1 | /* |
2 | * QEMU crypto TLS session support |
3 | * |
4 | * Copyright (c) 2015 Red Hat, Inc. |
5 | * |
6 | * This library is free software; you can redistribute it and/or |
7 | * modify it under the terms of the GNU Lesser General Public |
8 | * License as published by the Free Software Foundation; either |
9 | * version 2.1 of the License, or (at your option) any later version. |
10 | * |
11 | * This library is distributed in the hope that it will be useful, |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
14 | * Lesser General Public License for more details. |
15 | * |
16 | * You should have received a copy of the GNU Lesser General Public |
17 | * License along with this library; if not, see <http://www.gnu.org/licenses/>. |
18 | * |
19 | */ |
20 | |
21 | #include "qemu/osdep.h" |
22 | #include "crypto/tlssession.h" |
23 | #include "crypto/tlscredsanon.h" |
24 | #include "crypto/tlscredspsk.h" |
25 | #include "crypto/tlscredsx509.h" |
26 | #include "qapi/error.h" |
27 | #include "authz/base.h" |
28 | #include "trace.h" |
29 | |
30 | #ifdef CONFIG_GNUTLS |
31 | |
32 | |
33 | #include <gnutls/x509.h> |
34 | |
35 | |
36 | struct QCryptoTLSSession { |
37 | QCryptoTLSCreds *creds; |
38 | gnutls_session_t handle; |
39 | char *hostname; |
40 | char *authzid; |
41 | bool handshakeComplete; |
42 | QCryptoTLSSessionWriteFunc writeFunc; |
43 | QCryptoTLSSessionReadFunc readFunc; |
44 | void *opaque; |
45 | char *peername; |
46 | }; |
47 | |
48 | |
49 | void |
50 | qcrypto_tls_session_free(QCryptoTLSSession *session) |
51 | { |
52 | if (!session) { |
53 | return; |
54 | } |
55 | |
56 | gnutls_deinit(session->handle); |
57 | g_free(session->hostname); |
58 | g_free(session->peername); |
59 | g_free(session->authzid); |
60 | object_unref(OBJECT(session->creds)); |
61 | g_free(session); |
62 | } |
63 | |
64 | |
65 | static ssize_t |
66 | qcrypto_tls_session_push(void *opaque, const void *buf, size_t len) |
67 | { |
68 | QCryptoTLSSession *session = opaque; |
69 | |
70 | if (!session->writeFunc) { |
71 | errno = EIO; |
72 | return -1; |
73 | }; |
74 | |
75 | return session->writeFunc(buf, len, session->opaque); |
76 | } |
77 | |
78 | |
79 | static ssize_t |
80 | qcrypto_tls_session_pull(void *opaque, void *buf, size_t len) |
81 | { |
82 | QCryptoTLSSession *session = opaque; |
83 | |
84 | if (!session->readFunc) { |
85 | errno = EIO; |
86 | return -1; |
87 | }; |
88 | |
89 | return session->readFunc(buf, len, session->opaque); |
90 | } |
91 | |
92 | #define TLS_PRIORITY_ADDITIONAL_ANON "+ANON-DH" |
93 | #define TLS_PRIORITY_ADDITIONAL_PSK "+ECDHE-PSK:+DHE-PSK:+PSK" |
94 | |
95 | QCryptoTLSSession * |
96 | qcrypto_tls_session_new(QCryptoTLSCreds *creds, |
97 | const char *hostname, |
98 | const char *authzid, |
99 | QCryptoTLSCredsEndpoint endpoint, |
100 | Error **errp) |
101 | { |
102 | QCryptoTLSSession *session; |
103 | int ret; |
104 | |
105 | session = g_new0(QCryptoTLSSession, 1); |
106 | trace_qcrypto_tls_session_new( |
107 | session, creds, hostname ? hostname : "<none>" , |
