[mirror_qemu.git] / crypto / tlssession.c

/*
 * QEMU crypto TLS session support
 *
 * Copyright (c) 2015 Red Hat, Inc.
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
 *
 */

#include "qemu/osdep.h"
#include "crypto/tlssession.h"
#include "crypto/tlscredsanon.h"
#include "crypto/tlscredspsk.h"
#include "crypto/tlscredsx509.h"
#include "qapi/error.h"
#include "authz/base.h"
#include "tlscredspriv.h"
#include "trace.h"

#ifdef CONFIG_GNUTLS


#include <gnutls/x509.h>


struct QCryptoTLSSession {
    QCryptoTLSCreds *creds;
    gnutls_session_t handle;
    char *hostname;
    char *authzid;
    bool handshakeComplete;
    QCryptoTLSSessionWriteFunc writeFunc;
    QCryptoTLSSessionReadFunc readFunc;
    void *opaque;
    char *peername;
};


void
qcrypto_tls_session_free(QCryptoTLSSession *session)
{
    if (!session) {
        return;
    }

    gnutls_deinit(session->handle);
    g_free(session->hostname);
    g_free(session->peername);
    g_free(session->authzid);
    object_unref(OBJECT(session->creds));
    g_free(session);
}


static ssize_t
qcrypto_tls_session_push(void *opaque, const void *buf, size_t len)
{
    QCryptoTLSSession *session = opaque;

    if (!session->writeFunc) {
        errno = EIO;
        return -1;
    };

    return session->writeFunc(buf, len, session->opaque);
}


static ssize_t
qcrypto_tls_session_pull(void *opaque, void *buf, size_t len)
{
    QCryptoTLSSession *session = opaque;

    if (!session->readFunc) {
        errno = EIO;
        return -1;
    };

    return session->readFunc(buf, len, session->opaque);
}

#define TLS_PRIORITY_ADDITIONAL_ANON "+ANON-DH"
#define TLS_PRIORITY_ADDITIONAL_PSK "+ECDHE-PSK:+DHE-PSK:+PSK"

QCryptoTLSSession *
qcrypto_tls_session_new(QCryptoTLSCreds *creds,
                        const char *hostname,
                        const char *authzid,
                        QCryptoTLSCredsEndpoint endpoint,
                        Error **errp)
{
    QCryptoTLSSession *session;
    int ret;

    session = g_new0(QCryptoTLSSession, 1);
    trace_qcrypto_tls_session_new(
        session, creds, hostname ? hostname : "<none>",
        authzid ? authzid : "<none>", endpoint);

    if (hostname) {
        session->hostname = g_strdup(hostname);
    }
    if (authzid) {
        session->authzid = g_strdup(authzid);
    }
    session->creds = creds;
    object_ref(OBJECT(creds));

    if (creds->endpoint != endpoint) {
        error_setg(errp, "Credentials endpoint doesn't match session");
        goto error;
    }

    if (endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
        ret = gnutls_init(&session->handle, GNUTLS_SERVER);
    } else {
        ret = gnutls_init(&session->handle, GNUTLS_CLIENT);
    }
    if (ret < 0) {
        error_setg(errp, "Cannot initialize TLS session: %s",
                   gnutls_strerror(ret));
        goto error;
    }

    if (object_dynamic_cast(OBJECT(creds),
                            TYPE_QCRYPTO_TLS_CREDS_ANON)) {
        QCryptoTLSCredsAnon *acreds = QCRYPTO_TLS_CREDS_ANON(creds);
        char *prio;

        if (creds->priority != NULL) {
            prio = g_strdup_printf("%s:%s",
                                   creds->priority,
                                   TLS_PRIORITY_ADDITIONAL_ANON);
        } else {
            prio = g_strdup(CONFIG_TLS_PRIORITY ":"
                            TLS_PRIORITY_ADDITIONAL_ANON);
        }

        ret = gnutls_priority_set_direct(session->handle, prio, NULL);
        if (ret < 0) {
            error_setg(errp, "Unable to set TLS session priority %s: %s",
                       prio, gnutls_strerror(ret));
            g_free(prio);
            goto error;
        }
        g_free(prio);
        if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
            ret = gnutls_credentials_set(session->handle,
                                         GNUTLS_CRD_ANON,
                                         acreds->data.server);
        } else {
            ret = gnutls_credentials_set(session->handle,
                                         GNUTLS_CRD_ANON,
                                         acreds->data.client);
        }
        if (ret < 0) {
            error_setg(errp, "Cannot set session credentials: %s",
                       gnutls_strerror(ret));
            goto error;
        }
    } else if (object_dynamic_cast(OBJECT(creds),
                                   TYPE_QCRYPTO_TLS_CREDS_PSK)) {
        QCryptoTLSCredsPSK *pcreds = QCRYPTO_TLS_CREDS_PSK(creds);
        char *prio;

