[qemu.git] / crypto / tlssession.c

/*
 * QEMU crypto TLS session support
 *
 * Copyright (c) 2015 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
 *
 */

#include "qemu/osdep.h"
#include "crypto/tlssession.h"
#include "crypto/tlscredsanon.h"
#include "crypto/tlscredspsk.h"
#include "crypto/tlscredsx509.h"
#include "qapi/error.h"
#include "authz/base.h"
#include "trace.h"

#ifdef CONFIG_GNUTLS


#include <gnutls/x509.h>


struct QCryptoTLSSession {
    QCryptoTLSCreds *creds;
    gnutls_session_t handle;
    char *hostname;
    char *authzid;
    bool handshakeComplete;
    QCryptoTLSSessionWriteFunc writeFunc;
    QCryptoTLSSessionReadFunc readFunc;
    void *opaque;
    char *peername;
};


void
qcrypto_tls_session_free(QCryptoTLSSession *session)
{
    if (!session) {
        return;
    }

    gnutls_deinit(session->handle);
    g_free(session->hostname);
    g_free(session->peername);
    g_free(session->authzid);
    object_unref(OBJECT(session->creds));
    g_free(session);
}


static ssize_t
qcrypto_tls_session_push(void *opaque, const void *buf, size_t len)
{
    QCryptoTLSSession *session = opaque;

    if (!session->writeFunc) {
        errno = EIO;
        return -1;
    };

    return session->writeFunc(buf, len, session->opaque);
}


static ssize_t
qcrypto_tls_session_pull(void *opaque, void *buf, size_t len)
{
    QCryptoTLSSession *session = opaque;

    if (!session->readFunc) {
        errno = EIO;
        return -1;
    };

    return session->readFunc(buf, len, session->opaque);
}

#define TLS_PRIORITY_ADDITIONAL_ANON "+ANON-DH"
#define TLS_PRIORITY_ADDITIONAL_PSK "+ECDHE-PSK:+DHE-PSK:+PSK"

QCryptoTLSSession *
qcrypto_tls_session_new(QCryptoTLSCreds *creds,
                        const char *hostname,
                        const char *authzid,
                        QCryptoTLSCredsEndpoint endpoint,
                        Error **errp)
{
    QCryptoTLSSession *session;
    int ret;

    session = g_new0(QCryptoTLSSession, 1);
    trace_qcrypto_tls_session_new(
        session, creds, hostname ? hostname : "<none>",
        authzid ? authzid : "<none>", endpoint);

    if (hostname) {
        session->hostname = g_strdup(hostname);
    }
    if (authzid) {
        session->authzid = g_strdup(authzid);
    }
    session->creds = creds;
    object_ref(OBJECT(creds));

    if (creds->endpoint != endpoint) {
        error_setg(errp, "Credentials endpoint doesn't match session");
        goto error;
    }

    if (endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
        ret = gnutls_init(&session->handle, GNUTLS_SERVER);
    } else {
        ret = gnutls_init(&session->handle, GNUTLS_CLIENT);
    }
    if (ret < 0) {
        error_setg(errp, "Cannot initialize TLS session: %s",
                   gnutls_strerror(ret));
        goto error;
    }

    if (object_dynamic_cast(OBJECT(creds),
                            TYPE_QCRYPTO_TLS_CREDS_ANON)) {
        QCryptoTLSCredsAnon *acreds = QCRYPTO_TLS_CREDS_ANON(creds);
        char *prio;

        if (creds->priority != NULL) {
            prio = g_strdup_printf("%s:%s",
                                   creds->priority,
                                   TLS_PRIORITY_ADDITIONAL_ANON);
        } else {
            prio = g_strdup(CONFIG_TLS_PRIORITY ":"
                            TLS_PRIORITY_ADDITIONAL_ANON);
        }

        ret = gnutls_priority_set_direct(session->handle, prio, NULL);
        if (ret < 0) {
            error_setg(errp, "Unable to set TLS session priority %s: %s",
                       prio, gnutls_strerror(ret));
            g_free(prio);
            goto error;
        }
        g_free(prio);
        if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
            ret = gnutls_credentials_set(session->handle,
                                         GNUTLS_CRD_ANON,
                                         acreds->data.server);
        } else {
            ret = gnutls_credentials_set(session->handle,
                                         GNUTLS_CRD_ANON,
                                         acreds->data.client);
        }
        if (ret < 0) {
            error_setg(errp, "Cannot set session credentials: %s",
                       gnutls_strerror(ret));
            goto error;
        }
    } else if (object_dynamic_cast(OBJECT(creds),
                                   TYPE_QCRYPTO_TLS_CREDS_PSK)) {
        QCryptoTLSCredsPSK *pcreds = QCRYPTO_TLS_CREDS_PSK(creds);
        char *prio;

        if (creds->priority != NULL) {
            prio = g_strdup_printf("%s:%s",
                                   creds->priority,
                                   TLS_PRIORITY_ADDITIONAL_PSK);
        } else {
            prio = g_strdup(CONFIG_TLS_PRIORITY ":"
                            TLS_PRIORITY_ADDITIONAL_PSK);
        }

