mirror/openvpn3
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn3.git synced 2024-09-20 12:12:15 +02:00
Code
c9930250d9
openvpn3/openvpn/polarssl/ssl/sslctx.hpp

1132 lines
31 KiB
C++
Raw Blame History

// OpenVPN -- An application to securely tunnel IP networks
// over a single port, with support for SSL/TLS-based
// session authentication and key exchange,
// packet encryption, packet authentication, and
// packet compression.
//
// Copyright (C) 2012-2015 OpenVPN Technologies, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License Version 3
// as published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program in the COPYING file.
// If not, see <http://www.gnu.org/licenses/>.
// Wrap the PolarSSL 1.3 SSL API as defined in <polarssl/ssl.h>
// so that it can be used as the SSL layer by the OpenVPN core.
#ifndef OPENVPN_POLARSSL_SSL_SSLCTX_H
#define OPENVPN_POLARSSL_SSL_SSLCTX_H
#include <vector>
#include <string>
#include <sstream>
#include <cstring>
#include <memory>
#include <polarssl/ssl.h>
#include <polarssl/oid.h>
#include <polarssl/sha1.h>
#include <openvpn/common/size.hpp>
#include <openvpn/common/exception.hpp>
#include <openvpn/common/base64.hpp>
#include <openvpn/common/binprefix.hpp>
#include <openvpn/frame/memq_stream.hpp>
#include <openvpn/pki/cclist.hpp>
#include <openvpn/pki/pkcs1.hpp>
#include <openvpn/ssl/sslconsts.hpp>
#include <openvpn/ssl/sslapi.hpp>
#include <openvpn/polarssl/pki/x509cert.hpp>
#include <openvpn/polarssl/pki/x509crl.hpp>
#include <openvpn/polarssl/pki/dh.hpp>
#include <openvpn/polarssl/pki/pkctx.hpp>
#include <openvpn/polarssl/util/error.hpp>
// An SSL Context is essentially a configuration that can be used
// to generate an arbitrary number of actual SSL connections objects.
// PolarSSLContext is an SSL Context implementation that uses the
// PolarSSL library as a backend.
namespace openvpn {
namespace polarssl_ctx_private {
static const int aes_cbc_ciphersuites[] = // CONST GLOBAL
{
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
0
};
/*
* This is a modified list from PolarSSL ssl_ciphersuites.c.
* We removed some SHA1 methods near the top of the list to
* avoid Chrome warnings about "obsolete cryptography".
* We also removed ECDSA, CCM, PSK, and CAMELLIA algs.
*/
static const int ciphersuites[] =
{
/* Selected AES-256 ephemeral suites */
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
/* Selected AES-128 ephemeral suites */
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
/* Selected remaining >= 128-bit ephemeral suites */
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
/* Selected AES-256 suites */
TLS_RSA_WITH_AES_256_GCM_SHA384,
TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
/* Selected AES-128 suites */
TLS_RSA_WITH_AES_128_GCM_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
/* Selected remaining >= 128-bit suites */
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
0
};
}
// Represents an SSL configuration that can be used
// to instantiate actual SSL sessions.
class PolarSSLContext : public SSLFactoryAPI
{
public:
typedef RCPtr<PolarSSLContext> Ptr;
enum {
MAX_CIPHERTEXT_IN = 64 // maximum number of queued input ciphertext packets
};
// The data needed to construct a PolarSSLContext.
