1 /*
2 * Copyright (C) 2018 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "resolv"
18
19 #include "DnsTlsSocket.h"
20
21 #include <arpa/inet.h>
22 #include <arpa/nameser.h>
23 #include <errno.h>
24 #include <linux/tcp.h>
25 #include <openssl/err.h>
26 #include <openssl/sha.h>
27 #include <sys/eventfd.h>
28 #include <sys/poll.h>
29 #include <unistd.h>
30 #include <algorithm>
31
32 #include "DnsTlsSessionCache.h"
33 #include "IDnsTlsSocketObserver.h"
34
35 #include <android-base/logging.h>
36 #include <android-base/stringprintf.h>
37 #include <netdutils/SocketOption.h>
38 #include <netdutils/ThreadUtil.h>
39
40 #include "netd_resolv/resolv.h"
41 #include "private/android_filesystem_config.h" // AID_DNS
42 #include "resolv_private.h"
43
44 namespace android {
45
46 using base::StringPrintf;
47 using netdutils::enableSockopt;
48 using netdutils::enableTcpKeepAlives;
49 using netdutils::isOk;
50 using netdutils::setThreadName;
51 using netdutils::Slice;
52 using netdutils::Status;
53
54 namespace net {
55 namespace {
56
57 constexpr const char kCaCertDir[] = "/system/etc/security/cacerts";
58
waitForReading(int fd,int timeoutMs=-1)59 int waitForReading(int fd, int timeoutMs = -1) {
60 pollfd fds = {.fd = fd, .events = POLLIN};
61 return TEMP_FAILURE_RETRY(poll(&fds, 1, timeoutMs));
62 }
63
waitForWriting(int fd,int timeoutMs=-1)64 int waitForWriting(int fd, int timeoutMs = -1) {
65 pollfd fds = {.fd = fd, .events = POLLOUT};
66 return TEMP_FAILURE_RETRY(poll(&fds, 1, timeoutMs));
67 }
68
69 } // namespace
70
tcpConnect()71 Status DnsTlsSocket::tcpConnect() {
72 LOG(DEBUG) << mMark << " connecting TCP socket";
73 int type = SOCK_NONBLOCK | SOCK_CLOEXEC;
74 switch (mServer.protocol) {
75 case IPPROTO_TCP:
76 type |= SOCK_STREAM;
77 break;
78 default:
79 return Status(EPROTONOSUPPORT);
80 }
81
82 mSslFd.reset(socket(mServer.ss.ss_family, type, mServer.protocol));
83 if (mSslFd.get() == -1) {
84 LOG(ERROR) << "Failed to create socket";
85 return Status(errno);
86 }
87
88 resolv_tag_socket(mSslFd.get(), AID_DNS, NET_CONTEXT_INVALID_PID);
89
90 const socklen_t len = sizeof(mMark);
91 if (setsockopt(mSslFd.get(), SOL_SOCKET, SO_MARK, &mMark, len) == -1) {
92 LOG(ERROR) << "Failed to set socket mark";
93 mSslFd.reset();
94 return Status(errno);
95 }
96
97 const Status tfo = enableSockopt(mSslFd.get(), SOL_TCP, TCP_FASTOPEN_CONNECT);
98 if (!isOk(tfo) && tfo.code() != ENOPROTOOPT) {
99 LOG(WARNING) << "Failed to enable TFO: " << tfo.msg();
100 }
101
102 // Send 5 keepalives, 3 seconds apart, after 15 seconds of inactivity.
103 enableTcpKeepAlives(mSslFd.get(), 15U, 5U, 3U).ignoreError();
104
105 if (connect(mSslFd.get(), reinterpret_cast<const struct sockaddr *>(&mServer.ss),
106 sizeof(mServer.ss)) != 0 &&
107 errno != EINPROGRESS) {
108 LOG(DEBUG) << "Socket failed to connect";
109 mSslFd.reset();
110 return Status(errno);
111 }
112
113 return netdutils::status::ok;
114 }
115
setTestCaCertificate()116 bool DnsTlsSocket::setTestCaCertificate() {
117 bssl::UniquePtr<BIO> bio(
118 BIO_new_mem_buf(mServer.certificate.data(), mServer.certificate.size()));
119 bssl::UniquePtr<X509> cert(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr));
120 if (!cert) {
121 LOG(ERROR) << "Failed to read cert";
122 return false;
123 }
124
125 X509_STORE* cert_store = SSL_CTX_get_cert_store(mSslCtx.get());
126 if (!X509_STORE_add_cert(cert_store, cert.get())) {
127 LOG(ERROR) << "Failed to add cert";
128 return false;
129 }
130 return true;
131 }
132
133 // TODO: Try to use static sSslCtx instead of mSslCtx
initialize()134 bool DnsTlsSocket::initialize() {
135 // This method is called every time when a new SSL connection is created.