        if (creds->priority != NULL) {
            prio = g_strdup_printf("%s:%s",
                                   creds->priority,
                                   TLS_PRIORITY_ADDITIONAL_PSK);
        } else {
            prio = g_strdup(CONFIG_TLS_PRIORITY ":"
                            TLS_PRIORITY_ADDITIONAL_PSK);
        }

        ret = gnutls_priority_set_direct(session->handle, prio, NULL);
        if (ret < 0) {
            error_setg(errp, "Unable to set TLS session priority %s: %s",
                       prio, gnutls_strerror(ret));
            g_free(prio);
            goto error;
        }
        g_free(prio);
        if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
            ret = gnutls_credentials_set(session->handle,
                                         GNUTLS_CRD_PSK,
                                         pcreds->data.server);
        } else {
            ret = gnutls_credentials_set(session->handle,
                                         GNUTLS_CRD_PSK,
                                         pcreds->data.client);
        }
        if (ret < 0) {
            error_setg(errp, "Cannot set session credentials: %s",
                       gnutls_strerror(ret));
            goto error;
        }
    } else if (object_dynamic_cast(OBJECT(creds),
                                   TYPE_QCRYPTO_TLS_CREDS_X509)) {
        QCryptoTLSCredsX509 *tcreds = QCRYPTO_TLS_CREDS_X509(creds);
        const char *prio = creds->priority;
        if (!prio) {
            prio = CONFIG_TLS_PRIORITY;
        }

        ret = gnutls_priority_set_direct(session->handle, prio, NULL);
        if (ret < 0) {
            error_setg(errp, "Cannot set default TLS session priority %s: %s",
                       prio, gnutls_strerror(ret));
            goto error;
        }
        ret = gnutls_credentials_set(session->handle,
                                     GNUTLS_CRD_CERTIFICATE,
                                     tcreds->data);
        if (ret < 0) {
            error_setg(errp, "Cannot set session credentials: %s",
                       gnutls_strerror(ret));
            goto error;
        }

        if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
            /* This requests, but does not enforce a client cert.
             * The cert checking code later does enforcement */
            gnutls_certificate_server_set_request(session->handle,
                                                  GNUTLS_CERT_REQUEST);
        }
    } else {
        error_setg(errp, "Unsupported TLS credentials type %s",
                   object_get_typename(OBJECT(creds)));
        goto error;
    }

    gnutls_transport_set_ptr(session->handle, session);
    gnutls_transport_set_push_function(session->handle,
                                       qcrypto_tls_session_push);
    gnutls_transport_set_pull_function(session->handle,
                                       qcrypto_tls_session_pull);

    return session;

 error:
    qcrypto_tls_session_free(session);
    return NULL;
}

static int
qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,
                                      Error **errp)
{
    int ret;
    unsigned int status;
    const gnutls_datum_t *certs;
    unsigned int nCerts, i;
    time_t now;
    gnutls_x509_crt_t cert = NULL;
    Error *err = NULL;

    now = time(NULL);
    if (now == ((time_t)-1)) {
        error_setg_errno(errp, errno, "Cannot get current time");
        return -1;
    }

    ret = gnutls_certificate_verify_peers2(session->handle, &status);
    if (ret < 0) {
        error_setg(errp, "Verify failed: %s", gnutls_strerror(ret));
        return -1;
    }

    if (status != 0) {
        const char *reason = "Invalid certificate";

        if (status & GNUTLS_CERT_INVALID) {
            reason = "The certificate is not trusted";
        }

        if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
            reason = "The certificate hasn't got a known issuer";
        }

        if (status & GNUTLS_CERT_REVOKED) {
            reason = "The certificate has been revoked";
        }

        if (status & GNUTLS_CERT_INSECURE_ALGORITHM) {
            reason = "The certificate uses an insecure algorithm";
        }

        error_setg(errp, "%s", reason);
        return -1;
    }

    certs = gnutls_certificate_get_peers(session->handle, &nCerts);
    if (!certs) {
        error_setg(errp, "No certificate peers");
        return -1;
    }

    for (i = 0; i < nCerts; i++) {
        ret = gnutls_x509_crt_init(&cert);
        if (ret < 0) {
            error_setg(errp, "Cannot initialize certificate: %s",
                       gnutls_strerror(ret));
            return -1;
        }

        ret = gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER);
        if (ret < 0) {
            error_setg(errp, "Cannot import certificate: %s",
                       gnutls_strerror(ret));
            goto error;
        }

        if (gnutls_x509_crt_get_expiration_time(cert) < now) {
            error_setg(errp, "The certificate has expired");
            goto error;
        }

        if (gnutls_x509_crt_get_activation_time(cert) > now) {
            error_setg(errp, "The certificate is not yet activated");
            goto error;
        }

        if (gnutls_x509_crt_get_activation_time(cert) > now) {
            error_setg(errp, "The certificate is not yet activated");
            goto error;
        }

