[qemu.git] / crypto / tlssession.c

/*
 * QEMU crypto TLS session support
 *
 * Copyright (c) 2015 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
 *
 */

#include "qemu/osdep.h"
#include "crypto/tlssession.h"
#include "crypto/tlscredsanon.h"
#include "crypto/tlscredspsk.h"
#include "crypto/tlscredsx509.h"
#include "qapi/error.h"
#include "qemu/acl.h"
#include "trace.h"

#ifdef CONFIG_GNUTLS


#include <gnutls/x509.h>


struct QCryptoTLSSession {
    QCryptoTLSCreds *creds;
    gnutls_session_t handle;
    char *hostname;
    char *aclname;
    bool handshakeComplete;
    QCryptoTLSSessionWriteFunc writeFunc;
    QCryptoTLSSessionReadFunc readFunc;
    void *opaque;
    char *peername;
};


void
qcrypto_tls_session_free(QCryptoTLSSession *session)
{
    if (!session) {
        return;
    }

    gnutls_deinit(session->handle);
    g_free(session->hostname);
    g_free(session->peername);
    g_free(session->aclname);
    object_unref(OBJECT(session->creds));
    g_free(session);
}


static ssize_t
qcrypto_tls_session_push(void *opaque, const void *buf, size_t len)
{
    QCryptoTLSSession *session = opaque;

    if (!session->writeFunc) {
        errno = EIO;
        return -1;
    };

    return session->writeFunc(buf, len, session->opaque);
}


static ssize_t
qcrypto_tls_session_pull(void *opaque, void *buf, size_t len)
{
    QCryptoTLSSession *session = opaque;

    if (!session->readFunc) {
        errno = EIO;
        return -1;
    };

    return session->readFunc(buf, len, session->opaque);
}

#define TLS_PRIORITY_ADDITIONAL_ANON "+ANON-DH"

#if GNUTLS_VERSION_MAJOR >= 3
#define TLS_ECDHE_PSK "+ECDHE-PSK:"
#else
#define TLS_ECDHE_PSK ""
#endif
#define TLS_PRIORITY_ADDITIONAL_PSK TLS_ECDHE_PSK "+DHE-PSK:+PSK"

QCryptoTLSSession *
qcrypto_tls_session_new(QCryptoTLSCreds *creds,
                        const char *hostname,
                        const char *aclname,
                        QCryptoTLSCredsEndpoint endpoint,
                        Error **errp)
{
    QCryptoTLSSession *session;
    int ret;

    session = g_new0(QCryptoTLSSession, 1);
    trace_qcrypto_tls_session_new(
        session, creds, hostname ? hostname : "<none>",
        aclname ? aclname : "<none>", endpoint);

    if (hostname) {
        session->hostname = g_strdup(hostname);
    }
    if (aclname) {
        session->aclname = g_strdup(aclname);
    }
    session->creds = creds;
    object_ref(OBJECT(creds));

    if (creds->endpoint != endpoint) {
        error_setg(errp, "Credentials endpoint doesn't match session");
        goto error;
    }

    if (endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
        ret = gnutls_init(&session->handle, GNUTLS_SERVER);
    } else {
        ret = gnutls_init(&session->handle, GNUTLS_CLIENT);
    }
    if (ret < 0) {
        error_setg(errp, "Cannot initialize TLS session: %s",
                   gnutls_strerror(ret));
        goto error;
    }

    if (object_dynamic_cast(OBJECT(creds),
                            TYPE_QCRYPTO_TLS_CREDS_ANON)) {
        QCryptoTLSCredsAnon *acreds = QCRYPTO_TLS_CREDS_ANON(creds);
        char *prio;

        if (creds->priority != NULL) {
            prio = g_strdup_printf("%s:%s",
                                   creds->priority,
                                   TLS_PRIORITY_ADDITIONAL_ANON);
        } else {
            prio = g_strdup(CONFIG_TLS_PRIORITY ":"
                            TLS_PRIORITY_ADDITIONAL_ANON);
        }

        ret = gnutls_priority_set_direct(session->handle, prio, NULL);
        if (ret < 0) {
            error_setg(errp, "Unable to set TLS session priority %s: %s",
                       prio, gnutls_strerror(ret));
            g_free(prio);
            goto error;
        }
        g_free(prio);
        if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
            ret = gnutls_credentials_set(session->handle,
                                         GNUTLS_CRD_ANON,
                                         acreds->data.server);
        } else {
            ret = gnutls_credentials_set(session->handle,
                                         GNUTLS_CRD_ANON,
                                         acreds->data.client);
        }
        if (ret < 0) {
            error_setg(errp, "Cannot set session credentials: %s",
                       gnutls_strerror(ret));
            goto error;
        }
    } else if (object_dynamic_cast(OBJECT(creds),
                                   TYPE_QCRYPTO_TLS_CREDS_PSK)) {
        QCryptoTLSCredsPSK *pcreds = QCRYPTO_TLS_CREDS_PSK(creds);
        char *prio;

