]>
Commit | Line | Data |
---|---|---|
fec03f98 SP |
1 | /* |
2 | * SSL/TLS interface functions for wolfSSL TLS case | |
3 | * Copyright (c) 2004-2017, Jouni Malinen <j@w1.fi> | |
4 | * | |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #include "includes.h" | |
10 | ||
11 | #include "common.h" | |
12 | #include "crypto.h" | |
ab35793e SP |
13 | #include "crypto/sha1.h" |
14 | #include "crypto/sha256.h" | |
fec03f98 SP |
15 | #include "tls.h" |
16 | ||
fec03f98 | 17 | /* wolfSSL includes */ |
7be46208 | 18 | #include <wolfssl/options.h> |
fec03f98 SP |
19 | #include <wolfssl/ssl.h> |
20 | #include <wolfssl/error-ssl.h> | |
21 | #include <wolfssl/wolfcrypt/asn.h> | |
22 | ||
23 | #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) | |
24 | #define HAVE_AESGCM | |
25 | #include <wolfssl/wolfcrypt/aes.h> | |
26 | #endif | |
27 | ||
28 | #if !defined(CONFIG_FIPS) && \ | |
29 | (defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || \ | |
30 | defined(EAP_SERVER_FAST)) | |
31 | #define WOLFSSL_NEED_EAP_FAST_PRF | |
32 | #endif | |
33 | ||
34 | #define SECRET_LEN 48 | |
35 | #define RAN_LEN 32 | |
36 | #define SESSION_TICKET_LEN 256 | |
37 | ||
38 | static int tls_ref_count = 0; | |
39 | ||
40 | static int tls_ex_idx_session = 0; | |
41 | ||
42 | ||
43 | /* tls input data for wolfSSL Read Callback */ | |
44 | struct tls_in_data { | |
45 | const struct wpabuf *in_data; | |
46 | size_t consumed; /* how many bytes have we used already */ | |
47 | }; | |
48 | ||
49 | /* tls output data for wolfSSL Write Callback */ | |
50 | struct tls_out_data { | |
51 | struct wpabuf *out_data; | |
52 | }; | |
53 | ||
54 | struct tls_context { | |
55 | void (*event_cb)(void *ctx, enum tls_event ev, | |
56 | union tls_event_data *data); | |
57 | void *cb_ctx; | |
58 | int cert_in_cb; | |
59 | char *ocsp_stapling_response; | |
60 | }; | |
61 | ||
62 | static struct tls_context *tls_global = NULL; | |
63 | ||
64 | /* wolfssl tls_connection */ | |
65 | struct tls_connection { | |
66 | struct tls_context *context; | |
67 | WOLFSSL *ssl; | |
68 | int read_alerts; | |
69 | int write_alerts; | |
70 | int failed; | |
71 | struct tls_in_data input; | |
72 | struct tls_out_data output; | |
73 | char *subject_match; | |
74 | char *alt_subject_match; | |
75 | char *suffix_match; | |
76 | char *domain_match; | |
77 | ||
78 | u8 srv_cert_hash[32]; | |
79 | ||
80 | unsigned char client_random[RAN_LEN]; | |
81 | unsigned char server_random[RAN_LEN]; | |
82 | unsigned int flags; | |
83 | #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) | |
84 | tls_session_ticket_cb session_ticket_cb; | |
85 | void *session_ticket_cb_ctx; | |
86 | byte session_ticket[SESSION_TICKET_LEN]; | |
87 | #endif | |
88 | unsigned int ca_cert_verify:1; | |
89 | unsigned int cert_probe:1; | |
90 | unsigned int server_cert_only:1; | |
91 | unsigned int success_data:1; | |
92 | ||
93 | WOLFSSL_X509 *peer_cert; | |
94 | WOLFSSL_X509 *peer_issuer; | |
95 | WOLFSSL_X509 *peer_issuer_issuer; | |
96 | }; | |
97 | ||
98 | ||
99 | static struct tls_context * tls_context_new(const struct tls_config *conf) | |
100 | { | |
101 | struct tls_context *context = os_zalloc(sizeof(*context)); | |
102 | ||
103 | if (!context) | |
104 | return NULL; | |
105 | ||
106 | if (conf) { | |
107 | context->event_cb = conf->event_cb; | |
108 | context->cb_ctx = conf->cb_ctx; | |
109 | context->cert_in_cb = conf->cert_in_cb; | |
110 | } | |
111 | ||
112 | return context; | |
113 | } | |
114 | ||
115 | ||
116 | static void wolfssl_reset_in_data(struct tls_in_data *in, | |
117 | const struct wpabuf *buf) | |
118 | { | |
119 | /* old one not owned by us so don't free */ | |
120 | in->in_data = buf; | |
121 | in->consumed = 0; | |
122 | } | |
123 | ||
124 | ||
125 | static void wolfssl_reset_out_data(struct tls_out_data *out) | |
126 | { | |
127 | /* old one not owned by us so don't free */ | |
128 | out->out_data = wpabuf_alloc_copy("", 0); | |
129 | } | |
130 | ||
131 | ||
132 | /* wolfSSL I/O Receive CallBack */ | |
133 | static int wolfssl_receive_cb(WOLFSSL *ssl, char *buf, int sz, void *ctx) | |
134 | { | |
135 | size_t get = sz; | |
136 | struct tls_in_data *data = ctx; | |
137 | ||
138 | if (!data) | |
139 | return -1; | |
140 | ||
141 | if (get > (wpabuf_len(data->in_data) - data->consumed)) | |
142 | get = wpabuf_len(data->in_data) - data->consumed; | |
143 | ||
1c7e61a3 | 144 | os_memcpy(buf, wpabuf_head_u8(data->in_data) + data->consumed, get); |
fec03f98 SP |
145 | data->consumed += get; |
146 | ||
147 | if (get == 0) | |
148 | return -2; /* WANT_READ */ | |
149 | ||
150 | return (int) get; | |
151 | } | |
152 | ||
153 | ||
154 | /* wolfSSL I/O Send CallBack */ | |
155 | static int wolfssl_send_cb(WOLFSSL *ssl, char *buf, int sz, void *ctx) | |
156 | { | |
157 | struct wpabuf *tmp; | |
158 | struct tls_out_data *data = ctx; | |
159 | ||
160 | if (!data) | |
161 | return -1; | |
162 | ||
163 | wpa_printf(MSG_DEBUG, "SSL: adding %d bytes", sz); | |
164 | ||
165 | tmp = wpabuf_alloc_copy(buf, sz); | |
166 | if (!tmp) | |
167 | return -1; | |
168 | data->out_data = wpabuf_concat(data->out_data, tmp); | |
169 | if (!data->out_data) | |
170 | return -1; | |
171 | ||
172 | return sz; | |
173 | } | |
174 | ||
175 | ||
176 | static void remove_session_cb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess) | |
177 | { | |
178 | struct wpabuf *buf; | |
179 | ||
180 | buf = wolfSSL_SESSION_get_ex_data(sess, tls_ex_idx_session); | |
181 | if (!buf) | |
182 | return; | |
183 | wpa_printf(MSG_DEBUG, | |
184 | "wolfSSL: Free application session data %p (sess %p)", | |
185 | buf, sess); | |
186 | wpabuf_free(buf); | |
187 | ||
188 | wolfSSL_SESSION_set_ex_data(sess, tls_ex_idx_session, NULL); | |
189 | } | |
190 | ||
191 | ||
192 | void * tls_init(const struct tls_config *conf) | |
193 | { | |
194 | WOLFSSL_CTX *ssl_ctx; | |
195 | struct tls_context *context; | |
196 | const char *ciphers; | |
197 | ||
198 | #ifdef DEBUG_WOLFSSL | |
199 | wolfSSL_Debugging_ON(); | |
200 | #endif /* DEBUG_WOLFSSL */ | |
201 | ||
202 | context = tls_context_new(conf); | |
203 | if (!context) | |
204 | return NULL; | |
205 | ||
206 | if (tls_ref_count == 0) { | |
207 | tls_global = context; | |
208 | ||
209 | if (wolfSSL_Init() < 0) | |
210 | return NULL; | |
211 | /* wolfSSL_Debugging_ON(); */ | |
212 | } | |
213 | ||
214 | tls_ref_count++; | |
215 | ||
216 | /* start as client */ | |
217 | ssl_ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); | |
218 | if (!ssl_ctx) { | |
219 | tls_ref_count--; | |
220 | if (context != tls_global) | |
221 | os_free(context); | |
222 | if (tls_ref_count == 0) { | |
223 | os_free(tls_global); | |
224 | tls_global = NULL; | |
225 | } | |
226 | } | |
227 | wolfSSL_SetIORecv(ssl_ctx, wolfssl_receive_cb); | |
228 | wolfSSL_SetIOSend(ssl_ctx, wolfssl_send_cb); | |
229 | wolfSSL_CTX_set_ex_data(ssl_ctx, 0, context); | |
230 | ||
231 | if (conf->tls_session_lifetime > 0) { | |
232 | wolfSSL_CTX_set_quiet_shutdown(ssl_ctx, 1); | |
233 | wolfSSL_CTX_set_session_cache_mode(ssl_ctx, | |
234 | SSL_SESS_CACHE_SERVER); | |
235 | wolfSSL_CTX_set_timeout(ssl_ctx, conf->tls_session_lifetime); | |
236 | wolfSSL_CTX_sess_set_remove_cb(ssl_ctx, remove_session_cb); | |
237 | } else { | |
238 | wolfSSL_CTX_set_session_cache_mode(ssl_ctx, | |
239 | SSL_SESS_CACHE_CLIENT); | |
240 | } | |
241 | ||
242 | if (conf && conf->openssl_ciphers) | |
243 | ciphers = conf->openssl_ciphers; | |
244 | else | |
245 | ciphers = "ALL"; | |
246 | if (wolfSSL_CTX_set_cipher_list(ssl_ctx, ciphers) != 1) { | |
247 | wpa_printf(MSG_ERROR, | |
248 | "wolfSSL: Failed to set cipher string '%s'", | |
249 | ciphers); | |
250 | tls_deinit(ssl_ctx); | |
251 | return NULL; | |
252 | } | |
253 | ||
254 | return ssl_ctx; | |
255 | } | |
256 | ||
257 | ||
258 | void tls_deinit(void *ssl_ctx) | |
259 | { | |
260 | struct tls_context *context = wolfSSL_CTX_get_ex_data(ssl_ctx, 0); | |
261 | ||
262 | if (context != tls_global) | |
263 | os_free(context); | |
264 | ||
265 | wolfSSL_CTX_free((WOLFSSL_CTX *) ssl_ctx); | |
266 | ||
267 | tls_ref_count--; | |
268 | if (tls_ref_count == 0) { | |
269 | wolfSSL_Cleanup(); | |
270 | os_free(tls_global); | |
271 | tls_global = NULL; | |
272 | } | |
273 | } | |
274 | ||
275 | ||
276 | int tls_get_errors(void *tls_ctx) | |
277 | { | |
278 | #ifdef DEBUG_WOLFSSL | |
279 | #if 0 | |
280 | unsigned long err; | |
281 | ||
282 | err = wolfSSL_ERR_peek_last_error_line(NULL, NULL); | |
283 | if (err != 0) { | |
284 | wpa_printf(MSG_INFO, "TLS - SSL error: %s", | |
285 | wolfSSL_ERR_error_string(err, NULL)); | |
286 | return 1; | |
287 | } | |
288 | #endif | |
289 | #endif /* DEBUG_WOLFSSL */ | |
290 | return 0; | |
291 | } | |
292 | ||
293 | ||
294 | struct tls_connection * tls_connection_init(void *tls_ctx) | |
295 | { | |
296 | WOLFSSL_CTX *ssl_ctx = tls_ctx; | |
297 | struct tls_connection *conn; | |
298 | ||
299 | wpa_printf(MSG_DEBUG, "SSL: connection init"); | |
300 | ||
301 | conn = os_zalloc(sizeof(*conn)); | |
302 | if (!conn) | |
303 | return NULL; | |