136 // This lock only serves to help catch bugs in code that calls this method.
137 std::lock_guard guard(mLock);
138 if (mSslCtx) {
139 // This is a bug in the caller.
140 return false;
141 }
142 mSslCtx.reset(SSL_CTX_new(TLS_method()));
143 if (!mSslCtx) {
144 return false;
145 }
146
147 // Load system CA certs from CAPath for hostname verification.
148 //
149 // For discussion of alternative, sustainable approaches see b/71909242.
150 if (!mServer.certificate.empty()) {
151 // Inject test CA certs from ResolverParamsParcel.caCertificate for INTERNAL TESTING ONLY.
152 // This is only allowed by DnsResolverService if the caller is AID_ROOT.
153 LOG(WARNING) << "Setting test CA certificate. This should never happen in production code.";
154 if (!setTestCaCertificate()) {
155 LOG(ERROR) << "Failed to set test CA certificate";
156 return false;
157 }
158 } else {
159 if (SSL_CTX_load_verify_locations(mSslCtx.get(), nullptr, kCaCertDir) != 1) {
160 LOG(ERROR) << "Failed to load CA cert dir: " << kCaCertDir;
161 return false;
162 }
163 }
164
165 // Enable TLS false start
166 SSL_CTX_set_false_start_allowed_without_alpn(mSslCtx.get(), 1);
167 SSL_CTX_set_mode(mSslCtx.get(), SSL_MODE_ENABLE_FALSE_START);
168
169 // Enable session cache
170 mCache->prepareSslContext(mSslCtx.get());
171
172 // Connect
173 Status status = tcpConnect();
174 if (!status.ok()) {
175 return false;
176 }
177 mSsl = sslConnect(mSslFd.get());
178 if (!mSsl) {
179 return false;
180 }
181
182 mEventFd.reset(eventfd(0, EFD_NONBLOCK | EFD_CLOEXEC));
183
184 // Start the I/O loop.
185 mLoopThread.reset(new std::thread(&DnsTlsSocket::loop, this));
186
187 return true;
188 }
189
sslConnect(int fd)190 bssl::UniquePtr<SSL> DnsTlsSocket::sslConnect(int fd) {
191 if (!mSslCtx) {
192 LOG(ERROR) << "Internal error: context is null in sslConnect";
193 return nullptr;
194 }
195 if (!SSL_CTX_set_min_proto_version(mSslCtx.get(), TLS1_2_VERSION)) {
196 LOG(ERROR) << "Failed to set minimum TLS version";
197 return nullptr;
198 }
199
200 bssl::UniquePtr<SSL> ssl(SSL_new(mSslCtx.get()));
201 // This file descriptor is owned by mSslFd, so don't let libssl close it.
202 bssl::UniquePtr<BIO> bio(BIO_new_socket(fd, BIO_NOCLOSE));
203 SSL_set_bio(ssl.get(), bio.get(), bio.get());
204 (void)bio.release();
205
206 if (!mCache->prepareSsl(ssl.get())) {
207 return nullptr;
208 }
209
210 if (!mServer.name.empty()) {
211 LOG(VERBOSE) << "Checking DNS over TLS hostname = " << mServer.name.c_str();
212 if (SSL_set_tlsext_host_name(ssl.get(), mServer.name.c_str()) != 1) {
213 LOG(ERROR) << "Failed to set SNI to " << mServer.name;
214 return nullptr;
215 }
216 X509_VERIFY_PARAM* param = SSL_get0_param(ssl.get());
217 if (X509_VERIFY_PARAM_set1_host(param, mServer.name.data(), mServer.name.size()) != 1) {
218 LOG(ERROR) << "Failed to set verify host param to " << mServer.name;
219 return nullptr;
220 }
221 // This will cause the handshake to fail if certificate verification fails.
