1
2
3 #include "gs-common.h"
4 #include <gsocket/gsocket.h>
5 #include "gsocket-engine.h"
6 #include "gs-externs.h"
7
8 #ifdef HAVE_LIBCRYPTO
9
10 #include <openssl/srp.h>
11 #include <openssl/ssl.h>
12 #include <openssl/rand.h>
13 #include <openssl/err.h>
14
15 /*
16 * Called by the SSL object when a SRP negotiation is requested by peer.
17 * ### SERVER ###
18 */
19 static int
srp_username_cb(SSL * ssl,int * ad,void * arg)20 srp_username_cb(SSL *ssl, int *ad, void *arg)
21 {
22 SRP_user_pwd *p;
23 SRP_VBASE *lsrpData = (SRP_VBASE *)arg;
24
25 if (ssl == NULL)
26 return -1;
27
28 if (lsrpData == NULL)
29 return -1; // Not ready yet.
30
31 p = SRP_VBASE_get1_by_user(lsrpData, "user");
32 if (p == NULL)
33 return -1; // Bad User.
34
35 if (SSL_set_srp_server_param(ssl, p->N, p->g, p->s, p->v, NULL) != 1)
36 ERREXIT("SSL_set_srp_server_param() failed...\n");
37 SRP_user_pwd_free(p);
38 // DEBUGF("SUCCESS, returning SSL_ERROR_NONE\n");
39
40 return SSL_ERROR_NONE;
41 }
42
43 /*
44 * ### CLIENT ###
45 */
46 static char *
srp_client_pwd_cb(SSL * ssl,void * arg)47 srp_client_pwd_cb(SSL *ssl, void *arg)
48 {
49 GS *gs = (GS *)arg;
50 DEBUGF("Called in CLIENT only??? ssl = %p, arg = %p, pwd='%s'\n", ssl, arg, gs->srp_sec);
51 return OPENSSL_strdup(gs->srp_sec);
52 }
53
54 /*
55 * ### SERVER ###
56 */
57 static void
gs_srp_setpassword(GS * gs,const char * pwd_str)58 gs_srp_setpassword(GS *gs, const char *pwd_str)
59 {
60 SRP_gN *gN;
61 SRP_user_pwd *p;
62
63 DEBUGF("Setting SRP password to '%s'\n", pwd_str);
64 if (gs->srpData != NULL)
65 {
66 DEBUGF("WARNING: srpData already initizalied\n");
67 return;
68 }
69
70 gs->srpData = SRP_VBASE_new(NULL);
71 XASSERT(gs->srpData != NULL, "\n");
72
73 p = (SRP_user_pwd *)OPENSSL_malloc(sizeof (SRP_user_pwd));
74 XASSERT(p != NULL, "\n");
75
76 gN = SRP_get_default_gN(GS_DFL_CIPHER_STRENGTH);
77 XASSERT(gN != NULL, "SRP_get_default_gN()\n");
78
79 char *srpCheck = SRP_check_known_gN_param(gN->g, gN->N);
80 XASSERT(srpCheck != NULL, "Bad Crypto SRP_check_known_gN_param() failed.\n");
81
82 BIGNUM *salt = NULL;
83 BIGNUM *verifier = NULL;
84
85 SRP_create_verifier_BN("user", pwd_str, &salt, &verifier, gN->N, gN->g);
86
87 p->id = "user";
88 p->g = gN->g;
89 p->N = gN->N;
90 p->s = salt;
91 p->v = verifier;
92 p->info = NULL;
93
94 sk_SRP_user_pwd_push(gs->srpData->users_pwd, p);
95 }
96
97
98 static void
gs_ssl_ctx_init(GS * gs,int is_server)99 gs_ssl_ctx_init(GS *gs, int is_server)
100 {
101 int ret;
102
103 if (gs->ssl_ctx != NULL)
104 {
105 DEBUGF("SHOULD NOT HAPPEN\n");
106 return; /* Already got a SSL CTX */
107 }
108
109 SSL_CTX *ctx = NULL;
110
111 ctx = SSL_CTX_new(SSLv23_method());
112 XASSERT(ctx != NULL, "SSL_CTX_new() failed.\n");
113
114 long options = 0;
115 options |= SSL_OP_NO_SSLv2;
116 options |= SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
117 options |= SSL_OP_NO_TICKET;