        if (i == 0) {
            size_t dnameSize = 1024;
            session->peername = g_malloc(dnameSize);
        requery:
            ret = gnutls_x509_crt_get_dn(cert, session->peername, &dnameSize);
            if (ret < 0) {
                if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
                    session->peername = g_realloc(session->peername,
                                                  dnameSize);
                    goto requery;
                }
                error_setg(errp, "Cannot get client distinguished name: %s",
                           gnutls_strerror(ret));
                goto error;
            }
            if (session->authzid) {
                bool allow;

                allow = qauthz_is_allowed_by_id(session->authzid,
                                                session->peername, &err);
                if (err) {
                    error_propagate(errp, err);
                    goto error;
                }
                if (!allow) {
                    error_setg(errp, "TLS x509 authz check for %s is denied",
                               session->peername);
                    goto error;
                }
            }
            if (session->hostname) {
                if (!gnutls_x509_crt_check_hostname(cert, session->hostname)) {
                    error_setg(errp,
                               "Certificate does not match the hostname %s",
                               session->hostname);
                    goto error;
                }
            }
        }

        gnutls_x509_crt_deinit(cert);
    }

    return 0;

 error:
    gnutls_x509_crt_deinit(cert);
    return -1;
}


int
qcrypto_tls_session_check_credentials(QCryptoTLSSession *session,
                                      Error **errp)
{
    if (object_dynamic_cast(OBJECT(session->creds),
                            TYPE_QCRYPTO_TLS_CREDS_ANON)) {
        trace_qcrypto_tls_session_check_creds(session, "nop");
        return 0;
    } else if (object_dynamic_cast(OBJECT(session->creds),
                            TYPE_QCRYPTO_TLS_CREDS_PSK)) {
        trace_qcrypto_tls_session_check_creds(session, "nop");
        return 0;
    } else if (object_dynamic_cast(OBJECT(session->creds),
                            TYPE_QCRYPTO_TLS_CREDS_X509)) {
        if (session->creds->verifyPeer) {
            int ret = qcrypto_tls_session_check_certificate(session,
                                                            errp);
            trace_qcrypto_tls_session_check_creds(session,
                                                  ret == 0 ? "pass" : "fail");
            return ret;
        } else {
            trace_qcrypto_tls_session_check_creds(session, "skip");
            return 0;
        }
    } else {
        trace_qcrypto_tls_session_check_creds(session, "error");
        error_setg(errp, "Unexpected credential type %s",
                   object_get_typename(OBJECT(session->creds)));
        return -1;
    }
}


void
qcrypto_tls_session_set_callbacks(QCryptoTLSSession *session,
                                  QCryptoTLSSessionWriteFunc writeFunc,
                                  QCryptoTLSSessionReadFunc readFunc,
                                  void *opaque)
{
    session->writeFunc = writeFunc;
    session->readFunc = readFunc;
    session->opaque = opaque;
}


ssize_t
qcrypto_tls_session_write(QCryptoTLSSession *session,
                          const char *buf,
                          size_t len)
{
    ssize_t ret = gnutls_record_send(session->handle, buf, len);

    if (ret < 0) {
        switch (ret) {
        case GNUTLS_E_AGAIN:
            errno = EAGAIN;
            break;
        case GNUTLS_E_INTERRUPTED:
            errno = EINTR;
            break;
        default:
            errno = EIO;
            break;
        }
        ret = -1;
    }

    return ret;
}


ssize_t
qcrypto_tls_session_read(QCryptoTLSSession *session,
                         char *buf,
                         size_t len)
{
    ssize_t ret = gnutls_record_recv(session->handle, buf, len);

    if (ret < 0) {
        switch (ret) {
        case GNUTLS_E_AGAIN:
            errno = EAGAIN;
            break;
        case GNUTLS_E_INTERRUPTED:
            errno = EINTR;
            break;
        case GNUTLS_E_PREMATURE_TERMINATION:
            errno = ECONNABORTED;
            break;
        default:
            errno = EIO;
            break;
        }
        ret = -1;
    }

    return ret;
}


int
qcrypto_tls_session_handshake(QCryptoTLSSession *session,
                              Error **errp)
{
    int ret = gnutls_handshake(session->handle);
    if (ret == 0) {
        session->handshakeComplete = true;
    } else {
        if (ret == GNUTLS_E_INTERRUPTED ||
            ret == GNUTLS_E_AGAIN) {
            ret = 1;
        } else {
            error_setg(errp, "TLS handshake failed: %s",
                       gnutls_strerror(ret));
            ret = -1;
        }
    }

    return ret;
}


QCryptoTLSSessionHandshakeStatus
qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *session)
{
    if (session->handshakeComplete) {
        return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
    } else if (gnutls_record_get_direction(session->handle) == 0) {
        return QCRYPTO_TLS_HANDSHAKE_RECVING;
    } else {
        return QCRYPTO_TLS_HANDSHAKE_SENDING;
    }
}


int
qcrypto_tls_session_get_key_size(QCryptoTLSSession *session,
                                 Error **errp)
{
    gnutls_cipher_algorithm_t cipher;
    int ssf;

    cipher = gnutls_cipher_get(session->handle);
    ssf = gnutls_cipher_get_key_size(cipher);
    if (!ssf) {
        error_setg(errp, "Cannot get TLS cipher key size");
        return -1;
    }
    return ssf;
}


char *
qcrypto_tls_session_get_peer_name(QCryptoTLSSession *session)
{
    if (session->peername) {
        return g_strdup(session->peername);
    }
    return NULL;
}


