xref: /openbsd-src/lib/libtls/tls_config.c (revision 03adc85b7600a1f8f04886b8321c1c1c0c4933d4) 
1 /* $OpenBSD: tls_config.c,v 1.34 2017/01/24 01:48:05 claudio Exp $ */
2 /*
3  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <sys/stat.h>
19 
20 #include <ctype.h>
21 #include <errno.h>
22 #include <fcntl.h>
23 #include <stdlib.h>
24 #include <unistd.h>
25 
26 #include <tls.h>
27 #include "tls_internal.h"
28 
29 static int
30 set_string(const char **dest, const char *src)
31 {
32 	free((char *)*dest);
33 	*dest = NULL;
34 	if (src != NULL)
35 		if ((*dest = strdup(src)) == NULL)
36 			return -1;
37 	return 0;
38 }
39 
40 static void *
41 memdup(const void *in, size_t len)
42 {
43 	void *out;
44 
45 	if ((out = malloc(len)) == NULL)
46 		return NULL;
47 	memcpy(out, in, len);
48 	return out;
49 }
50 
51 static int
52 set_mem(char **dest, size_t *destlen, const void *src, size_t srclen)
53 {
54 	free(*dest);
55 	*dest = NULL;
56 	*destlen = 0;
57 	if (src != NULL)
58 		if ((*dest = memdup(src, srclen)) == NULL)
59 			return -1;
60 	*destlen = srclen;
61 	return 0;
62 }
63 
64 static struct tls_keypair *
65 tls_keypair_new(void)
66 {
67 	return calloc(1, sizeof(struct tls_keypair));
68 }
69 
70 static int
71 tls_keypair_set_cert_file(struct tls_keypair *keypair, struct tls_error *error,
72     const char *cert_file)
73 {
74 	return tls_config_load_file(error, "certificate", cert_file,
75 	    &keypair->cert_mem, &keypair->cert_len);
76 }
77 
78 static int
79 tls_keypair_set_cert_mem(struct tls_keypair *keypair, const uint8_t *cert,
80     size_t len)
81 {
82 	return set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len);
83 }
84 
85 static int
86 tls_keypair_set_key_file(struct tls_keypair *keypair, struct tls_error *error,
87     const char *key_file)
88 {
89 	if (keypair->key_mem != NULL)
90 		explicit_bzero(keypair->key_mem, keypair->key_len);
91 	return tls_config_load_file(error, "key", key_file,
92 	    &keypair->key_mem, &keypair->key_len);
93 }
94 
95 static int
96 tls_keypair_set_key_mem(struct tls_keypair *keypair, const uint8_t *key,
97     size_t len)
98 {
99 	if (keypair->key_mem != NULL)
100 		explicit_bzero(keypair->key_mem, keypair->key_len);
101 	return set_mem(&keypair->key_mem, &keypair->key_len, key, len);
102 }
103 
104 static void
105 tls_keypair_clear(struct tls_keypair *keypair)
106 {
107 	tls_keypair_set_cert_mem(keypair, NULL, 0);
108 	tls_keypair_set_key_mem(keypair, NULL, 0);
109 }
110 
111 static void
112 tls_keypair_free(struct tls_keypair *keypair)
113 {
114 	if (keypair == NULL)
115 		return;
116 
117 	tls_keypair_clear(keypair);
118 
119 	free(keypair->cert_mem);
120 	free(keypair->key_mem);
121 
122 	free(keypair);
123 }
124 
125 int
126 tls_config_load_file(struct tls_error *error, const char *filetype,
127     const char *filename, char **buf, size_t *len)
128 {
129 	struct stat st;
130 	int fd = -1;
131 	ssize_t n;
132 
133 	free(*buf);
134 	*buf = NULL;
135 	*len = 0;
136 
137 	if ((fd = open(filename, O_RDONLY)) == -1) {
138 		tls_error_set(error, "failed to open %s file '%s'",
139 		    filetype, filename);
140 		goto fail;
141 	}
