• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #ifndef SRC_CRYPTO_CRYPTO_CONTEXT_H_
2 #define SRC_CRYPTO_CRYPTO_CONTEXT_H_
3 
4 #if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
5 
6 #include "base_object.h"
7 #include "crypto/crypto_keys.h"
8 #include "crypto/crypto_util.h"
9 #include "env.h"
10 #include "memory_tracker.h"
11 #include "v8.h"
12 
13 namespace node {
14 namespace crypto {
15 // A maxVersion of 0 means "any", but OpenSSL may support TLS versions that
16 // Node.js doesn't, so pin the max to what we do support.
17 constexpr int kMaxSupportedVersion = TLS1_3_VERSION;
18 
19 void GetRootCertificates(
20     const v8::FunctionCallbackInfo<v8::Value>& args);
21 
22 void IsExtraRootCertsFileLoaded(
23     const v8::FunctionCallbackInfo<v8::Value>& args);
24 
25 X509_STORE* NewRootCertStore();
26 
27 BIOPointer LoadBIO(Environment* env, v8::Local<v8::Value> v);
28 
29 class SecureContext final : public BaseObject {
30  public:
31   using GetSessionCb = SSL_SESSION* (*)(SSL*, const unsigned char*, int, int*);
32   using KeylogCb = void (*)(const SSL*, const char*);
33   using NewSessionCb = int (*)(SSL*, SSL_SESSION*);
34   using SelectSNIContextCb = int (*)(SSL*, int*, void*);
35 
36   ~SecureContext() override;
37 
38   static bool HasInstance(Environment* env, const v8::Local<v8::Value>& value);
39   static v8::Local<v8::FunctionTemplate> GetConstructorTemplate(
40       Environment* env);
41   static void Initialize(Environment* env, v8::Local<v8::Object> target);
42   static void RegisterExternalReferences(ExternalReferenceRegistry* registry);
43   static SecureContext* Create(Environment* env);
44 
ctx()45   const SSLCtxPointer& ctx() const { return ctx_; }
46 
47   // Non-const ctx() that allows for non-default initialization of
48   // the SecureContext.
ctx()49   SSLCtxPointer& ctx() { return ctx_; }
50 
51   SSLPointer CreateSSL();
52 
53   void SetGetSessionCallback(GetSessionCb cb);
54   void SetKeylogCallback(KeylogCb cb);
55   void SetNewSessionCallback(NewSessionCb cb);
56   void SetSelectSNIContextCallback(SelectSNIContextCb cb);
57 
issuer()58   inline const X509Pointer& issuer() const { return issuer_; }
cert()59   inline const X509Pointer& cert() const { return cert_; }
60 
61   v8::Maybe<bool> AddCert(Environment* env, BIOPointer&& bio);
62   v8::Maybe<bool> SetCRL(Environment* env, const BIOPointer& bio);
63   v8::Maybe<bool> UseKey(Environment* env, std::shared_ptr<KeyObjectData> key);
64 
65   void SetCACert(const BIOPointer& bio);
66   void SetRootCerts();
67 
68   // TODO(joyeecheung): track the memory used by OpenSSL types
69   SET_NO_MEMORY_INFO()
70   SET_MEMORY_INFO_NAME(SecureContext)
71   SET_SELF_SIZE(SecureContext)
72 
73   static const int kMaxSessionSize = 10 * 1024;
74 
75   // See TicketKeyCallback
76   static const int kTicketKeyReturnIndex = 0;
77   static const int kTicketKeyHMACIndex = 1;
78   static const int kTicketKeyAESIndex = 2;
79   static const int kTicketKeyNameIndex = 3;
80   static const int kTicketKeyIVIndex = 4;
81 
82  protected:
83   // OpenSSL structures are opaque. This is sizeof(SSL_CTX) for OpenSSL 1.1.1b:
84   static const int64_t kExternalSize = 1024;
85 
86   static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
87   static void Init(const v8::FunctionCallbackInfo<v8::Value>& args);
88   static void SetKey(const v8::FunctionCallbackInfo<v8::Value>& args);
89 #ifndef OPENSSL_NO_ENGINE