304 | conn->ssl = wolfSSL_new(ssl_ctx); | |
305 | if (!conn->ssl) { | |
306 | os_free(conn); | |
307 | return NULL; | |
308 | } | |
309 | ||
310 | wolfSSL_SetIOReadCtx(conn->ssl, &conn->input); | |
311 | wolfSSL_SetIOWriteCtx(conn->ssl, &conn->output); | |
312 | wolfSSL_set_ex_data(conn->ssl, 0, conn); | |
313 | conn->context = wolfSSL_CTX_get_ex_data(ssl_ctx, 0); | |
314 | ||
315 | /* Need randoms post-hanshake for EAP-FAST, export key and deriving | |
316 | * session ID in EAP methods. */ | |
317 | wolfSSL_KeepArrays(conn->ssl); | |
318 | wolfSSL_KeepHandshakeResources(conn->ssl); | |
319 | wolfSSL_UseClientSuites(conn->ssl); | |
320 | ||
321 | return conn; | |
322 | } | |
323 | ||
324 | ||
325 | void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn) | |
326 | { | |
327 | if (!conn) | |
328 | return; | |
329 | ||
330 | wpa_printf(MSG_DEBUG, "SSL: connection deinit"); | |
331 | ||
332 | /* parts */ | |
333 | wolfSSL_free(conn->ssl); | |
334 | os_free(conn->subject_match); | |
335 | os_free(conn->alt_subject_match); | |
336 | os_free(conn->suffix_match); | |
337 | os_free(conn->domain_match); | |
338 | ||
339 | /* self */ | |
340 | os_free(conn); | |
341 | } | |
342 | ||
343 | ||
344 | int tls_connection_established(void *tls_ctx, struct tls_connection *conn) | |
345 | { | |
346 | return conn ? wolfSSL_is_init_finished(conn->ssl) : 0; | |
347 | } | |
348 | ||
349 | ||
0ec3e77a JM |
350 | char * tls_connection_peer_serial_num(void *tls_ctx, |
351 | struct tls_connection *conn) | |
352 | { | |
353 | /* TODO */ | |
354 | return NULL; | |
355 | } | |
356 | ||
357 | ||
fec03f98 SP |
358 | int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) |
359 | { | |
360 | WOLFSSL_SESSION *session; | |
361 | ||
362 | if (!conn) | |
363 | return -1; | |
364 | ||
365 | wpa_printf(MSG_DEBUG, "SSL: connection shutdown"); | |
366 | ||
367 | /* Set quiet as OpenSSL does */ | |
368 | wolfSSL_set_quiet_shutdown(conn->ssl, 1); | |
369 | wolfSSL_shutdown(conn->ssl); | |
370 | ||
371 | session = wolfSSL_get_session(conn->ssl); | |
372 | if (wolfSSL_clear(conn->ssl) != 1) | |
373 | return -1; | |
374 | wolfSSL_set_session(conn->ssl, session); | |
375 | ||
376 | return 0; | |
377 | } | |
378 | ||
379 | ||
380 | static int tls_connection_set_subject_match(struct tls_connection *conn, | |
381 | const char *subject_match, | |
382 | const char *alt_subject_match, | |
383 | const char *suffix_match, | |
384 | const char *domain_match) | |
385 | { | |
386 | os_free(conn->subject_match); | |
387 | conn->subject_match = NULL; | |
388 | if (subject_match) { | |
389 | conn->subject_match = os_strdup(subject_match); | |
390 | if (!conn->subject_match) | |
391 | return -1; | |
392 | } | |
393 | ||
394 | os_free(conn->alt_subject_match); | |
395 | conn->alt_subject_match = NULL; | |
396 | if (alt_subject_match) { | |
397 | conn->alt_subject_match = os_strdup(alt_subject_match); | |
398 | if (!conn->alt_subject_match) | |
399 | return -1; | |
400 | } | |
401 | ||
402 | os_free(conn->suffix_match); | |
403 | conn->suffix_match = NULL; | |
404 | if (suffix_match) { | |
405 | conn->suffix_match = os_strdup(suffix_match); | |
406 | if (!conn->suffix_match) | |
407 | return -1; | |
408 | } | |
409 | ||
410 | os_free(conn->domain_match); | |
411 | conn->domain_match = NULL; | |
412 | if (domain_match) { | |
413 | conn->domain_match = os_strdup(domain_match); | |
414 | if (!conn->domain_match) | |
415 | return -1; | |
416 | } | |
417 | ||
418 | return 0; | |
419 | } | |
420 | ||
421 | ||
422 | static int tls_connection_dh(struct tls_connection *conn, const char *dh_file, | |
423 | const u8 *dh_blob, size_t blob_len) | |
424 | { | |
425 | if (!dh_file && !dh_blob) | |
426 | return 0; | |
427 | ||
428 | wolfSSL_set_accept_state(conn->ssl); | |
429 | ||
430 | if (dh_blob) { | |
431 | if (wolfSSL_SetTmpDH_buffer(conn->ssl, dh_blob, blob_len, | |
432 | SSL_FILETYPE_ASN1) < 0) { | |
433 | wpa_printf(MSG_INFO, "SSL: use DH DER blob failed"); | |
434 | return -1; | |
435 | } | |
436 | wpa_printf(MSG_DEBUG, "SSL: use DH blob OK"); | |
437 | return 0; | |
438 | } | |
439 | ||
440 | if (dh_file) { | |
441 | wpa_printf(MSG_INFO, "SSL: use DH PEM file: %s", dh_file); | |
442 | if (wolfSSL_SetTmpDH_file(conn->ssl, dh_file, | |
443 | SSL_FILETYPE_PEM) < 0) { | |
444 | wpa_printf(MSG_INFO, "SSL: use DH PEM file failed"); | |
445 | if (wolfSSL_SetTmpDH_file(conn->ssl, dh_file, | |
446 | SSL_FILETYPE_ASN1) < 0) { | |
447 | wpa_printf(MSG_INFO, | |
448 | "SSL: use DH DER file failed"); | |
449 | return -1; | |
450 | } | |
451 | } | |
452 | wpa_printf(MSG_DEBUG, "SSL: use DH file OK"); | |
453 | return 0; | |
454 | } | |
455 | ||
456 | return 0; | |
457 | } | |
458 | ||
459 | ||
460 | static int tls_connection_client_cert(struct tls_connection *conn, | |
461 | const char *client_cert, | |
462 | const u8 *client_cert_blob, | |
463 | size_t blob_len) | |
464 | { | |
465 | if (!client_cert && !client_cert_blob) | |
466 | return 0; | |
467 | ||
468 | if (client_cert_blob) { | |
6590d846 SP |
469 | if (wolfSSL_use_certificate_chain_buffer_format( |
470 | conn->ssl, client_cert_blob, blob_len, | |
471 | SSL_FILETYPE_ASN1) < 0) { | |
fec03f98 SP |
472 | wpa_printf(MSG_INFO, |
473 | "SSL: use client cert DER blob failed"); | |
474 | return -1; | |
475 | } | |
476 | wpa_printf(MSG_DEBUG, "SSL: use client cert blob OK"); | |
477 | return 0; | |
478 | } | |
479 | ||
480 | if (client_cert) { | |
6590d846 SP |
481 | if (wolfSSL_use_certificate_chain_file(conn->ssl, |
482 | client_cert) < 0) { | |
fec03f98 SP |
483 | wpa_printf(MSG_INFO, |
484 | "SSL: use client cert PEM file failed"); | |
6590d846 | 485 | if (wolfSSL_use_certificate_chain_file_format( |
fec03f98 SP |
486 | conn->ssl, client_cert, |
487 | SSL_FILETYPE_ASN1) < 0) { | |
488 | wpa_printf(MSG_INFO, | |
489 | "SSL: use client cert DER file failed"); | |
490 | return -1; | |
491 | } | |
492 | } | |
493 | wpa_printf(MSG_DEBUG, "SSL: use client cert file OK"); | |
494 | return 0; | |
495 | } | |
496 | ||
497 | return 0; | |
498 | } | |
499 | ||
500 | ||
501 | static int tls_passwd_cb(char *buf, int size, int rwflag, void *password) | |
502 | { | |
503 | if (!password) | |
504 | return 0; | |
505 | os_strlcpy(buf, (char *) password, size); | |
506 | return os_strlen(buf); | |
507 | } | |
508 | ||
509 | ||
510 | static int tls_connection_private_key(void *tls_ctx, | |
511 | struct tls_connection *conn, | |
512 | const char *private_key, | |
513 | const char *private_key_passwd, | |
514 | const u8 *private_key_blob, | |
515 | size_t blob_len) | |
516 | { | |
517 | WOLFSSL_CTX *ctx = tls_ctx; | |
518 | char *passwd = NULL; | |
519 | int ok = 0; | |
520 | ||
521 | if (!private_key && !private_key_blob) | |
522 | return 0; | |
523 | ||
524 | if (private_key_passwd) { | |
525 | passwd = os_strdup(private_key_passwd); | |
526 | if (!passwd) | |
527 | return -1; | |
528 | } | |
529 | ||
530 | wolfSSL_CTX_set_default_passwd_cb(ctx, tls_passwd_cb); | |
531 | wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, passwd); | |
532 | ||
533 | if (private_key_blob) { | |
534 | if (wolfSSL_use_PrivateKey_buffer(conn->ssl, | |
535 | private_key_blob, blob_len, | |
536 | SSL_FILETYPE_ASN1) < 0) { | |
537 | wpa_printf(MSG_INFO, | |
538 | "SSL: use private DER blob failed"); | |
539 | } else { | |
540 | wpa_printf(MSG_DEBUG, "SSL: use private key blob OK"); | |
541 | ok = 1; | |
542 | } | |
543 | } | |
544 | ||
545 | if (!ok && private_key) { | |
546 | if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key, | |
547 | SSL_FILETYPE_PEM) < 0) { | |
548 | wpa_printf(MSG_INFO, | |
549 | "SSL: use private key PEM file failed"); | |
550 | if (wolfSSL_use_PrivateKey_file(conn->ssl, private_key, | |
551 | SSL_FILETYPE_ASN1) < 0) | |
552 | { | |
553 | wpa_printf(MSG_INFO, | |
554 | "SSL: use private key DER file failed"); | |
555 | } else { | |
556 | ok = 1; | |
557 | } | |
558 | } else { | |
559 | ok = 1; | |
560 | } | |
561 | ||
562 | if (ok) | |
563 | wpa_printf(MSG_DEBUG, "SSL: use private key file OK"); | |
564 | } | |
565 | ||
566 | wolfSSL_CTX_set_default_passwd_cb(ctx, NULL); | |
567 | os_free(passwd); | |
568 | ||
569 | if (!ok) | |
570 | return -1; | |
571 | ||
572 | return 0; | |
573 | } | |
574 | ||
575 | ||
fec03f98 SP |
576 | static int tls_match_alt_subject_component(WOLFSSL_X509 *cert, int type, |
577 | const char *value, size_t len) | |
578 | { | |
579 | WOLFSSL_ASN1_OBJECT *gen; | |
580 | void *ext; | |
581 | int found = 0; | |
582 | int i; | |
583 | ||
584 | ext = wolfSSL_X509_get_ext_d2i(cert, ALT_NAMES_OID, NULL, NULL); | |
585 | ||
586 | for (i = 0; ext && i < wolfSSL_sk_num(ext); i++) { | |
587 | gen = wolfSSL_sk_value(ext, i); | |
588 | if (gen->type != type) | |
589 | continue; | |
590 | if (os_strlen((char *) gen->obj) == len && | |
591 | os_memcmp(value, gen->obj, len) == 0) | |
592 | found++; | |
593 | } | |
594 | ||
595 | wolfSSL_sk_ASN1_OBJECT_free(ext); | |
596 | ||
597 | return found; | |
598 | } | |
599 | ||
600 | ||
601 | static int tls_match_alt_subject(WOLFSSL_X509 *cert, const char *match) | |
602 | { | |
603 | int type; | |
604 | const char *pos, *end; | |
605 | size_t len; | |
606 | ||
607 | pos = match; | |
608 | do { | |
609 | if (os_strncmp(pos, "EMAIL:", 6) == 0) { | |
610 | type = GEN_EMAIL; | |
611 | pos += 6; | |
612 | } else if (os_strncmp(pos, "DNS:", 4) == 0) { | |
613 | type = GEN_DNS; | |
614 | pos += 4; | |
615 | } else if (os_strncmp(pos, "URI:", 4) == 0) { | |
616 | type = GEN_URI; | |
617 | pos += 4; | |
618 | } else { | |
619 | wpa_printf(MSG_INFO, | |
620 | "TLS: Invalid altSubjectName match '%s'", | |
621 | pos); | |
622 | return 0; | |
623 | } | |
624 | end = os_strchr(pos, ';'); | |
625 | while (end) { | |
626 | if (os_strncmp(end + 1, "EMAIL:", 6) == 0 || | |
627 | os_strncmp(end + 1, "DNS:", 4) == 0 || | |
628 | os_strncmp(end + 1, "URI:", 4) == 0) | |
629 | break; | |
630 | end = os_strchr(end + 1, ';'); | |
631 | } | |
632 | if (end) | |
633 | len = end - pos; | |
634 | else | |
635 | len = os_strlen(pos); | |
636 | if (tls_match_alt_subject_component(cert, type, pos, len) > 0) | |
637 | return 1; | |
638 | pos = end + 1; | |
639 | } while (end); | |
640 | ||
641 | return 0; | |
642 | } | |
643 | ||
644 | ||
645 | static int domain_suffix_match(const char *val, size_t len, const char *match, | |
242e8572 | 646 | size_t match_len, int full) |
fec03f98 | 647 | { |
242e8572 | 648 | size_t i; |
fec03f98 SP |
649 | |
650 | /* Check for embedded nuls that could mess up suffix matching */ | |
651 | for (i = 0; i < len; i++) { | |
652 | if (val[i] == '\0') { | |
653 | wpa_printf(MSG_DEBUG, | |
654 | "TLS: Embedded null in a string - reject"); | |
655 | return 0; | |
656 | } | |
657 | } | |
658 | ||
fec03f98 SP |
659 | if (match_len > len || (full && match_len != len)) |
660 | return 0; | |
661 | ||
662 | if (os_strncasecmp(val + len - match_len, match, match_len) != 0) | |
663 | return 0; /* no match */ | |
664 | ||
665 | if (match_len == len) | |
666 | return 1; /* exact match */ | |
667 | ||
668 | if (val[len - match_len - 1] == '.') | |
669 | return 1; /* full label match completes suffix match */ | |
670 | ||
671 | wpa_printf(MSG_DEBUG, "TLS: Reject due to incomplete label match"); | |
672 | return 0; | |
673 | } | |
674 | ||
675 | ||
242e8572 JM |
676 | static int tls_match_suffix_helper(WOLFSSL_X509 *cert, const char *match, |
677 | size_t match_len, int full) | |
fec03f98 SP |
678 | { |
679 | WOLFSSL_ASN1_OBJECT *gen; | |
680 | void *ext; | |
681 | int i; | |
682 | int j; | |
683 | int dns_name = 0; | |
684 | WOLFSSL_X509_NAME *name; | |
685 | ||
686 | wpa_printf(MSG_DEBUG, "TLS: Match domain against %s%s", | |
687 | full ? "" : "suffix ", match); | |
688 | ||
689 | ext = wolfSSL_X509_get_ext_d2i(cert, ALT_NAMES_OID, NULL, NULL); | |
690 | ||
691 | for (j = 0; ext && j < wolfSSL_sk_num(ext); j++) { | |
692 | gen = wolfSSL_sk_value(ext, j); | |
dcc0ccd5 | 693 | if (gen->type != ASN_DNS_TYPE) |
fec03f98 SP |
694 | continue; |
695 | dns_name++; | |
696 | wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate dNSName", | |
697 | gen->obj, os_strlen((char *)gen->obj)); | |
698 | if (domain_suffix_match((const char *) gen->obj, | |
699 | os_strlen((char *) gen->obj), match, | |
242e8572 | 700 | match_len, full) == 1) { |
fec03f98 SP |
701 | wpa_printf(MSG_DEBUG, "TLS: %s in dNSName found", |
702 | full ? "Match" : "Suffix match"); | |
703 | wolfSSL_sk_ASN1_OBJECT_free(ext); | |
704 | return 1; | |
705 | } | |
706 | } | |
707 | wolfSSL_sk_ASN1_OBJECT_free(ext); | |
708 | ||
709 | if (dns_name) { | |
710 | wpa_printf(MSG_DEBUG, "TLS: None of the dNSName(s) matched"); | |
711 | return 0; | |
712 | } | |
713 | ||
714 | name = wolfSSL_X509_get_subject_name(cert); | |
715 | i = -1; | |
716 | for (;;) { | |
717 | WOLFSSL_X509_NAME_ENTRY *e; | |
718 | WOLFSSL_ASN1_STRING *cn; | |
719 | ||
720 | i = wolfSSL_X509_NAME_get_index_by_NID(name, ASN_COMMON_NAME, | |
721 | i); | |
722 | if (i == -1) | |
723 | break; | |
724 | e = wolfSSL_X509_NAME_get_entry(name, i); | |
725 | if (!e) | |
726 | continue; | |
727 | cn = wolfSSL_X509_NAME_ENTRY_get_data(e); | |
728 | if (!cn) | |
729 | continue; | |
730 | wpa_hexdump_ascii(MSG_DEBUG, "TLS: Certificate commonName", | |
731 | cn->data, cn->length); | |
242e8572 JM |
732 | if (domain_suffix_match(cn->data, cn->length, |
733 | match, match_len, full) == 1) { | |
fec03f98 SP |
734 | wpa_printf(MSG_DEBUG, "TLS: %s in commonName found", |
735 | full ? "Match" : "Suffix match"); | |
736 | return 1; | |
737 | } | |
738 | } | |
739 | ||
740 | wpa_printf(MSG_DEBUG, "TLS: No CommonName %smatch found", | |
741 | full ? "" : "suffix "); | |
742 | return 0; | |
743 | } | |
744 | ||
745 | ||
242e8572 JM |
746 | static int tls_match_suffix(WOLFSSL_X509 *cert, const char *match, int full) |
747 | { | |
748 | const char *token, *last = NULL; | |
749 | ||
750 | /* Process each match alternative separately until a match is found */ | |
751 | while ((token = cstr_token(match, ";", &last))) { | |
752 | if (tls_match_suffix_helper(cert, token, last - token, full)) | |
753 | return 1; | |
754 | } | |
755 | ||
756 | return 0; | |
757 | } | |
758 | ||
759 | ||
fec03f98 SP |
760 | static enum tls_fail_reason wolfssl_tls_fail_reason(int err) |
761 | { | |
762 | switch (err) { | |
763 | case X509_V_ERR_CERT_REVOKED: | |
764 | return TLS_FAIL_REVOKED; | |
765 | case ASN_BEFORE_DATE_E: | |
766 | case X509_V_ERR_CERT_NOT_YET_VALID: | |
767 | case X509_V_ERR_CRL_NOT_YET_VALID: | |
768 | return TLS_FAIL_NOT_YET_VALID; | |
769 | case ASN_AFTER_DATE_E: | |
770 | case X509_V_ERR_CERT_HAS_EXPIRED: | |
771 | case X509_V_ERR_CRL_HAS_EXPIRED: | |
772 | return TLS_FAIL_EXPIRED; | |
773 | case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: | |
774 | case X509_V_ERR_UNABLE_TO_GET_CRL: | |
775 | case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: | |
776 | case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: | |
777 | case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: | |
778 | case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: | |
779 | case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: | |
780 | case X509_V_ERR_CERT_CHAIN_TOO_LONG: | |
781 | case X509_V_ERR_PATH_LENGTH_EXCEEDED: | |
782 | case X509_V_ERR_INVALID_CA: | |
783 | return TLS_FAIL_UNTRUSTED; | |
784 | case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: | |
785 | case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: | |
786 | case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: | |
787 | case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: | |
788 | case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: | |
789 | case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: | |
790 | case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: | |
791 | case X509_V_ERR_CERT_UNTRUSTED: | |
792 | case X509_V_ERR_CERT_REJECTED: | |
793 | return TLS_FAIL_BAD_CERTIFICATE; | |
794 | default: | |
795 | return TLS_FAIL_UNSPECIFIED; | |
796 | } | |
797 | } | |
798 | ||
799 | ||
800 | static const char * wolfssl_tls_err_string(int err, const char *err_str) | |
801 | { | |
802 | switch (err) { | |
803 | case ASN_BEFORE_DATE_E: | |
804 | return "certificate is not yet valid"; | |
805 | case ASN_AFTER_DATE_E: | |
806 | return "certificate has expired"; | |
807 | default: | |
808 | return err_str; | |
809 | } | |
810 | } | |
811 | ||
812 | ||
813 | static struct wpabuf * get_x509_cert(WOLFSSL_X509 *cert) | |
814 | { | |
815 | struct wpabuf *buf = NULL; | |
816 | const u8 *data; | |
817 | int cert_len; | |
818 | ||
819 | data = wolfSSL_X509_get_der(cert, &cert_len); | |
820 | if (!data) | |
821 | buf = wpabuf_alloc_copy(data, cert_len); | |
822 | ||
823 | return buf; | |
824 | } | |
825 | ||
826 | ||
827 | static void wolfssl_tls_fail_event(struct tls_connection *conn, | |
828 | WOLFSSL_X509 *err_cert, int err, int depth, | |
829 | const char *subject, const char *err_str, | |
830 | enum tls_fail_reason reason) | |
831 | { | |
832 | union tls_event_data ev; | |
833 | struct wpabuf *cert = NULL; | |
834 | struct tls_context *context = conn->context; | |
835 | ||
836 | if (!context->event_cb) | |
837 | return; | |
838 | ||
839 | cert = get_x509_cert(err_cert); | |
840 | os_memset(&ev, 0, sizeof(ev)); | |
841 | ev.cert_fail.reason = reason != TLS_FAIL_UNSPECIFIED ? | |
842 | reason : wolfssl_tls_fail_reason(err); | |
843 | ev.cert_fail.depth = depth; | |
844 | ev.cert_fail.subject = subject; | |
845 | ev.cert_fail.reason_txt = wolfssl_tls_err_string(err, err_str); | |
846 | ev.cert_fail.cert = cert; | |
847 | context->event_cb(context->cb_ctx, TLS_CERT_CHAIN_FAILURE, &ev); | |
848 | wpabuf_free(cert); | |
849 | } | |
850 | ||
851 | ||
852 | static void wolfssl_tls_cert_event(struct tls_connection *conn, | |
853 | WOLFSSL_X509 *err_cert, int depth, | |
854 | const char *subject) | |
855 | { | |
856 | struct wpabuf *cert = NULL; | |
857 | union tls_event_data ev; | |
858 | struct tls_context *context = conn->context; | |
859 | char *alt_subject[TLS_MAX_ALT_SUBJECT]; | |
860 | int alt, num_alt_subject = 0; | |
861 | WOLFSSL_ASN1_OBJECT *gen; | |
862 | void *ext; | |
863 | int i; | |
864 | #ifdef CONFIG_SHA256 | |
865 | u8 hash[32]; | |
866 | #endif /* CONFIG_SHA256 */ | |
867 | ||
868 | if (!context->event_cb) | |
869 | return; | |
870 | ||
871 | os_memset(&ev, 0, sizeof(ev)); | |
872 | if (conn->cert_probe || (conn->flags & TLS_CONN_EXT_CERT_CHECK) || | |
873 | context->cert_in_cb) { | |
874 | cert = get_x509_cert(err_cert); | |
875 | ev.peer_cert.cert = cert; | |
876 | } | |
877 | ||
878 | #ifdef CONFIG_SHA256 | |
879 | if (cert) { | |
880 | const u8 *addr[1]; | |
881 | size_t len[1]; | |
882 | ||
883 | addr[0] = wpabuf_head(cert); | |
884 | len[0] = wpabuf_len(cert); | |
885 | if (sha256_vector(1, addr, len, hash) == 0) { | |
886 | ev.peer_cert.hash = hash; | |
887 | ev.peer_cert.hash_len = sizeof(hash); | |
888 | } | |
889 | } | |
890 | #endif /* CONFIG_SHA256 */ | |
891 | ||
892 | ev.peer_cert.depth = depth; | |
893 | ev.peer_cert.subject = subject; | |
894 | ||
895 | ext = wolfSSL_X509_get_ext_d2i(err_cert, ALT_NAMES_OID, NULL, NULL); | |
896 | for (i = 0; ext && i < wolfSSL_sk_num(ext); i++) { | |
897 | char *pos; | |
898 | ||
899 | if (num_alt_subject == TLS_MAX_ALT_SUBJECT) | |
900 | break; | |
901 | gen = wolfSSL_sk_value((void *) ext, i); | |
fec03f98 SP |
902 | if (gen->type != GEN_EMAIL && |
903 | gen->type != GEN_DNS && | |
904 | gen->type != GEN_URI) | |
905 | continue; | |
fec03f98 SP |
906 | |
907 | pos = os_malloc(10 + os_strlen((char *) gen->obj) + 1); | |
908 | if (!pos) | |
909 | break; | |
910 | alt_subject[num_alt_subject++] = pos; | |
911 | ||
fec03f98 SP |
912 | switch (gen->type) { |
913 | case GEN_EMAIL: | |
914 | os_memcpy(pos, "EMAIL:", 6); | |
915 | pos += 6; | |
916 | break; | |
917 | case GEN_DNS: | |
918 | os_memcpy(pos, "DNS:", 4); | |
919 | pos += 4; | |
920 | break; | |
921 | case GEN_URI: | |
922 | os_memcpy(pos, "URI:", 4); | |
923 | pos += 4; | |
924 | break; | |
925 | } | |
fec03f98 SP |
926 | |
927 | os_memcpy(pos, gen->obj, os_strlen((char *)gen->obj)); | |
928 | pos += os_strlen((char *)gen->obj); | |
929 | *pos = '\0'; | |
930 | } | |
931 | wolfSSL_sk_ASN1_OBJECT_free(ext); | |
932 | ||
933 | for (alt = 0; alt < num_alt_subject; alt++) | |
934 | ev.peer_cert.altsubject[alt] = alt_subject[alt]; | |
935 | ev.peer_cert.num_altsubject = num_alt_subject; | |
936 | ||
937 | context->event_cb(context->cb_ctx, TLS_PEER_CERTIFICATE, &ev); | |
938 | wpabuf_free(cert); | |
939 | for (alt = 0; alt < num_alt_subject; alt++) | |
940 | os_free(alt_subject[alt]); | |
941 | } | |
942 | ||
943 | ||
944 | static int tls_verify_cb(int preverify_ok, WOLFSSL_X509_STORE_CTX *x509_ctx) | |
945 | { | |
946 | char buf[256]; | |
947 | WOLFSSL_X509 *err_cert; | |
948 | int err, depth; | |
949 | WOLFSSL *ssl; | |
950 | struct tls_connection *conn; | |
951 | struct tls_context *context; | |
952 | char *match, *altmatch, *suffix_match, *domain_match; | |
953 | const char *err_str; | |
954 | ||
955 | err_cert = wolfSSL_X509_STORE_CTX_get_current_cert(x509_ctx); | |
956 | if (!err_cert) { | |
957 | wpa_printf(MSG_DEBUG, "wolfSSL: No Cert"); | |
958 | return 0; | |
959 | } | |
960 | ||
961 | err = wolfSSL_X509_STORE_CTX_get_error(x509_ctx); | |
962 | depth = wolfSSL_X509_STORE_CTX_get_error_depth(x509_ctx); | |
963 | ssl = wolfSSL_X509_STORE_CTX_get_ex_data( | |
964 | x509_ctx, wolfSSL_get_ex_data_X509_STORE_CTX_idx()); | |
965 | wolfSSL_X509_NAME_oneline(wolfSSL_X509_get_subject_name(err_cert), buf, | |
966 | sizeof(buf)); | |
967 | ||
968 | conn = wolfSSL_get_ex_data(ssl, 0); | |
969 | if (!conn) { | |
970 | wpa_printf(MSG_DEBUG, "wolfSSL: No ex_data"); | |
971 | return 0; | |
972 | } | |
973 | ||
974 | if (depth == 0) | |
975 | conn->peer_cert = err_cert; | |
976 | else if (depth == 1) | |
977 | conn->peer_issuer = err_cert; | |
978 | else if (depth == 2) | |
979 | conn->peer_issuer_issuer = err_cert; | |
980 | ||
981 | context = conn->context; | |
982 | match = conn->subject_match; | |
983 | altmatch = conn->alt_subject_match; | |
984 | suffix_match = conn->suffix_match; | |
985 | domain_match = conn->domain_match; | |
986 | ||
987 | if (!preverify_ok && !conn->ca_cert_verify) | |
988 | preverify_ok = 1; | |
989 | if (!preverify_ok && depth > 0 && conn->server_cert_only) | |
990 | preverify_ok = 1; | |
991 | if (!preverify_ok && (conn->flags & TLS_CONN_DISABLE_TIME_CHECKS) && | |
992 | (err == X509_V_ERR_CERT_HAS_EXPIRED || | |
993 | err == ASN_AFTER_DATE_E || err == ASN_BEFORE_DATE_E || | |
994 | err == X509_V_ERR_CERT_NOT_YET_VALID)) { | |
995 | wpa_printf(MSG_DEBUG, | |
996 | "wolfSSL: Ignore certificate validity time mismatch"); | |
997 | preverify_ok = 1; | |
998 | } | |
999 | ||
1000 | err_str = wolfSSL_X509_verify_cert_error_string(err); | |
1001 | ||
1002 | #ifdef CONFIG_SHA256 | |
1003 | /* | |
1004 | * Do not require preverify_ok so we can explicity allow otherwise | |
1005 | * invalid pinned server certificates. | |
1006 | */ | |
1007 | if (depth == 0 && conn->server_cert_only) { | |
1008 | struct wpabuf *cert; | |
1009 | ||
1010 | cert = get_x509_cert(err_cert); | |
1011 | if (!cert) { | |
1012 | wpa_printf(MSG_DEBUG, | |
1013 | "wolfSSL: Could not fetch server certificate data"); | |
1014 | preverify_ok = 0; | |
1015 | } else { | |
1016 | u8 hash[32]; | |
1017 | const u8 *addr[1]; | |
1018 | size_t len[1]; | |
1019 | ||
1020 | addr[0] = wpabuf_head(cert); | |
1021 | len[0] = wpabuf_len(cert); | |
1022 | if (sha256_vector(1, addr, len, hash) < 0 || | |
1023 | os_memcmp(conn->srv_cert_hash, hash, 32) != 0) { | |
1024 | err_str = "Server certificate mismatch"; | |
1025 | err = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; | |
1026 | preverify_ok = 0; | |
1027 | } else if (!preverify_ok) { | |
1028 | /* | |
1029 | * Certificate matches pinned certificate, allow | |
1030 | * regardless of other problems. | |
1031 | */ | |
1032 | wpa_printf(MSG_DEBUG, | |
1033 | "wolfSSL: Ignore validation issues for a pinned server certificate"); | |
1034 | preverify_ok = 1; | |
1035 | } | |
1036 | wpabuf_free(cert); | |
1037 | } | |
1038 | } | |
1039 | #endif /* CONFIG_SHA256 */ | |
1040 | ||
1041 | if (!preverify_ok) { | |
1042 | wpa_printf(MSG_WARNING, | |
1043 | "TLS: Certificate verification failed, error %d (%s) depth %d for '%s'", | |
1044 | err, err_str, depth, buf); | |
1045 | wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, | |
1046 | err_str, TLS_FAIL_UNSPECIFIED); | |
1047 | return preverify_ok; | |
1048 | } | |
1049 | ||
1050 | wpa_printf(MSG_DEBUG, | |
1051 | "TLS: %s - preverify_ok=%d err=%d (%s) ca_cert_verify=%d depth=%d buf='%s'", | |
1052 | __func__, preverify_ok, err, err_str, | |
1053 | conn->ca_cert_verify, depth, buf); | |
1054 | if (depth == 0 && match && os_strstr(buf, match) == NULL) { | |
1055 | wpa_printf(MSG_WARNING, | |
1056 | "TLS: Subject '%s' did not match with '%s'", | |
1057 | buf, match); | |
1058 | preverify_ok = 0; | |
1059 | wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, | |
1060 | "Subject mismatch", | |
1061 | TLS_FAIL_SUBJECT_MISMATCH); | |
1062 | } else if (depth == 0 && altmatch && | |
1063 | !tls_match_alt_subject(err_cert, altmatch)) { | |
1064 | wpa_printf(MSG_WARNING, | |
1065 | "TLS: altSubjectName match '%s' not found", | |
1066 | altmatch); | |
1067 | preverify_ok = 0; | |
1068 | wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, | |
1069 | "AltSubject mismatch", | |
1070 | TLS_FAIL_ALTSUBJECT_MISMATCH); | |
1071 | } else if (depth == 0 && suffix_match && | |
1072 | !tls_match_suffix(err_cert, suffix_match, 0)) { | |
1073 | wpa_printf(MSG_WARNING, | |
1074 | "TLS: Domain suffix match '%s' not found", | |
1075 | suffix_match); | |
1076 | preverify_ok = 0; | |
1077 | wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, | |
1078 | "Domain suffix mismatch", | |
1079 | TLS_FAIL_DOMAIN_SUFFIX_MISMATCH); | |
1080 | } else if (depth == 0 && domain_match && | |
1081 | !tls_match_suffix(err_cert, domain_match, 1)) { | |
1082 | wpa_printf(MSG_WARNING, "TLS: Domain match '%s' not found", | |
1083 | domain_match); | |
1084 | preverify_ok = 0; | |
1085 | wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, | |
1086 | "Domain mismatch", | |
1087 | TLS_FAIL_DOMAIN_MISMATCH); | |
1088 | } else { | |
1089 | wolfssl_tls_cert_event(conn, err_cert, depth, buf); | |
1090 | } | |
1091 | ||
1092 | if (conn->cert_probe && preverify_ok && depth == 0) { | |
1093 | wpa_printf(MSG_DEBUG, | |
1094 | "wolfSSL: Reject server certificate on probe-only run"); | |
1095 | preverify_ok = 0; | |
1096 | wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, | |
1097 | "Server certificate chain probe", | |
1098 | TLS_FAIL_SERVER_CHAIN_PROBE); | |
1099 | } | |
1100 | ||
b7f5b0ec | 1101 | #ifdef HAVE_OCSP_WOLFSSL |
fec03f98 SP |
1102 | if (depth == 0 && (conn->flags & TLS_CONN_REQUEST_OCSP) && |
1103 | preverify_ok) { | |
1104 | enum ocsp_result res; | |
1105 | ||
1106 | res = check_ocsp_resp(conn->ssl_ctx, conn->ssl, err_cert, | |
1107 | conn->peer_issuer, | |
1108 | conn->peer_issuer_issuer); | |
1109 | if (res == OCSP_REVOKED) { | |
