/* tls-mbedtls.c * * Copyright (c) 2019-2021 Apple Computer, Inc. All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * DNS SIG(0) signature verification for DNSSD SRP using mbedtls. * * Provides functions for generating a public key validating context based on SIG(0) KEY RR data, and * validating a signature using a context generated with that public key. Currently only ECDSASHA256 is * supported. */ #include #include #include #include #include #include #include "srp.h" #define SRP_CRYPTO_MBEDTLS_INTERNAL #include "dns-msg.h" #include "srp-crypto.h" #include "ioloop.h" #include "srp-tls.h" // Context that is shared amongs all TLS connections, regardless of which server cert/key is in use. mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; // For now, assume that we are using just one key and one server cert, plus the ca cert. Consequently, we // can treat this as global state. If wanted later, we could make this its own structure. mbedtls_x509_crt cacert_struct, *cacert = NULL; mbedtls_x509_crt srvcert_struct, *srvcert = NULL; mbedtls_pk_context srvkey; mbedtls_ssl_config tls_server_config; mbedtls_ssl_config tls_client_config; mbedtls_ssl_config tls_opportunistic_config; bool srp_tls_init(void) { int status; // Initialize the shared data structures. mbedtls_x509_crt_init(&srvcert_struct); mbedtls_pk_init(&srvkey); mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg); status = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0); if (status != 0) { ERROR("Unable to seed RNG: %x", -status); return false; } return true; } static bool mbedtls_config_init(mbedtls_ssl_config *config, int flags) { int status = mbedtls_ssl_config_defaults(config, flags, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); if (status != 0) { ERROR("Unable to set up default TLS config state: %x", -status); return false; } mbedtls_ssl_conf_rng(config, mbedtls_ctr_drbg_random, &ctr_drbg); return true; } void srp_tls_configure(void *const NULLABLE context) { } bool srp_tls_client_init(void) { if (!mbedtls_config_init(&tls_client_config, MBEDTLS_SSL_IS_CLIENT)) { return false; } if (!mbedtls_config_init(&tls_opportunistic_config, MBEDTLS_SSL_IS_CLIENT)) { return false; } mbedtls_ssl_conf_authmode(&tls_opportunistic_config, MBEDTLS_SSL_VERIFY_OPTIONAL); return true; } bool srp_tls_server_init(const char *cacert_file, const char *srvcert_file, const char *server_key_file) { int status; // Load the public key and cert if (cacert_file != NULL) { status = mbedtls_x509_crt_parse_file(&cacert_struct, cacert_file); if (status != 0) { ERROR("Unable to parse ca cert file: %x", -status); return false; } cacert = &cacert_struct; } if (srvcert_file != NULL) { status = mbedtls_x509_crt_parse_file(&srvcert_struct, srvcert_file); if (status != 0) { ERROR("Unable to parse server cert file: %x", -status); return false; } srvcert = &srvcert_struct; if (srvcert_struct.next && cacert != NULL) { cacert = srvcert_struct.next; } } if (server_key_file != NULL) { status = mbedtls_pk_parse_keyfile(&srvkey, server_key_file, NULL); if (status != 0) { ERROR("Unable to parse server cert file: %x", -status); return false; } } if (!mbedtls_config_init(&tls_server_config, MBEDTLS_SSL_IS_SERVER)) { return false; } if (cacert != NULL) { mbedtls_ssl_conf_ca_chain(&tls_server_config, cacert, NULL); } status = mbedtls_ssl_conf_own_cert(&tls_server_config, srvcert, &srvkey); if (status != 0) { ERROR("Unable to configure own cert: %x", -status); return false; } return true; } static int srp_tls_io_send(void *ctx, const unsigned char *buf, size_t len) { ssize_t ret; comm_t *comm = ctx; ret = write(comm->io.fd, buf, len); if (ret < 0) { if (errno == EAGAIN) { return MBEDTLS_ERR_SSL_WANT_WRITE; } else { return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } } else { return (int)ret; } } static int srp_tls_io_recv(void *ctx, unsigned char *buf, size_t max) { ssize_t ret; comm_t *comm = ctx; ret = read(comm->io.fd, buf, max); if (ret < 0) { if (errno == EWOULDBLOCK || errno == EAGAIN) { return MBEDTLS_ERR_SSL_WANT_READ; } else { return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } } else if (ret == 0) { return MBEDTLS_ERR_SSL_CONN_EOF; } else { return (int)ret; } } bool srp_tls_listen_callback(comm_t *comm) { int status; // Allocate the TLS config and state structures. comm->tls_context = calloc(1, sizeof *comm->tls_context); if (comm->tls_context == NULL) { return false; } status = mbedtls_ssl_setup(&comm->tls_context->context, &tls_server_config); if (status != 0) { ERROR("Unable to set up TLS listener state: %x", -status); return false; } // Set up the I/O functions. mbedtls_ssl_set_bio(&comm->tls_context->context, comm, srp_tls_io_send, srp_tls_io_recv, NULL); // Start the TLS handshake. status = mbedtls_ssl_handshake(&comm->tls_context->context); if (status != 0 && status != MBEDTLS_ERR_SSL_WANT_READ && status != MBEDTLS_ERR_SSL_WANT_WRITE) { ERROR("TLS handshake failed: %x", -status); srp_tls_context_free(comm); ioloop_close(&comm->io); } return true; } bool srp_tls_connect_callback(comm_t *comm) { int status; mbedtls_ssl_config *config = comm->opportunistic ? &tls_opportunistic_config : &tls_client_config; // Allocate the TLS config and state structures. comm->tls_context = calloc(1, sizeof *comm->tls_context); if (comm->tls_context == NULL) { return false; } status = mbedtls_ssl_setup(&comm->tls_context->context, config); if (status != 0) { ERROR("Unable to set up TLS connect state: %x", -status); return false; } // Set up the I/O functions. mbedtls_ssl_set_bio(&comm->tls_context->context, comm, srp_tls_io_send, srp_tls_io_recv, NULL); // Start the TLS handshake. status = mbedtls_ssl_handshake(&comm->tls_context->context); if (status != 0 && status != MBEDTLS_ERR_SSL_WANT_READ && status != MBEDTLS_ERR_SSL_WANT_WRITE) { ERROR("TLS handshake failed: %x", -status); srp_tls_context_free(comm); return false; } if (status == MBEDTLS_ERR_SSL_WANT_READ) { comm->tls_handshake_incomplete = true; } INFO(PRI_S_SRP ": TLS handshake progress %d", comm->name, -status); return true; } ssize_t srp_tls_read(comm_t *comm, unsigned char *buf, size_t max) { // If we aren't done with the TLS handshake, continue it. if (comm->tls_handshake_incomplete) { int status = mbedtls_ssl_handshake(&comm->tls_context->context); if (status != 0 && status != MBEDTLS_ERR_SSL_WANT_READ && status != MBEDTLS_ERR_SSL_WANT_WRITE) { ERROR("TLS handshake failed: %x", -status); srp_tls_context_free(comm); return -1; } if (status == 0) { comm->tls_handshake_incomplete = false; comm->connected(comm, comm->context); } INFO(PRI_S_SRP ": TLS handshake progress %d", comm->name, -status); return 0; } // Otherwise, read application data. int ret = mbedtls_ssl_read(&comm->tls_context->context, buf, max); if (ret < 0) { switch (ret) { case MBEDTLS_ERR_SSL_WANT_READ: return 0; case MBEDTLS_ERR_SSL_WANT_WRITE: ERROR("Got SSL want write in TLS read!"); // This means we got EWOULDBLOCK on a write operation. // Not implemented yet, but the right way to handle this is probably to // deselect read events until the socket is ready to write, then write, // and then re-enable read events. What we don't want is to keep calling // read, because that will spin. return 0; case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: ERROR("Got async in progress in TLS read!"); // No idea how to handle this yet. return 0; #ifdef MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS case MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS: ERROR("Got crypto in progress in TLS read!"); // No idea how to handle this. return 0; #endif default: ERROR("Unexpected response from SSL read: %x", -ret); return -1; } } else { // mbedtls returns 0 for EOF, just like read(), but we need a different signal, // so we treat 0 as an error (for now). In principle, we should get a notification // when the remote end is done writing, so a clean close should be different than // an abrupt close. if (ret == 0) { ERROR("mbedtls_ssl_read returned zero."); return -1; } return ret; } } void srp_tls_context_free(comm_t *comm) { // Free any state that the TLS library allocated mbedtls_ssl_free(&comm->tls_context->context); // Free and forget the context data structure free(comm->tls_context); comm->tls_context = 0; } ssize_t srp_tls_write(comm_t *comm, struct iovec *iov, int iov_len) { int ret; int i; int bytes_written = 0; for (i = 0; i < iov_len; i++) { ret = mbedtls_ssl_write(&comm->tls_context->context, iov[i].iov_base, iov[i].iov_len); if (ret < 0) { switch (ret) { case MBEDTLS_ERR_SSL_WANT_READ: return bytes_written; case MBEDTLS_ERR_SSL_WANT_WRITE: ERROR("Got SSL want write in TLS read!"); return bytes_written; case MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS: ERROR("Got async in progress in TLS read!"); return bytes_written; #ifdef MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS case MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS: ERROR("Got crypto in progress in TLS read!"); return bytes_written; #endif default: ERROR("Unexpected response from SSL read: %x", -ret); return -1; } } else if (ret != iov[i].iov_len) { return bytes_written + ret; } else { bytes_written += ret; } } return bytes_written; } // Dummy function for now; should eventually fetch the TLS context to use for validating // a cert presented by a remote connection. void configure_tls(void *const NULLABLE UNUSED context) { } void schedule_tls_certificate_rotation(wakeup_t **const UNUSED tls_listener_wakeup, comm_t *const UNUSED tls_listener_to_rotate) { ; } // Local Variables: // mode: C // tab-width: 4 // c-file-style: "bsd" // c-basic-offset: 4 // fill-column: 108 // indent-tabs-mode: nil // End: