xref: /openbmc/qemu/crypto/tlssession.c (revision 197a137290103993b33f93c90e788ab4984f103a)
1 /*
2  * QEMU crypto TLS session support
3  *
4  * Copyright (c) 2015 Red Hat, Inc.
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
18  *
19  */
20 
21 #include "qemu/osdep.h"
22 #include "crypto/tlssession.h"
23 #include "crypto/tlscredsanon.h"
24 #include "crypto/tlscredspsk.h"
25 #include "crypto/tlscredsx509.h"
26 #include "qapi/error.h"
27 #include "authz/base.h"
28 #include "tlscredspriv.h"
29 #include "trace.h"
30 
31 #ifdef CONFIG_GNUTLS
32 
33 
34 #include <gnutls/x509.h>
35 
36 
37 struct QCryptoTLSSession {
38     QCryptoTLSCreds *creds;
39     gnutls_session_t handle;
40     char *hostname;
41     char *authzid;
42     bool handshakeComplete;
43     QCryptoTLSSessionWriteFunc writeFunc;
44     QCryptoTLSSessionReadFunc readFunc;
45     void *opaque;
46     char *peername;
47 };
48 
49 
50 void
51 qcrypto_tls_session_free(QCryptoTLSSession *session)
52 {
53     if (!session) {
54         return;
55     }
56 
57     gnutls_deinit(session->handle);
58     g_free(session->hostname);
59     g_free(session->peername);
60     g_free(session->authzid);
61     object_unref(OBJECT(session->creds));
62     g_free(session);
63 }
64 
65 
66 static ssize_t
67 qcrypto_tls_session_push(void *opaque, const void *buf, size_t len)
68 {
69     QCryptoTLSSession *session = opaque;
70 
71     if (!session->writeFunc) {
72         errno = EIO;
73         return -1;
74     };
75 
76     return session->writeFunc(buf, len, session->opaque);
77 }
78 
79 
80 static ssize_t
81 qcrypto_tls_session_pull(void *opaque, void *buf, size_t len)
82 {
83     QCryptoTLSSession *session = opaque;
84 
85     if (!session->readFunc) {
86         errno = EIO;
87         return -1;
88     };
89 
90     return session->readFunc(buf, len, session->opaque);
91 }
92 
93 #define TLS_PRIORITY_ADDITIONAL_ANON "+ANON-DH"
94 #define TLS_PRIORITY_ADDITIONAL_PSK "+ECDHE-PSK:+DHE-PSK:+PSK"
95 
96 QCryptoTLSSession *
97 qcrypto_tls_session_new(QCryptoTLSCreds *creds,
98                         const char *hostname,
99                         const char *authzid,
100                         QCryptoTLSCredsEndpoint endpoint,
101                         Error **errp)
102 {
103     QCryptoTLSSession *session;
104     int ret;
105 
106     session = g_new0(QCryptoTLSSession, 1);
107     trace_qcrypto_tls_session_new(
108         session, creds, hostname ? hostname : "<none>",
109         authzid ? authzid : "<none>", endpoint);
110 
111     if (hostname) {
112         session->hostname = g_strdup(hostname);
113     }
114     if (authzid) {
115         session->authzid = g_strdup(authzid);
116     }
117     session->creds = creds;
118     object_ref(OBJECT(creds));
119 
120     if (creds->endpoint != endpoint) {
121         error_setg(errp, "Credentials endpoint doesn't match session");
122         goto error;
123     }
124 
125     if (endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
126         ret = gnutls_init(&session->handle, GNUTLS_SERVER);
127     } else {
128         ret = gnutls_init(&session->handle, GNUTLS_CLIENT);
129     }
130     if (ret < 0) {
131         error_setg(errp, "Cannot initialize TLS session: %s",
132                    gnutls_strerror(ret));
133         goto error;
134     }
135 
136     if (object_dynamic_cast(OBJECT(creds),
137                             TYPE_QCRYPTO_TLS_CREDS_ANON)) {
138         QCryptoTLSCredsAnon *acreds = QCRYPTO_TLS_CREDS_ANON(creds);
139         char *prio;
140 
141         if (creds->priority != NULL) {
142             prio = g_strdup_printf("%s:%s",
143                                    creds->priority,
144                                    TLS_PRIORITY_ADDITIONAL_ANON);
145         } else {
146             prio = g_strdup(CONFIG_TLS_PRIORITY ":"
