search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
contrib: Add helper to build Android dependencies.
[libpwmd.git] / src / tls.c
blob41dc29c3cd6cdc783700439bf4f4873e6a716b65
1 /*
2 Copyright (C) 2012-2023 Ben Kibbey <bjk@luxsci.net>
3
4 This file is part of libpwmd.
5
6 This library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License version 2.1 as published by the Free Software Foundation.
9
10 This library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with this library; if not, write to the Free Software
17 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
18 USA
19 */
20 #ifdef HAVE_CONFIG_H
21 #include <config.h>
22 #endif
23
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <errno.h>
27 #include <ctype.h>
28 #include <sys/types.h>
29 #ifdef HAVE_STRINGS_H
30 #include <strings.h>
31 #endif
32 #ifdef HAVE_UNISTD_H
33 #include <unistd.h>
34 #endif
35 #ifdef HAVE_FCNTL_H
36 #include <fcntl.h>
37 #endif
38
39 #ifndef __MINGW32__
40 #ifdef HAVE_SYS_SOCKET_H
41 # include <sys/socket.h>
42 #endif
43 #endif
44
45 #include "types.h"
46 #include "misc.h"
47
48 #define DEFAULT_TLS_PRIORITY "SECURE256:SECURE192:SECURE128:" \
49 "-VERS-SSL3.0:-VERS-TLS1.0"
50 #define WAIT_INTERVAL 50000
51 #define TEST_TIMEOUT(pwm, timeout, ret, start, rc) \
52 do { \
53 rc = 0; \
54 if (ret == GNUTLS_E_AGAIN || pwm->cancel) \
55 { \
56 time_t now = time (NULL); \
57 if (pwm->cancel || (timeout && now - start >= timeout)) \
58 { \
59 if (pwm->cancel) \
60 rc = gpg_error (GPG_ERR_CANCELED); \
61 else \
62 rc = gpg_error (GPG_ERR_ETIMEDOUT); \
63 ret = GNUTLS_E_TIMEDOUT; \
64 break; \
65 } \
66 struct timeval totv = { 0, WAIT_INTERVAL }; \
67 select (0, NULL, NULL, NULL, &totv); \
68 } \
69 if (ret != GNUTLS_E_INTERRUPTED) \
70 break; \
71 } \
72 while (0)
73
74 void
75 tls_free (pwm_t *pwm)
76 {
77 struct tls_s *tls = pwm->tcp->tls;
78 int ret = 0;
79
80 if (!tls)
81 return;
82
83 pwmd_free (tls->ca);
84 pwmd_free (tls->cert);
85 pwmd_free (tls->key);
86 pwmd_free (tls->priority);
87 pwmd_free (tls->server_fp);
88
89 if (tls->session)
90 {
91 time_t start = time (NULL);
92
93 do
94 {
95 gpg_error_t rc = 0;
96
97 ret = gnutls_bye (tls->session, GNUTLS_SHUT_WR);
98 TEST_TIMEOUT (pwm, tls->timeout, ret, start, rc);
99 if (rc)
100 break;
101 }
102 while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
103
104 gnutls_deinit (tls->session);
105 }
106 else if (pwm->fd != ASSUAN_INVALID_FD)
107 {
108 __assuan_close (pwm->ctx, pwm->fd);
109 pwm->fd = ASSUAN_INVALID_FD;
110 }
111
112 if (tls->x509)
113 gnutls_certificate_free_credentials (tls->x509);
114
115 tls->session = NULL;
116 tls->x509 = NULL;
117 pwmd_free (tls);
118 pwm->tls_error = ret;
119 }
120
121 ssize_t
122 tls_read_hook (pwm_t *pwm, assuan_fd_t fd, void *data, size_t len)
123 {
