San Mehat | a430b2b | 2014-09-23 08:30:51 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2009 Vic Lee. |
| 3 | * |
| 4 | * This is free software; you can redistribute it and/or modify |
| 5 | * it under the terms of the GNU General Public License as published by |
| 6 | * the Free Software Foundation; either version 2 of the License, or |
| 7 | * (at your option) any later version. |
| 8 | * |
| 9 | * This software is distributed in the hope that it will be useful, |
| 10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 12 | * GNU General Public License for more details. |
| 13 | * |
| 14 | * You should have received a copy of the GNU General Public License |
| 15 | * along with this software; if not, write to the Free Software |
| 16 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
| 17 | * USA. |
| 18 | */ |
| 19 | |
| 20 | #include <gnutls/gnutls.h> |
| 21 | #include <rfb/rfbclient.h> |
| 22 | #include <errno.h> |
| 23 | #ifdef WIN32 |
| 24 | #undef SOCKET |
| 25 | #include <windows.h> /* for Sleep() */ |
| 26 | #define sleep(X) Sleep(1000*X) /* MinGW32 has no sleep() */ |
| 27 | #include <winsock2.h> |
| 28 | #define read(sock,buf,len) recv(sock,buf,len,0) |
| 29 | #define write(sock,buf,len) send(sock,buf,len,0) |
| 30 | #endif |
| 31 | #include "tls.h" |
| 32 | |
| 33 | |
| 34 | static const char *rfbTLSPriority = "NORMAL:+DHE-DSS:+RSA:+DHE-RSA:+SRP"; |
| 35 | static const char *rfbAnonTLSPriority= "NORMAL:+ANON-DH"; |
| 36 | |
| 37 | #define DH_BITS 1024 |
| 38 | static gnutls_dh_params_t rfbDHParams; |
| 39 | |
| 40 | static rfbBool rfbTLSInitialized = FALSE; |
| 41 | |
| 42 | static rfbBool |
| 43 | InitializeTLS(void) |
| 44 | { |
| 45 | int ret; |
| 46 | |
| 47 | if (rfbTLSInitialized) return TRUE; |
| 48 | if ((ret = gnutls_global_init()) < 0 || |
| 49 | (ret = gnutls_dh_params_init(&rfbDHParams)) < 0 || |
| 50 | (ret = gnutls_dh_params_generate2(rfbDHParams, DH_BITS)) < 0) |
| 51 | { |
| 52 | rfbClientLog("Failed to initialized GnuTLS: %s.\n", gnutls_strerror(ret)); |
| 53 | return FALSE; |
| 54 | } |
| 55 | rfbClientLog("GnuTLS initialized.\n"); |
| 56 | rfbTLSInitialized = TRUE; |
| 57 | return TRUE; |
| 58 | } |
| 59 | |
| 60 | /* |
| 61 | * On Windows, translate WSAGetLastError() to errno values as GNU TLS does it |
| 62 | * internally too. This is necessary because send() and recv() on Windows |
| 63 | * don't set errno when they fail but GNUTLS expects a proper errno value. |
| 64 | * |
| 65 | * Use gnutls_transport_set_global_errno() like the GNU TLS documentation |
| 66 | * suggests to avoid problems with different errno variables when GNU TLS and |
| 67 | * libvncclient are linked to different versions of msvcrt.dll. |
| 68 | */ |
| 69 | #ifdef WIN32 |
| 70 | static void WSAtoTLSErrno() |
| 71 | { |
| 72 | switch(WSAGetLastError()) { |
| 73 | case WSAEWOULDBLOCK: |
| 74 | gnutls_transport_set_global_errno(EAGAIN); |
| 75 | break; |
| 76 | case WSAEINTR: |
| 77 | gnutls_transport_set_global_errno(EINTR); |
| 78 | break; |
| 79 | default: |
| 80 | gnutls_transport_set_global_errno(EIO); |
| 81 | break; |
| 82 | } |
| 83 | } |
| 84 | #endif |
| 85 | |
| 86 | |
| 87 | static ssize_t |
| 88 | PushTLS(gnutls_transport_ptr_t transport, const void *data, size_t len) |
| 89 | { |
| 90 | rfbClient *client = (rfbClient*)transport; |
| 91 | int ret; |
| 92 | |
| 93 | while (1) |
| 94 | { |
| 95 | ret = write(client->sock, data, len); |
