git.saurik.com Git - apple/security.git/blame - OSX/libsecurity

Commit	Line	Data
d8f41ccd A	1	/*
	2	* Copyright (c) 2006-2014 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	/*
	25	* sslCrypto.c - interface between SSL and crypto libraries
	26	*/
	27
	28	#include "sslCrypto.h"
	29	#include "sslContext.h"
	30	#include "sslMemory.h"
d8f41ccd A	31	#include "sslDebug.h"
	32
	33	#include <string.h>
	34	#include <stdlib.h>
d64be36e	35	#include "utilities/simulatecrash_assert.h"
d8f41ccd	36
5c19dc3a	37	#include <Security/SecTrustPriv.h>
d8f41ccd A	38	#include <Security/SecPolicy.h>
	39	#include <Security/SecCertificate.h>
	40
	41	#include <AssertMacros.h>
	42	#include "utilities/SecCFRelease.h"
	43
	44	#if TARGET_OS_IPHONE
	45	#include <Security/SecRSAKey.h>
	46	#include <Security/SecECKey.h>
	47	#endif
	48
fa7225c8 A	49	#include <tls_helpers.h>
fa7225c8 A	50
d8f41ccd A	51
	52	OSStatus
	53	sslCreateSecTrust(
	54	SSLContext *ctx,
d8f41ccd A	55	SecTrustRef pTrust) / RETURNED */
	56	{
	57	OSStatus status = errSecAllocate;
d8f41ccd	58	SecTrustRef trust = NULL;
d8f41ccd	59
fa7225c8	60	require_noerr(status = tls_helper_create_peer_trust(ctx->hdsk, ctx->protocolSide==kSSLServerSide, &trust), errOut);
5c19dc3a	61
d8f41ccd	62	/* If we have trustedAnchors we set them here. */
fa7225c8 A	63	if (trust && ctx->trustedCerts) {
	64	require_noerr(status = SecTrustSetAnchorCertificates(trust, ctx->trustedCerts), errOut);
	65	require_noerr(status = SecTrustSetAnchorCertificatesOnly(trust, ctx->trustedCertsOnly), errOut);
d8f41ccd A	66	}
	67
	68	status = errSecSuccess;
	69
	70	errOut:
fa7225c8 A	71	if(status != noErr) {
	72	CFReleaseSafe(trust);
	73	*pTrust = NULL;
	74	} else {
	75	*pTrust = trust;
	76	}
d8f41ccd A	77
	78	return status;
	79	}
	80
fa7225c8	81	#if !TARGET_OS_IPHONE
d8f41ccd A	82	/* Return the first certificate reference from the supplied array
	83	* whose data matches the given certificate, or NULL if none match.
	84	*/
	85	static
	86	SecCertificateRef
	87	sslGetMatchingCertInArray(
	88	SecCertificateRef certRef,
	89	CFArrayRef certArray)
	90	{
	91	SecCertificateRef matchedCert = NULL;
	92
	93	if (certRef == NULL \|\| certArray == NULL) {
	94	return NULL;
	95	}
	96
866f8763 A	97	CFIndex idx, count = CFArrayGetCount(certArray);
	98	for (idx = 0; idx < count; idx++) {
	99	SecCertificateRef otherCert = (SecCertificateRef) CFArrayGetValueAtIndex(certArray, idx);
	100	if (CFEqual(certRef, otherCert)) {
	101	matchedCert = otherCert;
	102	break;
	103	}
	104	}
d8f41ccd A	105
	106	return matchedCert;
	107	}
fa7225c8	108	#endif
d8f41ccd A	109
	110	/*
	111	* Verify a chain of DER-encoded certs.
