/
gnutls.c
3585 lines (3118 loc) · 96.4 KB
1
2
3
/*
* OpenConnect (SSL + DTLS) VPN client
*
4
* Copyright © 2008-2015 Intel Corporation.
5
6
7
8
9
10
11
12
13
14
15
16
17
*
* Author: David Woodhouse <dwmw2@infradead.org>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* version 2.1, as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*/
18
19
#include <config.h>
20
21
22
#include "openconnect-internal.h"
#include "gnutls.h"
23
24
25
26
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <gnutls/crypto.h>
27
#include <gnutls/pkcs12.h>
28
#include <gnutls/abstract.h>
29
30
31
#ifdef HAVE_P11KIT
#include <p11-kit/p11-kit.h>
32
#include <p11-kit/pkcs11.h>
33
#include <p11-kit/pin.h>
34
#endif
35
36
37
38
39
40
41
42
43
44
45
46
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string.h>
#include <ctype.h>
#include <stdio.h>
#include <errno.h>
#include <stdarg.h>
#include <stdlib.h>
47
#if defined(HAVE_P11KIT) || defined(HAVE_GNUTLS_SYSTEM_KEYS)
48
49
50
static int gnutls_pin_callback(void *priv, int attempt, const char *uri,
const char *token_label, unsigned int flags,
char *pin, size_t pin_max);
51
#endif /* HAVE_P11KIT || HAVE_GNUTLS_SYSTEM_KEYS */
52
53
54
/* GnuTLS 2.x lacked this. But GNUTLS_E_UNEXPECTED_PACKET_LENGTH basically
* does the same thing.
55
* https://lists.infradead.org/pipermail/openconnect-devel/2014-March/001726.html
56
57
58
59
60
*/
#ifndef GNUTLS_E_PREMATURE_TERMINATION
#define GNUTLS_E_PREMATURE_TERMINATION GNUTLS_E_UNEXPECTED_PACKET_LENGTH
#endif
61
62
63
64
65
66
67
68
/* GnuTLS 3.5.0 added this flag to send a client cert, even if its issuer is
* mismatched to the list of issuers requested by the server. OpenSSL does
* this by default.
* https://github.com/curl/curl/issues/1411
*/
#ifndef GNUTLS_FORCE_CLIENT_CERT
#define GNUTLS_FORCE_CLIENT_CERT 0
#endif
69
70
71
static char tls_library_version[32] = "";
72
const char *openconnect_get_tls_library_version(void)
73
74
{
if (!*tls_library_version) {
75
76
snprintf(tls_library_version, sizeof(tls_library_version), "GnuTLS %s",
gnutls_check_version(NULL));
77
78
79
80
}
return tls_library_version;
}
81
int can_enable_insecure_crypto(void)
82
83
84
85
86
{
/* XX: As of GnuTLS 3.6.13, no released version has (yet) removed 3DES/RC4 from default builds,
* but like OpenSSL (removed in 1.1.0) it may happen. */
if (gnutls_cipher_get_id("3DES-CBC") == GNUTLS_CIPHER_UNKNOWN ||
gnutls_cipher_get_id("ARCFOUR-128") == GNUTLS_CIPHER_UNKNOWN)
87
88
return -ENOENT;
return 0;
89
90
}
91
/* Helper functions for reading/writing lines over TLS/DTLS. */
92
static int _openconnect_gnutls_write(gnutls_session_t ses, int fd, struct openconnect_info *vpninfo, char *buf, size_t len)
93
94
95
96
{
size_t orig_len = len;
while (len) {
97
int done = gnutls_record_send(ses, buf, len);
98
99
if (done > 0)
len -= done;
100
else if (done == GNUTLS_E_AGAIN || done == GNUTLS_E_INTERRUPTED) {
101
/* Wait for something to happen on the socket, or on cmd_fd */
102
fd_set wr_set, rd_set;
103
int maxfd = fd;
104
105
106
FD_ZERO(&wr_set);
FD_ZERO(&rd_set);
107
108
109
if (gnutls_record_get_direction(ses))
FD_SET(fd, &wr_set);
110
else
111
FD_SET(fd, &rd_set);
112
113
cmd_fd_set(vpninfo, &rd_set, &maxfd);
114
115
116
117
118
