2 * OpenVPN -- An application to securely tunnel IP networks
3 * over a single TCP/UDP port, with support for SSL/TLS-based
4 * session authentication and key exchange,
5 * packet encryption, packet authentication, and
8 * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
9 * Copyright (C) 2010 Fox Crypto B.V. <openvpn@fox-it.com>
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2
13 * as published by the Free Software Foundation.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program (see the file COPYING included with this
22 * distribution); if not, write to the Free Software Foundation, Inc.,
23 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27 * @file Control Channel PolarSSL Backend
32 #elif defined(_MSC_VER)
33 #include "config-msvc.h"
38 #if defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_POLARSSL)
41 #include "ssl_backend.h"
45 #include "ssl_common.h"
47 #include <polarssl/sha2.h>
48 #include <polarssl/havege.h>
50 #include "ssl_verify_polarssl.h"
51 #include <polarssl/pem.h>
69 tls_ctx_server_new(struct tls_root_ctx
*ctx
)
74 ALLOC_OBJ_CLEAR(ctx
->dhm_ctx
, dhm_context
);
75 ALLOC_OBJ_CLEAR(ctx
->priv_key
, rsa_context
);
77 ALLOC_OBJ_CLEAR(ctx
->ca_chain
, x509_cert
);
78 ALLOC_OBJ_CLEAR(ctx
->crt_chain
, x509_cert
);
81 ctx
->endpoint
= SSL_IS_SERVER
;
82 ctx
->initialised
= true;
86 tls_ctx_client_new(struct tls_root_ctx
*ctx
)
91 ALLOC_OBJ_CLEAR(ctx
->dhm_ctx
, dhm_context
);
92 ALLOC_OBJ_CLEAR(ctx
->priv_key
, rsa_context
);
94 ALLOC_OBJ_CLEAR(ctx
->ca_chain
, x509_cert
);
95 ALLOC_OBJ_CLEAR(ctx
->crt_chain
, x509_cert
);
97 ctx
->endpoint
= SSL_IS_CLIENT
;
98 ctx
->initialised
= true;
102 tls_ctx_free(struct tls_root_ctx
*ctx
)
106 rsa_free(ctx
->priv_key
);
109 x509_free(ctx
->ca_chain
);
112 x509_free(ctx
->crt_chain
);
113 free(ctx
->crt_chain
);
115 dhm_free(ctx
->dhm_ctx
);
118 #if defined(ENABLE_PKCS11)
119 if (ctx
->priv_key_pkcs11
!= NULL
) {
120 pkcs11_priv_key_free(ctx
->priv_key_pkcs11
);
121 free(ctx
->priv_key_pkcs11
);
125 if (ctx
->allowed_ciphers
)
126 free(ctx
->allowed_ciphers
);
130 ctx
->initialised
= false;
136 tls_ctx_initialised(struct tls_root_ctx
*ctx
)
139 return ctx
->initialised
;
143 tls_ctx_set_options (struct tls_root_ctx
*ctx
, unsigned int ssl_flags
)
148 tls_translate_cipher_name (const char * cipher_name
) {
149 const tls_cipher_name_pair
* pair
= tls_get_cipher_name_pair(cipher_name
, strlen(cipher_name
));
153 // No translation found, return original
157 if (0 != strcmp(cipher_name
, pair
->iana_name
))
159 // Deprecated name found, notify user
160 msg(M_WARN
, "Deprecated cipher suite name '%s', please use IANA name '%s'", pair
->openssl_name
, pair
->iana_name
);
163 return pair
->iana_name
;
167 tls_ctx_restrict_ciphers(struct tls_root_ctx
*ctx
, const char *ciphers
)
169 char *tmp_ciphers
, *tmp_ciphers_orig
, *token
;
171 int ciphers_len
= strlen (ciphers
);
173 ASSERT (NULL
!= ctx
);
174 ASSERT (0 != ciphers_len
);
176 /* Get number of ciphers */
177 for (i
= 0, cipher_count
= 1; i
< ciphers_len
; i
++)
178 if (ciphers
[i
] == ':')
181 /* Allocate an array for them */
182 ALLOC_ARRAY_CLEAR(ctx
->allowed_ciphers
, int, cipher_count
+1)
184 /* Parse allowed ciphers, getting IDs */
186 tmp_ciphers_orig
= tmp_ciphers
= strdup(ciphers
);
188 token
= strtok (tmp_ciphers
, ":");
191 ctx
