nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-30 23:53:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

r16455@catbus: nickm | 2007-11-06 12:48:00 -0500

Browse Source 
Parse CERT cells and act correctly when we get them.


svn:r12396
This commit is contained in:
Nick Mathewson 2007-11-06 18:00:07 +00:00
parent af60d79f5d
commit e047f7f865
7 changed files with 202 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/TODO
View File

@ -34,16 +34,16 @@ Things we'd like to do in 0.2.0.x:
o Add parse logic o Add parse logic
o Make CERT variable. o Make CERT variable.
o Make VERSIONS variable. o Make VERSIONS variable.
- CERT cells o CERT cells
- functions to parse x509 certs o functions to parse x509 certs
- functions to validate a single x509 cert against a TLS connection o functions to validate a single x509 cert against a TLS connection
- functions to validate a chain of x509 certs, and extract a PK. o functions to validate a chain of x509 certs, and extract a PK.
o function to encode x509 certs o function to encode x509 certs
o Parse CERT cells o Parse CERT cells
o Generate CERT cells o Generate CERT cells
o Keep copies of X509 certs around, not necessarily associated with o Keep copies of X509 certs around, not necessarily associated with
connection. connection.
- LINK_AUTH cells . LINK_AUTH cells
o Code to generate o Code to generate
o Remember certificate digests from TLS o Remember certificate digests from TLS
o Code to parse and check o Code to parse and check

11
src/common/crypto.c
View File

@ -246,6 +246,17 @@ _crypto_new_pk_env_rsa(RSA *rsa)
return env; return env;
} }
/** used by tortls.c: wrap the RSA from an evp_pkey in a crypto_pk_env_t.
* returns NULL if this isn't an RSA key. */
crypto_pk_env_t *
_crypto_new_pk_env_evp_pkey(EVP_PKEY *pkey)
{
RSA *rsa;
if (!(rsa = EVP_PKEY_get1_RSA(pkey)))
return NULL;
return _crypto_new_pk_env_rsa(rsa);
}
/** used by tortls.c: get an equivalent EVP_PKEY* for a crypto_pk_env_t. Iff /** used by tortls.c: get an equivalent EVP_PKEY* for a crypto_pk_env_t. Iff
* private is set, include the private-key portion of the key. */ * private is set, include the private-key portion of the key. */
EVP_PKEY * EVP_PKEY *

1
src/common/crypto.h
View File

@ -195,6 +195,7 @@ struct rsa_st;
struct evp_pkey_st; struct evp_pkey_st;
struct dh_st; struct dh_st;
crypto_pk_env_t *_crypto_new_pk_env_rsa(struct rsa_st *rsa); crypto_pk_env_t *_crypto_new_pk_env_rsa(struct rsa_st *rsa);
crypto_pk_env_t *_crypto_new_pk_env_evp_pkey(struct evp_pkey_st *pkey);
struct evp_pkey_st *_crypto_pk_env_get_evp_pkey(crypto_pk_env_t *env, struct evp_pkey_st *_crypto_pk_env_get_evp_pkey(crypto_pk_env_t *env,
int private); int private);
struct dh_st *_crypto_dh_env_get_dh(crypto_dh_env_t *dh); struct dh_st *_crypto_dh_env_get_dh(crypto_dh_env_t *dh);