while (select(maxfd + 1, &rd_set, &wr_set, NULL, NULL) < 0) {
if (errno != EINTR) {
vpn_perror(vpninfo, _("Failed select() for TLS"));
return -EIO;
}
119
}
120
if (is_cancel_pending(vpninfo, &rd_set)) {
121
vpn_progress(vpninfo, PRG_ERR, _("TLS/DTLS write cancelled\n"));
122
123
return -EINTR;
}
124
} else {
125
vpn_progress(vpninfo, PRG_ERR, _("Failed to write to TLS/DTLS socket: %s\n"),
126
127
gnutls_strerror(done));
return -EIO;
128
129
130
131
132
}
}
return orig_len;
}
133
134
135
136
137
138
139
140
141
142
143
static int openconnect_gnutls_write(struct openconnect_info *vpninfo, char *buf, size_t len)
{
return _openconnect_gnutls_write(vpninfo->https_sess, vpninfo->ssl_fd, vpninfo, buf, len);
}
int openconnect_dtls_write(struct openconnect_info *vpninfo, void *buf, size_t len)
{
return _openconnect_gnutls_write(vpninfo->dtls_ssl, vpninfo->dtls_fd, vpninfo, buf, len);
}
static int _openconnect_gnutls_read(gnutls_session_t ses, int fd, struct openconnect_info *vpninfo, char *buf, size_t len, unsigned ms)
144
{
145
146
147
148
149
150
151
152
int done, ret;
struct timeval timeout, *tv = NULL;
if (ms) {
timeout.tv_sec = ms/1000;
timeout.tv_usec = (ms%1000)*1000;
tv = &timeout;
}
153
154
while ((done = gnutls_record_recv(ses, buf, len)) < 0) {
155
if (done == GNUTLS_E_AGAIN || done == GNUTLS_E_INTERRUPTED) {
156
157
/* Wait for something to happen on the socket, or on cmd_fd */
fd_set wr_set, rd_set;
158
int maxfd = fd;
159
160
161
FD_ZERO(&wr_set);
FD_ZERO(&rd_set);
162
163
164
if (gnutls_record_get_direction(ses))
FD_SET(fd, &wr_set);
165
else
166
FD_SET(fd, &rd_set);
167
168
cmd_fd_set(vpninfo, &rd_set, &maxfd);
169
170
171
172
173
while ((ret = select(maxfd + 1, &rd_set, &wr_set, NULL, tv)) < 0) {
if (errno != EINTR) {
vpn_perror(vpninfo, _("Failed select() for TLS/DTLS"));
return -EIO;
}
174
175
}
176
if (is_cancel_pending(vpninfo, &rd_set)) {
177
vpn_progress(vpninfo, PRG_ERR, _("TLS/DTLS read cancelled\n"));
178
179
180
181
182
183
184
done = -EINTR;
goto cleanup;
}
if (ret == 0) {
done = -ETIMEDOUT;
goto cleanup;
185
}
186
187
188
189
} else if (done == GNUTLS_E_PREMATURE_TERMINATION) {
/* We've seen this with HTTP 1.0 responses followed by abrupt
socket closure and no clean SSL shutdown.
https://bugs.launchpad.net/bugs/1225276 */
190
vpn_progress(vpninfo, PRG_DEBUG, _("TLS/DTLS socket closed uncleanly\n"));
191
192
done = 0;
goto cleanup;
193
194
} else if (done == GNUTLS_E_REHANDSHAKE) {
int ret = cstp_handshake(vpninfo, 0);
195
196
197
198
if (ret) {
done = ret;
goto cleanup;
}
199
} else {
200
vpn_progress(vpninfo, PRG_ERR, _("Failed to read from TLS/DTLS socket: %s\n"),
201
gnutls_strerror(done));
202
203
204
205
206
207
208
if (done == GNUTLS_E_TIMEDOUT) {
done = -ETIMEDOUT;
goto cleanup;
} else {
done = -EIO;
goto cleanup;
}
209
}
210
211
}
212
213
cleanup:
214
return done;
215
216
217
218
219
220
221
222
223
224
225
}
static int openconnect_gnutls_read(struct openconnect_info *vpninfo, char *buf, size_t len)
{
return _openconnect_gnutls_read(vpninfo->https_sess, vpninfo->ssl_fd, vpninfo, buf, len, 0);
}
int openconnect_dtls_read(struct openconnect_info *vpninfo, void *buf, size_t len, unsigned ms)
{
return _openconnect_gnutls_read(vpninfo->dtls_ssl, vpninfo->dtls_fd, vpninfo, buf, len, ms);
226
227