1110 | preverify_ok = 0; | |
1111 | wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, | |
1112 | "certificate revoked", | |
1113 | TLS_FAIL_REVOKED); | |
1114 | if (err == X509_V_OK) | |
1115 | X509_STORE_CTX_set_error( | |
1116 | x509_ctx, X509_V_ERR_CERT_REVOKED); | |
1117 | } else if (res != OCSP_GOOD && | |
1118 | (conn->flags & TLS_CONN_REQUIRE_OCSP)) { | |
1119 | preverify_ok = 0; | |
1120 | wolfssl_tls_fail_event(conn, err_cert, err, depth, buf, | |
1121 | "bad certificate status response", | |
1122 | TLS_FAIL_UNSPECIFIED); | |
1123 | } | |
1124 | } | |
b7f5b0ec | 1125 | #endif /* HAVE_OCSP_WOLFSSL */ |
fec03f98 SP |
1126 | if (depth == 0 && preverify_ok && context->event_cb != NULL) |
1127 | context->event_cb(context->cb_ctx, | |
1128 | TLS_CERT_CHAIN_SUCCESS, NULL); | |
1129 | ||
1130 | return preverify_ok; | |
1131 | } | |
1132 | ||
1133 | ||
1134 | static int tls_connection_ca_cert(void *tls_ctx, struct tls_connection *conn, | |
1135 | const char *ca_cert, | |
1136 | const u8 *ca_cert_blob, size_t blob_len, | |
1137 | const char *ca_path) | |
1138 | { | |
1139 | WOLFSSL_CTX *ctx = tls_ctx; | |
1140 | ||
1141 | wolfSSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); | |
1142 | conn->ca_cert_verify = 1; | |
1143 | ||
1144 | if (ca_cert && os_strncmp(ca_cert, "probe://", 8) == 0) { | |
1145 | wpa_printf(MSG_DEBUG, | |
1146 | "wolfSSL: Probe for server certificate chain"); | |
1147 | conn->cert_probe = 1; | |
1148 | conn->ca_cert_verify = 0; | |
1149 | return 0; | |
1150 | } | |
1151 | ||
1152 | if (ca_cert && os_strncmp(ca_cert, "hash://", 7) == 0) { | |
1153 | #ifdef CONFIG_SHA256 | |
1154 | const char *pos = ca_cert + 7; | |
1155 | ||
1156 | if (os_strncmp(pos, "server/sha256/", 14) != 0) { | |
1157 | wpa_printf(MSG_DEBUG, | |
1158 | "wolfSSL: Unsupported ca_cert hash value '%s'", | |
1159 | ca_cert); | |
1160 | return -1; | |
1161 | } | |
1162 | pos += 14; | |
1163 | if (os_strlen(pos) != 32 * 2) { | |
1164 | wpa_printf(MSG_DEBUG, | |
1165 | "wolfSSL: Unexpected SHA256 hash length in ca_cert '%s'", | |
1166 | ca_cert); | |
1167 | return -1; | |
1168 | } | |
1169 | if (hexstr2bin(pos, conn->srv_cert_hash, 32) < 0) { | |
1170 | wpa_printf(MSG_DEBUG, | |
1171 | "wolfSSL: Invalid SHA256 hash value in ca_cert '%s'", | |
1172 | ca_cert); | |
1173 | return -1; | |
1174 | } | |
1175 | conn->server_cert_only = 1; | |
1176 | wpa_printf(MSG_DEBUG, | |
1177 | "wolfSSL: Checking only server certificate match"); | |
1178 | return 0; | |
1179 | #else /* CONFIG_SHA256 */ | |
1180 | wpa_printf(MSG_INFO, | |
1181 | "No SHA256 included in the build - cannot validate server certificate hash"); | |
1182 | return -1; | |
1183 | #endif /* CONFIG_SHA256 */ | |
1184 | } | |
1185 | ||
1186 | if (ca_cert_blob) { | |
1187 | if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_blob, blob_len, | |
1188 | SSL_FILETYPE_ASN1) != | |
1189 | SSL_SUCCESS) { | |
1190 | wpa_printf(MSG_INFO, "SSL: failed to load CA blob"); | |
1191 | return -1; | |
1192 | } | |
1193 | wpa_printf(MSG_DEBUG, "SSL: use CA cert blob OK"); | |
1194 | return 0; | |
1195 | } | |
1196 | ||
1197 | if (ca_cert || ca_path) { | |
1198 | WOLFSSL_X509_STORE *cm = wolfSSL_X509_STORE_new(); | |
1199 | ||
1200 | if (!cm) { | |
1201 | wpa_printf(MSG_INFO, | |
1202 | "SSL: failed to create certificate store"); | |
1203 | return -1; | |
1204 | } | |
1205 | wolfSSL_CTX_set_cert_store(ctx, cm); | |
fec03f98 SP |
1206 | |
1207 | if (wolfSSL_CTX_load_verify_locations(ctx, ca_cert, ca_path) != | |
1208 | SSL_SUCCESS) { | |
1209 | wpa_printf(MSG_INFO, | |
1210 | "SSL: failed to load ca_cert as PEM"); | |
1211 | ||
1212 | if (!ca_cert) | |
1213 | return -1; | |
1214 | ||
1215 | if (wolfSSL_CTX_der_load_verify_locations( | |
1216 | ctx, ca_cert, SSL_FILETYPE_ASN1) != | |
1217 | SSL_SUCCESS) { | |
1218 | wpa_printf(MSG_INFO, | |
1219 | "SSL: failed to load ca_cert as DER"); | |
1220 | return -1; | |
1221 | } | |
1222 | } | |
1223 | return 0; | |
1224 | } | |
1225 | ||
1226 | conn->ca_cert_verify = 0; | |
1227 | return 0; | |
1228 | } | |
1229 | ||
1230 | ||
1231 | static void tls_set_conn_flags(WOLFSSL *ssl, unsigned int flags) | |
1232 | { | |
1233 | #ifdef HAVE_SESSION_TICKET | |
1234 | #if 0 | |
1235 | if (!(flags & TLS_CONN_DISABLE_SESSION_TICKET)) | |
1236 | wolfSSL_UseSessionTicket(ssl); | |
1237 | #endif | |
1238 | #endif /* HAVE_SESSION_TICKET */ | |
1239 | ||
1240 | if (flags & TLS_CONN_DISABLE_TLSv1_0) | |
1241 | wolfSSL_set_options(ssl, SSL_OP_NO_TLSv1); | |
1242 | if (flags & TLS_CONN_DISABLE_TLSv1_1) | |
1243 | wolfSSL_set_options(ssl, SSL_OP_NO_TLSv1_1); | |
1244 | if (flags & TLS_CONN_DISABLE_TLSv1_2) | |
1245 | wolfSSL_set_options(ssl, SSL_OP_NO_TLSv1_2); | |
1246 | } | |
1247 | ||
1248 | ||
1249 | int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, | |
1250 | const struct tls_connection_params *params) | |
1251 | { | |
1252 | wpa_printf(MSG_DEBUG, "SSL: set params"); | |
1253 | ||
1254 | if (tls_connection_set_subject_match(conn, params->subject_match, | |
1255 | params->altsubject_match, | |
1256 | params->suffix_match, | |
1257 | params->domain_match) < 0) { | |
1258 | wpa_printf(MSG_INFO, "Error setting subject match"); | |
1259 | return -1; | |
1260 | } | |
1261 | ||
1262 | if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert, | |
1263 | params->ca_cert_blob, | |
1264 | params->ca_cert_blob_len, | |
1265 | params->ca_path) < 0) { | |
1266 | wpa_printf(MSG_INFO, "Error setting CA cert"); | |
1267 | return -1; | |
1268 | } | |
1269 | ||
1270 | if (tls_connection_client_cert(conn, params->client_cert, | |
1271 | params->client_cert_blob, | |
1272 | params->client_cert_blob_len) < 0) { | |
1273 | wpa_printf(MSG_INFO, "Error setting client cert"); | |
1274 | return -1; | |
1275 | } | |
1276 | ||
1277 | if (tls_connection_private_key(tls_ctx, conn, params->private_key, | |
1278 | params->private_key_passwd, | |
1279 | params->private_key_blob, | |
1280 | params->private_key_blob_len) < 0) { | |
1281 | wpa_printf(MSG_INFO, "Error setting private key"); | |
1282 | return -1; | |
1283 | } | |
1284 | ||
1285 | if (tls_connection_dh(conn, params->dh_file, params->dh_blob, | |
1286 | params->dh_blob_len) < 0) { | |
1287 | wpa_printf(MSG_INFO, "Error setting DH"); | |
1288 | return -1; | |
1289 | } | |
1290 | ||
1291 | if (params->openssl_ciphers && | |
1292 | wolfSSL_set_cipher_list(conn->ssl, params->openssl_ciphers) != 1) { | |
1293 | wpa_printf(MSG_INFO, | |
1294 | "wolfSSL: Failed to set cipher string '%s'", | |
1295 | params->openssl_ciphers); | |
1296 | return -1; | |
1297 | } | |
1298 | ||
1299 | tls_set_conn_flags(conn->ssl, params->flags); | |
1300 | ||
1301 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST | |
1302 | if (params->flags & TLS_CONN_REQUEST_OCSP) { | |
1303 | if (wolfSSL_UseOCSPStapling(conn->ssl, WOLFSSL_CSR_OCSP, | |
1304 | WOLFSSL_CSR_OCSP_USE_NONCE) != | |
1305 | SSL_SUCCESS) | |
1306 | return -1; | |
1307 | wolfSSL_CTX_EnableOCSP(tls_ctx, 0); | |
1308 | } | |
1309 | #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ | |
1310 | #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 | |
1311 | if (params->flags & TLS_CONN_REQUEST_OCSP) { | |
1312 | if (wolfSSL_UseOCSPStaplingV2(conn->ssl, | |
1313 | WOLFSSL_CSR2_OCSP_MULTI, 0) != | |
1314 | SSL_SUCCESS) | |
1315 | return -1; | |
1316 | wolfSSL_CTX_EnableOCSP(tls_ctx, 0); | |
1317 | } | |
1318 | #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ | |
1319 | #if !defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ | |
1320 | !defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) | |
1321 | #ifdef HAVE_OCSP | |
1322 | if (params->flags & TLS_CONN_REQUEST_OCSP) | |
1323 | wolfSSL_CTX_EnableOCSP(ctx, 0); | |
1324 | #else /* HAVE_OCSP */ | |
1325 | if (params->flags & TLS_CONN_REQUIRE_OCSP) { | |
1326 | wpa_printf(MSG_INFO, | |
1327 | "wolfSSL: No OCSP support included - reject configuration"); | |
1328 | return -1; | |
1329 | } | |
1330 | if (params->flags & TLS_CONN_REQUEST_OCSP) { | |
1331 | wpa_printf(MSG_DEBUG, | |
1332 | "wolfSSL: No OCSP support included - allow optional OCSP case to continue"); | |
1333 | } | |
1334 | #endif /* HAVE_OCSP */ | |
1335 | #endif /* !HAVE_CERTIFICATE_STATUS_REQUEST && | |
1336 | * !HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ | |
1337 | ||
1338 | conn->flags = params->flags; | |
1339 | ||
1340 | return 0; | |
1341 | } | |
1342 | ||
1343 | ||
1344 | static int tls_global_ca_cert(void *ssl_ctx, const char *ca_cert) | |
1345 | { | |
1346 | WOLFSSL_CTX *ctx = ssl_ctx; | |
1347 | ||
1348 | if (ca_cert) { | |
1349 | if (wolfSSL_CTX_load_verify_locations(ctx, ca_cert, NULL) != 1) | |
1350 | { | |
1351 | wpa_printf(MSG_WARNING, | |
1352 | "Failed to load root certificates"); | |
1353 | return -1; | |
1354 | } | |
1355 | ||
1356 | wpa_printf(MSG_DEBUG, | |
1357 | "TLS: Trusted root certificate(s) loaded"); | |
1358 | } | |
1359 | ||
1360 | return 0; | |
1361 | } | |
1362 | ||
1363 | ||
1364 | static int tls_global_client_cert(void *ssl_ctx, const char *client_cert) | |
