#include <grpc/support/port_platform.h>
#include "src/core/lib/security/security_connector/ssl_utils.h"
#include <stdint.h>
#include <string.h>
#include <memory>
#include <vector>
#include "absl/strings/match.h"
#include "absl/strings/str_cat.h"
#include "absl/strings/str_split.h"
#include <grpc/impl/codegen/grpc_types.h>
#include <grpc/support/alloc.h>
#include <grpc/support/log.h>
#include <grpc/support/sync.h>
#include "src/core/ext/transport/chttp2/alpn/alpn.h"
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/gpr/useful.h"
#include "src/core/lib/gprpp/global_config.h"
#include "src/core/lib/gprpp/host_port.h"
#include "src/core/lib/gprpp/memory.h"
#include "src/core/lib/gprpp/ref_counted_ptr.h"
#include "src/core/lib/iomgr/load_file.h"
#include "src/core/lib/security/context/security_context.h"
#include "src/core/lib/security/security_connector/load_system_roots.h"
#include "src/core/lib/security/security_connector/ssl_utils_config.h"
#include "src/core/tsi/ssl_transport_security.h"
#include "src/core/tsi/transport_security.h"

Include dependency graph for ssl_utils.cc:

Namespaces
	grpc_core

Macros
#define	TSI_OPENSSL_ALPN_SUPPORT 1

Functions
static void	add_shallow_auth_property_to_peer (tsi_peer peer, const grpc_auth_property prop, const char *tsi_prop_name)

	GPR_GLOBAL_CONFIG_DEFINE_STRING (grpc_ssl_cipher_suites, "TLS_AES_128_GCM_SHA256:" "TLS_AES_256_GCM_SHA384:" "TLS_CHACHA20_POLY1305_SHA256:" "ECDHE-ECDSA-AES128-GCM-SHA256:" "ECDHE-ECDSA-AES256-GCM-SHA384:" "ECDHE-RSA-AES128-GCM-SHA256:" "ECDHE-RSA-AES256-GCM-SHA384", "A colon separated list of cipher suites to use with OpenSSL") static void init_cipher_suites(void)

const char **	grpc_fill_alpn_protocol_strings (size_t *num_alpn_protocols)

const char *	grpc_get_ssl_cipher_suites (void)

tsi_client_certificate_request_type	grpc_get_tsi_client_certificate_request_type (grpc_ssl_client_certificate_request_type grpc_request_type)

tsi_tls_version	grpc_get_tsi_tls_version (grpc_tls_version tls_version)

void	grpc_set_ssl_roots_override_callback (grpc_ssl_roots_override_callback cb)

void	grpc_shallow_peer_destruct (tsi_peer *peer)

tsi_peer	grpc_shallow_peer_from_ssl_auth_context (const grpc_auth_context *auth_context)

grpc_error_handle	grpc_ssl_check_alpn (const tsi_peer *peer)

grpc_error_handle	grpc_ssl_check_peer_name (absl::string_view peer_name, const tsi_peer *peer)

int	grpc_ssl_cmp_target_name (absl::string_view target_name, absl::string_view other_target_name, absl::string_view overridden_target_name, absl::string_view other_overridden_target_name)

int	grpc_ssl_host_matches_name (const tsi_peer *peer, absl::string_view peer_name)

grpc_core::RefCountedPtr< grpc_auth_context >	grpc_ssl_peer_to_auth_context (const tsi_peer peer, const char transport_security_type)

static int	grpc_ssl_session_cache_arg_cmp (void p, void q)

static void *	grpc_ssl_session_cache_arg_copy (void *p)

static void	grpc_ssl_session_cache_arg_destroy (void *p)

grpc_arg	grpc_ssl_session_cache_create_channel_arg (grpc_ssl_session_cache *cache)

grpc_ssl_session_cache *	grpc_ssl_session_cache_create_lru (size_t capacity)