142 	if (fstat(fd, &st) != 0) {
143 		tls_error_set(error, "failed to stat %s file '%s'",
144 		    filetype, filename);
145 		goto fail;
146 	}
147 	if (st.st_size < 0)
148 		goto fail;
149 	*len = (size_t)st.st_size;
150 	if ((*buf = malloc(*len)) == NULL) {
151 		tls_error_set(error, "failed to allocate buffer for "
152 		    "%s file", filetype);
153 		goto fail;
154 	}
155 	n = read(fd, *buf, *len);
156 	if (n < 0 || (size_t)n != *len) {
157 		tls_error_set(error, "failed to read %s file '%s'",
158 		    filetype, filename);
159 		goto fail;
160 	}
161 	close(fd);
162 	return 0;
163 
164  fail:
165 	if (fd != -1)
166 		close(fd);
167 	if (*buf != NULL)
168 		explicit_bzero(*buf, *len);
169 	free(*buf);
170 	*buf = NULL;
171 	*len = 0;
172 
173 	return -1;
174 }
175 
176 struct tls_config *
177 tls_config_new(void)
178 {
179 	struct tls_config *config;
180 	unsigned char sid[TLS_MAX_SESSION_ID_LENGTH];
181 
182 	if ((config = calloc(1, sizeof(*config))) == NULL)
183 		return (NULL);
184 
185 	if ((config->keypair = tls_keypair_new()) == NULL)
186 		goto err;
187 
188 	/*
189 	 * Default configuration.
190 	 */
191 	if (tls_config_set_dheparams(config, "none") != 0)
192 		goto err;
193 	if (tls_config_set_ecdhecurve(config, "auto") != 0)
194 		goto err;
195 	if (tls_config_set_ciphers(config, "secure") != 0)
196 		goto err;
197 
198 	if (tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT) != 0)
199 		goto err;
200 	if (tls_config_set_verify_depth(config, 6) != 0)
201 		goto err;
202 
203 	/*
204 	 * Set session ID context to a random value.  For the simple case
205 	 * of a single process server this is good enough. For multiprocess
206 	 * servers the session ID needs to be set by the caller.
207 	 */
208 	arc4random_buf(sid, sizeof(sid));
209 	if (tls_config_set_session_id(config, sid, sizeof(sid)) != 0)
210 		goto err;
211 	config->ticket_keyrev = arc4random();
212 	config->ticket_autorekey = 1;
213 
214 	tls_config_prefer_ciphers_server(config);
215 
216 	tls_config_verify(config);
217 
218 	return (config);
219 
220  err:
221 	tls_config_free(config);
222 	return (NULL);
223 }
224 
225 void
226 tls_config_free(struct tls_config *config)
227 {
228 	struct tls_keypair *kp, *nkp;
229 
230 	if (config == NULL)
231 		return;
232 
233 	for (kp = config->keypair; kp != NULL; kp = nkp) {
234 		nkp = kp->next;
235 		tls_keypair_free(kp);
236 	}
237 
238 	free(config->error.msg);
239 
240 	free(config->alpn);
241 	free((char *)config->ca_mem);
242 	free((char *)config->ca_path);
243 	free((char *)config->ciphers);
244 	free(config->ocsp_staple);
245 
246 	free(config);
247 }
248 
249 static void
250 tls_config_keypair_add(struct tls_config *config, struct tls_keypair *keypair)
251 {
252 	struct tls_keypair *kp;
253 
254 	kp = config->keypair;
255 	while (kp->next != NULL)
256 		kp = kp->next;
257 
258 	kp->next = keypair;
259 }
260 
261 const char *
262 tls_config_error(struct tls_config *config)
263 {
264 	return config->error.msg;
265 }
266 
267 void
268 tls_config_clear_keys(struct tls_config *config)
269 {
270 	struct tls_keypair *kp;
271 
272 	for (kp = config->keypair; kp != NULL; kp = kp->next)