#else /* ! CONFIG_GNUTLS */


QCryptoTLSSession *
qcrypto_tls_session_new(QCryptoTLSCreds *creds G_GNUC_UNUSED,
                        const char *hostname G_GNUC_UNUSED,
                        const char *authzid G_GNUC_UNUSED,
                        QCryptoTLSCredsEndpoint endpoint G_GNUC_UNUSED,
                        Error **errp)
{
    error_setg(errp, "TLS requires GNUTLS support");
    return NULL;
}


void
qcrypto_tls_session_free(QCryptoTLSSession *sess G_GNUC_UNUSED)
{
}


int
qcrypto_tls_session_check_credentials(QCryptoTLSSession *sess G_GNUC_UNUSED,
                                      Error **errp)
{
    error_setg(errp, "TLS requires GNUTLS support");
    return -1;
}


void
qcrypto_tls_session_set_callbacks(
    QCryptoTLSSession *sess G_GNUC_UNUSED,
    QCryptoTLSSessionWriteFunc writeFunc G_GNUC_UNUSED,
    QCryptoTLSSessionReadFunc readFunc G_GNUC_UNUSED,
    void *opaque G_GNUC_UNUSED)
{
}


ssize_t
qcrypto_tls_session_write(QCryptoTLSSession *sess,
                          const char *buf,
                          size_t len)
{
    errno = -EIO;
    return -1;
}


ssize_t
qcrypto_tls_session_read(QCryptoTLSSession *sess,
                         char *buf,
                         size_t len)
{
    errno = -EIO;
    return -1;
}


int
qcrypto_tls_session_handshake(QCryptoTLSSession *sess,
                              Error **errp)
{
    error_setg(errp, "TLS requires GNUTLS support");
    return -1;
}


QCryptoTLSSessionHandshakeStatus
qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *sess)
{
    return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
}


int
qcrypto_tls_session_get_key_size(QCryptoTLSSession *sess,
                                 Error **errp)
{
    error_setg(errp, "TLS requires GNUTLS support");
    return -1;
}


char *
qcrypto_tls_session_get_peer_name(QCryptoTLSSession *sess)
{
    return NULL;
}