154
src/common/tortls.c
View File

@ -815,27 +815,22 @@ log_cert_lifetime(X509 *cert, const char *problem)
tor_free(s2); tor_free(s2);
} }
/** If the provided tls connection is authenticated and has a /** DOCDOC helper.
* certificate that is currently valid and signed, then set * cert_out needs to be freed. id_cert_out doesn't. */
* *<b>identity_key</b> to the identity certificate's key and return static void
* 0. Else, return -1 and log complaints with log-level <b>severity</b>. try_to_extract_certs_from_tls(int severity, tor_tls_t *tls,
*/ X509 **cert_out, X509 **id_cert_out)
int
tor_tls_verify_v1(int severity, tor_tls_t *tls, crypto_pk_env_t **identity_key)
{ {
X509 *cert = NULL, *id_cert = NULL; X509 *cert = NULL, *id_cert = NULL;
STACK_OF(X509) *chain = NULL; STACK_OF(X509) *chain = NULL;
EVP_PKEY *id_pkey = NULL; int num_in_chain, i;
RSA *rsa; *cert_out = *id_cert_out = NULL;
int num_in_chain;
int r = -1, i;
*identity_key = NULL;
if (!(cert = SSL_get_peer_certificate(tls->ssl))) if (!(cert = SSL_get_peer_certificate(tls->ssl)))
goto done; return;
*cert_out = cert;
if (!(chain = SSL_get_peer_cert_chain(tls->ssl))) if (!(chain = SSL_get_peer_cert_chain(tls->ssl)))
goto done; return;
num_in_chain = sk_X509_num(chain); num_in_chain = sk_X509_num(chain);
/* 1 means we're receiving (server-side), and it's just the id_cert. /* 1 means we're receiving (server-side), and it's just the id_cert.
* 2 means we're connecting (client-side), and it's both the link * 2 means we're connecting (client-side), and it's both the link
@ -845,18 +840,38 @@ tor_tls_verify_v1(int severity, tor_tls_t *tls, crypto_pk_env_t **identity_key)
log_fn(severity,LD_PROTOCOL, log_fn(severity,LD_PROTOCOL,
"Unexpected number of certificates in chain (%d)", "Unexpected number of certificates in chain (%d)",
num_in_chain); num_in_chain);
goto done; return;
} }
for (i=0; i<num_in_chain; ++i) { for (i=0; i<num_in_chain; ++i) {
id_cert = sk_X509_value(chain, i); id_cert = sk_X509_value(chain, i);
if (X509_cmp(id_cert, cert) != 0) if (X509_cmp(id_cert, cert) != 0)
break; break;
} }
*id_cert_out = id_cert;
}
/** If the provided tls connection is authenticated and has a
* certificate that is currently valid and signed, then set
* *<b>identity_key</b> to the identity certificate's key and return
* 0. Else, return -1 and log complaints with log-level <b>severity</b>.
*/
int
tor_tls_verify_v1(int severity, tor_tls_t *tls, crypto_pk_env_t **identity_key)
{
X509 *cert = NULL, *id_cert = NULL;
EVP_PKEY *id_pkey = NULL;
RSA *rsa;
int r = -1;
*identity_key = NULL;
try_to_extract_certs_from_tls(severity, tls, &cert, &id_cert);
if (!cert)
goto done;
if (!id_cert) { if (!id_cert) {
log_fn(severity,LD_PROTOCOL,"No distinct identity certificate found"); log_fn(severity,LD_PROTOCOL,"No distinct identity certificate found");
goto done; goto done;
} }
if (!(id_pkey = X509_get_pubkey(id_cert)) || if (!(id_pkey = X509_get_pubkey(id_cert)) ||