108 | authzid ? authzid : "<none>" , endpoint); |
109 | |
110 | if (hostname) { |
111 | session->hostname = g_strdup(hostname); |
112 | } |
113 | if (authzid) { |
114 | session->authzid = g_strdup(authzid); |
115 | } |
116 | session->creds = creds; |
117 | object_ref(OBJECT(creds)); |
118 | |
119 | if (creds->endpoint != endpoint) { |
120 | error_setg(errp, "Credentials endpoint doesn't match session" ); |
121 | goto error; |
122 | } |
123 | |
124 | if (endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { |
125 | ret = gnutls_init(&session->handle, GNUTLS_SERVER); |
126 | } else { |
127 | ret = gnutls_init(&session->handle, GNUTLS_CLIENT); |
128 | } |
129 | if (ret < 0) { |
130 | error_setg(errp, "Cannot initialize TLS session: %s" , |
131 | gnutls_strerror(ret)); |
132 | goto error; |
133 | } |
134 | |
135 | if (object_dynamic_cast(OBJECT(creds), |
136 | TYPE_QCRYPTO_TLS_CREDS_ANON)) { |
137 | QCryptoTLSCredsAnon *acreds = QCRYPTO_TLS_CREDS_ANON(creds); |
138 | char *prio; |
139 | |
140 | if (creds->priority != NULL) { |
141 | prio = g_strdup_printf("%s:%s" , |
142 | creds->priority, |
143 | TLS_PRIORITY_ADDITIONAL_ANON); |
144 | } else { |
145 | prio = g_strdup(CONFIG_TLS_PRIORITY ":" |
146 | TLS_PRIORITY_ADDITIONAL_ANON); |
147 | } |
148 | |
149 | ret = gnutls_priority_set_direct(session->handle, prio, NULL); |
150 | if (ret < 0) { |
151 | error_setg(errp, "Unable to set TLS session priority %s: %s" , |
152 | prio, gnutls_strerror(ret)); |
153 | g_free(prio); |
154 | goto error; |
155 | } |
156 | g_free(prio); |
157 | if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { |
158 | ret = gnutls_credentials_set(session->handle, |
159 | GNUTLS_CRD_ANON, |
160 | acreds->data.server); |
161 | } else { |
162 | ret = gnutls_credentials_set(session->handle, |
163 | GNUTLS_CRD_ANON, |
164 | acreds->data.client); |
165 | } |
166 | if (ret < 0) { |
167 | error_setg(errp, "Cannot set session credentials: %s" , |
168 | gnutls_strerror(ret)); |
169 | goto error; |
170 | } |
171 | } else if (object_dynamic_cast(OBJECT(creds), |
172 | TYPE_QCRYPTO_TLS_CREDS_PSK)) { |
173 | QCryptoTLSCredsPSK *pcreds = QCRYPTO_TLS_CREDS_PSK(creds); |
174 | char *prio; |
175 | |
176 | if (creds->priority != NULL) { |
177 | prio = g_strdup_printf("%s:%s" , |
178 | creds->priority, |
179 | TLS_PRIORITY_ADDITIONAL_PSK); |
180 | } else { |
181 | prio = g_strdup(CONFIG_TLS_PRIORITY ":" |
182 | TLS_PRIORITY_ADDITIONAL_PSK); |
183 | } |
184 | |
185 | ret = gnutls_priority_set_direct(session->handle, prio, NULL); |
186 | if (ret < 0) { |
187 | error_setg(errp, "Unable to set TLS session priority %s: %s" , |
188 | prio, gnutls_strerror(ret)); |
189 | g_free(prio); |
190 | goto error; |
191 | } |
192 | g_free(prio); |
193 | if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { |
194 | ret = gnutls_credentials_set(session->handle, |
195 | GNUTLS_CRD_PSK, |
196 | pcreds->data.server); |
197 | } else { |
198 | ret = gnutls_credentials_set(session->handle, |
199 | GNUTLS_CRD_PSK, |
200 | pcreds->data.client); |
201 | } |
202 | if (ret < 0) { |