124 struct tls_s *tls = pwm->tcp->tls;
125 ssize_t ret;
126 time_t start = time (NULL);
127
128 if (pwm->fd == ASSUAN_INVALID_FD)
129 return -1;
130
131 (void)fd;
132 do
133 {
134 gpg_error_t rc = 0;
135 struct timeval tv = { 0, WAIT_INTERVAL };
136 fd_set fds;
137 int n;
138
139 FD_ZERO (&fds);
140 FD_SET (HANDLE2SOCKET (pwm->fd), &fds);
141 n = select (HANDLE2SOCKET (pwm->fd)+1, &fds, NULL, NULL, &tv);
142 if (n == 0 && tls->nl)
143 {
144 char c[] = "#\n";
145
146 memcpy (data, c, sizeof(c));
147 ret = strlen (c);
148 break;
149 }
150
151 ret = gnutls_record_recv (tls->session, data, len);
152 if (ret == GNUTLS_E_REHANDSHAKE)
153 {
154 do
155 {
156 ret = gnutls_handshake (tls->session);
157 TEST_TIMEOUT (pwm, tls->timeout, ret, start, rc);
158 if (rc)
159 break;
160 }
161 while (ret < 0 && gnutls_error_is_fatal (ret) == 0);
162
163 if (!ret && tls->nl)
164 {
165 char c[] = "#\n";
166
167 memcpy (data, c, sizeof(c));
168 ret = strlen (c);
169 break;
170 }
171 else if (ret)
172 break;
173 else
174 ret = GNUTLS_E_AGAIN;
175 }
176
177 TEST_TIMEOUT (pwm, tls->timeout, ret, start, rc);
178 if (rc)
179 break;
180 }
181 while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
182
183 if (ret < 0)
184 pwm->tls_error = ret;
185
186 if (!ret)
187 return 0;
188 else if (ret == GNUTLS_E_PREMATURE_TERMINATION)
189 errno = EPIPE;
190
191 if (ret > 0)
192 tls->nl = ((char *)data)[ret-1] == '\n';
193
194 return ret < 0 ? -1 : ret;
195 }
196
197 ssize_t
198 tls_write_hook (pwm_t *pwm, assuan_fd_t fd, const void *data, size_t len)
199 {
200 struct tls_s *tls = pwm->tcp->tls;
201
202 /* This is probably the BYE command after a previous call timed
203 * out. If not done, the time(2) call seems to hang.*/
204 if (pwm->fd == ASSUAN_INVALID_FD)
205 return -1;
206
207 ssize_t ret;
208 time_t start = time (NULL);
209
210 (void)fd;
211 do
212 {
213 gpg_error_t rc = 0;
214
215 ret = gnutls_record_send (tls->session, data, len);
216 TEST_TIMEOUT (pwm, tls->timeout, ret, start, rc);
217 if (rc)
218 break;
219 }
220 while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
221
222 if (ret < 0)
223 pwm->tls_error = ret;
224
225 if (!ret)
226 return 0;
227 else if (ret == GNUTLS_E_PREMATURE_TERMINATION)
228 errno = EPIPE;
229
230 return ret < 0 ? -1 : ret;
231 }
232
233 static gpg_error_t
234 tls_fingerprint (pwm_t *pwm, char **result)
235 {
236 gnutls_session_t ses = pwm->tcp->tls->session;
237 gnutls_x509_crt_t crt;
238 const gnutls_datum_t *cert_list;
239 unsigned count;
240 unsigned char buf[32];
241 size_t len = sizeof (buf);
242
243 *result = NULL;
244 gnutls_x509_crt_init (&crt);
245 if (!crt)
246 return GPG_ERR_ENOMEM;
247
248 cert_list = gnutls_certificate_get_peers (ses, &count);
249 if (count)
250 {
251 pwm->tls_error = gnutls_x509_crt_import (crt, &cert_list[0],