        if (creds->priority != NULL) {
            prio = g_strdup_printf("%s:%s",
                                   creds->priority,
                                   TLS_PRIORITY_ADDITIONAL_PSK);
        } else {
            prio = g_strdup(CONFIG_TLS_PRIORITY ":"
                            TLS_PRIORITY_ADDITIONAL_PSK);
        }

        ret = gnutls_priority_set_direct(session->handle, prio, NULL);
        if (ret < 0) {
            error_setg(errp, "Unable to set TLS session priority %s: %s",
                       prio, gnutls_strerror(ret));
            g_free(prio);
            goto error;
        }
        g_free(prio);
        if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
            ret = gnutls_credentials_set(session->handle,
                                         GNUTLS_CRD_PSK,
                                         pcreds->data.server);
        } else {
            ret = gnutls_credentials_set(session->handle,
                                         GNUTLS_CRD_PSK,
                                         pcreds->data.client);
        }
        if (ret < 0) {
            error_setg(errp, "Cannot set session credentials: %s",
                       gnutls_strerror(ret));
            goto error;
        }
    } else if (object_dynamic_cast(OBJECT(creds),
                                   TYPE_QCRYPTO_TLS_CREDS_X509)) {
        QCryptoTLSCredsX509 *tcreds = QCRYPTO_TLS_CREDS_X509(creds);
        const char *prio = creds->priority;
        if (!prio) {
            prio = CONFIG_TLS_PRIORITY;
        }

        ret = gnutls_priority_set_direct(session->handle, prio, NULL);
        if (ret < 0) {
            error_setg(errp, "Cannot set default TLS session priority %s: %s",
                       prio, gnutls_strerror(ret));
            goto error;
        }
        ret = gnutls_credentials_set(session->handle,
                                     GNUTLS_CRD_CERTIFICATE,
                                     tcreds->data);
        if (ret < 0) {
            error_setg(errp, "Cannot set session credentials: %s",
                       gnutls_strerror(ret));
            goto error;
        }

        if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
            /* This requests, but does not enforce a client cert.
             * The cert checking code later does enforcement */
            gnutls_certificate_server_set_request(session->handle,
                                                  GNUTLS_CERT_REQUEST);
        }
    } else {
        error_setg(errp, "Unsupported TLS credentials type %s",
                   object_get_typename(OBJECT(creds)));
        goto error;
    }

    gnutls_transport_set_ptr(session->handle, session);
    gnutls_transport_set_push_function(session->handle,
                                       qcrypto_tls_session_push);
    gnutls_transport_set_pull_function(session->handle,
                                       qcrypto_tls_session_pull);

    return session;

 error:
    qcrypto_tls_session_free(session);
    return NULL;
}

static int
qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,
                                      Error **errp)
{
    int ret;
    unsigned int status;
    const gnutls_datum_t *certs;
    unsigned int nCerts, i;
    time_t now;
    gnutls_x509_crt_t cert = NULL;

    now = time(NULL);
    if (now == ((time_t)-1)) {
        error_setg_errno(errp, errno, "Cannot get current time");
        return -1;
    }

    ret = gnutls_certificate_verify_peers2(session->handle, &status);
    if (ret < 0) {
        error_setg(errp, "Verify failed: %s", gnutls_strerror(ret));
        return -1;
    }

    if (status != 0) {
        const char *reason = "Invalid certificate";

        if (status & GNUTLS_CERT_INVALID) {
            reason = "The certificate is not trusted";
        }

        if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
            reason = "The certificate hasn't got a known issuer";
        }

        if (status & GNUTLS_CERT_REVOKED) {
            reason = "The certificate has been revoked";
        }

        if (status & GNUTLS_CERT_INSECURE_ALGORITHM) {
            reason = "The certificate uses an insecure algorithm";
        }

        error_setg(errp, "%s", reason);
        return -1;
    }

    certs = gnutls_certificate_get_peers(session->handle, &nCerts);
    if (!certs) {
        error_setg(errp, "No certificate peers");
        return -1;
    }

    for (i = 0; i < nCerts; i++) {
        ret = gnutls_x509_crt_init(&cert);
        if (ret < 0) {
            error_setg(errp, "Cannot initialize certificate: %s",
                       gnutls_strerror(ret));
            return -1;
        }

        ret = gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER);
        if (ret < 0) {
            error_setg(errp, "Cannot import certificate: %s",
                       gnutls_strerror(ret));
            goto error;
        }

        if (gnutls_x509_crt_get_expiration_time(cert) < now) {
            error_setg(errp, "The certificate has expired");
            goto error;
        }

        if (gnutls_x509_crt_get_activation_time(cert) > now) {
            error_setg(errp, "The certificate is not yet activated");
            goto error;
        }

        if (gnutls_x509_crt_get_activation_time(cert) > now) {
            error_setg(errp, "The certificate is not yet activated");
            goto error;
        }