203 | error_setg(errp, "Cannot set session credentials: %s" , |
204 | gnutls_strerror(ret)); |
205 | goto error; |
206 | } |
207 | } else if (object_dynamic_cast(OBJECT(creds), |
208 | TYPE_QCRYPTO_TLS_CREDS_X509)) { |
209 | QCryptoTLSCredsX509 *tcreds = QCRYPTO_TLS_CREDS_X509(creds); |
210 | const char *prio = creds->priority; |
211 | if (!prio) { |
212 | prio = CONFIG_TLS_PRIORITY; |
213 | } |
214 | |
215 | ret = gnutls_priority_set_direct(session->handle, prio, NULL); |
216 | if (ret < 0) { |
217 | error_setg(errp, "Cannot set default TLS session priority %s: %s" , |
218 | prio, gnutls_strerror(ret)); |
219 | goto error; |
220 | } |
221 | ret = gnutls_credentials_set(session->handle, |
222 | GNUTLS_CRD_CERTIFICATE, |
223 | tcreds->data); |
224 | if (ret < 0) { |
225 | error_setg(errp, "Cannot set session credentials: %s" , |
226 | gnutls_strerror(ret)); |
227 | goto error; |
228 | } |
229 | |
230 | if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { |
231 | /* This requests, but does not enforce a client cert. |
232 | * The cert checking code later does enforcement */ |
233 | gnutls_certificate_server_set_request(session->handle, |
234 | GNUTLS_CERT_REQUEST); |
235 | } |
236 | } else { |
237 | error_setg(errp, "Unsupported TLS credentials type %s" , |
238 | object_get_typename(OBJECT(creds))); |
239 | goto error; |
240 | } |
241 | |
242 | gnutls_transport_set_ptr(session->handle, session); |
243 | gnutls_transport_set_push_function(session->handle, |
244 | qcrypto_tls_session_push); |
245 | gnutls_transport_set_pull_function(session->handle, |
246 | qcrypto_tls_session_pull); |
247 | |
248 | return session; |
249 | |
250 | error: |
251 | qcrypto_tls_session_free(session); |
252 | return NULL; |
253 | } |
254 | |
255 | static int |
256 | qcrypto_tls_session_check_certificate(QCryptoTLSSession *session, |
257 | Error **errp) |
258 | { |
259 | int ret; |
260 | unsigned int status; |
261 | const gnutls_datum_t *certs; |
262 | unsigned int nCerts, i; |
263 | time_t now; |
264 | gnutls_x509_crt_t cert = NULL; |
265 | Error *err = NULL; |
266 | |
267 | now = time(NULL); |
268 | if (now == ((time_t)-1)) { |
269 | error_setg_errno(errp, errno, "Cannot get current time" ); |
270 | return -1; |
271 | } |
272 | |
273 | ret = gnutls_certificate_verify_peers2(session->handle, &status); |
274 | if (ret < 0) { |
275 | error_setg(errp, "Verify failed: %s" , gnutls_strerror(ret)); |
276 | return -1; |
277 | } |
278 | |
279 | if (status != 0) { |
280 | const char *reason = "Invalid certificate" ; |
281 | |
282 | if (status & GNUTLS_CERT_INVALID) { |
283 | reason = "The certificate is not trusted" ; |
284 | } |
285 | |
286 | if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) { |
287 | reason = "The certificate hasn't got a known issuer" ; |
288 | } |
289 | |
290 | if (status & GNUTLS_CERT_REVOKED) { |
291 | reason = "The certificate has been revoked" ; |
292 | } |
293 | |
294 | if (status & GNUTLS_CERT_INSECURE_ALGORITHM) { |
295 | reason = "The certificate uses an insecure algorithm" ; |
296 | } |