        ret = gnutls_priority_set_direct(session->handle, prio, NULL);
        if (ret < 0) {
            error_setg(errp, "Unable to set TLS session priority %s: %s",
                       prio, gnutls_strerror(ret));
            g_free(prio);
            goto error;
        }
        g_free(prio);
        if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
            ret = gnutls_credentials_set(session->handle,
                                         GNUTLS_CRD_PSK,
                                         pcreds->data.server);
        } else {
            ret = gnutls_credentials_set(session->handle,
                                         GNUTLS_CRD_PSK,
                                         pcreds->data.client);
        }
        if (ret < 0) {
            error_setg(errp, "Cannot set session credentials: %s",
                       gnutls_strerror(ret));
            goto error;
        }
    } else if (object_dynamic_cast(OBJECT(creds),
                                   TYPE_QCRYPTO_TLS_CREDS_X509)) {
        QCryptoTLSCredsX509 *tcreds = QCRYPTO_TLS_CREDS_X509(creds);
        const char *prio = creds->priority;
        if (!prio) {
            prio = CONFIG_TLS_PRIORITY;
        }

        ret = gnutls_priority_set_direct(session->handle, prio, NULL);
        if (ret < 0) {
            error_setg(errp, "Cannot set default TLS session priority %s: %s",
                       prio, gnutls_strerror(ret));
            goto error;
        }
        ret = gnutls_credentials_set(session->handle,
                                     GNUTLS_CRD_CERTIFICATE,
                                     tcreds->data);
        if (ret < 0) {
            error_setg(errp, "Cannot set session credentials: %s",
                       gnutls_strerror(ret));
            goto error;
        }

        if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
            /* This requests, but does not enforce a client cert.
             * The cert checking code later does enforcement */
            gnutls_certificate_server_set_request(session->handle,
                                                  GNUTLS_CERT_REQUEST);
        }
    } else {
        error_setg(errp, "Unsupported TLS credentials type %s",
                   object_get_typename(OBJECT(creds)));
        goto error;
    }

    gnutls_transport_set_ptr(session->handle, session);
    gnutls_transport_set_push_function(session->handle,
                                       qcrypto_tls_session_push);
    gnutls_transport_set_pull_function(session->handle,
                                       qcrypto_tls_session_pull);

    return session;

 error:
    qcrypto_tls_session_free(session);
    return NULL;
}

static int
qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,
                                      Error **errp)
{
    int ret;
    unsigned int status;
    const gnutls_datum_t *certs;
    unsigned int nCerts, i;
    time_t now;
    gnutls_x509_crt_t cert = NULL;
    Error *err = NULL;

    now = time(NULL);
    if (now == ((time_t)-1)) {
        error_setg_errno(errp, errno, "Cannot get current time");
        return -1;
    }

    ret = gnutls_certificate_verify_peers2(session->handle, &status);
    if (ret < 0) {
        error_setg(errp, "Verify failed: %s", gnutls_strerror(ret));
        return -1;
    }

    if (status != 0) {
        const char *reason = "Invalid certificate";

        if (status & GNUTLS_CERT_INVALID) {
            reason = "The certificate is not trusted";
        }

        if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
            reason = "The certificate hasn't got a known issuer";
        }

        if (status & GNUTLS_CERT_REVOKED) {
            reason = "The certificate has been revoked";
        }

        if (status & GNUTLS_CERT_INSECURE_ALGORITHM) {
            reason = "The certificate uses an insecure algorithm";
        }

        error_setg(errp, "%s", reason);
        return -1;
    }

    certs = gnutls_certificate_get_peers(session->handle, &nCerts);
    if (!certs) {
        error_setg(errp, "No certificate peers");
        return -1;
    }

    for (i = 0; i < nCerts; i++) {
        ret = gnutls_x509_crt_init(&cert);
        if (ret < 0) {
            error_setg(errp, "Cannot initialize certificate: %s",
                       gnutls_strerror(ret));
            return -1;
        }

        ret = gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER);
        if (ret < 0) {
            error_setg(errp, "Cannot import certificate: %s",
                       gnutls_strerror(ret));
            goto error;
        }

        if (gnutls_x509_crt_get_expiration_time(cert) < now) {
            error_setg(errp, "The certificate has expired");
            goto error;
        }

        if (gnutls_x509_crt_get_activation_time(cert) > now) {
            error_setg(errp, "The certificate is not yet activated");
            goto error;
        }

        if (gnutls_x509_crt_get_activation_time(cert) > now) {
            error_setg(errp, "The certificate is not yet activated");
            goto error;
        }

