1 /*
2 *
3 * Copyright 2015 gRPC authors.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 */
18
19 #include <grpc/support/port_platform.h>
20
21 #include "src/core/lib/security/transport/security_handshaker.h"
22
23 #include <stdbool.h>
24 #include <string.h>
25
26 #include <grpc/slice_buffer.h>
27 #include <grpc/support/alloc.h>
28 #include <grpc/support/log.h>
29
30 #include "src/core/lib/channel/channel_args.h"
31 #include "src/core/lib/channel/handshaker.h"
32 #include "src/core/lib/channel/handshaker_registry.h"
33 #include "src/core/lib/security/context/security_context.h"
34 #include "src/core/lib/security/transport/secure_endpoint.h"
35 #include "src/core/lib/security/transport/tsi_error.h"
36 #include "src/core/lib/slice/slice_internal.h"
37 #include "src/core/tsi/transport_security_grpc.h"
38
39 #define GRPC_INITIAL_HANDSHAKE_BUFFER_SIZE 256
40
41 typedef struct {
42 grpc_handshaker base;
43
44 // State set at creation time.
45 tsi_handshaker* handshaker;
46 grpc_security_connector* connector;
47
48 gpr_mu mu;
49 gpr_refcount refs;
50
51 bool shutdown;
52 // Endpoint and read buffer to destroy after a shutdown.
53 grpc_endpoint* endpoint_to_destroy;
54 grpc_slice_buffer* read_buffer_to_destroy;
55
56 // State saved while performing the handshake.
57 grpc_handshaker_args* args;
58 grpc_closure* on_handshake_done;
59
60 unsigned char* handshake_buffer;
61 size_t handshake_buffer_size;
62 grpc_slice_buffer outgoing;
63 grpc_closure on_handshake_data_sent_to_peer;
64 grpc_closure on_handshake_data_received_from_peer;
65 grpc_closure on_peer_checked;
66 grpc_auth_context* auth_context;
67 tsi_handshaker_result* handshaker_result;
68 } security_handshaker;
69
move_read_buffer_into_handshake_buffer(security_handshaker * h)70 static size_t move_read_buffer_into_handshake_buffer(security_handshaker* h) {
71 size_t bytes_in_read_buffer = h->args->read_buffer->length;
72 if (h->handshake_buffer_size < bytes_in_read_buffer) {
73 h->handshake_buffer = static_cast<uint8_t*>(
74 gpr_realloc(h->handshake_buffer, bytes_in_read_buffer));
75 h->handshake_buffer_size = bytes_in_read_buffer;
76 }
77 size_t offset = 0;
78 while (h->args->read_buffer->count > 0) {
79 grpc_slice next_slice = grpc_slice_buffer_take_first(h->args->read_buffer);
80 memcpy(h->handshake_buffer + offset, GRPC_SLICE_START_PTR(next_slice),
81 GRPC_SLICE_LENGTH(next_slice));
82 offset += GRPC_SLICE_LENGTH(next_slice);
83 grpc_slice_unref_internal(next_slice);
84 }
85 return bytes_in_read_buffer;
86 }
87
security_handshaker_unref(security_handshaker * h)88 static void security_handshaker_unref(security_handshaker* h) {
89 if (gpr_unref(&h->refs)) {
90 gpr_mu_destroy(&h->mu);
91 tsi_handshaker_destroy(h->handshaker);
92 tsi_handshaker_result_destroy(h->handshaker_result);
93 if (h->endpoint_to_destroy != nullptr) {
94 grpc_endpoint_destroy(h->endpoint_to_destroy);
95 }
96 if (h->read_buffer_to_destroy != nullptr) {
97 grpc_slice_buffer_destroy_internal(h->read_buffer_to_destroy);
98 gpr_free(h->read_buffer_to_destroy);
99 }
100 gpr_free(h->handshake_buffer);
101 grpc_slice_buffer_destroy_internal(&h->outgoing);
102 GRPC_AUTH_CONTEXT_UNREF(h->auth_context, "handshake");
103 GRPC_SECURITY_CONNECTOR_UNREF(h->connector, "handshake");
104 gpr_free(h);
105 }
106 }
107
108 // Set args fields to NULL, saving the endpoint and read buffer for
109 // later destruction.