d8f41ccd A	112	*/
d8f41ccd A	113	static OSStatus sslVerifyCertChain(
fa7225c8	114	SSLContext *ctx)
d8f41ccd A	115	{
	116	OSStatus status;
	117	SecTrustRef trust = NULL;
	118
5c19dc3a A	119	/* renegotiate - start with a new SecTrustRef */
5c19dc3a A	120	CFReleaseNull(ctx->peerSecTrust);
d8f41ccd	121
fa7225c8 A	122	/* on failure, we always return trust==NULL, so we don't check the returned status here */
	123	sslCreateSecTrust(ctx, &trust);
	124
	125	if(trust==NULL) {
5c19dc3a A	126	if(ctx->protocolSide == kSSLClientSide) {
	127	/* No cert chain is always a trust failure on the server side */
	128	status = errSSLXCertChainInvalid;
	129	sslErrorLog("***Error: NULL server cert chain\n");
	130	} else {
	131	/* No cert chain on the client side is ok unless using kAlwaysAuthenticate */
	132	if(ctx->clientAuth == kAlwaysAuthenticate) {
	133	sslErrorLog("***Error: NULL client cert chain\n");
	134	status = errSSLXCertChainInvalid;
	135	} else {
	136	status = noErr;
	137	}
	138	}
d87e1158 A	139	goto errOut;
	140	}
	141
d8f41ccd A	142
	143	if (!ctx->enableCertVerify) {
	144	/* trivial case, this is caller's responsibility */
	145	status = errSecSuccess;
	146	goto errOut;
	147	}
	148
	149	SecTrustResultType secTrustResult;
866f8763 A	150	require_noerr(status = SecTrustEvaluate(trust, &secTrustResult), errOut);
866f8763 A	151
d8f41ccd A	152	switch (secTrustResult) {
	153	case kSecTrustResultUnspecified:
	154	/* cert chain valid, no special UserTrust assignments */
	155	case kSecTrustResultProceed:
	156	/* cert chain valid AND user explicitly trusts this */
	157	status = errSecSuccess;
	158	break;
	159	case kSecTrustResultDeny:
d8f41ccd A	160	case kSecTrustResultRecoverableTrustFailure:
	161	default:
	162	if(ctx->allowAnyRoot) {
	163	sslErrorLog("***Warning: accepting unverified cert chain\n");
	164	status = errSecSuccess;
	165	}
	166	else {
fa7225c8	167	#if !TARGET_OS_IPHONE
d8f41ccd A	168	/*
	169	* If the caller provided a list of trusted leaf certs, check them here
	170	*/
fa7225c8 A	171	if(ctx->trustedLeafCerts) {
	172	if (sslGetMatchingCertInArray(SecTrustGetCertificateAtIndex(trust, 0),
	173	ctx->trustedLeafCerts)) {
	174	status = errSecSuccess;
	175	goto errOut;
	176	}
	177	}
	178	#endif
d8f41ccd A	179	status = errSSLXCertChainInvalid;
	180	}
	181	/* Do we really need to return things like:
	182	errSSLNoRootCert
	183	errSSLUnknownRootCert
	184	errSSLCertExpired
	185	errSSLCertNotYetValid
	186	errSSLHostNameMismatch
	187	for our client to see what went wrong, or should we just always
	188	return
	189	errSSLXCertChainInvalid
	190	when something is wrong? */
	191	break;
	192	}
	193
	194	errOut:
5c19dc3a	195	ctx->peerSecTrust = trust;
d8f41ccd A	196
	197	return status;
	198	}
	199
d8f41ccd A	200	int
	201	tls_verify_peer_cert(SSLContext *ctx)
	202	{
5c19dc3a A	203	int err = 0;
5c19dc3a A	204	OSStatus st;
d8f41ccd	205
5c19dc3a A	206	/* Note: A verification failure here does not cause the function to return an error.
	207	This will allow the handshake to continue, coreTLS will eventually returns an error,
	208	after sending the appropriate alert messages, based on the trust value set with the
	209	call to tls_handshake_set_peer_trust(). In some case a verification failure here is
	210	normal, for example if there is no cert (eg: PSK and Anon DH ciphersuites) */
d8f41ccd	211
fa7225c8	212	st = sslVerifyCertChain(ctx);
d8f41ccd	213	tls_handshake_trust_t trust;
5c19dc3a	214	switch (st) {
d8f41ccd A	215	case errSecSuccess:
	216	trust = tls_handshake_trust_ok;
	217	break;
	218	case errSSLUnknownRootCert:
	219	case errSSLNoRootCert:
	220	trust = tls_handshake_trust_unknown_root;
	221	break;
	222	case errSSLCertExpired:
	223	case errSSLCertNotYetValid:
	224	trust = tls_handshake_trust_cert_expired;
	225	break;
	226	case errSSLXCertChainInvalid:
	227	default:
	228	trust = tls_handshake_trust_cert_invalid;
	229	break;
	230	}
	231
	232	tls_handshake_set_peer_trust(ctx->hdsk, trust);
	233
5c19dc3a A	234	/* Now that trust has been (possibly) evaluated,
5c19dc3a A	235	we check if we need to break out of the handshake */
d8f41ccd A	236	if(ctx->protocolSide == kSSLServerSide) {
	237	/*
	238	* Schedule return to the caller to verify the client's identity.