        if (i == 0) {
            size_t dnameSize = 1024;
            session->peername = g_malloc(dnameSize);
        requery:
            ret = gnutls_x509_crt_get_dn(cert, session->peername, &dnameSize);
            if (ret < 0) {
                if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
                    session->peername = g_realloc(session->peername,
                                                  dnameSize);
                    goto requery;
                }
                error_setg(errp, "Cannot get client distinguished name: %s",
                           gnutls_strerror(ret));
                goto error;
            }
            if (session->authzid) {
                bool allow;

                allow = qauthz_is_allowed_by_id(session->authzid,
                                                session->peername, &err);
                if (err) {
                    error_propagate(errp, err);
                    goto error;
                }
                if (!allow) {
                    error_setg(errp, "TLS x509 authz check for %s is denied",
                               session->peername);
                    goto error;
                }
            }
            if (session->hostname) {
                if (!gnutls_x509_crt_check_hostname(cert, session->hostname)) {
                    error_setg(errp,
                               "Certificate does not match the hostname %s",
                               session->hostname);
                    goto error;
                }
            }
        }

        gnutls_x509_crt_deinit(cert);
    }

    return 0;

 error:
    gnutls_x509_crt_deinit(cert);
    return -1;
}


int
qcrypto_tls_session_check_credentials(QCryptoTLSSession *session,
                                      Error **errp)
{
    if (object_dynamic_cast(OBJECT(session->creds),
                            TYPE_QCRYPTO_TLS_CREDS_ANON)) {
        trace_qcrypto_tls_session_check_creds(session, "nop");
        return 0;
    } else if (object_dynamic_cast(OBJECT(session->creds),
                            TYPE_QCRYPTO_TLS_CREDS_PSK)) {
        trace_qcrypto_tls_session_check_creds(session, "nop");
        return 0;
    } else if (object_dynamic_cast(OBJECT(session->creds),
                            TYPE_QCRYPTO_TLS_CREDS_X509)) {
        if (session->creds->verifyPeer) {
            int ret = qcrypto_tls_session_check_certificate(session,
                                                            errp);
            trace_qcrypto_tls_session_check_creds(session,
                                                  ret == 0 ? "pass" : "fail");
            return ret;
        } else {
            trace_qcrypto_tls_session_check_creds(session, "skip");
            return 0;
        }
    } else {
        trace_qcrypto_tls_session_check_creds(session, "error");
        error_setg(errp, "Unexpected credential type %s",
                   object_get_typename(OBJECT(session->creds)));
        return -1;
    }
}


void
qcrypto_tls_session_set_callbacks(QCryptoTLSSession *session,
                                  QCryptoTLSSessionWriteFunc writeFunc,
                                  QCryptoTLSSessionReadFunc readFunc,
                                  void *opaque)
{
    session->writeFunc = writeFunc;
    session->readFunc = readFunc;
    session->opaque = opaque;
}


ssize_t
qcrypto_tls_session_write(QCryptoTLSSession *session,
                          const char *buf,
                          size_t len)
{
    ssize_t ret = gnutls_record_send(session->handle, buf, len);

    if (ret < 0) {
        switch (ret) {
        case GNUTLS_E_AGAIN:
            errno = EAGAIN;
            break;
        case GNUTLS_E_INTERRUPTED:
            errno = EINTR;
            break;
        default:
            errno = EIO;
            break;
        }
        ret = -1;
    }

    return ret;
}


ssize_t
qcrypto_tls_session_read(QCryptoTLSSession *session,
                         char *buf,
                         size_t len)
{
    ssize_t ret = gnutls_record_recv(session->handle, buf, len);

    if (ret < 0) {
        switch (ret) {
        case GNUTLS_E_AGAIN:
            errno = EAGAIN;
            break;
        case GNUTLS_E_INTERRUPTED:
            errno = EINTR;
            break;
        case GNUTLS_E_PREMATURE_TERMINATION:
            errno = ECONNABORTED;
            break;
        default:
            errno = EIO;
            break;
        }
        ret = -1;
    }

    return ret;
}


int
qcrypto_tls_session_handshake(QCryptoTLSSession *session,
                              Error **errp)
{
    int ret = gnutls_handshake(session->handle);
    if (ret == 0) {
        session->handshakeComplete = true;
    } else {
        if (ret == GNUTLS_E_INTERRUPTED ||
            ret == GNUTLS_E_AGAIN) {
            ret = 1;
        } else {
            error_setg(errp, "TLS handshake failed: %s",
                       gnutls_strerror(ret));
            ret = -1;
        }
    }

    return ret;
}


QCryptoTLSSessionHandshakeStatus
qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *session)
{
    if (session->handshakeComplete) {
        return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
    } else if (gnutls_record_get_direction(session->handle) == 0) {
        return QCRYPTO_TLS_HANDSHAKE_RECVING;
    } else {
        return QCRYPTO_TLS_HANDSHAKE_SENDING;
    }
}


int
qcrypto_tls_session_get_key_size(QCryptoTLSSession *session,
                                 Error **errp)
{
    gnutls_cipher_algorithm_t cipher;
    int ssf;

    cipher = gnutls_cipher_get(session->handle);
    ssf = gnutls_cipher_get_key_size(cipher);
    if (!ssf) {
        error_setg(errp, "Cannot get TLS cipher key size");
        return -1;
    }
    return ssf;
}


char *
qcrypto_tls_session_get_peer_name(QCryptoTLSSession *session)
{
    if (session->peername) {
        return g_strdup(session->peername);
    }
    return NULL;
}


