tls_remote.c

Go to the documentation of this file.

#include <unistd.h>
#include "ucspissl.h"
#include "fmt.h"
#include "stralloc.h"
#include "str.h"
#include "byte.h"
#include "case.h"
#include "dns.h"
#include "constmap.h"
#include "tls_remote.h"
#include "tls_errors.h"
 
/* Caution: OpenSSL's X509_pubkey_digest() does not work as expected. 
   I've included now: X509_pkey_digest() and X509_cert_digest() (as makro) */
 
#define X509_cert_digest X509_digest
 
int tls_certkey(SSL_CTX *ctx,const char *cert,const char *key,char *ppwd) 
{
  if (!cert) return 0;
 
  if (SSL_CTX_use_certificate_chain_file(ctx,cert) != 1)
    return -1;
 
  if (!key) key = cert;
 
  if (ppwd) SSL_CTX_set_default_passwd_cb_userdata(ctx,ppwd);
 
  if (SSL_CTX_use_PrivateKey_file(ctx,key,SSL_FILETYPE_PEM) != 1)
    return -2;
 
  if (SSL_CTX_check_private_key(ctx) != 1)
    return -3;
 
  return 0;
}
 
int tls_conn(SSL *ssl,int smtpfd)
{
  SSL_set_options(ssl,SSL_OP_NO_SSLv2);
  SSL_set_options(ssl,SSL_OP_NO_SSLv3);
  return SSL_set_fd(ssl,smtpfd);
}
 
int tls_checkpeer(SSL *ssl,X509 *cert,const stralloc host,const int flag,const int verify)
{
  char buf[SSL_NAME_LEN];
  char *dnsname = 0;
  int dname = 0;
  int num;
  int len;
  int fflag; 
  int i;
  int rc = 0;
 
  fflag = flag;
  if (flag > 20) fflag = flag - 20;
  if (flag > 10) fflag = flag - 10;
 
  /* X.509 CA DN/SAN name validation against DNS */
 
  if (host.len && fflag > 4) {
    GENERAL_NAMES *extensions = X509_get_ext_d2i(cert,NID_subject_alt_name,0,0);
    num = sk_GENERAL_NAME_num(extensions);      /* num = 0, if no SAN extensions */
 
    for (i = 0; i < num; ++i) {
      const GENERAL_NAME *ext = sk_GENERAL_NAME_value(extensions,i);
      if (ext->type == GEN_DNS) {
        if (OBJ_sn2nid((const char*)ext->d.ia5) != V_ASN1_IA5STRING) continue;
        dnsname = (char *)ASN1_STRING_get0_data(ext->d.ia5);
        len = ASN1_STRING_length(ext->d.ia5);
        dname = 1;
      }
    }
 
    if (!dname) {
      X509_NAME_get_text_by_NID(X509_get_subject_name(cert),NID_commonName,buf,sizeof(buf));
      buf[SSL_NAME_LEN - 1] = 0;
      dnsname = buf;
      len = SSL_NAME_LEN - 1;
    }
 
    switch (fflag) {
      case 5: if (dnsname[0] == '*' && dnsname[1] == '.') 
                if (case_diffrs(dnsname + 1,host.s)) return -3;
              if (case_diffrs(dnsname,host.s)) return -3;
              rc = 3; break;
      case 6: if (case_diffs(dnsname,host.s)) return -3;
              rc = 2; break;
    }
  }
 