}
228
static int openconnect_gnutls_gets(struct openconnect_info *vpninfo, char *buf, size_t len)
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
{
int i = 0;
int ret;
if (len < 2)
return -EINVAL;
while (1) {
ret = gnutls_record_recv(vpninfo->https_sess, buf + i, 1);
if (ret == 1) {
if (buf[i] == '\n') {
buf[i] = 0;
if (i && buf[i-1] == '\r') {
buf[i-1] = 0;
i--;
}
return i;
}
i++;
if (i >= len - 1) {
buf[i] = 0;
return i;
}
253
} else if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) {
254
/* Wait for something to happen on the socket, or on cmd_fd */
255
256
fd_set rd_set, wr_set;
int maxfd = vpninfo->ssl_fd;
257
258
259
FD_ZERO(&rd_set);
FD_ZERO(&wr_set);
260
261
262
263
264
265
if (gnutls_record_get_direction(vpninfo->https_sess))
FD_SET(vpninfo->ssl_fd, &wr_set);
else
FD_SET(vpninfo->ssl_fd, &rd_set);
266
cmd_fd_set(vpninfo, &rd_set, &maxfd);
267
268
269
270
271
while (select(maxfd + 1, &rd_set, &wr_set, NULL, NULL) < 0) {
if (errno != EINTR) {
vpn_perror(vpninfo, _("Failed select() for TLS"));
return -EIO;
}
272
}
273
if (is_cancel_pending(vpninfo, &rd_set)) {
274
vpn_progress(vpninfo, PRG_ERR, _("TLS/DTLS read cancelled\n"));
275
276
277
ret = -EINTR;
break;
}
278
279
280
281
} else if (ret == GNUTLS_E_REHANDSHAKE) {
ret = cstp_handshake(vpninfo, 0);
if (ret)
return ret;
282
} else {
283
vpn_progress(vpninfo, PRG_ERR, _("Failed to read from TLS/DTLS socket: %s\n"),
284
285
286
gnutls_strerror(ret));
ret = -EIO;
break;
287
288
289
290
291
292
}
}
buf[i] = 0;
return i ?: ret;
}
293
int ssl_nonblock_read(struct openconnect_info *vpninfo, int dtls, void *buf, int maxlen)
294
{
295
gnutls_session_t sess = dtls ? vpninfo->dtls_ssl : vpninfo->https_sess;
296
297
int ret;
298
299
if (!sess) {
vpn_progress(vpninfo, PRG_ERR,
300
_("Attempted to read from non-existent %s session\n"),
301
302
303
304
305
dtls ? "DTLS" : "TLS");
return -1;
}
ret = gnutls_record_recv(sess, buf, maxlen);
306
307
308
if (ret > 0)
return ret;
309
310
311
312
313
314
if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED)
return 0;
vpn_progress(vpninfo, PRG_ERR, _("Read error on %s session: %s\n"),
dtls ? "DTLS" : "SSL", gnutls_strerror(ret));
return -1;
315
316
}
317
int ssl_nonblock_write(struct openconnect_info *vpninfo, int dtls, void *buf, int buflen)
318
{
319
gnutls_session_t sess = dtls ? vpninfo->dtls_ssl : vpninfo->https_sess;
320
321
int ret;
322
323
if (!sess) {
vpn_progress(vpninfo, PRG_ERR,
324
_("Attempted to write to non-existent %s session\n"),
325
326
327
328
329
dtls ? "DTLS" : "TLS");
return -1;
}
ret = gnutls_record_send(sess, buf, buflen);
330
331
332
if (ret > 0)
return ret;
333
if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) {
334
335
336
337
338
339
340
341
342
343
344
345
346
/*
* Before 3.3.13, GnuTLS could return zero instead of one,
* indicating that it was waiting for a read when in fact
* it was waiting for a write. That caused us to block for
* ever, waiting for the read that it said it wanted.
*
* So instead, just *assume* it actually wants a write.
* Which is true most of the time, and on the rare occasion
* that it *isn't* true, the failure mode will just be that
* we keep waking up and calling GnuTLS again until the read
* that it's waiting for does arrive.