void	grpc_ssl_session_cache_destroy (grpc_ssl_session_cache *cache)

grpc_security_status	grpc_ssl_tsi_client_handshaker_factory_init (tsi_ssl_pem_key_cert_pair pem_key_cert_pair, const char pem_root_certs, bool skip_server_certificate_verification, tsi_tls_version min_tls_version, tsi_tls_version max_tls_version, tsi_ssl_session_cache ssl_session_cache, tsi::TlsSessionKeyLoggerCache::TlsSessionKeyLogger tls_session_key_logger, const char crl_directory, tsi_ssl_client_handshaker_factory *handshaker_factory)

grpc_security_status	grpc_ssl_tsi_server_handshaker_factory_init (tsi_ssl_pem_key_cert_pair pem_key_cert_pairs, size_t num_key_cert_pairs, const char pem_root_certs, grpc_ssl_client_certificate_request_type client_certificate_request, tsi_tls_version min_tls_version, tsi_tls_version max_tls_version, tsi::TlsSessionKeyLoggerCache::TlsSessionKeyLogger tls_session_key_logger, const char crl_directory, tsi_ssl_server_handshaker_factory **handshaker_factory)

void	grpc_tsi_ssl_pem_key_cert_pairs_destroy (tsi_ssl_pem_key_cert_pair *kp, size_t num_key_cert_pairs)

static bool	IsSpiffeId (absl::string_view uri)

absl::Status	grpc_core::SslCheckCallHost (absl::string_view host, absl::string_view target_name, absl::string_view overridden_target_name, grpc_auth_context *auth_context)

Variables
static const char *	cipher_suites = nullptr

static gpr_once	cipher_suites_once = GPR_ONCE_INIT

static const char *	installed_roots_path = "/usr/share/grpc/roots.pem"

static grpc_ssl_roots_override_callback	ssl_roots_override_cb = nullptr

Macro Definition Documentation

◆ TSI_OPENSSL_ALPN_SUPPORT

#define TSI_OPENSSL_ALPN_SUPPORT 1

Definition at line 64 of file ssl_utils.cc.

Function Documentation

◆ add_shallow_auth_property_to_peer()

static void add_shallow_auth_property_to_peer	(	tsi_peer *	peer,
		const grpc_auth_property *	prop,
		const char *	tsi_prop_name
	)

static

Definition at line 352 of file ssl_utils.cc.

◆ GPR_GLOBAL_CONFIG_DEFINE_STRING()

GPR_GLOBAL_CONFIG_DEFINE_STRING	(	grpc_ssl_cipher_suites	,
		"TLS_AES_128_GCM_SHA256:" "TLS_AES_256_GCM_SHA384:" "TLS_CHACHA20_POLY1305_SHA256:" "ECDHE-ECDSA-AES128-GCM-SHA256:" "ECDHE-ECDSA-AES256-GCM-SHA384:" "ECDHE-RSA-AES128-GCM-SHA256:" "ECDHE-RSA-AES256-GCM-SHA384"	,
		"A colon separated list of cipher suites to use with OpenSSL"
	)

Definition at line 81 of file ssl_utils.cc.

◆ grpc_fill_alpn_protocol_strings()

const char** grpc_fill_alpn_protocol_strings ( size_t * num_alpn_protocols )

Definition at line 205 of file ssl_utils.cc.

◆ grpc_get_ssl_cipher_suites()

const char* grpc_get_ssl_cipher_suites ( void )

Definition at line 100 of file ssl_utils.cc.

◆ grpc_get_tsi_client_certificate_request_type()

tsi_client_certificate_request_type grpc_get_tsi_client_certificate_request_type ( grpc_ssl_client_certificate_request_type grpc_request_type )

Definition at line 106 of file ssl_utils.cc.

◆ grpc_get_tsi_tls_version()

tsi_tls_version grpc_get_tsi_tls_version ( grpc_tls_version tls_version )

Definition at line 129 of file ssl_utils.cc.