        if (i == 0) {
            size_t dnameSize = 1024;
            session->peername = g_malloc(dnameSize);
        requery:
            ret = gnutls_x509_crt_get_dn(cert, session->peername, &dnameSize);
            if (ret < 0) {
                if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
                    session->peername = g_realloc(session->peername,
                                                  dnameSize);
                    goto requery;
                }
                error_setg(errp, "Cannot get client distinguished name: %s",
                           gnutls_strerror(ret));
                goto error;
            }
            if (session->aclname) {
                qemu_acl *acl = qemu_acl_find(session->aclname);
                int allow;
                if (!acl) {
                    error_setg(errp, "Cannot find ACL %s",
                               session->aclname);
                    goto error;
                }

                allow = qemu_acl_party_is_allowed(acl, session->peername);

                if (!allow) {
                    error_setg(errp, "TLS x509 ACL check for %s is denied",
                               session->peername);
                    goto error;
                }
            }
            if (session->hostname) {
                if (!gnutls_x509_crt_check_hostname(cert, session->hostname)) {
                    error_setg(errp,
                               "Certificate does not match the hostname %s",
                               session->hostname);
                    goto error;
                }
            }
        }

        gnutls_x509_crt_deinit(cert);
    }

    return 0;

 error:
    gnutls_x509_crt_deinit(cert);
    return -1;
}


int
qcrypto_tls_session_check_credentials(QCryptoTLSSession *session,
                                      Error **errp)
{
    if (object_dynamic_cast(OBJECT(session->creds),
                            TYPE_QCRYPTO_TLS_CREDS_ANON)) {
        trace_qcrypto_tls_session_check_creds(session, "nop");
        return 0;
    } else if (object_dynamic_cast(OBJECT(session->creds),
                            TYPE_QCRYPTO_TLS_CREDS_PSK)) {
        trace_qcrypto_tls_session_check_creds(session, "nop");
        return 0;
    } else if (object_dynamic_cast(OBJECT(session->creds),
                            TYPE_QCRYPTO_TLS_CREDS_X509)) {
        if (session->creds->verifyPeer) {
            int ret = qcrypto_tls_session_check_certificate(session,
                                                            errp);
            trace_qcrypto_tls_session_check_creds(session,
                                                  ret == 0 ? "pass" : "fail");
            return ret;
        } else {
            trace_qcrypto_tls_session_check_creds(session, "skip");
            return 0;
        }
    } else {
        trace_qcrypto_tls_session_check_creds(session, "error");
        error_setg(errp, "Unexpected credential type %s",
                   object_get_typename(OBJECT(session->creds)));
        return -1;
    }
}


void
qcrypto_tls_session_set_callbacks(QCryptoTLSSession *session,
                                  QCryptoTLSSessionWriteFunc writeFunc,
                                  QCryptoTLSSessionReadFunc readFunc,
                                  void *opaque)
{
    session->writeFunc = writeFunc;
    session->readFunc = readFunc;
    session->opaque = opaque;
}


ssize_t
qcrypto_tls_session_write(QCryptoTLSSession *session,
                          const char *buf,
                          size_t len)
{
    ssize_t ret = gnutls_record_send(session->handle, buf, len);

    if (ret < 0) {
        switch (ret) {
        case GNUTLS_E_AGAIN:
            errno = EAGAIN;
            break;
        case GNUTLS_E_INTERRUPTED:
            errno = EINTR;
            break;
        default:
            errno = EIO;
            break;
        }
        ret = -1;
    }

    return ret;
}


ssize_t
qcrypto_tls_session_read(QCryptoTLSSession *session,
                         char *buf,
                         size_t len)
{
    ssize_t ret = gnutls_record_recv(session->handle, buf, len);

    if (ret < 0) {
        switch (ret) {
        case GNUTLS_E_AGAIN:
            errno = EAGAIN;
            break;
        case GNUTLS_E_INTERRUPTED:
            errno = EINTR;
            break;
        default:
            errno = EIO;
            break;
        }
        ret = -1;
    }

    return ret;
}


int
qcrypto_tls_session_handshake(QCryptoTLSSession *session,
                              Error **errp)
{
    int ret = gnutls_handshake(session->handle);
    if (ret == 0) {
        session->handshakeComplete = true;
    } else {
        if (ret == GNUTLS_E_INTERRUPTED ||
            ret == GNUTLS_E_AGAIN) {
            ret = 1;
        } else {
            error_setg(errp, "TLS handshake failed: %s",
                       gnutls_strerror(ret));
            ret = -1;
        }
    }

    return ret;
}


QCryptoTLSSessionHandshakeStatus
qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *session)
{
    if (session->handshakeComplete) {
        return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
    } else if (gnutls_record_get_direction(session->handle) == 0) {
        return QCRYPTO_TLS_HANDSHAKE_RECVING;
    } else {
        return QCRYPTO_TLS_HANDSHAKE_SENDING;
    }
}


int
qcrypto_tls_session_get_key_size(QCryptoTLSSession *session,
                                 Error **errp)
{
    gnutls_cipher_algorithm_t cipher;
    int ssf;

    cipher = gnutls_cipher_get(session->handle);
    ssf = gnutls_cipher_get_key_size(cipher);
    if (!ssf) {
        error_setg(errp, "Cannot get TLS cipher key size");
        return -1;
    }
    return ssf;
}


char *
qcrypto_tls_session_get_peer_name(QCryptoTLSSession *session)
{
    if (session->peername) {
        return g_strdup(session->peername);
    }
    return NULL;
}