class Config : public SSLConfigAPI
{
friend class PolarSSLContext;
public:
typedef RCPtr<Config> Ptr;
Config() : external_pki(nullptr),
ssl_debug_level(0),
flags(0),
ns_cert_type(NSCert::NONE),
tls_version_min(TLSVersion::UNDEF),
local_cert_enabled(true),
enable_renegotiation(false),
force_aes_cbc_ciphersuites(false) {}
virtual SSLFactoryAPI::Ptr new_factory()
{
return SSLFactoryAPI::Ptr(new PolarSSLContext(this));
}
virtual void set_mode(const Mode& mode_arg)
{
mode = mode_arg;
}
virtual const Mode& get_mode() const
{
return mode;
}
// if this callback is defined, no private key needs to be loaded
virtual void set_external_pki_callback(ExternalPKIBase* external_pki_arg)
{
external_pki = external_pki_arg;
}
virtual void set_private_key_password(const std::string& pwd)
{
priv_key_pwd = pwd;
}
virtual void load_ca(const std::string& ca_txt, bool strict)
{
PolarSSLPKI::X509Cert::Ptr c = new PolarSSLPKI::X509Cert();
c->parse(ca_txt, "ca", strict);
ca_chain = c;
}
virtual void load_crl(const std::string& crl_txt)
{
PolarSSLPKI::X509CRL::Ptr c = new PolarSSLPKI::X509CRL();
c->parse(crl_txt);
crl_chain = c;
}
virtual void load_cert(const std::string& cert_txt)
{
PolarSSLPKI::X509Cert::Ptr c = new PolarSSLPKI::X509Cert();
c->parse(cert_txt, "cert", true);
crt_chain = c;
}
virtual void load_cert(const std::string& cert_txt, const std::string& extra_certs_txt)
{
PolarSSLPKI::X509Cert::Ptr c = new PolarSSLPKI::X509Cert();
c->parse(cert_txt, "cert", true);
if (!extra_certs_txt.empty())
c->parse(extra_certs_txt, "extra-certs", true);
crt_chain = c;
}
virtual void load_private_key(const std::string& key_txt)
{
PolarSSLPKI::PKContext::Ptr p = new PolarSSLPKI::PKContext();
p->parse(key_txt, "config", priv_key_pwd);
priv_key = p;
}
virtual void load_dh(const std::string& dh_txt)
{
PolarSSLPKI::DH::Ptr mydh = new PolarSSLPKI::DH();
mydh->parse(dh_txt, "server-config");
dh = mydh;
}
virtual void set_frame(const Frame::Ptr& frame_arg)
{
frame = frame_arg;
}
virtual void set_debug_level(const int debug_level)
{
ssl_debug_level = debug_level;
}
virtual void set_flags(const unsigned int flags_arg)
{
flags = flags_arg;
}
virtual void set_ns_cert_type(const NSCert::Type ns_cert_type_arg)
{
ns_cert_type = ns_cert_type_arg;
}
virtual void set_remote_cert_tls(const KUParse::TLSWebType wt)
{
KUParse::remote_cert_tls(wt, ku, eku);
}
virtual void set_tls_remote(const std::string& tls_remote_arg)
{
tls_remote = tls_remote_arg;
}
virtual void set_tls_version_min(const TLSVersion::Type tvm)
{
tls_version_min = tvm;
}
virtual void set_tls_version_min_override(const std::string& override)
{
TLSVersion::apply_override(tls_version_min, override);
}
virtual void set_local_cert_enabled(const bool v)
{
local_cert_enabled = v;
}
virtual void set_enable_renegotiation(const bool v)
{
enable_renegotiation = v;
}
virtual void set_force_aes_cbc_ciphersuites(const bool v)
{
force_aes_cbc_ciphersuites = v;
}
virtual void set_rng(const RandomAPI::Ptr& rng_arg)
{
rng = rng_arg;
}
virtual void load(const OptionList& opt, const unsigned int lflags)
{
// client/server
if (lflags & LF_PARSE_MODE)
mode = opt.exists("client") ? Mode(Mode::CLIENT) : Mode(Mode::SERVER);
// possibly disable peer cert verification
if ((lflags & LF_ALLOW_CLIENT_CERT_NOT_REQUIRED)
&& opt.exists("client-cert-not-required"))