cleanup_args_for_failure_locked(security_handshaker * h)110 static void cleanup_args_for_failure_locked(security_handshaker* h) {
111 h->endpoint_to_destroy = h->args->endpoint;
112 h->args->endpoint = nullptr;
113 h->read_buffer_to_destroy = h->args->read_buffer;
114 h->args->read_buffer = nullptr;
115 grpc_channel_args_destroy(h->args->args);
116 h->args->args = nullptr;
117 }
118
119 // If the handshake failed or we're shutting down, clean up and invoke the
120 // callback with the error.
security_handshake_failed_locked(security_handshaker * h,grpc_error * error)121 static void security_handshake_failed_locked(security_handshaker* h,
122 grpc_error* error) {
123 if (error == GRPC_ERROR_NONE) {
124 // If we were shut down after the handshake succeeded but before an
125 // endpoint callback was invoked, we need to generate our own error.
126 error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("Handshaker shutdown");
127 }
128 const char* msg = grpc_error_string(error);
129 gpr_log(GPR_DEBUG, "Security handshake failed: %s", msg);
130
131 if (!h->shutdown) {
132 // TODO(ctiller): It is currently necessary to shutdown endpoints
133 // before destroying them, even if we know that there are no
134 // pending read/write callbacks. This should be fixed, at which
135 // point this can be removed.
136 grpc_endpoint_shutdown(h->args->endpoint, GRPC_ERROR_REF(error));
137 // Not shutting down, so the write failed. Clean up before
138 // invoking the callback.
139 cleanup_args_for_failure_locked(h);
140 // Set shutdown to true so that subsequent calls to
141 // security_handshaker_shutdown() do nothing.
142 h->shutdown = true;
143 }
144 // Invoke callback.
145 GRPC_CLOSURE_SCHED(h->on_handshake_done, error);
146 }
147
on_peer_checked_inner(security_handshaker * h,grpc_error * error)148 static void on_peer_checked_inner(security_handshaker* h, grpc_error* error) {
149 if (error != GRPC_ERROR_NONE || h->shutdown) {
150 security_handshake_failed_locked(h, GRPC_ERROR_REF(error));
151 return;
152 }
153 // Create zero-copy frame protector, if implemented.
154 tsi_zero_copy_grpc_protector* zero_copy_protector = nullptr;
155 tsi_result result = tsi_handshaker_result_create_zero_copy_grpc_protector(
156 h->handshaker_result, nullptr, &zero_copy_protector);
157 if (result != TSI_OK && result != TSI_UNIMPLEMENTED) {
158 error = grpc_set_tsi_error_result(
159 GRPC_ERROR_CREATE_FROM_STATIC_STRING(
160 "Zero-copy frame protector creation failed"),
161 result);
162 security_handshake_failed_locked(h, error);
163 return;
164 }
165 // Create frame protector if zero-copy frame protector is NULL.
166 tsi_frame_protector* protector = nullptr;
167 if (zero_copy_protector == nullptr) {
168 result = tsi_handshaker_result_create_frame_protector(h->handshaker_result,
169 nullptr, &protector);
170 if (result != TSI_OK) {
171 error = grpc_set_tsi_error_result(GRPC_ERROR_CREATE_FROM_STATIC_STRING(
172 "Frame protector creation failed"),
173 result);
174 security_handshake_failed_locked(h, error);
175 return;
176 }
177 }
178 // Get unused bytes.
179 const unsigned char* unused_bytes = nullptr;
180 size_t unused_bytes_size = 0;
181 result = tsi_handshaker_result_get_unused_bytes(
182 h->handshaker_result, &unused_bytes, &unused_bytes_size);
183 // Create secure endpoint.
184 if (unused_bytes_size > 0) {
185 grpc_slice slice =
186 grpc_slice_from_copied_buffer((char*)unused_bytes, unused_bytes_size);
187 h->args->endpoint = grpc_secure_endpoint_create(
188 protector, zero_copy_protector, h->args->endpoint, &slice, 1);
189 grpc_slice_unref_internal(slice);
190 } else {
191 h->args->endpoint = grpc_secure_endpoint_create(
192 protector, zero_copy_protector, h->args->endpoint, nullptr, 0);
193 }
194 tsi_handshaker_result_destroy(h->handshaker_result);
195 h->handshaker_result = nullptr;
196 // Add auth context to channel args.
