Tor  0.4.7.0-alpha-dev
tortls.c
Go to the documentation of this file.
1 /* Copyright (c) 2003, Roger Dingledine.
2  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3  * Copyright (c) 2007-2021, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
5 
6 /**
7  * @file tortls.c
8  * @brief Shared functionality for our TLS backends.
9  **/
10 
11 #define TORTLS_PRIVATE
12 #define TOR_X509_PRIVATE
13 #include "lib/tls/x509.h"
14 #include "lib/tls/x509_internal.h"
15 #include "lib/tls/tortls_sys.h"
16 #include "lib/tls/tortls.h"
17 #include "lib/tls/tortls_st.h"
19 #include "lib/log/util_bug.h"
20 #include "lib/intmath/cmp.h"
23 #include "lib/net/socket.h"
24 #include "lib/subsys/subsys.h"
25 
26 #ifdef _WIN32
27  #include <winsock2.h>
28  #include <ws2tcpip.h>
29 #endif
30 
31 #include <time.h>
32 
33 /** Global TLS contexts. We keep them here because nobody else needs
34  * to touch them.
35  *
36  * @{ */
38 STATIC tor_tls_context_t *client_tls_context = NULL;
39 /**@}*/
40 
41 /**
42  * Return the appropriate TLS context.
43  */
45 tor_tls_context_get(int is_server)
46 {
47  return is_server ? server_tls_context : client_tls_context;
48 }
49 
50 /** Convert an errno (or a WSAerrno on windows) into a TOR_TLS_* error
51  * code. */
52 int
54 {
55  switch (e) {
56  case SOCK_ERRNO(ECONNRESET): // most common
57  return TOR_TLS_ERROR_CONNRESET;
58  case SOCK_ERRNO(ETIMEDOUT):
59  return TOR_TLS_ERROR_TIMEOUT;
60  case SOCK_ERRNO(EHOSTUNREACH):
61  case SOCK_ERRNO(ENETUNREACH):
62  return TOR_TLS_ERROR_NO_ROUTE;
63  case SOCK_ERRNO(ECONNREFUSED):
64  return TOR_TLS_ERROR_CONNREFUSED; // least common
65  default:
66  return TOR_TLS_ERROR_MISC;
67  }
68 }
69 
70 /** Set *<b>link_cert_out</b> and *<b>id_cert_out</b> to the link certificate
71  * and ID certificate that we're currently using for our V3 in-protocol
72  * handshake's certificate chain. If <b>server</b> is true, provide the certs
73  * that we use in server mode (auth, ID); otherwise, provide the certs that we
74  * use in client mode. (link, ID) */
75 int
77  const tor_x509_cert_t **link_cert_out,
78  const tor_x509_cert_t **id_cert_out)
79 {
81  int rv = -1;
82  const tor_x509_cert_t *link_cert = NULL;
83  const tor_x509_cert_t *id_cert = NULL;
84  if (ctx) {
85  rv = 0;
86  link_cert = server ? ctx->my_link_cert : ctx->my_auth_cert;
87  id_cert = ctx->my_id_cert;
88  }
89  if (link_cert_out)
90  *link_cert_out = link_cert;
91  if (id_cert_out)
92  *id_cert_out = id_cert;
93  return rv;
94 }
95 
96 /**
97  * Return the authentication key that we use to authenticate ourselves as a
98  * client in the V3 in-protocol handshake.
99  */
100 crypto_pk_t *
102 {
104  if (! context)
105  return NULL;
106  return context->auth_key;
107 }
108 
109 /** Increase the reference count of <b>ctx</b>. */
110 void
112 {
113  ++ctx->refcnt;
114 }
115 
116 /** Remove a reference to <b>ctx</b>, and free it if it has no more
117  * references. */
118 void
120 {
121  tor_assert(ctx);
122  if (--ctx->refcnt == 0) {
123  tor_tls_context_impl_free(ctx->ctx);
124  tor_x509_cert_free(ctx->my_link_cert);
125  tor_x509_cert_free(ctx->my_id_cert);
126  tor_x509_cert_free(ctx->my_auth_cert);
127  crypto_pk_free(ctx->link_key);
128  crypto_pk_free(ctx->auth_key);
129  /* LCOV_EXCL_BR_START since ctx will never be NULL here */
130  tor_free(ctx);
131  /* LCOV_EXCL_BR_STOP */
132  }
133 }
134 
135 /** Free all global TLS structures. */
136 void
138 {
139  check_no_tls_errors();
140 
141  if (server_tls_context) {
143  server_tls_context = NULL;
145  }
146  if (client_tls_context) {
147  tor_tls_context_t *ctx = client_tls_context;
148  client_tls_context = NULL;
150  }
151 }
152 
153 /** Given a TOR_TLS_* error code, return a string equivalent. */
154 const char *
156 {
157  if (err >= 0)
158  return "[Not an error.]";
159  switch (err) {
160  case TOR_TLS_ERROR_MISC: return "misc error";
161  case TOR_TLS_ERROR_IO: return "unexpected close";
162  case TOR_TLS_ERROR_CONNREFUSED: return "connection refused";
163  case TOR_TLS_ERROR_CONNRESET: return "connection reset";
164  case TOR_TLS_ERROR_NO_ROUTE: return "host unreachable";
165  case TOR_TLS_ERROR_TIMEOUT: return "connection timed out";
166  case TOR_TLS_CLOSE: return "closed";
167  case TOR_TLS_WANTREAD: return "want to read";
168  case TOR_TLS_WANTWRITE: return "want to write";
169  default: return "(unknown error code)";
170  }
171 }
172 
173 /** Create new global client and server TLS contexts.