297 | |
298 | error_setg(errp, "%s" , reason); |
299 | return -1; |
300 | } |
301 | |
302 | certs = gnutls_certificate_get_peers(session->handle, &nCerts); |
303 | if (!certs) { |
304 | error_setg(errp, "No certificate peers" ); |
305 | return -1; |
306 | } |
307 | |
308 | for (i = 0; i < nCerts; i++) { |
309 | ret = gnutls_x509_crt_init(&cert); |
310 | if (ret < 0) { |
311 | error_setg(errp, "Cannot initialize certificate: %s" , |
312 | gnutls_strerror(ret)); |
313 | return -1; |
314 | } |
315 | |
316 | ret = gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER); |
317 | if (ret < 0) { |
318 | error_setg(errp, "Cannot import certificate: %s" , |
319 | gnutls_strerror(ret)); |
320 | goto error; |
321 | } |
322 | |
323 | if (gnutls_x509_crt_get_expiration_time(cert) < now) { |
324 | error_setg(errp, "The certificate has expired" ); |
325 | goto error; |
326 | } |
327 | |
328 | if (gnutls_x509_crt_get_activation_time(cert) > now) { |
329 | error_setg(errp, "The certificate is not yet activated" ); |
330 | goto error; |
331 | } |
332 | |
333 | if (gnutls_x509_crt_get_activation_time(cert) > now) { |
334 | error_setg(errp, "The certificate is not yet activated" ); |
335 | goto error; |
336 | } |
337 | |
338 | if (i == 0) { |
339 | size_t dnameSize = 1024; |
340 | session->peername = g_malloc(dnameSize); |
341 | requery: |
342 | ret = gnutls_x509_crt_get_dn(cert, session->peername, &dnameSize); |
343 | if (ret < 0) { |
344 | if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) { |
345 | session->peername = g_realloc(session->peername, |
346 | dnameSize); |
347 | goto requery; |
348 | } |
349 | error_setg(errp, "Cannot get client distinguished name: %s" , |
350 | gnutls_strerror(ret)); |
351 | goto error; |
352 | } |
353 | if (session->authzid) { |
354 | bool allow; |
355 | |
356 | allow = qauthz_is_allowed_by_id(session->authzid, |
357 | session->peername, &err); |
358 | if (err) { |
359 | error_propagate(errp, err); |
360 | goto error; |
361 | } |
362 | if (!allow) { |
363 | error_setg(errp, "TLS x509 authz check for %s is denied" , |
364 | session->peername); |
365 | goto error; |
366 | } |
367 | } |
368 | if (session->hostname) { |
369 | if (!gnutls_x509_crt_check_hostname(cert, session->hostname)) { |
370 | error_setg(errp, |
371 | "Certificate does not match the hostname %s" , |
372 | session->hostname); |
373 | goto error; |
374 | } |
375 | } |
376 | } |
377 | |
378 | gnutls_x509_crt_deinit(cert); |
379 | } |
380 | |
381 | return 0; |
382 | |
383 | error: |
384 | gnutls_x509_crt_deinit(cert); |
385 | return -1; |
386 | } |
387 | |
388 | |
389 | int |
390 | qcrypto_tls_session_check_credentials(QCryptoTLSSession *session, |
391 | Error **errp) |
392 | { |
393 | if (object_dynamic_cast(OBJECT(session->creds), |
394 | TYPE_QCRYPTO_TLS_CREDS_ANON)) { |
395 | trace_qcrypto_tls_session_check_creds(session, "nop" ); |
396 | return 0; |
397 | } else if (object_dynamic_cast(OBJECT(session->creds), |
398 | TYPE_QCRYPTO_TLS_CREDS_PSK)) { |
399 | trace_qcrypto_tls_session_check_creds(session, "nop" ); |