  /* X.509 CA Verification: root CA must be available */
 
  if (fflag > 3 && verify > -2) {       
    if (SSL_get_verify_result(ssl) != X509_V_OK) return -2;
    else rc = 1;
  }
 
  return rc;
}
 
int tls_checkcrl(SSL *ssl)   // not implemented yet
{
 
  return 0;
}
 
int dig_ascii(char *digascii,const char *digest,const int len)
{
  static const char hextab[] = "0123456789abcdef";
  int j;
 
  for (j = 0; j < len; j++) {
    digascii[2 * j] = hextab[(unsigned char)digest[j] >> 4];
    digascii[2 * j + 1] = hextab[(unsigned char)digest[j] & 0x0f];
  }
  digascii[2 * len] = '\0';
 
  return (2 * j);  // 2*len
}
 
/* X509_pkey_digest() takes the same args as X509_digest(); 
   however returning the correct hash of pubkey in md.
   Subjects keys are restricted to 2048 byte in size.
   Return codes: 1: sucess, 0: failed.  */
 
int X509_pkey_digest(const X509 *cert,const EVP_MD *type,unsigned char *md,unsigned int *dlen)
{
  unsigned int len = 0;
  unsigned int size = 2048;
  unsigned char *buf;
  unsigned char *buf2;
  unsigned char buffer[size]; // avoid malloc
 
/*  Following Viktor's suggestion */
 
  if (!X509_get0_pubkey_bitstr(cert)) return 0;  // no Subject public key
 
  len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert),0);
  if (len > size) return 0;
  buf2 = buf = buffer;
  i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert),(unsigned char **)&buf2);
  if (buf2 - buf != len) return 0;
 
  if (!EVP_Digest(buf,len,md,dlen,type,0)) return 0;  // OpenSSL voodoo
  return 1;
}
 
/* Return codes: -5: nullified TLSA digest, ignored
                 -4: no X.509 cert (fatal), -3: matching error (deferred), 
                 -2: unsupported type, -1: weird TLSA record
                  0: No X.509 cert; seen: usage++; */
 
const char tlsa0[512] = { 512 * 0 };
 
int tlsa_check(const STACK_OF(X509) *certs,const stralloc host,const unsigned long p)
{
  const EVP_MD *methodsha256 = EVP_sha256();
  const EVP_MD *methodsha512 = EVP_sha512();
  stralloc out = {0};
  stralloc sa = {0};
  stralloc cn = {0};
  unsigned char digest[EVP_MAX_MD_SIZE];
  unsigned int dlen = 0;
  unsigned int n = 0;
  int i = 0;
  int r; 
  char port[FMT_ULONG];
  uint16 type;
  uint16 selector;
  uint16 usage;
 
// construct TLSA FQDN -- simple procedure; returning Usage 
 
  if (host.len < 2) return 0;
  if (!stralloc_copyb(&sa,"_",1)) temp_nomem();
  port[fmt_ulong(port,p)] = 0;
  if (!stralloc_cats(&sa,port)) temp_nomem();
  if (!stralloc_cats(&sa,"._tcp.")) temp_nomem();
  if (!stralloc_cats(&sa,host.s)) temp_nomem();
 
  if (dns_cname(&cn,&sa) > 0)  // query name could be a cname
    { if (dns_tlsa(&out,&cn) <= 0) return 0; }
  else 
    { if (dns_tlsa(&out,&sa) <= 0) return 0; }
  if (out.len < 5) return -1;
 
  /*  https://www.openssl.org/docs/man3.0/man3/X509_digest.html (1.1.1):
      "The len parameter, if not NULL, points to a place where the digest size will be stored."
      [sigh] 
  */
  do {
    if (!byte_diff(tlsa0,out.len - i - 3,out.s + i + 3)) return -5;  // TLSA digst = 00000 ...
    usage = (unsigned char) out.s[i];        // Usage: PKIX-TA [0], PKIX-EE [1], DANE-TA [2], DANE-EE [3]
    selector = (unsigned char) out.s[i + 1]; // Selector: 0 = Cert, 1 = SPKI
    type = (unsigned char) out.s[i + 2];     // Type: 0/1/2 = [Cert|SPKI]/SHA256/SHA512
 
