1 // 2 // 3 // Copyright 2015 gRPC authors. 4 // 5 // Licensed under the Apache License, Version 2.0 (the "License"); 6 // you may not use this file except in compliance with the License. 7 // You may obtain a copy of the License at 8 // 9 // http://www.apache.org/licenses/LICENSE-2.0 10 // 11 // Unless required by applicable law or agreed to in writing, software 12 // distributed under the License is distributed on an "AS IS" BASIS, 13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 // See the License for the specific language governing permissions and 15 // limitations under the License. 16 // 17 // 18 19 #ifndef GRPC_SRC_CORE_TSI_TRANSPORT_SECURITY_H 20 #define GRPC_SRC_CORE_TSI_TRANSPORT_SECURITY_H 21 22 #include <grpc/support/port_platform.h> 23 24 #include <stdbool.h> 25 26 #include "src/core/lib/debug/trace.h" 27 #include "src/core/tsi/transport_security_interface.h" 28 29 extern grpc_core::TraceFlag tsi_tracing_enabled; 30 31 // Base for tsi_frame_protector implementations. 32 // See transport_security_interface.h for documentation. 33 // All methods must be implemented. 34 struct tsi_frame_protector_vtable { 35 tsi_result (*protect)(tsi_frame_protector* self, 36 const unsigned char* unprotected_bytes, 37 size_t* unprotected_bytes_size, 38 unsigned char* protected_output_frames, 39 size_t* protected_output_frames_size); 40 tsi_result (*protect_flush)(tsi_frame_protector* self, 41 unsigned char* protected_output_frames, 42 size_t* protected_output_frames_size, 43 size_t* still_pending_size); 44 tsi_result (*unprotect)(tsi_frame_protector* self, 45 const unsigned char* protected_frames_bytes, 46 size_t* protected_frames_bytes_size, 47 unsigned char* unprotected_bytes, 48 size_t* unprotected_bytes_size); 49 void (*destroy)(tsi_frame_protector* self); 50 }; 51 struct tsi_frame_protector { 52 const tsi_frame_protector_vtable* vtable; 53 }; 54 55 // Base for tsi_handshaker implementations. 56 // See transport_security_interface.h for documentation. 57 struct tsi_handshaker_vtable { 58 // Methods for supporting the old synchronous API. 59 // These can be null if the TSI impl supports only the new 60 // async-capable API. 61 tsi_result (*get_bytes_to_send_to_peer)(tsi_handshaker* self, 62 unsigned char* bytes, 63 size_t* bytes_size); 64 tsi_result (*process_bytes_from_peer)(tsi_handshaker* self, 65 const unsigned char* bytes, 66 size_t* bytes_size); 67 tsi_result (*get_result)(tsi_handshaker* self); 68 tsi_result (*extract_peer)(tsi_handshaker* self, tsi_peer* peer); 69 tsi_result (*create_frame_protector)(tsi_handshaker* self, 70 size_t* max_protected_frame_size, 71 tsi_frame_protector** protector); 72 // Must be implemented by all TSI impls. 73 void (*destroy)(tsi_handshaker* self); 74 // Methods for supporting the new async-capable API. 75 // These can be null if the TSI impl supports only the old sync API. 76 tsi_result (*next)(tsi_handshaker* self, const unsigned char* received_bytes, 77 size_t received_bytes_size, 78 const unsigned char** bytes_to_send, 79 size_t* bytes_to_send_size, 80 tsi_handshaker_result** handshaker_result, 81 tsi_handshaker_on_next_done_cb cb, void* user_data, 82 std::string* error); 83 void (*shutdown)(tsi_handshaker* self); 84 }; 85 struct tsi_handshaker { 86 const tsi_handshaker_vtable* vtable; 87 bool frame_protector_created; 88 bool handshaker_result_created; 89 bool handshake_shutdown; 90 }; 91 92 // Base for tsi_handshaker_result implementations. 93 // See transport_security_interface.h for documentation. 94 // The exec_ctx parameter in create_zero_copy_grpc_protector is supposed to be 95 // of type grpc_exec_ctx*, but we're using void* instead to avoid making the TSI 96 // API depend on grpc. The create_zero_copy_grpc_protector() method is only used 97 // in grpc, where we do need the exec_ctx passed through, but the API still 98 // needs to compile in other applications, where grpc_exec_ctx is not defined. 99 // All methods must be non-null, except where noted below. 100 // 101 struct tsi_handshaker_result_vtable { 102 tsi_result (*extract_peer)(const tsi_handshaker_result* self, tsi_peer* peer); 103 tsi_result (*get_frame_protector_type)( 104 const tsi_handshaker_result* self, 105 tsi_frame_protector_type* frame_protector_type); 106 // May be null if get_frame_protector_type() returns 107 // TSI_FRAME_PROTECTOR_NORMAL or TSI_FRAME_PROTECTOR_NONE. 108 tsi_result (*create_zero_copy_grpc_protector)( 109 const tsi_handshaker_result* self, 110 size_t* max_output_protected_frame_size, 111 tsi_zero_copy_grpc_protector** protector); 112 // May be null if get_frame_protector_type() returns 113 // TSI_FRAME_PROTECTOR_ZERO_COPY or TSI_FRAME_PROTECTOR_NONE. 114 tsi_result (*create_frame_protector)(const tsi_handshaker_result* self, 115 size_t* max_output_protected_frame_size, 116 tsi_frame_protector** protector); 117 tsi_result (*get_unused_bytes)(const tsi_handshaker_result* self, 118 const unsigned char** bytes, 119 size_t* bytes_size); 120 void (*destroy)(tsi_handshaker_result* self); 121 }; 122 struct tsi_handshaker_result { 123 const tsi_handshaker_result_vtable* vtable; 124 }; 125 126 // Peer and property construction/destruction functions. 127 tsi_result tsi_construct_peer(size_t property_count, tsi_peer* peer); 128 tsi_peer_property tsi_init_peer_property(void); 129 void tsi_peer_property_destruct(tsi_peer_property* property); 130 tsi_result tsi_construct_string_peer_property(const char* name, 131 const char* value, 132 size_t value_length, 133 tsi_peer_property* property); 134 tsi_result tsi_construct_allocated_string_peer_property( 135 const char* name, size_t value_length, tsi_peer_property* property); 136 tsi_result tsi_construct_string_peer_property_from_cstring( 137 const char* name, const char* value, tsi_peer_property* property); 138 const tsi_peer_property* tsi_peer_get_property_by_name(const tsi_peer* peer, 139 const char* name); 140 // Utils. 141 char* tsi_strdup(const char* src); // Sadly, no strdup in C89. 142 143 #endif // GRPC_SRC_CORE_TSI_TRANSPORT_SECURITY_H 144