#else /* ! CONFIG_GNUTLS */


QCryptoTLSSession *
qcrypto_tls_session_new(QCryptoTLSCreds *creds G_GNUC_UNUSED,
                        const char *hostname G_GNUC_UNUSED,
                        const char *authzid G_GNUC_UNUSED,
                        QCryptoTLSCredsEndpoint endpoint G_GNUC_UNUSED,
                        Error **errp)
{
    error_setg(errp, "TLS requires GNUTLS support");
    return NULL;
}


void
qcrypto_tls_session_free(QCryptoTLSSession *sess G_GNUC_UNUSED)
{
}


int
qcrypto_tls_session_check_credentials(QCryptoTLSSession *sess G_GNUC_UNUSED,
                                      Error **errp)
{
    error_setg(errp, "TLS requires GNUTLS support");
    return -1;
}


void
qcrypto_tls_session_set_callbacks(
    QCryptoTLSSession *sess G_GNUC_UNUSED,
    QCryptoTLSSessionWriteFunc writeFunc G_GNUC_UNUSED,
    QCryptoTLSSessionReadFunc readFunc G_GNUC_UNUSED,
    void *opaque G_GNUC_UNUSED)
{
}


ssize_t
qcrypto_tls_session_write(QCryptoTLSSession *sess,
                          const char *buf,
                          size_t len)
{
    errno = -EIO;
    return -1;
}


ssize_t
qcrypto_tls_session_read(QCryptoTLSSession *sess,
                         char *buf,
                         size_t len)
{
    errno = -EIO;
    return -1;
}


int
qcrypto_tls_session_handshake(QCryptoTLSSession *sess,
                              Error **errp)
{
    error_setg(errp, "TLS requires GNUTLS support");
    return -1;
}


QCryptoTLSSessionHandshakeStatus
qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *sess)
{
    return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
}


int
qcrypto_tls_session_get_key_size(QCryptoTLSSession *sess,
                                 Error **errp)
{
    error_setg(errp, "TLS requires GNUTLS support");
    return -1;
}


char *
qcrypto_tls_session_get_peer_name(QCryptoTLSSession *sess)
{
    return NULL;
}

