mbedtls.c 12.7 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13
/*
 * Copyright (C) the libgit2 contributors. All rights reserved.
 *
 * This file is part of libgit2, distributed under the GNU GPL v2 with
 * a Linking Exception. For full terms see the included COPYING file.
 */

#include "streams/mbedtls.h"

#ifdef GIT_MBEDTLS

#include <ctype.h>

14
#include "runtime.h"
15 16 17
#include "stream.h"
#include "streams/socket.h"
#include "git2/transport.h"
18
#include "util.h"
19

20 21 22 23
#ifndef GIT_DEFAULT_CERT_LOCATION
#define GIT_DEFAULT_CERT_LOCATION NULL
#endif

24
/* Work around C90-conformance issues */
25 26 27 28 29 30 31 32
#if !defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L)
# if defined(_MSC_VER)
#  define inline __inline
# elif defined(__GNUC__)
#  define inline __inline__
# else
#  define inline
# endif
33 34
#endif

35
#include <mbedtls/config.h>
36
#include <mbedtls/ssl.h>
37
#include <mbedtls/error.h>
38 39 40
#include <mbedtls/entropy.h>
#include <mbedtls/ctr_drbg.h>

41 42
#undef inline

43 44 45
#define GIT_SSL_DEFAULT_CIPHERS "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-DSS-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-DSS-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256:TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA:TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384:TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA:TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-128-CBC-SHA256:TLS-DHE-DSS-WITH-AES-256-CBC-SHA256:TLS-DHE-DSS-WITH-AES-128-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-128-GCM-SHA256:TLS-RSA-WITH-AES-256-GCM-SHA384:TLS-RSA-WITH-AES-128-CBC-SHA256:TLS-RSA-WITH-AES-256-CBC-SHA256:TLS-RSA-WITH-AES-128-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA"
#define GIT_SSL_DEFAULT_CIPHERS_COUNT 30

46
static mbedtls_ssl_config *git__ssl_conf;
47
static int ciphers_list[GIT_SSL_DEFAULT_CIPHERS_COUNT];
48
static mbedtls_entropy_context *mbedtls_entropy;
49

50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
/**
 * This function aims to clean-up the SSL context which
 * we allocated.
 */
static void shutdown_ssl(void)
{
	if (git__ssl_conf) {
		mbedtls_x509_crt_free(git__ssl_conf->ca_chain);
		git__free(git__ssl_conf->ca_chain);
		mbedtls_ctr_drbg_free(git__ssl_conf->p_rng);
		git__free(git__ssl_conf->p_rng);
		mbedtls_ssl_config_free(git__ssl_conf);
		git__free(git__ssl_conf);
		git__ssl_conf = NULL;
	}
	if (mbedtls_entropy) {
		mbedtls_entropy_free(mbedtls_entropy);
		git__free(mbedtls_entropy);
		mbedtls_entropy = NULL;
	}
}

int git_mbedtls_stream_global_init(void)
{
74 75 76
	int loaded = 0;
	char *crtpath = GIT_DEFAULT_CERT_LOCATION;
	struct stat statbuf;
77
	mbedtls_ctr_drbg_context *ctr_drbg = NULL;
78

79
	size_t ciphers_known = 0;
80 81 82 83
	char *cipher_name = NULL;
	char *cipher_string = NULL;
	char *cipher_string_tmp = NULL;

84
	git__ssl_conf = git__malloc(sizeof(mbedtls_ssl_config));
85
	GIT_ERROR_CHECK_ALLOC(git__ssl_conf);
86

87 88 89 90 91
	mbedtls_ssl_config_init(git__ssl_conf);
	if (mbedtls_ssl_config_defaults(git__ssl_conf,
		                            MBEDTLS_SSL_IS_CLIENT,
		                            MBEDTLS_SSL_TRANSPORT_STREAM,
		                            MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
92
		git_error_set(GIT_ERROR_SSL, "failed to initialize mbedTLS");
93 94 95 96 97
		goto cleanup;
	}

	/* configure TLSv1 */
	mbedtls_ssl_conf_min_version(git__ssl_conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0);
98 99 100 101 102

	/* verify_server_cert is responsible for making the check.
	 * OPTIONAL because REQUIRED drops the certificate as soon as the check
	 * is made, so we can never see the certificate and override it. */
	mbedtls_ssl_conf_authmode(git__ssl_conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
103

104 105 106
	/* set the list of allowed ciphersuites */
	ciphers_known = 0;
	cipher_string = cipher_string_tmp = git__strdup(GIT_SSL_DEFAULT_CIPHERS);
107
	GIT_ERROR_CHECK_ALLOC(cipher_string);
108