#else /* ! CONFIG_GNUTLS */


QCryptoTLSSession *
qcrypto_tls_session_new(QCryptoTLSCreds *creds G_GNUC_UNUSED,
                        const char *hostname G_GNUC_UNUSED,
                        const char *aclname G_GNUC_UNUSED,
                        QCryptoTLSCredsEndpoint endpoint G_GNUC_UNUSED,
                        Error **errp)
{
    error_setg(errp, "TLS requires GNUTLS support");
    return NULL;
}


void
qcrypto_tls_session_free(QCryptoTLSSession *sess G_GNUC_UNUSED)
{
}


int
qcrypto_tls_session_check_credentials(QCryptoTLSSession *sess G_GNUC_UNUSED,
                                      Error **errp)
{
    error_setg(errp, "TLS requires GNUTLS support");
    return -1;
}


void
qcrypto_tls_session_set_callbacks(
    QCryptoTLSSession *sess G_GNUC_UNUSED,
    QCryptoTLSSessionWriteFunc writeFunc G_GNUC_UNUSED,
    QCryptoTLSSessionReadFunc readFunc G_GNUC_UNUSED,
    void *opaque G_GNUC_UNUSED)
{
}


ssize_t
qcrypto_tls_session_write(QCryptoTLSSession *sess,
                          const char *buf,
                          size_t len)
{
    errno = -EIO;
    return -1;
}


ssize_t
qcrypto_tls_session_read(QCryptoTLSSession *sess,
                         char *buf,
                         size_t len)
{
    errno = -EIO;
    return -1;
}


int
qcrypto_tls_session_handshake(QCryptoTLSSession *sess,
                              Error **errp)
{
    error_setg(errp, "TLS requires GNUTLS support");
    return -1;
}


QCryptoTLSSessionHandshakeStatus
qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *sess)
{
    return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
}


int
qcrypto_tls_session_get_key_size(QCryptoTLSSession *sess,
                                 Error **errp)
{
    error_setg(errp, "TLS requires GNUTLS support");
    return -1;
}


char *
qcrypto_tls_session_get_peer_name(QCryptoTLSSession *sess)
{
    return NULL;
}