147                             TLS_PRIORITY_ADDITIONAL_ANON);
148         }
149 
150         ret = gnutls_priority_set_direct(session->handle, prio, NULL);
151         if (ret < 0) {
152             error_setg(errp, "Unable to set TLS session priority %s: %s",
153                        prio, gnutls_strerror(ret));
154             g_free(prio);
155             goto error;
156         }
157         g_free(prio);
158         if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
159             ret = gnutls_credentials_set(session->handle,
160                                          GNUTLS_CRD_ANON,
161                                          acreds->data.server);
162         } else {
163             ret = gnutls_credentials_set(session->handle,
164                                          GNUTLS_CRD_ANON,
165                                          acreds->data.client);
166         }
167         if (ret < 0) {
168             error_setg(errp, "Cannot set session credentials: %s",
169                        gnutls_strerror(ret));
170             goto error;
171         }
172     } else if (object_dynamic_cast(OBJECT(creds),
173                                    TYPE_QCRYPTO_TLS_CREDS_PSK)) {
174         QCryptoTLSCredsPSK *pcreds = QCRYPTO_TLS_CREDS_PSK(creds);
175         char *prio;
176 
177         if (creds->priority != NULL) {
178             prio = g_strdup_printf("%s:%s",
179                                    creds->priority,
180                                    TLS_PRIORITY_ADDITIONAL_PSK);
181         } else {
182             prio = g_strdup(CONFIG_TLS_PRIORITY ":"
183                             TLS_PRIORITY_ADDITIONAL_PSK);
184         }
185 
186         ret = gnutls_priority_set_direct(session->handle, prio, NULL);
187         if (ret < 0) {
188             error_setg(errp, "Unable to set TLS session priority %s: %s",
189                        prio, gnutls_strerror(ret));
190             g_free(prio);
191             goto error;
192         }
193         g_free(prio);
194         if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
195             ret = gnutls_credentials_set(session->handle,
196                                          GNUTLS_CRD_PSK,
197                                          pcreds->data.server);
198         } else {
199             ret = gnutls_credentials_set(session->handle,
200                                          GNUTLS_CRD_PSK,
201                                          pcreds->data.client);
202         }
203         if (ret < 0) {
204             error_setg(errp, "Cannot set session credentials: %s",
205                        gnutls_strerror(ret));
206             goto error;
207         }
208     } else if (object_dynamic_cast(OBJECT(creds),
209                                    TYPE_QCRYPTO_TLS_CREDS_X509)) {
210         QCryptoTLSCredsX509 *tcreds = QCRYPTO_TLS_CREDS_X509(creds);
211         const char *prio = creds->priority;
212         if (!prio) {
213             prio = CONFIG_TLS_PRIORITY;
214         }
215 
216         ret = gnutls_priority_set_direct(session->handle, prio, NULL);
217         if (ret < 0) {
218             error_setg(errp, "Cannot set default TLS session priority %s: %s",
219                        prio, gnutls_strerror(ret));
220             goto error;
221         }
222         ret = gnutls_credentials_set(session->handle,
223                                      GNUTLS_CRD_CERTIFICATE,
224                                      tcreds->data);
225         if (ret < 0) {
226             error_setg(errp, "Cannot set session credentials: %s",
227                        gnutls_strerror(ret));
228             goto error;
229         }
230 
231         if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
232             /* This requests, but does not enforce a client cert.