#endif
Commit	Line	Data
d321e1e5 DB	1	/*
	2	* QEMU crypto TLS session support
	3	*
	4	* Copyright (c) 2015 Red Hat, Inc.
	5	*
	6	* This library is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU Lesser General Public
	8	* License as published by the Free Software Foundation; either
b7cbb874	9	* version 2.1 of the License, or (at your option) any later version.
d321e1e5 DB	10	*
	11	* This library is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	* Lesser General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU Lesser General Public
	17	* License along with this library; if not, see <http://www.gnu.org/licenses/>.
	18	*
	19	*/
	20
42f7a448	21	#include "qemu/osdep.h"
d321e1e5 DB	22	#include "crypto/tlssession.h"
d321e1e5 DB	23	#include "crypto/tlscredsanon.h"
e1a6dc91	24	#include "crypto/tlscredspsk.h"
d321e1e5	25	#include "crypto/tlscredsx509.h"
da34e65c	26	#include "qapi/error.h"
b76806d4	27	#include "authz/base.h"
678bcc3c	28	#include "tlscredspriv.h"
d321e1e5 DB	29	#include "trace.h"
	30
	31	#ifdef CONFIG_GNUTLS
	32
	33
	34	#include <gnutls/x509.h>
	35
	36
	37	struct QCryptoTLSSession {
	38	QCryptoTLSCreds *creds;
	39	gnutls_session_t handle;
	40	char *hostname;
b76806d4	41	char *authzid;
d321e1e5 DB	42	bool handshakeComplete;
	43	QCryptoTLSSessionWriteFunc writeFunc;
	44	QCryptoTLSSessionReadFunc readFunc;
	45	void *opaque;
	46	char *peername;
	47	};
	48
	49
	50	void
	51	qcrypto_tls_session_free(QCryptoTLSSession *session)
	52	{
	53	if (!session) {
	54	return;
	55	}
	56
	57	gnutls_deinit(session->handle);
	58	g_free(session->hostname);
	59	g_free(session->peername);
b76806d4	60	g_free(session->authzid);
d321e1e5 DB	61	object_unref(OBJECT(session->creds));
	62	g_free(session);
	63	}
	64
	65
	66	static ssize_t
	67	qcrypto_tls_session_push(void opaque, const void buf, size_t len)
	68	{
	69	QCryptoTLSSession *session = opaque;
	70
	71	if (!session->writeFunc) {
	72	errno = EIO;
	73	return -1;
	74	};
	75
	76	return session->writeFunc(buf, len, session->opaque);
	77	}
	78
	79
	80	static ssize_t
	81	qcrypto_tls_session_pull(void opaque, void buf, size_t len)
	82	{
	83	QCryptoTLSSession *session = opaque;
	84
	85	if (!session->readFunc) {
	86	errno = EIO;
	87	return -1;
	88	};
	89
	90	return session->readFunc(buf, len, session->opaque);
	91	}
	92
e1a6dc91	93	#define TLS_PRIORITY_ADDITIONAL_ANON "+ANON-DH"
a0722409	94	#define TLS_PRIORITY_ADDITIONAL_PSK "+ECDHE-PSK:+DHE-PSK:+PSK"
d321e1e5 DB	95
	96	QCryptoTLSSession *
	97	qcrypto_tls_session_new(QCryptoTLSCreds *creds,
	98	const char *hostname,
b76806d4	99	const char *authzid,
d321e1e5 DB	100	QCryptoTLSCredsEndpoint endpoint,
	101	Error **errp)
	102	{
	103	QCryptoTLSSession *session;
	104	int ret;
	105
	106	session = g_new0(QCryptoTLSSession, 1);
	107	trace_qcrypto_tls_session_new(
	108	session, creds, hostname ? hostname : "<none>",
b76806d4	109	authzid ? authzid : "<none>", endpoint);
d321e1e5 DB	110
	111	if (hostname) {
	112	session->hostname = g_strdup(hostname);
	113	}
b76806d4 DB	114	if (authzid) {
b76806d4 DB	115	session->authzid = g_strdup(authzid);
d321e1e5 DB	116	}
	117	session->creds = creds;
	118	object_ref(OBJECT(creds));
	119
	120	if (creds->endpoint != endpoint) {
	121	error_setg(errp, "Credentials endpoint doesn't match session");
	122	goto error;
	123	}
	124
	125	if (endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
	126	ret = gnutls_init(&session->handle, GNUTLS_SERVER);
	127	} else {
	128	ret = gnutls_init(&session->handle, GNUTLS_CLIENT);
	129	}
	130	if (ret < 0) {
	131	error_setg(errp, "Cannot initialize TLS session: %s",
	132	gnutls_strerror(ret));
	133	goto error;
	134	}
	135
	136	if (object_dynamic_cast(OBJECT(creds),
	137	TYPE_QCRYPTO_TLS_CREDS_ANON)) {
	138	QCryptoTLSCredsAnon *acreds = QCRYPTO_TLS_CREDS_ANON(creds);
13f12430	139	char *prio;
d321e1e5	140
13f12430	141	if (creds->priority != NULL) {
e1a6dc91 RJ	142	prio = g_strdup_printf("%s:%s",
	143	creds->priority,
	144	TLS_PRIORITY_ADDITIONAL_ANON);
13f12430	145	} else {
e1a6dc91 RJ	146	prio = g_strdup(CONFIG_TLS_PRIORITY ":"
e1a6dc91 RJ	147	TLS_PRIORITY_ADDITIONAL_ANON);
13f12430 DB	148	}
	149
	150	ret = gnutls_priority_set_direct(session->handle, prio, NULL);
d321e1e5	151	if (ret < 0) {