222 SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, nullptr);
223 }
224
225 bssl::UniquePtr<SSL_SESSION> session = mCache->getSession();
226 if (session) {
227 LOG(DEBUG) << "Setting session";
228 SSL_set_session(ssl.get(), session.get());
229 } else {
230 LOG(DEBUG) << "No session available";
231 }
232
233 for (;;) {
234 LOG(DEBUG) << " Calling SSL_connect with mark 0x" << std::hex << mMark;
235 int ret = SSL_connect(ssl.get());
236 LOG(DEBUG) << " SSL_connect returned " << ret << " with mark 0x" << std::hex << mMark;
237 if (ret == 1) break; // SSL handshake complete;
238
239 const int ssl_err = SSL_get_error(ssl.get(), ret);
240 switch (ssl_err) {
241 case SSL_ERROR_WANT_READ:
242 // SSL_ERROR_WANT_READ is returned because the application data has been sent during
243 // the TCP connection handshake, the device is waiting for the SSL handshake reply
244 // from the server.
245 if (int err = waitForReading(fd, mServer.connectTimeout.count()); err <= 0) {
246 PLOG(WARNING) << "SSL_connect read error " << err << ", mark 0x" << std::hex
247 << mMark;
248 return nullptr;
249 }
250 break;
251 case SSL_ERROR_WANT_WRITE:
252 // If no application data is sent during the TCP connection handshake, the
253 // device is waiting for the connection established to perform SSL handshake.
254 if (int err = waitForWriting(fd, mServer.connectTimeout.count()); err <= 0) {
255 PLOG(WARNING) << "SSL_connect write error " << err << ", mark 0x" << std::hex
256 << mMark;
257 return nullptr;
258 }
259 break;
260 default:
261 PLOG(WARNING) << "SSL_connect ssl error =" << ssl_err << ", mark 0x" << std::hex
262 << mMark;
263 return nullptr;
264 }
265 }
266
267 LOG(DEBUG) << mMark << " handshake complete";
268
269 return ssl;
270 }
271
sslDisconnect()272 void DnsTlsSocket::sslDisconnect() {
273 if (mSsl) {
274 SSL_shutdown(mSsl.get());
275 mSsl.reset();
276 }
277 mSslFd.reset();
278 }
279
sslWrite(const Slice buffer)280 bool DnsTlsSocket::sslWrite(const Slice buffer) {
281 LOG(DEBUG) << mMark << " Writing " << buffer.size() << " bytes";
282 for (;;) {
283 int ret = SSL_write(mSsl.get(), buffer.base(), buffer.size());
284 if (ret == int(buffer.size())) break; // SSL write complete;
285
286 if (ret < 1) {
287 const int ssl_err = SSL_get_error(mSsl.get(), ret);
288 switch (ssl_err) {
289 case SSL_ERROR_WANT_WRITE:
290 if (int err = waitForWriting(mSslFd.get()); err <= 0) {
291 PLOG(WARNING) << "Poll failed in sslWrite, error " << err;
292 return false;
293 }
294 continue;
295 case 0:
296 break; // SSL write complete;
297 default:
298 LOG(DEBUG) << "SSL_write error " << ssl_err;
299 return false;
300 }
301 }
302 }
303 LOG(DEBUG) << mMark << " Wrote " << buffer.size() << " bytes";
304 return true;
305 }
306
loop()307 void DnsTlsSocket::loop() {
308 std::lock_guard guard(mLock);
309 std::deque<std::vector<uint8_t>> q;
310 const int timeout_msecs = DnsTlsSocket::kIdleTimeout.count() * 1000;
311
312 setThreadName(StringPrintf("TlsListen_%u", mMark & 0xffff).c_str());
313 while (true) {
314 // poll() ignores negative fds
315 struct pollfd fds[2] = { { .fd = -1 }, { .fd = -1 } };
316 enum { SSLFD = 0, EVENTFD = 1 };
317
318 // Always listen for a response from server.