flags |= SSLConst::NO_VERIFY_PEER;
// ca
{
const std::string ca_txt = opt.cat("ca");
load_ca(ca_txt, true);
}
// CRL
{
const std::string crl_txt = opt.cat("crl-verify");
if (!crl_txt.empty())
load_crl(crl_txt);
}
// local cert/key
if (local_cert_enabled)
{
// cert/extra-certs
{
const std::string& cert_txt = opt.get("cert", 1, Option::MULTILINE);
const std::string ec_txt = opt.cat("extra-certs");
load_cert(cert_txt, ec_txt);
}
// private key
if (!external_pki)
{
const std::string& key_txt = opt.get("key", 1, Option::MULTILINE);
load_private_key(key_txt);
}
}
// DH
if (mode.is_server())
{
const std::string& dh_txt = opt.get("dh", 1, Option::MULTILINE);
load_dh(dh_txt);
}
// parse ns-cert-type
ns_cert_type = NSCert::ns_cert_type(opt);
// parse remote-cert-x options
KUParse::remote_cert_tls(opt, ku, eku);
KUParse::remote_cert_ku(opt, ku);
KUParse::remote_cert_eku(opt, eku);
// parse tls-remote
tls_remote = opt.get_optional("tls-remote", 1, 256);
// parse tls-version-min option
{
# if defined(SSL_MAJOR_VERSION_3) && defined(SSL_MINOR_VERSION_3)
const TLSVersion::Type maxver = TLSVersion::V1_2;
# elif defined(SSL_MAJOR_VERSION_3) && defined(SSL_MINOR_VERSION_2)
const TLSVersion::Type maxver = TLSVersion::V1_1;
# else
const TLSVersion::Type maxver = TLSVersion::V1_0;
# endif
tls_version_min = TLSVersion::parse_tls_version_min(opt, maxver);
}
// unsupported cert verification options
{
}
}
private:
Mode mode;
PolarSSLPKI::X509Cert::Ptr crt_chain; // local cert chain (including client cert + extra certs)
PolarSSLPKI::X509Cert::Ptr ca_chain; // CA chain for remote verification
PolarSSLPKI::X509CRL::Ptr crl_chain; // CRL chain for remote verification
PolarSSLPKI::PKContext::Ptr priv_key; // private key
std::string priv_key_pwd; // private key password
PolarSSLPKI::DH::Ptr dh; // diffie-hellman parameters (only needed in server mode)
ExternalPKIBase* external_pki;
Frame::Ptr frame;
int ssl_debug_level;
unsigned int flags; // defined in sslconsts.hpp
NSCert::Type ns_cert_type;
std::vector<unsigned int> ku; // if defined, peer cert X509 key usage must match one of these values
std::string eku; // if defined, peer cert X509 extended key usage must match this OID/string
std::string tls_remote;
TLSVersion::Type tls_version_min; // minimum TLS version that we will negotiate
bool local_cert_enabled;
bool enable_renegotiation;
bool force_aes_cbc_ciphersuites;
RandomAPI::Ptr rng; // random data source
};
// Represents an actual SSL session.
// Normally instantiated by PolarSSLContext::ssl().
class SSL : public SSLAPI
{
// read/write callback errors
enum {
// assumes that PolarSSL user-defined errors may start at -0x8000
CT_WOULD_BLOCK = -0x8000,
CT_INTERNAL_ERROR = -0x8001
};
friend class PolarSSLContext;
public:
typedef RCPtr<SSL> Ptr;
virtual void start_handshake()
{
ssl_handshake(ssl);
}
virtual ssize_t write_cleartext_unbuffered(const void *data, const size_t size)
{
const int status = ssl_write(ssl, (const unsigned char*)data, size);
if (status < 0)
{
if (status == CT_WOULD_BLOCK)
return SSLConst::SHOULD_RETRY;
else if (status == CT_INTERNAL_ERROR)
throw PolarSSLException("SSL write: internal error");
else
throw PolarSSLException("SSL write error", status);
}
else
return status;
}
virtual ssize_t read_cleartext(void *data, const size_t capacity)