#endif
Commit	Line	Data
d321e1e5 DB	1	/*
	2	* QEMU crypto TLS session support
	3	*
	4	* Copyright (c) 2015 Red Hat, Inc.
	5	*
	6	* This library is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU Lesser General Public
	8	* License as published by the Free Software Foundation; either
	9	* version 2 of the License, or (at your option) any later version.
	10	*
	11	* This library is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	* Lesser General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU Lesser General Public
	17	* License along with this library; if not, see <http://www.gnu.org/licenses/>.
	18	*
	19	*/
	20
42f7a448	21	#include "qemu/osdep.h"
d321e1e5 DB	22	#include "crypto/tlssession.h"
d321e1e5 DB	23	#include "crypto/tlscredsanon.h"
e1a6dc91	24	#include "crypto/tlscredspsk.h"
d321e1e5	25	#include "crypto/tlscredsx509.h"
da34e65c	26	#include "qapi/error.h"
b76806d4	27	#include "authz/base.h"
d321e1e5 DB	28	#include "trace.h"
	29
	30	#ifdef CONFIG_GNUTLS
	31
	32
	33	#include <gnutls/x509.h>
	34
	35
	36	struct QCryptoTLSSession {
	37	QCryptoTLSCreds *creds;
	38	gnutls_session_t handle;
	39	char *hostname;
b76806d4	40	char *authzid;
d321e1e5 DB	41	bool handshakeComplete;
	42	QCryptoTLSSessionWriteFunc writeFunc;
	43	QCryptoTLSSessionReadFunc readFunc;
	44	void *opaque;
	45	char *peername;
	46	};
	47
	48
	49	void
	50	qcrypto_tls_session_free(QCryptoTLSSession *session)
	51	{
	52	if (!session) {
	53	return;
	54	}
	55
	56	gnutls_deinit(session->handle);
	57	g_free(session->hostname);
	58	g_free(session->peername);
b76806d4	59	g_free(session->authzid);
d321e1e5 DB	60	object_unref(OBJECT(session->creds));
	61	g_free(session);
	62	}
	63
	64
	65	static ssize_t
	66	qcrypto_tls_session_push(void opaque, const void buf, size_t len)
	67	{
	68	QCryptoTLSSession *session = opaque;
	69
	70	if (!session->writeFunc) {
	71	errno = EIO;
	72	return -1;
	73	};
	74
	75	return session->writeFunc(buf, len, session->opaque);
	76	}
	77
	78
	79	static ssize_t
	80	qcrypto_tls_session_pull(void opaque, void buf, size_t len)
	81	{
	82	QCryptoTLSSession *session = opaque;
	83
	84	if (!session->readFunc) {
	85	errno = EIO;
	86	return -1;
	87	};
	88
	89	return session->readFunc(buf, len, session->opaque);
	90	}
	91
e1a6dc91	92	#define TLS_PRIORITY_ADDITIONAL_ANON "+ANON-DH"
a0722409	93	#define TLS_PRIORITY_ADDITIONAL_PSK "+ECDHE-PSK:+DHE-PSK:+PSK"
d321e1e5 DB	94
	95	QCryptoTLSSession *
	96	qcrypto_tls_session_new(QCryptoTLSCreds *creds,
	97	const char *hostname,
b76806d4	98	const char *authzid,
d321e1e5 DB	99	QCryptoTLSCredsEndpoint endpoint,
	100	Error **errp)
	101	{
	102	QCryptoTLSSession *session;
	103	int ret;
	104
	105	session = g_new0(QCryptoTLSSession, 1);
	106	trace_qcrypto_tls_session_new(
	107	session, creds, hostname ? hostname : "<none>",
b76806d4	108	authzid ? authzid : "<none>", endpoint);
d321e1e5 DB	109
	110	if (hostname) {
	111	session->hostname = g_strdup(hostname);
	112	}
b76806d4 DB	113	if (authzid) {
b76806d4 DB	114	session->authzid = g_strdup(authzid);
d321e1e5 DB	115	}
	116	session->creds = creds;
	117	object_ref(OBJECT(creds));
	118
	119	if (creds->endpoint != endpoint) {
	120	error_setg(errp, "Credentials endpoint doesn't match session");
	121	goto error;
	122	}
	123
	124	if (endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
	125	ret = gnutls_init(&session->handle, GNUTLS_SERVER);
	126	} else {
	127	ret = gnutls_init(&session->handle, GNUTLS_CLIENT);
	128	}
	129	if (ret < 0) {
	130	error_setg(errp, "Cannot initialize TLS session: %s",
	131	gnutls_strerror(ret));
	132	goto error;
	133	}
	134
	135	if (object_dynamic_cast(OBJECT(creds),
	136	TYPE_QCRYPTO_TLS_CREDS_ANON)) {
	137	QCryptoTLSCredsAnon *acreds = QCRYPTO_TLS_CREDS_ANON(creds);
13f12430	138	char *prio;
d321e1e5	139
13f12430	140	if (creds->priority != NULL) {
e1a6dc91 RJ	141	prio = g_strdup_printf("%s:%s",
	142	creds->priority,
	143	TLS_PRIORITY_ADDITIONAL_ANON);
13f12430	144	} else {
e1a6dc91 RJ	145	prio = g_strdup(CONFIG_TLS_PRIORITY ":"
e1a6dc91 RJ	146	TLS_PRIORITY_ADDITIONAL_ANON);
13f12430 DB	147	}
	148
	149	ret = gnutls_priority_set_direct(session->handle, prio, NULL);
d321e1e5	150	if (ret < 0) {
13f12430 DB	151	error_setg(errp, "Unable to set TLS session priority %s: %s",