X509_verify(cert, id_pkey) <= 0) { X509_verify(cert, id_pkey) <= 0) {
log_fn(severity,LD_PROTOCOL,"X509_verify on cert and pkey returned <= 0"); log_fn(severity,LD_PROTOCOL,"X509_verify on cert and pkey returned <= 0");
@ -884,6 +899,111 @@ tor_tls_verify_v1(int severity, tor_tls_t *tls, crypto_pk_env_t **identity_key)
return r; return r;
} }
/** DOCDOC
*
* Returns 1 on "verification is done", 0 on "still need LINK_AUTH."
*/
int
tor_tls_verify_certs_v2(int severity, tor_tls_t *tls,
const char *cert_str, size_t cert_len,
const char *id_cert_str, size_t id_cert_len,
crypto_pk_env_t **cert_key_out,
char *conn_cert_digest_out,
char *id_digest_out)
{
X509 *cert = NULL, *id_cert = NULL;
EVP_PKEY *id_pkey = NULL, *cert_pkey = NULL;
int free_id_cert = 0, peer_used_tls_cert = 0;
int r = -1;
tor_assert(cert_key_out);
tor_assert(conn_cert_digest_out);
tor_assert(id_digest_out);
*cert_key_out = NULL;
if (cert_str && cert_len) {
/*XXXX020 warn on error. */
const unsigned char *cp = (const unsigned char*) cert_str;
cert = d2i_X509(NULL, &cp, cert_len);
}
if (id_cert_str && id_cert_len) {
/*XXXX020 warn on error. */
const unsigned char *cp = (const unsigned char*) id_cert_str;
id_cert = d2i_X509(NULL, &cp, id_cert_len);
if (id_cert)
free_id_cert = 1;
}
if (cert) {
int cmp = 0;
X509 *cert_tmp = SSL_get_peer_certificate(tls->ssl);
if (cert_tmp) {
peer_used_tls_cert = 1;
cmp = X509_cmp(cert, cert_tmp);
X509_free(cert_tmp);
}
if (cmp != 0) {
log_fn(severity, LD_PROTOCOL,
"Certificate in CERT cell didn't match TLS cert.");
goto done;
}
}
if (!cert || !id_cert) {
X509 *c=NULL, *id=NULL;
try_to_extract_certs_from_tls(severity, tls, &c, &id);
if (c) {
if (!cert)
cert = c;
else
X509_free(c);
}
if (id && !id_cert)
id_cert = id;
}
if (!id_cert || !cert)
goto done;
if (!(id_pkey = X509_get_pubkey(id_cert)) ||
X509_verify(cert, id_pkey) <= 0) {
log_fn(severity,LD_PROTOCOL,"X509_verify on cert and pkey returned <= 0");
tls_log_errors(severity,"verifying certificate");
goto done;
}
{
crypto_pk_env_t *i = _crypto_new_pk_env_evp_pkey(id_pkey);
if (!i)
goto done;
crypto_pk_get_digest(i, id_digest_out);
crypto_free_pk_env(i);
}
if (!(cert_pkey = X509_get_pubkey(cert)))
goto done;
if (!(*cert_key_out = _crypto_new_pk_env_evp_pkey(cert_pkey)))
goto done;
{
unsigned int len = 0;
X509_digest(cert, EVP_sha1(), (unsigned char*)conn_cert_digest_out, &len);
tor_assert(len == DIGEST_LEN);
}
r = peer_used_tls_cert ? 1 : 0;
done:
if (cert)
X509_free(cert);
if (id_cert && free_id_cert)
X509_free(id_cert);
if (id_pkey)
EVP_PKEY_free(id_pkey);
if (cert_pkey)
EVP_PKEY_free(cert_pkey);
return r;
}
/** Check whether the certificate set on the connection <b>tls</b> is /** Check whether the certificate set on the connection <b>tls</b> is
* expired or not-yet-valid, give or take <b>tolerance</b> * expired or not-yet-valid, give or take <b>tolerance</b>
* seconds. Return 0 for valid, -1 for failure. * seconds. Return 0 for valid, -1 for failure.