#endif
Commit	Line	Data
d321e1e5 DB	1	/*
	2	* QEMU crypto TLS session support
	3	*
	4	* Copyright (c) 2015 Red Hat, Inc.
	5	*
	6	* This library is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU Lesser General Public
	8	* License as published by the Free Software Foundation; either
	9	* version 2 of the License, or (at your option) any later version.
	10	*
	11	* This library is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	* Lesser General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU Lesser General Public
	17	* License along with this library; if not, see <http://www.gnu.org/licenses/>.
	18	*
	19	*/
	20
42f7a448	21	#include "qemu/osdep.h"
d321e1e5 DB	22	#include "crypto/tlssession.h"
d321e1e5 DB	23	#include "crypto/tlscredsanon.h"
e1a6dc91	24	#include "crypto/tlscredspsk.h"
d321e1e5	25	#include "crypto/tlscredsx509.h"
da34e65c	26	#include "qapi/error.h"
d321e1e5 DB	27	#include "qemu/acl.h"
	28	#include "trace.h"
	29
	30	#ifdef CONFIG_GNUTLS
	31
	32
	33	#include <gnutls/x509.h>
	34
	35
	36	struct QCryptoTLSSession {
	37	QCryptoTLSCreds *creds;
	38	gnutls_session_t handle;
	39	char *hostname;
	40	char *aclname;
	41	bool handshakeComplete;
	42	QCryptoTLSSessionWriteFunc writeFunc;
	43	QCryptoTLSSessionReadFunc readFunc;
	44	void *opaque;
	45	char *peername;
	46	};
	47
	48
	49	void
	50	qcrypto_tls_session_free(QCryptoTLSSession *session)
	51	{
	52	if (!session) {
	53	return;
	54	}
	55
	56	gnutls_deinit(session->handle);
	57	g_free(session->hostname);
	58	g_free(session->peername);
	59	g_free(session->aclname);
	60	object_unref(OBJECT(session->creds));
	61	g_free(session);
	62	}
	63
	64
	65	static ssize_t
	66	qcrypto_tls_session_push(void opaque, const void buf, size_t len)
	67	{
	68	QCryptoTLSSession *session = opaque;
	69
	70	if (!session->writeFunc) {
	71	errno = EIO;
	72	return -1;
	73	};
	74
	75	return session->writeFunc(buf, len, session->opaque);
	76	}
	77
	78
	79	static ssize_t
	80	qcrypto_tls_session_pull(void opaque, void buf, size_t len)
	81	{
	82	QCryptoTLSSession *session = opaque;
	83
	84	if (!session->readFunc) {
	85	errno = EIO;
	86	return -1;
	87	};
	88
	89	return session->readFunc(buf, len, session->opaque);
	90	}
91
e1a6dc91 RJ	92	#define TLS_PRIORITY_ADDITIONAL_ANON "+ANON-DH"
	93
	94	#if GNUTLS_VERSION_MAJOR >= 3
	95	#define TLS_ECDHE_PSK "+ECDHE-PSK:"
	96	#else
	97	#define TLS_ECDHE_PSK ""
	98	#endif
	99	#define TLS_PRIORITY_ADDITIONAL_PSK TLS_ECDHE_PSK "+DHE-PSK:+PSK"
d321e1e5 DB	100
	101	QCryptoTLSSession *
	102	qcrypto_tls_session_new(QCryptoTLSCreds *creds,
	103	const char *hostname,
	104	const char *aclname,
	105	QCryptoTLSCredsEndpoint endpoint,
	106	Error **errp)
	107	{
	108	QCryptoTLSSession *session;
	109	int ret;
	110
	111	session = g_new0(QCryptoTLSSession, 1);
	112	trace_qcrypto_tls_session_new(
	113	session, creds, hostname ? hostname : "<none>",
	114	aclname ? aclname : "<none>", endpoint);
	115
	116	if (hostname) {
	117	session->hostname = g_strdup(hostname);
	118	}
	119	if (aclname) {
	120	session->aclname = g_strdup(aclname);
	121	}
	122	session->creds = creds;
	123	object_ref(OBJECT(creds));
	124
	125	if (creds->endpoint != endpoint) {
	126	error_setg(errp, "Credentials endpoint doesn't match session");
	127	goto error;
	128	}
	129
	130	if (endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
	131	ret = gnutls_init(&session->handle, GNUTLS_SERVER);
	132	} else {
	133	ret = gnutls_init(&session->handle, GNUTLS_CLIENT);
	134	}
	135	if (ret < 0) {
	136	error_setg(errp, "Cannot initialize TLS session: %s",
	137	gnutls_strerror(ret));
	138	goto error;
	139	}
	140
	141	if (object_dynamic_cast(OBJECT(creds),
	142	TYPE_QCRYPTO_TLS_CREDS_ANON)) {
	143	QCryptoTLSCredsAnon *acreds = QCRYPTO_TLS_CREDS_ANON(creds);
13f12430	144	char *prio;
d321e1e5	145
13f12430	146	if (creds->priority != NULL) {
e1a6dc91 RJ	147	prio = g_strdup_printf("%s:%s",
	148	creds->priority,
	149	TLS_PRIORITY_ADDITIONAL_ANON);
13f12430	150	} else {
e1a6dc91 RJ	151	prio = g_strdup(CONFIG_TLS_PRIORITY ":"
e1a6dc91 RJ	152	TLS_PRIORITY_ADDITIONAL_ANON);
13f12430 DB	153	}
	154
	155	ret = gnutls_priority_set_direct(session->handle, prio, NULL);