{
if (!overflow)
{
const int status = ssl_read(ssl, (unsigned char*)data, capacity);
if (status < 0)
{
if (status == CT_WOULD_BLOCK)
return SSLConst::SHOULD_RETRY;
else if (status == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY)
return SSLConst::PEER_CLOSE_NOTIFY;
else if (status == CT_INTERNAL_ERROR)
throw PolarSSLException("SSL read: internal error");
else
throw PolarSSLException("SSL read error", status);
}
else
return status;
}
else
throw ssl_ciphertext_in_overflow();
}
virtual bool read_cleartext_ready() const
{
return !ct_in.empty() || ssl_get_bytes_avail(ssl);
}
virtual void write_ciphertext(const BufferPtr& buf)
{
if (ct_in.size() < MAX_CIPHERTEXT_IN)
ct_in.write_buf(buf);
else
overflow = true;
}
virtual bool read_ciphertext_ready() const
{
return !ct_out.empty();
}
virtual BufferPtr read_ciphertext()
{
return ct_out.read_buf();
}
virtual std::string ssl_handshake_details() const
{
if (ssl)
{
const char *ver = ssl_get_version(ssl);
const char *cs = ssl_get_ciphersuite(ssl);
if (ver && cs)
return ver + std::string("/") + cs;
}
return "";
}
virtual const AuthCert::Ptr& auth_cert() const
{
return authcert;
}
~SSL()
{
erase();
}
private:
SSL(PolarSSLContext* ctx, const char *hostname)
{
clear();
try {
const Config& c = *ctx->config;
int status;
// set pointer back to parent
parent = ctx;
// init SSL object
ssl = new ssl_context;
status = ssl_init(ssl);
if (status < 0)
throw PolarSSLException("error in ssl_init", status);
// set client/server mode
if (c.mode.is_server())
{
ssl_set_endpoint(ssl, SSL_IS_SERVER);
authcert.reset(new AuthCert());
}
else if (c.mode.is_client())
ssl_set_endpoint(ssl, SSL_IS_CLIENT);
else
throw PolarSSLException("unknown client/server mode");
// set minimum TLS version
if (!c.force_aes_cbc_ciphersuites || c.tls_version_min > TLSVersion::UNDEF)
{
int polar_major;
int polar_minor;
switch (c.tls_version_min)
{
case TLSVersion::V1_0:
default:
polar_major = SSL_MAJOR_VERSION_3;
polar_minor = SSL_MINOR_VERSION_1;
break;
# if defined(SSL_MAJOR_VERSION_3) && defined(SSL_MINOR_VERSION_2)
case TLSVersion::V1_1:
polar_major = SSL_MAJOR_VERSION_3;
polar_minor = SSL_MINOR_VERSION_2;
break;
# endif
# if defined(SSL_MAJOR_VERSION_3) && defined(SSL_MINOR_VERSION_3)
case TLSVersion::V1_2:
polar_major = SSL_MAJOR_VERSION_3;
polar_minor = SSL_MINOR_VERSION_3;
break;
# endif
}
ssl_set_min_version(ssl, polar_major, polar_minor);
}
// peer must present a valid certificate
if (!(c.flags & SSLConst::NO_VERIFY_PEER))
ssl_set_authmode(ssl, SSL_VERIFY_REQUIRED);
// set verify callback
ssl_set_verify(ssl, c.mode.is_server() ? verify_callback_server : verify_callback_client, this);
// Notes on SSL resume/renegotiation:
// SSL resume on server side is controlled by ssl_set_session_cache.
// SSL renegotiation on/off is handled here via ssl_set_renegotiation.
// Without calling ssl_set_renegotiation, it defaults to
// SSL_RENEGOTIATION_DISABLED and ssl_legacy_renegotiation defaults to
// SSL_LEGACY_NO_RENEGOTIATION. To enable session tickets,
// POLARSSL_SSL_SESSION_TICKETS (compile flag) must be defined
// in PolarSSL config.h.
ssl_set_renegotiation(ssl, c.enable_renegotiation ? SSL_RENEGOTIATION_ENABLED : SSL_RENEGOTIATION_DISABLED);
ssl_set_ciphersuites(ssl, c.force_aes_cbc_ciphersuites ?