*/
if (GNUTLS_VERSION_NUMBER < 0x03030d ||
347
gnutls_record_get_direction(sess)) {
348
/* Waiting for the socket to become writable — it's
349
probably stalled, and/or the buffers are full */
350
351
352
353
if (dtls)
monitor_write_fd(vpninfo, dtls);
else
monitor_write_fd(vpninfo, ssl);
354
355
356
}
return 0;
}
357
358
359
vpn_progress(vpninfo, PRG_ERR, _("Write error on %s session: %s\n"),
dtls ? "DTLS" : "SSL", gnutls_strerror(ret));
360
361
362
return -1;
}
363
364
static int check_certificate_expiry(struct openconnect_info *vpninfo, struct cert_info *certinfo,
gnutls_x509_crt_t cert)
365
366
367
368
369
370
371
372
373
374
375
376
{
const char *reason = NULL;
time_t expires = gnutls_x509_crt_get_expiration_time(cert);
time_t now = time(NULL);
if (expires == -1) {
vpn_progress(vpninfo, PRG_ERR,
_("Could not extract expiration time of certificate\n"));
return -EINVAL;
}
if (expires < now)
377
378
reason = certinfo_string(certinfo, _("Client certificate has expired at"),
_("Secondary client certificate has expired at"));
379
else if (expires < now + vpninfo->cert_expire_warning)
380
381
reason = certinfo_string(certinfo, _("Client certificate expires soon at"),
_("Secondary client certificate expires soon at"));
382
383
384
if (reason) {
char buf[80];
385
386
387
388
#ifdef _WIN32
/*
* Windows doesn't have gmtime_r but apparently its gmtime()
* *is* thread-safe because it uses a per-thread static buffer.
389
* cf. https://sourceforge.net/p/mingw/bugs/1625/
390
391
392
393
394
395
396
397
398
399
400
*
* We also explicitly say 'GMT' because %Z would give us the
* Microsoft stupidity "GMT Standard Time". Which is not only
* silly, but also ambiguous because Windows actually says that
* even when it means British Summer Time (GMT+1). And having
* used gmtime() we really *are* giving the time in GMT.
*/
struct tm *tm = gmtime(&expires);
strftime(buf, 80, "%a, %d %b %Y %H:%M:%S GMT", tm);
#else
struct tm tm;
401
402
403
gmtime_r(&expires, &tm);
strftime(buf, 80, "%a, %d %b %Y %T %Z", &tm);
404
#endif
405
406
407
408
409
vpn_progress(vpninfo, PRG_ERR, "%s: %s\n", reason, buf);
}
return 0;
}
410
411
412
413
static int load_datum(struct openconnect_info *vpninfo,
gnutls_datum_t *datum, const char *fname)
{
struct stat st;
414
int fd;
415
416
417
418
419
420
421
422
423
424
425
426
#ifdef ANDROID_KEYSTORE
if (!strncmp(fname, "keystore:", 9)) {
int len;
const char *p = fname + 9;
/* Skip first two slashes if the user has given it as
keystore://foo ... */
if (*p == '/')
p++;
if (*p == '/')
p++;
427
428
len = keystore_fetch(p, &datum->data);
if (len <= 0) {
429
vpn_progress(vpninfo, PRG_ERR,
430
431
_("Failed to load item '%s' from keystore: %s\n"),
p, keystore_strerror(len));
432
433
434
435
436
return -EINVAL;
}
datum->size = len;
return 0;
}
437
#endif /* ANDROID_KEYSTORE */
438
439
fd = openconnect_open_utf8(vpninfo, fname, O_RDONLY|O_CLOEXEC|O_BINARY);
440
441
if (fd == -1) {
vpn_progress(vpninfo, PRG_ERR,
442
_("Failed to open key/certificate file %s: %s\n"),
443
fname, strerror(errno));
444
445
446
447
return -ENOENT;
}
if (fstat(fd, &st)) {
vpn_progress(vpninfo, PRG_ERR,
448
_("Failed to stat key/certificate file %s: %s\n"),
449
fname, strerror(errno));
450
451
close(fd);
return -EIO;
452
}
453
datum->size = st.st_size;
454
datum->data = gnutls_malloc(st.st_size + 1);
455
456
457
458
459
460
461
462
463
464
if (!datum->data) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to allocate certificate buffer\n"));
close(fd);
return -ENOMEM;