1365 | { | |
1366 | WOLFSSL_CTX *ctx = ssl_ctx; | |
1367 | ||
1368 | if (!client_cert) | |
1369 | return 0; | |
1370 | ||
6590d846 SP |
1371 | if (wolfSSL_CTX_use_certificate_chain_file_format(ctx, client_cert, |
1372 | SSL_FILETYPE_ASN1) != | |
fec03f98 | 1373 | SSL_SUCCESS && |
6590d846 SP |
1374 | wolfSSL_CTX_use_certificate_chain_file(ctx, client_cert) != |
1375 | SSL_SUCCESS) { | |
fec03f98 SP |
1376 | wpa_printf(MSG_INFO, "Failed to load client certificate"); |
1377 | return -1; | |
1378 | } | |
1379 | ||
1380 | wpa_printf(MSG_DEBUG, "SSL: Loaded global client certificate: %s", | |
1381 | client_cert); | |
1382 | ||
1383 | return 0; | |
1384 | } | |
1385 | ||
1386 | ||
1387 | static int tls_global_private_key(void *ssl_ctx, const char *private_key, | |
1388 | const char *private_key_passwd) | |
1389 | { | |
1390 | WOLFSSL_CTX *ctx = ssl_ctx; | |
1391 | char *passwd = NULL; | |
1392 | int ret = 0; | |
1393 | ||
1394 | if (!private_key) | |
1395 | return 0; | |
1396 | ||
1397 | if (private_key_passwd) { | |
1398 | passwd = os_strdup(private_key_passwd); | |
1399 | if (!passwd) | |
1400 | return -1; | |
1401 | } | |
1402 | ||
1403 | wolfSSL_CTX_set_default_passwd_cb(ctx, tls_passwd_cb); | |
1404 | wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, passwd); | |
1405 | ||
1406 | if (wolfSSL_CTX_use_PrivateKey_file(ctx, private_key, | |
1407 | SSL_FILETYPE_ASN1) != 1 && | |
1408 | wolfSSL_CTX_use_PrivateKey_file(ctx, private_key, | |
1409 | SSL_FILETYPE_PEM) != 1) { | |
1410 | wpa_printf(MSG_INFO, "Failed to load private key"); | |
1411 | ret = -1; | |
1412 | } | |
1413 | ||
1414 | wpa_printf(MSG_DEBUG, "SSL: Loaded global private key"); | |
1415 | ||
1416 | os_free(passwd); | |
1417 | wolfSSL_CTX_set_default_passwd_cb(ctx, NULL); | |
1418 | ||
1419 | return ret; | |
1420 | } | |
1421 | ||
1422 | ||
1423 | static int tls_global_dh(void *ssl_ctx, const char *dh_file, | |
1424 | const u8 *dh_blob, size_t blob_len) | |
1425 | { | |
1426 | WOLFSSL_CTX *ctx = ssl_ctx; | |
1427 | ||
1428 | if (!dh_file && !dh_blob) | |
1429 | return 0; | |
1430 | ||
1431 | if (dh_blob) { | |
1432 | if (wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_blob, blob_len, | |
1433 | SSL_FILETYPE_ASN1) < 0) { | |
1434 | wpa_printf(MSG_INFO, | |
1435 | "SSL: global use DH DER blob failed"); | |
1436 | return -1; | |
1437 | } | |
1438 | wpa_printf(MSG_DEBUG, "SSL: global use DH blob OK"); | |
1439 | return 0; | |
1440 | } | |
1441 | ||
1442 | if (dh_file) { | |
1443 | if (wolfSSL_CTX_SetTmpDH_file(ctx, dh_file, SSL_FILETYPE_PEM) < | |
1444 | 0) { | |
1445 | wpa_printf(MSG_INFO, | |
1446 | "SSL: global use DH PEM file failed"); | |
1447 | if (wolfSSL_CTX_SetTmpDH_file(ctx, dh_file, | |
1448 | SSL_FILETYPE_ASN1) < 0) { | |
1449 | wpa_printf(MSG_INFO, | |
1450 | "SSL: global use DH DER file failed"); | |
1451 | return -1; | |
1452 | } | |
1453 | } | |
1454 | wpa_printf(MSG_DEBUG, "SSL: global use DH file OK"); | |
1455 | return 0; | |
1456 | } | |
1457 | ||
1458 | return 0; | |
1459 | } | |
1460 | ||
1461 | ||
1462 | #ifdef HAVE_OCSP | |
1463 | ||
1464 | int ocsp_status_cb(void *unused, const char *url, int url_sz, | |
1465 | unsigned char *request, int request_sz, | |
1466 | unsigned char **response) | |
1467 | { | |
1468 | size_t len; | |
1469 | ||
1470 | (void) unused; | |
1471 | ||
1472 | if (!url) { | |
1473 | wpa_printf(MSG_DEBUG, | |
1474 | "wolfSSL: OCSP status callback - no response configured"); | |
1475 | *response = NULL; | |
1476 | return 0; | |
1477 | } | |
1478 | ||
1479 | *response = (unsigned char *) os_readfile(url, &len); | |
1480 | if (!*response) { | |
1481 | wpa_printf(MSG_DEBUG, | |
1482 | "wolfSSL: OCSP status callback - could not read response file"); | |
1483 | return -1; | |
1484 | } | |
1485 | wpa_printf(MSG_DEBUG, | |
1486 | "wolfSSL: OCSP status callback - send cached response"); | |
1487 | return len; | |
1488 | } | |
1489 | ||
1490 | ||
1491 | void ocsp_resp_free_cb(void *ocsp_stapling_response, unsigned char *response) | |
1492 | { | |
1493 | os_free(response); | |
1494 | } | |
1495 | ||
1496 | #endif /* HAVE_OCSP */ | |
1497 | ||
1498 | ||
1499 | int tls_global_set_params(void *tls_ctx, | |
1500 | const struct tls_connection_params *params) | |
1501 | { | |
1502 | wpa_printf(MSG_DEBUG, "SSL: global set params"); | |
1503 | ||
841205a1 JB |
1504 | if (params->check_cert_subject) |
1505 | return -1; /* not yet supported */ | |
1506 | ||
fec03f98 SP |
1507 | if (tls_global_ca_cert(tls_ctx, params->ca_cert) < 0) { |
1508 | wpa_printf(MSG_INFO, "SSL: Failed to load ca cert file '%s'", | |
1509 | params->ca_cert); | |
1510 | return -1; | |
1511 | } | |
1512 | ||
1513 | if (tls_global_client_cert(tls_ctx, params->client_cert) < 0) { | |
1514 | wpa_printf(MSG_INFO, | |
1515 | "SSL: Failed to load client cert file '%s'", | |
1516 | params->client_cert); | |
1517 | return -1; | |
1518 | } | |
1519 | ||
1520 | if (tls_global_private_key(tls_ctx, params->private_key, | |
1521 | params->private_key_passwd) < 0) { | |
1522 | wpa_printf(MSG_INFO, | |
1523 | "SSL: Failed to load private key file '%s'", | |
1524 | params->private_key); | |
1525 | return -1; | |
1526 | } | |
1527 | ||
1528 | if (tls_global_dh(tls_ctx, params->dh_file, params->dh_blob, | |
1529 | params->dh_blob_len) < 0) { | |
1530 | wpa_printf(MSG_INFO, "SSL: Failed to load DH file '%s'", | |
1531 | params->dh_file); | |
1532 | return -1; | |
1533 | } | |
1534 | ||
1535 | if (params->openssl_ciphers && | |
1536 | wolfSSL_CTX_set_cipher_list(tls_ctx, | |
1537 | params->openssl_ciphers) != 1) { | |
1538 | wpa_printf(MSG_INFO, | |
1539 | "wolfSSL: Failed to set cipher string '%s'", | |
1540 | params->openssl_ciphers); | |
1541 | return -1; | |
1542 | } | |
1543 | ||
0521c6eb HV |
1544 | if (params->openssl_ecdh_curves) { |
1545 | wpa_printf(MSG_INFO, | |
1546 | "wolfSSL: openssl_ecdh_curves not supported"); | |
1547 | return -1; | |
1548 | } | |
1549 | ||
fec03f98 SP |
1550 | #ifdef HAVE_SESSION_TICKET |
1551 | /* Session ticket is off by default - can't disable once on. */ | |
1552 | if (!(params->flags & TLS_CONN_DISABLE_SESSION_TICKET)) | |
1553 | wolfSSL_CTX_UseSessionTicket(tls_ctx); | |
1554 | #endif /* HAVE_SESSION_TICKET */ | |
1555 | ||
1556 | #ifdef HAVE_OCSP | |
1557 | if (params->ocsp_stapling_response) { | |
1558 | wolfSSL_CTX_SetOCSP_OverrideURL(tls_ctx, | |
1559 | params->ocsp_stapling_response); | |
1560 | wolfSSL_CTX_SetOCSP_Cb(tls_ctx, ocsp_status_cb, | |
1561 | ocsp_resp_free_cb, NULL); | |
1562 | } | |
1563 | #endif /* HAVE_OCSP */ | |
1564 | ||
1565 | return 0; | |
1566 | } | |
1567 | ||
1568 | ||
dd5d325b | 1569 | int tls_global_set_verify(void *tls_ctx, int check_crl, int strict) |
fec03f98 SP |
1570 | { |
1571 | wpa_printf(MSG_DEBUG, "SSL: global set verify: %d", check_crl); | |
1572 | ||
1573 | if (check_crl) { | |
1574 | /* Hack to Enable CRLs. */ | |
1575 | wolfSSL_CTX_LoadCRLBuffer(tls_ctx, NULL, 0, SSL_FILETYPE_PEM); | |
1576 | } | |
1577 | ||
1578 | return 0; | |
1579 | } | |
1580 | ||
1581 | ||
1582 | int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn, | |
1583 | int verify_peer, unsigned int flags, | |
1584 | const u8 *session_ctx, size_t session_ctx_len) | |
1585 | { | |
1586 | if (!conn) | |
1587 | return -1; | |
1588 | ||
1589 | wpa_printf(MSG_DEBUG, "SSL: set verify: %d", verify_peer); | |
1590 | ||
1591 | if (verify_peer) { | |
1592 | conn->ca_cert_verify = 1; | |
1593 | wolfSSL_set_verify(conn->ssl, SSL_VERIFY_PEER | | |
1594 | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, | |
1595 | tls_verify_cb); | |
1596 | } else { | |
1597 | conn->ca_cert_verify = 0; | |
1598 | wolfSSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL); | |
1599 | } | |
1600 | ||
1601 | wolfSSL_set_accept_state(conn->ssl); | |
1602 | ||
1603 | /* TODO: do we need to fake a session like OpenSSL does here? */ | |
1604 | ||
1605 | return 0; | |
1606 | } | |
1607 | ||
1608 | ||
1609 | static struct wpabuf * wolfssl_handshake(struct tls_connection *conn, | |
1610 | const struct wpabuf *in_data, | |
1611 | int server) | |
1612 | { | |
1613 | int res; | |
1614 | ||
1615 | wolfssl_reset_out_data(&conn->output); | |
1616 | ||
1617 | /* Initiate TLS handshake or continue the existing handshake */ | |
1618 | if (server) { | |
1619 | wolfSSL_set_accept_state(conn->ssl); | |
1620 | res = wolfSSL_accept(conn->ssl); | |
1621 | wpa_printf(MSG_DEBUG, "SSL: wolfSSL_accept: %d", res); | |
1622 | } else { | |
1623 | wolfSSL_set_connect_state(conn->ssl); | |
1624 | res = wolfSSL_connect(conn->ssl); | |
1625 | wpa_printf(MSG_DEBUG, "SSL: wolfSSL_connect: %d", res); | |
1626 | } | |
1627 | ||
1628 | if (res != 1) { | |
1629 | int err = wolfSSL_get_error(conn->ssl, res); | |
1630 | ||
1631 | if (err == SSL_ERROR_WANT_READ) { | |
1632 | wpa_printf(MSG_DEBUG, | |
1633 | "SSL: wolfSSL_connect - want more data"); | |
1634 | } else if (err == SSL_ERROR_WANT_WRITE) { | |
1635 | wpa_printf(MSG_DEBUG, | |
1636 | "SSL: wolfSSL_connect - want to write"); | |
1637 | } else { | |
1638 | char msg[80]; | |
1639 | ||