->allowed_ciphers
[i
] = ssl_get_ciphersuite_id (
192 tls_translate_cipher_name (token
));
193 if (0 != ctx
->allowed_ciphers
[i
])
195 token
= strtok (NULL
, ":");
197 free(tmp_ciphers_orig
);
201 tls_ctx_load_dh_params (struct tls_root_ctx
*ctx
, const char *dh_file
,
202 const char *dh_file_inline
205 if (!strcmp (dh_file
, INLINE_FILE_TAG
) && dh_file_inline
)
207 if (0 != x509parse_dhm(ctx
->dhm_ctx
, dh_file_inline
, strlen(dh_file_inline
)))
208 msg (M_FATAL
, "Cannot read inline DH parameters");
212 if (0 != x509parse_dhmfile(ctx
->dhm_ctx
, dh_file
))
213 msg (M_FATAL
, "Cannot read DH parameters from file %s", dh_file
);
216 msg (D_TLS_DEBUG_LOW
, "Diffie-Hellman initialized with " counter_format
" bit key",
217 (counter_type
) 8 * mpi_size(&ctx
->dhm_ctx
->P
));
221 tls_ctx_load_pkcs12(struct tls_root_ctx
*ctx
, const char *pkcs12_file
,
222 const char *pkcs12_file_inline
,
226 msg(M_FATAL
, "PKCS #12 files not yet supported for PolarSSL.");
230 #ifdef ENABLE_CRYPTOAPI
232 tls_ctx_load_cryptoapi(struct tls_root_ctx
*ctx
, const char *cryptoapi_cert
)
234 msg(M_FATAL
, "Windows CryptoAPI not yet supported for PolarSSL.");
239 tls_ctx_load_cert_file (struct tls_root_ctx
*ctx
, const char *cert_file
,
240 const char *cert_file_inline
,
241 openvpn_x509_cert_t
**x509
246 ASSERT(NULL
== *x509
);
248 if (!strcmp (cert_file
, INLINE_FILE_TAG
) && cert_file_inline
)
250 if (0 != x509parse_crt(ctx
->crt_chain
, cert_file_inline
,
251 strlen(cert_file_inline
)))
252 msg (M_FATAL
, "Cannot load inline certificate file");
256 if (0 != x509parse_crtfile(ctx
->crt_chain
, cert_file
))
257 msg (M_FATAL
, "Cannot load certificate file %s", cert_file
);
261 *x509
= ctx
->crt_chain
;
266 tls_ctx_free_cert_file (openvpn_x509_cert_t
*x509
)
272 tls_ctx_load_priv_file (struct tls_root_ctx
*ctx
, const char *priv_key_file
,
273 const char *priv_key_file_inline
279 if (!strcmp (priv_key_file
, INLINE_FILE_TAG
) && priv_key_file_inline
)
281 status
= x509parse_key(ctx
->priv_key
,
282 priv_key_file_inline
, strlen(priv_key_file_inline
),
284 if (POLARSSL_ERR_PEM_PASSWORD_REQUIRED
== status
)
286 char passbuf
[512] = {0};
287 pem_password_callback(passbuf
, 512, 0, NULL
);
288 status
= x509parse_key(ctx
->priv_key
,
289 priv_key_file_inline
, strlen(priv_key_file_inline
),
290 passbuf
, strlen(passbuf
));
295 status
= x509parse_keyfile(ctx
->priv_key
, priv_key_file
, NULL
);
296 if (POLARSSL_ERR_PEM_PASSWORD_REQUIRED
== status
)
298 char passbuf
[512] = {0};
299 pem_password_callback(passbuf
, 512, 0, NULL
);
300 status
= x509parse_keyfile(ctx
->priv_key
, priv_key_file
, passbuf
);
305 #ifdef ENABLE_MANAGEMENT
306 if (management
&& (POLARSSL_ERR_PEM_PASSWORD_MISMATCH
== status
))
307 management_auth_failure (management
, UP_TYPE_PRIVATE_KEY
, NULL
);
309 msg (M_WARN
, "Cannot load private key file %s", priv_key_file
);
313 warn_if_group_others_accessible (priv_key_file
);
315 /* TODO: Check Private Key */
317 if (!SSL_CTX_check_private_key (ctx
))
318 msg (M_SSLERR
, "Private key does not match the certificate");
323 #ifdef MANAGMENT_EXTERNAL_KEY
326 tls_ctx_use_external_private_key (struct tls_root_ctx
*ctx
, openvpn_x509_cert_t
*cert
)
328 msg(M_FATAL
, "Use of management external keys not yet supported for PolarSSL.");
334 void tls_ctx_load_ca (struct tls_root_ctx
*ctx
, const char *ca_file
