2 * QEMU crypto TLS session support
4 * Copyright (c) 2015 Red Hat, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include "qemu/osdep.h"
22 #include "crypto/tlssession.h"
23 #include "crypto/tlscredsanon.h"
24 #include "crypto/tlscredspsk.h"
25 #include "crypto/tlscredsx509.h"
26 #include "qapi/error.h"
27 #include "authz/base.h"
28 #include "tlscredspriv.h"
34 #include <gnutls/x509.h>
37 struct QCryptoTLSSession {
38 QCryptoTLSCreds *creds;
39 gnutls_session_t handle;
42 bool handshakeComplete;
43 QCryptoTLSSessionWriteFunc writeFunc;
44 QCryptoTLSSessionReadFunc readFunc;
51 qcrypto_tls_session_free(QCryptoTLSSession *session)
57 gnutls_deinit(session->handle);
58 g_free(session->hostname);
59 g_free(session->peername);
60 g_free(session->authzid);
61 object_unref(OBJECT(session->creds));
67 qcrypto_tls_session_push(void *opaque, const void *buf, size_t len)
69 QCryptoTLSSession *session = opaque;
71 if (!session->writeFunc) {
76 return session->writeFunc(buf, len, session->opaque);
81 qcrypto_tls_session_pull(void *opaque, void *buf, size_t len)
83 QCryptoTLSSession *session = opaque;
85 if (!session->readFunc) {
90 return session->readFunc(buf, len, session->opaque);
93 #define TLS_PRIORITY_ADDITIONAL_ANON "+ANON-DH"
94 #define TLS_PRIORITY_ADDITIONAL_PSK "+ECDHE-PSK:+DHE-PSK:+PSK"
97 qcrypto_tls_session_new(QCryptoTLSCreds *creds,
100 QCryptoTLSCredsEndpoint endpoint,
103 QCryptoTLSSession *session;
106 session = g_new0(QCryptoTLSSession, 1);
107 trace_qcrypto_tls_session_new(
108 session, creds, hostname ? hostname : "<none>",
109 authzid ? authzid : "<none>", endpoint);
112 session->hostname = g_strdup(hostname);
115 session->authzid = g_strdup(authzid);
117 session->creds = creds;
118 object_ref(OBJECT(creds));
120 if (creds->endpoint != endpoint) {
121 error_setg(errp, "Credentials endpoint doesn't match session");
125 if (endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
126 ret = gnutls_init(&session->handle, GNUTLS_SERVER);
128 ret = gnutls_init(&session->handle, GNUTLS_CLIENT);
131 error_setg(errp, "Cannot initialize TLS session: %s",
132 gnutls_strerror(ret));
136 if (object_dynamic_cast(OBJECT(creds),
137 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
138 QCryptoTLSCredsAnon *acreds = QCRYPTO_TLS_CREDS_ANON(creds);
141 if (creds->priority != NULL) {
142 prio = g_strdup_printf("%s:%s",
144 TLS_PRIORITY_ADDITIONAL_ANON);
146 prio = g_strdup(CONFIG_TLS_PRIORITY ":"
147 TLS_PRIORITY_ADDITIONAL_ANON);
150 ret = gnutls_priority_set_direct(session->handle, prio, NULL);
152 error_setg(errp, "Unable to set TLS session priority %s: %s",
153 prio, gnutls_strerror(ret));
158 if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
159 ret = gnutls_credentials_set(session->handle,
161 acreds->data.server);
163 ret = gnutls_credentials_set(session->handle,
165 acreds->data.client);
168 error_setg(errp, "Cannot set session credentials: %s",
169 gnutls_strerror(ret));
172 } else if (object_dynamic_cast(OBJECT(creds),
173 TYPE_QCRYPTO_TLS_CREDS_PSK)) {
174 QCryptoTLSCredsPSK *pcreds = QCRYPTO_TLS_CREDS_PSK(creds);
177 if (creds->priority != NULL) {
178 prio = g_strdup_printf("%s:%s",
180 TLS_PRIORITY_ADDITIONAL_PSK);
182 prio = g_strdup(CONFIG_TLS_PRIORITY ":"
183 TLS_PRIORITY_ADDITIONAL_PSK);
186 ret = gnutls_priority_set_direct(session->handle, prio, NULL);
188 error_setg(errp, "Unable to set TLS session priority %s: %s",
189 prio, gnutls_strerror(ret));
194 if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
195 ret = gnutls_credentials_set(session->handle,
197 pcreds->data.server);
199 ret = gnutls_credentials_set(session->handle,
201 pcreds->data.client);
204 error_setg(errp, "Cannot set session credentials: %s",
205 gnutls_strerror(ret));
208 } else if (object_dynamic_cast(OBJECT(creds),
209 TYPE_QCRYPTO_TLS_CREDS_X509)) {
210 QCryptoTLSCredsX509 *tcreds = QCRYPTO_TLS_CREDS_X509(creds);
211 const char *prio = creds->priority;
213 prio = CONFIG_TLS_PRIORITY;
216 ret = gnutls_priority_set_direct(session->handle, prio, NULL);
218 error_setg(errp, "Cannot set default TLS session priority %s: %s",
219 prio, gnutls_strerror(ret));
222 ret = gnutls_credentials_set(session->handle,
223 GNUTLS_CRD_CERTIFICATE,
226 error_setg(errp, "Cannot set session credentials: %s",
227 gnutls_strerror(ret));
231 if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
232 /* This requests, but does not enforce a client cert.