}
errno = EAGAIN;
if (read(fd, datum->data, datum->size) != datum->size) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to read certificate into memory: %s\n"),
465
strerror(errno));
466
467
468
469
close(fd);
gnutls_free(datum->data);
return -EIO;
}
470
datum->data[st.st_size] = 0;
471
472
473
474
close(fd);
return 0;
}
475
476
477
478
/* A non-zero, non-error return to make load_certificate() continue and
interpreting the file as other types */
#define NOT_PKCS12 1
479
static int load_pkcs12_certificate(struct openconnect_info *vpninfo,
480
struct cert_info *certinfo,
481
482
gnutls_datum_t *datum,
gnutls_x509_privkey_t *key,
483
484
gnutls_x509_crt_t **chain,
unsigned int *chain_len,
485
gnutls_x509_crt_t **extra_certs,
486
unsigned int *extra_certs_len,
487
gnutls_x509_crl_t *crl)
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
{
gnutls_pkcs12_t p12;
char *pass;
int err;
err = gnutls_pkcs12_init(&p12);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to setup PKCS#12 data structure: %s\n"),
gnutls_strerror(err));
return -EIO;
}
err = gnutls_pkcs12_import(p12, datum, GNUTLS_X509_FMT_DER, 0);
if (err) {
gnutls_pkcs12_deinit(p12);
504
return NOT_PKCS12;
505
506
}
507
pass = certinfo->password;
508
while ((err = gnutls_pkcs12_verify_mac(p12, pass)) == GNUTLS_E_MAC_VERIFY_FAILED) {
509
510
511
512
if (!pass) {
/* OpenSSL's PKCS12_parse() code will try both NULL and "" automatically,
* but GnuTLS requires two separate attempts. */
err = gnutls_pkcs12_verify_mac(p12, "");
513
if (!err) {
514
515
516
517
pass = strdup("");
break;
}
} else
518
519
vpn_progress(vpninfo, PRG_ERR,
_("Failed to decrypt PKCS#12 certificate file\n"));
520
free_pass(&pass);
521
certinfo->password = NULL;
522
523
524
525
526
527
err = request_passphrase(vpninfo,
certinfo_string(certinfo, "openconnect_pkcs12",
"openconnect_secondary_pkcs12"),
&pass,
certinfo_string(certinfo, _("Enter PKCS#12 pass phrase:"),
_("Enter secondary PKCS#12 pass phrase:")));
528
529
530
531
532
if (err) {
gnutls_pkcs12_deinit(p12);
return -EINVAL;
}
}
533
534
535
536
537
538
539
540
541
542
/* If it wasn't GNUTLS_E_MAC_VERIFY_FAILED, then the problem wasn't just a
bad password. Give up. */
if (err) {
int level = PRG_ERR;
int ret = -EINVAL;
gnutls_pkcs12_deinit(p12);
/* If the first attempt, and we didn't know for sure it was PKCS#12
anyway, bail out and try loading it as something different. */
543
if (pass == certinfo->password) {
544
/* Make it non-fatal... */
545
level = PRG_DEBUG;
546
547
548
549
550
551
552
553
ret = NOT_PKCS12;
}
vpn_progress(vpninfo, level,
_("Failed to process PKCS#12 file: %s\n"),
gnutls_strerror(err));
return ret;
}
554
555
err = gnutls_pkcs12_simple_parse(p12, pass, key, chain, chain_len,
extra_certs, extra_certs_len, crl, 0);
556
free_pass(&pass);
557
certinfo->password = NULL;
558
559
560
561
gnutls_pkcs12_deinit(p12);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
562
563
certinfo_string(certinfo, _("Failed to load PKCS#12 certificate: %s\n"),
_("Failed to load secondary PKCS#12 certificate: %s\n")),
564
565
566
567
568
569
gnutls_strerror(err));
return -EINVAL;
}
return 0;
}
570
571
572
573
574
575
576
577
578
579
580
581
static int count_x509_certificates(gnutls_datum_t *datum)
{
int count = 0;
char *p = (char *)datum->data;
while (p) {
p = strstr(p, "-----BEGIN ");
if (!p)
break;
p += 11;
if (!strncmp(p, "CERTIFICATE", 11) ||
!strncmp(p, "X509 CERTIFICATE", 16))
582
count++;
583
584
585
586
}
return count;
}
587
588