polarssl_ctx_private::aes_cbc_ciphersuites :
polarssl_ctx_private::ciphersuites);
// set CA chain
if (c.ca_chain)
ssl_set_ca_chain(ssl,
c.ca_chain->get(),
c.crl_chain ? c.crl_chain->get() : nullptr,
hostname);
else
throw PolarSSLException("CA chain not defined");
// client cert+key
if (c.local_cert_enabled)
{
if (c.external_pki)
{
// set our own certificate, supporting chain (i.e. extra-certs), and external private key
if (c.crt_chain)
ssl_set_own_cert_alt(ssl, c.crt_chain->get(), ctx, epki_decrypt, epki_sign, epki_key_len);
else
throw PolarSSLException("cert is undefined");
}
else
{
// set our own certificate, supporting chain (i.e. extra-certs), and private key
if (c.crt_chain && c.priv_key)
ssl_set_own_cert(ssl, c.crt_chain->get(), c.priv_key->get());
else
throw PolarSSLException("cert and/or private key is undefined");
}
}
// set DH
if (c.dh)
{
status = ssl_set_dh_param_ctx(ssl, c.dh->get());
if (status < 0)
throw PolarSSLException("error in ssl_set_dh_param_ctx", status);
}
// configure ciphertext buffers
ct_in.set_frame(c.frame);
ct_out.set_frame(c.frame);
// set BIO
ssl_set_bio(ssl, ct_read_func, this, ct_write_func, this);
// set RNG
if (c.rng)
{
rng = c.rng;
ssl_set_rng(ssl, rng_callback, this);
}
else
throw PolarSSLException("RNG not defined");
// set debug callback
if (c.ssl_debug_level)
ssl_set_dbg(ssl, dbg_callback, ctx);
}
catch (...)
{
erase();
throw;
}
}
// cleartext read callback
static int ct_read_func(void *arg, unsigned char *data, size_t length)
{
try {
SSL *self = (SSL *)arg;
const size_t actual = self->ct_in.read(data, length);
return actual > 0 ? (int)actual : CT_WOULD_BLOCK;
}
catch (...)
{
return CT_INTERNAL_ERROR;
}
}
// cleartext write callback
static int ct_write_func(void *arg, const unsigned char *data, size_t length)
{
try {
SSL *self = (SSL *)arg;
self->ct_out.write(data, length);
return (int)length;
}
catch (...)
{
return CT_INTERNAL_ERROR;
}
}
// RNG callback -- return random data to PolarSSL
static int rng_callback(void *arg, unsigned char *data, size_t len)
{
SSL *self = (SSL *)arg;
return self->rng->rand_bytes_noexcept(data, len) ? 0 : -1; // using -1 as a general-purpose PolarSSL error code
}
static void dbg_callback(void *arg, int level, const char *text)
{
PolarSSLContext *self = (PolarSSLContext *)arg;
if (level <= self->config->ssl_debug_level)
OPENVPN_LOG_NTNL("PolarSSL[" << level << "]: " << text);
}
void clear()
{
ssl = nullptr;
overflow = false;
}
void erase()
{
if (ssl)
{
ssl_free(ssl);
delete ssl;
}
clear();
}
PolarSSLContext *parent;
ssl_context *ssl; // underlying SSL connection object
RandomAPI::Ptr rng; // random data source
bool overflow;
MemQStream ct_in; // write ciphertext to here
MemQStream ct_out; // read ciphertext from here
AuthCert::Ptr authcert;
};
/////// start of main class implementation
// create a new SSL instance
virtual SSLAPI::Ptr ssl()
{
return SSL::Ptr(new SSL(this, nullptr));
}
// like ssl() above but verify hostname against cert CommonName and/or SubjectAltName
virtual SSLAPI::Ptr ssl(const std::string& hostname)
{
return SSL::Ptr(new SSL(this, hostname.c_str()));
}
virtual const Mode& mode() const
{
return config->mode;
}
~PolarSSLContext()
{
erase();
}
private:
PolarSSLContext(Config* config_arg)
: config(config_arg)
{
if (config->local_cert_enabled)
{
// Verify that cert is defined
if (!config->crt_chain)
