1 /* 2 * Copyright (C) 2021 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <memory> 20 #include <mutex> 21 #include <vector> 22 23 #include <binder/RpcAuth.h> 24 #include <binder/RpcCertificateFormat.h> 25 #include <binder/RpcCertificateVerifier.h> 26 #include <binder/RpcTransport.h> 27 #include <openssl/ssl.h> 28 #include <utils/Errors.h> 29 30 namespace android { 31 32 constexpr const uint32_t kCertValidSeconds = 30 * (60 * 60 * 24); // 30 days 33 bssl::UniquePtr<EVP_PKEY> makeKeyPairForSelfSignedCert(); 34 bssl::UniquePtr<X509> makeSelfSignedCert(EVP_PKEY* pKey, uint32_t validSeconds); 35 36 // An implementation of RpcAuth that generates a key pair and a self-signed 37 // certificate every time configure() is called. 38 class RpcAuthSelfSigned : public RpcAuth { 39 public: mValidSeconds(validSeconds)40 RpcAuthSelfSigned(uint32_t validSeconds = kCertValidSeconds) : mValidSeconds(validSeconds) {} 41 status_t configure(SSL_CTX* ctx) override; 42 43 private: 44 const uint32_t mValidSeconds; 45 }; 46 47 class RpcAuthPreSigned : public RpcAuth { 48 public: RpcAuthPreSigned(bssl::UniquePtr<EVP_PKEY> pkey,bssl::UniquePtr<X509> cert)49 RpcAuthPreSigned(bssl::UniquePtr<EVP_PKEY> pkey, bssl::UniquePtr<X509> cert) 50 : mPkey(std::move(pkey)), mCert(std::move(cert)) {} 51 status_t configure(SSL_CTX* ctx) override; 52 53 private: 54 bssl::UniquePtr<EVP_PKEY> mPkey; 55 bssl::UniquePtr<X509> mCert; 56 }; 57 58 // A simple certificate verifier for testing. 59 // Keep a list of leaf certificates as trusted. No certificate chain support. 60 // 61 // All APIs are thread-safe. However, if verify() and addTrustedPeerCertificate() are called 62 // simultaneously in different threads, it is not deterministic whether verify() will use the 63 // certificate being added. 64 class RpcCertificateVerifierSimple : public RpcCertificateVerifier { 65 public: 66 status_t verify(const SSL*, uint8_t*) override; 67 68 // Add a trusted peer certificate. Peers presenting this certificate are accepted. 69 // 70 // Caller must ensure that RpcTransportCtx::newTransport() are called after all trusted peer 71 // certificates are added. Otherwise, RpcTransport-s created before may not trust peer 72 // certificates added later. 73 [[nodiscard]] status_t addTrustedPeerCertificate(RpcCertificateFormat format, 74 const std::vector<uint8_t>& cert); 75 76 private: 77 std::mutex mMutex; // for below 78 std::vector<bssl::UniquePtr<X509>> mTrustedPeerCertificates; 79 }; 80 81 // A RpcCertificateVerifier that does not verify anything. 82 class RpcCertificateVerifierNoOp : public RpcCertificateVerifier { 83 public: RpcCertificateVerifierNoOp(status_t status)84 RpcCertificateVerifierNoOp(status_t status) : mStatus(status) {} verify(const SSL *,uint8_t *)85 status_t verify(const SSL*, uint8_t*) override { return mStatus; } 86 87 private: 88 status_t mStatus; 89 }; 90 91 } // namespace android 92