search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug fixes in DANE.
[gnutls.git] / libdane / dane.c
blobe008ad899e03428fead3aa7934ad17b200670b5a
1 /*
2 * Copyright (C) 2012 KU Leuven
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of libdane.
7 *
8 * libdane is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 #include <config.h>
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <errno.h>
29 #include <arpa/inet.h>
30 #include <unbound.h>
31 #include <gnutls/dane.h>
32 #include <gnutls/x509.h>
33 #include <gnutls/abstract.h>
34 #include <gnutls/crypto.h>
35
36 #define MAX_DATA_ENTRIES 4
37
38 struct dane_query_st
39 {
40 unsigned int data_entries;
41 dane_cert_usage_t usage[MAX_DATA_ENTRIES];
42 dane_cert_type_t type[MAX_DATA_ENTRIES];
43 dane_match_type_t match[MAX_DATA_ENTRIES];
44 gnutls_datum_t data[MAX_DATA_ENTRIES];
45 struct ub_ctx* ctx;
46 struct ub_result* result;
47 unsigned int flags;
48 dane_query_status_t status;
49 };
50
51 /**
52 * dane_query_status:
53 * @q: The query structure
54 *
55 * This function will return the status of the query response.
56 * See %dane_query_status_t for the possible types.
57 *
58 * Returns: The status type.
59 **/
60 dane_query_status_t dane_query_status(dane_query_t q)
61 {
62 return q->status;
63 }
64
65 /**
66 * dane_query_entries:
67 * @q: The query structure
68 *
69 * This function will return the number of entries in a query.
70 *
71 * Returns: The number of entries.
72 **/
73 unsigned int dane_query_entries(dane_query_t q)
74 {
75 return q->data_entries;
76 }
77
78 /**
79 * dane_query_data:
80 * @q: The query structure
81 * @idx: The index of the query response.
82 * @usage: The certificate usage (see %dane_cert_usage_t)
83 * @type: The certificate type (see %dane_cert_type_t)
84 * @match: The DANE matching type (see %dane_match_type_t)
85 * @data: The DANE data.
86 *
87 * This function will provide the DANE data from the query
88 * response.
89 *
90 * Returns: On success, %DANE_E_SUCCESS (0) is returned, otherwise a
91 * negative error value.
92 **/
93 int dane_query_data(dane_query_t q, unsigned int idx,
94 unsigned int *usage, unsigned int *type,
95 unsigned int *match, gnutls_datum_t * data)
96 {
97 if (idx >= q->data_entries)
98 return DANE_E_REQUESTED_DATA_NOT_AVAILABLE;
99
100 if (usage)
101 *usage = q->usage[idx];
102 if (type)
103 *type = q->type[idx];
104 if (match)
105 *match = q->match[idx];
106 if (data) {
107 data->data = q->data[idx].data;
108 data->size = q->data[idx].size;
109 }
110
111 return DANE_E_SUCCESS;
112 }
113
114 /**
115 * dane_query_init:
116 * @q: The structure to be initialized
117 * @flags: flags from the DANE_F_* definitions
118 *
119 * This function will initialize a DANE query structure.
120 *
121 * Returns: On success, %DANE_E_SUCCESS (0) is returned, otherwise a
122 * negative error value.
123 **/
124 int dane_query_init(dane_query_t* q, unsigned int flags)
125 {
126 struct ub_ctx* ctx;
127 int ret;
128
129 *q = calloc(1, sizeof(struct dane_query_st));
130 if (*q == NULL)
131 return DANE_E_MEMORY_ERROR;
132
133 ctx = ub_ctx_create();
134 if(!ctx) {
135 ret = DANE_E_INITIALIZATION_ERROR;
136 goto cleanup;
137 }
138 ub_ctx_debugout(ctx, stderr);
139
140 if (!(flags & DANE_F_IGNORE_LOCAL_RESOLVER)) {
141 if( (ret=ub_ctx_resolvconf(ctx, NULL)) != 0) {
142 ret = DANE_E_INITIALIZATION_ERROR;
143 goto cleanup;
144 }
145
146 if( (ret=ub_ctx_hosts(ctx, NULL)) != 0) {
147 ret = DANE_E_INITIALIZATION_ERROR;
148 goto cleanup;
149 }
150 }
151
152 /* read public keys for DNSSEC verification */
153 if( (ret=ub_ctx_add_ta_file(ctx, (char*)UNBOUND_ROOT_KEY_FILE)) != 0) {
154 ret = DANE_E_INITIALIZATION_ERROR;
155 goto cleanup;
156 }
157
158 (*q)->ctx = ctx;
159 (*q)->flags = flags;
160
161 return DANE_E_SUCCESS;
162 cleanup:
163
164 if (ctx)
165 ub_ctx_delete(ctx);
166 free(*q);
167
168 return ret;
169 }
170
171 /**
172 * dane_query_init:
173 * @q: The structure to be deinitialized
174 *
175 * This function will deinitialize a DANE query structure.
