• source navigation  • diff markup  • identifier search  • freetext search  • 

Sources/ustream-ssl/ustream-mbedtls.c

  1 /*
  2  * ustream-ssl - library for SSL over ustream
  3  *
  4  * Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org>
  5  *
  6  * Permission to use, copy, modify, and/or distribute this software for any
  7  * purpose with or without fee is hereby granted, provided that the above
  8  * copyright notice and this permission notice appear in all copies.
  9  *
 10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 13  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 14  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 15  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 16  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 17  */
 18 
 19 #include <sys/types.h>
 20 #include <fcntl.h>
 21 #include <unistd.h>
 22 #include <stdlib.h>
 23 #include <string.h>
 24 
 25 #include "ustream-ssl.h"
 26 #include "ustream-internal.h"
 27 
 28 static int urandom_fd = -1;
 29 
 30 static int s_ustream_read(void *ctx, unsigned char *buf, size_t len)
 31 {
 32         struct ustream *s = ctx;
 33         char *sbuf;
 34         int slen;
 35 
 36         if (s->eof)
 37                 return 0;
 38 
 39         sbuf = ustream_get_read_buf(s, &slen);
 40         if (slen > len)
 41                 slen = len;
 42 
 43         if (!slen)
 44                 return MBEDTLS_ERR_SSL_WANT_READ;
 45 
 46         memcpy(buf, sbuf, slen);
 47         ustream_consume(s, slen);
 48 
 49         return slen;
 50 }
 51 
 52 static int s_ustream_write(void *ctx, const unsigned char *buf, size_t len)
 53 {
 54         struct ustream *s = ctx;
 55         int ret;
 56 
 57         ret = ustream_write(s, (const char *) buf, len, false);
 58         if (ret < 0 || s->write_error)
 59                 return MBEDTLS_ERR_NET_SEND_FAILED;
 60 
 61         return ret;
 62 }
 63 
 64 __hidden void ustream_set_io(struct ustream_ssl_ctx *ctx, void *ssl, struct ustream *conn)
 65 {
 66         mbedtls_ssl_set_bio(ssl, conn, s_ustream_write, s_ustream_read, NULL);
 67 }
 68 
 69 static bool urandom_init(void)
 70 {
 71         if (urandom_fd > -1)
 72                 return true;
 73 
 74         urandom_fd = open("/dev/urandom", O_RDONLY);
 75         if (urandom_fd < 0)
 76                 return false;
 77 
 78         return true;
 79 }
 80 
 81 static int _urandom(void *ctx, unsigned char *out, size_t len)
 82 {
 83         if (read(urandom_fd, out, len) < 0)
 84                 return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
 85 
 86         return 0;
 87 }
 88 
 89 #define AES_GCM_CIPHERS(v)                              \
 90         MBEDTLS_TLS_##v##_WITH_AES_128_GCM_SHA256,      \
 91         MBEDTLS_TLS_##v##_WITH_AES_256_GCM_SHA384
 92 
 93 #define AES_CBC_CIPHERS(v)                              \
 94         MBEDTLS_TLS_##v##_WITH_AES_128_CBC_SHA,         \
 95         MBEDTLS_TLS_##v##_WITH_AES_256_CBC_SHA
 96 
 97 #define AES_CIPHERS(v)                                  \
 98         AES_GCM_CIPHERS(v),                             \
 99         AES_CBC_CIPHERS(v)
100 
101 static const int default_ciphersuites_server[] =
102 {
103         MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
104         AES_GCM_CIPHERS(ECDHE_ECDSA),
105         MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
106         AES_GCM_CIPHERS(ECDHE_RSA),
107         AES_CBC_CIPHERS(ECDHE_RSA),
108         AES_CIPHERS(RSA),
109         0
110 };
111 
112 static const int default_ciphersuites_client[] =
113 {
114         MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
115         AES_GCM_CIPHERS(ECDHE_ECDSA),
116         MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
117         AES_GCM_CIPHERS(ECDHE_RSA),
118         MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
119         AES_GCM_CIPHERS(DHE_RSA),
120         AES_CBC_CIPHERS(ECDHE_ECDSA),
121         AES_CBC_CIPHERS(ECDHE_RSA),
122         AES_CBC_CIPHERS(DHE_RSA),
123         MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
124         AES_CIPHERS(RSA),
125         MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
126         0
127 };
128 
129 
130 __hidden struct ustream_ssl_ctx *
131 __ustream_ssl_context_new(bool server)
132 {
133         struct ustream_ssl_ctx *ctx;
134         mbedtls_ssl_config *conf;
135         int ep;
136 
137         if (!urandom_init())
138                 return NULL;
139 
140         ctx = calloc(1, sizeof(*ctx));
141         if (!ctx)
142                 return NULL;
143 
144         ctx->server = server;