174  *
175  * If <b>server_identity</b> is NULL, this will not generate a server
176  * TLS context. If TOR_TLS_CTX_IS_PUBLIC_SERVER is set in <b>flags</b>, use
177  * the same TLS context for incoming and outgoing connections, and
178  * ignore <b>client_identity</b>. If one of TOR_TLS_CTX_USE_ECDHE_P{224,256}
179  * is set in <b>flags</b>, use that ECDHE group if possible; otherwise use
180  * the default ECDHE group. */
181 int
182 tor_tls_context_init(unsigned flags,
183  crypto_pk_t *client_identity,
184  crypto_pk_t *server_identity,
185  unsigned int key_lifetime)
186 {
187  int rv1 = 0;
188  int rv2 = 0;
189  const int is_public_server = flags & TOR_TLS_CTX_IS_PUBLIC_SERVER;
190  check_no_tls_errors();
191 
192  if (is_public_server) {
193  tor_tls_context_t *new_ctx;
194  tor_tls_context_t *old_ctx;
195 
196  tor_assert(server_identity != NULL);
197 
199  server_identity,
200  key_lifetime, flags, 0);
201 
202  if (rv1 >= 0) {
203  new_ctx = server_tls_context;
204  tor_tls_context_incref(new_ctx);
205  old_ctx = client_tls_context;
206  client_tls_context = new_ctx;
207 
208  if (old_ctx != NULL) {
209  tor_tls_context_decref(old_ctx);
210  }
211  } else {
213  "constructing a TLS context");
214  }
215  } else {
216  if (server_identity != NULL) {
218  server_identity,
219  key_lifetime,
220  flags,
221  0);
222  if (rv1 < 0)
224  "constructing a server TLS context");
225  } else {
227  server_tls_context = NULL;
228 
229  if (old_ctx != NULL) {
230  tor_tls_context_decref(old_ctx);
231  }
232  }
233 
234  rv2 = tor_tls_context_init_one(&client_tls_context,
235  client_identity,
236  key_lifetime,
237  flags,
238  1);
239  if (rv2 < 0)
241  "constructing a client TLS context");
242  }
243 
244  return MIN(rv1, rv2);
245 }
246 
247 /** Create a new global TLS context.
248  *
249  * You can call this function multiple times. Each time you call it,
250  * it generates new certificates; all new connections will use
251  * the new SSL context.
252  */
253 int
255  crypto_pk_t *identity,
256  unsigned int key_lifetime,
257  unsigned int flags,
258  int is_client)
259 {
260  tor_tls_context_t *new_ctx = tor_tls_context_new(identity,
261  key_lifetime,
262  flags,
263  is_client);
264  tor_tls_context_t *old_ctx = *ppcontext;
265 
266  if (new_ctx != NULL) {
267  *ppcontext = new_ctx;
268 
269  /* Free the old context if one existed. */
270  if (old_ctx != NULL) {
271  /* This is safe even if there are open connections: we reference-
272  * count tor_tls_context_t objects. */
273  tor_tls_context_decref(old_ctx);
274  }
275  }
276 
277  return ((new_ctx != NULL) ? 0 : -1);
278 }
279 
280 /** Size of the RSA key to use for our TLS link keys */
281 #define RSA_LINK_KEY_BITS 2048
282 
283 /** How long do identity certificates live? (sec) */
284 #define IDENTITY_CERT_LIFETIME (365*24*60*60)
285 
286 /**
287  * Initialize the certificates and keys for a TLS context <b>result</b>
288  *
289  * Other arguments as for tor_tls_context_new().