233              * The cert checking code later does enforcement */
234             gnutls_certificate_server_set_request(session->handle,
235                                                   GNUTLS_CERT_REQUEST);
236         }
237     } else {
238         error_setg(errp, "Unsupported TLS credentials type %s",
239                    object_get_typename(OBJECT(creds)));
240         goto error;
241     }
242 
243     gnutls_transport_set_ptr(session->handle, session);
244     gnutls_transport_set_push_function(session->handle,
245                                        qcrypto_tls_session_push);
246     gnutls_transport_set_pull_function(session->handle,
247                                        qcrypto_tls_session_pull);
248 
249     return session;
250 
251  error:
252     qcrypto_tls_session_free(session);
253     return NULL;
254 }
255 
256 static int
257 qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,
258                                       Error **errp)
259 {
260     int ret;
261     unsigned int status;
262     const gnutls_datum_t *certs;
263     unsigned int nCerts, i;
264     time_t now;
265     gnutls_x509_crt_t cert = NULL;
266     Error *err = NULL;
267 
268     now = time(NULL);
269     if (now == ((time_t)-1)) {
270         error_setg_errno(errp, errno, "Cannot get current time");
271         return -1;
272     }
273 
274     ret = gnutls_certificate_verify_peers2(session->handle, &status);
275     if (ret < 0) {
276         error_setg(errp, "Verify failed: %s", gnutls_strerror(ret));
277         return -1;
278     }
279 
280     if (status != 0) {
281         const char *reason = "Invalid certificate";
282 
283         if (status & GNUTLS_CERT_INVALID) {
284             reason = "The certificate is not trusted";
285         }
286 
287         if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
288             reason = "The certificate hasn't got a known issuer";
289         }
290 
291         if (status & GNUTLS_CERT_REVOKED) {
292             reason = "The certificate has been revoked";
293         }
294 
295         if (status & GNUTLS_CERT_INSECURE_ALGORITHM) {
296             reason = "The certificate uses an insecure algorithm";
297         }
298 
299         error_setg(errp, "%s", reason);
300         return -1;
301     }
302 
303     certs = gnutls_certificate_get_peers(session->handle, &nCerts);
304     if (!certs) {
305         error_setg(errp, "No certificate peers");
306         return -1;
307     }
308 
309     for (i = 0; i < nCerts; i++) {
310         ret = gnutls_x509_crt_init(&cert);
311         if (ret < 0) {
312             error_setg(errp, "Cannot initialize certificate: %s",
313                        gnutls_strerror(ret));
314             return -1;
315         }
316 
317         ret = gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER);
318         if (ret < 0) {
319             error_setg(errp, "Cannot import certificate: %s",
320                        gnutls_strerror(ret));
321             goto error;
322         }
323 
324         if (gnutls_x509_crt_get_expiration_time(cert) < now) {
325             error_setg(errp, "The certificate has expired");
326             goto error;
327         }
328 
329         if (gnutls_x509_crt_get_activation_time(cert) > now) {
330             error_setg(errp, "The certificate is not yet activated");
331             goto error;
332         }
333 
334         if (gnutls_x509_crt_get_activation_time(cert) > now) {
335             error_setg(errp, "The certificate is not yet activated");
336             goto error;
337         }
338 
339         if (i == 0) {
340             size_t dnameSize = 1024;
341             session->peername = g_malloc(dnameSize);
342         requery:
343             ret = gnutls_x509_crt_get_dn(cert, session->peername, &dnameSize);
344             if (ret < 0) {
345                 if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
346                     session->peername = g_realloc(session->peername,
347                                                   dnameSize);
348                     goto requery;
349                 }
350                 error_setg(errp, "Cannot get client distinguished name: %s",
351                            gnutls_strerror(ret));
352                 goto error;
353             }
354             if (session->authzid) {
355                 bool allow;
356 