◆ grpc_set_ssl_roots_override_callback()

void grpc_set_ssl_roots_override_callback ( grpc_ssl_roots_override_callback cb )

Setup a callback to override the default TLS/SSL roots. This function is not thread-safe and must be called at initialization time before any ssl credentials are created to have the desired side effect. If GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment is set to a valid path, the callback will not be called.

Definition at line 71 of file ssl_utils.cc.

◆ grpc_shallow_peer_destruct()

void grpc_shallow_peer_destruct ( tsi_peer * peer )

Definition at line 418 of file ssl_utils.cc.

◆ grpc_shallow_peer_from_ssl_auth_context()

tsi_peer grpc_shallow_peer_from_ssl_auth_context ( const grpc_auth_context * auth_context )

Definition at line 361 of file ssl_utils.cc.

◆ grpc_ssl_check_alpn()

grpc_error_handle grpc_ssl_check_alpn ( const tsi_peer * peer )

Definition at line 141 of file ssl_utils.cc.

◆ grpc_ssl_check_peer_name()

grpc_error_handle grpc_ssl_check_peer_name	(	absl::string_view	peer_name,
		const tsi_peer *	peer
	)

Definition at line 158 of file ssl_utils.cc.

◆ grpc_ssl_cmp_target_name()

int grpc_ssl_cmp_target_name	(	absl::string_view	target_name,
		absl::string_view	other_target_name,
		absl::string_view	overridden_target_name,
		absl::string_view	other_overridden_target_name
	)

Definition at line 231 of file ssl_utils.cc.

◆ grpc_ssl_host_matches_name()

int grpc_ssl_host_matches_name	(	const tsi_peer *	peer,
		absl::string_view	peer_name
	)

Definition at line 216 of file ssl_utils.cc.

◆ grpc_ssl_peer_to_auth_context()

grpc_core::RefCountedPtr<grpc_auth_context> grpc_ssl_peer_to_auth_context	(	const tsi_peer *	peer,
		const char *	transport_security_type
	)

Definition at line 261 of file ssl_utils.cc.

◆ grpc_ssl_session_cache_arg_cmp()

static int grpc_ssl_session_cache_arg_cmp	(	void *	p,
		void *	q
	)

static

Definition at line 541 of file ssl_utils.cc.

◆ grpc_ssl_session_cache_arg_copy()

static void* grpc_ssl_session_cache_arg_copy ( void * p )

static

Definition at line 527 of file ssl_utils.cc.

◆ grpc_ssl_session_cache_arg_destroy()

static void grpc_ssl_session_cache_arg_destroy ( void * p )

static

Definition at line 535 of file ssl_utils.cc.

◆ grpc_ssl_session_cache_create_channel_arg()

grpc_arg grpc_ssl_session_cache_create_channel_arg ( grpc_ssl_session_cache * cache )

Create a channel arg with the given cache object.

Definition at line 545 of file ssl_utils.cc.

◆ grpc_ssl_session_cache_create_lru()

grpc_ssl_session_cache* grpc_ssl_session_cache_create_lru ( size_t capacity )

Create LRU cache for client-side SSL sessions with the given capacity. If capacity is < 1, a default capacity is used instead.

Definition at line 516 of file ssl_utils.cc.

◆ grpc_ssl_session_cache_destroy()

void grpc_ssl_session_cache_destroy ( grpc_ssl_session_cache * cache )

Destroy SSL session cache.

Definition at line 521 of file ssl_utils.cc.

◆ grpc_ssl_tsi_client_handshaker_factory_init()

grpc_security_status grpc_ssl_tsi_client_handshaker_factory_init	(	tsi_ssl_pem_key_cert_pair *	pem_key_cert_pair,
		const char *	pem_root_certs,
		bool	skip_server_certificate_verification,
		tsi_tls_version	min_tls_version,
		tsi_tls_version	max_tls_version,
		tsi_ssl_session_cache *	ssl_session_cache,
		tsi::TlsSessionKeyLoggerCache::TlsSessionKeyLogger *	tls_session_key_logger,
		const char *	crl_directory,
		tsi_ssl_client_handshaker_factory **	handshaker_factory
	)

Definition at line 422 of file ssl_utils.cc.