| 96 | if (ret < 0) |
| 97 | { |
| 98 | #ifdef WIN32 |
| 99 | WSAtoTLSErrno(); |
| 100 | #endif |
| 101 | if (errno == EINTR) continue; |
| 102 | return -1; |
| 103 | } |
| 104 | return ret; |
| 105 | } |
| 106 | } |
| 107 | |
| 108 | |
| 109 | static ssize_t |
| 110 | PullTLS(gnutls_transport_ptr_t transport, void *data, size_t len) |
| 111 | { |
| 112 | rfbClient *client = (rfbClient*)transport; |
| 113 | int ret; |
| 114 | |
| 115 | while (1) |
| 116 | { |
| 117 | ret = read(client->sock, data, len); |
| 118 | if (ret < 0) |
| 119 | { |
| 120 | #ifdef WIN32 |
| 121 | WSAtoTLSErrno(); |
| 122 | #endif |
| 123 | if (errno == EINTR) continue; |
| 124 | return -1; |
| 125 | } |
| 126 | return ret; |
| 127 | } |
| 128 | } |
| 129 | |
| 130 | static rfbBool |
| 131 | InitializeTLSSession(rfbClient* client, rfbBool anonTLS) |
| 132 | { |
| 133 | int ret; |
| 134 | const char *p; |
| 135 | |
| 136 | if (client->tlsSession) return TRUE; |
| 137 | |
| 138 | if ((ret = gnutls_init((gnutls_session_t*)&client->tlsSession, GNUTLS_CLIENT)) < 0) |
| 139 | { |
| 140 | rfbClientLog("Failed to initialized TLS session: %s.\n", gnutls_strerror(ret)); |
| 141 | return FALSE; |
| 142 | } |
| 143 | |
| 144 | if ((ret = gnutls_priority_set_direct((gnutls_session_t)client->tlsSession, |
| 145 | anonTLS ? rfbAnonTLSPriority : rfbTLSPriority, &p)) < 0) |
| 146 | { |
| 147 | rfbClientLog("Warning: Failed to set TLS priority: %s (%s).\n", gnutls_strerror(ret), p); |
| 148 | } |
| 149 | |
| 150 | gnutls_transport_set_ptr((gnutls_session_t)client->tlsSession, (gnutls_transport_ptr_t)client); |
| 151 | gnutls_transport_set_push_function((gnutls_session_t)client->tlsSession, PushTLS); |
| 152 | gnutls_transport_set_pull_function((gnutls_session_t)client->tlsSession, PullTLS); |
| 153 | |
| 154 | rfbClientLog("TLS session initialized.\n"); |
| 155 | |
| 156 | return TRUE; |
| 157 | } |
| 158 | |
| 159 | static rfbBool |
| 160 | SetTLSAnonCredential(rfbClient* client) |
| 161 | { |
| 162 | gnutls_anon_client_credentials anonCred; |
| 163 | int ret; |
| 164 | |
| 165 | if ((ret = gnutls_anon_allocate_client_credentials(&anonCred)) < 0 || |
| 166 | (ret = gnutls_credentials_set((gnutls_session_t)client->tlsSession, GNUTLS_CRD_ANON, anonCred)) < 0) |
| 167 | { |
| 168 | FreeTLS(client); |
| 169 | rfbClientLog("Failed to create anonymous credentials: %s", gnutls_strerror(ret)); |
| 170 | return FALSE; |
| 171 | } |
| 172 | rfbClientLog("TLS anonymous credential created.\n"); |
| 173 | return TRUE; |
| 174 | } |
| 175 | |
| 176 | static rfbBool |
| 177 | HandshakeTLS(rfbClient* client) |
| 178 | { |
| 179 | int timeout = 15; |
| 180 | int ret; |
| 181 | |
| 182 | while (timeout > 0 && (ret = gnutls_handshake((gnutls_session_t)client->tlsSession)) < 0) |
| 183 | { |
| 184 | if (!gnutls_error_is_fatal(ret)) |
| 185 | { |
| 186 | rfbClientLog("TLS handshake blocking.\n"); |
| 187 | sleep(1); |
| 188 | timeout--; |
| 189 | continue; |
| 190 | } |
| 191 | rfbClientLog("TLS handshake failed: %s.\n", gnutls_strerror(ret)); |
| 192 | FreeTLS(client); |
| 193 | return FALSE; |
| 194 | } |
| 195 | |
| 196 | if (timeout <= 0) |
| 197 | { |
| 198 | rfbClientLog("TLS handshake timeout.\n"); |
| 199 | FreeTLS(client); |
| 200 | return FALSE; |
| 201 | } |
| 202 | |
| 203 | rfbClientLog("TLS handshake done.\n"); |
| 204 | return TRUE; |
| 205 | } |
| 206 | |