90   static void SetEngineKey(const v8::FunctionCallbackInfo<v8::Value>& args);
91 #endif  // !OPENSSL_NO_ENGINE
92   static void SetCert(const v8::FunctionCallbackInfo<v8::Value>& args);
93   static void AddCACert(const v8::FunctionCallbackInfo<v8::Value>& args);
94   static void AddCRL(const v8::FunctionCallbackInfo<v8::Value>& args);
95   static void AddRootCerts(const v8::FunctionCallbackInfo<v8::Value>& args);
96   static void SetCipherSuites(const v8::FunctionCallbackInfo<v8::Value>& args);
97   static void SetCiphers(const v8::FunctionCallbackInfo<v8::Value>& args);
98   static void SetSigalgs(const v8::FunctionCallbackInfo<v8::Value>& args);
99   static void SetECDHCurve(const v8::FunctionCallbackInfo<v8::Value>& args);
100   static void SetDHParam(const v8::FunctionCallbackInfo<v8::Value>& args);
101   static void SetOptions(const v8::FunctionCallbackInfo<v8::Value>& args);
102   static void SetSessionIdContext(
103       const v8::FunctionCallbackInfo<v8::Value>& args);
104   static void SetSessionTimeout(
105       const v8::FunctionCallbackInfo<v8::Value>& args);
106   static void SetMinProto(const v8::FunctionCallbackInfo<v8::Value>& args);
107   static void SetMaxProto(const v8::FunctionCallbackInfo<v8::Value>& args);
108   static void GetMinProto(const v8::FunctionCallbackInfo<v8::Value>& args);
109   static void GetMaxProto(const v8::FunctionCallbackInfo<v8::Value>& args);
110   static void Close(const v8::FunctionCallbackInfo<v8::Value>& args);
111   static void LoadPKCS12(const v8::FunctionCallbackInfo<v8::Value>& args);
112 #ifndef OPENSSL_NO_ENGINE
113   static void SetClientCertEngine(
114       const v8::FunctionCallbackInfo<v8::Value>& args);
115 #endif  // !OPENSSL_NO_ENGINE
116   static void GetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
117   static void SetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
118   static void EnableTicketKeyCallback(
119       const v8::FunctionCallbackInfo<v8::Value>& args);
120   static void CtxGetter(const v8::FunctionCallbackInfo<v8::Value>& info);
121 
122   template <bool primary>
123   static void GetCertificate(const v8::FunctionCallbackInfo<v8::Value>& args);
124 
125   static int TicketKeyCallback(SSL* ssl,
126                                unsigned char* name,
127                                unsigned char* iv,
128                                EVP_CIPHER_CTX* ectx,
129                                HMAC_CTX* hctx,
130                                int enc);
131 
132   static int TicketCompatibilityCallback(SSL* ssl,
133                                          unsigned char* name,
134                                          unsigned char* iv,
135                                          EVP_CIPHER_CTX* ectx,
136                                          HMAC_CTX* hctx,
137                                          int enc);
138 
139   SecureContext(Environment* env, v8::Local<v8::Object> wrap);
140   void Reset();
141 
142  private:
143   SSLCtxPointer ctx_;
144   X509Pointer cert_;
145   X509Pointer issuer_;
146 #ifndef OPENSSL_NO_ENGINE
147   bool client_cert_engine_provided_ = false;
148   EnginePointer private_key_engine_;
149 #endif  // !OPENSSL_NO_ENGINE
150 
151   unsigned char ticket_key_name_[16];
152   unsigned char ticket_key_aes_[16];
153   unsigned char ticket_key_hmac_[16];
154 };
155 
156 }  // namespace crypto
157 }  // namespace node
158 
159 #endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
160 #endif  // SRC_CRYPTO_CRYPTO_CONTEXT_H_
161