cgmnlm

Unnamed repository; edit this file 'description' to name the repository.
git clone git://code.clttr.info/cgmnlm.git
Log | Files | Refs | README | LICENSE

commit 02f6af661513683f0c6c1465c5ff1dd8f03a30c9
parent 30660fc160a15504274d40d4a5ec1b31539f8c2f
Author: Drew DeVault <sir@cmpwn.com>
Date:   Mon, 21 Sep 2020 15:37:24 -0400

Implement TOFU

Diffstat:
Mconfigure | 5++++-
Mdoc/gmni.scd | 7++++++-
Mdoc/gmnlm.scd | 7++++++-
Minclude/gmni.h | 5+----
Ainclude/tofu.h | 48++++++++++++++++++++++++++++++++++++++++++++++++
Msrc/client.c | 77++++++++++++++++++++++++++++++++++++++++++++++++++---------------------------
Msrc/gmni.c | 69+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
Msrc/gmnlm.c | 98++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
Asrc/tofu.c | 201+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
9 files changed, 480 insertions(+), 37 deletions(-)

diff --git a/configure b/configure @@ -7,7 +7,9 @@ gmni() { src/client.c \ src/escape.c \ src/gmni.c \ - src/url.c + src/tofu.c \ + src/url.c \ + src/util.c } gmnlm() { @@ -16,6 +18,7 @@ gmnlm() { src/escape.c \ src/gmnlm.c \ src/parser.c \ + src/tofu.c \ src/url.c \ src/util.c } diff --git a/doc/gmni.scd b/doc/gmni.scd @@ -6,7 +6,7 @@ gmni - Gemini client # SYNPOSIS -*gmni* [-46lLiIN] [-E _path_] [-d _input_] [-D _path_] _gemini://..._ +*gmni* [-46lLiIN] [-j _mode_] [-E _path_] [-d _input_] [-D _path_] _gemini://..._ # DESCRIPTION @@ -52,6 +52,11 @@ performed with the user's input supplied to the server. *-L* Follow redirects. +*-j* _mode_ + Sets the TOFU (trust on first use) configuration, which controls if the + client shall trust new certificates. _mode_ can be one of *always*, + *once*, or *fail*. + *-i* Print the response status and meta text to stdout. diff --git a/doc/gmnlm.scd b/doc/gmnlm.scd @@ -6,7 +6,7 @@ gmnlm - Gemini line-mode browser # SYNPOSIS -*gmnlm* [-PU] _gemini://..._ +*gmnlm* [-PU] [-j _mode_] _gemini://..._ # DESCRIPTION @@ -14,6 +14,11 @@ gmnlm - Gemini line-mode browser # OPTIONS +*-j* _mode_ + Sets the TOFU (trust on first use) configuration, which controls if the + client shall trust new certificates. _mode_ can be one of *always*, + *once*, or *fail*. + *-P* Disable pagination. diff --git a/include/gmni.h b/include/gmni.h @@ -13,6 +13,7 @@ enum gemini_result { GEMINI_ERR_RESOLVE, GEMINI_ERR_CONNECT, GEMINI_ERR_SSL, + GEMINI_ERR_SSL_VERIFY, GEMINI_ERR_IO, GEMINI_ERR_PROTOCOL, }; @@ -65,10 +66,6 @@ struct gemini_options { // must also be NULL. SSL_CTX *ssl_ctx; - // If NULL, an SSL connection will be established. If set, it is - // presumed that the caller pre-established the SSL connection. - SSL *ssl; - // If ai_family != AF_UNSPEC (the default value on most systems), the // client will connect to this address and skip name resolution. struct addrinfo *addr; diff --git a/include/tofu.h b/include/tofu.h @@ -0,0 +1,48 @@ +#ifndef GEMINI_TOFU_H +#define GEMINI_TOFU_H +#include <limits.h> +#include <openssl/ssl.h> +#include <openssl/x509.h> +#include <time.h> + +enum tofu_error { + TOFU_VALID, + // Expired, wrong CN, etc. + TOFU_INVALID_CERT, + // Cert is valid but we haven't