233 * The cert checking code later does enforcement */
234 gnutls_certificate_server_set_request(session->handle,
235 GNUTLS_CERT_REQUEST);
238 error_setg(errp, "Unsupported TLS credentials type %s",
239 object_get_typename(OBJECT(creds)));
243 gnutls_transport_set_ptr(session->handle, session);
244 gnutls_transport_set_push_function(session->handle,
245 qcrypto_tls_session_push);
246 gnutls_transport_set_pull_function(session->handle,
247 qcrypto_tls_session_pull);
252 qcrypto_tls_session_free(session);
257 qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,
262 const gnutls_datum_t *certs;
263 unsigned int nCerts, i;
265 gnutls_x509_crt_t cert = NULL;
269 if (now == ((time_t)-1)) {
270 error_setg_errno(errp, errno, "Cannot get current time");
274 ret = gnutls_certificate_verify_peers2(session->handle, &status);
276 error_setg(errp, "Verify failed: %s", gnutls_strerror(ret));
281 const char *reason = "Invalid certificate";
283 if (status & GNUTLS_CERT_INVALID) {
284 reason = "The certificate is not trusted";
287 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
288 reason = "The certificate hasn't got a known issuer";
291 if (status & GNUTLS_CERT_REVOKED) {
292 reason = "The certificate has been revoked";
295 if (status & GNUTLS_CERT_INSECURE_ALGORITHM) {
296 reason = "The certificate uses an insecure algorithm";
299 error_setg(errp, "%s", reason);
303 certs = gnutls_certificate_get_peers(session->handle, &nCerts);
305 error_setg(errp, "No certificate peers");
309 for (i = 0; i < nCerts; i++) {
310 ret = gnutls_x509_crt_init(&cert);
312 error_setg(errp, "Cannot initialize certificate: %s",
313 gnutls_strerror(ret));
317 ret = gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER);
319 error_setg(errp, "Cannot import certificate: %s",
320 gnutls_strerror(ret));
324 if (gnutls_x509_crt_get_expiration_time(cert) < now) {
325 error_setg(errp, "The certificate has expired");
329 if (gnutls_x509_crt_get_activation_time(cert) > now) {
330 error_setg(errp, "The certificate is not yet activated");
334 if (gnutls_x509_crt_get_activation_time(cert) > now) {
335 error_setg(errp, "The certificate is not yet activated");
340 size_t dnameSize = 1024;
341 session->peername = g_malloc(dnameSize);
343 ret = gnutls_x509_crt_get_dn(cert, session->peername, &dnameSize);
345 if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
346 session->peername = g_realloc(session->peername,
350 error_setg(errp, "Cannot get client distinguished name: %s",
351 gnutls_strerror(ret));
354 if (session->authzid) {
357 allow = qauthz_is_allowed_by_id(session->authzid,
358 session->peername, &err);
360 error_propagate(errp, err);
364 error_setg(errp, "TLS x509 authz check for %s is denied",
369 if (session->hostname) {
370 if (!gnutls_x509_crt_check_hostname(cert, session->hostname)) {
372 "Certificate does not match the hostname %s",
377 if (session->creds->endpoint ==
378 QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) {
379 error_setg(errp, "No hostname for certificate validation");
385 gnutls_x509_crt_deinit(cert);
391 gnutls_x509_crt_deinit(cert);
397 qcrypto_tls_session_check_credentials(QCryptoTLSSession *session,
400 if (object_dynamic_cast(OBJECT(session->creds),
401 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
402 trace_qcrypto_tls_session_check_creds(session, "nop");
404 } else if (object_dynamic_cast(OBJECT(session->creds),
405 TYPE_QCRYPTO_TLS_CREDS_PSK)) {
406 trace_qcrypto_tls_session_check_creds(session, "nop");
408 } else if (object_dynamic_cast(OBJECT(session->creds),
