/mandos/trunk : revision 962

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

Committer: Teddy Hogeborn
Date: 2019-02-09 23:23:26 UTC
Revision ID: teddy@recompile.se-20190209232326-z1z2kzpgfixz7iaj

Add support for using raw public keys in TLS (RFC 7250)

Since GnuTLS removed support for OpenPGP keys in TLS (RFC 6091), and
no other library supports it, we have to change the protocol to use
something else.  We choose to use "raw public keys" (RFC 7250).  Since
we still use OpenPGP keys to decrypt the secret password, this means
that each client will have two keys: One OpenPGP key and one TLS
public/private key, and the key ID of the latter key is used to
identify clients instead of the fingerprint of the OpenPGP key.

Note that this code is still compatible with GnuTLS before version
3.6.0 (when OpenPGP key support was removed).  This commit merely adds
support for using raw pulic keys instead with GnuTLS 3.6.6. or later.

* DBUS-API (Signals/ClientNotFound): Change name of first parameter
                                     from "Fingerprint" to "KeyID".
  (Mandos Client Interface/Properties/KeyID): New.
* INSTALL: Document conflict with GnuTLS 3.6.0 (which removed OpenPGP
           key support) up until 3.6.6, when support for raw public
           keys was added.  Also document new dependency of client on
           "gnutls-bin" package (for certtool).
* Makefile (run-client): Depend on TLS key files, and also pass them
                         as arguments to client.
  (keydir/tls-privkey.pem, keydir/tls-pubkey.pem): New.
  (confdir/clients.conf): Add dependency on TLS public key.
  (purge-client): Add removal of TLS key files.
* clients.conf ([foo]/key_id, [bar]/key_id): New.
* debian/control (Source: mandos/Build-Depends): Also allow
                                                 libgnutls30 (>= 3.6.6)
  (Package: mandos/Depends): - '' -
  (Package: mandos/Description): Alter description to match new
                                 design.
  (Package: mandos-client/Description): - '' -
  (Package: mandos-client/Depends): Move "gnutls-bin | openssl" to
                                    here from "Recommends".
* debian/mandos-client.README.Debian: Add --tls-privkey and
                                      --tls-pubkey options to test
                                      command.
* debian/mandos-client.postinst (create_key): Renamed to "create_keys"
                                             (all callers changed),
                                             and also create TLS key.
* debian/mandos-client.postrm (purge): Also remove TLS key files.
* intro.xml (DESCRIPTION): Describe new dual-key design.
* mandos (GnuTLS): Define different functions depending on whether
                   support for raw public keys is detected.
  (Client.key_id): New attribute.
  (ClientDBus.KeyID_dbus_property): New method.
  (ProxyClient.__init__): Take new "key_id" parameter.
  (ClientHandler.handle): Use key IDs when using raw public keys and
                          use fingerprints when using OpenPGP keys.
  (ClientHandler.peer_certificate): Also handle raw public keys.
  (ClientHandler.key_id): New.
  (MandosServer.handle_ipc): Pass key ID over the pipe IPC.  Also
                             check for key ID matches when looking up
                             clients.
  (main): Default GnuTLS priority string depends on whether we are
          using raw public keys or not.  When unpickling clients, set
          key_id if not set in the pickle.
  (main/MandosDBusService.ClientNotFound): Change name of first
                                           parameter from
                                           "Fingerprint" to "KeyID".
* mandos-clients.conf.xml (OPTIONS): Document new "key_id" option.
  (OPTIONS/secret): Mention new key ID matchning.
  (EXPANSION/RUNTIME EXPANSION): Add new "key_id" option.
  (EXAMPLE): - '' -
* mandos-ctl (tablewords, main/keywords): Add new "KeyID" property.
* mandos-keygen: Create TLS key files.  New "--tls-keytype" (-T)
                 option.  Alter help text to be more clear about key
                 types.  When in password mode, also output "key_id"
                 option.
* mandos-keygen.xml (SYNOPSIS): Add new "--tls-keytype" (-T) option.
  (DESCRIPTION): Alter to match new dual-key design.
  (OVERVIEW): - '' -
  (FILES): Add TLS key files.
* mandos-options.xml (priority): Document new default priority string
                                 when using raw public keys.
* mandos.xml (NETWORK PROTOCOL): Describe new protocol using key ID.
  (BUGS): Remove issue about checking expire times of OpenPGP keys,
          since TLS public keys do not have expiration times.
  (SECURITY/CLIENT): Alter description to match new design.
  (SEE ALSO/GnuTLS): - '' -
  (SEE ALSO): Add reference to RFC 7250, and alter description of when
              RFC 6091 is used.
* overview.xml: Alter text to match new design.
* plugin-runner.xml (EXAMPLE): Add --tls-pubkey and --tls-privkey
                               options to mandos-client options.
* plugins.d/mandos-client.c: Use raw public keys when compiling with
                             supporting GnuTLS versions. Add new
                             "--tls-pubkey" and "--tls-privkey"
                             options (which do nothing if GnuTLS
                             library does not support raw public
                             keys).  Alter text throughout to reflect
                             new design.  Only generate new DH
                             parameters (based on size of OpenPGP key)
                             when using OpenPGP in TLS.  Default
                             GnuTLS priority string depends on whether
                             we are using raw public keys or not.
* plugins.d/mandos-client.xml (SYNOPSIS): Add new "--tls-privkey" (-t)
                                          and "--tls-pubkey" (-T)
                                          options.
  (DESCRIPTION): Describe new dual-key design.
  (OPTIONS): Document new "--tls-privkey" (-t) and "--tls-pubkey" (-T)
             options.
  (OPTIONS/--dh-bits): No longer necessarily depends on OpenPGP key
                       size.
  (FILES): Add default locations for TLS public and private key files.
  (EXAMPLE): Use new --tls-pubkey and --tls-privkey options.
  (SECURITY): Alter wording slightly to reflect new dual-key design.
  (SEE ALSO/GnuTLS): Alter description to match new design.
  (SEE ALSO): Add reference to RFC 7250, and alter description of when
              RFC 6091 is used.