273 		tls_keypair_clear(kp);
274 
275 	tls_config_set_ca_mem(config, NULL, 0);
276 }
277 
278 int
279 tls_config_parse_protocols(uint32_t *protocols, const char *protostr)
280 {
281 	uint32_t proto, protos = 0;
282 	char *s, *p, *q;
283 	int negate;
284 
285 	if ((s = strdup(protostr)) == NULL)
286 		return (-1);
287 
288 	q = s;
289 	while ((p = strsep(&q, ",:")) != NULL) {
290 		while (*p == ' ' || *p == '\t')
291 			p++;
292 
293 		negate = 0;
294 		if (*p == '!') {
295 			negate = 1;
296 			p++;
297 		}
298 
299 		if (negate && protos == 0)
300 			protos = TLS_PROTOCOLS_ALL;
301 
302 		proto = 0;
303 		if (strcasecmp(p, "all") == 0 ||
304 		    strcasecmp(p, "legacy") == 0)
305 			proto = TLS_PROTOCOLS_ALL;
306 		else if (strcasecmp(p, "default") == 0 ||
307 		    strcasecmp(p, "secure") == 0)
308 			proto = TLS_PROTOCOLS_DEFAULT;
309 		if (strcasecmp(p, "tlsv1") == 0)
310 			proto = TLS_PROTOCOL_TLSv1;
311 		else if (strcasecmp(p, "tlsv1.0") == 0)
312 			proto = TLS_PROTOCOL_TLSv1_0;
313 		else if (strcasecmp(p, "tlsv1.1") == 0)
314 			proto = TLS_PROTOCOL_TLSv1_1;
315 		else if (strcasecmp(p, "tlsv1.2") == 0)
316 			proto = TLS_PROTOCOL_TLSv1_2;
317 
318 		if (proto == 0) {
319 			free(s);
320 			return (-1);
321 		}
322 
323 		if (negate)
324 			protos &= ~proto;
325 		else
326 			protos |= proto;
327 	}
328 
329 	*protocols = protos;
330 
331 	free(s);
332 
333 	return (0);
334 }
335 
336 static int
337 tls_config_parse_alpn(struct tls_config *config, const char *alpn,
338     char **alpn_data, size_t *alpn_len)
339 {
340 	size_t buf_len, i, len;
341 	char *buf = NULL;
342 	char *s = NULL;
343 	char *p, *q;
344 
345 	free(*alpn_data);
346 	*alpn_data = NULL;
347 	*alpn_len = 0;
348 
349 	if ((buf_len = strlen(alpn) + 1) > 65535) {
350 		tls_config_set_errorx(config, "alpn too large");
351 		goto err;
352 	}
353 
354 	if ((buf = malloc(buf_len)) == NULL) {
355 		tls_config_set_errorx(config, "out of memory");
356 		goto err;
357 	}
358 
359 	if ((s = strdup(alpn)) == NULL) {
360 		tls_config_set_errorx(config, "out of memory");
361 		goto err;
362 	}
363 
364 	i = 0;
365 	q = s;
366 	while ((p = strsep(&q, ",")) != NULL) {
367 		if ((len = strlen(p)) == 0) {
368 			tls_config_set_errorx(config,
369 			    "alpn protocol with zero length");
370 			goto err;
371 		}
372 		if (len > 255) {
373 			tls_config_set_errorx(config,
374 			    "alpn protocol too long");
375 			goto err;
376 		}
377 		buf[i++] = len & 0xff;
378 		memcpy(&buf[i], p, len);
379 		i += len;
380 	}
381 
382 	free(s);
383 
384 	*alpn_data = buf;
385 	*alpn_len = buf_len;
386 
387 	return (0);
388 
389  err:
390 	free(buf);
391 	free(s);
392 
393 	return (-1);
394 }
395 
396 int
397 tls_config_set_alpn(struct tls_config *config, const char *alpn)
398 {
399 	return tls_config_parse_alpn(config, alpn, &config->alpn,
400 	    &config->alpn_len);
401 }
402 
403 int
404 tls_config_add_keypair_file(struct tls_config *config,
405     const char *cert_file, const char *key_file)
406 {
407 	struct tls_keypair *keypair;
408 
409 	if ((keypair = tls_keypair_new()) == NULL)
410 		return (-1);