	152	prio, gnutls_strerror(ret));
	153	g_free(prio);
d321e1e5 DB	154	goto error;
d321e1e5 DB	155	}
13f12430	156	g_free(prio);
d321e1e5 DB	157	if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
	158	ret = gnutls_credentials_set(session->handle,
	159	GNUTLS_CRD_ANON,
	160	acreds->data.server);
	161	} else {
	162	ret = gnutls_credentials_set(session->handle,
	163	GNUTLS_CRD_ANON,
	164	acreds->data.client);
	165	}
	166	if (ret < 0) {
	167	error_setg(errp, "Cannot set session credentials: %s",
	168	gnutls_strerror(ret));
	169	goto error;
	170	}
e1a6dc91 RJ	171	} else if (object_dynamic_cast(OBJECT(creds),
	172	TYPE_QCRYPTO_TLS_CREDS_PSK)) {
	173	QCryptoTLSCredsPSK *pcreds = QCRYPTO_TLS_CREDS_PSK(creds);
	174	char *prio;
	175
	176	if (creds->priority != NULL) {
	177	prio = g_strdup_printf("%s:%s",
	178	creds->priority,
	179	TLS_PRIORITY_ADDITIONAL_PSK);
	180	} else {
	181	prio = g_strdup(CONFIG_TLS_PRIORITY ":"
	182	TLS_PRIORITY_ADDITIONAL_PSK);
	183	}
	184
	185	ret = gnutls_priority_set_direct(session->handle, prio, NULL);
	186	if (ret < 0) {
	187	error_setg(errp, "Unable to set TLS session priority %s: %s",
	188	prio, gnutls_strerror(ret));
	189	g_free(prio);
	190	goto error;
	191	}
	192	g_free(prio);
	193	if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
	194	ret = gnutls_credentials_set(session->handle,
	195	GNUTLS_CRD_PSK,
	196	pcreds->data.server);
	197	} else {
	198	ret = gnutls_credentials_set(session->handle,
	199	GNUTLS_CRD_PSK,
	200	pcreds->data.client);
	201	}
	202	if (ret < 0) {
	203	error_setg(errp, "Cannot set session credentials: %s",
	204	gnutls_strerror(ret));
	205	goto error;
	206	}
d321e1e5 DB	207	} else if (object_dynamic_cast(OBJECT(creds),
	208	TYPE_QCRYPTO_TLS_CREDS_X509)) {
	209	QCryptoTLSCredsX509 *tcreds = QCRYPTO_TLS_CREDS_X509(creds);
13f12430 DB	210	const char *prio = creds->priority;
13f12430 DB	211	if (!prio) {
a1c5e949	212	prio = CONFIG_TLS_PRIORITY;
13f12430	213	}
d321e1e5	214
13f12430	215	ret = gnutls_priority_set_direct(session->handle, prio, NULL);
d321e1e5	216	if (ret < 0) {
13f12430 DB	217	error_setg(errp, "Cannot set default TLS session priority %s: %s",
13f12430 DB	218	prio, gnutls_strerror(ret));
d321e1e5 DB	219	goto error;
	220	}
	221	ret = gnutls_credentials_set(session->handle,
	222	GNUTLS_CRD_CERTIFICATE,
	223	tcreds->data);
	224	if (ret < 0) {
	225	error_setg(errp, "Cannot set session credentials: %s",
	226	gnutls_strerror(ret));
	227	goto error;
	228	}
	229
	230	if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
	231	/* This requests, but does not enforce a client cert.
	232	* The cert checking code later does enforcement */
	233	gnutls_certificate_server_set_request(session->handle,
	234	GNUTLS_CERT_REQUEST);
	235	}
	236	} else {
	237	error_setg(errp, "Unsupported TLS credentials type %s",
	238	object_get_typename(OBJECT(creds)));
	239	goto error;
	240	}
	241
	242	gnutls_transport_set_ptr(session->handle, session);
	243	gnutls_transport_set_push_function(session->handle,
	244	qcrypto_tls_session_push);
	245	gnutls_transport_set_pull_function(session->handle,
	246	qcrypto_tls_session_pull);
	247
	248	return session;
	249
	250	error:
	251	qcrypto_tls_session_free(session);
	252	return NULL;
	253	}
	254
	255	static int
	256	qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,
	257	Error **errp)
	258	{
	259	int ret;
	260	unsigned int status;
	261	const gnutls_datum_t *certs;
	262	unsigned int nCerts, i;
	263	time_t now;
	264	gnutls_x509_crt_t cert = NULL;
b76806d4	265	Error *err = NULL;
d321e1e5 DB	266
	267	now = time(NULL);
	268	if (now == ((time_t)-1)) {
	269	error_setg_errno(errp, errno, "Cannot get current time");
	270	return -1;
	271	}
	272
	273	ret = gnutls_certificate_verify_peers2(session->handle, &status);
	274	if (ret < 0) {
	275	error_setg(errp, "Verify failed: %s", gnutls_strerror(ret));
	276	return -1;
	277	}
	278
	279	if (status != 0) {
	280	const char *reason = "Invalid certificate";
	281
	282	if (status & GNUTLS_CERT_INVALID) {
	283	reason = "The certificate is not trusted";
	284	}
	285
	286	if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
	287	reason = "The certificate hasn't got a known issuer";
	288	}
	289
	290	if (status & GNUTLS_CERT_REVOKED) {