176 *
177 **/
178 void dane_query_deinit(dane_query_t q)
179 {
180 if (q->result)
181 ub_ctx_delete(q->ctx);
182 ub_resolve_free(q->result);
183
184 free(q);
185 }
186
187 /**
188 * dane_query_resolve_tlsa:
189 * @q: The query structure
190 * @host: The host name to resolve.
191 * @proto: The protocol type (tcp, udp, etc.)
192 * @port: The service port number (eg. 443).
193 *
194 * This function will query the DNS server for the TLSA (DANE)
195 * data for the given host.
196 *
197 * Returns: On success, %DANE_E_SUCCESS (0) is returned, otherwise a
198 * negative error value.
199 **/
200 int dane_query_resolve_tlsa(dane_query_t q, const char* host, const char* proto, unsigned int port)
201 {
202 char ns[1024];
203 int ret;
204 unsigned int i;
205
206 if (q->result) {
207 ub_resolve_free(q->result);
208 q->result = NULL;
209 }
210
211 snprintf(ns, sizeof(ns), "_%u._%s.%s", port, proto, host);
212
213 /* query for webserver */
214 ret = ub_resolve(q->ctx, ns, 52, 1, &q->result);
215 if(ret != 0) {
216 return DANE_E_RESOLVING_ERROR;
217 }
218
219 /* show first result */
220 if(!q->result->havedata) {
221 return DANE_E_NO_DANE_DATA;
222 }
223
224 i = 0;
225 do {
226
227 if (q->result->len[i] > 3)
228 ret = DANE_E_SUCCESS;
229 else {
230 return DANE_E_RECEIVED_CORRUPT_DATA;
231 }
232
233 q->usage[i] = q->result->data[i][0];
234 q->type[i] = q->result->data[i][1];
235 q->match[i] = q->result->data[i][2];
236 q->data[i].data = (void*)&q->result->data[i][3];
237 q->data[i].size = q->result->len[i] - 3;
238 i++;
239 } while(q->result->data[i] != NULL);
240
241 q->data_entries = i;
242
243 if (!q->result->secure) {
244 if (q->result->bogus)
245 ret = DANE_E_INVALID_DNSSEC_SIG;
246 else
247 ret = DANE_E_NO_DNSSEC_SIG;
248 }
249
250 /* show security status */
251 if (q->result->secure)
252 q->status = DANE_QUERY_DNSSEC_VERIFIED;
253 else if (q->result->bogus)
254 q->status = DANE_QUERY_BOGUS;
255 else q->status = DANE_QUERY_NO_DNSSEC;
256
257 return ret;
258 }
259
260 static unsigned int matches(const gnutls_datum_t *raw1, const gnutls_datum_t *raw2,
261 dane_match_type_t match)
262 {
263 uint8_t digest[64];
264 int ret;
265
266 if (match == DANE_MATCH_EXACT) {
267 if (raw1->size != raw2->size)
268 return 0;
269
270 if (memcmp(raw1->data, raw2->data, raw1->size) != 0)
271 return 0;
272
273 return 1;
274 } else if (match == DANE_MATCH_SHA2_256) {
275
276 if (raw2->size != 32)
277 return 0;
278
279 ret = gnutls_hash_fast(GNUTLS_DIG_SHA256, raw1->data, raw1->size, digest);
280 if (ret < 0)
281 return 0;
282
283 if (memcmp(digest, raw2->data, 32) != 0)
284 return 0;
285
286 return 1;
287 } else if (match == DANE_MATCH_SHA2_512) {
288 if (raw2->size != 64)
289 return 0;
290
291 ret = gnutls_hash_fast(GNUTLS_DIG_SHA512, raw1->data, raw1->size, digest);
292 if (ret < 0)
293 return 0;
294
295 if (memcmp(digest, raw2->data, 64) != 0)
296 return 0;
297
298 return 1;
299 }
300
301 return 0;
302 }
303