197 grpc_arg auth_context_arg = grpc_auth_context_to_arg(h->auth_context);
198 grpc_channel_args* tmp_args = h->args->args;
199 h->args->args =
200 grpc_channel_args_copy_and_add(tmp_args, &auth_context_arg, 1);
201 grpc_channel_args_destroy(tmp_args);
202 // Invoke callback.
203 GRPC_CLOSURE_SCHED(h->on_handshake_done, GRPC_ERROR_NONE);
204 // Set shutdown to true so that subsequent calls to
205 // security_handshaker_shutdown() do nothing.
206 h->shutdown = true;
207 }
208
on_peer_checked(void * arg,grpc_error * error)209 static void on_peer_checked(void* arg, grpc_error* error) {
210 security_handshaker* h = static_cast<security_handshaker*>(arg);
211 gpr_mu_lock(&h->mu);
212 on_peer_checked_inner(h, error);
213 gpr_mu_unlock(&h->mu);
214 security_handshaker_unref(h);
215 }
216
check_peer_locked(security_handshaker * h)217 static grpc_error* check_peer_locked(security_handshaker* h) {
218 tsi_peer peer;
219 tsi_result result =
220 tsi_handshaker_result_extract_peer(h->handshaker_result, &peer);
221 if (result != TSI_OK) {
222 return grpc_set_tsi_error_result(
223 GRPC_ERROR_CREATE_FROM_STATIC_STRING("Peer extraction failed"), result);
224 }
225 grpc_security_connector_check_peer(h->connector, peer, &h->auth_context,
226 &h->on_peer_checked);
227 return GRPC_ERROR_NONE;
228 }
229
on_handshake_next_done_locked(security_handshaker * h,tsi_result result,const unsigned char * bytes_to_send,size_t bytes_to_send_size,tsi_handshaker_result * handshaker_result)230 static grpc_error* on_handshake_next_done_locked(
231 security_handshaker* h, tsi_result result,
232 const unsigned char* bytes_to_send, size_t bytes_to_send_size,
233 tsi_handshaker_result* handshaker_result) {
234 grpc_error* error = GRPC_ERROR_NONE;
235 // Handshaker was shutdown.
236 if (h->shutdown) {
237 return GRPC_ERROR_CREATE_FROM_STATIC_STRING("Handshaker shutdown");
238 }
239 // Read more if we need to.
240 if (result == TSI_INCOMPLETE_DATA) {
241 GPR_ASSERT(bytes_to_send_size == 0);
242 grpc_endpoint_read(h->args->endpoint, h->args->read_buffer,
243 &h->on_handshake_data_received_from_peer);
244 return error;
245 }
246 if (result != TSI_OK) {
247 return grpc_set_tsi_error_result(
248 GRPC_ERROR_CREATE_FROM_STATIC_STRING("Handshake failed"), result);
249 }
250 // Update handshaker result.
251 if (handshaker_result != nullptr) {
252 GPR_ASSERT(h->handshaker_result == nullptr);
253 h->handshaker_result = handshaker_result;
254 }
255 if (bytes_to_send_size > 0) {
256 // Send data to peer, if needed.
257 grpc_slice to_send = grpc_slice_from_copied_buffer(
258 reinterpret_cast<const char*>(bytes_to_send), bytes_to_send_size);
259 grpc_slice_buffer_reset_and_unref_internal(&h->outgoing);
260 grpc_slice_buffer_add(&h->outgoing, to_send);
261 grpc_endpoint_write(h->args->endpoint, &h->outgoing,
262 &h->on_handshake_data_sent_to_peer, nullptr);
263 } else if (handshaker_result == nullptr) {
264 // There is nothing to send, but need to read from peer.
265 grpc_endpoint_read(h->args->endpoint, h->args->read_buffer,
266 &h->on_handshake_data_received_from_peer);
267 } else {
268 // Handshake has finished, check peer and so on.
269 error = check_peer_locked(h);
270 }
271 return error;
272 }
273
on_handshake_next_done_grpc_wrapper(tsi_result result,void * user_data,const unsigned char * bytes_to_send,size_t bytes_to_send_size,tsi_handshaker_result * handshaker_result)274 static void on_handshake_next_done_grpc_wrapper(
275 tsi_result result, void* user_data, const unsigned char* bytes_to_send,
276 size_t bytes_to_send_size, tsi_handshaker_result* handshaker_result) {
277 security_handshaker* h = static_cast<security_handshaker*>(user_data);
278 // This callback will be invoked by TSI in a non-grpc thread, so it's
279 // safe to create our own exec_ctx here.