seen it before + TOFU_UNTRUSTED_CERT, + // Cert is valid but we already trust another cert for this host + TOFU_FINGERPRINT_MISMATCH, +}; + +enum tofu_action { + TOFU_ASK, + TOFU_FAIL, + TOFU_TRUST_ONCE, + TOFU_TRUST_ALWAYS, +}; + +struct known_host { + char *host, *fingerprint; + time_t expires; + int lineno; + struct known_host *next; +}; + +// Called when the user needs to be prompted to agree to trust an unknown +// certificate. Return true to trust this certificate. +typedef enum tofu_action (tofu_callback_t)(enum tofu_error error, + const char *fingerprint, struct known_host *host, void *data); + +struct gemini_tofu { + char known_hosts_path[PATH_MAX+1]; + struct known_host *known_hosts; + int lineno; + tofu_callback_t *callback; + void *cb_data; +}; + +void gemini_tofu_init(struct gemini_tofu *tofu, + SSL_CTX *ssl_ctx, tofu_callback_t *cb, void *data); + +#endif diff --git a/src/client.c b/src/client.c @@ -95,6 +95,7 @@ gemini_request(const char *url, struct gemini_options *options, assert(url); assert(resp); resp->meta = NULL; + resp->bio = NULL; if (strlen(url) > 1024) { return GEMINI_ERR_INVALID_URL; } @@ -110,7 +111,7 @@ gemini_request(const char *url, struct gemini_options *options, goto cleanup; } - char *scheme; + char *scheme, *host; if (curl_url_get(uri, CURLUPART_SCHEME, &scheme, 0) != CURLUE_OK) { res = GEMINI_ERR_INVALID_URL; goto cleanup; @@ -120,6 +121,10 @@ gemini_request(const char *url, struct gemini_options *options, goto cleanup; } } + if (curl_url_get(uri, CURLUPART_HOST, &host, 0) != CURLUE_OK) { + res = GEMINI_ERR_INVALID_URL; + goto cleanup; + } if (options && options->ssl_ctx) { resp->ssl_ctx = options->ssl_ctx; @@ -127,42 +132,54 @@ gemini_request(const char *url, struct gemini_options *options, } else { resp->ssl_ctx = SSL_CTX_new(TLS_method()); assert(resp->ssl_ctx); + SSL_CTX_set_verify(resp->ssl_ctx, SSL_VERIFY_PEER, NULL); } + int r; BIO *sbio = BIO_new(BIO_f_ssl()); - if (options && options->ssl) { - resp->ssl = options->ssl; - SSL_up_ref(resp->ssl); - BIO_set_ssl(sbio, resp->ssl, 0); - resp->fd = -1; - } else { - res = gemini_connect(uri, options, resp, &resp->fd); - if (res != GEMINI_OK) { - goto cleanup; - } + res = gemini_connect(uri, options, resp, &resp->fd); + if (res != GEMINI_OK) { + goto cleanup; + } - resp->ssl = SSL_new(resp->ssl_ctx); - assert(resp->ssl); - int r = SSL_set_fd(resp->ssl, resp->fd); - if (r != 1) { - resp->status = r; - res = GEMINI_ERR_SSL; - goto cleanup; - } - r = SSL_connect(resp->ssl); - if (r != 1) { - resp->status = r; - res = GEMINI_ERR_SSL; - goto cleanup; - } - BIO_set_ssl(sbio, resp->ssl, 0); + resp->ssl = SSL_new(resp->ssl_ctx); + assert(resp->ssl); + SSL_set_connect_state(resp->ssl); + if ((r = SSL_set1_host(resp->ssl, host)) != 1) { + goto ssl_error; + } + if ((r = SSL_set_tlsext_host_name(resp->ssl, host)) != 1) { + goto ssl_error; } + if ((r = SSL_set_fd(resp->ssl, resp->fd)) != 1) { + goto ssl_error; + } + if ((r = SSL_connect(resp->ssl)) != 1) { + goto ssl_error; + } + + X509 *cert = SSL_get_peer_certificate(resp->ssl); + if (!cert) { + resp->status = X509_V_ERR_UNSPECIFIED; + res = GEMINI_ERR_SSL_VERIFY; + goto cleanup; + } + X509_free(cert); + + long vr = SSL_get_verify_result(resp->ssl); + if (vr != X509_V_OK) { + resp->status = vr; + res = GEMINI_ERR_SSL_VERIFY; + goto cleanup; + } + + BIO_set_ssl(sbio, resp->ssl, 0); resp->bio = BIO_new(BIO_f_buffer()); BIO_push(resp->bio, sbio); char req[1024 + 3]; - int r = snprintf(req, sizeof(req), "%s\r\n", url); + r = snprintf(req, sizeof(req), "%s\r\n", url); assert(r > 0); r = BIO_puts(sbio, req); @@ -199,6 +216,10 @@ gemini_request(const char *url, struct gemini_options *options, cleanup: curl_url_cleanup(uri); return res; +ssl_error: + res = GEMINI_ERR_SSL; + resp->status = r; + goto cleanup; } void @@ -248,6 +269,8 @@ gemini_strerr(enum gemini_result r, struct gemini_response *resp) return ERR_error_string( SSL_get_error(resp->ssl, resp->status), NULL); + case GEMINI_ERR_SSL_VERIFY: + return X509_verify_cert_error_string(resp->status); case GEMINI_ERR_IO: return "I/O error"; case GEMINI_ERR_PROTOCOL: diff --git a/src/gmni.c b/src/gmni.c @@ -13,6 +13,7 @@ #include <termios.h> #include <unistd.h> #include "gmni.h" +#include "tofu.h" static void usage(const char *argv_0) @@ -57,6 +58,55 @@ get_input(const struct gemini_response *resp, FILE *source) return input; } +struct tofu_config { + struct gemini_tofu tofu; + enum tofu_action action; +}; + +static enum tofu_action +tofu_callback(enum tofu_error error, const char *fingerprint, + struct known_host *host, void *data) +{ + struct tofu_config *cfg = (struct tofu_config *)data; + enum tofu_action action = cfg->action; + switch (error) { + case TOFU_VALID: + assert(0); // Invariant + case TOFU_INVALID_CERT: + fprintf(stderr, + "The server presented an invalid certificate with fingerprint %s.\n", + fingerprint); + if (action == TOFU_TRUST_ALWAYS) { + action = TOFU_TRUST_ONCE; + } + break; + case TOFU_UNTRUSTED_CERT: + fprintf(stderr, + "The certificate offered by this server is of unknown trust. " + "Its fingerprint is: \n" + "%s\n\n", fingerprint); + break; + case TOFU_FINGERPRINT_MISMATCH: + fprintf(stderr, + "The certificate offered by this server DOES NOT MATCH the one we have on file.\n" + "/!\\ Someone may be eavesdropping on or manipulating this connection. /!\\\n" + "The unknown certificate's fingerprint is:\n" + "%s\n\n" + "The expected fingerprint is:\n" + "%s\n\n" + "If you're certain that this is correct, edit %s:%d\n", + fingerprint, host->fingerprint, + cfg->tofu.known_hosts_path, host->lineno); + return TOFU_FAIL; + } + + if (action == TOFU_ASK) { + return TOFU_FAIL; + } + + return action; +} + int main(int argc, char *argv[]) { @@ -71,7 +121,6 @@ main(int argc, char *argv[]) INPUT_READ, INPUT_SUPPRESS, }; - enum input_mode input_mode = INPUT_READ; FILE *input_source = stdin; @@ -82,9 +131,11 @@ main(int argc, char *argv[]) struct gemini_options opts = { .hints = &hints, }; + struct tofu_config cfg; + cfg.action = TOFU_ASK; int c; - while ((c = getopt(argc, argv, "46d:D:E:hlLiINR:")) != -1) { + while ((c = getopt(argc, argv, "46d:D:E:hj:lLiINR:")) != -1) { switch (c) { case '4': hints.ai_family = AF_INET; @@ -115,6 +166,18 @@ main(int argc, char *argv[]) case 'h': usage(argv[0]); return 0; + case 'j': + if (strcmp(optarg, "fail") == 0) { + cfg.action = TOFU_FAIL; + } else if (strcmp(optarg, "once") == 0) { + cfg.action = TOFU_TRUST_ONCE; + } else if (strcmp(optarg, "always") == 0) { + cfg.action = TOFU_TRUST_ALWAYS; + } else { + usage(argv[0]); + return 1; + } + break; case 'l': linefeed = false; break; @@ -153,6 +216,8 @@ main(int argc, char *argv[]) SSL_load_error_strings(); ERR_load_crypto_strings(); + opts.ssl_ctx = SSL_CTX_new(TLS_method()); + gemini_tofu_init(&cfg.tofu, opts.ssl_ctx, &tofu_callback, &cfg); bool exit = false; char *url = strdup(argv[optind]); diff --git a/src/gmnlm.c b/src/gmnlm.c @@ -13,6 +13,7 @@ #include <termios.h> #include <unistd.h> #include "gmni.h" +#include "tofu.h" #include "url.h" #include "util.h" @@ -29,6 +30,8 @@ struct history { struct browser { bool pagination, unicode; struct gemini_options opts; + struct gemini_tofu tofu; + enum tofu_action tofu_mode; FILE *tty; char *plain_url; @@ -657,22 +660,113 @@ do_requests(struct browser *browser, struct gemini_response *resp) return false; } +static enum tofu_action +tofu_callback(enum tofu_error error, const char *fingerprint, + struct known_host *host, void *data) +{ + struct browser *browser = data; + if (browser->tofu_mode != TOFU_ASK) { + return browser->tofu_mode; + } + + static char prompt[8192]; + switch (error) { + case TOFU_VALID: + assert(0); // Invariant + case TOFU_INVALID_CERT: + snprintf(prompt, sizeof(prompt), + "The server presented an invalid certificate. If you choose to proceed, " + "you should not disclose personal information or trust the contents of the page.\n" + "trust [o]nce; [a]bort\n" + "=> "); + break; + case TOFU_UNTRUSTED_CERT: + snprintf(prompt, sizeof(prompt), + "The certificate offered by this server is of unknown trust. " + "Its fingerprint is: \n" + "%s\n\n" + "If you knew the fingerprint to expect in advance, verify that this matches.\n" + "Otherwise, it should be safe to trust this certificate.\n\n" + "[t]rust always; trust [o]nce; [a]bort\n" + "=> ", fingerprint); + break; + case TOFU_FINGERPRINT_MISMATCH: + snprintf(prompt, sizeof(prompt), + "The certificate offered by this server DOES NOT MATCH the one we have on file.\n" + "/!\\ Someone may be eavesdropping on or manipulating this connection. /!\\\n" + "The unknown certificate's fingerprint is:\n" + "%s\n\n" + "The expected fingerprint is:\n" + "%s\n\n" + "If you're certain that this is correct, edit %s:%d\n", + fingerprint, host->fingerprint, + browser->tofu.known_hosts_path, host->lineno); + return TOFU_FAIL; + } + + bool prompting = true; + while (prompting) { + fprintf(browser->tty, "%s", prompt); + + size_t sz = 0; + char *line = NULL; + if (getline(&line, &sz, browser->tty) == -1) { + free(line); + return TOFU_FAIL; + } + if (line[1] != '\n') { + free(line); + continue; + } + + char c = line[0]; + free(line); + + switch (c) { + case 't': + if (error == TOFU_INVALID_CERT) { + break; + } + return TOFU_TRUST_ALWAYS; + case 'o': + return TOFU_TRUST_ONCE; + case 'a': + return TOFU_FAIL; + } + } + + return TOFU_FAIL; +} + int main(int argc, char *argv[]) { struct browser browser = { .pagination = true, + .tofu_mode = TOFU_ASK, .unicode = true, .url = curl_url(), .tty = fopen("/dev/tty", "w+"), }; int c; - while ((c = getopt(argc, argv, "hPU")) != -1) { + while ((c = getopt(argc, argv, "hj:PU")) != -1) { switch (c) { case 'h': usage(argv[0]); return 0; + case 'j': + if (strcmp(optarg, "fail") == 0) { + browser.tofu_mode = TOFU_FAIL; + } else if (strcmp(optarg, "once") == 0) { + browser.tofu_mode = TOFU_TRUST_ONCE; + } else if (strcmp(optarg, "always") == 0) { + browser.tofu_mode = TOFU_TRUST_ALWAYS; + } else { + usage(argv[0]); + return 1; + } + break; case 'P': browser.pagination = false; break; @@ -695,6 +789,8 @@ main(int argc, char *argv[]) SSL_load_error_strings(); ERR_load_crypto_strings(); browser.opts.ssl_ctx = SSL_CTX_new(TLS_method()); + gemini_tofu_init(&browser.tofu, browser.opts.ssl_ctx, + &tofu_callback, &browser); struct gemini_response resp; browser.running = true; diff --git a/src/tofu.c b/src/tofu.c @@ -0,0 +1,201 @@ +#include <assert.h> +#include <errno.h> +#include <libgen.h> +#include <limits.h> +#include <openssl/asn1.h> +#include <openssl/evp.h> +#include <openssl/ssl.h> +#include <openssl/x509.h> +#include <stdio.h> +#include <string.h> +#include <time.h> +#include "tofu.h" +#include "util.h" + +static int +verify_callback(X509_STORE_CTX *ctx, void *data) +{ + // Gemini clients handle TLS verification differently from the rest of + // the internet. We use a TOFU system, so trust is based on two factors: + // + // - Is the certificate valid at the time of the request? + // - Has the user trusted this certificate yet? + // + // If the answer to the latter is "no", then we give the user an + // opportunity to explicitly agree to trust the certificate before + // rejecting it. + // + // If you're reading this code with the intent to re-use it, think + // twice. + // + // TODO: Check that the subject name is valid for the requested URL. + struct gemini_tofu *tofu = (struct gemini_tofu *)data; + X509 *cert = X509_STORE_CTX_get0_cert(ctx); + + int rc; + int day, sec; + const ASN1_TIME *notBefore = X509_get0_notBefore(cert); + const ASN1_TIME *notAfter = X509_get0_notAfter(cert); + if (!ASN1_TIME_diff(&day, &sec, NULL, notBefore)) { + rc = X509_V_ERR_UNSPECIFIED; + goto invalid_cert; + } + if (day > 0 || sec > 0) { + rc = X509_V_ERR_CERT_NOT_YET_VALID; + goto invalid_cert; + } + if (!ASN1_TIME_diff(&day, &sec, NULL, notAfter)) { + rc = X509_V_ERR_UNSPECIFIED; + goto invalid_cert; + } + if (day < 0 || sec < 0) { + rc = X509_V_ERR_CERT_HAS_EXPIRED; + goto invalid_cert; + } + + unsigned char md[256 / 8]; + const EVP_MD *sha512 = EVP_sha512(); + unsigned int len = sizeof(md); + rc = X509_digest(cert, sha512, md, &len); + assert(rc == 1); + + char fingerprint[256 / 8 * 3]; + for (size_t i = 0; i < sizeof(md); ++i) { + snprintf(&fingerprint[i * 3], 4, "%02X%s", + md[i], i + 1 == sizeof(md) ? "" : ":"); + } + + SSL *ssl = X509_STORE_CTX_get_ex_data(ctx, + SSL_get_ex_data_X509_STORE_CTX_idx()); + const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); + if (!servername) { + rc = X509_V_ERR_HOSTNAME_MISMATCH; + goto