118 options |= SSL_OP_CIPHER_SERVER_PREFERENCE;
119 options |= SSL_OP_SINGLE_DH_USE;
120 SSL_CTX_set_options(ctx, options);
121
122 ret = SSL_CTX_set_cipher_list(ctx, GS_DFL_CIPHER);
123 XASSERT(ret == 1, "SSL_CTX_set_cipher_list()\n");
124
125 #if 1
126 /* AUTO_RETRY for blocking SRP is easier */
127 long mode;
128 mode = SSL_CTX_get_mode(ctx);
129 mode |= SSL_MODE_AUTO_RETRY; /* Let OpenSSL handle all writes internally */
130 SSL_CTX_set_mode(ctx, mode);
131 #endif
132
133 if (is_server)
134 {
135 DEBUGF("...SRP SERVER...\n");
136 /* SERVER */
137 SSL_CTX_set_srp_username_callback(ctx, srp_username_cb);
138 gs_srp_setpassword(gs, gs->srp_sec);
139 /* The user's SRP password is set per SSL_CTX. This means
140 * we need a new SSL_CTX for every GS connection :/
141 * The only time we re-use a CTX is when gsocket
142 * is in server mode and using SSL_accept() from
143 * multiple TCP connections and all using the same
144 * Global Socket address.
145 */
146 ret = SSL_CTX_set_srp_cb_arg(ctx, gs->srpData);
147 XASSERT(ret == 1, "SSL_CTX_set_srp_cb_arg()\n");
148
149
150 } else {
151 DEBUGF("...SRP CLIENT...\n");
152 /* CLIENT */
153 SSL_CTX_set_srp_username(ctx, "user");
154 SSL_CTX_set_srp_cb_arg(ctx, gs);
155 SSL_CTX_set_srp_client_pwd_callback(ctx, srp_client_pwd_cb);
156 }
157
158 gs->ssl_ctx = ctx;
159 }
160
161
162 static void
gs_ssl_init(GS * gsocket)163 gs_ssl_init(GS *gsocket)
164 {
165 SSL *ssl = gsocket->ssl;
166
167 if (ssl != NULL)
168 return;
169
170 ssl = SSL_new(gsocket->ssl_ctx);
171 gsocket->ssl = ssl;
172 }
173
174 const char *
GS_SSL_strerror(int err)175 GS_SSL_strerror(int err)
176 {
177 switch (err)
178 {
179 case SSL_ERROR_NONE:
180 return D_GRE("None");
181 case SSL_ERROR_ZERO_RETURN:
182 return "ZERO_RETURN (close-notify recv)";
183 case SSL_ERROR_WANT_READ:
184 return D_YEL("WANT_READ");
185 case SSL_ERROR_WANT_WRITE:
186 return D_YEL("WANT_WRITE");
187 case SSL_ERROR_WANT_CONNECT:
188 return "WANT CONNECT";
189 case SSL_ERROR_WANT_ACCEPT:
190 return "WANT ACCEPT";
191 case SSL_ERROR_WANT_X509_LOOKUP:
192 return "WANT X509 LOOKUP";
193 #ifdef SSL_ERROR_WANT_ASYNC
194 case SSL_ERROR_WANT_ASYNC:
195 return "WANT_ASYNC";
196 #endif
197 case SSL_ERROR_SYSCALL:
198 return D_RED("SYSCALL");
199 case SSL_ERROR_SSL:
200 return D_RED("FATAL ERROR");
201 }
202 return "unknown :/";
203 }
204
205
206 /*
207 * Determine if a call to SSL_* triggered WANT-READ or WANT-WRITE
208 * for the underlying I/O. WANT-READ does not mean that
209 * SSL_read() needs to be called but rather that the underlying
210 * tcp_fd needs to be ready for reading and that the original
211 * SSL_* function needs to be called - which could have been
212 * SSL_write() - Yes, SSL_write() might return WANT-READ
213 * and SSL_write() needs to be called again once the underlying
214 * socket has data ready for reading.
215 *
216 * Return 0 on success.
217 * Return -1 on fatal error.