static int get_cert_name(gnutls_x509_crt_t cert, char *name, size_t namelen)
{
589
590
591
592
593
/* When the name buffer is not big enough, gnutls_x509_crt_get_dn*() will
* update the length argument to the required size, and return
* GNUTLS_E_SHORT_MEMORY_BUFFER. We need to avoid clobbering the original
* length variable. */
size_t nl = namelen;
594
if (gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME,
595
596
597
598
599
600
601
0, 0, name, &nl)) {
nl = namelen;
if (gnutls_x509_crt_get_dn(cert, name, &nl)) {
name[namelen-1] = 0;
snprintf(name, namelen-1, "<unknown>");
return -EINVAL;
}
602
603
604
605
}
return 0;
}
606
#if defined(HAVE_P11KIT) || defined(HAVE_TROUSERS) || defined(HAVE_TSS2) || defined (HAVE_GNUTLS_SYSTEM_KEYS)
607
static int verify_signed_data(gnutls_pubkey_t pubkey, gnutls_privkey_t privkey,
608
gnutls_digest_algorithm_t dig,
609
610
const gnutls_datum_t *data, const gnutls_datum_t *sig)
{
611
gnutls_sign_algorithm_t algo;
612
613
614
615
unsigned flags = 0;
#ifdef GNUTLS_VERIFY_ALLOW_BROKEN
flags |= GNUTLS_VERIFY_ALLOW_BROKEN;
#endif
616
617
algo = gnutls_pk_to_sign(gnutls_privkey_get_pk_algorithm(privkey, NULL),
618
dig);
619
620
return gnutls_pubkey_verify_data2(pubkey, algo, flags, data, sig);
621
}
622
#endif /* (P11KIT || TROUSERS || TSS2 || SYSTEM_KEYS) */
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
static int openssl_hash_password(struct openconnect_info *vpninfo, char *pass,
gnutls_datum_t *key, gnutls_datum_t *salt)
{
unsigned char md5[16];
gnutls_hash_hd_t hash;
int count = 0;
int err;
while (count < key->size) {
err = gnutls_hash_init(&hash, GNUTLS_DIG_MD5);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Could not initialise MD5 hash: %s\n"),
gnutls_strerror(err));
return -EIO;
}
if (count) {
err = gnutls_hash(hash, md5, sizeof(md5));
if (err) {
hash_err:
gnutls_hash_deinit(hash, NULL);
vpn_progress(vpninfo, PRG_ERR,
_("MD5 hash error: %s\n"),
gnutls_strerror(err));
return -EIO;
}
}
if (pass) {
err = gnutls_hash(hash, pass, strlen(pass));
if (err)
goto hash_err;
}
656
657
/* We only use the first 8 bytes of the salt for this */
err = gnutls_hash(hash, salt->data, 8);
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
if (err)
goto hash_err;
gnutls_hash_deinit(hash, md5);
if (key->size - count <= sizeof(md5)) {
memcpy(&key->data[count], md5, key->size - count);
break;
}
memcpy(&key->data[count], md5, sizeof(md5));
count += sizeof(md5);
}
return 0;
}
675
static int import_openssl_pem(struct openconnect_info *vpninfo, struct cert_info *certinfo,
676
677
678
679
680
681
682
683
684
685
gnutls_x509_privkey_t key,
char type, char *pem_header, size_t pem_size)
{
gnutls_cipher_hd_t handle;
gnutls_cipher_algorithm_t cipher;
gnutls_datum_t constructed_pem;
gnutls_datum_t b64_data;
gnutls_datum_t salt, enc_key;
unsigned char *key_data;
const char *begin;
686
char *pass, *p;
687
char *pem_start = pem_header;
688
int ret, err, i;
689
690
691
692
693
694
if (type == 'E')
begin = "EC PRIVATE KEY";
else if (type == 'R')
begin = "RSA PRIVATE KEY";
else if (type == 'D')
695
begin = "DSA PRIVATE KEY";
696
697
698
699
700
701
702
703
704
705
706
707
else
return -EINVAL;
while (*pem_header == '\r' || *pem_header == '\n')
pem_header++;
if (strncmp(pem_header, "DEK-Info: ", 10)) {
vpn_progress(vpninfo, PRG_ERR,
_("Missing DEK-Info: header from OpenSSL encrypted key\n"));
return -EIO;
}
pem_header += 10;
708
709
710
711
712
p = strchr(pem_header, ',');
if (!p) {
vpn_progress(vpninfo, PRG_ERR,
_("Cannot determine PEM encryption type\n"));