13f12430 DB	152	error_setg(errp, "Unable to set TLS session priority %s: %s",
	153	prio, gnutls_strerror(ret));
	154	g_free(prio);
d321e1e5 DB	155	goto error;
d321e1e5 DB	156	}
13f12430	157	g_free(prio);
d321e1e5 DB	158	if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
	159	ret = gnutls_credentials_set(session->handle,
	160	GNUTLS_CRD_ANON,
	161	acreds->data.server);
	162	} else {
	163	ret = gnutls_credentials_set(session->handle,
	164	GNUTLS_CRD_ANON,
	165	acreds->data.client);
	166	}
	167	if (ret < 0) {
	168	error_setg(errp, "Cannot set session credentials: %s",
	169	gnutls_strerror(ret));
	170	goto error;
	171	}
e1a6dc91 RJ	172	} else if (object_dynamic_cast(OBJECT(creds),
	173	TYPE_QCRYPTO_TLS_CREDS_PSK)) {
	174	QCryptoTLSCredsPSK *pcreds = QCRYPTO_TLS_CREDS_PSK(creds);
	175	char *prio;
	176
	177	if (creds->priority != NULL) {
	178	prio = g_strdup_printf("%s:%s",
	179	creds->priority,
	180	TLS_PRIORITY_ADDITIONAL_PSK);
	181	} else {
	182	prio = g_strdup(CONFIG_TLS_PRIORITY ":"
	183	TLS_PRIORITY_ADDITIONAL_PSK);
	184	}
	185
	186	ret = gnutls_priority_set_direct(session->handle, prio, NULL);
	187	if (ret < 0) {
	188	error_setg(errp, "Unable to set TLS session priority %s: %s",
	189	prio, gnutls_strerror(ret));
	190	g_free(prio);
	191	goto error;
	192	}
	193	g_free(prio);
	194	if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
	195	ret = gnutls_credentials_set(session->handle,
	196	GNUTLS_CRD_PSK,
	197	pcreds->data.server);
	198	} else {
	199	ret = gnutls_credentials_set(session->handle,
	200	GNUTLS_CRD_PSK,
	201	pcreds->data.client);
	202	}
	203	if (ret < 0) {
	204	error_setg(errp, "Cannot set session credentials: %s",
	205	gnutls_strerror(ret));
	206	goto error;
	207	}
d321e1e5 DB	208	} else if (object_dynamic_cast(OBJECT(creds),
	209	TYPE_QCRYPTO_TLS_CREDS_X509)) {
	210	QCryptoTLSCredsX509 *tcreds = QCRYPTO_TLS_CREDS_X509(creds);
13f12430 DB	211	const char *prio = creds->priority;
13f12430 DB	212	if (!prio) {
a1c5e949	213	prio = CONFIG_TLS_PRIORITY;
13f12430	214	}
d321e1e5	215
13f12430	216	ret = gnutls_priority_set_direct(session->handle, prio, NULL);
d321e1e5	217	if (ret < 0) {
13f12430 DB	218	error_setg(errp, "Cannot set default TLS session priority %s: %s",
13f12430 DB	219	prio, gnutls_strerror(ret));
d321e1e5 DB	220	goto error;
	221	}
	222	ret = gnutls_credentials_set(session->handle,
	223	GNUTLS_CRD_CERTIFICATE,
	224	tcreds->data);
	225	if (ret < 0) {
	226	error_setg(errp, "Cannot set session credentials: %s",
	227	gnutls_strerror(ret));
	228	goto error;
	229	}
	230
	231	if (creds->endpoint == QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
	232	/* This requests, but does not enforce a client cert.
	233	* The cert checking code later does enforcement */
	234	gnutls_certificate_server_set_request(session->handle,
	235	GNUTLS_CERT_REQUEST);
	236	}
	237	} else {
	238	error_setg(errp, "Unsupported TLS credentials type %s",
	239	object_get_typename(OBJECT(creds)));
	240	goto error;
	241	}
	242
	243	gnutls_transport_set_ptr(session->handle, session);
	244	gnutls_transport_set_push_function(session->handle,
	245	qcrypto_tls_session_push);
	246	gnutls_transport_set_pull_function(session->handle,
	247	qcrypto_tls_session_pull);
	248
	249	return session;
	250
	251	error:
	252	qcrypto_tls_session_free(session);
	253	return NULL;
	254	}
	255
	256	static int
	257	qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,
	258	Error **errp)
	259	{
	260	int ret;
	261	unsigned int status;
	262	const gnutls_datum_t *certs;
	263	unsigned int nCerts, i;
	264	time_t now;
	265	gnutls_x509_crt_t cert = NULL;
b76806d4	266	Error *err = NULL;
d321e1e5 DB	267
	268	now = time(NULL);
	269	if (now == ((time_t)-1)) {
	270	error_setg_errno(errp, errno, "Cannot get current time");
	271	return -1;
	272	}
	273
	274	ret = gnutls_certificate_verify_peers2(session->handle, &status);
	275	if (ret < 0) {
	276	error_setg(errp, "Verify failed: %s", gnutls_strerror(ret));
	277	return -1;
	278	}
	279
	280	if (status != 0) {
	281	const char *reason = "Invalid certificate";
	282
	283	if (status & GNUTLS_CERT_INVALID) {
	284	reason = "The certificate is not trusted";
	285	}
	286
	287	if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
	288	reason = "The certificate hasn't got a known issuer";
	289	}