319 fds[SSLFD].fd = mSslFd.get();
320 fds[SSLFD].events = POLLIN;
321
322 // If we have pending queries, wait for space to write one.
323 // Otherwise, listen for new queries.
324 // Note: This blocks the destructor until q is empty, i.e. until all pending
325 // queries are sent or have failed to send.
326 if (!q.empty()) {
327 fds[SSLFD].events |= POLLOUT;
328 } else {
329 fds[EVENTFD].fd = mEventFd.get();
330 fds[EVENTFD].events = POLLIN;
331 }
332
333 const int s = TEMP_FAILURE_RETRY(poll(fds, std::size(fds), timeout_msecs));
334 if (s == 0) {
335 LOG(DEBUG) << "Idle timeout";
336 break;
337 }
338 if (s < 0) {
339 LOG(DEBUG) << "Poll failed: " << errno;
340 break;
341 }
342 if (fds[SSLFD].revents & (POLLIN | POLLERR | POLLHUP)) {
343 if (!readResponse()) {
344 LOG(DEBUG) << "SSL remote close or read error.";
345 break;
346 }
347 }
348 if (fds[EVENTFD].revents & (POLLIN | POLLERR)) {
349 int64_t num_queries;
350 ssize_t res = read(mEventFd.get(), &num_queries, sizeof(num_queries));
351 if (res < 0) {
352 LOG(WARNING) << "Error during eventfd read";
353 break;
354 } else if (res == 0) {
355 LOG(WARNING) << "eventfd closed; disconnecting";
356 break;
357 } else if (res != sizeof(num_queries)) {
358 LOG(ERROR) << "Int size mismatch: " << res << " != " << sizeof(num_queries);
359 break;
360 } else if (num_queries < 0) {
361 LOG(DEBUG) << "Negative eventfd read indicates destructor-initiated shutdown";
362 break;
363 }
364 // Take ownership of all pending queries. (q is always empty here.)
365 mQueue.swap(q);
366 } else if (fds[SSLFD].revents & POLLOUT) {
367 // q cannot be empty here.
368 // Sending the entire queue here would risk a TCP flow control deadlock, so
369 // we only send a single query on each cycle of this loop.
370 // TODO: Coalesce multiple pending queries if there is enough space in the
371 // write buffer.
372 if (!sendQuery(q.front())) {
373 break;
374 }
375 q.pop_front();
376 }
377 }
378 LOG(DEBUG) << "Disconnecting";
379 sslDisconnect();
380 LOG(DEBUG) << "Calling onClosed";
381 mObserver->onClosed();
382 LOG(DEBUG) << "Ending loop";
383 }
384
~DnsTlsSocket()385 DnsTlsSocket::~DnsTlsSocket() {
386 LOG(DEBUG) << "Destructor";
387 // This will trigger an orderly shutdown in loop().
388 requestLoopShutdown();
389 {
390 // Wait for the orderly shutdown to complete.
391 std::lock_guard guard(mLock);
392 if (mLoopThread && std::this_thread::get_id() == mLoopThread->get_id()) {
393 LOG(ERROR) << "Violation of re-entrance precondition";
394 return;
395 }
396 }
397 if (mLoopThread) {
398 LOG(DEBUG) << "Waiting for loop thread to terminate";
399 mLoopThread->join();
400 mLoopThread.reset();
401 }
402 LOG(DEBUG) << "Destructor completed";
403 }
404
query(uint16_t id,const Slice query)405 bool DnsTlsSocket::query(uint16_t id, const Slice query) {
406 // Compose the entire message in a single buffer, so that it can be
407 // sent as a single TLS record.
408 std::vector<uint8_t> buf(query.size() + 4);
409 // Write 2-byte length
410 uint16_t len = query.size() + 2; // + 2 for the ID.
411 buf[0] = len >> 8;
412 buf[1] = len;
413 // Write 2-byte ID
414 buf[2] = id >> 8;
415 buf[3] = id;
416 // Copy body
417 std::memcpy(buf.data() + 4, query.base(), query.size());
418
419 mQueue.push(std::move(buf));
420 // Increment the mEventFd counter by 1.
421 return incrementEventFd(1);
422 }
423
requestLoopShutdown()424 void DnsTlsSocket::requestLoopShutdown() {
425 if (mEventFd != -1) {
426 // Write a negative number to the eventfd. This triggers an immediate shutdown.