return -EINVAL;
713
}
714
715
716
717
718
719
720
721
722
*p = 0;
cipher = gnutls_cipher_get_id(pem_header);
/* GnuTLS calls this '3DES-CBC' but all other names match */
if (cipher == GNUTLS_CIPHER_UNKNOWN &&
!strcmp(pem_header, "DES-EDE3-CBC"))
cipher = GNUTLS_CIPHER_3DES_CBC;
if (cipher == GNUTLS_CIPHER_UNKNOWN) {
723
724
725
726
727
vpn_progress(vpninfo, PRG_ERR,
_("Unsupported PEM encryption type: %s\n"),
pem_header);
return -EINVAL;
}
728
729
730
731
732
pem_header = p + 1;
/* No supported algorithms have an IV larger than this, and dynamically
allocating it would be painful. */
salt.size = 64;
733
734
735
736
737
738
739
740
741
742
743
salt.data = malloc(salt.size);
if (!salt.data)
return -ENOMEM;
for (i = 0; i < salt.size * 2; i++) {
unsigned char x;
char *c = &pem_header[i];
if (*c >= '0' && *c <= '9')
x = (*c) - '0';
else if (*c >= 'A' && *c <= 'F')
x = (*c) - 'A' + 10;
744
745
746
747
else if ((*c == '\r' || *c == '\n') && i >= 16 && !(i % 16)) {
salt.size = i / 2;
break;
} else {
748
749
750
751
752
753
754
755
756
757
758
759
760
761
vpn_progress(vpninfo, PRG_ERR,
_("Invalid salt in encrypted PEM file\n"));
ret = -EINVAL;
goto out_salt;
}
if (i & 1)
salt.data[i/2] |= x;
else
salt.data[i/2] = x << 4;
}
pem_header += salt.size * 2;
if (*pem_header != '\r' && *pem_header != '\n') {
vpn_progress(vpninfo, PRG_ERR,
762
_("Invalid salt in encrypted PEM file\n"));
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
ret = -EINVAL;
goto out_salt;
}
while (*pem_header == '\n' || *pem_header == '\r')
pem_header++;
/* pem_header should now point to the start of the base64 content.
Put a -----BEGIN banner in place before it, so that we can use
gnutls_pem_base64_decode_alloc(). The banner has to match the
-----END banner, so make sure we get it right... */
pem_header -= 6;
memcpy(pem_header, "-----\n", 6);
pem_header -= strlen(begin);
memcpy(pem_header, begin, strlen(begin));
pem_header -= 11;
memcpy(pem_header, "-----BEGIN ", 11);
constructed_pem.data = (void *)pem_header;
constructed_pem.size = pem_size - (pem_header - pem_start);
err = gnutls_pem_base64_decode_alloc(begin, &constructed_pem, &b64_data);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Error base64-decoding encrypted PEM file: %s\n"),
gnutls_strerror(err));
ret = -EINVAL;
goto out_salt;
}
if (b64_data.size < 16) {
/* Just to be sure our parsing is OK */
vpn_progress(vpninfo, PRG_ERR,
_("Encrypted PEM file too short\n"));
ret = -EINVAL;
goto out_b64;
}
ret = -ENOMEM;
enc_key.size = gnutls_cipher_get_key_size(cipher);
enc_key.data = malloc(enc_key.size);
if (!enc_key.data)
goto out_b64;
key_data = malloc(b64_data.size);
if (!key_data)
goto out_enc_key;
809
810
pass = certinfo->password;
certinfo->password = NULL;
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
while (1) {
memcpy(key_data, b64_data.data, b64_data.size);
ret = openssl_hash_password(vpninfo, pass, &enc_key, &salt);
if (ret)
goto out;
err = gnutls_cipher_init(&handle, cipher, &enc_key, &salt);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to initialise cipher for decrypting PEM file: %s\n"),
gnutls_strerror(err));
gnutls_cipher_deinit(handle);
ret = -EIO;
goto out;
}
err = gnutls_cipher_decrypt(handle, key_data, b64_data.size);
gnutls_cipher_deinit(handle);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to decrypt PEM key: %s\n"),
gnutls_strerror(err));
ret = -EIO;
goto out;
}
/* We have to strip any padding for GnuTLS to accept it.
So a bit more ASN.1 parsing for us.