145         mbedtls_pk_init(&ctx->key);
146         mbedtls_x509_crt_init(&ctx->cert);
147         mbedtls_x509_crt_init(&ctx->ca_cert);
148 
149 #if defined(MBEDTLS_SSL_CACHE_C)
150         mbedtls_ssl_cache_init(&ctx->cache);
151         mbedtls_ssl_cache_set_timeout(&ctx->cache, 30 * 60);
152         mbedtls_ssl_cache_set_max_entries(&ctx->cache, 5);
153 #endif
154 
155         conf = &ctx->conf;
156         mbedtls_ssl_config_init(conf);
157 
158         ep = server ? MBEDTLS_SSL_IS_SERVER : MBEDTLS_SSL_IS_CLIENT;
159 
160         mbedtls_ssl_config_defaults(conf, ep, MBEDTLS_SSL_TRANSPORT_STREAM,
161                                     MBEDTLS_SSL_PRESET_DEFAULT);
162         mbedtls_ssl_conf_authmode(conf, MBEDTLS_SSL_VERIFY_NONE);
163         mbedtls_ssl_conf_rng(conf, _urandom, NULL);
164 
165         if (server) {
166                 mbedtls_ssl_conf_ciphersuites(conf, default_ciphersuites_server);
167                 mbedtls_ssl_conf_min_version(conf, MBEDTLS_SSL_MAJOR_VERSION_3,
168                                              MBEDTLS_SSL_MINOR_VERSION_3);
169         } else
170                 mbedtls_ssl_conf_ciphersuites(conf, default_ciphersuites_client);
171 
172 #if defined(MBEDTLS_SSL_CACHE_C)
173         mbedtls_ssl_conf_session_cache(conf, &ctx->cache,
174                                        mbedtls_ssl_cache_get,
175                                        mbedtls_ssl_cache_set);
176 #endif
177         return ctx;
178 }
179 
180 static void ustream_ssl_update_own_cert(struct ustream_ssl_ctx *ctx)
181 {
182         if (!ctx->cert.version)
183                 return;
184 
185         if (!ctx->key.pk_info)
186                 return;
187 
188         mbedtls_ssl_conf_own_cert(&ctx->conf, &ctx->cert, &ctx->key);
189 }
190 
191 __hidden int __ustream_ssl_add_ca_crt_file(struct ustream_ssl_ctx *ctx, const char *file)
192 {
193         int ret;
194 
195         ret = mbedtls_x509_crt_parse_file(&ctx->ca_cert, file);
196         if (ret)
197                 return -1;
198 
199         mbedtls_ssl_conf_ca_chain(&ctx->conf, &ctx->ca_cert, NULL);
200         mbedtls_ssl_conf_authmode(&ctx->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
201         return 0;
202 }
203 
204 __hidden int __ustream_ssl_set_crt_file(struct ustream_ssl_ctx *ctx, const char *file)
205 {
206         int ret;
207 
208         ret = mbedtls_x509_crt_parse_file(&ctx->cert, file);
209         if (ret)
210                 return -1;
211 
212         ustream_ssl_update_own_cert(ctx);
213         return 0;
214 }
215 
216 __hidden int __ustream_ssl_set_key_file(struct ustream_ssl_ctx *ctx, const char *file)
217 {
218         int ret;
219 
220         ret = mbedtls_pk_parse_keyfile(&ctx->key, file, NULL);
221         if (ret)
222                 return -1;
223 
224         ustream_ssl_update_own_cert(ctx);
225         return 0;
226 }
227 
228 __hidden int __ustream_ssl_set_ciphers(struct ustream_ssl_ctx *ctx, const char *ciphers)
229 {
230         int *ciphersuites = NULL, *tmp, id;
231         char *cipherstr, *p, *last, c;
232         size_t len = 0;
233 
234         if (ciphers == NULL)
235                 return -1;
236 
237         cipherstr = strdup(ciphers);
238 
239         if (cipherstr == NULL)
240                 return -1;
241 
242         for (p = cipherstr, last = p;; p++) {
243                 if (*p == ':' || *p == 0) {
244                         c = *p;
245                         *p = 0;
246 
247                         id = mbedtls_ssl_get_ciphersuite_id(last);
248 
249                         if (id != 0) {
250                                 tmp = realloc(ciphersuites, (len + 2) * sizeof(int));
251 
252                                 if (tmp == NULL) {
253                                         free(ciphersuites);
254                                         free(cipherstr);
255 
256                                         return -1;
257                                 }
258 
259                                 ciphersuites = tmp;
260                                 ciphersuites[len++] = id;
261                                 ciphersuites[len] = 0;
262                         }
263 
264                         if (c == 0)
265                                 break;
266 
267                         last = p + 1;
268                 }
269 
270                 /*
271                  * mbedTLS expects cipher names with dashes while many sources elsewhere
272                  * like the Firefox wiki or Wireshark specify ciphers with underscores,
273                  * so simply convert all underscores to dashes to accept both notations.