,
335 const char *ca_file_inline
,
336 const char *ca_path
, bool tls_server
340 msg(M_FATAL
, "ERROR: PolarSSL cannot handle the capath directive");
342 if (ca_file
&& !strcmp (ca_file
, INLINE_FILE_TAG
) && ca_file_inline
)
344 if (0 != x509parse_crt(ctx
->ca_chain
, ca_file_inline
, strlen(ca_file_inline
)))
345 msg (M_FATAL
, "Cannot load inline CA certificates");
349 /* Load CA file for verifying peer supplied certificate */
350 if (0 != x509parse_crtfile(ctx
->ca_chain
, ca_file
))
351 msg (M_FATAL
, "Cannot load CA certificate file %s", ca_file
);
356 tls_ctx_load_extra_certs (struct tls_root_ctx
*ctx
, const char *extra_certs_file
,
357 const char *extra_certs_file_inline
362 if (!strcmp (extra_certs_file
, INLINE_FILE_TAG
) && extra_certs_file_inline
)
364 if (0 != x509parse_crt(ctx
->crt_chain
, extra_certs_file_inline
,
365 strlen(extra_certs_file_inline
)))
366 msg (M_FATAL
, "Cannot load inline extra-certs file");
370 if (0 != x509parse_crtfile(ctx
->crt_chain
, extra_certs_file
))
371 msg (M_FATAL
, "Cannot load extra-certs file: %s", extra_certs_file
);
375 /* **************************************
377 * Key-state specific functions
379 ***************************************/
385 static inline void buf_free_entry(buffer_entry
*entry
)
394 static void buf_free_entries(endless_buffer
*buf
)
396 while(buf
->first_block
)
398 buffer_entry
*cur_block
= buf
->first_block
;
399 buf
->first_block
= cur_block
->next_block
;
400 buf_free_entry(cur_block
);
402 buf
->last_block
= NULL
;
405 static int endless_buf_read( void * ctx
, unsigned char * out
, size_t out_len
)
407 endless_buffer
*in
= (endless_buffer
*) ctx
;
410 if (in
->first_block
== NULL
)
411 return POLARSSL_ERR_NET_WANT_READ
;
413 while (in
->first_block
!= NULL
&& read_len
< out_len
)
415 int block_len
= in
->first_block
->length
- in
->data_start
;
416 if (block_len
<= out_len
- read_len
)
418 buffer_entry
*cur_entry
= in
->first_block
;
419 memcpy(out
+ read_len
, cur_entry
->data
+ in
->data_start
,
422 read_len
+= block_len
;
424 in
->first_block
= cur_entry
->next_block
;
427 if (in
->first_block
== NULL
)
428 in
->last_block
= NULL
;
430 buf_free_entry(cur_entry
);
434 memcpy(out
+ read_len
, in
->first_block
->data
+ in
->data_start
,
436 in
->data_start
+= out_len
- read_len
;
444 static int endless_buf_write( void *ctx
, const unsigned char *in
, size_t len
)
446 endless_buffer
*out
= (endless_buffer
*) ctx
;
447 buffer_entry
*new_block
= malloc(sizeof(buffer_entry
));
448 if (NULL
== new_block
)
449 return POLARSSL_ERR_NET_SEND_FAILED
;
451 new_block
->data
= malloc(len
);
452 if (NULL
== new_block
->data
)
455 return POLARSSL_ERR_NET_SEND_FAILED
;
458 new_block
->length
= len
;
459 new_block
->next_block
= NULL
;
461 memcpy(new_block
->data
, in
, len
);
463 if (NULL
== out
->first_block
)
464 out
->first_block
= new_block
;
466 if (NULL
!= out
->last_block
)
467 out
->last_block
->next_block
= new_block
;
469 out
->last_block
= new_block
;
474 static void my_debug( void *ctx
, int level
, const char *str
)
478 dmsg (D_HANDSHAKE_VERBOSE
, "PolarSSL alert: %s", str
);
483 * Further personalise the RNG using a hash of the public key
485 void tls_ctx_personalise_random(struct tls_root_ctx
*ctx
)
487 static char old_sha256_hash
[32] = {0};
488 char sha256_hash
[32] = {0};
489 ctr_drbg_context