252 GNUTLS_X509_FMT_DER);
253 if (!pwm->tls_error)
254 gnutls_x509_crt_get_fingerprint (crt, GNUTLS_DIG_SHA256, buf, &len);
255 }
256
257 gnutls_x509_crt_deinit (crt);
258 if (!count)
259 {
260 pwm->tls_error = GNUTLS_CERT_INVALID;
261 return GPG_ERR_MISSING_CERT;
262 }
263
264 if (!pwm->tls_error)
265 *result = bin2hex (buf, len);
266
267 return !pwm->tls_error ? 0 : GPG_ERR_ENOMEM;
268 }
269
270 static gpg_error_t
271 verify_server_certificate (unsigned status)
272 {
273 if (status & GNUTLS_CERT_REVOKED)
274 {
275 fprintf (stderr, "server certificate is revoked\n");
276 return GPG_ERR_CERT_REVOKED;
277 }
278
279 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
280 {
281 fprintf (stderr, "server certificate has no signer\n");
282 return GPG_ERR_NO_SIGNATURE_SCHEME;
283 }
284
285 if (status & GNUTLS_CERT_SIGNATURE_FAILURE)
286 {
287 fprintf (stderr, "server certificate signature verification failed\n");
288 return GPG_ERR_BAD_SIGNATURE;
289 }
290
291 if (status & GNUTLS_CERT_EXPIRED)
292 {
293 fprintf (stderr, "server certificate expired\n");
294 return GPG_ERR_CERT_EXPIRED;
295 }
296
297 if (status & GNUTLS_CERT_SIGNER_NOT_CA)
298 {
299 fprintf (stderr, "server certificate signer is not from CA\n");
300 return GPG_ERR_BAD_CA_CERT;
301 }
302
303 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
304 {
305 fprintf (stderr, "server certificate has insecure algorithm\n");
306 return GPG_ERR_UNSUPPORTED_ALGORITHM;
307 }
308
309 if (status)
310 {
311 fprintf (stderr, "server certificate is invalid: %u\n", status);
312 return GPG_ERR_BAD_CERT;
313 }
314
315 return 0;
316 }
317
318 static gpg_error_t
319 verify_certificate (pwm_t *pwm)
320 {
321 unsigned int status;
322 const gnutls_datum_t *cert_list;
323 unsigned int cert_list_size;
324 int i;
325 gnutls_x509_crt_t cert;
326 gpg_error_t rc = 0;
327
328 i = gnutls_certificate_verify_peers2 (pwm->tcp->tls->session, &status);
329 if (i < 0)
330 {
331 pwm->tls_error = i;
332 return GPG_ERR_BAD_CERT;
333 }
334
335 rc = verify_server_certificate (status);
336 if (rc)
337 return rc;
338
339 if (gnutls_certificate_type_get (pwm->tcp->tls->session) != GNUTLS_CRT_X509)
340 return GPG_ERR_UNSUPPORTED_CERT;
341
342 if (gnutls_x509_crt_init (&cert) < 0)
343 return gpg_error_from_errno (ENOMEM);
344
345 cert_list = gnutls_certificate_get_peers (pwm->tcp->tls->session,
346 &cert_list_size);
347 if (!cert_list)
348 {
349 rc = GPG_ERR_MISSING_CERT;
350 goto done;
351 }
352
353 for (i = 0; i < cert_list_size; i++)
354 {
355 pwm->tls_error = gnutls_x509_crt_import (cert, &cert_list[i],
356 GNUTLS_X509_FMT_DER);
357 if (pwm->tls_error < 0)
358 {
359 rc = GPG_ERR_BAD_CERT_CHAIN;
360 goto done;
361 }
362
363 if (gnutls_x509_crt_get_expiration_time (cert) < time (0))
364 {
365 rc = GPG_ERR_CERT_EXPIRED;
366 goto done;