d321e1e5	156	if (ret < 0) {
13f12430 DB	157	error_setg(errp, "Unable to set TLS session priority %s: %s",
	158	prio, gnutls_strerror(ret));
	159	g_free(prio);
d321e1e5 DB	160	goto error;
d321e1e5 DB	161	}
13f12430	162	g_free(prio);
d321e1e5 DB	163	if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
	164	ret = gnutls_credentials_set(session->handle,
	165	GNUTLS_CRD_ANON,
	166	acreds->data.server);
	167	} else {
	168	ret = gnutls_credentials_set(session->handle,
	169	GNUTLS_CRD_ANON,
	170	acreds->data.client);
	171	}
	172	if (ret < 0) {
	173	error_setg(errp, "Cannot set session credentials: %s",
	174	gnutls_strerror(ret));
	175	goto error;
	176	}
e1a6dc91 RJ	177	} else if (object_dynamic_cast(OBJECT(creds),
	178	TYPE_QCRYPTO_TLS_CREDS_PSK)) {
	179	QCryptoTLSCredsPSK *pcreds = QCRYPTO_TLS_CREDS_PSK(creds);
	180	char *prio;
	181
	182	if (creds->priority != NULL) {
	183	prio = g_strdup_printf("%s:%s",
	184	creds->priority,
	185	TLS_PRIORITY_ADDITIONAL_PSK);
	186	} else {
	187	prio = g_strdup(CONFIG_TLS_PRIORITY ":"
	188	TLS_PRIORITY_ADDITIONAL_PSK);
	189	}
	190
	191	ret = gnutls_priority_set_direct(session->handle, prio, NULL);
	192	if (ret < 0) {
	193	error_setg(errp, "Unable to set TLS session priority %s: %s",
	194	prio, gnutls_strerror(ret));
	195	g_free(prio);
	196	goto error;
	197	}
	198	g_free(prio);
	199	if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
	200	ret = gnutls_credentials_set(session->handle,
	201	GNUTLS_CRD_PSK,
	202	pcreds->data.server);
	203	} else {
	204	ret = gnutls_credentials_set(session->handle,
	205	GNUTLS_CRD_PSK,
	206	pcreds->data.client);
	207	}
	208	if (ret < 0) {
	209	error_setg(errp, "Cannot set session credentials: %s",
	210	gnutls_strerror(ret));
	211	goto error;
	212	}
d321e1e5 DB	213	} else if (object_dynamic_cast(OBJECT(creds),
	214	TYPE_QCRYPTO_TLS_CREDS_X509)) {
	215	QCryptoTLSCredsX509 *tcreds = QCRYPTO_TLS_CREDS_X509(creds);
13f12430 DB	216	const char *prio = creds->priority;
13f12430 DB	217	if (!prio) {
a1c5e949	218	prio = CONFIG_TLS_PRIORITY;
13f12430	219	}
d321e1e5	220
13f12430	221	ret = gnutls_priority_set_direct(session->handle, prio, NULL);
d321e1e5	222	if (ret < 0) {
13f12430 DB	223	error_setg(errp, "Cannot set default TLS session priority %s: %s",
13f12430 DB	224	prio, gnutls_strerror(ret));
d321e1e5 DB	225	goto error;
	226	}
	227	ret = gnutls_credentials_set(session->handle,
	228	GNUTLS_CRD_CERTIFICATE,
	229	tcreds->data);
	230	if (ret < 0) {
	231	error_setg(errp, "Cannot set session credentials: %s",
	232	gnutls_strerror(ret));
	233	goto error;
	234	}
	235
	236	if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
	237	/* This requests, but does not enforce a client cert.
	238	* The cert checking code later does enforcement */
	239	gnutls_certificate_server_set_request(session->handle,
	240	GNUTLS_CERT_REQUEST);
	241	}
	242	} else {
	243	error_setg(errp, "Unsupported TLS credentials type %s",
	244	object_get_typename(OBJECT(creds)));
	245	goto error;
	246	}
	247
	248	gnutls_transport_set_ptr(session->handle, session);
	249	gnutls_transport_set_push_function(session->handle,
	250	qcrypto_tls_session_push);
	251	gnutls_transport_set_pull_function(session->handle,
	252	qcrypto_tls_session_pull);
	253
	254	return session;
	255
	256	error:
	257	qcrypto_tls_session_free(session);
	258	return NULL;
	259	}
	260
	261	static int
	262	qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,
	263	Error **errp)
	264	{
	265	int ret;
	266	unsigned int status;
	267	const gnutls_datum_t *certs;
	268	unsigned int nCerts, i;
	269	time_t now;
	270	gnutls_x509_crt_t cert = NULL;
	271
	272	now = time(NULL);
	273	if (now == ((time_t)-1)) {
	274	error_setg_errno(errp, errno, "Cannot get current time");
	275	return -1;
	276	}
	277
	278	ret = gnutls_certificate_verify_peers2(session->handle, &status);
	279	if (ret < 0) {
	280	error_setg(errp, "Verify failed: %s", gnutls_strerror(ret));
	281	return -1;
	282	}
	283
	284	if (status != 0) {
	285	const char *reason = "Invalid certificate";
	286
	287	if (status & GNUTLS_CERT_INVALID) {
	288	reason = "The certificate is not trusted";
289	}
290
291	if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