	291	reason = "The certificate has been revoked";
	292	}
	293
	294	if (status & GNUTLS_CERT_INSECURE_ALGORITHM) {
	295	reason = "The certificate uses an insecure algorithm";
	296	}
	297
	298	error_setg(errp, "%s", reason);
	299	return -1;
	300	}
	301
	302	certs = gnutls_certificate_get_peers(session->handle, &nCerts);
	303	if (!certs) {
	304	error_setg(errp, "No certificate peers");
	305	return -1;
	306	}
	307
	308	for (i = 0; i < nCerts; i++) {
	309	ret = gnutls_x509_crt_init(&cert);
	310	if (ret < 0) {
	311	error_setg(errp, "Cannot initialize certificate: %s",
	312	gnutls_strerror(ret));
	313	return -1;
	314	}
	315
	316	ret = gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER);
	317	if (ret < 0) {
	318	error_setg(errp, "Cannot import certificate: %s",
	319	gnutls_strerror(ret));
	320	goto error;
	321	}
	322
	323	if (gnutls_x509_crt_get_expiration_time(cert) < now) {
	324	error_setg(errp, "The certificate has expired");
	325	goto error;
	326	}
	327
	328	if (gnutls_x509_crt_get_activation_time(cert) > now) {
	329	error_setg(errp, "The certificate is not yet activated");
330	goto error;
331	}
332
333	if (gnutls_x509_crt_get_activation_time(cert) > now) {
334	error_setg(errp, "The certificate is not yet activated");
335	goto error;
336	}
337
338	if (i == 0) {
339	size_t dnameSize = 1024;
340	session->peername = g_malloc(dnameSize);
341	requery:
342	ret = gnutls_x509_crt_get_dn(cert, session->peername, &dnameSize);
343	if (ret < 0) {
344	if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
345	session->peername = g_realloc(session->peername,
346	dnameSize);
347	goto requery;
348	}
349	error_setg(errp, "Cannot get client distinguished name: %s",
350	gnutls_strerror(ret));
351	goto error;
352	}
b76806d4 DB	353	if (session->authzid) {
	354	bool allow;
	355
	356	allow = qauthz_is_allowed_by_id(session->authzid,
	357	session->peername, &err);
	358	if (err) {
	359	error_propagate(errp, err);
d321e1e5 DB	360	goto error;
d321e1e5 DB	361	}
d321e1e5	362	if (!allow) {
b76806d4	363	error_setg(errp, "TLS x509 authz check for %s is denied",
6ef8cd7a	364	session->peername);
d321e1e5 DB	365	goto error;
	366	}
	367	}
	368	if (session->hostname) {
	369	if (!gnutls_x509_crt_check_hostname(cert, session->hostname)) {
	370	error_setg(errp,
	371	"Certificate does not match the hostname %s",
	372	session->hostname);
	373	goto error;
	374	}
	375	}
	376	}
	377
	378	gnutls_x509_crt_deinit(cert);
	379	}
	380
	381	return 0;
	382
	383	error:
	384	gnutls_x509_crt_deinit(cert);
	385	return -1;
	386	}
	387
	388
	389	int
	390	qcrypto_tls_session_check_credentials(QCryptoTLSSession *session,
	391	Error **errp)
	392	{
	393	if (object_dynamic_cast(OBJECT(session->creds),
	394	TYPE_QCRYPTO_TLS_CREDS_ANON)) {
b57482d7	395	trace_qcrypto_tls_session_check_creds(session, "nop");
d321e1e5	396	return 0;
e1a6dc91 RJ	397	} else if (object_dynamic_cast(OBJECT(session->creds),
	398	TYPE_QCRYPTO_TLS_CREDS_PSK)) {
	399	trace_qcrypto_tls_session_check_creds(session, "nop");
	400	return 0;
d321e1e5 DB	401	} else if (object_dynamic_cast(OBJECT(session->creds),
	402	TYPE_QCRYPTO_TLS_CREDS_X509)) {
	403	if (session->creds->verifyPeer) {
b57482d7 DB	404	int ret = qcrypto_tls_session_check_certificate(session,
	405	errp);
	406	trace_qcrypto_tls_session_check_creds(session,
	407	ret == 0 ? "pass" : "fail");
	408	return ret;
d321e1e5	409	} else {
b57482d7	410	trace_qcrypto_tls_session_check_creds(session, "skip");
d321e1e5 DB	411	return 0;
	412	}
	413	} else {
b57482d7	414	trace_qcrypto_tls_session_check_creds(session, "error");
d321e1e5 DB	415	error_setg(errp, "Unexpected credential type %s",
	416	object_get_typename(OBJECT(session->creds)));
	417	return -1;
	418	}
	419	}
	420
	421
	422	void
	423	qcrypto_tls_session_set_callbacks(QCryptoTLSSession *session,
	424	QCryptoTLSSessionWriteFunc writeFunc,
	425	QCryptoTLSSessionReadFunc readFunc,
	426	void *opaque)
	427	{
	428	session->writeFunc = writeFunc;
	429	session->readFunc = readFunc;
	430	session->opaque = opaque;
	431	}
	432
	433
	434	ssize_t
	435	qcrypto_tls_session_write(QCryptoTLSSession *session,
	436	const char *buf,
	437	size_t len)
	438	{
	439	ssize_t ret = gnutls_record_send(session->handle, buf, len);
	440
	441	if (ret < 0) {