400 | return 0; |
401 | } else if (object_dynamic_cast(OBJECT(session->creds), |
402 | TYPE_QCRYPTO_TLS_CREDS_X509)) { |
403 | if (session->creds->verifyPeer) { |
404 | int ret = qcrypto_tls_session_check_certificate(session, |
405 | errp); |
406 | trace_qcrypto_tls_session_check_creds(session, |
407 | ret == 0 ? "pass" : "fail" ); |
408 | return ret; |
409 | } else { |
410 | trace_qcrypto_tls_session_check_creds(session, "skip" ); |
411 | return 0; |
412 | } |
413 | } else { |
414 | trace_qcrypto_tls_session_check_creds(session, "error" ); |
415 | error_setg(errp, "Unexpected credential type %s" , |
416 | object_get_typename(OBJECT(session->creds))); |
417 | return -1; |
418 | } |
419 | } |
420 | |
421 | |
422 | void |
423 | qcrypto_tls_session_set_callbacks(QCryptoTLSSession *session, |
424 | QCryptoTLSSessionWriteFunc writeFunc, |
425 | QCryptoTLSSessionReadFunc readFunc, |
426 | void *opaque) |
427 | { |
428 | session->writeFunc = writeFunc; |
429 | session->readFunc = readFunc; |
430 | session->opaque = opaque; |
431 | } |
432 | |
433 | |
434 | ssize_t |
435 | qcrypto_tls_session_write(QCryptoTLSSession *session, |
436 | const char *buf, |
437 | size_t len) |
438 | { |
439 | ssize_t ret = gnutls_record_send(session->handle, buf, len); |
440 | |
441 | if (ret < 0) { |
442 | switch (ret) { |
443 | case GNUTLS_E_AGAIN: |
444 | errno = EAGAIN; |
445 | break; |
446 | case GNUTLS_E_INTERRUPTED: |
447 | errno = EINTR; |
448 | break; |
449 | default: |
450 | errno = EIO; |
451 | break; |
452 | } |
453 | ret = -1; |
454 | } |
455 | |
456 | return ret; |
457 | } |
458 | |
459 | |
460 | ssize_t |
461 | qcrypto_tls_session_read(QCryptoTLSSession *session, |
462 | char *buf, |
463 | size_t len) |
464 | { |
465 | ssize_t ret = gnutls_record_recv(session->handle, buf, len); |
466 | |
467 | if (ret < 0) { |
468 | switch (ret) { |
469 | case GNUTLS_E_AGAIN: |
470 | errno = EAGAIN; |
471 | break; |
472 | case GNUTLS_E_INTERRUPTED: |
473 | errno = EINTR; |
474 | break; |
475 | case GNUTLS_E_PREMATURE_TERMINATION: |
476 | errno = ECONNABORTED; |
477 | break; |
478 | default: |
479 | errno = EIO; |
480 | break; |
481 | } |
482 | ret = -1; |
483 | } |
484 | |
485 | return ret; |
486 | } |
487 | |
488 | |
489 | int |
490 | qcrypto_tls_session_handshake(QCryptoTLSSession *session, |
491 | Error **errp) |
492 | { |
493 | int ret = gnutls_handshake(session->handle); |
494 | if (ret == 0) { |
495 | session->handshakeComplete = true; |
496 | } else { |
497 | if (ret == GNUTLS_E_INTERRUPTED || |
498 | ret == GNUTLS_E_AGAIN) { |
499 | ret = 1; |
500 | } else { |
501 | error_setg(errp, "TLS handshake failed: %s" , |
502 | gnutls_strerror(ret)); |
503 | ret = -1; |
504 | } |
505 | } |
506 | |
507 | return ret; |
508 | } |
509 | |
510 | |
511 | QCryptoTLSSessionHandshakeStatus |
512 | qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *session) |
513 | { |
514 | if (session->handshakeComplete) { |
515 | return QCRYPTO_TLS_HANDSHAKE_COMPLETE; |
516 | } else if (gnutls_record_get_direction(session->handle) == 0) { |
