1 // 2 // 3 // Copyright 2015 gRPC authors. 4 // 5 // Licensed under the Apache License, Version 2.0 (the "License"); 6 // you may not use this file except in compliance with the License. 7 // You may obtain a copy of the License at 8 // 9 // http://www.apache.org/licenses/LICENSE-2.0 10 // 11 // Unless required by applicable law or agreed to in writing, software 12 // distributed under the License is distributed on an "AS IS" BASIS, 13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 // See the License for the specific language governing permissions and 15 // limitations under the License. 16 // 17 // 18 19 #ifndef GRPC_SRC_CORE_TSI_TRANSPORT_SECURITY_H 20 #define GRPC_SRC_CORE_TSI_TRANSPORT_SECURITY_H 21 22 #include <grpc/support/port_platform.h> 23 #include <stdbool.h> 24 25 #include "src/core/lib/debug/trace.h" 26 #include "src/core/tsi/transport_security_interface.h" 27 28 // Base for tsi_frame_protector implementations. 29 // See transport_security_interface.h for documentation. 30 // All methods must be implemented. 31 struct tsi_frame_protector_vtable { 32 tsi_result (*protect)(tsi_frame_protector* self, 33 const unsigned char* unprotected_bytes, 34 size_t* unprotected_bytes_size, 35 unsigned char* protected_output_frames, 36 size_t* protected_output_frames_size); 37 tsi_result (*protect_flush)(tsi_frame_protector* self, 38 unsigned char* protected_output_frames, 39 size_t* protected_output_frames_size, 40 size_t* still_pending_size); 41 tsi_result (*unprotect)(tsi_frame_protector* self, 42 const unsigned char* protected_frames_bytes, 43 size_t* protected_frames_bytes_size, 44 unsigned char* unprotected_bytes, 45 size_t* unprotected_bytes_size); 46 void (*destroy)(tsi_frame_protector* self); 47 }; 48 struct tsi_frame_protector { 49 const tsi_frame_protector_vtable* vtable; 50 }; 51 52 // Base for tsi_handshaker implementations. 53 // See transport_security_interface.h for documentation. 54 struct tsi_handshaker_vtable { 55 // Methods for supporting the old synchronous API. 56 // These can be null if the TSI impl supports only the new 57 // async-capable API. 58 tsi_result (*get_bytes_to_send_to_peer)(tsi_handshaker* self, 59 unsigned char* bytes, 60 size_t* bytes_size); 61 tsi_result (*process_bytes_from_peer)(tsi_handshaker* self, 62 const unsigned char* bytes, 63 size_t* bytes_size); 64 tsi_result (*get_result)(tsi_handshaker* self); 65 tsi_result (*extract_peer)(tsi_handshaker* self, tsi_peer* peer); 66 tsi_result (*create_frame_protector)(tsi_handshaker* self, 67 size_t* max_protected_frame_size, 68 tsi_frame_protector** protector); 69 // Must be implemented by all TSI impls. 70 void (*destroy)(tsi_handshaker* self); 71 // Methods for supporting the new async-capable API. 72 // These can be null if the TSI impl supports only the old sync API. 73 tsi_result (*next)(tsi_handshaker* self, const unsigned char* received_bytes, 74 size_t received_bytes_size, 75 const unsigned char** bytes_to_send, 76 size_t* bytes_to_send_size, 77 tsi_handshaker_result** handshaker_result, 78 tsi_handshaker_on_next_done_cb cb, void* user_data, 79 std::string* error); 80 void (*shutdown)(tsi_handshaker* self); 81 }; 82 struct tsi_handshaker { 83 const tsi_handshaker_vtable* vtable; 84 bool frame_protector_created; 85 bool handshaker_result_created; 86 bool handshake_shutdown; 87 }; 88 89 // Base for tsi_handshaker_result implementations. 90 // See transport_security_interface.h for documentation. 91 // The exec_ctx parameter in create_zero_copy_grpc_protector is supposed to be 92 // of type grpc_exec_ctx*, but we're using void* instead to avoid making the TSI 93 // API depend on grpc. The create_zero_copy_grpc_protector() method is only used 94 // in grpc, where we do need the exec_ctx passed through, but the API still 95 // needs to compile in other applications, where grpc_exec_ctx is not defined. 96 // All methods must be non-null, except where noted below. 97 // 98 struct tsi_handshaker_result_vtable { 99 tsi_result (*extract_peer)(const tsi_handshaker_result* self, tsi_peer* peer); 100 tsi_result (*get_frame_protector_type)( 101 const tsi_handshaker_result* self, 102 tsi_frame_protector_type* frame_protector_type); 103 // May be null if get_frame_protector_type() returns 104 // TSI_FRAME_PROTECTOR_NORMAL or TSI_FRAME_PROTECTOR_NONE. 105 tsi_result (*create_zero_copy_grpc_protector)( 106 const tsi_handshaker_result* self, 107 size_t* max_output_protected_frame_size, 108 tsi_zero_copy_grpc_protector** protector); 109 // May be null if get_frame_protector_type() returns 110 // TSI_FRAME_PROTECTOR_ZERO_COPY or TSI_FRAME_PROTECTOR_NONE. 111 tsi_result (*create_frame_protector)(const tsi_handshaker_result* self, 112 size_t* max_output_protected_frame_size, 113 tsi_frame_protector** protector); 114 tsi_result (*get_unused_bytes)(const tsi_handshaker_result* self, 115 const unsigned char** bytes, 116 size_t* bytes_size); 117 void (*destroy)(tsi_handshaker_result* self); 118 }; 119 struct tsi_handshaker_result { 120 const tsi_handshaker_result_vtable* vtable; 121 }; 122 123 // Peer and property construction/destruction functions. 124 tsi_result tsi_construct_peer(size_t property_count, tsi_peer* peer); 125 tsi_peer_property tsi_init_peer_property(void); 126 void tsi_peer_property_destruct(tsi_peer_property* property); 127 tsi_result tsi_construct_string_peer_property(const char* name, 128 const char* value, 129 size_t value_length, 130 tsi_peer_property* property); 131 tsi_result tsi_construct_allocated_string_peer_property( 132 const char* name, size_t value_length, tsi_peer_property* property); 133 tsi_result tsi_construct_string_peer_property_from_cstring( 134 const char* name, const char* value, tsi_peer_property* property); 135 const tsi_peer_property* tsi_peer_get_property_by_name(const tsi_peer* peer, 136 const char* name); 137 // Utils. 138 char* tsi_strdup(const char* src); // Sadly, no strdup in C89. 139 140 #endif // GRPC_SRC_CORE_TSI_TRANSPORT_SECURITY_H 141