throw PolarSSLException("cert is undefined");
}
}
size_t key_len() const
{
return pk_get_size(&config->crt_chain->get()->pk) / 8;
}
// ns-cert-type verification
bool ns_cert_type_defined() const
{
return config->ns_cert_type != NSCert::NONE;
}
bool verify_ns_cert_type(const x509_crt *cert) const
{
if (config->ns_cert_type == NSCert::SERVER)
return bool(cert->ns_cert_type & NS_CERT_TYPE_SSL_SERVER);
else if (config->ns_cert_type == NSCert::CLIENT)
return bool(cert->ns_cert_type & NS_CERT_TYPE_SSL_CLIENT);
else
return false;
}
// remote-cert-ku verification
bool x509_cert_ku_defined() const
{
return config->ku.size() > 0;
}
bool verify_x509_cert_ku(const x509_crt *cert)
{
if (cert->ext_types & EXT_KEY_USAGE)
{
const unsigned int ku = cert->key_usage;
for (std::vector<unsigned int>::const_iterator i = config->ku.begin(); i != config->ku.end(); ++i)
{
if (ku == *i)
return true;
}
}
return false;
}
// remote-cert-eku verification
bool x509_cert_eku_defined() const
{
return !config->eku.empty();
}
bool verify_x509_cert_eku(x509_crt *cert)
{
if (cert->ext_types & EXT_EXTENDED_KEY_USAGE)
{
x509_sequence *oid_seq = &cert->ext_key_usage;
while (oid_seq != nullptr)
{
x509_buf *oid = &oid_seq->buf;
// first compare against description
{
const char *oid_str = x509_oid_get_description(oid);
if (oid_str && config->eku == oid_str)
return true;
}
// next compare against OID numeric string
{
char oid_num_str[256];
const int status = x509_oid_get_numeric_string(oid_num_str, sizeof(oid_num_str), oid);
if (status >= 0 && config->eku == oid_num_str)
return true;
}
oid_seq = oid_seq->next;
}
}
return false;
}
// Try to return the x509 subject formatted like the OpenSSL X509_NAME_oneline method.
// Only attributes matched in the switch statements below will be rendered. All other
// attributes will be ignored.
static std::string x509_get_subject(const x509_crt *cert)
{
std::string ret;
for (const x509_name *name = &cert->subject; name != nullptr; name = name->next)
{
const char *key = nullptr;
if (OID_CMP(OID_AT_CN, &name->oid))
key = "CN";
else if (OID_CMP(OID_AT_COUNTRY, &name->oid))
key = "C";
else if (OID_CMP(OID_AT_LOCALITY, &name->oid))
key = "L";
else if (OID_CMP(OID_AT_STATE, &name->oid))
key = "ST";
else if (OID_CMP(OID_AT_ORGANIZATION, &name->oid))
key = "O";
else if (OID_CMP(OID_AT_ORG_UNIT, &name->oid))
key = "OU";
else if (OID_CMP(OID_PKCS9_EMAIL, &name->oid))
key = "emailAddress";
// make sure that key is defined and value has no embedded nulls
if (key && !string::embedded_null((const char *)name->val.p, name->val.len))
ret += "/" + std::string(key) + "=" + std::string((const char *)name->val.p, name->val.len);
}
return ret;
}
static std::string x509_get_common_name(const x509_crt *cert)
{
const x509_name *name = &cert->subject;
// find common name
while (name != nullptr)
{
if (OID_CMP(OID_AT_CN, &name->oid))
break;
name = name->next;
}
if (name)
return std::string((const char *)name->val.p, name->val.len);
else
return std::string("");
}
static std::string fmt_polarssl_verify_flags(const int flags)
{
std::ostringstream os;
if (flags & BADCERT_EXPIRED)
os << "CERT_EXPIRED ";
if (flags & BADCERT_REVOKED)
os << "CERT_REVOKED ";
if (flags & BADCERT_CN_MISMATCH)
os << "CN_MISMATCH ";
if (flags & BADCERT_NOT_TRUSTED)
os << "CERT_NOT_TRUSTED ";
if (flags & BADCRL_NOT_TRUSTED)
os << "CRL_NOT_TRUSTED ";