	290
	291	if (status & GNUTLS_CERT_REVOKED) {
	292	reason = "The certificate has been revoked";
	293	}
	294
	295	if (status & GNUTLS_CERT_INSECURE_ALGORITHM) {
	296	reason = "The certificate uses an insecure algorithm";
	297	}
	298
	299	error_setg(errp, "%s", reason);
	300	return -1;
	301	}
	302
	303	certs = gnutls_certificate_get_peers(session->handle, &nCerts);
	304	if (!certs) {
	305	error_setg(errp, "No certificate peers");
	306	return -1;
	307	}
	308
	309	for (i = 0; i < nCerts; i++) {
	310	ret = gnutls_x509_crt_init(&cert);
	311	if (ret < 0) {
	312	error_setg(errp, "Cannot initialize certificate: %s",
	313	gnutls_strerror(ret));
	314	return -1;
	315	}
	316
	317	ret = gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER);
	318	if (ret < 0) {
	319	error_setg(errp, "Cannot import certificate: %s",
	320	gnutls_strerror(ret));
	321	goto error;
	322	}
	323
	324	if (gnutls_x509_crt_get_expiration_time(cert) < now) {
	325	error_setg(errp, "The certificate has expired");
	326	goto error;
	327	}
	328
	329	if (gnutls_x509_crt_get_activation_time(cert) > now) {
	330	error_setg(errp, "The certificate is not yet activated");
331	goto error;
332	}
333
334	if (gnutls_x509_crt_get_activation_time(cert) > now) {
335	error_setg(errp, "The certificate is not yet activated");
336	goto error;
337	}
338
339	if (i == 0) {
340	size_t dnameSize = 1024;
341	session->peername = g_malloc(dnameSize);
342	requery:
343	ret = gnutls_x509_crt_get_dn(cert, session->peername, &dnameSize);
344	if (ret < 0) {
345	if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
346	session->peername = g_realloc(session->peername,
347	dnameSize);
348	goto requery;
349	}
350	error_setg(errp, "Cannot get client distinguished name: %s",
351	gnutls_strerror(ret));
352	goto error;
353	}
b76806d4 DB	354	if (session->authzid) {
	355	bool allow;
	356
	357	allow = qauthz_is_allowed_by_id(session->authzid,
	358	session->peername, &err);
	359	if (err) {
	360	error_propagate(errp, err);
d321e1e5 DB	361	goto error;
d321e1e5 DB	362	}
d321e1e5	363	if (!allow) {
b76806d4	364	error_setg(errp, "TLS x509 authz check for %s is denied",
6ef8cd7a	365	session->peername);
d321e1e5 DB	366	goto error;
	367	}
	368	}
	369	if (session->hostname) {
	370	if (!gnutls_x509_crt_check_hostname(cert, session->hostname)) {
	371	error_setg(errp,
	372	"Certificate does not match the hostname %s",
	373	session->hostname);
	374	goto error;
	375	}
	376	}
	377	}
	378
	379	gnutls_x509_crt_deinit(cert);
	380	}
	381
	382	return 0;
	383
	384	error:
	385	gnutls_x509_crt_deinit(cert);
	386	return -1;
	387	}
	388
	389
	390	int
	391	qcrypto_tls_session_check_credentials(QCryptoTLSSession *session,
	392	Error **errp)
	393	{
	394	if (object_dynamic_cast(OBJECT(session->creds),
	395	TYPE_QCRYPTO_TLS_CREDS_ANON)) {
b57482d7	396	trace_qcrypto_tls_session_check_creds(session, "nop");
d321e1e5	397	return 0;
e1a6dc91 RJ	398	} else if (object_dynamic_cast(OBJECT(session->creds),
	399	TYPE_QCRYPTO_TLS_CREDS_PSK)) {
	400	trace_qcrypto_tls_session_check_creds(session, "nop");
	401	return 0;
d321e1e5 DB	402	} else if (object_dynamic_cast(OBJECT(session->creds),
	403	TYPE_QCRYPTO_TLS_CREDS_X509)) {
	404	if (session->creds->verifyPeer) {
b57482d7 DB	405	int ret = qcrypto_tls_session_check_certificate(session,
	406	errp);
	407	trace_qcrypto_tls_session_check_creds(session,
	408	ret == 0 ? "pass" : "fail");
	409	return ret;
d321e1e5	410	} else {
b57482d7	411	trace_qcrypto_tls_session_check_creds(session, "skip");
d321e1e5 DB	412	return 0;
	413	}
	414	} else {
b57482d7	415	trace_qcrypto_tls_session_check_creds(session, "error");
d321e1e5 DB	416	error_setg(errp, "Unexpected credential type %s",
	417	object_get_typename(OBJECT(session->creds)));
	418	return -1;
	419	}
	420	}
	421
	422
	423	void
	424	qcrypto_tls_session_set_callbacks(QCryptoTLSSession *session,
	425	QCryptoTLSSessionWriteFunc writeFunc,
	426	QCryptoTLSSessionReadFunc readFunc,
	427	void *opaque)
	428	{
	429	session->writeFunc = writeFunc;
	430	session->readFunc = readFunc;
	431	session->opaque = opaque;
	432	}
	433
	434
	435	ssize_t
	436	qcrypto_tls_session_write(QCryptoTLSSession *session,
	437	const char *buf,
	438	size_t len)
	439	{
	440	ssize_t ret = gnutls_record_send(session->handle, buf, len);