304 static int crt_to_pubkey(const gnutls_datum_t *raw_crt, gnutls_datum_t * out)
305 {
306 gnutls_pubkey_t pub = NULL;
307 gnutls_x509_crt_t crt = NULL;
308 int ret;
309
310 out->data = NULL;
311
312 ret = gnutls_x509_crt_init(&crt);
313 if (ret < 0)
314 return DANE_E_PUBKEY_ERROR;
315
316 ret = gnutls_pubkey_init( &pub);
317 if (ret < 0) {
318 ret = DANE_E_PUBKEY_ERROR;
319 goto cleanup;
320 }
321
322 ret = gnutls_x509_crt_import(crt, raw_crt, GNUTLS_X509_FMT_DER);
323 if (ret < 0) {
324 ret = DANE_E_PUBKEY_ERROR;
325 goto cleanup;
326 }
327
328 ret = gnutls_pubkey_import_x509(pub, crt, 0);
329 if (ret < 0) {
330 ret = DANE_E_PUBKEY_ERROR;
331 goto cleanup;
332 }
333
334 ret = gnutls_pubkey_export2(pub, GNUTLS_X509_FMT_DER, out);
335 if (ret < 0) {
336 ret = DANE_E_PUBKEY_ERROR;
337 goto cleanup;
338 }
339
340 ret = 0;
341 goto clean_certs;
342
343 cleanup:
344 free(out->data);
345 clean_certs:
346 if (pub)
347 gnutls_pubkey_deinit(pub);
348 if (crt)
349 gnutls_x509_crt_deinit(crt);
350
351 return ret;
352 }
353
354 static int verify_ca(const gnutls_datum_t *raw_crt, unsigned raw_crt_size,
355 gnutls_certificate_type_t crt_type,
356 dane_cert_type_t ctype,
357 dane_match_type_t match, gnutls_datum_t * data,
358 unsigned int *verify)
359 {
360 gnutls_datum_t pubkey = {NULL, 0};
361 int ret;
362
363 if (raw_crt_size < 2)
364 return DANE_E_INVALID_REQUEST;
365
366 if (ctype == DANE_CERT_X509 && crt_type == GNUTLS_CRT_X509) {
367
368 if (!matches(&raw_crt[1], data, match))
369 *verify |= DANE_VERIFY_CA_CONSTRAINS_VIOLATED;
370
371 } else if (ctype == DANE_CERT_PK && crt_type == GNUTLS_CRT_X509) {
372 ret = crt_to_pubkey(&raw_crt[1], &pubkey);
373 if (ret < 0)
374 goto cleanup;
375
376 if (!matches(&pubkey, data, match))
377 *verify |= DANE_VERIFY_CA_CONSTRAINS_VIOLATED;
378 }
379
380 ret = 0;
381 cleanup:
382 free(pubkey.data);
383 return ret;
384 }
385
386 static int verify_ee(const gnutls_datum_t *raw_crt, gnutls_certificate_type_t crt_type,
387 dane_cert_type_t ctype, dane_match_type_t match, gnutls_datum_t * data,
388 unsigned int *verify)
389 {
390 gnutls_datum_t pubkey = {NULL, 0};
391 int ret;
392
393 if (ctype == DANE_CERT_X509 && crt_type == GNUTLS_CRT_X509) {
394
395 if (!matches(raw_crt, data, match))
396 *verify |= DANE_VERIFY_CERT_DIFFERS;
397
398 } else if (ctype == DANE_CERT_PK && crt_type == GNUTLS_CRT_X509) {
399
400 ret = crt_to_pubkey(raw_crt, &pubkey);
401 if (ret < 0)
402 goto cleanup;
403
404 if (!matches(&pubkey, data, match))
405 *verify |= DANE_VERIFY_CERT_DIFFERS;
406 }
407
408 ret = 0;
409 cleanup:
410 free(pubkey.data);
411 return ret;
412 }
413
414 /**
415 * dane_verify_crt:
416 * @chain: A certificate chain
417 * @chain_size: The size of the chain
418 * @chain_type: The type of the certificate chain
419 * @hostname: The hostname associated with the chain
420 * @proto: The protocol of the service connecting (e.g. tcp)
421 * @port: The port of the service connecting (e.g. 443)
422 * @flags: The %DANE_F flags.