292	reason = "The certificate hasn't got a known issuer";
293	}
294
295	if (status & GNUTLS_CERT_REVOKED) {
296	reason = "The certificate has been revoked";
297	}
298
299	if (status & GNUTLS_CERT_INSECURE_ALGORITHM) {
300	reason = "The certificate uses an insecure algorithm";
301	}
302
303	error_setg(errp, "%s", reason);
304	return -1;
305	}
306
307	certs = gnutls_certificate_get_peers(session->handle, &nCerts);
308	if (!certs) {
309	error_setg(errp, "No certificate peers");
310	return -1;
311	}
312
313	for (i = 0; i < nCerts; i++) {
314	ret = gnutls_x509_crt_init(&cert);
315	if (ret < 0) {
316	error_setg(errp, "Cannot initialize certificate: %s",
317	gnutls_strerror(ret));
318	return -1;
319	}
320
321	ret = gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER);
322	if (ret < 0) {
323	error_setg(errp, "Cannot import certificate: %s",
324	gnutls_strerror(ret));
325	goto error;
326	}
327
328	if (gnutls_x509_crt_get_expiration_time(cert) < now) {
329	error_setg(errp, "The certificate has expired");
330	goto error;
331	}
332
333	if (gnutls_x509_crt_get_activation_time(cert) > now) {
334	error_setg(errp, "The certificate is not yet activated");
335	goto error;
336	}
337
338	if (gnutls_x509_crt_get_activation_time(cert) > now) {
339	error_setg(errp, "The certificate is not yet activated");
340	goto error;
341	}
342
343	if (i == 0) {
344	size_t dnameSize = 1024;
345	session->peername = g_malloc(dnameSize);
346	requery:
347	ret = gnutls_x509_crt_get_dn(cert, session->peername, &dnameSize);
348	if (ret < 0) {
349	if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
350	session->peername = g_realloc(session->peername,
351	dnameSize);
352	goto requery;
353	}
354	error_setg(errp, "Cannot get client distinguished name: %s",
355	gnutls_strerror(ret));
356	goto error;
357	}
358	if (session->aclname) {
359	qemu_acl *acl = qemu_acl_find(session->aclname);
360	int allow;
361	if (!acl) {
362	error_setg(errp, "Cannot find ACL %s",
363	session->aclname);
364	goto error;
365	}
366
367	allow = qemu_acl_party_is_allowed(acl, session->peername);
368
d321e1e5	369	if (!allow) {
6ef8cd7a DB	370	error_setg(errp, "TLS x509 ACL check for %s is denied",
6ef8cd7a DB	371	session->peername);
d321e1e5 DB	372	goto error;
	373	}
	374	}
	375	if (session->hostname) {
	376	if (!gnutls_x509_crt_check_hostname(cert, session->hostname)) {
	377	error_setg(errp,
	378	"Certificate does not match the hostname %s",
	379	session->hostname);
	380	goto error;
	381	}
	382	}
	383	}
	384
	385	gnutls_x509_crt_deinit(cert);
	386	}
	387
	388	return 0;
	389
	390	error:
	391	gnutls_x509_crt_deinit(cert);
	392	return -1;
	393	}
	394
	395
	396	int
	397	qcrypto_tls_session_check_credentials(QCryptoTLSSession *session,
	398	Error **errp)
	399	{
	400	if (object_dynamic_cast(OBJECT(session->creds),
	401	TYPE_QCRYPTO_TLS_CREDS_ANON)) {
b57482d7	402	trace_qcrypto_tls_session_check_creds(session, "nop");
d321e1e5	403	return 0;
e1a6dc91 RJ	404	} else if (object_dynamic_cast(OBJECT(session->creds),
	405	TYPE_QCRYPTO_TLS_CREDS_PSK)) {
	406	trace_qcrypto_tls_session_check_creds(session, "nop");
	407	return 0;
d321e1e5 DB	408	} else if (object_dynamic_cast(OBJECT(session->creds),
	409	TYPE_QCRYPTO_TLS_CREDS_X509)) {
	410	if (session->creds->verifyPeer) {
b57482d7 DB	411	int ret = qcrypto_tls_session_check_certificate(session,
	412	errp);
	413	trace_qcrypto_tls_session_check_creds(session,
	414	ret == 0 ? "pass" : "fail");
	415	return ret;
d321e1e5	416	} else {
b57482d7	417	trace_qcrypto_tls_session_check_creds(session, "skip");
d321e1e5 DB	418	return 0;
	419	}
	420	} else {
b57482d7	421	trace_qcrypto_tls_session_check_creds(session, "error");
d321e1e5 DB	422	error_setg(errp, "Unexpected credential type %s",
	423	object_get_typename(OBJECT(session->creds)));
	424	return -1;
	425	}
	426	}
	427
	428
	429	void
	430	qcrypto_tls_session_set_callbacks(QCryptoTLSSession *session,
	431	QCryptoTLSSessionWriteFunc writeFunc,
	432	QCryptoTLSSessionReadFunc readFunc,
	433	void *opaque)
	434	{
	435	session->writeFunc = writeFunc;
	436	session->readFunc = readFunc;
	437	session->opaque = opaque;
	438	}
	439
	440
	441	ssize_t
	442	qcrypto_tls_session_write(QCryptoTLSSession *session,
