1#ifndef SRC_CRYPTO_CRYPTO_CONTEXT_H_
2#define SRC_CRYPTO_CRYPTO_CONTEXT_H_
3
4#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
5
6#include "base_object.h"
7#include "crypto/crypto_keys.h"
8#include "crypto/crypto_util.h"
9#include "env.h"
10#include "memory_tracker.h"
11#include "v8.h"
12
13namespace node {
14namespace crypto {
15// A maxVersion of 0 means "any", but OpenSSL may support TLS versions that
16// Node.js doesn't, so pin the max to what we do support.
17constexpr int kMaxSupportedVersion = TLS1_3_VERSION;
18
19void GetRootCertificates(
20    const v8::FunctionCallbackInfo<v8::Value>& args);
21
22void IsExtraRootCertsFileLoaded(
23    const v8::FunctionCallbackInfo<v8::Value>& args);
24
25X509_STORE* NewRootCertStore();
26
27BIOPointer LoadBIO(Environment* env, v8::Local<v8::Value> v);
28
29class SecureContext final : public BaseObject {
30 public:
31  using GetSessionCb = SSL_SESSION* (*)(SSL*, const unsigned char*, int, int*);
32  using KeylogCb = void (*)(const SSL*, const char*);
33  using NewSessionCb = int (*)(SSL*, SSL_SESSION*);
34  using SelectSNIContextCb = int (*)(SSL*, int*, void*);
35
36  ~SecureContext() override;
37
38  static bool HasInstance(Environment* env, const v8::Local<v8::Value>& value);
39  static v8::Local<v8::FunctionTemplate> GetConstructorTemplate(
40      Environment* env);
41  static void Initialize(Environment* env, v8::Local<v8::Object> target);
42  static void RegisterExternalReferences(ExternalReferenceRegistry* registry);
43  static SecureContext* Create(Environment* env);
44
45  const SSLCtxPointer& ctx() const { return ctx_; }
46
47  // Non-const ctx() that allows for non-default initialization of
48  // the SecureContext.
49  SSLCtxPointer& ctx() { return ctx_; }
50
51  SSLPointer CreateSSL();
52
53  void SetGetSessionCallback(GetSessionCb cb);
54  void SetKeylogCallback(KeylogCb cb);
55  void SetNewSessionCallback(NewSessionCb cb);
56  void SetSelectSNIContextCallback(SelectSNIContextCb cb);
57
58  inline const X509Pointer& issuer() const { return issuer_; }
59  inline const X509Pointer& cert() const { return cert_; }
60
61  v8::Maybe<bool> AddCert(Environment* env, BIOPointer&& bio);
62  v8::Maybe<bool> SetCRL(Environment* env, const BIOPointer& bio);
63  v8::Maybe<bool> UseKey(Environment* env, std::shared_ptr<KeyObjectData> key);
64
65  void SetCACert(const BIOPointer& bio);
66  void SetRootCerts();
67
68  // TODO(joyeecheung): track the memory used by OpenSSL types
69  SET_NO_MEMORY_INFO()
70  SET_MEMORY_INFO_NAME(SecureContext)
71  SET_SELF_SIZE(SecureContext)
72
73  static const int kMaxSessionSize = 10 * 1024;
74
75  // See TicketKeyCallback
76  static const int kTicketKeyReturnIndex = 0;
77  static const int kTicketKeyHMACIndex = 1;
78  static const int kTicketKeyAESIndex = 2;
79  static const int kTicketKeyNameIndex = 3;
80  static const int kTicketKeyIVIndex = 4;
81
82 protected:
83  // OpenSSL structures are opaque. This is sizeof(SSL_CTX) for OpenSSL 1.1.1b:
84  static const int64_t kExternalSize = 1024;
85
86  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
87  static void Init(const v8::FunctionCallbackInfo<v8::Value>& args);
88  static void SetKey(const v8::FunctionCallbackInfo<v8::Value>& args);
89#ifndef OPENSSL_NO_ENGINE
90  static void SetEngineKey(const v8::FunctionCallbackInfo<v8::Value>& args);