109 110 111 112
	while ((cipher_name = git__strtok(&cipher_string_tmp, ":")) != NULL) {
		int cipherid = mbedtls_ssl_get_ciphersuite_id(cipher_name);
		if (cipherid == 0) continue;

113
		if (ciphers_known >= ARRAY_SIZE(ciphers_list)) {
114
			git_error_set(GIT_ERROR_SSL, "out of cipher list space");
115 116 117
			goto cleanup;
		}

118 119 120 121 122
		ciphers_list[ciphers_known++] = cipherid;
	}
	git__free(cipher_string);

	if (!ciphers_known) {
123
		git_error_set(GIT_ERROR_SSL, "no cipher could be enabled");
124 125 126 127
		goto cleanup;
	}
	mbedtls_ssl_conf_ciphersuites(git__ssl_conf, ciphers_list);

128 129
	/* Seeding the random number generator */
	mbedtls_entropy = git__malloc(sizeof(mbedtls_entropy_context));
130
	GIT_ERROR_CHECK_ALLOC(mbedtls_entropy);
131

132 133 134
	mbedtls_entropy_init(mbedtls_entropy);

	ctr_drbg = git__malloc(sizeof(mbedtls_ctr_drbg_context));
135
	GIT_ERROR_CHECK_ALLOC(ctr_drbg);
136

137
	mbedtls_ctr_drbg_init(ctr_drbg);
138

139 140 141
	if (mbedtls_ctr_drbg_seed(ctr_drbg,
		                      mbedtls_entropy_func,
		                      mbedtls_entropy, NULL, 0) != 0) {
142
		git_error_set(GIT_ERROR_SSL, "failed to initialize mbedTLS entropy pool");
143 144 145 146 147
		goto cleanup;
	}

	mbedtls_ssl_conf_rng(git__ssl_conf, mbedtls_ctr_drbg_random, ctr_drbg);

148 149
	/* load default certificates */
	if (crtpath != NULL && stat(crtpath, &statbuf) == 0 && S_ISREG(statbuf.st_mode))
150
		loaded = (git_mbedtls__set_cert_location(crtpath, NULL) == 0);
151
	if (!loaded && crtpath != NULL && stat(crtpath, &statbuf) == 0 && S_ISDIR(statbuf.st_mode))
152
		loaded = (git_mbedtls__set_cert_location(NULL, crtpath) == 0);
153

154
	return git_runtime_shutdown_register(shutdown_ssl);
155 156 157 158 159 160 161 162 163 164

cleanup:
	mbedtls_ctr_drbg_free(ctr_drbg);
	git__free(ctr_drbg);
	mbedtls_ssl_config_free(git__ssl_conf);
	git__free(git__ssl_conf);
	git__ssl_conf = NULL;

	return -1;
}
165 166 167 168

static int bio_read(void *b, unsigned char *buf, size_t len)
{
	git_stream *io = (git_stream *) b;
169
	return (int) git_stream_read(io, buf, min(len, INT_MAX));
170 171 172 173 174
}

static int bio_write(void *b, const unsigned char *buf, size_t len)
{
	git_stream *io = (git_stream *) b;
175
	return (int) git_stream_write(io, (const char *)buf, min(len, INT_MAX), 0);
176 177 178 179 180 181 182
}

static int ssl_set_error(mbedtls_ssl_context *ssl, int error)
{
	char errbuf[512];
	int ret = -1;

183 184
	GIT_ASSERT(error != MBEDTLS_ERR_SSL_WANT_READ);
	GIT_ASSERT(error != MBEDTLS_ERR_SSL_WANT_WRITE);
185 186 187 188 189 190

	if (error != 0)
		mbedtls_strerror( error, errbuf, 512 );

	switch(error) {
		case 0:
191
		git_error_set(GIT_ERROR_SSL, "SSL error: unknown error");
192 193 194
		break;

	case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:
195
		git_error_set(GIT_ERROR_SSL, "SSL error: %#04x [%x] - %s", error, ssl->session_negotiate->verify_result, errbuf);
196 197 198 199
		ret = GIT_ECERTIFICATE;
		break;

	default:
200
		git_error_set(GIT_ERROR_SSL, "SSL error: %#04x - %s", error, errbuf);
201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217
	}

	return ret;
}

static int ssl_teardown(mbedtls_ssl_context *ssl)
{
	int ret = 0;

	ret = mbedtls_ssl_close_notify(ssl);
	if (ret < 0)
		ret = ssl_set_error(ssl, ret);

	mbedtls_ssl_free(ssl);
	return ret;
}

218
static int verify_server_cert(mbedtls_ssl_context *ssl)
219
{
220
	int ret = -1;
221