367 }
368
369 if (gnutls_x509_crt_get_activation_time (cert) > time (0))
370 {
371 rc = GPG_ERR_CERT_TOO_YOUNG;
372 goto done;
373 }
374
375 if (pwm->tcp->tls->verify)
376 {
377 if (!gnutls_x509_crt_check_hostname (cert, pwm->tcp->host))
378 {
379 rc = GPG_ERR_BAD_CERT_CHAIN;
380 goto done;
381 }
382 }
383 }
384
385 if (pwm->tcp->tls->server_fp)
386 {
387 char *result;
388
389 rc = tls_fingerprint (pwm, &result);
390 if (!rc)
391 {
392 if (!result || !*result ||
393 strcasecmp (result, pwm->tcp->tls->server_fp))
394 rc = GPG_ERR_BAD_CERT;
395
396 pwmd_free (result);
397 }
398 }
399
400 done:
401 gnutls_x509_crt_deinit (cert);
402 return rc;
403 }
404
405 static gpg_error_t
406 tls_init (pwm_t * pwm)
407 {
408 gpg_error_t rc;
409 int ret;
410 const char *errstr;
411
412 ret = gnutls_certificate_allocate_credentials (&pwm->tcp->tls->x509);
413 if (ret)
414 {
415 pwm->tls_error = ret;
416 return gpg_error_from_errno (ENOMEM);
417 }
418
419 /* The client certificate must be signed by the CA of the pwmd server
420 * certificate in order for the client to authenticate successfully. Man in
421 * the middle attacks are still possible if the attacker is running a pwmd
422 * that doesn't require client certificate authentication. So require the
423 * client to verify the server certificate.
424 */
425 ret = gnutls_certificate_set_x509_trust_file (pwm->tcp->tls->x509,
426 pwm->tcp->tls->ca,
427 GNUTLS_X509_FMT_PEM);
428 if (ret == -1)
429 {
430 rc = GPG_ERR_INV_CERT_OBJ;
431 goto fail;
432 }
433
434 ret = gnutls_certificate_set_x509_key_file (pwm->tcp->tls->x509,
435 pwm->tcp->tls->cert,
436 pwm->tcp->tls->key,
437 GNUTLS_X509_FMT_PEM);
438 if (ret != GNUTLS_E_SUCCESS)
439 {
440 pwm->tls_error = ret;
441 rc = GPG_ERR_INV_CERT_OBJ;
442 goto fail;
443 }
444
445 ret = gnutls_init (&pwm->tcp->tls->session, GNUTLS_CLIENT);
446 if (ret != GNUTLS_E_SUCCESS)
447 {
448 pwm->tls_error = ret;
449 rc = GPG_ERR_INV_CERT_OBJ;
450 goto fail;
451 }
452
453 ret = gnutls_priority_set_direct (pwm->tcp->tls->session,
454 pwm->tcp->tls->priority
455 ? pwm->tcp->tls->priority
456 : DEFAULT_TLS_PRIORITY,
457 &errstr);
458 if (ret != GNUTLS_E_SUCCESS)
459 {
460 pwm->tls_error = ret;
461 rc = GPG_ERR_INV_CERT_OBJ;
462 goto fail;
463 }
464
465 ret = gnutls_credentials_set (pwm->tcp->tls->session, GNUTLS_CRD_CERTIFICATE,
466 pwm->tcp->tls->x509);
467 if (ret != GNUTLS_E_SUCCESS)
468 {
469 pwm->tls_error = ret;
470 rc = GPG_ERR_INV_CERT_OBJ;
471 goto fail;
472 }
473
474 gnutls_transport_set_ptr (pwm->tcp->tls->session,
475 (gnutls_transport_ptr_t) HANDLE2SOCKET (pwm->fd));
476 rc = set_non_blocking (pwm->fd, 1);
477 if (rc)
478 goto fail;
479
480 time_t start = time (NULL);
481 do
482 {
483 ret = gnutls_handshake (pwm->tcp->tls->session);
484 TEST_TIMEOUT (pwm, pwm->tcp->tls->timeout, ret, start, rc);