6
src/common/tortls.h
View File

@ -60,6 +60,12 @@ char *tor_tls_encode_my_certificate(tor_tls_t *tls, size_t *size_out,
crypto_pk_env_t *tor_tls_dup_private_key(tor_tls_t *tls); crypto_pk_env_t *tor_tls_dup_private_key(tor_tls_t *tls);
int tor_tls_verify_v1(int severity, tor_tls_t *tls, int tor_tls_verify_v1(int severity, tor_tls_t *tls,
crypto_pk_env_t **identity); crypto_pk_env_t **identity);
int tor_tls_verify_certs_v2(int severity, tor_tls_t *tls,
const char *cert_str, size_t cert_len,
const char *id_cert_str, size_t id_cert_len,
crypto_pk_env_t **cert_key_out,
char *conn_cert_digest_out,
char *id_digest_out);
int tor_tls_check_lifetime(tor_tls_t *tls, int tolerance); int tor_tls_check_lifetime(tor_tls_t *tls, int tolerance);
int tor_tls_read(tor_tls_t *tls, char *cp, size_t len); int tor_tls_read(tor_tls_t *tls, char *cp, size_t len);
int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n); int tor_tls_write(tor_tls_t *tls, const char *cp, size_t n);

45
src/or/command.c
View File

@ -608,9 +608,10 @@ static void
command_process_cert_cell(var_cell_t *cell, or_connection_t *conn) command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
{ {
int n_certs = 0; int n_certs = 0;
uint16_t conn_cert_len, id_cert_len; uint16_t conn_cert_len = 0, id_cert_len = 0;
const char *conn_cert = NULL, *id_cert = NULL; const char *conn_cert = NULL, *id_cert = NULL;
const char *cp, *end; const char *cp, *end;
int authenticated = 0;
/*XXXX020 log messages*/ /*XXXX020 log messages*/
if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING) if (conn->_base.state != OR_CONN_STATE_OR_HANDSHAKING)
@ -633,9 +634,11 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
if (end-cp < len) if (end-cp < len)
goto err; goto err;
if (n_certs == 0) { if (n_certs == 0) {
conn_cert = cp; id_cert = cp;
conn_cert_len = len; id_cert_len = len;
} else if (n_certs == 1) { } else if (n_certs == 1) {
conn_cert = id_cert;
conn_cert_len = id_cert_len;
id_cert = cp; id_cert = cp;
id_cert_len = len; id_cert_len = len;
} else { } else {
@ -646,20 +649,34 @@ command_process_cert_cell(var_cell_t *cell, or_connection_t *conn)
} }
/* Now we have 0, 1, or 2 certs. */ /* Now we have 0, 1, or 2 certs. */
if (n_certs == 0) {
/* The other side is unauthenticated. */
/* Verify that identity cert has signed peer cert in SSL, or } else {
* peer cert in the cell. */ int r;
/* Verify that identity cert is self-signed. */ r = tor_tls_verify_certs_v2(LOG_PROTOCOL_WARN, conn->tls,
/* Learn ID digest. */ conn_cert, conn_cert_len,
/* Learn cert digests. */ id_cert, id_cert_len,
/* Remember peer cert public key. */ &conn->handshake_state->signing_key,
/* set received_certs. */ (conn->handshake_state->started_here ?
conn->handshake_state->server_cert_digest :
conn->handshake_state->client_cert_digest),
conn->handshake_state->cert_id_digest);
if (r < 0)
goto err;
if (r == 1)
authenticated = 1;
}
conn->handshake_state->received_certs = 1; conn->handshake_state->received_certs = 1;
if (authenticated) {
/* XXXX020 make the connection open. */
}
if (! conn->handshake_state->signing_key)
goto err;
return; return;
err: err:
; /*XXXX020 close the connection */;
} }
#define LINK_AUTH_STRING "Tor initiator certificate verification" #define LINK_AUTH_STRING "Tor initiator certificate verification"
@ -732,7 +749,7 @@ command_process_link_auth_cell(cell_t *cell, or_connection_t *conn)
/* Okay, we're authenticated. */ /* Okay, we're authenticated. */
s->authenticated = 1; s->authenticated = 1;
/* XXXX020 act on being authenticated: */ /* XXXX020 act on being authenticated: Open the connection. */
return; return;
err: err:

20
src/or/connection_or.c
View File

@ -633,8 +633,9 @@ connection_or_nonopen_was_started_here(or_connection_t *conn)
* this guy; and note that this guy is reachable. * this guy; and note that this guy is reachable.
*/ */
static int static int
connection_or_check_valid_handshake(or_connection_t *conn, int started_here, connection_or_check_valid_tls_handshake(or_connection_t *conn,
char *digest_rcvd) int started_here,
char *digest_rcvd_out)
{ {
crypto_pk_env_t *identity_rcvd=NULL; crypto_pk_env_t *identity_rcvd=NULL;
or_options_t *options = get_options(); or_options_t *options = get_options();
@ -677,7 +678,7 @@ connection_or_check_valid_handshake(or_connection_t *conn, int started_here,
if (identity_rcvd) { if (identity_rcvd) {
has_identity=1; has_identity=1;
crypto_pk_get_digest(identity_rcvd, digest_rcvd); crypto_pk_get_digest(identity_rcvd, digest_rcvd_out);
if (crypto_pk_cmp_keys(get_identity_key(), identity_rcvd)<0) { if (crypto_pk_cmp_keys(get_identity_key(), identity_rcvd)<0) {
conn->circ_id_type = CIRC_ID_TYPE_LOWER; conn->circ_id_type = CIRC_ID_TYPE_LOWER;
@ -686,12 +687,12 @@ connection_or_check_valid_handshake(or_connection_t *conn, int started_here,
} }
crypto_free_pk_env(identity_rcvd); crypto_free_pk_env(identity_rcvd);
} else { } else {
memset(digest_rcvd, 0, DIGEST_LEN); memset(digest_rcvd_out, 0, DIGEST_LEN);
conn->circ_id_type = CIRC_ID_TYPE_NEITHER; conn->circ_id_type = CIRC_ID_TYPE_NEITHER;
} }
if (started_here && tor_digest_is_zero(conn->identity_digest)) { if (started_here && tor_digest_is_zero(conn->identity_digest)) {
memcpy(conn->identity_digest, digest_rcvd, DIGEST_LEN); memcpy(conn->identity_digest, digest_rcvd_out, DIGEST_LEN);
tor_free(conn->nickname); tor_free(conn->nickname);
conn->nickname = tor_malloc(HEX_DIGEST_LEN+2); conn->nickname = tor_malloc(HEX_DIGEST_LEN+2);
conn->nickname[0] = '$'; conn->nickname[0] = '$';
@ -706,11 +707,11 @@ connection_or_check_valid_handshake(or_connection_t *conn, int started_here,
int as_advertised = 1; int as_advertised = 1;
tor_assert(has_cert); tor_assert(has_cert);
tor_assert(has_identity); tor_assert(has_identity);
if (memcmp(digest_rcvd, conn->identity_digest, DIGEST_LEN)) { if (memcmp(digest_rcvd_out, conn->identity_digest, DIGEST_LEN)) {
/* I was aiming for a particular digest. I didn't get it! */ /* I was aiming for a particular digest. I didn't get it! */
char seen[HEX_DIGEST_LEN+1]; char seen[HEX_DIGEST_LEN+1];
char expected[HEX_DIGEST_LEN+1]; char expected[HEX_DIGEST_LEN+1];
base16_encode(seen, sizeof(seen), digest_rcvd, DIGEST_LEN); base16_encode(seen, sizeof(seen), digest_rcvd_out, DIGEST_LEN);
base16_encode(expected, sizeof(expected), conn->identity_digest, base16_encode(expected, sizeof(expected), conn->identity_digest,
DIGEST_LEN); DIGEST_LEN);
log_fn(severity, LD_OR, log_fn(severity, LD_OR,
@ -728,7 +729,7 @@ connection_or_check_valid_handshake(or_connection_t *conn, int started_here,
* with the same address:port and a different key. * with the same address:port and a different key.
*/ */
dirserv_orconn_tls_done(conn->_base.address, conn->_base.port, dirserv_orconn_tls_done(conn->_base.address, conn->_base.port,
digest_rcvd, as_advertised); digest_rcvd_out, as_advertised);
} }
if (!as_advertised) if (!as_advertised)
return -1; return -1;
@ -755,7 +756,8 @@ connection_tls_finish_handshake(or_connection_t *conn)
log_debug(LD_OR,"tls handshake done. verifying."); log_debug(LD_OR,"tls handshake done. verifying.");
/* V1 only XXXX020 */ /* V1 only XXXX020 */
if (connection_or_check_valid_handshake(conn, started_here, digest_rcvd) < 0) if (connection_or_check_valid_tls_handshake(conn, started_here,
digest_rcvd) < 0)
return -1; return -1;
if (!started_here) { /* V1 only XXXX020 */ if (!started_here) { /* V1 only XXXX020 */