invalid_cert; + } + + time_t now; + time(&now); + + enum tofu_error error = TOFU_UNTRUSTED_CERT; + struct known_host *host = tofu->known_hosts; + while (host) { + if (host->expires < now) { + goto next; + } + if (strcmp(host->host, servername) != 0) { + goto next; + } + if (strcmp(host->fingerprint, fingerprint) == 0) { + // Valid match in known hosts + return 0; + } + error = TOFU_FINGERPRINT_MISMATCH; + break; +next: + host = host->next; + } + + rc = X509_V_ERR_CERT_UNTRUSTED; + +callback: + switch (tofu->callback(error, fingerprint, host, tofu->cb_data)) { + case TOFU_ASK: + assert(0); // Invariant + case TOFU_FAIL: + X509_STORE_CTX_set_error(ctx, rc); + break; + case TOFU_TRUST_ONCE: + // No further action necessary + return 0; + case TOFU_TRUST_ALWAYS:; + FILE *f = fopen(tofu->known_hosts_path, "a"); + if (!f) { + fprintf(stderr, "Error opening %s for writing: %s\n", + tofu->known_hosts_path, strerror(errno)); + break; + }; + struct tm expires_tm; + ASN1_TIME_to_tm(notAfter, &expires_tm); + time_t expires = mktime(&expires_tm); + fprintf(f, "%s %s %s %ld\n", servername, + "SHA-512", fingerprint, expires); + fclose(f); + + host = calloc(1, sizeof(struct known_host)); + host->host = strdup(servername); + host->fingerprint = strdup(fingerprint); + host->expires = expires; + host->lineno = ++tofu->lineno; + host->next = tofu->known_hosts; + tofu->known_hosts = host; + return 0; + } + + X509_STORE_CTX_set_error(ctx, rc); + return 0; + +invalid_cert: + error = TOFU_INVALID_CERT; + goto callback; +} + + +void +gemini_tofu_init(struct gemini_tofu *tofu, + SSL_CTX *ssl_ctx, tofu_callback_t *cb, void *cb_data) +{ + const struct pathspec paths[] = { + {.var = "GMNIDATA", .path = "/%s"}, + {.var = "XDG_DATA_HOME", .path = "/gmni/%s"}, + {.var = "HOME", .path = "/.local/share/gmni/%s"} + }; + const char *path_fmt = getpath(paths, sizeof(paths) / sizeof(paths[0])); + snprintf(tofu->known_hosts_path, sizeof(tofu->known_hosts_path), + path_fmt, "known_hosts"); + + if (mkdirs(dirname(tofu->known_hosts_path), 0755) != 0) { + snprintf(tofu->known_hosts_path, sizeof(tofu->known_hosts_path), + path_fmt, "known_hosts"); + fprintf(stderr, "Error creating directory %s: %s\n", + dirname(tofu->known_hosts_path), strerror(errno)); + return; + } + + snprintf(tofu->known_hosts_path, sizeof(tofu->known_hosts_path), + path_fmt, "known_hosts"); + + tofu->callback = cb; + tofu->cb_data = cb_data; + SSL_CTX_set_cert_verify_callback(ssl_ctx, verify_callback, tofu); + + FILE *f = fopen(tofu->known_hosts_path, "r"); + if (!f) { + return; + } + size_t n = 0; + char *line = NULL; + while (getline(&line, &n, f) != -1) { + struct known_host *host = calloc(1, sizeof(struct known_host)); + char *tok = strtok(line, " "); + assert(tok); + host->host = strdup(tok); + + tok = strtok(NULL, " "); + assert(tok); + if (strcmp(tok, "SHA-512") != 0) { + free(host); + continue; + } + + tok = strtok(NULL, " "); + assert(tok); + host->fingerprint = strdup(tok); + + tok = strtok(NULL, " "); + assert(tok); + host->expires = strtoul(tok, NULL, 10); + + host->next = tofu->known_hosts; + tofu->known_hosts = host; + } +}