1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
/*
*
* Copyright 2018 gRPC authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
#include <grpc/support/port_platform.h>
#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h"
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include "src/core/lib/slice/slice_internal.h"
#include "src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h"
#include "src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h"
/* Privacy-integrity alts_grpc_record_protocol object uses the same struct
* defined in alts_grpc_record_protocol_common.h. */
/* --- alts_grpc_record_protocol methods implementation. --- */
static tsi_result alts_grpc_privacy_integrity_protect(
alts_grpc_record_protocol* rp, grpc_slice_buffer* unprotected_slices,
grpc_slice_buffer* protected_slices) {
/* Input sanity check. */
if (rp == nullptr || unprotected_slices == nullptr ||
protected_slices == nullptr) {
gpr_log(GPR_ERROR,
"Invalid nullptr arguments to alts_grpc_record_protocol protect.");
return TSI_INVALID_ARGUMENT;
}
/* Allocates memory for output frame. In privacy-integrity protect, the
* protected frame is stored in a newly allocated buffer. */
size_t protected_frame_size =
unprotected_slices->length + rp->header_length +
alts_iovec_record_protocol_get_tag_length(rp->iovec_rp);
grpc_slice protected_slice = GRPC_SLICE_MALLOC(protected_frame_size);
iovec_t protected_iovec = {GRPC_SLICE_START_PTR(protected_slice),
GRPC_SLICE_LENGTH(protected_slice)};
/* Calls alts_iovec_record_protocol protect. */
char* error_details = nullptr;
alts_grpc_record_protocol_convert_slice_buffer_to_iovec(rp,
unprotected_slices);
grpc_status_code status =
alts_iovec_record_protocol_privacy_integrity_protect(
rp->iovec_rp, rp->iovec_buf, unprotected_slices->count,
protected_iovec, &error_details);
if (status != GRPC_STATUS_OK) {
gpr_log(GPR_ERROR, "Failed to protect, %s", error_details);
gpr_free(error_details);
grpc_slice_unref(protected_slice);
return TSI_INTERNAL_ERROR;
}
grpc_slice_buffer_add(protected_slices, protected_slice);
grpc_slice_buffer_reset_and_unref_internal(unprotected_slices);
return TSI_OK;
}
static tsi_result alts_grpc_privacy_integrity_unprotect(
alts_grpc_record_protocol* rp, grpc_slice_buffer* protected_slices,
grpc_slice_buffer* unprotected_slices) {
/* Input sanity check. */
if (rp == nullptr || protected_slices == nullptr ||
unprotected_slices == nullptr) {
gpr_log(
GPR_ERROR,
"Invalid nullptr arguments to alts_grpc_record_protocol unprotect.");
return TSI_INVALID_ARGUMENT;
}
/* Allocates memory for output frame. In privacy-integrity unprotect, the
* unprotected data are stored in a newly allocated buffer. */
if (protected_slices->length < rp->header_length + rp->tag_length) {
gpr_log(GPR_ERROR, "Protected slices do not have sufficient data.");
return TSI_INVALID_ARGUMENT;
}
size_t unprotected_frame_size =
protected_slices->length - rp->header_length - rp->tag_length;
grpc_slice unprotected_slice = GRPC_SLICE_MALLOC(unprotected_frame_size);
iovec_t unprotected_iovec = {GRPC_SLICE_START_PTR(unprotected_slice),
GRPC_SLICE_LENGTH(unprotected_slice)};
/* Strips frame header from protected slices. */
grpc_slice_buffer_reset_and_unref_internal(&rp->header_sb);
grpc_slice_buffer_move_first(protected_slices, rp->header_length,
&rp->header_sb);
iovec_t header_iovec = alts_grpc_record_protocol_get_header_iovec(rp);
/* Calls alts_iovec_record_protocol unprotect. */
char* error_details = nullptr;
alts_grpc_record_protocol_convert_slice_buffer_to_iovec(rp, protected_slices);
grpc_status_code status =
alts_iovec_record_protocol_privacy_integrity_unprotect(
rp->iovec_rp, header_iovec, rp->iovec_buf, protected_slices->count,
unprotected_iovec, &error_details);
if (status != GRPC_STATUS_OK) {
gpr_log(GPR_ERROR, "Failed to unprotect, %s", error_details);
gpr_free(error_details);
grpc_slice_unref(unprotected_slice);
return TSI_INTERNAL_ERROR;
}
grpc_slice_buffer_reset_and_unref_internal(&rp->header_sb);
grpc_slice_buffer_reset_and_unref_internal(protected_slices);
grpc_slice_buffer_add(unprotected_slices, unprotected_slice);
return TSI_OK;
}
static const alts_grpc_record_protocol_vtable
alts_grpc_privacy_integrity_record_protocol_vtable = {
alts_grpc_privacy_integrity_protect,
alts_grpc_privacy_integrity_unprotect, nullptr};
tsi_result alts_grpc_privacy_integrity_record_protocol_create(
gsec_aead_crypter* crypter, size_t overflow_size, bool is_client,
bool is_protect, alts_grpc_record_protocol** rp) {
if (crypter == nullptr || rp == nullptr) {
gpr_log(GPR_ERROR,
"Invalid nullptr arguments to alts_grpc_record_protocol create.");
return TSI_INVALID_ARGUMENT;
}
auto* impl = static_cast<alts_grpc_record_protocol*>(
gpr_zalloc(sizeof(alts_grpc_record_protocol)));
/* Calls alts_grpc_record_protocol init. */
tsi_result result =
alts_grpc_record_protocol_init(impl, crypter, overflow_size, is_client,
/*is_integrity_only=*/false, is_protect);
if (result != TSI_OK) {
gpr_free(impl);
return result;
}
impl->vtable = &alts_grpc_privacy_integrity_record_protocol_vtable;
*rp = impl;
return TSI_OK;
}
|
