crypto INTERFACE_INCLUDE_DIRECTORIES +) +check_include_files(openssl/rand.h HAVE_OPENSSL_RAND_H) +cc_library( + firebase_firestore_util_openssl + SOURCES + secure_random_openssl.cc + DEPENDS + OpenSSL::Crypto +) + +if(HAVE_ARC4RANDOM) + list(APPEND UTIL_DEPENDS firebase_firestore_util_arc4random) + +elseif(HAVE_OPENSSL_RAND_H) + list(APPEND UTIL_DEPENDS firebase_firestore_util_openssl) + +else() + message(FATAL_ERROR "No implementation for SecureRandom available.") + +endif() + + ## main library +configure_file( + config.h.in + config.h +) cc_library( firebase_firestore_util SOURCES autoid.cc autoid.h + config.h firebase_assert.h log.h + secure_random.h DEPENDS ${UTIL_DEPENDS} firebase_firestore_util_base diff --git a/Firestore/core/src/firebase/firestore/util/config.h.in b/Firestore/core/src/firebase/firestore/util/config.h.in new file mode 100644 index 0000000..e7a0c03 --- /dev/null +++ b/Firestore/core/src/firebase/firestore/util/config.h.in @@ -0,0 +1,35 @@ +/* + * Copyright 2018 Google + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FIRESTORE_CORE_SRC_FIREBASE_FIRESTORE_UTIL_CONFIG_H_ +#define FIRESTORE_CORE_SRC_FIREBASE_FIRESTORE_UTIL_CONFIG_H_ + +// This header defines macros for all available platform configuration values. +// When building with CMake, it will substitute the lines marked with +// cmakedefine with values corresponding to the local configuration. +// +// On Apple platforms we support building via CocoaPods without CMake. When +// building this way we can't test the presence of features before building so +// predefine all the platform-support feature macros to their expected values. + +#cmakedefine HAVE_ARC4RANDOM 1 +#if COCOAPODS +# define HAVE_ARC4RANDOM 1 +#endif + +#cmakedefine HAVE_OPENSSL_RAND_H 1 + +#endif // FIRESTORE_CORE_SRC_FIREBASE_FIRESTORE_UTIL_CONFIG_H_ diff --git a/Firestore/core/src/firebase/firestore/util/secure_random_arc4random.cc b/Firestore/core/src/firebase/firestore/util/secure_random_arc4random.cc index a76ade3..83f72b5 100644 --- a/Firestore/core/src/firebase/firestore/util/secure_random_arc4random.cc +++ b/Firestore/core/src/firebase/firestore/util/secure_random_arc4random.cc @@ -16,7 +16,7 @@ #include "Firestore/core/src/firebase/firestore/util/secure_random.h" -#include "Firestore/core/src/firebase/firestore/base/port.h" +#include "Firestore/core/src/firebase/firestore/util/config.h" #if HAVE_ARC4RANDOM diff --git a/Firestore/core/src/firebase/firestore/util/secure_random_openssl.cc b/Firestore/core/src/firebase/firestore/util/secure_random_openssl.cc new file mode 100644 index 0000000..d3f6e63 --- /dev/null +++ b/Firestore/core/src/firebase/firestore/util/secure_random_openssl.cc @@ -0,0 +1,46 @@ +/* + * Copyright 2018 Google + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "Firestore/core/src/firebase/firestore/util/secure_random.h" + +#include "Firestore/core/src/firebase/firestore/util/config.h" + +#if HAVE_OPENSSL_RAND_H + +#include <openssl/err.h> +#include <openssl/rand.h> + +namespace firebase { +namespace firestore { +namespace util { + +SecureRandom::result_type SecureRandom::operator()() { + result_type result; + int rc = RAND_bytes(reinterpret_cast<uint8_t*>(&result), sizeof(result)); + if (rc <= 0) { + // OpenSSL's RAND_bytes can fail if there's not enough entropy. BoringSSL + // won't fail this way. + ERR_print_errors_fp(stderr); + abort(); + } + return result; +} + +} // namespace util +} // namespace firestore +} // namespace firebase + +#endif // HAVE_OPENSSL_RAND_H |