if (flags & BADCRL_EXPIRED)
os << "CRL_EXPIRED ";
if (flags & BADCERT_MISSING)
os << "CERT_MISSING ";
if (flags & BADCERT_SKIP_VERIFY)
os << "CERT_SKIP_VERIFY ";
if (flags & BADCERT_OTHER)
os << "CERT_OTHER ";
return os.str();
}
static std::string status_string(const x509_crt *cert, const int depth, const int *flags)
{
std::ostringstream os;
std::string status_str = "OK";
if (*flags)
status_str = "FAIL " + fmt_polarssl_verify_flags(*flags);
os << "VERIFY "
<< status_str
<< ": depth=" << depth
<< std::endl << cert_info(cert);
return os.str();
}
static int verify_callback_client(void *arg, x509_crt *cert, int depth, int *flags)
{
PolarSSLContext::SSL *ssl = (PolarSSLContext::SSL *)arg;
PolarSSLContext *self = ssl->parent;
bool fail = false;
// log status
if (self->config->flags & SSLConst::LOG_VERIFY_STATUS)
OPENVPN_LOG_SSL(status_string(cert, depth, flags));
// leaf-cert verification
if (depth == 0)
{
// verify ns-cert-type
if (self->ns_cert_type_defined() && !self->verify_ns_cert_type(cert))
{
OPENVPN_LOG_SSL("VERIFY FAIL -- bad ns-cert-type in leaf certificate");
fail = true;
}
// verify X509 key usage
if (self->x509_cert_ku_defined() && !self->verify_x509_cert_ku(cert))
{
OPENVPN_LOG_SSL("VERIFY FAIL -- bad X509 key usage in leaf certificate");
fail = true;
}
// verify X509 extended key usage
if (self->x509_cert_eku_defined() && !self->verify_x509_cert_eku(cert))
{
OPENVPN_LOG_SSL("VERIFY FAIL -- bad X509 extended key usage in leaf certificate");
fail = true;
}
// verify tls-remote
if (!self->config->tls_remote.empty())
{
const std::string subject = TLSRemote::sanitize_x509_name(x509_get_subject(cert));
const std::string common_name = TLSRemote::sanitize_common_name(x509_get_common_name(cert));
TLSRemote::log(self->config->tls_remote, subject, common_name);
if (!TLSRemote::test(self->config->tls_remote, subject, common_name))
{
OPENVPN_LOG_SSL("VERIFY FAIL -- tls-remote match failed");
fail = true;
}
}
}
if (fail)
*flags |= BADCERT_OTHER;
return 0;
}
static int verify_callback_server(void *arg, x509_crt *cert, int depth, int *flags)
{
PolarSSLContext::SSL *ssl = (PolarSSLContext::SSL *)arg;
PolarSSLContext *self = ssl->parent;
bool fail = false;
if (depth == 1) // issuer cert
{
// save the issuer cert fingerprint
if (ssl->authcert)
{
const int SHA_DIGEST_LENGTH = 20;
static_assert(sizeof(AuthCert::issuer_fp) == SHA_DIGEST_LENGTH, "size inconsistency");
sha1(cert->raw.p, cert->raw.len, ssl->authcert->issuer_fp);
}
}
else if (depth == 0) // leaf-cert
{
// verify ns-cert-type
if (self->ns_cert_type_defined() && !self->verify_ns_cert_type(cert))
{
OPENVPN_LOG_SSL("VERIFY FAIL -- bad ns-cert-type in leaf certificate");
fail = true;
}
// verify X509 key usage
if (self->x509_cert_ku_defined() && !self->verify_x509_cert_ku(cert))
{
OPENVPN_LOG_SSL("VERIFY FAIL -- bad X509 key usage in leaf certificate");
fail = true;
}
// verify X509 extended key usage
if (self->x509_cert_eku_defined() && !self->verify_x509_cert_eku(cert))
{
OPENVPN_LOG_SSL("VERIFY FAIL -- bad X509 extended key usage in leaf certificate");
fail = true;
}
if (ssl->authcert)
{
// save the Common Name
ssl->authcert->cn = x509_get_common_name(cert);
// save the leaf cert serial number
const x509_buf *s = &cert->serial;
if (s->len > 0 && s->len <= sizeof(ssl->authcert->sn))