280 grpc_core::ExecCtx exec_ctx;
281 gpr_mu_lock(&h->mu);
282 grpc_error* error = on_handshake_next_done_locked(
283 h, result, bytes_to_send, bytes_to_send_size, handshaker_result);
284 if (error != GRPC_ERROR_NONE) {
285 security_handshake_failed_locked(h, error);
286 gpr_mu_unlock(&h->mu);
287 security_handshaker_unref(h);
288 } else {
289 gpr_mu_unlock(&h->mu);
290 }
291 }
292
do_handshaker_next_locked(security_handshaker * h,const unsigned char * bytes_received,size_t bytes_received_size)293 static grpc_error* do_handshaker_next_locked(
294 security_handshaker* h, const unsigned char* bytes_received,
295 size_t bytes_received_size) {
296 // Invoke TSI handshaker.
297 const unsigned char* bytes_to_send = nullptr;
298 size_t bytes_to_send_size = 0;
299 tsi_handshaker_result* handshaker_result = nullptr;
300 tsi_result result = tsi_handshaker_next(
301 h->handshaker, bytes_received, bytes_received_size, &bytes_to_send,
302 &bytes_to_send_size, &handshaker_result,
303 &on_handshake_next_done_grpc_wrapper, h);
304 if (result == TSI_ASYNC) {
305 // Handshaker operating asynchronously. Nothing else to do here;
306 // callback will be invoked in a TSI thread.
307 return GRPC_ERROR_NONE;
308 }
309 // Handshaker returned synchronously. Invoke callback directly in
310 // this thread with our existing exec_ctx.
311 return on_handshake_next_done_locked(h, result, bytes_to_send,
312 bytes_to_send_size, handshaker_result);
313 }
314
on_handshake_data_received_from_peer(void * arg,grpc_error * error)315 static void on_handshake_data_received_from_peer(void* arg, grpc_error* error) {
316 security_handshaker* h = static_cast<security_handshaker*>(arg);
317 gpr_mu_lock(&h->mu);
318 if (error != GRPC_ERROR_NONE || h->shutdown) {
319 security_handshake_failed_locked(
320 h, GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING(
321 "Handshake read failed", &error, 1));
322 gpr_mu_unlock(&h->mu);
323 security_handshaker_unref(h);
324 return;
325 }
326 // Copy all slices received.
327 size_t bytes_received_size = move_read_buffer_into_handshake_buffer(h);
328 // Call TSI handshaker.
329 error =
330 do_handshaker_next_locked(h, h->handshake_buffer, bytes_received_size);
331
332 if (error != GRPC_ERROR_NONE) {
333 security_handshake_failed_locked(h, error);
334 gpr_mu_unlock(&h->mu);
335 security_handshaker_unref(h);
336 } else {
337 gpr_mu_unlock(&h->mu);
338 }
339 }
340
on_handshake_data_sent_to_peer(void * arg,grpc_error * error)341 static void on_handshake_data_sent_to_peer(void* arg, grpc_error* error) {
342 security_handshaker* h = static_cast<security_handshaker*>(arg);
343 gpr_mu_lock(&h->mu);
344 if (error != GRPC_ERROR_NONE || h->shutdown) {
345 security_handshake_failed_locked(
346 h, GRPC_ERROR_CREATE_REFERENCING_FROM_STATIC_STRING(
347 "Handshake write failed", &error, 1));
348 gpr_mu_unlock(&h->mu);
349 security_handshaker_unref(h);
350 return;
351 }
352 // We may be done.