423 * @verify: An OR'ed list of %dane_verify_status_t.
424 *
425 * This function will verify the given certificate chain against the
426 * CA constrains and/or the certificate available via DANE.
427 * If no information via DANE can be obtained the flag %DANE_VERIFY_NO_DANE_INFO
428 * is set. If a DNSSEC signature is not available for the DANE
429 * record then the verify flag %DANE_VERIFY_NO_DNSSEC_DATA is set.
430 *
431 * Due to the many possible options of DANE, there is no single threat
432 * model countered. When notifying the user about DANE verification results
433 * it may be better to mention: DANE verification did not reject the certificate,
434 * rather than mentioning a successful DANE verication.
435 *
436 * Returns: On success, %DANE_E_SUCCESS (0) is returned, otherwise a
437 * negative error value.
438 *
439 **/
440 int dane_verify_crt (
441 const gnutls_datum_t *chain, unsigned chain_size,
442 gnutls_certificate_type_t chain_type,
443 const char * hostname, const char* proto, unsigned int port,
444 unsigned int flags, unsigned int *verify)
445 {
446 dane_query_t q;
447 int ret;
448 unsigned int usage, type, match, idx;
449 gnutls_datum_t data;
450
451 if (chain_type != GNUTLS_CRT_X509)
452 return DANE_E_INVALID_REQUEST;
453
454 *verify = 0;
455
456 ret = dane_query_init(&q, flags);
457 if (ret < 0) {
458 return ret;
459 }
460
461 ret = dane_query_resolve_tlsa(q, hostname, proto, port);
462 if (ret < 0) {
463 goto cleanup;
464 }
465
466 idx = 0;
467 do {
468 ret = dane_query_data(q, idx++, &usage, &type, &match, &data);
469 if (ret == DANE_E_REQUESTED_DATA_NOT_AVAILABLE)
470 break;
471
472 if (ret < 0) {
473 goto cleanup;
474 }
475
476 if (usage == DANE_CERT_USAGE_LOCAL_CA || usage == DANE_CERT_USAGE_CA) {
477 ret = verify_ca(chain, chain_size, chain_type, type, match, &data, verify);
478 if (ret < 0)
479 goto cleanup;
480
481 } else if (usage == DANE_CERT_USAGE_LOCAL_EE || usage == DANE_CERT_USAGE_EE) {
482 ret = verify_ee(&chain[0], chain_type, type, match, &data, verify);
483 if (ret < 0)
484 goto cleanup;
485 }
486 } while(1);
487
488 ret = 0;
489
490 cleanup:
491 dane_query_deinit(q);
492 return ret;
493 }
494
495 /**
496 * dane_verify_session_crt:
497 * @session: A gnutls session
498 * @hostname: The hostname associated with the chain
499 * @proto: The protocol of the service connecting (e.g. tcp)
500 * @port: The port of the service connecting (e.g. 443)
501 * @flags: The %DANE_F flags.
502 * @verify: An OR'ed list of %dane_verify_status_t.
503 *
504 * This function will verify session's certificate chain against the
505 * CA constrains and/or the certificate available via DANE.
506 * See dane_verify_crt() for more information.
507 *
508 * Returns: On success, %DANE_E_SUCCESS (0) is returned, otherwise a
509 * negative error value.
510 *
511 **/
512 int dane_verify_session_crt (
513 gnutls_session_t session,
514 const char * hostname, const char* proto, unsigned int port,
515 unsigned int flags, unsigned int *verify)
516 {
517 const gnutls_datum_t *cert_list;
518 unsigned int cert_list_size = 0;
519 unsigned int type;
520
521 cert_list = gnutls_certificate_get_peers(session, &cert_list_size);
522 if (cert_list_size == 0) {
523 return DANE_E_NO_CERT;
524 }
525
526 type = gnutls_certificate_type_get(session);
527
528 return dane_verify_crt(cert_list, cert_list_size, type, hostname, proto, port, flags, verify);
529 }
Implementation of the SSL/TLS protocol