ssl->authcert->sn = bin_prefix_floor<decltype(ssl->authcert->sn)>(s->p, s->len, -1);
else
ssl->authcert->sn = -1;
}
}
if (fail)
*flags |= BADCERT_OTHER;
return 0;
}
static std::string cert_info(const x509_crt *cert, const char *prefix = nullptr)
{
const size_t buf_size = 4096;
std::unique_ptr<char[]> buf(new char[buf_size]);
const int size = x509_crt_info(buf.get(), buf_size, prefix ? prefix : "", cert);
if (size >= 0)
return std::string(buf.get());
else
return "error rendering cert";
}
void erase()
{
}
static int epki_decrypt(void *arg,
int mode,
size_t *olen,
const unsigned char *input,
unsigned char *output,
size_t output_max_len)
{
OPENVPN_LOG_SSL("PolarSSLContext::epki_decrypt is unimplemented, mode=" << mode
<< " output_max_len=" << output_max_len);
return POLARSSL_ERR_RSA_BAD_INPUT_DATA;
}
static int epki_sign(void *arg,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig)
{
PolarSSLContext *self = (PolarSSLContext *) arg;
try {
if (mode == RSA_PRIVATE)
{
size_t digest_prefix_len = 0;
const unsigned char *digest_prefix = nullptr;
/* get signature type */
switch (md_alg) {
case POLARSSL_MD_NONE:
break;
case POLARSSL_MD_MD2:
digest_prefix = PKCS1::DigestPrefix::MD2;
digest_prefix_len = sizeof(PKCS1::DigestPrefix::MD2);
break;
case POLARSSL_MD_MD5:
digest_prefix = PKCS1::DigestPrefix::MD5;
digest_prefix_len = sizeof(PKCS1::DigestPrefix::MD5);
break;
case POLARSSL_MD_SHA1:
digest_prefix = PKCS1::DigestPrefix::SHA1;
digest_prefix_len = sizeof(PKCS1::DigestPrefix::SHA1);
break;
case POLARSSL_MD_SHA256:
digest_prefix = PKCS1::DigestPrefix::SHA256;
digest_prefix_len = sizeof(PKCS1::DigestPrefix::SHA256);
break;
case POLARSSL_MD_SHA384:
digest_prefix = PKCS1::DigestPrefix::SHA384;
digest_prefix_len = sizeof(PKCS1::DigestPrefix::SHA384);
break;
case POLARSSL_MD_SHA512:
digest_prefix = PKCS1::DigestPrefix::SHA512;
digest_prefix_len = sizeof(PKCS1::DigestPrefix::SHA512);
break;
default:
OPENVPN_LOG_SSL("PolarSSLContext::epki_sign unrecognized hash_id, mode=" << mode
<< " md_alg=" << md_alg << " hashlen=" << hashlen);
return POLARSSL_ERR_RSA_BAD_INPUT_DATA;
}
/* concatenate digest prefix with hash */
BufferAllocated from_buf(digest_prefix_len + hashlen, 0);
if (digest_prefix_len)
from_buf.write(digest_prefix, digest_prefix_len);
from_buf.write(hash, hashlen);
/* convert from_buf to base64 */
const std::string from_b64 = base64->encode(from_buf);
/* get signature */
std::string sig_b64;
const bool status = self->config->external_pki->sign("RSA_RAW", from_b64, sig_b64);
if (!status)
throw ssl_external_pki("PolarSSL: could not obtain signature");
/* decode base64 signature to binary */
const size_t len = self->key_len();
Buffer sigbuf(sig, len, false);
base64->decode(sigbuf, sig_b64);
/* verify length */
if (sigbuf.size() != len)
throw ssl_external_pki("PolarSSL: incorrect signature length");
/* success */
return 0;
}
else
{
OPENVPN_LOG_SSL("PolarSSLContext::epki_sign unrecognized parameters, mode=" << mode
<< " md_alg=" << md_alg << " hashlen=" << hashlen);
return POLARSSL_ERR_RSA_BAD_INPUT_DATA;
}
}
catch (const std::exception& e)
{
OPENVPN_LOG("PolarSSLContext::epki_sign: " << e.what());
return POLARSSL_ERR_RSA_BAD_INPUT_DATA;
}
}
static size_t epki_key_len(void *arg)
{
PolarSSLContext *self = (PolarSSLContext *) arg;
return self->key_len();
}
Config::Ptr config;
};
} // namespace openvpn
#endif
View Git Blame Copy Permalink