353 if (h->handshaker_result == nullptr) {
354 grpc_endpoint_read(h->args->endpoint, h->args->read_buffer,
355 &h->on_handshake_data_received_from_peer);
356 } else {
357 error = check_peer_locked(h);
358 if (error != GRPC_ERROR_NONE) {
359 security_handshake_failed_locked(h, error);
360 gpr_mu_unlock(&h->mu);
361 security_handshaker_unref(h);
362 return;
363 }
364 }
365 gpr_mu_unlock(&h->mu);
366 }
367
368 //
369 // public handshaker API
370 //
371
security_handshaker_destroy(grpc_handshaker * handshaker)372 static void security_handshaker_destroy(grpc_handshaker* handshaker) {
373 security_handshaker* h = reinterpret_cast<security_handshaker*>(handshaker);
374 security_handshaker_unref(h);
375 }
376
security_handshaker_shutdown(grpc_handshaker * handshaker,grpc_error * why)377 static void security_handshaker_shutdown(grpc_handshaker* handshaker,
378 grpc_error* why) {
379 security_handshaker* h = reinterpret_cast<security_handshaker*>(handshaker);
380 gpr_mu_lock(&h->mu);
381 if (!h->shutdown) {
382 h->shutdown = true;
383 tsi_handshaker_shutdown(h->handshaker);
384 grpc_endpoint_shutdown(h->args->endpoint, GRPC_ERROR_REF(why));
385 cleanup_args_for_failure_locked(h);
386 }
387 gpr_mu_unlock(&h->mu);
388 GRPC_ERROR_UNREF(why);
389 }
390
security_handshaker_do_handshake(grpc_handshaker * handshaker,grpc_tcp_server_acceptor * acceptor,grpc_closure * on_handshake_done,grpc_handshaker_args * args)391 static void security_handshaker_do_handshake(grpc_handshaker* handshaker,
392 grpc_tcp_server_acceptor* acceptor,
393 grpc_closure* on_handshake_done,
394 grpc_handshaker_args* args) {
395 security_handshaker* h = reinterpret_cast<security_handshaker*>(handshaker);
396 gpr_mu_lock(&h->mu);
397 h->args = args;
398 h->on_handshake_done = on_handshake_done;
399 gpr_ref(&h->refs);
400 size_t bytes_received_size = move_read_buffer_into_handshake_buffer(h);
401 grpc_error* error =
402 do_handshaker_next_locked(h, h->handshake_buffer, bytes_received_size);
403 if (error != GRPC_ERROR_NONE) {
404 security_handshake_failed_locked(h, error);
405 gpr_mu_unlock(&h->mu);
406 security_handshaker_unref(h);
407 return;
408 }
409 gpr_mu_unlock(&h->mu);
410 }
411
412 static const grpc_handshaker_vtable security_handshaker_vtable = {
413 security_handshaker_destroy, security_handshaker_shutdown,
414 security_handshaker_do_handshake, "security"};
415
security_handshaker_create(tsi_handshaker * handshaker,grpc_security_connector * connector)416 static grpc_handshaker* security_handshaker_create(
417 tsi_handshaker* handshaker, grpc_security_connector* connector) {
418 security_handshaker* h = static_cast<security_handshaker*>(
419 gpr_zalloc(sizeof(security_handshaker)));
420 grpc_handshaker_init(&security_handshaker_vtable, &h->base);
421 h->handshaker = handshaker;
422 h->connector = GRPC_SECURITY_CONNECTOR_REF(connector, "handshake");
423 gpr_mu_init(&h->mu);
424 gpr_ref_init(&h->refs, 1);
425 h->handshake_buffer_size = GRPC_INITIAL_HANDSHAKE_BUFFER_SIZE;
426 h->handshake_buffer =
427 static_cast<uint8_t*>(gpr_malloc(h->handshake_buffer_size));
428 GRPC_CLOSURE_INIT(&h->on_handshake_data_sent_to_peer,
429 on_handshake_data_sent_to_peer, h,
430 grpc_schedule_on_exec_ctx);
431 GRPC_CLOSURE_INIT(&h->on_handshake_data_received_from_peer,
432 on_handshake_data_received_from_peer, h,
433 grpc_schedule_on_exec_ctx);
434 GRPC_CLOSURE_INIT(&h->on_peer_checked, on_peer_checked, h,
435 grpc_schedule_on_exec_ctx);
436 grpc_slice_buffer_init(&h->outgoing);
437 return &h->base;
438 }
439
440 //
441 // fail_handshaker
442 //
443
fail_handshaker_destroy(grpc_handshaker * handshaker)444 static void fail_handshaker_destroy(grpc_handshaker* handshaker) {
445 gpr_free(handshaker);
446 }
447
fail_handshaker_shutdown(grpc_handshaker * handshaker,grpc_error * why)448 static void fail_handshaker_shutdown(grpc_handshaker* handshaker,