    unsigned len = sk_X509_num(certs);
          for (n = 0; n < len; n++) {
                  X509 *cert = sk_X509_value(certs,n);
      if (type == 1) {
        if (selector == 0) r = X509_cert_digest(cert,methodsha256,digest,&dlen);
        if (selector == 1) r = X509_pkey_digest(cert,methodsha256,digest,&dlen);
      } else if (type == 2) {
        if (selector == 0) r = X509_cert_digest(cert,methodsha512,digest,&dlen);
        if (selector == 1) r = X509_pkey_digest(cert,methodsha512,digest,&dlen);
      } else 
        return -2;
 
      if (!byte_diff(digest,dlen,out.s + i + 3)) return ++usage;
    }
 
    i += (dlen + 3);
  } while (i < out.len - 4);
 
  return -3;
}
 
int tls_fingerprint(X509 *cert,const char *fingerprint,int dlen)
{
  const EVP_MD *methodsha1 = EVP_sha1();
  const EVP_MD *methodsha224 = EVP_sha224();
  const EVP_MD *methodsha256 = EVP_sha256();
  const EVP_MD *methodsha512 = EVP_sha512();
  unsigned char digest[EVP_MAX_MD_SIZE];
  unsigned char digascii[257];
  unsigned int len;
 
  switch (dlen) {               /* fetch digest from cert; len = bitlength/8 */
    case  40: if (!X509_digest(cert,methodsha1,digest,&len)) return -2;
    case  56: if (!X509_digest(cert,methodsha224,digest,&len)) return -2; 
    case  64: if (!X509_digest(cert,methodsha256,digest,&len)) return -2;
    case 128: if (!X509_digest(cert,methodsha512,digest,&len)) return -2; 
    default:  return -3; 
  }
 
  len = dig_ascii(digascii,digest,len);
  if (!str_diffn(digascii,fingerprint,len)) return 1;
 
  return 0;
}
 
int tls_exit(SSL *ssl)
{
  if (SSL_shutdown(ssl) == 0)
    SSL_shutdown(ssl);
 
  return 0;
}
 
int tls_destination(const stralloc hostname)
{
  int i;
  stralloc tlshost = {0};
  stralloc tlsdest = {0};
 
  if (!stralloc_copy(&tlshost,&hostname)) temp_nomem();
  if (!stralloc_0(&tlshost)) temp_nomem();
 
// Host rules
 
  if (!stralloc_copys(&tlsdest,"!")) temp_nomem();
  if (!stralloc_cats(&tlsdest,tlshost.s)) temp_nomem();
  if ((tlsdestinfo = constmap(&maptlsdestinations,tlsdest.s,tlsdest.len))) return -1;
 
  if (!stralloc_copys(&tlsdest,"?")) temp_nomem();
  if (!stralloc_cats(&tlsdest,tlshost.s)) temp_nomem();
  if ((tlsdestinfo = constmap(&maptlsdestinations,tlsdest.s,tlsdest.len))) return 9;
 
  if (!stralloc_copys(&tlsdest,"/")) temp_nomem();
  if (!stralloc_cats(&tlsdest,tlshost.s)) temp_nomem();
  if ((tlsdestinfo = constmap(&maptlsdestinations,tlsdest.s,tlsdest.len))) return 8;
 
  if (!stralloc_copys(&tlsdest,"%")) temp_nomem(); // CERT + hash 
  if (!stralloc_cats(&tlsdest,tlshost.s)) temp_nomem();
  if ((tlsdestinfo = constmap(&maptlsdestinations,tlsdest.s,tlsdest.len))) return 7;
 
  if (!stralloc_copys(&tlsdest,"=")) temp_nomem();  // CERT + FQDN
  if (!stralloc_cats(&tlsdest,tlshost.s)) temp_nomem();
  if ((tlsdestinfo = constmap(&maptlsdestinations,tlsdest.s,tlsdest.len))) return 6;
  
  if (!stralloc_copys(&tlsdest,"~")) temp_nomem();  // CERT + Wild
  if (!stralloc_cats(&tlsdest,tlshost.s)) temp_nomem();
  if ((tlsdestinfo = constmap(&maptlsdestinations,tlsdest.s,tlsdest.len))) return 5;
  