409 TYPE_QCRYPTO_TLS_CREDS_X509)) {
410 if (session->creds->verifyPeer) {
411 int ret = qcrypto_tls_session_check_certificate(session,
413 trace_qcrypto_tls_session_check_creds(session,
414 ret == 0 ? "pass" : "fail");
417 trace_qcrypto_tls_session_check_creds(session, "skip");
421 trace_qcrypto_tls_session_check_creds(session, "error");
422 error_setg(errp, "Unexpected credential type %s",
423 object_get_typename(OBJECT(session->creds)));
430 qcrypto_tls_session_set_callbacks(QCryptoTLSSession *session,
431 QCryptoTLSSessionWriteFunc writeFunc,
432 QCryptoTLSSessionReadFunc readFunc,
435 session->writeFunc = writeFunc;
436 session->readFunc = readFunc;
437 session->opaque = opaque;
442 qcrypto_tls_session_write(QCryptoTLSSession *session,
446 ssize_t ret = gnutls_record_send(session->handle, buf, len);
453 case GNUTLS_E_INTERRUPTED:
468 qcrypto_tls_session_read(QCryptoTLSSession *session,
472 ssize_t ret = gnutls_record_recv(session->handle, buf, len);
479 case GNUTLS_E_INTERRUPTED:
482 case GNUTLS_E_PREMATURE_TERMINATION:
483 errno = ECONNABORTED;
497 qcrypto_tls_session_check_pending(QCryptoTLSSession *session)
499 return gnutls_record_check_pending(session->handle);
504 qcrypto_tls_session_handshake(QCryptoTLSSession *session,
507 int ret = gnutls_handshake(session->handle);
509 session->handshakeComplete = true;
511 if (ret == GNUTLS_E_INTERRUPTED ||
512 ret == GNUTLS_E_AGAIN) {
515 error_setg(errp, "TLS handshake failed: %s",
516 gnutls_strerror(ret));
525 QCryptoTLSSessionHandshakeStatus
526 qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *session)
528 if (session->handshakeComplete) {
529 return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
530 } else if (gnutls_record_get_direction(session->handle) == 0) {
531 return QCRYPTO_TLS_HANDSHAKE_RECVING;
533 return QCRYPTO_TLS_HANDSHAKE_SENDING;
539 qcrypto_tls_session_get_key_size(QCryptoTLSSession *session,
542 gnutls_cipher_algorithm_t cipher;
545 cipher = gnutls_cipher_get(session->handle);
546 ssf = gnutls_cipher_get_key_size(cipher);
548 error_setg(errp, "Cannot get TLS cipher key size");
556 qcrypto_tls_session_get_peer_name(QCryptoTLSSession *session)
558 if (session->peername) {
559 return g_strdup(session->peername);
565 #else /* ! CONFIG_GNUTLS */
569 qcrypto_tls_session_new(QCryptoTLSCreds *creds G_GNUC_UNUSED,
570 const char *hostname G_GNUC_UNUSED,
571 const char *authzid G_GNUC_UNUSED,
572 QCryptoTLSCredsEndpoint endpoint G_GNUC_UNUSED,
575 error_setg(errp, "TLS requires GNUTLS support");
581 qcrypto_tls_session_free(QCryptoTLSSession *sess G_GNUC_UNUSED)
587 qcrypto_tls_session_check_credentials(QCryptoTLSSession *sess G_GNUC_UNUSED,
590 error_setg(errp, "TLS requires GNUTLS support");
596 qcrypto_tls_session_set_callbacks(
597 QCryptoTLSSession *sess G_GNUC_UNUSED,
598 QCryptoTLSSessionWriteFunc writeFunc G_GNUC_UNUSED,
599 QCryptoTLSSessionReadFunc readFunc G_GNUC_UNUSED,
600 void *opaque G_GNUC_UNUSED)
606 qcrypto_tls_session_write(QCryptoTLSSession *sess,
616 qcrypto_tls_session_read(QCryptoTLSSession *sess,
626 qcrypto_tls_session_check_pending(QCryptoTLSSession *session)
633 qcrypto_tls_session_handshake(QCryptoTLSSession *sess,
636 error_setg(errp, "TLS requires GNUTLS support");
641 QCryptoTLSSessionHandshakeStatus
642 qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *sess)
644 return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
649 qcrypto_tls_session_get_key_size(QCryptoTLSSession *sess,
652 error_setg(errp, "TLS requires GNUTLS support");
658 qcrypto_tls_session_get_peer_name(QCryptoTLSSession *sess)