449 grpc_error* why) {
450 GRPC_ERROR_UNREF(why);
451 }
452
fail_handshaker_do_handshake(grpc_handshaker * handshaker,grpc_tcp_server_acceptor * acceptor,grpc_closure * on_handshake_done,grpc_handshaker_args * args)453 static void fail_handshaker_do_handshake(grpc_handshaker* handshaker,
454 grpc_tcp_server_acceptor* acceptor,
455 grpc_closure* on_handshake_done,
456 grpc_handshaker_args* args) {
457 GRPC_CLOSURE_SCHED(on_handshake_done,
458 GRPC_ERROR_CREATE_FROM_STATIC_STRING(
459 "Failed to create security handshaker"));
460 }
461
462 static const grpc_handshaker_vtable fail_handshaker_vtable = {
463 fail_handshaker_destroy, fail_handshaker_shutdown,
464 fail_handshaker_do_handshake, "security_fail"};
465
fail_handshaker_create()466 static grpc_handshaker* fail_handshaker_create() {
467 grpc_handshaker* h = static_cast<grpc_handshaker*>(gpr_malloc(sizeof(*h)));
468 grpc_handshaker_init(&fail_handshaker_vtable, h);
469 return h;
470 }
471
472 //
473 // handshaker factories
474 //
475
client_handshaker_factory_add_handshakers(grpc_handshaker_factory * handshaker_factory,const grpc_channel_args * args,grpc_handshake_manager * handshake_mgr)476 static void client_handshaker_factory_add_handshakers(
477 grpc_handshaker_factory* handshaker_factory, const grpc_channel_args* args,
478 grpc_handshake_manager* handshake_mgr) {
479 grpc_channel_security_connector* security_connector =
480 reinterpret_cast<grpc_channel_security_connector*>(
481 grpc_security_connector_find_in_args(args));
482 grpc_channel_security_connector_add_handshakers(security_connector,
483 handshake_mgr);
484 }
485
server_handshaker_factory_add_handshakers(grpc_handshaker_factory * hf,const grpc_channel_args * args,grpc_handshake_manager * handshake_mgr)486 static void server_handshaker_factory_add_handshakers(
487 grpc_handshaker_factory* hf, const grpc_channel_args* args,
488 grpc_handshake_manager* handshake_mgr) {
489 grpc_server_security_connector* security_connector =
490 reinterpret_cast<grpc_server_security_connector*>(
491 grpc_security_connector_find_in_args(args));
492 grpc_server_security_connector_add_handshakers(security_connector,
493 handshake_mgr);
494 }
495
handshaker_factory_destroy(grpc_handshaker_factory * handshaker_factory)496 static void handshaker_factory_destroy(
497 grpc_handshaker_factory* handshaker_factory) {}
498
499 static const grpc_handshaker_factory_vtable client_handshaker_factory_vtable = {
500 client_handshaker_factory_add_handshakers, handshaker_factory_destroy};
501
502 static grpc_handshaker_factory client_handshaker_factory = {
503 &client_handshaker_factory_vtable};
504
505 static const grpc_handshaker_factory_vtable server_handshaker_factory_vtable = {
506 server_handshaker_factory_add_handshakers, handshaker_factory_destroy};
507
508 static grpc_handshaker_factory server_handshaker_factory = {
509 &server_handshaker_factory_vtable};
510
511 //
512 // exported functions
513 //
514
grpc_security_handshaker_create(tsi_handshaker * handshaker,grpc_security_connector * connector)515 grpc_handshaker* grpc_security_handshaker_create(
516 tsi_handshaker* handshaker, grpc_security_connector* connector) {
517 // If no TSI handshaker was created, return a handshaker that always fails.
518 // Otherwise, return a real security handshaker.
519 if (handshaker == nullptr) {
520 return fail_handshaker_create();
521 } else {
522 return security_handshaker_create(handshaker, connector);
523 }
524 }
525
grpc_security_register_handshaker_factories()526 void grpc_security_register_handshaker_factories() {
527 grpc_handshaker_factory_register(false /* at_start */, HANDSHAKER_CLIENT,
528 &client_handshaker_factory);
529 grpc_handshaker_factory_register(false /* at_start */, HANDSHAKER_SERVER,
530 &server_handshaker_factory);
531 }
532