5c19dc3a	239	* This will return even if there was no client cert sent.
d8f41ccd A	240	*/
	241	if (ctx->breakOnClientAuth) {
	242	err = errSSLClientAuthCompleted;
	243	}
fa7225c8	244	} else if(ctx->peerSecTrust) {
d8f41ccd A	245	/*
d8f41ccd A	246	* Schedule return to the caller to verify the server's identity.
5c19dc3a A	247	* This will only return if a server cert was sent. In other cases
5c19dc3a A	248	* such as PSK and AnonDH, we don't want to break out of the handshake.
d8f41ccd A	249	*/
	250	if (ctx->breakOnServerAuth) {
	251	err = errSSLServerAuthCompleted;
	252	}
	253	}
	254
d8f41ccd A	255	return err;
	256	}
	257
	258	/*
	259	* After ciphersuite negotiation is complete, verify that we have
	260	* the capability of actually performing the selected cipher.
	261	* Currently we just verify that we have a cert and private signing
	262	* key, if needed, and that the signing key's algorithm matches the
	263	* expected key exchange method.
	264	*
	265	* This is currently called from FindCipherSpec(), after it sets
	266	* ctx->selectedCipherSpec to a (supposedly) valid value, and from
	267	* sslBuildCipherSpecArray(), in server mode (pre-negotiation) only.
	268	*/
	269
	270	#if 0
	271	OSStatus sslVerifySelectedCipher(SSLContext *ctx)
	272	{
	273
	274	if(ctx->protocolSide == kSSLClientSide) {
	275	return errSecSuccess;
	276	}
	277	#if SSL_PAC_SERVER_ENABLE
	278	if((ctx->masterSecretCallback != NULL) &&
	279	(ctx->sessionTicket.data != NULL)) {
	280	/* EAP via PAC resumption; we can do it */
	281	return errSecSuccess;
	282	}
	283	#endif /* SSL_PAC_SERVER_ENABLE */
	284
	285	CFIndex requireAlg;
	286	switch (ctx->selectedCipherSpecParams.keyExchangeMethod) {
	287	case SSL_RSA:
	288	case SSL_RSA_EXPORT:
	289	case SSL_DH_RSA:
	290	case SSL_DH_RSA_EXPORT:
	291	case SSL_DHE_RSA:
	292	case SSL_DHE_RSA_EXPORT:
	293	requireAlg = kSecRSAAlgorithmID;
	294	break;
	295	case SSL_DHE_DSS:
	296	case SSL_DHE_DSS_EXPORT:
	297	case SSL_DH_DSS:
	298	case SSL_DH_DSS_EXPORT:
	299	requireAlg = kSecDSAAlgorithmID;
	300	break;
	301	case SSL_DH_anon:
	302	case SSL_DH_anon_EXPORT:
	303	case TLS_PSK:
	304	requireAlg = kSecNullAlgorithmID; /* no signing key */
	305	break;
	306	/*
	307	* When SSL_ECDSA_SERVER is true and we support ECDSA on the server side,
	308	* we'll need to add some logic here...
	309	*/
	310	#if SSL_ECDSA_SERVER
	311	case SSL_ECDHE_ECDSA:
	312	case SSL_ECDHE_RSA:
	313	case SSL_ECDH_ECDSA:
	314	case SSL_ECDH_RSA:
	315	case SSL_ECDH_anon:
	316	requireAlg = kSecECDSAAlgorithmID;
	317	break;
	318	#endif
319
320	default:
321	/* needs update per cipherSpecs.c */
322	assert(0);
323	sslErrorLog("sslVerifySelectedCipher: unknown key exchange method\n");
324	return errSSLInternal;
325	}
326
327	if(requireAlg == kSecNullAlgorithmID) {
328	return errSecSuccess;
329	}
330
331	/* private signing key required */
332	if(ctx->signingPrivKeyRef == NULL) {
333	sslErrorLog("sslVerifySelectedCipher: no signing key\n");
334	return errSSLBadConfiguration;
335	}
336
337	/* Check the alg of our signing key. */
b54c578e	338	CFIndex keyAlg = SecKeyGetAlgorithmId(ctx->signingPrivKeyRef);
d8f41ccd A	339	if (requireAlg != keyAlg) {
	340	sslErrorLog("sslVerifySelectedCipher: signing key alg mismatch\n");
	341	return errSSLBadConfiguration;
	342	}
	343
	344	return errSecSuccess;
	345	}
	346
	347	#endif