◆ grpc_ssl_tsi_server_handshaker_factory_init()

grpc_security_status grpc_ssl_tsi_server_handshaker_factory_init	(	tsi_ssl_pem_key_cert_pair *	pem_key_cert_pairs,
		size_t	num_key_cert_pairs,
		const char *	pem_root_certs,
		grpc_ssl_client_certificate_request_type	client_certificate_request,
		tsi_tls_version	min_tls_version,
		tsi_tls_version	max_tls_version,
		tsi::TlsSessionKeyLoggerCache::TlsSessionKeyLogger *	tls_session_key_logger,
		const char *	crl_directory,
		tsi_ssl_server_handshaker_factory **	handshaker_factory
	)

Definition at line 478 of file ssl_utils.cc.

◆ grpc_tsi_ssl_pem_key_cert_pairs_destroy()

void grpc_tsi_ssl_pem_key_cert_pairs_destroy	(	tsi_ssl_pem_key_cert_pair *	kp,
		size_t	num_key_cert_pairs
	)

Definition at line 168 of file ssl_utils.cc.

◆ IsSpiffeId()

static bool IsSpiffeId ( absl::string_view uri )

static

Definition at line 240 of file ssl_utils.cc.

Variable Documentation

◆ cipher_suites

const char* cipher_suites = nullptr

static

Definition at line 78 of file ssl_utils.cc.

◆ cipher_suites_once

gpr_once cipher_suites_once = GPR_ONCE_INIT

static

Definition at line 77 of file ssl_utils.cc.

◆ installed_roots_path

const char* installed_roots_path = "/usr/share/grpc/roots.pem"

static

Definition at line 60 of file ssl_utils.cc.

◆ ssl_roots_override_cb

grpc_ssl_roots_override_callback ssl_roots_override_cb = nullptr

static

Definition at line 69 of file ssl_utils.cc.

Namespaces

Macros

Functions

Variables

Macro Definition Documentation

◆ TSI_OPENSSL_ALPN_SUPPORT

Function Documentation

◆ add_shallow_auth_property_to_peer()

◆ GPR_GLOBAL_CONFIG_DEFINE_STRING()

◆ grpc_fill_alpn_protocol_strings()

◆ grpc_get_ssl_cipher_suites()

◆ grpc_get_tsi_client_certificate_request_type()

◆ grpc_get_tsi_tls_version()

◆ grpc_set_ssl_roots_override_callback()

◆ grpc_shallow_peer_destruct()

◆ grpc_shallow_peer_from_ssl_auth_context()

◆ grpc_ssl_check_alpn()

◆ grpc_ssl_check_peer_name()

◆ grpc_ssl_cmp_target_name()

◆ grpc_ssl_host_matches_name()

◆ grpc_ssl_peer_to_auth_context()

◆ grpc_ssl_session_cache_arg_cmp()

◆ grpc_ssl_session_cache_arg_copy()

◆ grpc_ssl_session_cache_arg_destroy()

◆ grpc_ssl_session_cache_create_channel_arg()

◆ grpc_ssl_session_cache_create_lru()

◆ grpc_ssl_session_cache_destroy()

◆ grpc_ssl_tsi_client_handshaker_factory_init()

◆ grpc_ssl_tsi_server_handshaker_factory_init()

◆ grpc_tsi_ssl_pem_key_cert_pairs_destroy()

◆ IsSpiffeId()

Variable Documentation

◆ cipher_suites

◆ cipher_suites_once

◆ installed_roots_path

◆ ssl_roots_override_cb