222
	if ((ret = mbedtls_ssl_get_verify_result(ssl)) != 0) {
223
		char vrfy_buf[512];
224 225
		int len = mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), "", ret);
		if (len >= 1) vrfy_buf[len - 1] = '\0'; /* Remove trailing \n */
226
		git_error_set(GIT_ERROR_SSL, "the SSL certificate is invalid: %#04x - %s", ret, vrfy_buf);
227 228 229 230 231 232 233 234 235
		return GIT_ECERTIFICATE;
	}

	return 0;
}

typedef struct {
	git_stream parent;
	git_stream *io;
236
	int owned;
237 238 239 240 241 242 243
	bool connected;
	char *host;
	mbedtls_ssl_context *ssl;
	git_cert_x509 cert_info;
} mbedtls_stream;


244
static int mbedtls_connect(git_stream *stream)
245 246 247 248
{
	int ret;
	mbedtls_stream *st = (mbedtls_stream *) stream;

249
	if (st->owned && (ret = git_stream_connect(st->io)) < 0)
250 251 252 253 254
		return ret;

	st->connected = true;

	mbedtls_ssl_set_hostname(st->ssl, st->host);
255 256

	mbedtls_ssl_set_bio(st->ssl, st->io, bio_write, bio_read, NULL);
257 258 259 260

	if ((ret = mbedtls_ssl_handshake(st->ssl)) != 0)
		return ssl_set_error(st->ssl, ret);

261
	return verify_server_cert(st->ssl);
262 263
}

264
static int mbedtls_certificate(git_cert **out, git_stream *stream)
265 266 267 268 269 270
{
	unsigned char *encoded_cert;
	mbedtls_stream *st = (mbedtls_stream *) stream;

	const mbedtls_x509_crt *cert = mbedtls_ssl_get_peer_cert(st->ssl);
	if (!cert) {
271
		git_error_set(GIT_ERROR_SSL, "the server did not provide a certificate");
272 273 274 275 276
		return -1;
	}

	/* Retrieve the length of the certificate first */
	if (cert->raw.len == 0) {
277
		git_error_set(GIT_ERROR_NET, "failed to retrieve certificate information");
278 279 280 281
		return -1;
	}

	encoded_cert = git__malloc(cert->raw.len);
282
	GIT_ERROR_CHECK_ALLOC(encoded_cert);
283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300
	memcpy(encoded_cert, cert->raw.p, cert->raw.len);

	st->cert_info.parent.cert_type = GIT_CERT_X509;
	st->cert_info.data = encoded_cert;
	st->cert_info.len = cert->raw.len;

	*out = &st->cert_info.parent;

	return 0;
}

static int mbedtls_set_proxy(git_stream *stream, const git_proxy_options *proxy_options)
{
	mbedtls_stream *st = (mbedtls_stream *) stream;

	return git_stream_set_proxy(st->io, proxy_options);
}

301
static ssize_t mbedtls_stream_write(git_stream *stream, const char *data, size_t len, int flags)
302 303
{
	mbedtls_stream *st = (mbedtls_stream *) stream;
304
	int written;
305 306 307

	GIT_UNUSED(flags);

308 309 310 311 312 313 314
	/*
	 * `mbedtls_ssl_write` can only represent INT_MAX bytes
	 * written via its return value. We thus need to clamp
	 * the maximum number of bytes written.
	 */
	len = min(len, INT_MAX);

315 316
	if ((written = mbedtls_ssl_write(st->ssl, (const unsigned char *)data, len)) <= 0)
		return ssl_set_error(st->ssl, written);
317

318
	return written;
319 320
}

321
static ssize_t mbedtls_stream_read(git_stream *stream, void *data, size_t len)
322 323 324 325 326 327 328 329 330 331
{
	mbedtls_stream *st = (mbedtls_stream *) stream;
	int ret;

	if ((ret = mbedtls_ssl_read(st->ssl, (unsigned char *)data, len)) <= 0)
		ssl_set_error(st->ssl, ret);

	return ret;
}

332
static int mbedtls_stream_close(git_stream *stream)
333 334 335 336 337 338 339 340 341
{
	mbedtls_stream *st = (mbedtls_stream *) stream;
	int ret = 0;

	if (st->connected && (ret = ssl_teardown(st->ssl)) != 0)
		return -1;

	st->connected = false;