	442	switch (ret) {
	443	case GNUTLS_E_AGAIN:
	444	errno = EAGAIN;
	445	break;
	446	case GNUTLS_E_INTERRUPTED:
	447	errno = EINTR;
	448	break;
	449	default:
	450	errno = EIO;
	451	break;
	452	}
	453	ret = -1;
	454	}
	455
	456	return ret;
	457	}
	458
	459
	460	ssize_t
	461	qcrypto_tls_session_read(QCryptoTLSSession *session,
	462	char *buf,
	463	size_t len)
	464	{
	465	ssize_t ret = gnutls_record_recv(session->handle, buf, len);
	466
	467	if (ret < 0) {
	468	switch (ret) {
	469	case GNUTLS_E_AGAIN:
	470	errno = EAGAIN;
	471	break;
	472	case GNUTLS_E_INTERRUPTED:
	473	errno = EINTR;
	474	break;
a2458b6f DB	475	case GNUTLS_E_PREMATURE_TERMINATION:
	476	errno = ECONNABORTED;
	477	break;
d321e1e5 DB	478	default:
	479	errno = EIO;
	480	break;
	481	}
	482	ret = -1;
	483	}
	484
	485	return ret;
	486	}
	487
	488
	489	int
	490	qcrypto_tls_session_handshake(QCryptoTLSSession *session,
	491	Error **errp)
	492	{
	493	int ret = gnutls_handshake(session->handle);
	494	if (ret == 0) {
	495	session->handshakeComplete = true;
	496	} else {
	497	if (ret == GNUTLS_E_INTERRUPTED \|\|
	498	ret == GNUTLS_E_AGAIN) {
	499	ret = 1;
	500	} else {
	501	error_setg(errp, "TLS handshake failed: %s",
	502	gnutls_strerror(ret));
	503	ret = -1;
	504	}
	505	}
	506
	507	return ret;
	508	}
	509
	510
	511	QCryptoTLSSessionHandshakeStatus
	512	qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *session)
	513	{
	514	if (session->handshakeComplete) {
	515	return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
	516	} else if (gnutls_record_get_direction(session->handle) == 0) {
	517	return QCRYPTO_TLS_HANDSHAKE_RECVING;
	518	} else {
	519	return QCRYPTO_TLS_HANDSHAKE_SENDING;
	520	}
	521	}
	522
	523
	524	int
	525	qcrypto_tls_session_get_key_size(QCryptoTLSSession *session,
	526	Error **errp)
	527	{
	528	gnutls_cipher_algorithm_t cipher;
	529	int ssf;
	530
	531	cipher = gnutls_cipher_get(session->handle);
	532	ssf = gnutls_cipher_get_key_size(cipher);
	533	if (!ssf) {
	534	error_setg(errp, "Cannot get TLS cipher key size");
	535	return -1;
	536	}
	537	return ssf;
	538	}
	539
	540
	541	char *
542	qcrypto_tls_session_get_peer_name(QCryptoTLSSession *session)
543	{
544	if (session->peername) {
545	return g_strdup(session->peername);
546	}
547	return NULL;
548	}
549
550
551	#else /* ! CONFIG_GNUTLS */
552
553
554	QCryptoTLSSession *
555	qcrypto_tls_session_new(QCryptoTLSCreds *creds G_GNUC_UNUSED,
556	const char *hostname G_GNUC_UNUSED,
b76806d4	557	const char *authzid G_GNUC_UNUSED,
d321e1e5 DB	558	QCryptoTLSCredsEndpoint endpoint G_GNUC_UNUSED,
	559	Error **errp)
	560	{
	561	error_setg(errp, "TLS requires GNUTLS support");
	562	return NULL;
	563	}
	564
	565
	566	void
	567	qcrypto_tls_session_free(QCryptoTLSSession *sess G_GNUC_UNUSED)
	568	{
	569	}
	570
	571
	572	int
	573	qcrypto_tls_session_check_credentials(QCryptoTLSSession *sess G_GNUC_UNUSED,
	574	Error **errp)
	575	{
	576	error_setg(errp, "TLS requires GNUTLS support");
	577	return -1;
	578	}
	579
	580
	581	void
	582	qcrypto_tls_session_set_callbacks(
	583	QCryptoTLSSession *sess G_GNUC_UNUSED,
	584	QCryptoTLSSessionWriteFunc writeFunc G_GNUC_UNUSED,
	585	QCryptoTLSSessionReadFunc readFunc G_GNUC_UNUSED,
	586	void *opaque G_GNUC_UNUSED)
	587	{
	588	}
	589
	590
	591	ssize_t
	592	qcrypto_tls_session_write(QCryptoTLSSession *sess,
	593	const char *buf,
	594	size_t len)
	595	{
	596	errno = -EIO;
	597	return -1;
	598	}
	599
	600
	601	ssize_t
	602	qcrypto_tls_session_read(QCryptoTLSSession *sess,
	603	char *buf,
	604	size_t len)
	605	{
	606	errno = -EIO;
	607	return -1;
	608	}
	609
	610
	611	int
	612	qcrypto_tls_session_handshake(QCryptoTLSSession *sess,
	613	Error **errp)
	614	{
	615	error_setg(errp, "TLS requires GNUTLS support");
	616	return -1;
	617	}
	618
	619
	620	QCryptoTLSSessionHandshakeStatus
	621	qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *sess)
622	{
623	return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
624	}
625
626
627	int
628	qcrypto_tls_session_get_key_size(QCryptoTLSSession *sess,
629	Error **errp)
630	{
631	error_setg(errp, "TLS requires GNUTLS support");
632	return -1;
633	}
634
635
636	char *
637	qcrypto_tls_session_get_peer_name(QCryptoTLSSession *sess)
638	{
639	return NULL;
640	}
641
642	#endif