411 	if (tls_keypair_set_cert_file(keypair, &config->error, cert_file) != 0)
412 		goto err;
413 	if (tls_keypair_set_key_file(keypair, &config->error, key_file) != 0)
414 		goto err;
415 
416 	tls_config_keypair_add(config, keypair);
417 
418 	return (0);
419 
420  err:
421 	tls_keypair_free(keypair);
422 	return (-1);
423 }
424 
425 int
426 tls_config_add_keypair_mem(struct tls_config *config, const uint8_t *cert,
427     size_t cert_len, const uint8_t *key, size_t key_len)
428 {
429 	struct tls_keypair *keypair;
430 
431 	if ((keypair = tls_keypair_new()) == NULL)
432 		return (-1);
433 	if (tls_keypair_set_cert_mem(keypair, cert, cert_len) != 0)
434 		goto err;
435 	if (tls_keypair_set_key_mem(keypair, key, key_len) != 0)
436 		goto err;
437 
438 	tls_config_keypair_add(config, keypair);
439 
440 	return (0);
441 
442  err:
443 	tls_keypair_free(keypair);
444 	return (-1);
445 }
446 
447 int
448 tls_config_set_ca_file(struct tls_config *config, const char *ca_file)
449 {
450 	return tls_config_load_file(&config->error, "CA", ca_file,
451 	    &config->ca_mem, &config->ca_len);
452 }
453 
454 int
455 tls_config_set_ca_path(struct tls_config *config, const char *ca_path)
456 {
457 	return set_string(&config->ca_path, ca_path);
458 }
459 
460 int
461 tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len)
462 {
463 	return set_mem(&config->ca_mem, &config->ca_len, ca, len);
464 }
465 
466 int
467 tls_config_set_cert_file(struct tls_config *config, const char *cert_file)
468 {
469 	return tls_keypair_set_cert_file(config->keypair, &config->error,
470 	    cert_file);
471 }
472 
473 int
474 tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert,
475     size_t len)
476 {
477 	return tls_keypair_set_cert_mem(config->keypair, cert, len);
478 }
479 
480 int
481 tls_config_set_ciphers(struct tls_config *config, const char *ciphers)
482 {
483 	SSL_CTX *ssl_ctx = NULL;
484 
485 	if (ciphers == NULL ||
486 	    strcasecmp(ciphers, "default") == 0 ||
487 	    strcasecmp(ciphers, "secure") == 0)
488 		ciphers = TLS_CIPHERS_DEFAULT;
489 	else if (strcasecmp(ciphers, "compat") == 0)
490 		ciphers = TLS_CIPHERS_COMPAT;
491 	else if (strcasecmp(ciphers, "legacy") == 0)
492 		ciphers = TLS_CIPHERS_LEGACY;
493 	else if (strcasecmp(ciphers, "all") == 0 ||
494 	    strcasecmp(ciphers, "insecure") == 0)
495 		ciphers = TLS_CIPHERS_ALL;
496 
497 	if ((ssl_ctx = SSL_CTX_new(SSLv23_method())) == NULL) {
498 		tls_config_set_errorx(config, "out of memory");
499 		goto fail;
500 	}
501 	if (SSL_CTX_set_cipher_list(ssl_ctx, ciphers) != 1) {
502 		tls_config_set_errorx(config, "no ciphers for '%s'", ciphers);
503 		goto fail;
504 	}
505 
506 	SSL_CTX_free(ssl_ctx);
507 	return set_string(&config->ciphers, ciphers);
508 
509  fail:
510 	SSL_CTX_free(ssl_ctx);
511 	return -1;
512 }
513 
514 int
515 tls_config_set_dheparams(struct tls_config *config, const char *params)
516 {
517 	int keylen;
518 
519 	if (params == NULL || strcasecmp(params, "none") == 0)
520 		keylen = 0;
521 	else if (strcasecmp(params, "auto") == 0)
522 		keylen = -1;
523 	else if (strcasecmp(params, "legacy") == 0)
524 		keylen = 1024;