427 incrementEventFd(INT64_MIN);
428 }
429 }
430
incrementEventFd(const int64_t count)431 bool DnsTlsSocket::incrementEventFd(const int64_t count) {
432 if (mEventFd == -1) {
433 LOG(ERROR) << "eventfd is not initialized";
434 return false;
435 }
436 ssize_t written = write(mEventFd.get(), &count, sizeof(count));
437 if (written != sizeof(count)) {
438 LOG(ERROR) << "Failed to increment eventfd by " << count;
439 return false;
440 }
441 return true;
442 }
443
444 // Read exactly len bytes into buffer or fail with an SSL error code
sslRead(const Slice buffer,bool wait)445 int DnsTlsSocket::sslRead(const Slice buffer, bool wait) {
446 size_t remaining = buffer.size();
447 while (remaining > 0) {
448 int ret = SSL_read(mSsl.get(), buffer.limit() - remaining, remaining);
449 if (ret == 0) {
450 if (remaining < buffer.size())
451 LOG(WARNING) << "SSL closed with " << remaining << " of " << buffer.size()
452 << " bytes remaining";
453 return SSL_ERROR_ZERO_RETURN;
454 }
455
456 if (ret < 0) {
457 const int ssl_err = SSL_get_error(mSsl.get(), ret);
458 if (wait && ssl_err == SSL_ERROR_WANT_READ) {
459 if (int err = waitForReading(mSslFd.get()); err <= 0) {
460 PLOG(WARNING) << "Poll failed in sslRead, error " << err;
461 return SSL_ERROR_SYSCALL;
462 }
463 continue;
464 } else {
465 LOG(DEBUG) << "SSL_read error " << ssl_err;
466 return ssl_err;
467 }
468 }
469
470 remaining -= ret;
471 wait = true; // Once a read is started, try to finish.
472 }
473 return SSL_ERROR_NONE;
474 }
475
sendQuery(const std::vector<uint8_t> & buf)476 bool DnsTlsSocket::sendQuery(const std::vector<uint8_t>& buf) {
477 if (!sslWrite(netdutils::makeSlice(buf))) {
478 return false;
479 }
480 LOG(DEBUG) << mMark << " SSL_write complete";
481 return true;
482 }
483
readResponse()484 bool DnsTlsSocket::readResponse() {
485 LOG(DEBUG) << "reading response";
486 uint8_t responseHeader[2];
487 int err = sslRead(Slice(responseHeader, 2), false);
488 if (err == SSL_ERROR_WANT_READ) {
489 LOG(DEBUG) << "Ignoring spurious wakeup from server";
490 return true;
491 }
492 if (err != SSL_ERROR_NONE) {
493 return false;
494 }
495 // Truncate responses larger than MAX_SIZE. This is safe because a DNS packet is
496 // always invalid when truncated, so the response will be treated as an error.
497 constexpr uint16_t MAX_SIZE = 8192;
498 const uint16_t responseSize = (responseHeader[0] << 8) | responseHeader[1];
499 LOG(DEBUG) << mMark << " Expecting response of size " << responseSize;
500 std::vector<uint8_t> response(std::min(responseSize, MAX_SIZE));
501 if (sslRead(netdutils::makeSlice(response), true) != SSL_ERROR_NONE) {
502 LOG(DEBUG) << mMark << " Failed to read " << response.size() << " bytes";
503 return false;
504 }
505 uint16_t remainingBytes = responseSize - response.size();
506 while (remainingBytes > 0) {
507 constexpr uint16_t CHUNK_SIZE = 2048;
508 std::vector<uint8_t> discard(std::min(remainingBytes, CHUNK_SIZE));
509 if (sslRead(netdutils::makeSlice(discard), true) != SSL_ERROR_NONE) {
510 LOG(DEBUG) << mMark << " Failed to discard " << discard.size() << " bytes";
511 return false;
512 }
513 remainingBytes -= discard.size();
514 }
515 LOG(DEBUG) << mMark << " SSL_read complete";
516
517 mObserver->onResponse(std::move(response));
518 return true;
519 }
520
521 } // end of namespace net
522 } // end of namespace android
523