290  */
291 int
293  crypto_pk_t *identity,
294  unsigned key_lifetime,
295  unsigned flags)
296 {
297  (void)flags;
298  int rv = -1;
299  char *nickname = NULL, *nn2 = NULL;
300  crypto_pk_t *rsa = NULL, *rsa_auth = NULL;
301  tor_x509_cert_impl_t *cert = NULL, *idcert = NULL, *authcert = NULL;
302 
303  nickname = crypto_random_hostname(8, 20, "www.", ".net");
304 
305 #ifdef DISABLE_V3_LINKPROTO_SERVERSIDE
306  nn2 = crypto_random_hostname(8, 20, "www.", ".net");
307 #else
308  nn2 = crypto_random_hostname(8, 20, "www.", ".com");
309 #endif
310 
311  /* Generate short-term RSA key for use with TLS. */
312  if (!(rsa = crypto_pk_new()))
313  goto error;
315  goto error;
316 
317  /* Generate short-term RSA key for use in the in-protocol ("v3")
318  * authentication handshake. */
319  if (!(rsa_auth = crypto_pk_new()))
320  goto error;
321  if (crypto_pk_generate_key(rsa_auth)<0)
322  goto error;
323 
324  /* Create a link certificate signed by identity key. */
325  cert = tor_tls_create_certificate(rsa, identity, nickname, nn2,
326  key_lifetime);
327  /* Create self-signed certificate for identity key. */
328  idcert = tor_tls_create_certificate(identity, identity, nn2, nn2,
330  /* Create an authentication certificate signed by identity key. */
331  authcert = tor_tls_create_certificate(rsa_auth, identity, nickname, nn2,
332  key_lifetime);
333  if (!cert || !idcert || !authcert) {
334  log_warn(LD_CRYPTO, "Error creating certificate");
335  goto error;
336  }
337 
338  result->my_link_cert = tor_x509_cert_new(cert);
339  cert = NULL;
340  result->my_id_cert = tor_x509_cert_new(idcert);
341  idcert = NULL;
342  result->my_auth_cert = tor_x509_cert_new(authcert);
343  authcert = NULL;
344  if (!result->my_link_cert || !result->my_id_cert || !result->my_auth_cert)
345  goto error;
346  result->link_key = rsa;
347  rsa = NULL;
348  result->auth_key = rsa_auth;
349  rsa_auth = NULL;
350 
351  rv = 0;
352  error:
353 
354  tor_free(nickname);
355  tor_free(nn2);
356 
357  tor_x509_cert_impl_free(cert);
358  tor_x509_cert_impl_free(idcert);
359  tor_x509_cert_impl_free(authcert);
360  crypto_pk_free(rsa);
361  crypto_pk_free(rsa_auth);
362 
363  return rv;
364 }
365 /** Make future log messages about <b>tls</b> display the address
366  * <b>address</b>.
367  */
368 void
369 tor_tls_set_logged_address(tor_tls_t *tls, const char *address)
370 {
371  tor_assert(tls);
372  tor_free(tls->address);
373  tls->address = tor_strdup(address);
374 }
375 
376 /** Return whether this tls initiated the connect (client) or
377  * received it (server). */
378 int
380 {
381  tor_assert(tls);
382  return tls->isServer;
383 }
384 
385 /** Release resources associated with a TLS object. Does not close the
386  * underlying file descriptor.
387  */
388 void
390 {
391  if (!tls)
392  return;
393  tor_assert(tls->ssl);
394  {
395  size_t r,w;
396  tor_tls_get_n_raw_bytes(tls,&r,&w); /* ensure written_by_tls is updated */
397  }
398  tor_tls_impl_free(tls->ssl);
399  tls->ssl = NULL;
400 #ifdef ENABLE_OPENSSL
401  tls->negotiated_callback = NULL;
402 #endif
403  if (tls->context)
404  tor_tls_context_decref(tls->context);
405  tor_free(tls->address);
406  tls->magic = 0x99999999;
407  tor_free(tls);
408 }
409 
410 /** If the provided tls connection is authenticated and has a
411  * certificate chain that is currently valid and signed, then set
412  * *<b>identity_key</b> to the identity certificate's key and return
413  * 0. Else, return -1 and log complaints with log-level <b>severity</b>.