FIXME: Consolidate with similar code in gnutls_tpm.c */
if (key_data[0] == 0x30) {
gnutls_datum_t key_datum;
int blocksize = gnutls_cipher_get_block_size(cipher);
int keylen = key_data[1];
int ofs = 2;
if (keylen & 0x80) {
int lenlen = keylen & 0x7f;
keylen = 0;
if (lenlen > 3)
goto fail;
while (lenlen) {
keylen <<= 8;
keylen |= key_data[ofs++];
lenlen--;
}
}
keylen += ofs;
863
864
/* If there appears to be more or less padding than required, fail */
if (b64_data.size - keylen > blocksize || b64_data.size < keylen + 1)
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
goto fail;
/* If the padding bytes aren't all equal to the amount of padding, fail */
ofs = keylen;
while (ofs < b64_data.size) {
if (key_data[ofs] != b64_data.size - keylen)
goto fail;
ofs++;
}
key_datum.data = key_data;
key_datum.size = keylen;
err = gnutls_x509_privkey_import(key, &key_datum, GNUTLS_X509_FMT_DER);
if (!err) {
ret = 0;
goto out;
}
}
fail:
if (pass) {
vpn_progress(vpninfo, PRG_ERR, _("Decrypting PEM key failed\n"));
886
free_pass(&pass);
887
}
888
889
890
891
892
893
err = request_passphrase(vpninfo,
certinfo_string(certinfo, "openconnect_pem",
"openconnect_secondary_pem"),
&pass,
certinfo_string(certinfo, _("Enter PEM pass phrase:"),
_("Enter secondary PEM pass phrase:")));
894
895
896
897
898
899
900
if (err) {
ret = -EINVAL;
goto out;
}
}
out:
free(key_data);
901
free_pass(&pass);
902
903
904
905
906
907
908
909
910
out_enc_key:
free(enc_key.data);
out_b64:
free(b64_data.data);
out_salt:
free(salt.data);
return ret;
}
911
912
913
914
915
916
917
918
919
920
921
static void fill_token_info(char *buf, size_t s, unsigned char *dst, size_t dstlen)
{
if (s && !gtls_ver(3,6,0))
s--;
if (s > dstlen)
s = dstlen;
memcpy(dst, buf, s);
if (s < dstlen)
memset(dst + s, ' ', dstlen - s);
}
922
struct gtls_cert_info {
923
gnutls_x509_crl_t crl;
924
925
926
927
928
gnutls_privkey_t pkey;
gnutls_x509_crt_t *certs;
unsigned int nr_certs;
};
929
void unload_certificate(struct cert_info *certinfo, int final)
930
{
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
if (!certinfo)
return;
if (certinfo->priv_info) {
struct gtls_cert_info *gci = certinfo->priv_info;
certinfo->priv_info = NULL;
gnutls_x509_crl_deinit(gci->crl);
gnutls_privkey_deinit(gci->pkey);
for (size_t i = 0, end = gci->nr_certs; i < end; i++)
gnutls_x509_crt_deinit(gci->certs[i]);
gnutls_free(gci->certs);
free(gci);
}
if (final) {
#if defined(OPENCONNECT_GNUTLS) && defined(HAVE_TROUSERS)
release_tpm1_ctx(certinfo->vpninfo, certinfo);
#endif
#if defined(OPENCONNECT_GNUTLS) && defined(HAVE_TSS2)
release_tpm2_ctx(certinfo->vpninfo, certinfo);
#endif
}
954
955
}
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
static int import_cert(gnutls_x509_crt_t *cert, const gnutls_datum_t *der)
{
gnutls_x509_crt_t crt = NULL;
int ret;
if (!cert)
return GNUTLS_E_INVALID_REQUEST;
ret = gnutls_x509_crt_init(&crt);
if (ret < 0)
goto done;
ret = gnutls_x509_crt_import(crt, der, GNUTLS_X509_FMT_DER);
if (ret < 0) {
gnutls_x509_crt_deinit(crt);
crt = NULL;
}
done:
*cert = crt;
return ret;
}
static int copy_cert(gnutls_x509_crt_t *cert_copy, gnutls_x509_crt_t cert)
{
gnutls_datum_t data = { NULL, 0 };
gnutls_x509_crt_t copy = NULL;
int ret;
if (!cert_copy)
return GNUTLS_E_INVALID_REQUEST;
ret = gnutls_x509_crt_export2(cert, GNUTLS_X509_FMT_DER, &data);
if (ret < 0)
goto done;
ret = import_cert(©, &data);
gnutls_free(data.data);
done:
*cert_copy = copy;
return ret;
}
1000
static int check_multicert_compat(struct openconnect_info *vpninfo, struct cert_info *certinfo);