517 | return QCRYPTO_TLS_HANDSHAKE_RECVING; |
518 | } else { |
519 | return QCRYPTO_TLS_HANDSHAKE_SENDING; |
520 | } |
521 | } |
522 | |
523 | |
524 | int |
525 | qcrypto_tls_session_get_key_size(QCryptoTLSSession *session, |
526 | Error **errp) |
527 | { |
528 | gnutls_cipher_algorithm_t cipher; |
529 | int ssf; |
530 | |
531 | cipher = gnutls_cipher_get(session->handle); |
532 | ssf = gnutls_cipher_get_key_size(cipher); |
533 | if (!ssf) { |
534 | error_setg(errp, "Cannot get TLS cipher key size" ); |
535 | return -1; |
536 | } |
537 | return ssf; |
538 | } |
539 | |
540 | |
541 | char * |
542 | qcrypto_tls_session_get_peer_name(QCryptoTLSSession *session) |
543 | { |
544 | if (session->peername) { |
545 | return g_strdup(session->peername); |
546 | } |
547 | return NULL; |
548 | } |
549 | |
550 | |
551 | #else /* ! CONFIG_GNUTLS */ |
552 | |
553 | |
554 | QCryptoTLSSession * |
555 | qcrypto_tls_session_new(QCryptoTLSCreds *creds G_GNUC_UNUSED, |
556 | const char *hostname G_GNUC_UNUSED, |
557 | const char *authzid G_GNUC_UNUSED, |
558 | QCryptoTLSCredsEndpoint endpoint G_GNUC_UNUSED, |
559 | Error **errp) |
560 | { |
561 | error_setg(errp, "TLS requires GNUTLS support" ); |
562 | return NULL; |
563 | } |
564 | |
565 | |
566 | void |
567 | qcrypto_tls_session_free(QCryptoTLSSession *sess G_GNUC_UNUSED) |
568 | { |
569 | } |
570 | |
571 | |
572 | int |
573 | qcrypto_tls_session_check_credentials(QCryptoTLSSession *sess G_GNUC_UNUSED, |
574 | Error **errp) |
575 | { |
576 | error_setg(errp, "TLS requires GNUTLS support" ); |
577 | return -1; |
578 | } |
579 | |
580 | |
581 | void |
582 | qcrypto_tls_session_set_callbacks( |
583 | QCryptoTLSSession *sess G_GNUC_UNUSED, |
584 | QCryptoTLSSessionWriteFunc writeFunc G_GNUC_UNUSED, |
585 | QCryptoTLSSessionReadFunc readFunc G_GNUC_UNUSED, |
586 | void *opaque G_GNUC_UNUSED) |
587 | { |
588 | } |
589 | |
590 | |
591 | ssize_t |
592 | qcrypto_tls_session_write(QCryptoTLSSession *sess, |
593 | const char *buf, |
594 | size_t len) |
595 | { |
596 | errno = -EIO; |
597 | return -1; |
598 | } |
599 | |
600 | |
601 | ssize_t |
602 | qcrypto_tls_session_read(QCryptoTLSSession *sess, |
603 | char *buf, |
604 | size_t len) |
605 | { |
606 | errno = -EIO; |
607 | return -1; |
608 | } |
609 | |
610 | |
611 | int |
612 | qcrypto_tls_session_handshake(QCryptoTLSSession *sess, |
613 | Error **errp) |
614 | { |
615 | error_setg(errp, "TLS requires GNUTLS support" ); |
616 | return -1; |
617 | } |
618 | |
619 | |
620 | QCryptoTLSSessionHandshakeStatus |
621 | qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *sess) |
622 | { |
623 | return QCRYPTO_TLS_HANDSHAKE_COMPLETE; |
624 | } |
625 | |
626 | |
627 | int |
628 | qcrypto_tls_session_get_key_size(QCryptoTLSSession *sess, |
629 | Error **errp) |
630 | { |
631 | error_setg(errp, "TLS requires GNUTLS support" ); |
632 | return -1; |
633 | } |
634 | |
635 | |
636 | char * |
637 | qcrypto_tls_session_get_peer_name(QCryptoTLSSession *sess) |
638 | { |
639 | return NULL; |
640 | } |
641 | |
642 | #endif |
643 | |