1640 | wpa_printf(MSG_DEBUG, | |
1641 | "SSL: wolfSSL_connect - failed %s", | |
1642 | wolfSSL_ERR_error_string(err, msg)); | |
1643 | conn->failed++; | |
1644 | } | |
1645 | } | |
1646 | ||
1647 | return conn->output.out_data; | |
1648 | } | |
1649 | ||
1650 | ||
1651 | static struct wpabuf * wolfssl_get_appl_data(struct tls_connection *conn, | |
1652 | size_t max_len) | |
1653 | { | |
1654 | int res; | |
1655 | struct wpabuf *appl_data = wpabuf_alloc(max_len + 100); | |
1656 | ||
1657 | if (!appl_data) | |
1658 | return NULL; | |
1659 | ||
1660 | res = wolfSSL_read(conn->ssl, wpabuf_mhead(appl_data), | |
1661 | wpabuf_size(appl_data)); | |
1662 | if (res < 0) { | |
1663 | int err = wolfSSL_get_error(conn->ssl, res); | |
1664 | ||
1665 | if (err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) { | |
1666 | wpa_printf(MSG_DEBUG, | |
1667 | "SSL: No Application Data included"); | |
1668 | } else { | |
1669 | char msg[80]; | |
1670 | ||
1671 | wpa_printf(MSG_DEBUG, | |
1672 | "Failed to read possible Application Data %s", | |
1673 | wolfSSL_ERR_error_string(err, msg)); | |
1674 | } | |
1675 | ||
1676 | wpabuf_free(appl_data); | |
1677 | return NULL; | |
1678 | } | |
1679 | ||
1680 | wpabuf_put(appl_data, res); | |
1681 | wpa_hexdump_buf_key(MSG_MSGDUMP, | |
1682 | "SSL: Application Data in Finished message", | |
1683 | appl_data); | |
1684 | return appl_data; | |
1685 | } | |
1686 | ||
1687 | ||
1688 | static struct wpabuf * | |
1689 | wolfssl_connection_handshake(struct tls_connection *conn, | |
1690 | const struct wpabuf *in_data, | |
1691 | struct wpabuf **appl_data, int server) | |
1692 | { | |
1693 | struct wpabuf *out_data; | |
1694 | ||
1695 | wolfssl_reset_in_data(&conn->input, in_data); | |
1696 | ||
1697 | if (appl_data) | |
1698 | *appl_data = NULL; | |
1699 | ||
1700 | out_data = wolfssl_handshake(conn, in_data, server); | |
1701 | if (!out_data) | |
1702 | return NULL; | |
1703 | ||
1704 | if (wolfSSL_is_init_finished(conn->ssl)) { | |
1705 | wpa_printf(MSG_DEBUG, | |
1706 | "wolfSSL: Handshake finished - resumed=%d", | |
1707 | tls_connection_resumed(NULL, conn)); | |
1708 | if (appl_data && in_data) | |
1709 | *appl_data = wolfssl_get_appl_data(conn, | |
1710 | wpabuf_len(in_data)); | |
1711 | } | |
1712 | ||
1713 | return out_data; | |
1714 | } | |
1715 | ||
1716 | ||
1717 | struct wpabuf * tls_connection_handshake(void *tls_ctx, | |
1718 | struct tls_connection *conn, | |
1719 | const struct wpabuf *in_data, | |
1720 | struct wpabuf **appl_data) | |
1721 | { | |
1722 | return wolfssl_connection_handshake(conn, in_data, appl_data, 0); | |
1723 | } | |
1724 | ||
1725 | ||
1726 | struct wpabuf * tls_connection_server_handshake(void *tls_ctx, | |
1727 | struct tls_connection *conn, | |
1728 | const struct wpabuf *in_data, | |
1729 | struct wpabuf **appl_data) | |
1730 | { | |
1731 | return wolfssl_connection_handshake(conn, in_data, appl_data, 1); | |
1732 | } | |
1733 | ||
1734 | ||
1735 | struct wpabuf * tls_connection_encrypt(void *tls_ctx, | |
1736 | struct tls_connection *conn, | |
1737 | const struct wpabuf *in_data) | |
1738 | { | |
1739 | int res; | |
1740 | ||
1741 | if (!conn) | |
1742 | return NULL; | |
1743 | ||
1744 | wpa_printf(MSG_DEBUG, "SSL: encrypt: %ld bytes", wpabuf_len(in_data)); | |
1745 | ||
1746 | wolfssl_reset_out_data(&conn->output); | |
1747 | ||
1748 | res = wolfSSL_write(conn->ssl, wpabuf_head(in_data), | |
1749 | wpabuf_len(in_data)); | |
1750 | if (res < 0) { | |
1751 | int err = wolfSSL_get_error(conn->ssl, res); | |
1752 | char msg[80]; | |
1753 | ||
1754 | wpa_printf(MSG_INFO, "Encryption failed - SSL_write: %s", | |
1755 | wolfSSL_ERR_error_string(err, msg)); | |
1756 | return NULL; | |
1757 | } | |
1758 | ||
1759 | return conn->output.out_data; | |
1760 | } | |
1761 | ||
1762 | ||
1763 | struct wpabuf * tls_connection_decrypt(void *tls_ctx, | |
1764 | struct tls_connection *conn, | |
1765 | const struct wpabuf *in_data) | |
1766 | { | |
1767 | int res; | |
1768 | struct wpabuf *buf; | |
1769 | ||
1770 | if (!conn) | |
1771 | return NULL; | |
1772 | ||
1773 | wpa_printf(MSG_DEBUG, "SSL: decrypt"); | |
1774 | ||
1775 | wolfssl_reset_in_data(&conn->input, in_data); | |
1776 | ||
1777 | /* Read decrypted data for further processing */ | |
1778 | /* | |
1779 | * Even though we try to disable TLS compression, it is possible that | |
1780 | * this cannot be done with all TLS libraries. Add extra buffer space | |
1781 | * to handle the possibility of the decrypted data being longer than | |
1782 | * input data. | |
1783 | */ | |
1784 | buf = wpabuf_alloc((wpabuf_len(in_data) + 500) * 3); | |
1785 | if (!buf) | |
1786 | return NULL; | |
1787 | res = wolfSSL_read(conn->ssl, wpabuf_mhead(buf), wpabuf_size(buf)); | |
1788 | if (res < 0) { | |
1789 | wpa_printf(MSG_INFO, "Decryption failed - SSL_read"); | |
1790 | wpabuf_free(buf); | |
1791 | return NULL; | |
1792 | } | |
1793 | wpabuf_put(buf, res); | |
1794 | ||
1795 | wpa_printf(MSG_DEBUG, "SSL: decrypt: %ld bytes", wpabuf_len(buf)); | |
1796 | ||
1797 | return buf; | |
1798 | } | |
1799 | ||
1800 | ||
1801 | int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn) | |
1802 | { | |
1803 | return conn ? wolfSSL_session_reused(conn->ssl) : 0; | |
1804 | } | |
1805 | ||
1806 | ||
1807 | int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, | |
1808 | u8 *ciphers) | |
1809 | { | |
1810 | char buf[128], *pos, *end; | |
1811 | u8 *c; | |
1812 | int ret; | |
1813 | ||
1814 | if (!conn || !conn->ssl || !ciphers) | |
1815 | return -1; | |
1816 | ||
1817 | buf[0] = '\0'; | |
1818 | pos = buf; | |
1819 | end = pos + sizeof(buf); | |
1820 | ||
1821 | c = ciphers; | |
1822 | while (*c != TLS_CIPHER_NONE) { | |
1823 | const char *suite; | |
1824 | ||
1825 | switch (*c) { | |
1826 | case TLS_CIPHER_RC4_SHA: | |
1827 | suite = "RC4-SHA"; | |
1828 | break; | |
1829 | case TLS_CIPHER_AES128_SHA: | |
1830 | suite = "AES128-SHA"; | |
1831 | break; | |
1832 | case TLS_CIPHER_RSA_DHE_AES128_SHA: | |
1833 | suite = "DHE-RSA-AES128-SHA"; | |
1834 | break; | |
1835 | case TLS_CIPHER_ANON_DH_AES128_SHA: | |
1836 | suite = "ADH-AES128-SHA"; | |
1837 | break; | |
1838 | case TLS_CIPHER_RSA_DHE_AES256_SHA: | |
1839 | suite = "DHE-RSA-AES256-SHA"; | |
1840 | break; | |
1841 | case TLS_CIPHER_AES256_SHA: | |
1842 | suite = "AES256-SHA"; | |
1843 | break; | |
1844 | default: | |
1845 | wpa_printf(MSG_DEBUG, | |
1846 | "TLS: Unsupported cipher selection: %d", *c); | |
1847 | return -1; | |
1848 | } | |
1849 | ret = os_snprintf(pos, end - pos, ":%s", suite); | |
1850 | if (os_snprintf_error(end - pos, ret)) | |
1851 | break; | |
1852 | pos += ret; | |
1853 | ||
1854 | c++; | |
1855 | } | |
1856 | ||
1857 | wpa_printf(MSG_DEBUG, "wolfSSL: cipher suites: %s", buf + 1); | |
1858 | ||
1859 | if (wolfSSL_set_cipher_list(conn->ssl, buf + 1) != 1) { | |
1860 | wpa_printf(MSG_DEBUG, "Cipher suite configuration failed"); | |
1861 | return -1; | |
1862 | } | |
1863 | ||
1864 | return 0; | |
1865 | } | |
1866 | ||
1867 | ||
1868 | int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, | |
1869 | char *buf, size_t buflen) | |
1870 | { | |
1871 | WOLFSSL_CIPHER *cipher; | |
1872 | const char *name; | |
1873 | ||
1874 | if (!conn || !conn->ssl) | |
1875 | return -1; | |
1876 | ||
1877 | cipher = wolfSSL_get_current_cipher(conn->ssl); | |
1878 | if (!cipher) | |
1879 | return -1; | |
1880 | ||
1881 | name = wolfSSL_CIPHER_get_name(cipher); | |
1882 | if (!name) | |
1883 | return -1; | |
1884 | ||
1885 | if (os_strcmp(name, "SSL_RSA_WITH_RC4_128_SHA") == 0) | |
1886 | os_strlcpy(buf, "RC4-SHA", buflen); | |
1887 | else if (os_strcmp(name, "TLS_RSA_WITH_AES_128_CBC_SHA") == 0) | |
1888 | os_strlcpy(buf, "AES128-SHA", buflen); | |
1889 | else if (os_strcmp(name, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA") == 0) | |
1890 | os_strlcpy(buf, "DHE-RSA-AES128-SHA", buflen); | |
1891 | else if (os_strcmp(name, "TLS_DH_anon_WITH_AES_128_CBC_SHA") == 0) | |
1892 | os_strlcpy(buf, "ADH-AES128-SHA", buflen); | |
1893 | else if (os_strcmp(name, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA") == 0) | |
1894 | os_strlcpy(buf, "DHE-RSA-AES256-SHA", buflen); | |
1895 | else if (os_strcmp(name, "TLS_RSA_WITH_AES_256_CBC_SHA") == 0) | |
1896 | os_strlcpy(buf, "AES256-SHA", buflen); | |
1897 | else | |
1898 | os_strlcpy(buf, name, buflen); | |
1899 | ||
1900 | return 0; | |
1901 | } | |
1902 | ||
1903 | ||
1904 | int tls_connection_enable_workaround(void *tls_ctx, | |
1905 | struct tls_connection *conn) | |
1906 | { | |
1907 | /* no empty fragments in wolfSSL for now */ | |
1908 | return 0; | |
1909 | } | |
1910 | ||
1911 | ||
1912 | int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn) | |
1913 | { | |
1914 | if (!conn) | |
1915 | return -1; | |
1916 | ||
1917 | return conn->failed; | |
1918 | } | |
1919 | ||
1920 | ||
1921 | int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn) | |
1922 | { | |
1923 | if (!conn) | |
1924 | return -1; | |
1925 | ||
1926 | /* TODO: this is not incremented anywhere */ | |