| 207 | /* VeNCrypt sub auth. 1 byte auth count, followed by count * 4 byte integers */ |
| 208 | static rfbBool |
| 209 | ReadVeNCryptSecurityType(rfbClient* client, uint32_t *result) |
| 210 | { |
| 211 | uint8_t count=0; |
| 212 | uint8_t loop=0; |
| 213 | uint8_t flag=0; |
| 214 | uint32_t tAuth[256], t; |
| 215 | char buf1[500],buf2[10]; |
| 216 | uint32_t authScheme; |
| 217 | |
| 218 | if (!ReadFromRFBServer(client, (char *)&count, 1)) return FALSE; |
| 219 | |
| 220 | if (count==0) |
| 221 | { |
| 222 | rfbClientLog("List of security types is ZERO. Giving up.\n"); |
| 223 | return FALSE; |
| 224 | } |
| 225 | |
| 226 | if (count>sizeof(tAuth)) |
| 227 | { |
| 228 | rfbClientLog("%d security types are too many; maximum is %d\n", count, sizeof(tAuth)); |
| 229 | return FALSE; |
| 230 | } |
| 231 | |
| 232 | rfbClientLog("We have %d security types to read\n", count); |
| 233 | authScheme=0; |
| 234 | /* now, we have a list of available security types to read ( uint8_t[] ) */ |
| 235 | for (loop=0;loop<count;loop++) |
| 236 | { |
| 237 | if (!ReadFromRFBServer(client, (char *)&tAuth[loop], 4)) return FALSE; |
| 238 | t=rfbClientSwap32IfLE(tAuth[loop]); |
| 239 | rfbClientLog("%d) Received security type %d\n", loop, t); |
| 240 | if (flag) continue; |
| 241 | if (t==rfbVeNCryptTLSNone || |
| 242 | t==rfbVeNCryptTLSVNC || |
| 243 | t==rfbVeNCryptTLSPlain || |
| 244 | t==rfbVeNCryptX509None || |
| 245 | t==rfbVeNCryptX509VNC || |
| 246 | t==rfbVeNCryptX509Plain) |
| 247 | { |
| 248 | flag++; |
| 249 | authScheme=t; |
| 250 | rfbClientLog("Selecting security type %d (%d/%d in the list)\n", authScheme, loop, count); |
| 251 | /* send back 4 bytes (in original byte order!) indicating which security type to use */ |
| 252 | if (!WriteToRFBServer(client, (char *)&tAuth[loop], 4)) return FALSE; |
| 253 | } |
| 254 | tAuth[loop]=t; |
| 255 | } |
| 256 | if (authScheme==0) |
| 257 | { |
| 258 | memset(buf1, 0, sizeof(buf1)); |
| 259 | for (loop=0;loop<count;loop++) |
| 260 | { |
| 261 | if (strlen(buf1)>=sizeof(buf1)-1) break; |
| 262 | snprintf(buf2, sizeof(buf2), (loop>0 ? ", %d" : "%d"), (int)tAuth[loop]); |
| 263 | strncat(buf1, buf2, sizeof(buf1)-strlen(buf1)-1); |
| 264 | } |
| 265 | rfbClientLog("Unknown VeNCrypt authentication scheme from VNC server: %s\n", |
| 266 | buf1); |
| 267 | return FALSE; |
| 268 | } |
| 269 | *result = authScheme; |
| 270 | return TRUE; |
| 271 | } |
| 272 | |
| 273 | static void |
| 274 | FreeX509Credential(rfbCredential *cred) |
| 275 | { |
| 276 | if (cred->x509Credential.x509CACertFile) free(cred->x509Credential.x509CACertFile); |
| 277 | if (cred->x509Credential.x509CACrlFile) free(cred->x509Credential.x509CACrlFile); |
| 278 | if (cred->x509Credential.x509ClientCertFile) free(cred->x509Credential.x509ClientCertFile); |
| 279 | if (cred->x509Credential.x509ClientKeyFile) free(cred->x509Credential.x509ClientKeyFile); |
| 280 | free(cred); |
| 281 | } |
| 282 | |
| 283 | static gnutls_certificate_credentials_t |
| 284 | CreateX509CertCredential(rfbCredential *cred) |
| 285 | { |
| 286 | gnutls_certificate_credentials_t x509_cred; |
| 287 | int ret; |
| 288 | |
| 289 | if (!cred->x509Credential.x509CACertFile) |
| 290 | { |
| 291 | rfbClientLog("No CA certificate provided.\n"); |
| 292 | return NULL; |
| 293 | } |
| 294 | |
| 295 | if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) |
| 296 | { |
