Add platform detection logic for SecureRandom (firebase#676)

* Add CMake platform detection logic for SecureRandom Now only builds secure_random_arc4random.cc if available. Remove firebase/firestore/base/port.h. Nothing else was in that directory. * Add a SecureRandom implementation that uses OpenSSL This is usable on Linux, Windows, and Android * Properly check return from RAND_bytes
minafarid · Jan 19, 2018 · ea5b513 · ea5b513
1 parent 62e29a8
commit ea5b513
Show file tree

Hide file tree

Showing 9 changed files with 161 additions and 38 deletions.
diff --git a/.gitignore b/.gitignore
@@ -58,6 +58,9 @@ Pods/
 Podfile.lock
 *.xcworkspace
 
+# Firestore's build configuration, as generated by CocoaPods
+Firestore/core/src/firebase/firestore/util/config.h
+
 # CMake
 .downloads
 Debug

diff --git a/FirebaseFirestore.podspec b/FirebaseFirestore.podspec
@@ -47,7 +47,8 @@ Google Cloud Firestore is a NoSQL document database built for automatic scaling,
 
     # Exclude alternate implementations for other platforms
     'Firestore/core/src/firebase/firestore/util/assert_stdio.cc',
-    'Firestore/core/src/firebase/firestore/util/log_stdio.cc'
+    'Firestore/core/src/firebase/firestore/util/log_stdio.cc',
+    'Firestore/core/src/firebase/firestore/util/secure_random_openssl.cc'
   ]
   s.public_header_files = 'Firestore/Source/Public/*.h'
 
@@ -66,4 +67,12 @@ Google Cloud Firestore is a NoSQL document database built for automatic scaling,
       '"${PODS_TARGET_SRCROOT}/Firestore/third_party/abseil-cpp"',
     'OTHER_CFLAGS' => '-DFIRFirestore_VERSION=' + s.version.to_s
   }
+
+  s.prepare_command = <<-CMD
+    # Generate a version of the config.h header suitable for building with
+    # CocoaPods.
+    sed '/^#cmakedefine/ d' \
+        Firestore/core/src/firebase/firestore/util/config.h.in > \
+        Firestore/core/src/firebase/firestore/util/config.h
+  CMD
 end
diff --git a/Firestore/CMakeLists.txt b/Firestore/CMakeLists.txt
@@ -57,6 +57,9 @@ add_subdirectory(third_party/abseil-cpp)
 
 include(CompilerSetup)
 
+# Generated sources will be relative to the binary directory.
+include_directories(${FIREBASE_INSTALL_DIR})
+
 # Fully qualified imports, project wide
 include_directories(${FIREBASE_SOURCE_DIR})
 

diff --git a/Firestore/core/src/firebase/firestore/base/port.h b/Firestore/core/src/firebase/firestore/base/port.h
diff --git a/Firestore/core/src/firebase/firestore/util/CMakeLists.txt b/Firestore/core/src/firebase/firestore/util/CMakeLists.txt
@@ -16,11 +16,12 @@
 # libraries in here are an implementation detail of making this a
 # mutli-platform build.
 
+include(CheckSymbolExists)
+include(CheckIncludeFiles)
+
 cc_library(
   firebase_firestore_util_base
   SOURCES
-    secure_random.h
-    secure_random_arc4random.cc
     string_printf.cc
     string_printf.h
   DEPENDS
@@ -60,15 +61,55 @@ else()
 endif()
 
 
+## secure_random
+
+check_symbol_exists(arc4random stdlib.h HAVE_ARC4RANDOM)
+cc_library(
+  firebase_firestore_util_arc4random
+  SOURCES
+    secure_random_arc4random.cc
+)
+
+get_target_property(
+  CMAKE_REQUIRED_INCLUDES
+  OpenSSL::Crypto INTERFACE_INCLUDE_DIRECTORIES
+)
+check_include_files(openssl/rand.h HAVE_OPENSSL_RAND_H)
+cc_library(
+  firebase_firestore_util_openssl
+  SOURCES
+    secure_random_openssl.cc
+  DEPENDS
+    OpenSSL::Crypto
+)
+
+if(HAVE_ARC4RANDOM)
+  list(APPEND UTIL_DEPENDS firebase_firestore_util_arc4random)
+
+elseif(HAVE_OPENSSL_RAND_H)
+  list(APPEND UTIL_DEPENDS firebase_firestore_util_openssl)
+
+else()
+  message(FATAL_ERROR "No implementation for SecureRandom available.")
+
+endif()
+
+
 ## main library
+configure_file(
+  config.h.in
+  config.h
+)
 