357                 allow = qauthz_is_allowed_by_id(session->authzid,
358                                                 session->peername, &err);
359                 if (err) {
360                     error_propagate(errp, err);
361                     goto error;
362                 }
363                 if (!allow) {
364                     error_setg(errp, "TLS x509 authz check for %s is denied",
365                                session->peername);
366                     goto error;
367                 }
368             }
369             if (session->hostname) {
370                 if (!gnutls_x509_crt_check_hostname(cert, session->hostname)) {
371                     error_setg(errp,
372                                "Certificate does not match the hostname %s",
373                                session->hostname);
374                     goto error;
375                 }
376             } else {
377                 if (session->creds->endpoint ==
378                     QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) {
379                     error_setg(errp, "No hostname for certificate validation");
380                     goto error;
381                 }
382             }
383         }
384 
385         gnutls_x509_crt_deinit(cert);
386     }
387 
388     return 0;
389 
390  error:
391     gnutls_x509_crt_deinit(cert);
392     return -1;
393 }
394 
395 
396 int
397 qcrypto_tls_session_check_credentials(QCryptoTLSSession *session,
398                                       Error **errp)
399 {
400     if (object_dynamic_cast(OBJECT(session->creds),
401                             TYPE_QCRYPTO_TLS_CREDS_ANON)) {
402         trace_qcrypto_tls_session_check_creds(session, "nop");
403         return 0;
404     } else if (object_dynamic_cast(OBJECT(session->creds),
405                             TYPE_QCRYPTO_TLS_CREDS_PSK)) {
406         trace_qcrypto_tls_session_check_creds(session, "nop");
407         return 0;
408     } else if (object_dynamic_cast(OBJECT(session->creds),
409                             TYPE_QCRYPTO_TLS_CREDS_X509)) {
410         if (session->creds->verifyPeer) {
411             int ret = qcrypto_tls_session_check_certificate(session,
412                                                             errp);
413             trace_qcrypto_tls_session_check_creds(session,
414                                                   ret == 0 ? "pass" : "fail");
415             return ret;
416         } else {
417             trace_qcrypto_tls_session_check_creds(session, "skip");
418             return 0;
419         }
420     } else {
421         trace_qcrypto_tls_session_check_creds(session, "error");
422         error_setg(errp, "Unexpected credential type %s",
423                    object_get_typename(OBJECT(session->creds)));
424         return -1;
425     }
426 }
427 
428 
429 void
430 qcrypto_tls_session_set_callbacks(QCryptoTLSSession *session,
431                                   QCryptoTLSSessionWriteFunc writeFunc,
432                                   QCryptoTLSSessionReadFunc readFunc,
433                                   void *opaque)
434 {
435     session->writeFunc = writeFunc;
436     session->readFunc = readFunc;
437     session->opaque = opaque;
438 }
439 
440 
441 ssize_t
442 qcrypto_tls_session_write(QCryptoTLSSession *session,
443                           const char *buf,
444                           size_t len)
445 {
446     ssize_t ret = gnutls_record_send(session->handle, buf, len);
447 
448     if (ret < 0) {
449         switch (ret) {
450         case GNUTLS_E_AGAIN:
451             errno = EAGAIN;
452             break;
453         case GNUTLS_E_INTERRUPTED:
454             errno = EINTR;
455             break;
456         default:
457             errno = EIO;
458             break;
459         }
460         ret = -1;
461     }
462 
463     return ret;
464 }
465 
466 
467 ssize_t
468 qcrypto_tls_session_read(QCryptoTLSSession *session,
469                          char *buf,
470                          size_t len)
471 {
472     ssize_t ret = gnutls_record_recv(session->handle, buf, len);
473 
474     if (ret < 0) {
475         switch (ret) {
476         case GNUTLS_E_AGAIN:
477             errno = EAGAIN;
478             break;
479         case GNUTLS_E_INTERRUPTED:
480             errno = EINTR;
481             break;
482         case GNUTLS_E_PREMATURE_TERMINATION:
483             errno = ECONNABORTED;