485 if (rc)
486 goto fail;
487 }
488 while (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED);
489
490 if (ret != GNUTLS_E_SUCCESS)
491 {
492 pwm->tls_error = ret;
493 rc = GPG_ERR_INV_CERT_OBJ;
494 goto fail;
495 }
496
497 rc = verify_certificate (pwm);
498
499 fail:
500 if (rc)
501 {
502 /* Keep the original error since it maybe overwritten during TLS
503 * shutdown. */
504 ret = pwm->tls_error;
505 /* The session may not have completed a handshake. Will crash during
506 * gnutls_bye(). */
507 gnutls_deinit (pwm->tcp->tls->session);
508 pwm->tcp->tls->session = NULL;
509 free_tcp (pwm);
510 pwm->tls_error = ret;
511 }
512
513 return rc;
514 }
515
516 gpg_error_t
517 tls_connect (pwm_t * pwm, const char *host, int port, const char *cert,
518 const char *key, const char *cacert, const char *prio,
519 const char *server_fp, int verify)
520 {
521 struct tcp_s *tcp;
522 gpg_error_t rc;
523
524 if (!cert || !key || !cacert)
525 return GPG_ERR_INV_ARG;
526
527 tcp = pwmd_calloc (1, sizeof (struct tcp_s));
528 if (!tcp)
529 return GPG_ERR_ENOMEM;
530
531 pthread_cond_init (&tcp->dns_cond, NULL);
532 pthread_mutex_init (&tcp->dns_mutex, NULL);
533 pwm->tcp = tcp;
534 tcp->port = port;
535 tcp->host = pwmd_strdup (host);
536 if (!tcp->host)
537 {
538 rc = GPG_ERR_ENOMEM;
539 goto fail;
540 }
541
542 tcp->tls = pwmd_calloc (1, sizeof (struct tls_s));
543 if (!tcp->tls)
544 {
545 rc = GPG_ERR_ENOMEM;
546 goto fail;
547 }
548
549 tcp->tls->timeout = pwm->socket_timeout;
550 tcp->tls->verify = verify;
551 tcp->tls->cert = pwmd_strdup (cert);
552 if (!tcp->tls->cert)
553 {
554 rc = GPG_ERR_ENOMEM;
555 goto fail;
556 }
557
558 tcp->tls->key = pwmd_strdup (key);
559 if (!tcp->tls->key)
560 {
561 rc = GPG_ERR_ENOMEM;
562 goto fail;
563 }
564
565 tcp->tls->ca = pwmd_strdup (cacert);
566 if (!tcp->tls->ca)
567 {
568 rc = GPG_ERR_ENOMEM;
569 goto fail;
570 }
571
572 if (prio)
573 {
574 tcp->tls->priority = pwmd_strdup (prio);
575 if (!tcp->tls->priority)
576 {
577 rc = GPG_ERR_ENOMEM;
578 goto fail;
579 }
580 }
581
582 if (server_fp)
583 {
584 tcp->tls->server_fp = pwmd_strdup (server_fp);
585 if (!tcp->tls->server_fp)
586 {
587 rc = GPG_ERR_ENOMEM;
588 goto fail;
589 }
590 }
591
592 rc = tcp_connect_common (pwm);
593 if (!rc)
594 {
595 rc = tls_init (pwm);
596 if (!rc)
597 {
598 #ifdef __MINGW32__
599 rc = assuan_socket_connect_fd (pwm->ctx, pwm->fh, 0);
600 #else
601 rc = assuan_socket_connect_fd (pwm->ctx, pwm->fd, 0);
602 #endif
603 }
604 }
605
606 fail:
607 if (rc)
608 free_tcp (pwm);
609
610 return rc;
611 }
612
613 /*
614 * tls[46]://[hostname][:port]
615 */
616 gpg_error_t
617 tls_parse_url (const char *str, char **host, int *port)
618 {
619 *port = 6466;
620 return parse_hostname_common (str, host, port);
621 }
An API for pwmd.