*cd_ctx
= rand_ctx_get();
491 if (NULL
!= ctx
->crt_chain
)
493 x509_cert
*cert
= ctx
->crt_chain
;
495 sha2(cert
->tbs
.p
, cert
->tbs
.len
, sha256_hash
, false);
496 if ( 0 != memcmp(old_sha256_hash
, sha256_hash
, sizeof(sha256_hash
)))
498 ctr_drbg_update(cd_ctx
, sha256_hash
, 32);
499 memcpy(old_sha256_hash
, sha256_hash
, sizeof(old_sha256_hash
));
504 void key_state_ssl_init(struct key_state_ssl
*ks_ssl
,
505 const struct tls_root_ctx
*ssl_ctx
, bool is_server
, void *session
)
507 ASSERT(NULL
!= ssl_ctx
);
511 ALLOC_OBJ_CLEAR(ks_ssl
->ctx
, ssl_context
);
512 if (0 == ssl_init(ks_ssl
->ctx
))
514 /* Initialise SSL context */
515 ssl_set_dbg (ks_ssl
->ctx
, my_debug
, NULL
);
516 ssl_set_endpoint (ks_ssl
->ctx
, ssl_ctx
->endpoint
);
518 ssl_set_rng (ks_ssl
->ctx
, ctr_drbg_random
, rand_ctx_get());
520 if (ssl_ctx
->allowed_ciphers
)
521 ssl_set_ciphersuites (ks_ssl
->ctx
, ssl_ctx
->allowed_ciphers
);
523 /* Initialise authentication information */
525 ssl_set_dh_param_ctx (ks_ssl
->ctx
, ssl_ctx
->dhm_ctx
);
526 #if defined(ENABLE_PKCS11)
527 if (ssl_ctx
->priv_key_pkcs11
!= NULL
)
528 ssl_set_own_cert_alt( ks_ssl
->ctx
, ssl_ctx
->crt_chain
,
529 ssl_ctx
->priv_key_pkcs11
, ssl_pkcs11_decrypt
, ssl_pkcs11_sign
,
530 ssl_pkcs11_key_len
);
533 ssl_set_own_cert( ks_ssl
->ctx
, ssl_ctx
->crt_chain
, ssl_ctx
->priv_key
);
535 /* Initialise SSL verification */
536 ssl_set_authmode (ks_ssl
->ctx
, SSL_VERIFY_REQUIRED
);
537 ssl_set_verify (ks_ssl
->ctx
, verify_callback
, session
);
538 /* TODO: PolarSSL does not currently support sending the CA chain to the client */
539 ssl_set_ca_chain (ks_ssl
->ctx
, ssl_ctx
->ca_chain
, NULL
, NULL
);
541 /* Initialise BIOs */
542 ALLOC_OBJ_CLEAR (ks_ssl
->ct_in
, endless_buffer
);
543 ALLOC_OBJ_CLEAR (ks_ssl
->ct_out
, endless_buffer
);
544 ssl_set_bio (ks_ssl
->ctx
, endless_buf_read
, ks_ssl
->ct_in
,
545 endless_buf_write
, ks_ssl
->ct_out
);
550 key_state_ssl_free(struct key_state_ssl
*ks_ssl
)
555 ssl_free(ks_ssl
->ctx
);
559 buf_free_entries(ks_ssl
->ct_in
);
562 if (ks_ssl
->ct_out
) {
563 buf_free_entries(ks_ssl
->ct_out
);
564 free(ks_ssl
->ct_out
);
571 key_state_write_plaintext (struct key_state_ssl
*ks
, struct buffer
*buf
)
574 perf_push (PERF_BIO_WRITE_PLAINTEXT
);
578 ASSERT (buf
->len
>= 0);
586 retval
= ssl_write(ks
->ctx
, BPTR(buf
), buf
->len
);
591 if (POLARSSL_ERR_NET_WANT_WRITE
== retval
|| POLARSSL_ERR_NET_WANT_READ
== retval
)
593 msg (D_TLS_ERRORS
, "TLS ERROR: write tls_write_plaintext error");
597 if (retval
!= buf
->len
)
600 "TLS ERROR: write tls_write_plaintext incomplete %d/%d",
606 /* successful write */
607 dmsg (D_HANDSHAKE_VERBOSE
, "write tls_write_plaintext %d bytes", retval
);
609 memset (BPTR (buf
), 0, BLEN (buf
)); /* erase data just written */
617 key_state_write_plaintext_const (struct key_state_ssl
*ks
, const uint8_t *data
, int len
)
620 perf_push (PERF_BIO_WRITE_PLAINTEXT
);
633 retval
= ssl_write(ks
->ctx
, data
, len
);
638 if (POLARSSL_ERR_NET_WANT_WRITE
== retval
|| POLARSSL_ERR_NET_WANT_READ
== retval
)
640 msg (D_TLS_ERRORS
, "TLS ERROR: write tls_write_plaintext_const error");
647 "TLS ERROR: write tls_write_plaintext_const incomplete %d/%d",
653 /* successful write */
654 dmsg (D_HANDSHAKE_VERBOSE
, "write tls_write_plaintext_const %d bytes", retval
);