274                  */
275                 else if (*p == '_') {
276                         *p = '-';
277                 }
278         }
279 
280         free(cipherstr);
281 
282         if (len == 0)
283                 return -1;
284 
285         mbedtls_ssl_conf_ciphersuites(&ctx->conf, ciphersuites);
286         free(ctx->ciphersuites);
287 
288         ctx->ciphersuites = ciphersuites;
289 
290         return 0;
291 }
292 
293 __hidden void __ustream_ssl_context_free(struct ustream_ssl_ctx *ctx)
294 {
295 #if defined(MBEDTLS_SSL_CACHE_C)
296         mbedtls_ssl_cache_free(&ctx->cache);
297 #endif
298         mbedtls_pk_free(&ctx->key);
299         mbedtls_x509_crt_free(&ctx->ca_cert);
300         mbedtls_x509_crt_free(&ctx->cert);
301         mbedtls_ssl_config_free(&ctx->conf);
302         free(ctx->ciphersuites);
303         free(ctx);
304 }
305 
306 static void ustream_ssl_error(struct ustream_ssl *us, int ret)
307 {
308         us->error = ret;
309         uloop_timeout_set(&us->error_timer, 0);
310 }
311 
312 static bool ssl_do_wait(int ret)
313 {
314         switch(ret) {
315         case MBEDTLS_ERR_SSL_WANT_READ:
316         case MBEDTLS_ERR_SSL_WANT_WRITE:
317                 return true;
318         default:
319                 return false;
320         }
321 }
322 
323 static void ustream_ssl_verify_cert(struct ustream_ssl *us)
324 {
325         void *ssl = us->ssl;
326         const char *msg = NULL;
327         bool cn_mismatch;
328         int r;
329 
330         r = mbedtls_ssl_get_verify_result(ssl);
331         cn_mismatch = r & MBEDTLS_X509_BADCERT_CN_MISMATCH;
332         r &= ~MBEDTLS_X509_BADCERT_CN_MISMATCH;
333 
334         if (r & MBEDTLS_X509_BADCERT_EXPIRED)
335                 msg = "certificate has expired";
336         else if (r & MBEDTLS_X509_BADCERT_REVOKED)
337                 msg = "certificate has been revoked";
338         else if (r & MBEDTLS_X509_BADCERT_NOT_TRUSTED)
339                 msg = "certificate is self-signed or not signed by a trusted CA";
340         else
341                 msg = "unknown error";
342 
343         if (r) {
344                 if (us->notify_verify_error)
345                         us->notify_verify_error(us, r, msg);
346                 return;
347         }
348 
349         if (!cn_mismatch)
350                 us->valid_cn = true;
351 }
352 
353 __hidden enum ssl_conn_status __ustream_ssl_connect(struct ustream_ssl *us)
354 {
355         void *ssl = us->ssl;
356         int r;
357 
358         r = mbedtls_ssl_handshake(ssl);
359         if (r == 0) {
360                 ustream_ssl_verify_cert(us);
361                 return U_SSL_OK;
362         }
363 
364         if (ssl_do_wait(r))
365                 return U_SSL_PENDING;
366 
367         ustream_ssl_error(us, r);
368         return U_SSL_ERROR;
369 }
370 
371 __hidden int __ustream_ssl_write(struct ustream_ssl *us, const char *buf, int len)
372 {
373         void *ssl = us->ssl;
374         int done = 0, ret = 0;
375 
376         while (done != len) {
377                 ret = mbedtls_ssl_write(ssl, (const unsigned char *) buf + done, len - done);
378 
379                 if (ret < 0) {
380                         if (ssl_do_wait(ret))
381                                 return done;
382 
383                         ustream_ssl_error(us, ret);
384                         return -1;
385                 }
386 
387                 done += ret;
388         }
389 
390         return done;
391 }
392 
393 __hidden int __ustream_ssl_read(struct ustream_ssl *us, char *buf, int len)
394 {
395         int ret = mbedtls_ssl_read(us->ssl, (unsigned char *) buf, len);
396 
397         if (ret < 0) {
398                 if (ssl_do_wait(ret))
399                         return U_SSL_PENDING;
400 
401                 if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY)
402                         return 0;
403 
404                 ustream_ssl_error(us, ret);
405                 return U_SSL_ERROR;
406         }
407 
408         return ret;
409 }
410 
411 __hidden void *__ustream_ssl_session_new(struct ustream_ssl_ctx *ctx)
412 {
413         mbedtls_ssl_context *ssl;
414 
415         ssl = calloc(1, sizeof(*ssl));
416         if (!ssl)
417                 return NULL;
418 
419         mbedtls_ssl_init(ssl);
420 
421         if (mbedtls_ssl_setup(ssl, &ctx->conf)) {
422                 free(ssl);
423                 return NULL;
424         }
425 
426         return ssl;
427 }
428 
429 __hidden void __ustream_ssl_session_free(void *ssl)
430 {
431         mbedtls_ssl_free(ssl);
432         free(ssl);
433 }
434 

This page was automatically generated by LXR 0.3.1.  •  OpenWrt