218 */
219 int
gs_ssl_want_io_rw(GS_SELECT_CTX * ctx,int fd,int err)220 gs_ssl_want_io_rw(GS_SELECT_CTX *ctx, int fd, int err)
221 {
222 if (ctx == NULL)
223 return GS_ERR_FATAL;
224
225 char *ptr = NULL;
226 #ifdef DEBUG
227 char buf[128];
228 ptr = buf;
229 snprintf(buf, sizeof buf, "I/O SSL_%s", GS_SSL_strerror(err));
230 #endif
231 gs_select_rw_save_state(ctx, fd, ptr);
232
233 if (err == SSL_ERROR_WANT_READ)
234 {
235 XFD_SET(fd, ctx->rfd);
236 ctx->want_io_read[fd] = 1;
237 return 0;
238 }
239 if (err == SSL_ERROR_WANT_WRITE)
240 {
241 XFD_SET(fd, ctx->wfd);
242 ctx->want_io_write[fd] = 1;
243 DEBUGF_B("ctx->want_io_write[fd=%d] := %d\n", fd, ctx->want_io_write[fd]);
244 return 0;
245 }
246
247 return GS_ERR_FATAL;
248 }
249
250 void
gs_ssl_want_io_finished(GS * gs)251 gs_ssl_want_io_finished(GS *gs)
252 {
253 // DEBUGF_B("want_io_finished fd = %d\n", gs->fd);
254 /* Return if we do not track WANT-READ/WANT-WRITE */
255 if (gs->ctx->gselect_ctx == NULL)
256 return;
257
258 gs->ctx->gselect_ctx->want_io_read[gs->fd] = 0;
259 gs->ctx->gselect_ctx->want_io_write[gs->fd] = 0;
260 gs_select_rw_restore_state(gs->ctx->gselect_ctx, gs->fd, "X");
261 }
262
263 /*
264 * See GS_shutdown() for return values.
265 */
266 int
gs_ssl_shutdown(GS * gsocket)267 gs_ssl_shutdown(GS *gsocket)
268 {
269 int ret;
270 int err;
271
272 gsocket->ssl_shutdown_count++;
273
274 DEBUGF_Y("%d. call to gs_ssl_shutdown\n", gsocket->ssl_shutdown_count);
275 if (gsocket->ssl == NULL)
276 {
277 DEBUGF_Y("*** WARNING ****: ssl == NULL\n");
278 return GS_ERR_FATAL;
279 }
280
281 /* SSL_shutdown() only closes the write direction. It is not possible
282 * to call SSL_write() after calling SSL_shutdown. The read directio is
283 * closed by the peer.
284 */
285 ret = SSL_shutdown(gsocket->ssl);
286 DEBUGF_Y("SSL_shutdown() = %d (%s)\n", ret, ret==1?"COMPLETE":"waiting (stopped writing)");
287 /* 1 == SUCCESS (close notify received)
288 * 0 == Close-sent (check SSL_read() for EOF).
289 * Do not send any further data (but still receive data)
290 */
291 gsocket->is_sent_shutdown = 1;
292 if (ret == 1)
293 {
294 /* SUCCESS (close notify received & sent) */
295 return GS_ERR_FATAL; /* SUCCESSFULL Shutdown. Ready to destroy connection now */
296 }
297 if (ret == 0)
298 {
299 gsocket->is_want_shutdown = 0;
300 /* HERE: Expecting more data (check SSL_read() */
301 // gsocket->ssl_wait_for_eof = 1;
302 return GS_SUCCESS; /* Connection open for reading only */
303 }
304
305 err = SSL_get_error(gsocket->ssl, ret);
306 DEBUGF_Y("SSL Error: %d\n", err);
307
308 ret = gs_ssl_want_io_rw(gsocket->ctx->gselect_ctx, gsocket->fd, err);
309 if (ret != 0)
310 return GS_ERR_FATAL;
311
312 gsocket->ctx->gselect_ctx->blocking_func[gsocket->fd] |= GS_CALLWRITE;
313 gsocket->write_pending = 1;
314 gsocket->is_want_shutdown = 1;
315
316 return GS_ERR_WAITING; /* Waiting for I/O */
317 }
318
319 static int
ssl_accept(GS * gsocket)320 ssl_accept(GS *gsocket)
321 {
322 int ret;
323
324 ret = SSL_accept(gsocket->ssl);
325 DEBUGF("Call to SSL_accept() = %d\n", ret);
326 if (ret != 1)
327 {
328 gsocket->ssl_state = GS_SSL_STATE_ACCEPT;
329 return ret;
330 }
331
332 /* Check that is is a SRP connection (not x509) */