 cc_library(
   firebase_firestore_util
   SOURCES
     autoid.cc
     autoid.h
+    config.h
     firebase_assert.h
     log.h
+    secure_random.h
   DEPENDS
     ${UTIL_DEPENDS}
     firebase_firestore_util_base

diff --git a/Firestore/core/src/firebase/firestore/util/config.h.in b/Firestore/core/src/firebase/firestore/util/config.h.in
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2018 Google
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FIRESTORE_CORE_SRC_FIREBASE_FIRESTORE_UTIL_CONFIG_H_
+#define FIRESTORE_CORE_SRC_FIREBASE_FIRESTORE_UTIL_CONFIG_H_
+
+// This header defines macros for all available platform configuration values.
+// When building with CMake, it will substitute the lines marked with
+// cmakedefine with values corresponding to the local configuration.
+//
+// On Apple platforms we support building via CocoaPods without CMake. When
+// building this way we can't test the presence of features before building so
+// predefine all the platform-support feature macros to their expected values.
+
+#cmakedefine HAVE_ARC4RANDOM 1
+#if COCOAPODS
+#  define HAVE_ARC4RANDOM 1
+#endif
+
+#cmakedefine HAVE_OPENSSL_RAND_H 1
+
+#endif  // FIRESTORE_CORE_SRC_FIREBASE_FIRESTORE_UTIL_CONFIG_H_
diff --git a/Firestore/core/src/firebase/firestore/util/secure_random_arc4random.cc b/Firestore/core/src/firebase/firestore/util/secure_random_arc4random.cc
@@ -16,7 +16,7 @@
 
 #include "Firestore/core/src/firebase/firestore/util/secure_random.h"
 
-#include "Firestore/core/src/firebase/firestore/base/port.h"
+#include "Firestore/core/src/firebase/firestore/util/config.h"
 
 #if HAVE_ARC4RANDOM
 

diff --git a/Firestore/core/src/firebase/firestore/util/secure_random_openssl.cc b/Firestore/core/src/firebase/firestore/util/secure_random_openssl.cc
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2018 Google
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "Firestore/core/src/firebase/firestore/util/secure_random.h"
+
+#include "Firestore/core/src/firebase/firestore/util/config.h"
+
+#if HAVE_OPENSSL_RAND_H
+
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+namespace firebase {
+namespace firestore {
+namespace util {
+
+SecureRandom::result_type SecureRandom::operator()() {
+  result_type result;
+  int rc = RAND_bytes(reinterpret_cast<uint8_t*>(&result), sizeof(result));
+  if (rc <= 0) {
+    // OpenSSL's RAND_bytes can fail if there's not enough entropy. BoringSSL
+    // won't fail this way.
+    ERR_print_errors_fp(stderr);
+    abort();
+  }
+  return result;
+}
+
+}  // namespace util
+}  // namespace firestore
+}  // namespace firebase
+
+#endif  // HAVE_OPENSSL_RAND_H
diff --git a/Firestore/core/test/firebase/firestore/util/CMakeLists.txt b/Firestore/core/test/firebase/firestore/util/CMakeLists.txt
@@ -12,11 +12,30 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+if(HAVE_ARC4RANDOM)
+  cc_test(
+    firebase_firestore_util_arc4random_test
+    SOURCES
+      secure_random_test.cc
+    DEPENDS
+      firebase_firestore_util_arc4random
+  )
+endif()
+
+if(HAVE_OPENSSL_RAND_H)
+  cc_test(
+    firebase_firestore_util_openssl_test
+    SOURCES
+      secure_random_test.cc
+    DEPENDS
+      firebase_firestore_util_openssl
+  )
+endif()
+
 cc_test(
   firebase_firestore_util_test
   SOURCES
     autoid_test.cc
-    secure_random_test.cc
     string_printf_test.cc
   DEPENDS
     firebase_firestore_util