484             break;
485         default:
486             errno = EIO;
487             break;
488         }
489         ret = -1;
490     }
491 
492     return ret;
493 }
494 
495 
496 size_t
497 qcrypto_tls_session_check_pending(QCryptoTLSSession *session)
498 {
499     return gnutls_record_check_pending(session->handle);
500 }
501 
502 
503 int
504 qcrypto_tls_session_handshake(QCryptoTLSSession *session,
505                               Error **errp)
506 {
507     int ret = gnutls_handshake(session->handle);
508     if (ret == 0) {
509         session->handshakeComplete = true;
510     } else {
511         if (ret == GNUTLS_E_INTERRUPTED ||
512             ret == GNUTLS_E_AGAIN) {
513             ret = 1;
514         } else {
515             error_setg(errp, "TLS handshake failed: %s",
516                        gnutls_strerror(ret));
517             ret = -1;
518         }
519     }
520 
521     return ret;
522 }
523 
524 
525 QCryptoTLSSessionHandshakeStatus
526 qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *session)
527 {
528     if (session->handshakeComplete) {
529         return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
530     } else if (gnutls_record_get_direction(session->handle) == 0) {
531         return QCRYPTO_TLS_HANDSHAKE_RECVING;
532     } else {
533         return QCRYPTO_TLS_HANDSHAKE_SENDING;
534     }
535 }
536 
537 
538 int
539 qcrypto_tls_session_get_key_size(QCryptoTLSSession *session,
540                                  Error **errp)
541 {
542     gnutls_cipher_algorithm_t cipher;
543     int ssf;
544 
545     cipher = gnutls_cipher_get(session->handle);
546     ssf = gnutls_cipher_get_key_size(cipher);
547     if (!ssf) {
548         error_setg(errp, "Cannot get TLS cipher key size");
549         return -1;
550     }
551     return ssf;
552 }
553 
554 
555 char *
556 qcrypto_tls_session_get_peer_name(QCryptoTLSSession *session)
557 {
558     if (session->peername) {
559         return g_strdup(session->peername);
560     }
561     return NULL;
562 }
563 
564 
565 #else /* ! CONFIG_GNUTLS */
566 
567 
568 QCryptoTLSSession *
569 qcrypto_tls_session_new(QCryptoTLSCreds *creds G_GNUC_UNUSED,
570                         const char *hostname G_GNUC_UNUSED,
571                         const char *authzid G_GNUC_UNUSED,
572                         QCryptoTLSCredsEndpoint endpoint G_GNUC_UNUSED,
573                         Error **errp)
574 {
575     error_setg(errp, "TLS requires GNUTLS support");
576     return NULL;
577 }
578 
579 
580 void
581 qcrypto_tls_session_free(QCryptoTLSSession *sess G_GNUC_UNUSED)
582 {
583 }
584 
585 
586 int
587 qcrypto_tls_session_check_credentials(QCryptoTLSSession *sess G_GNUC_UNUSED,
588                                       Error **errp)
589 {
590     error_setg(errp, "TLS requires GNUTLS support");
591     return -1;
592 }
593 
594 
595 void
596 qcrypto_tls_session_set_callbacks(
597     QCryptoTLSSession *sess G_GNUC_UNUSED,
598     QCryptoTLSSessionWriteFunc writeFunc G_GNUC_UNUSED,
599     QCryptoTLSSessionReadFunc readFunc G_GNUC_UNUSED,
600     void *opaque G_GNUC_UNUSED)
601 {
602 }
603 
604 
605 ssize_t
606 qcrypto_tls_session_write(QCryptoTLSSession *sess,
607                           const char *buf,
608                           size_t len)
609 {
610     errno = -EIO;
611     return -1;
612 }
613 
614 
615 ssize_t
616 qcrypto_tls_session_read(QCryptoTLSSession *sess,
617                          char *buf,
618                          size_t len)
619 {
620     errno = -EIO;
621     return -1;
622 }
623 
624 
625 size_t
626 qcrypto_tls_session_check_pending(QCryptoTLSSession *session)
627 {
628     return 0;
629 }
630 
631 
632 int
633 qcrypto_tls_session_handshake(QCryptoTLSSession *sess,
634                               Error **errp)
635 {
636     error_setg(errp, "TLS requires GNUTLS support");
637     return -1;
638 }
639 
640 
641 QCryptoTLSSessionHandshakeStatus
642 qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *sess)
643 {
644     return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
645 }
646 
647 
648 int
649 qcrypto_tls_session_get_key_size(QCryptoTLSSession *sess,
650                                  Error **errp)
651 {
652     error_setg(errp, "TLS requires GNUTLS support");
653     return -1;
654 }
655 
656 
657 char *
658 qcrypto_tls_session_get_peer_name(QCryptoTLSSession *sess)
659 {
660     return NULL;
661 }
662 
663 #endif
664