333 char *user = SSL_get_srp_username(gsocket->ssl);
334 if (user == NULL)
335 return -31337;
336
337 /* HERE: SSL SRP accepted and valid */
338 gsocket->ssl_state = GS_SSL_STATE_RW;
339
340 return 1; /* SUCCESS */
341 }
342
343 static int
ssl_connect(GS * gsocket)344 ssl_connect(GS *gsocket)
345 {
346 int ret;
347
348 ret = SSL_connect(gsocket->ssl);
349 DEBUGF("SSL_connect() = %d\n", ret);
350 if (ret != 1)
351 {
352 gsocket->ssl_state = GS_SSL_STATE_CONNECT;
353 return ret;
354 }
355
356 gsocket->ssl_state = GS_SSL_STATE_RW;
357
358 return 1; /* SUCCESS */
359 }
360
361 static int
ssl_shutdown(GS * gs)362 ssl_shutdown(GS *gs)
363 {
364 int ret;
365
366 ret = SSL_shutdown(gs->ssl);
367 DEBUGF_Y("SSL_shutdown() = %d\n", ret);
368 /* 0 = Not yet finished. (do not call SSL_get_error())
369 * 1 = complete
370 * <0 = would-block (WANT-WRITE or WANT-READ)
371 */
372 if (ret < 0)
373 return ret; // WANT-WRITE or WANT-READ
374
375 gs->is_sent_shutdown = 1;
376
377 return 1;
378 }
379
380 static const char *
ssl_state_str(enum ssl_state_t state)381 ssl_state_str(enum ssl_state_t state)
382 {
383 switch (state)
384 {
385 case GS_SSL_STATE_ACCEPT:
386 return "accept";
387 case GS_SSL_STATE_CONNECT:
388 return "connect";
389 case GS_SSL_STATE_RW:
390 return "read/write";
391 case GS_SSL_STATE_SHUTDOWN:
392 return "shutdown";
393 }
394 return "UNKNOWN";
395 }
396
397 /*
398 * Continue an interrupted state (SSL_accpet/SSL_connect)
399 *
400 * Return 0 when done (state recovered).
401 * Return -1 on fatal error.
402 * Return 1 if unknown state (and SSL_read() or SSL_write() should handle it.
403 */
404 int
gs_ssl_continue(GS * gsocket,enum gs_rw_state_t rw_state)405 gs_ssl_continue(GS *gsocket, enum gs_rw_state_t rw_state)
406 {
407 int ret;
408 int state = gsocket->ssl_state;
409
410 /* FIXME: This check could be done in the calling function for speedup */
411 // DEBUGF("ssl-state=%d, rw_state=%d\n", state, rw_state);
412 if (rw_state == GS_CAN_WRITE)
413 {
414 // write wont block.
415 if (gsocket->is_want_shutdown == 0)
416 {
417 // Not a SSL_shutdown()
418 if ((state != GS_SSL_STATE_ACCEPT) && (state != GS_SSL_STATE_CONNECT) && (state != GS_SSL_STATE_SHUTDOWN))
419 {
420 // DEBUGF("ssl_continue: nothing to continue\n");
421 return 1; // nothing to do
422 }
423 }
424 } else {
425 if ((state != GS_SSL_STATE_ACCEPT) && (state != GS_SSL_STATE_CONNECT) && (state != GS_SSL_STATE_SHUTDOWN))
426 return 1;
427 }
428
429 /* SSL Handshake not yet complete. Complete it. */
430 if (state == GS_SSL_STATE_ACCEPT)
431 {
432 ret = ssl_accept(gsocket);
433 } else if (state == GS_SSL_STATE_CONNECT) { /* GS_SSL_STATE_CONNECT */
434 ret = ssl_connect(gsocket);
435 } else {
436 ret = ssl_shutdown(gsocket);
437 gsocket->is_want_shutdown = 0;
438 }
439 if (ret == 1)
440 {
441 DEBUGF_G("*** SUCCESS *** [SSL_%s()]\n", ssl_state_str(state));
442 gs_ssl_want_io_finished(gsocket);
443 if ((gsocket->is_want_shutdown != 0) && (state != GS_SSL_STATE_SHUTDOWN))
444 {
445 DEBUGF_Y("SHUTDOWN was requested earlier. Doing it now.\n");
446 GS_shutdown(gsocket);
447 }
448 /* SSL_accept()/SSL_connect() has finished. Drop into SSL_read()/SSL_write */
449 return 0;
450 }
451
452 /* From ssl_accept() if user was not found.