414  */
415 int
416 tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity)
417 {
418  tor_x509_cert_impl_t *cert = NULL, *id_cert = NULL;
419  tor_x509_cert_t *peer_x509 = NULL, *id_x509 = NULL;
420  tor_assert(tls);
421  tor_assert(identity);
422  int rv = -1;
423 
424  try_to_extract_certs_from_tls(severity, tls, &cert, &id_cert);
425  if (!cert)
426  goto done;
427  if (!id_cert) {
428  log_fn(severity,LD_PROTOCOL,"No distinct identity certificate found");
429  goto done;
430  }
431  peer_x509 = tor_x509_cert_new(cert);
432  id_x509 = tor_x509_cert_new(id_cert);
433  cert = id_cert = NULL; /* Prevent double-free */
434 
435  if (! tor_tls_cert_is_valid(severity, peer_x509, id_x509, time(NULL), 0)) {
436  goto done;
437  }
438 
439  *identity = tor_tls_cert_get_key(id_x509);
440  rv = 0;
441 
442  done:
443  tor_x509_cert_impl_free(cert);
444  tor_x509_cert_impl_free(id_cert);
445  tor_x509_cert_free(peer_x509);
446  tor_x509_cert_free(id_x509);
447 
448  return rv;
449 }
450 
451 static void
452 subsys_tortls_shutdown(void)
453 {
455 }
456 
457 const subsys_fns_t sys_tortls = {
458  .name = "tortls",
460  .level = -50,
461  .shutdown = subsys_tortls_shutdown
462 };
Macro definitions for MIN, MAX, and CLAMP.
char * crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix, const char *suffix)
Definition: crypto_rand.c:552
Common functions for using (pseudo-)random number generators.
Headers for crypto_rsa.c.
int crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
crypto_pk_t * crypto_pk_new(void)
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LD_CRYPTO
Definition: log.h:64
#define LD_PROTOCOL
Definition: log.h:72
#define LOG_WARN
Definition: log.h:53
#define tor_free(p)
Definition: malloc.h:52
Header for socket.c.
const char * name
Definition: subsys.h:43
unsigned int isServer
Definition: tortls_st.h:51
char * address
Definition: tortls_st.h:47
tor_tls_impl_t * ssl
Definition: tortls_st.h:44
Types used to declare a subsystem.
#define SUBSYS_DECLARE_LOCATION()
Definition: subsys.h:211
#define STATIC
Definition: testsupport.h:32
Definitions for timing-related constants.
#define RSA_LINK_KEY_BITS
Definition: tortls.c:281
int tor_tls_context_init(unsigned flags, crypto_pk_t *client_identity, crypto_pk_t *server_identity, unsigned int key_lifetime)
Definition: tortls.c:182
void tor_tls_context_incref(tor_tls_context_t *ctx)
Definition: tortls.c:111
void tor_tls_context_decref(tor_tls_context_t *ctx)
Definition: tortls.c:119
int tor_errno_to_tls_error(int e)
Definition: tortls.c:53
void tor_tls_free_(tor_tls_t *tls)
Definition: tortls.c:389
#define IDENTITY_CERT_LIFETIME
Definition: tortls.c:284
int tor_tls_get_my_certs(int server, const tor_x509_cert_t **link_cert_out, const tor_x509_cert_t **id_cert_out)
Definition: tortls.c:76
crypto_pk_t * tor_tls_get_my_client_auth_key(void)
Definition: tortls.c:101
int tor_tls_is_server(tor_tls_t *tls)
Definition: tortls.c:379
tor_tls_context_t * tor_tls_context_get(int is_server)
Definition: tortls.c:45
void tor_tls_set_logged_address(tor_tls_t *tls, const char *address)
Definition: tortls.c:369
int tor_tls_context_init_certificates(tor_tls_context_t *result, crypto_pk_t *identity, unsigned key_lifetime, unsigned flags)
Definition: tortls.c:292
const char * tor_tls_err_to_string(int err)
Definition: tortls.c:155
STATIC tor_tls_context_t * server_tls_context
Definition: tortls.c:37
void tor_tls_free_all(void)
Definition: tortls.c:137
int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_t **identity)
Definition: tortls.c:416
int tor_tls_context_init_one(tor_tls_context_t **ppcontext, crypto_pk_t *identity, unsigned int key_lifetime, unsigned int flags, int is_client)
Definition: tortls.c:254
Headers for tortls.c.
void tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written)
Definition: tortls_nss.c:677
void tls_log_errors(tor_tls_t *tls, int severity, int domain, const char *doing)
Definition: tortls_nss.c:362
Declare internal functions for lib/tls.
tor_tls_context_t * tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, unsigned flags, int is_client)
Definition: tortls_nss.c:182
Structure declarations for internal TLS types.
Declare subsystem object for the tortls module.
Macros to manage assertions, fatal and non-fatal.
#define tor_assert(expr)
Definition: util_bug.h:102
Headers for tortls.c.
crypto_pk_t * tor_tls_cert_get_key(tor_x509_cert_t *cert)
Definition: x509_nss.c:285
int tor_tls_cert_is_valid(int severity, const tor_x509_cert_t *cert, const tor_x509_cert_t *signing_cert, time_t now, int check_rsa_1024)
Definition: x509_nss.c:302
X509 * tor_tls_create_certificate(crypto_pk_t *rsa, crypto_pk_t *rsa_sign, const char *cname, const char *cname_sign, unsigned int cert_lifetime)
Definition: x509_openssl.c:105