// Domain rules
 
  for (i = 0; i < tlshost.len; ++i)  // TLS fallthru
    if ((i == 0) || (tlshost.s[i] == '.')) {
      if (!stralloc_copys(&tlsdest,"?")) temp_nomem();
      if (!stralloc_cats(&tlsdest,tlshost.s + i)) temp_nomem();
      if ((tlsdestinfo = constmap(&maptlsdestinations,tlsdest.s,tlsdest.len))) return 9;
    }
 
  for (i = 0; i < tlshost.len; ++i)  // no TLSA
    if ((i == 0) || (tlshost.s[i] == '.')) {
      if (!stralloc_copys(&tlsdest,"/")) temp_nomem();
      if (!stralloc_cats(&tlsdest,tlshost.s + i)) temp_nomem();
      if ((tlsdestinfo = constmap(&maptlsdestinations,tlsdest.s,tlsdest.len))) return 8;
    }
 
  for (i = 0; i < tlshost.len; ++i)  // CERT + Wild
    if ((i == 0) || (tlshost.s[i] == '.')) {
      if (!stralloc_copys(&tlsdest,"~")) temp_nomem();
      if (!stralloc_cats(&tlsdest,tlshost.s + i)) temp_nomem();
      if ((tlsdestinfo = constmap(&maptlsdestinations,tlsdest.s,tlsdest.len))) return 5;
    }
 
  for (i = 0; i < tlshost.len; ++i) // CERT - generic
    if ((i == 0) || (tlshost.s[i] == '.')) {
      if (!stralloc_copys(&tlsdest,"")) temp_nomem();
      if (!stralloc_cats(&tlsdest,tlshost.s + i)) temp_nomem();
      if ((tlsdestinfo = constmap(&maptlsdestinations,tlsdest.s,tlsdest.len))) return 4;
    }
 
  for (i = 0; i < tlshost.len; ++i)  // ADH per host/domain
    if ((i == 0) || (tlshost.s[i] == '.')) {
      if (!stralloc_copys(&tlsdest,"-")) temp_nomem();
      if (!stralloc_cats(&tlsdest,tlshost.s + i)) temp_nomem();
      if ((tlsdestinfo = constmap(&maptlsdestinations,tlsdest.s,tlsdest.len))) return 2;
    }
 
// General rules (mandatory TLS)
 
  tlsdestinfo = 0;
  if (constmap(&maptlsdestinations,"/*",2)) return 8; // no TLSA
  if (constmap(&maptlsdestinations,"=*",2)) return 6; // CERT + FQDN
  if (constmap(&maptlsdestinations,"~*",2)) return 5; // CERT + Wild
  if (constmap(&maptlsdestinations,"+*",2)) return 4; // CERT
  if (constmap(&maptlsdestinations,"-*",2)) return 2; // ADH
 
// Fall thru rules (optional TLS)
 
  if (constmap(&maptlsdestinations,"?",1)) return 9; // fallback to no TLS
  if (constmap(&maptlsdestinations,"*",1)) return 3; // CERT
  if (constmap(&maptlsdestinations,"-",1)) return 1; // ADH
 
  return 0;
}
 
int tls_domaincerts(const stralloc domainname)
{
  int i;
  tlsdomaininfo = 0;    // extern
 
/* Our Certs - per domain */
 
  if (domainname.len)
    for (i = 0; i < domainname.len; ++i)
      if ((i == 0) || (domainname.s[i] == '.'))
        if ((tlsdomaininfo = constmap(&mapdomaincerts,domainname.s + i,domainname.len - i))) return 2;
 
/* Standard Cert (if any) */
 
  if ((tlsdomaininfo = constmap(&mapdomaincerts,"*",1))) return 1;
 
  return 0;
}