661 key_state_read_ciphertext (struct key_state_ssl
*ks
, struct buffer
*buf
,
666 char error_message
[1024];
668 perf_push (PERF_BIO_READ_CIPHERTEXT
);
672 ASSERT (buf
->len
>= 0);
680 len
= buf_forward_capacity (buf
);
684 retval
= endless_buf_read(ks
->ct_out
, BPTR(buf
), len
);
686 /* Error during read, check for retry error */
690 if (POLARSSL_ERR_NET_WANT_WRITE
== retval
|| POLARSSL_ERR_NET_WANT_READ
== retval
)
692 error_strerror(retval
, error_message
, sizeof(error_message
));
693 msg (D_TLS_ERRORS
, "TLS_ERROR: read tls_read_ciphertext error: %d %s", retval
, error_message
);
697 /* Nothing read, try again */
705 /* successful read */
706 dmsg (D_HANDSHAKE_VERBOSE
, "read tls_read_ciphertext %d bytes", retval
);
713 key_state_write_ciphertext (struct key_state_ssl
*ks
, struct buffer
*buf
)
716 perf_push (PERF_BIO_WRITE_CIPHERTEXT
);
720 ASSERT (buf
->len
>= 0);
728 retval
= endless_buf_write(ks
->ct_in
, BPTR(buf
), buf
->len
);
734 if (POLARSSL_ERR_NET_WANT_WRITE
== retval
|| POLARSSL_ERR_NET_WANT_READ
== retval
)
736 msg (D_TLS_ERRORS
, "TLS ERROR: write tls_write_ciphertext error");
740 if (retval
!= buf
->len
)
743 "TLS ERROR: write tls_write_ciphertext incomplete %d/%d",
749 /* successful write */
750 dmsg (D_HANDSHAKE_VERBOSE
, "write tls_write_ciphertext %d bytes", retval
);
752 memset (BPTR (buf
), 0, BLEN (buf
)); /* erase data just written */
760 key_state_read_plaintext (struct key_state_ssl
*ks
, struct buffer
*buf
,
765 char error_message
[1024];
767 perf_push (PERF_BIO_READ_PLAINTEXT
);
771 ASSERT (buf
->len
>= 0);
779 len
= buf_forward_capacity (buf
);
783 retval
= ssl_read(ks
->ctx
, BPTR(buf
), len
);
785 /* Error during read, check for retry error */
788 if (POLARSSL_ERR_NET_WANT_WRITE
== retval
|| POLARSSL_ERR_NET_WANT_READ
== retval
)
790 error_strerror(retval
, error_message
, sizeof(error_message
));
791 msg (D_TLS_ERRORS
, "TLS_ERROR: read tls_read_plaintext error: %d %s", retval
, error_message
);
796 /* Nothing read, try again */
804 /* successful read */
805 dmsg (D_HANDSHAKE_VERBOSE
, "read tls_read_plaintext %d bytes", retval
);
812 /* **************************************
814 * Information functions
816 * Print information for the end user.
818 ***************************************/
820 print_details (struct key_state_ssl
* ks_ssl
, const char *prefix
)
822 const x509_cert
*cert
;
827 openvpn_snprintf (s1
, sizeof (s1
), "%s %s, cipher %s",
829 ssl_get_version (ks_ssl
->ctx
),
830 ssl_get_ciphersuite(ks_ssl
->ctx
));
832 cert
= ssl_get_peer_cert(ks_ssl
->ctx
);
835 openvpn_snprintf (s2
, sizeof (s2
), ", " counter_format
" bit RSA", (counter_type
) cert
->rsa
.len
* 8);
838 msg (D_HANDSHAKE
, "%s%s", s1
, s2
);
842 show_available_tls_ciphers ()
844 const int *ciphers
= ssl_list_ciphersuites();
847 printf ("Available TLS Ciphers,\n");
848 printf ("listed in order of preference:\n\n");
851 while (*ciphers
!= 0)
853 printf ("%s\n", ssl_get_ciphersuite_name(*ciphers
));
860 get_highest_preference_tls_cipher (char *buf
, int size
)
862 const char *cipher_name
;
863 const int *ciphers
= ssl_list_ciphersuites();
865 msg (M_FATAL
, "Cannot retrieve list of supported SSL ciphers.");
867 cipher_name
= ssl_get_ciphersuite_name(*ciphers
);
868 strncpynt (buf
, cipher_name
, size
);
871 #endif /* defined(ENABLE_SSL) && defined(ENABLE_CRYPTO_POLARSSL) */