	441
	442	if (ret < 0) {
	443	switch (ret) {
	444	case GNUTLS_E_AGAIN:
	445	errno = EAGAIN;
	446	break;
	447	case GNUTLS_E_INTERRUPTED:
	448	errno = EINTR;
	449	break;
	450	default:
	451	errno = EIO;
	452	break;
	453	}
	454	ret = -1;
	455	}
	456
	457	return ret;
	458	}
	459
	460
	461	ssize_t
	462	qcrypto_tls_session_read(QCryptoTLSSession *session,
	463	char *buf,
	464	size_t len)
	465	{
	466	ssize_t ret = gnutls_record_recv(session->handle, buf, len);
	467
	468	if (ret < 0) {
	469	switch (ret) {
	470	case GNUTLS_E_AGAIN:
	471	errno = EAGAIN;
	472	break;
	473	case GNUTLS_E_INTERRUPTED:
	474	errno = EINTR;
	475	break;
a2458b6f DB	476	case GNUTLS_E_PREMATURE_TERMINATION:
	477	errno = ECONNABORTED;
	478	break;
d321e1e5 DB	479	default:
	480	errno = EIO;
	481	break;
	482	}
	483	ret = -1;
	484	}
	485
	486	return ret;
	487	}
	488
	489
	490	int
	491	qcrypto_tls_session_handshake(QCryptoTLSSession *session,
	492	Error **errp)
	493	{
	494	int ret = gnutls_handshake(session->handle);
	495	if (ret == 0) {
	496	session->handshakeComplete = true;
	497	} else {
	498	if (ret == GNUTLS_E_INTERRUPTED \|\|
	499	ret == GNUTLS_E_AGAIN) {
	500	ret = 1;
	501	} else {
	502	error_setg(errp, "TLS handshake failed: %s",
	503	gnutls_strerror(ret));
	504	ret = -1;
	505	}
	506	}
	507
	508	return ret;
	509	}
	510
	511
	512	QCryptoTLSSessionHandshakeStatus
	513	qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *session)
	514	{
	515	if (session->handshakeComplete) {
	516	return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
	517	} else if (gnutls_record_get_direction(session->handle) == 0) {
	518	return QCRYPTO_TLS_HANDSHAKE_RECVING;
	519	} else {
	520	return QCRYPTO_TLS_HANDSHAKE_SENDING;
	521	}
	522	}
	523
	524
	525	int
	526	qcrypto_tls_session_get_key_size(QCryptoTLSSession *session,
	527	Error **errp)
	528	{
	529	gnutls_cipher_algorithm_t cipher;
	530	int ssf;
	531
	532	cipher = gnutls_cipher_get(session->handle);
	533	ssf = gnutls_cipher_get_key_size(cipher);
	534	if (!ssf) {
	535	error_setg(errp, "Cannot get TLS cipher key size");
	536	return -1;
	537	}
	538	return ssf;
	539	}
	540
	541
	542	char *
543	qcrypto_tls_session_get_peer_name(QCryptoTLSSession *session)
544	{
545	if (session->peername) {
546	return g_strdup(session->peername);
547	}
548	return NULL;
549	}
550
551
552	#else /* ! CONFIG_GNUTLS */
553
554
555	QCryptoTLSSession *
556	qcrypto_tls_session_new(QCryptoTLSCreds *creds G_GNUC_UNUSED,
557	const char *hostname G_GNUC_UNUSED,
b76806d4	558	const char *authzid G_GNUC_UNUSED,
d321e1e5 DB	559	QCryptoTLSCredsEndpoint endpoint G_GNUC_UNUSED,
	560	Error **errp)
	561	{
	562	error_setg(errp, "TLS requires GNUTLS support");
	563	return NULL;
	564	}
	565
	566
	567	void
	568	qcrypto_tls_session_free(QCryptoTLSSession *sess G_GNUC_UNUSED)
	569	{
	570	}
	571
	572
	573	int
	574	qcrypto_tls_session_check_credentials(QCryptoTLSSession *sess G_GNUC_UNUSED,
	575	Error **errp)
	576	{
	577	error_setg(errp, "TLS requires GNUTLS support");
	578	return -1;
	579	}
	580
	581
	582	void
	583	qcrypto_tls_session_set_callbacks(
	584	QCryptoTLSSession *sess G_GNUC_UNUSED,
	585	QCryptoTLSSessionWriteFunc writeFunc G_GNUC_UNUSED,
	586	QCryptoTLSSessionReadFunc readFunc G_GNUC_UNUSED,
	587	void *opaque G_GNUC_UNUSED)
	588	{
	589	}
	590
	591
	592	ssize_t
	593	qcrypto_tls_session_write(QCryptoTLSSession *sess,
	594	const char *buf,
	595	size_t len)
	596	{
	597	errno = -EIO;
	598	return -1;
	599	}
	600
	601
	602	ssize_t
	603	qcrypto_tls_session_read(QCryptoTLSSession *sess,
	604	char *buf,
	605	size_t len)
	606	{
	607	errno = -EIO;
	608	return -1;
	609	}
	610
	611
	612	int
	613	qcrypto_tls_session_handshake(QCryptoTLSSession *sess,
	614	Error **errp)
	615	{
	616	error_setg(errp, "TLS requires GNUTLS support");
	617	return -1;
	618	}
	619
	620
	621	QCryptoTLSSessionHandshakeStatus
	622	qcrypto_tls_session_get_handshake_status(QCryptoTLSSession *sess)
623	{
624	return QCRYPTO_TLS_HANDSHAKE_COMPLETE;
625	}
626
627
628	int
629	qcrypto_tls_session_get_key_size(QCryptoTLSSession *sess,
630	Error **errp)
631	{
632	error_setg(errp, "TLS requires GNUTLS support");
633	return -1;
634	}
635
636
637	char *
638	qcrypto_tls_session_get_peer_name(QCryptoTLSSession *sess)
639	{
640	return NULL;
641	}
642
643	#endif