453 * No need to check SSL_get_error.
454 * This is fatal.
455 */
456 if (ret == -31337)
457 return GS_ERR_FATAL;
458
459 /* SSL_connect()/SSL_accept() can return 1 on SUCCESS or <0 if WOULD-BLOCK */
460 /* A return value of 0 however means that the SSL was shut-down gracefully */
461 int err = SSL_get_error(gsocket->ssl, ret);
462 DEBUGF("SSL_ERROR SSL_%s() = SSL_%s(ret=%d, err=%d)\n", ssl_state_str(state), GS_SSL_strerror(err), ret, err);
463 if (ERR_peek_last_error())
464 DEBUGF_Y(" %s\n", ERR_error_string(ERR_peek_last_error(), NULL));
465 if ((err != SSL_ERROR_WANT_READ) && (err != SSL_ERROR_WANT_WRITE))
466 gs_set_errorf(gsocket, "SSL_%s: %s", ssl_state_str(state), GS_SSL_strerror(err));
467
468 ret = gs_ssl_want_io_rw(gsocket->ctx->gselect_ctx, gsocket->fd, err);
469 DEBUGF("gs_ssl_continue will return = %d (%s)\n", ret, ret<0?"FATAL":"continue");
470
471 if (ret != 0)
472 return GS_ERR_FATAL; /* Return a fatal error if SSL was shut-down */
473
474 return ret;
475 }
476
477 /*
478 * Initialize SSL Library if it hasnt been done so already.
479 * Create SSL_CTX on GS_CTX if it hasnt been done so already.
480 * Create SSL on GS if it hasnt been done so already.
481 *
482 * This is called at the start of GS_listen() or GS_connect().
483 *
484 * Return 0 on success.
485 * Return 1 if SSL_read/SSL_write is next
486 * Return -1 on fata error
487 *
488 */
489 int
gs_srp_init(GS * gsocket)490 gs_srp_init(GS *gsocket)
491 {
492 gs_ssl_ctx_init(gsocket, gsocket->flags & GS_FL_IS_SERVER?1:0);
493 gs_ssl_init(gsocket); /* Call to SSL_new() */
494 DEBUGF("AFTER SSL init\n");
495
496 if (gsocket->fd < 0)
497 ERREXIT("can not happen, fd = %d\n", gsocket->fd);
498 SSL_set_fd(gsocket->ssl, gsocket->fd);
499 /* SRP client starts the handshake */
500 gsocket->ssl_state = GS_SSL_STATE_CONNECT;
501 if (gsocket->flags & GS_FL_IS_SERVER)
502 {
503 DEBUGF("This is SSL-SERVER (call SSL_accept()\n");
504 gsocket->ssl_state = GS_SSL_STATE_ACCEPT;
505 }
506 int ret;
507 ret = gs_ssl_continue(gsocket, GS_CAN_RW);
508 DEBUGF("gs_srp_init() will return %d\n", ret);
509
510 return ret;
511 }
512
513 void
GS_srp_setpassword(GS * gsocket,const char * pwd)514 GS_srp_setpassword(GS *gsocket, const char *pwd)
515 {
516 snprintf(gsocket->srp_sec, sizeof gsocket->srp_sec, "%s.%s", "KD/1/2/THC/KeyForSRPSec/Path", pwd);
517 }
518
519 const char *
GS_get_cipher(GS * gs)520 GS_get_cipher(GS *gs)
521 {
522 if (gs->flags & GSC_FL_USE_SRP)
523 return GS_DFL_CIPHER"-End2End";
524
525 return "NO ENCRYPTION";
526 }
527
528 int
GS_get_cipher_strength(GS * gs)529 GS_get_cipher_strength(GS *gs)
530 {
531 if (gs->flags & GSC_FL_USE_SRP)
532 return atoi(GS_DFL_CIPHER_STRENGTH);
533
534 return 0;
535 }
536
537
538 #endif /* HAVE_LIBCRYPTO */
539
540