525 	else {
526 		tls_config_set_errorx(config, "invalid dhe param '%s'", params);
527 		return (-1);
528 	}
529 
530 	config->dheparams = keylen;
531 
532 	return (0);
533 }
534 
535 int
536 tls_config_set_ecdhecurve(struct tls_config *config, const char *name)
537 {
538 	int nid;
539 
540 	if (name == NULL || strcasecmp(name, "none") == 0)
541 		nid = NID_undef;
542 	else if (strcasecmp(name, "auto") == 0)
543 		nid = -1;
544 	else if ((nid = OBJ_txt2nid(name)) == NID_undef) {
545 		tls_config_set_errorx(config, "invalid ecdhe curve '%s'", name);
546 		return (-1);
547 	}
548 
549 	config->ecdhecurve = nid;
550 
551 	return (0);
552 }
553 
554 int
555 tls_config_set_key_file(struct tls_config *config, const char *key_file)
556 {
557 	return tls_keypair_set_key_file(config->keypair, &config->error,
558 	    key_file);
559 }
560 
561 int
562 tls_config_set_key_mem(struct tls_config *config, const uint8_t *key,
563     size_t len)
564 {
565 	return tls_keypair_set_key_mem(config->keypair, key, len);
566 }
567 
568 int
569 tls_config_set_keypair_file(struct tls_config *config,
570     const char *cert_file, const char *key_file)
571 {
572 	if (tls_config_set_cert_file(config, cert_file) != 0)
573 		return (-1);
574 	if (tls_config_set_key_file(config, key_file) != 0)
575 		return (-1);
576 
577 	return (0);
578 }
579 
580 int
581 tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert,
582     size_t cert_len, const uint8_t *key, size_t key_len)
583 {
584 	if (tls_config_set_cert_mem(config, cert, cert_len) != 0)
585 		return (-1);
586 	if (tls_config_set_key_mem(config, key, key_len) != 0)
587 		return (-1);
588 
589 	return (0);
590 }
591 
592 int
593 tls_config_set_protocols(struct tls_config *config, uint32_t protocols)
594 {
595 	config->protocols = protocols;
596 
597 	return (0);
598 }
599 
600 int
601 tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
602 {
603 	config->verify_depth = verify_depth;
604 
605 	return (0);
606 }
607 
608 void
609 tls_config_prefer_ciphers_client(struct tls_config *config)
610 {
611 	config->ciphers_server = 0;
612 }
613 
614 void
615 tls_config_prefer_ciphers_server(struct tls_config *config)
616 {
617 	config->ciphers_server = 1;
618 }
619 
620 void
621 tls_config_insecure_noverifycert(struct tls_config *config)
622 {
623 	config->verify_cert = 0;
624 }
625 
626 void
627 tls_config_insecure_noverifyname(struct tls_config *config)
628 {
629 	config->verify_name = 0;
630 }
631 
632 void
633 tls_config_insecure_noverifytime(struct tls_config *config)
634 {
635 	config->verify_time = 0;
636 }
637 
638 void
639 tls_config_verify(struct tls_config *config)
640 {
641 	config->verify_cert = 1;
642 	config->verify_name = 1;
643 	config->verify_time = 1;
644 }
645 
646 void
647 tls_config_ocsp_require_stapling(struct tls_config *config)
648 {
649 	config->ocsp_require_stapling = 1;
650 }
651 
652 void
653 tls_config_verify_client(struct tls_config *config)
654 {
655 	config->verify_client = 1;
656 }
657 
658 void
659 tls_config_verify_client_optional(struct tls_config *config)
660 {
661 	config->verify_client = 2;
662 }
663 
664 int
665 tls_config_set_ocsp_staple_file(struct tls_config *config, const char *staple_file)
666 {
667 	return tls_config_load_file(&config->error, "OCSP", staple_file,
668 	    &config->ocsp_staple, &config->ocsp_staple_len);
669 }
670 
671 int
672 tls_config_set_ocsp_staple_mem(struct tls_config *config, char *staple, size_t len)
673 {
674 	return set_mem(&config->ocsp_staple, &config->ocsp_staple_len, staple, len);
675 }
676 
677 int
678 tls_config_set_session_id(struct tls_config *config,
679     const unsigned char *session_id, size_t len)
680 {
681 	if (len > TLS_MAX_SESSION_ID_LENGTH) {
682 		tls_config_set_errorx(config, "session ID too large");
683 		return (-1);
684 	}
685 	memset(config->session_id, 0, sizeof(config->session_id));
686 	memcpy(config->session_id, session_id, len);
687 	return (0);
688 }
689 
690 int
691 tls_config_set_session_lifetime(struct tls_config *config, int lifetime)
692 {
693 	if (lifetime > TLS_MAX_SESSION_TIMEOUT) {
694 		tls_config_set_errorx(config, "session lifetime too large");
695 		return (-1);
696 	}
697 	if (lifetime != 0 && lifetime < TLS_MIN_SESSION_TIMEOUT) {
698 		tls_config_set_errorx(config, "session lifetime too small");
699 		return (-1);
700 	}
701 
702 	config->session_lifetime = lifetime;
703 	return (0);
704 }
705 
706 int
707 tls_config_add_ticket_key(struct tls_config *config, uint32_t keyrev,
708     unsigned char *key, size_t keylen)
709 {
710 	struct tls_ticket_key newkey;
711 	int i;
712 
713 	if (TLS_TICKET_KEY_SIZE != keylen ||
714 	    sizeof(newkey.aes_key) + sizeof(newkey.hmac_key) > keylen) {
715 		tls_config_set_errorx(config,
716 		    "wrong amount of ticket key data");
717 		return (-1);
718 	}
719 
720 	keyrev = htonl(keyrev);
721 	memset(&newkey, 0, sizeof(newkey));
722 	memcpy(newkey.key_name, &keyrev, sizeof(keyrev));
723 	memcpy(newkey.aes_key, key, sizeof(newkey.aes_key));
724 	memcpy(newkey.hmac_key, key + sizeof(newkey.aes_key),
725 	    sizeof(newkey.hmac_key));
726 	newkey.time = time(NULL);
727 
728 	for (i = 0; i < TLS_NUM_TICKETS; i++) {
729 		struct tls_ticket_key *tk = &config->ticket_keys[i];
730 		if (memcmp(newkey.key_name, tk->key_name,
731 		    sizeof(tk->key_name)) != 0)
732 			continue;
733 
734 		/* allow re-entry of most recent key */
735 		if (i == 0 && memcmp(newkey.aes_key, tk->aes_key,
736 		    sizeof(tk->aes_key)) == 0 && memcmp(newkey.hmac_key,
737 		    tk->hmac_key, sizeof(tk->hmac_key)) == 0)
738 			return (0);
739 		tls_config_set_errorx(config, "ticket key already present");
740 		return (-1);
741 	}
742 
743 	memmove(&config->ticket_keys[1], &config->ticket_keys[0],
744 	    sizeof(config->ticket_keys) - sizeof(config->ticket_keys[0]));
745 	config->ticket_keys[0] = newkey;
746 
747 	config->ticket_autorekey = 0;
748 
749 	return (0);
750 }
751 
752 int
753 tls_config_ticket_autorekey(struct tls_config *config)
754 {
755 	unsigned char key[TLS_TICKET_KEY_SIZE];
756 	int rv;
757 
758 	arc4random_buf(key, sizeof(key));
759 	rv = tls_config_add_ticket_key(config, config->ticket_keyrev++, key,
760 	    sizeof(key));
761 	config->ticket_autorekey = 1;
762 	return (rv);
763 }
764