| 297 | rfbClientLog("Cannot allocate credentials: %s.\n", gnutls_strerror(ret)); |
| 298 | return NULL; |
| 299 | } |
| 300 | if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred, |
| 301 | cred->x509Credential.x509CACertFile, GNUTLS_X509_FMT_PEM)) < 0) |
| 302 | { |
| 303 | rfbClientLog("Cannot load CA credentials: %s.\n", gnutls_strerror(ret)); |
| 304 | gnutls_certificate_free_credentials (x509_cred); |
| 305 | return NULL; |
| 306 | } |
| 307 | if (cred->x509Credential.x509ClientCertFile && cred->x509Credential.x509ClientKeyFile) |
| 308 | { |
| 309 | if ((ret = gnutls_certificate_set_x509_key_file(x509_cred, |
| 310 | cred->x509Credential.x509ClientCertFile, cred->x509Credential.x509ClientKeyFile, |
| 311 | GNUTLS_X509_FMT_PEM)) < 0) |
| 312 | { |
| 313 | rfbClientLog("Cannot load client certificate or key: %s.\n", gnutls_strerror(ret)); |
| 314 | gnutls_certificate_free_credentials (x509_cred); |
| 315 | return NULL; |
| 316 | } |
| 317 | } else |
| 318 | { |
| 319 | rfbClientLog("No client certificate or key provided.\n"); |
| 320 | } |
| 321 | if (cred->x509Credential.x509CACrlFile) |
| 322 | { |
| 323 | if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred, |
| 324 | cred->x509Credential.x509CACrlFile, GNUTLS_X509_FMT_PEM)) < 0) |
| 325 | { |
| 326 | rfbClientLog("Cannot load CRL: %s.\n", gnutls_strerror(ret)); |
| 327 | gnutls_certificate_free_credentials (x509_cred); |
| 328 | return NULL; |
| 329 | } |
| 330 | } else |
| 331 | { |
| 332 | rfbClientLog("No CRL provided.\n"); |
| 333 | } |
| 334 | gnutls_certificate_set_dh_params (x509_cred, rfbDHParams); |
| 335 | return x509_cred; |
| 336 | } |
| 337 | |
| 338 | |
| 339 | rfbBool |
| 340 | HandleAnonTLSAuth(rfbClient* client) |
| 341 | { |
| 342 | if (!InitializeTLS() || !InitializeTLSSession(client, TRUE)) return FALSE; |
| 343 | |
| 344 | if (!SetTLSAnonCredential(client)) return FALSE; |
| 345 | |
| 346 | if (!HandshakeTLS(client)) return FALSE; |
| 347 | |
| 348 | return TRUE; |
| 349 | } |
| 350 | |
| 351 | rfbBool |
| 352 | HandleVeNCryptAuth(rfbClient* client) |
| 353 | { |
| 354 | uint8_t major, minor, status; |
| 355 | uint32_t authScheme; |
| 356 | rfbBool anonTLS; |
| 357 | gnutls_certificate_credentials_t x509_cred = NULL; |
| 358 | int ret; |
| 359 | |
| 360 | if (!InitializeTLS()) return FALSE; |
| 361 | |
| 362 | /* Read VeNCrypt version */ |
| 363 | if (!ReadFromRFBServer(client, (char *)&major, 1) || |
| 364 | !ReadFromRFBServer(client, (char *)&minor, 1)) |
| 365 | { |
| 366 | return FALSE; |
| 367 | } |
| 368 | rfbClientLog("Got VeNCrypt version %d.%d from server.\n", (int)major, (int)minor); |
| 369 | |
| 370 | if (major != 0 && minor != 2) |
| 371 | { |
| 372 | rfbClientLog("Unsupported VeNCrypt version.\n"); |
| 373 | return FALSE; |
| 374 | } |
| 375 | |
| 376 | if (!WriteToRFBServer(client, (char *)&major, 1) || |
| 377 | !WriteToRFBServer(client, (char *)&minor, 1) || |
| 378 | !ReadFromRFBServer(client, (char *)&status, 1)) |
| 379 | { |
| 380 | return FALSE; |
| 381 | } |
| 382 | |
| 383 | if (status != 0) |
| 384 | { |
| 385 | rfbClientLog("Server refused VeNCrypt version %d.%d.\n", (int)major, (int)minor); |
| 386 | return FALSE; |
| 387 | } |
| 388 | |
| 389 | if (!ReadVeNCryptSecurityType(client, &authScheme)) return FALSE; |
| 390 | if (!ReadFromRFBServer(client, (char *)&status, 1) || status != 1) |
| 391 | { |
| 392 | rfbClientLog("Server refused VeNCrypt authentication %d (%d).\n", authScheme, (int)status); |