	443	const char *buf,
	444	size_t len)
	445	{
	446	ssize_t ret = gnutls_record_send(session->handle, buf, len);
	447
	448	if (ret < 0) {
	449	switch (ret) {
	450	case GNUTLS_E_AGAIN:
	451	errno = EAGAIN;
	452	break;
	453	case GNUTLS_E_INTERRUPTED:
	454	errno = EINTR;
	455	break;
	456	default:
	457	errno = EIO;
	458	break;
	459	}
	460	ret = -1;
	461	}
	462
	463	return ret;
	464	}
	465
	466
	467	ssize_t
	468	qcrypto_tls_session_read(QCryptoTLSSession *session,
	469	char *buf,
	470	size_t len)
	471	{
	472	ssize_t ret = gnutls_record_recv(session->handle, buf, len);
	473
	474	if (ret < 0) {
	475	switch (ret) {
	476	case GNUTLS_E_AGAIN:
	477	errno = EAGAIN;
	478	break;
	479	case GNUTLS_E_INTERRUPTED:
	480	errno = EINTR;
	481	break;
	482	default:
	483	errno = EIO;
	484	break;
	485	}
486	ret = -1;
487	}
488
489	return ret;
490	}
491
492
493	int
494	qcrypto_tls_session_handshake(QCryptoTLSSession *session,
495	Error **errp)
496	{
497	int ret = gnutls_handshake(session->handle);
498	if (ret == 0) {
499	session->handshakeComplete = true;
500	} else {
501	if (ret == GNUTLS_E_INTERRUPTED \|\|
502	ret == GNUTLS_E_AGAIN) {
503	ret = 1;
504	} else {
505	error_setg(errp, "TLS handshake failed: %s",
506	gnutls_strerror(ret));
507	ret = -1;
508	}
509	}
510
511	return ret;
512	}
513
514
515	QCryptoTLSSessionHandshakeStatus
516	qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *session)
517	{
518	if (session->handshakeComplete) {
519	return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
520	} else if (gnutls_record_get_direction(session->handle) == 0) {
521	return QCRYPTO_TLS_HANDSHAKE_RECVING;
522	} else {
523	return QCRYPTO_TLS_HANDSHAKE_SENDING;
524	}
525	}
526
527
528	int
529	qcrypto_tls_session_get_key_size(QCryptoTLSSession *session,
530	Error **errp)
531	{
532	gnutls_cipher_algorithm_t cipher;
533	int ssf;
534
535	cipher = gnutls_cipher_get(session->handle);
536	ssf = gnutls_cipher_get_key_size(cipher);
537	if (!ssf) {
538	error_setg(errp, "Cannot get TLS cipher key size");
539	return -1;
540	}
541	return ssf;
542	}
543
544
545	char *
546	qcrypto_tls_session_get_peer_name(QCryptoTLSSession *session)
547	{
548	if (session->peername) {
549	return g_strdup(session->peername);
550	}
551	return NULL;
552	}
553
554
555	#else /* ! CONFIG_GNUTLS */
556
557
558	QCryptoTLSSession *
559	qcrypto_tls_session_new(QCryptoTLSCreds *creds G_GNUC_UNUSED,
560	const char *hostname G_GNUC_UNUSED,
561	const char *aclname G_GNUC_UNUSED,
562	QCryptoTLSCredsEndpoint endpoint G_GNUC_UNUSED,
563	Error **errp)
564	{
565	error_setg(errp, "TLS requires GNUTLS support");
566	return NULL;
567	}
568
569
570	void
571	qcrypto_tls_session_free(QCryptoTLSSession *sess G_GNUC_UNUSED)
572	{
573	}
574
575
576	int
577	qcrypto_tls_session_check_credentials(QCryptoTLSSession *sess G_GNUC_UNUSED,
578	Error **errp)
579	{
580	error_setg(errp, "TLS requires GNUTLS support");
581	return -1;
582	}
583
584
585	void
586	qcrypto_tls_session_set_callbacks(
587	QCryptoTLSSession *sess G_GNUC_UNUSED,
588	QCryptoTLSSessionWriteFunc writeFunc G_GNUC_UNUSED,
589	QCryptoTLSSessionReadFunc readFunc G_GNUC_UNUSED,
590	void *opaque G_GNUC_UNUSED)
591	{
592	}
593
594
595	ssize_t
596	qcrypto_tls_session_write(QCryptoTLSSession *sess,
597	const char *buf,
598	size_t len)
599	{
600	errno = -EIO;
601	return -1;
602	}
603
604
605	ssize_t
606	qcrypto_tls_session_read(QCryptoTLSSession *sess,
607	char *buf,
608	size_t len)
609	{
610	errno = -EIO;
611	return -1;
612	}
613
614
615	int
616	qcrypto_tls_session_handshake(QCryptoTLSSession *sess,
617	Error **errp)
618	{
619	error_setg(errp, "TLS requires GNUTLS support");
620	return -1;
621	}
622
623
624	QCryptoTLSSessionHandshakeStatus
625	qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *sess)
626	{
627	return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
628	}
629
630
631	int
632	qcrypto_tls_session_get_key_size(QCryptoTLSSession *sess,
633	Error **errp)
634	{
635	error_setg(errp, "TLS requires GNUTLS support");
636	return -1;
637	}
638
639
640	char *
641	qcrypto_tls_session_get_peer_name(QCryptoTLSSession *sess)
642	{
643	return NULL;
644	}
645
646	#endif