91#endif  // !OPENSSL_NO_ENGINE
92  static void SetCert(const v8::FunctionCallbackInfo<v8::Value>& args);
93  static void AddCACert(const v8::FunctionCallbackInfo<v8::Value>& args);
94  static void AddCRL(const v8::FunctionCallbackInfo<v8::Value>& args);
95  static void AddRootCerts(const v8::FunctionCallbackInfo<v8::Value>& args);
96  static void SetCipherSuites(const v8::FunctionCallbackInfo<v8::Value>& args);
97  static void SetCiphers(const v8::FunctionCallbackInfo<v8::Value>& args);
98  static void SetSigalgs(const v8::FunctionCallbackInfo<v8::Value>& args);
99  static void SetECDHCurve(const v8::FunctionCallbackInfo<v8::Value>& args);
100  static void SetDHParam(const v8::FunctionCallbackInfo<v8::Value>& args);
101  static void SetOptions(const v8::FunctionCallbackInfo<v8::Value>& args);
102  static void SetSessionIdContext(
103      const v8::FunctionCallbackInfo<v8::Value>& args);
104  static void SetSessionTimeout(
105      const v8::FunctionCallbackInfo<v8::Value>& args);
106  static void SetMinProto(const v8::FunctionCallbackInfo<v8::Value>& args);
107  static void SetMaxProto(const v8::FunctionCallbackInfo<v8::Value>& args);
108  static void GetMinProto(const v8::FunctionCallbackInfo<v8::Value>& args);
109  static void GetMaxProto(const v8::FunctionCallbackInfo<v8::Value>& args);
110  static void Close(const v8::FunctionCallbackInfo<v8::Value>& args);
111  static void LoadPKCS12(const v8::FunctionCallbackInfo<v8::Value>& args);
112#ifndef OPENSSL_NO_ENGINE
113  static void SetClientCertEngine(
114      const v8::FunctionCallbackInfo<v8::Value>& args);
115#endif  // !OPENSSL_NO_ENGINE
116  static void GetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
117  static void SetTicketKeys(const v8::FunctionCallbackInfo<v8::Value>& args);
118  static void EnableTicketKeyCallback(
119      const v8::FunctionCallbackInfo<v8::Value>& args);
120  static void CtxGetter(const v8::FunctionCallbackInfo<v8::Value>& info);
121
122  template <bool primary>
123  static void GetCertificate(const v8::FunctionCallbackInfo<v8::Value>& args);
124
125  static int TicketKeyCallback(SSL* ssl,
126                               unsigned char* name,
127                               unsigned char* iv,
128                               EVP_CIPHER_CTX* ectx,
129                               HMAC_CTX* hctx,
130                               int enc);
131
132  static int TicketCompatibilityCallback(SSL* ssl,
133                                         unsigned char* name,
134                                         unsigned char* iv,
135                                         EVP_CIPHER_CTX* ectx,
136                                         HMAC_CTX* hctx,
137                                         int enc);
138
139  SecureContext(Environment* env, v8::Local<v8::Object> wrap);
140  void Reset();
141
142 private:
143  SSLCtxPointer ctx_;
144  X509Pointer cert_;
145  X509Pointer issuer_;
146#ifndef OPENSSL_NO_ENGINE
147  bool client_cert_engine_provided_ = false;
148  EnginePointer private_key_engine_;
149#endif  // !OPENSSL_NO_ENGINE
150
151  unsigned char ticket_key_name_[16];
152  unsigned char ticket_key_aes_[16];
153  unsigned char ticket_key_hmac_[16];
154};
155
156}  // namespace crypto
157}  // namespace node
158
159#endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
160#endif  // SRC_CRYPTO_CRYPTO_CONTEXT_H_
161