| 393 | return FALSE; |
| 394 | } |
| 395 | client->subAuthScheme = authScheme; |
| 396 | |
| 397 | /* Some VeNCrypt security types are anonymous TLS, others are X509 */ |
| 398 | switch (authScheme) |
| 399 | { |
| 400 | case rfbVeNCryptTLSNone: |
| 401 | case rfbVeNCryptTLSVNC: |
| 402 | case rfbVeNCryptTLSPlain: |
| 403 | anonTLS = TRUE; |
| 404 | break; |
| 405 | default: |
| 406 | anonTLS = FALSE; |
| 407 | break; |
| 408 | } |
| 409 | |
| 410 | /* Get X509 Credentials if it's not anonymous */ |
| 411 | if (!anonTLS) |
| 412 | { |
| 413 | rfbCredential *cred; |
| 414 | |
| 415 | if (!client->GetCredential) |
| 416 | { |
| 417 | rfbClientLog("GetCredential callback is not set.\n"); |
| 418 | return FALSE; |
| 419 | } |
| 420 | cred = client->GetCredential(client, rfbCredentialTypeX509); |
| 421 | if (!cred) |
| 422 | { |
| 423 | rfbClientLog("Reading credential failed\n"); |
| 424 | return FALSE; |
| 425 | } |
| 426 | |
| 427 | x509_cred = CreateX509CertCredential(cred); |
| 428 | FreeX509Credential(cred); |
| 429 | if (!x509_cred) return FALSE; |
| 430 | } |
| 431 | |
| 432 | /* Start up the TLS session */ |
| 433 | if (!InitializeTLSSession(client, anonTLS)) return FALSE; |
| 434 | |
| 435 | if (anonTLS) |
| 436 | { |
| 437 | if (!SetTLSAnonCredential(client)) return FALSE; |
| 438 | } |
| 439 | else |
| 440 | { |
| 441 | if ((ret = gnutls_credentials_set((gnutls_session_t)client->tlsSession, GNUTLS_CRD_CERTIFICATE, x509_cred)) < 0) |
| 442 | { |
| 443 | rfbClientLog("Cannot set x509 credential: %s.\n", gnutls_strerror(ret)); |
| 444 | FreeTLS(client); |
| 445 | return FALSE; |
| 446 | } |
| 447 | } |
| 448 | |
| 449 | if (!HandshakeTLS(client)) return FALSE; |
| 450 | |
| 451 | /* TODO: validate certificate */ |
| 452 | |
| 453 | /* We are done here. The caller should continue with client->subAuthScheme |
| 454 | * to do actual sub authentication. |
| 455 | */ |
| 456 | return TRUE; |
| 457 | } |
| 458 | |
| 459 | int |
| 460 | ReadFromTLS(rfbClient* client, char *out, unsigned int n) |
| 461 | { |
| 462 | ssize_t ret; |
| 463 | |
| 464 | ret = gnutls_record_recv((gnutls_session_t)client->tlsSession, out, n); |
| 465 | if (ret >= 0) return ret; |
| 466 | if (ret == GNUTLS_E_REHANDSHAKE || ret == GNUTLS_E_AGAIN) |
| 467 | { |
| 468 | errno = EAGAIN; |
| 469 | } else |
| 470 | { |
| 471 | rfbClientLog("Error reading from TLS: %s.\n", gnutls_strerror(ret)); |
| 472 | errno = EINTR; |
| 473 | } |
| 474 | return -1; |
| 475 | } |
| 476 | |
| 477 | int |
| 478 | WriteToTLS(rfbClient* client, char *buf, unsigned int n) |
| 479 | { |
| 480 | unsigned int offset = 0; |
| 481 | ssize_t ret; |
| 482 | |
| 483 | while (offset < n) |
| 484 | { |
| 485 | ret = gnutls_record_send((gnutls_session_t)client->tlsSession, buf+offset, (size_t)(n-offset)); |
| 486 | if (ret == 0) continue; |
| 487 | if (ret < 0) |
| 488 | { |
| 489 | if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) continue; |
| 490 | rfbClientLog("Error writing to TLS: %s.\n", gnutls_strerror(ret)); |
| 491 | return -1; |
| 492 | } |
| 493 | offset += (unsigned int)ret; |
| 494 | } |
| 495 | return offset; |
| 496 | } |
| 497 | |
| 498 | void FreeTLS(rfbClient* client) |
| 499 | { |
| 500 | if (client->tlsSession) |
| 501 | { |
| 502 | gnutls_deinit((gnutls_session_t)client->tlsSession); |
| 503 | client->tlsSession = NULL; |
| 504 | } |
| 505 | } |