342
	return st->owned ? git_stream_close(st->io) : 0;
343 344
}

345
static void mbedtls_stream_free(git_stream *stream)
346 347 348
{
	mbedtls_stream *st = (mbedtls_stream *) stream;

349 350 351
	if (st->owned)
		git_stream_free(st->io);

352 353
	git__free(st->host);
	git__free(st->cert_info.data);
354
	mbedtls_ssl_free(st->ssl);
355 356 357 358
	git__free(st->ssl);
	git__free(st);
}

359 360 361 362 363
static int mbedtls_stream_wrap(
	git_stream **out,
	git_stream *in,
	const char *host,
	int owned)
364 365
{
	mbedtls_stream *st;
366
	int error;
367 368

	st = git__calloc(1, sizeof(mbedtls_stream));
369
	GIT_ERROR_CHECK_ALLOC(st);
370

371 372
	st->io = in;
	st->owned = owned;
373 374

	st->ssl = git__malloc(sizeof(mbedtls_ssl_context));
375
	GIT_ERROR_CHECK_ALLOC(st->ssl);
376 377
	mbedtls_ssl_init(st->ssl);
	if (mbedtls_ssl_setup(st->ssl, git__ssl_conf)) {
378
		git_error_set(GIT_ERROR_SSL, "failed to create ssl object");
379 380 381 382 383
		error = -1;
		goto out_err;
	}

	st->host = git__strdup(host);
384
	GIT_ERROR_CHECK_ALLOC(st->host);
385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401

	st->parent.version = GIT_STREAM_VERSION;
	st->parent.encrypted = 1;
	st->parent.proxy_support = git_stream_supports_proxy(st->io);
	st->parent.connect = mbedtls_connect;
	st->parent.certificate = mbedtls_certificate;
	st->parent.set_proxy = mbedtls_set_proxy;
	st->parent.read = mbedtls_stream_read;
	st->parent.write = mbedtls_stream_write;
	st->parent.close = mbedtls_stream_close;
	st->parent.free = mbedtls_stream_free;

	*out = (git_stream *) st;
	return 0;

out_err:
	mbedtls_ssl_free(st->ssl);
402
	git_stream_close(st->io);
403 404 405 406 407 408
	git_stream_free(st->io);
	git__free(st);

	return error;
}

409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424
int git_mbedtls_stream_wrap(
	git_stream **out,
	git_stream *in,
	const char *host)
{
	return mbedtls_stream_wrap(out, in, host, 0);
}

int git_mbedtls_stream_new(
	git_stream **out,
	const char *host,
	const char *port)
{
	git_stream *stream;
	int error;

425 426 427
	GIT_ASSERT_ARG(out);
	GIT_ASSERT_ARG(host);
	GIT_ASSERT_ARG(port);
428

Edward Thomson committed
429
	if ((error = git_socket_stream_new(&stream, host, port)) < 0)
430 431 432 433 434 435 436 437 438 439
		return error;

	if ((error = mbedtls_stream_wrap(out, stream, host, 1)) < 0) {
		git_stream_close(stream);
		git_stream_free(stream);
	}

	return error;
}

440
int git_mbedtls__set_cert_location(const char *file, const char *path)
441 442 443
{
	int ret = 0;
	char errbuf[512];
444 445
	mbedtls_x509_crt *cacert;

446
	GIT_ASSERT_ARG(file || path);
447 448

	cacert = git__malloc(sizeof(mbedtls_x509_crt));
449
	GIT_ERROR_CHECK_ALLOC(cacert);
450

451
	mbedtls_x509_crt_init(cacert);
452 453 454
	if (file)
		ret = mbedtls_x509_crt_parse_file(cacert, file);
	if (ret >= 0 && path)
455 456 457 458 459
		ret = mbedtls_x509_crt_parse_path(cacert, path);
	/* mbedtls_x509_crt_parse_path returns the number of invalid certs on success */
	if (ret < 0) {
		mbedtls_x509_crt_free(cacert);
		git__free(cacert);
460
		mbedtls_strerror( ret, errbuf, 512 );
461
		git_error_set(GIT_ERROR_SSL, "failed to load CA certificates: %#04x - %s", ret, errbuf);
462 463
		return -1;
	}
464 465 466 467 468

	mbedtls_x509_crt_free(git__ssl_conf->ca_chain);
	git__free(git__ssl_conf->ca_chain);
	mbedtls_ssl_conf_ca_chain(git__ssl_conf, cacert, NULL);

469 470 471 472 473 474 475
	return 0;
}

#else

#include "stream.h"

476 477 478 479 480
int git_mbedtls_stream_global_init(void)
{
	return 0;
}

481
#endif