1927 | return conn->read_alerts; | |
1928 | } | |
1929 | ||
1930 | ||
1931 | int tls_connection_get_write_alerts(void *tls_ctx, | |
1932 | struct tls_connection *conn) | |
1933 | { | |
1934 | if (!conn) | |
1935 | return -1; | |
1936 | ||
1937 | /* TODO: this is not incremented anywhere */ | |
1938 | return conn->write_alerts; | |
1939 | } | |
1940 | ||
1941 | ||
1942 | ||
1943 | int tls_get_library_version(char *buf, size_t buf_len) | |
1944 | { | |
1945 | return os_snprintf(buf, buf_len, "wolfSSL build=%s run=%s", | |
1946 | WOLFSSL_VERSION, wolfSSL_lib_version()); | |
1947 | } | |
1948 | ||
1949 | int tls_get_version(void *ssl_ctx, struct tls_connection *conn, | |
1950 | char *buf, size_t buflen) | |
1951 | { | |
1952 | const char *name; | |
1953 | ||
1954 | if (!conn || !conn->ssl) | |
1955 | return -1; | |
1956 | ||
1957 | name = wolfSSL_get_version(conn->ssl); | |
1958 | if (!name) | |
1959 | return -1; | |
1960 | ||
1961 | os_strlcpy(buf, name, buflen); | |
1962 | return 0; | |
1963 | } | |
1964 | ||
1965 | ||
1966 | int tls_connection_get_random(void *ssl_ctx, struct tls_connection *conn, | |
1967 | struct tls_random *keys) | |
1968 | { | |
1969 | WOLFSSL *ssl; | |
1970 | ||
1971 | if (!conn || !keys) | |
1972 | return -1; | |
1973 | ssl = conn->ssl; | |
1974 | if (!ssl) | |
1975 | return -1; | |
1976 | ||
1977 | os_memset(keys, 0, sizeof(*keys)); | |
1978 | keys->client_random = conn->client_random; | |
1979 | keys->client_random_len = wolfSSL_get_client_random( | |
1980 | ssl, conn->client_random, sizeof(conn->client_random)); | |
1981 | keys->server_random = conn->server_random; | |
1982 | keys->server_random_len = wolfSSL_get_server_random( | |
1983 | ssl, conn->server_random, sizeof(conn->server_random)); | |
1984 | ||
1985 | return 0; | |
1986 | } | |
1987 | ||
1988 | ||
1989 | int tls_connection_export_key(void *tls_ctx, struct tls_connection *conn, | |
a916ff5c EO |
1990 | const char *label, const u8 *context, |
1991 | size_t context_len, u8 *out, size_t out_len) | |
fec03f98 | 1992 | { |
a916ff5c EO |
1993 | if (context) |
1994 | return -1; | |
fec03f98 SP |
1995 | if (!conn || wolfSSL_make_eap_keys(conn->ssl, out, out_len, label) != 0) |
1996 | return -1; | |
1997 | return 0; | |
1998 | } | |
1999 | ||
2000 | ||
ab35793e SP |
2001 | #define SEED_LEN (RAN_LEN + RAN_LEN) |
2002 | ||
fec03f98 SP |
2003 | int tls_connection_get_eap_fast_key(void *tls_ctx, struct tls_connection *conn, |
2004 | u8 *out, size_t out_len) | |
2005 | { | |
ab35793e SP |
2006 | byte seed[SEED_LEN]; |
2007 | int ret = -1; | |
2008 | WOLFSSL *ssl; | |
2009 | byte *tmp_out; | |
2010 | byte *_out; | |
2011 | int skip = 0; | |
2012 | byte *master_key; | |
2013 | unsigned int master_key_len; | |
2014 | byte *server_random; | |
2015 | unsigned int server_len; | |
2016 | byte *client_random; | |
2017 | unsigned int client_len; | |
fec03f98 SP |
2018 | |
2019 | if (!conn || !conn->ssl) | |
2020 | return -1; | |
ab35793e SP |
2021 | ssl = conn->ssl; |
2022 | ||
2023 | skip = 2 * (wolfSSL_GetKeySize(ssl) + wolfSSL_GetHmacSize(ssl) + | |
2024 | wolfSSL_GetIVSize(ssl)); | |
fec03f98 | 2025 | |
ab35793e SP |
2026 | tmp_out = os_malloc(skip + out_len); |
2027 | if (!tmp_out) | |
fec03f98 | 2028 | return -1; |
ab35793e SP |
2029 | _out = tmp_out; |
2030 | ||
2031 | wolfSSL_get_keys(ssl, &master_key, &master_key_len, &server_random, | |
2032 | &server_len, &client_random, &client_len); | |
2033 | os_memcpy(seed, server_random, RAN_LEN); | |
2034 | os_memcpy(seed + RAN_LEN, client_random, RAN_LEN); | |
2035 | ||
2036 | if (wolfSSL_GetVersion(ssl) == WOLFSSL_TLSV1_2) { | |
2037 | tls_prf_sha256(master_key, master_key_len, | |
2038 | "key expansion", seed, sizeof(seed), | |
2039 | _out, skip + out_len); | |
2040 | ret = 0; | |
2041 | } else { | |
2042 | ret = tls_prf_sha1_md5(master_key, master_key_len, | |
2043 | "key expansion", seed, sizeof(seed), | |
2044 | _out, skip + out_len); | |
2045 | } | |
2046 | ||
31bc66e4 | 2047 | forced_memzero(master_key, master_key_len); |
ab35793e SP |
2048 | if (ret == 0) |
2049 | os_memcpy(out, _out + skip, out_len); | |
2050 | bin_clear_free(tmp_out, skip + out_len); | |
2051 | ||
2052 | return ret; | |
fec03f98 SP |
2053 | } |
2054 | ||
2055 | ||
2056 | #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) | |
2057 | ||
2058 | int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn, | |
2059 | int ext_type, const u8 *data, | |
2060 | size_t data_len) | |
2061 | { | |
2062 | (void) ssl_ctx; | |
2063 | ||
2064 | if (!conn || !conn->ssl || ext_type != 35) | |
2065 | return -1; | |
2066 | ||
2067 | if (wolfSSL_set_SessionTicket(conn->ssl, data, | |
2068 | (unsigned int) data_len) != 1) | |
2069 | return -1; | |
2070 | ||
2071 | return 0; | |
2072 | } | |
2073 | ||
2074 | ||
2075 | static int tls_sess_sec_cb(WOLFSSL *s, void *secret, int *secret_len, void *arg) | |
2076 | { | |
2077 | struct tls_connection *conn = arg; | |
2078 | int ret; | |
2079 | unsigned char client_random[RAN_LEN]; | |
2080 | unsigned char server_random[RAN_LEN]; | |
2081 | word32 ticket_len = sizeof(conn->session_ticket); | |
2082 | ||
2083 | if (!conn || !conn->session_ticket_cb) | |
2084 | return 1; | |
2085 | ||
2086 | if (wolfSSL_get_client_random(s, client_random, | |
2087 | sizeof(client_random)) == 0 || | |
2088 | wolfSSL_get_server_random(s, server_random, | |
2089 | sizeof(server_random)) == 0 || | |
847665eb SP |
2090 | wolfSSL_get_SessionTicket(s, conn->session_ticket, |
2091 | &ticket_len) != 1) | |
fec03f98 SP |
2092 | return 1; |
2093 | ||
2094 | if (ticket_len == 0) | |
2095 | return 0; | |
2096 | ||
2097 | ret = conn->session_ticket_cb(conn->session_ticket_cb_ctx, | |
847665eb | 2098 | conn->session_ticket, ticket_len, |
fec03f98 SP |
2099 | client_random, server_random, secret); |
2100 | if (ret <= 0) | |
2101 | return 1; | |
2102 | ||
2103 | *secret_len = SECRET_LEN; | |
2104 | return 0; | |
2105 | } | |
2106 | ||
2107 | #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ | |
2108 | ||
2109 | ||
2110 | int tls_connection_set_session_ticket_cb(void *tls_ctx, | |
2111 | struct tls_connection *conn, | |
2112 | tls_session_ticket_cb cb, | |
2113 | void *ctx) | |
2114 | { | |
2115 | #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST) | |
2116 | conn->session_ticket_cb = cb; | |
2117 | conn->session_ticket_cb_ctx = ctx; | |
2118 | ||
2119 | if (cb) { | |
2120 | if (wolfSSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb, | |
2121 | conn) != 1) | |
2122 | return -1; | |
2123 | } else { | |
2124 | if (wolfSSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1) | |
2125 | return -1; | |
2126 | } | |
2127 | ||
2128 | return 0; | |
2129 | #else /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ | |
2130 | return -1; | |
2131 | #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */ | |
2132 | } | |
2133 | ||
2134 | ||
2135 | void tls_connection_set_success_data_resumed(struct tls_connection *conn) | |
2136 | { | |
2137 | wpa_printf(MSG_DEBUG, | |
2138 | "wolfSSL: Success data accepted for resumed session"); | |
2139 | } | |
2140 | ||
2141 | ||
2142 | void tls_connection_remove_session(struct tls_connection *conn) | |
2143 | { | |
2144 | WOLFSSL_SESSION *sess; | |
2145 | ||
2146 | sess = wolfSSL_get_session(conn->ssl); | |
2147 | if (!sess) | |
2148 | return; | |
2149 | ||
2150 | wolfSSL_SSL_SESSION_set_timeout(sess, 0); | |
2151 | wpa_printf(MSG_DEBUG, | |
2152 | "wolfSSL: Removed cached session to disable session resumption"); | |
2153 | } | |
2154 | ||
2155 | ||
2156 | void tls_connection_set_success_data(struct tls_connection *conn, | |
2157 | struct wpabuf *data) | |
2158 | { | |
2159 | WOLFSSL_SESSION *sess; | |
2160 | struct wpabuf *old; | |
2161 | ||
2162 | wpa_printf(MSG_DEBUG, "wolfSSL: Set success data"); | |
2163 | ||
2164 | sess = wolfSSL_get_session(conn->ssl); | |
2165 | if (!sess) { | |
2166 | wpa_printf(MSG_DEBUG, | |
2167 | "wolfSSL: No session found for success data"); | |
2168 | goto fail; | |
2169 | } | |
2170 | ||
2171 | old = wolfSSL_SESSION_get_ex_data(sess, tls_ex_idx_session); | |
2172 | if (old) { | |
2173 | wpa_printf(MSG_DEBUG, "wolfSSL: Replacing old success data %p", | |
2174 | old); | |
2175 | wpabuf_free(old); | |
2176 | } | |
2177 | if (wolfSSL_SESSION_set_ex_data(sess, tls_ex_idx_session, data) != 1) | |
2178 | goto fail; | |
2179 | ||
2180 | wpa_printf(MSG_DEBUG, "wolfSSL: Stored success data %p", data); | |
2181 | conn->success_data = 1; | |
2182 | return; | |
2183 | ||
2184 | fail: | |
2185 | wpa_printf(MSG_INFO, "wolfSSL: Failed to store success data"); | |
2186 | wpabuf_free(data); | |
2187 | } | |
2188 | ||
2189 | ||
2190 | const struct wpabuf * | |
2191 | tls_connection_get_success_data(struct tls_connection *conn) | |
2192 | { | |
2193 | WOLFSSL_SESSION *sess; | |
2194 | ||
2195 | wpa_printf(MSG_DEBUG, "wolfSSL: Get success data"); | |
2196 | ||
2197 | sess = wolfSSL_get_session(conn->ssl); | |
2198 | if (!sess) | |
2199 | return NULL; | |
2200 | return wolfSSL_SESSION_get_ex_data(sess, tls_ex_idx_session); | |
2201 | } |