files added:
initramfs-tools-conf

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

files removed:
initramfs-tools-hook-conf

files modified:
DBUS-API

INSTALL

Makefile

NEWS

clients.conf

common.ent

debian/changelog

debian/control

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.lintian-overrides

debian/rules

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-options.xml

mandos.lsm

mandos.xml

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

Show diffs side-by-side

added added

removed removed

mandos

115

if sys.version_info.major == 2:

116

str = unicode

117

118

version = "1.7.16"

118

version = "1.7.20"

119

stored_state_file = "clients.pickle"

120

121

logger = logging.getLogger()

496

class AvahiServiceToSyslog(AvahiService):

497

def rename(self, *args, **kwargs):

498

"""Add the new name to the syslog messages"""

499

ret = super(AvahiServiceToSyslog, self).rename(self, *args,

500

**kwargs)

499

ret = super(AvahiServiceToSyslog, self).rename(*args, **kwargs)

501

500

syslogger.setFormatter(logging.Formatter(

502

501

'Mandos ({}) [%(process)d]: %(levelname)s: %(message)s'

503

502

.format(self.name)))

515

514

_library = ctypes.cdll.LoadLibrary(library)

516

515

del library

517

516

_need_version = b"3.3.0"

517

_tls_rawpk_version = b"3.6.6"

518

519

def __init__(self):

520

# Need to use "self" here, since this method is called before

531

E_INTERRUPTED = -52

532

E_AGAIN = -28

533

CRT_OPENPGP = 2

534

CRT_RAWPK = 3

534

535

CLIENT = 2

535

536

SHUT_RDWR = 0

536

537

CRD_CERTIFICATE = 1

537

538

E_NO_CERTIFICATE_FOUND = -49

539

X509_FMT_DER = 0

540

NO_TICKETS = 1<<10

541

ENABLE_RAWPK = 1<<18

542

CTYPE_PEERS = 3

543

KEYID_USE_SHA256 = 1 # gnutls/x509.h

538

544

OPENPGP_FMT_RAW = 0 # gnutls/openpgp.h

539

545

540

546

# Types

594

600

class ClientSession(object):

595

601

def __init__(self, socket, credentials=None):

596

602

self._c_object = gnutls.session_t()

597

gnutls.init(ctypes.byref(self._c_object), gnutls.CLIENT)

603

gnutls_flags = gnutls.CLIENT

604

if gnutls.check_version("3.5.6"):

605

gnutls_flags |= gnutls.NO_TICKETS

606

if gnutls.has_rawpk:

607

gnutls_flags |= gnutls.ENABLE_RAWPK

608

gnutls.init(ctypes.byref(self._c_object), gnutls_flags)

609

del gnutls_flags

598

610

gnutls.set_default_priority(self._c_object)

599

611

gnutls.transport_set_ptr(self._c_object, socket.fileno())

600

612

gnutls.handshake_set_private_extensions(self._c_object,

732

744

check_version.argtypes = [ctypes.c_char_p]

733

745

check_version.restype = ctypes.c_char_p

734

746

735

# All the function declarations below are from gnutls/openpgp.h

736

737

openpgp_crt_init = _library.gnutls_openpgp_crt_init

738

openpgp_crt_init.argtypes = [ctypes.POINTER(openpgp_crt_t)]

739

openpgp_crt_init.restype = _error_code

740

741

openpgp_crt_import = _library.gnutls_openpgp_crt_import

742

openpgp_crt_import.argtypes = [openpgp_crt_t,

743

ctypes.POINTER(datum_t),

744

openpgp_crt_fmt_t]

745

openpgp_crt_import.restype = _error_code

746

747

openpgp_crt_verify_self = _library.gnutls_openpgp_crt_verify_self

748

openpgp_crt_verify_self.argtypes = [openpgp_crt_t, ctypes.c_uint,

749

ctypes.POINTER(ctypes.c_uint)]

750

openpgp_crt_verify_self.restype = _error_code

751

752

openpgp_crt_deinit = _library.gnutls_openpgp_crt_deinit

753

openpgp_crt_deinit.argtypes = [openpgp_crt_t]

754

openpgp_crt_deinit.restype = None

755

756

openpgp_crt_get_fingerprint = (

757

_library.gnutls_openpgp_crt_get_fingerprint)

758

openpgp_crt_get_fingerprint.argtypes = [openpgp_crt_t,

759

ctypes.c_void_p,

760

ctypes.POINTER(

761

ctypes.c_size_t)]

762

openpgp_crt_get_fingerprint.restype = _error_code

747

has_rawpk = bool(check_version(_tls_rawpk_version))

748

749

if has_rawpk:

750

# Types

751

class pubkey_st(ctypes.Structure):

752

_fields = []

753

pubkey_t = ctypes.POINTER(pubkey_st)

754

755

x509_crt_fmt_t = ctypes.c_int

756

757

# All the function declarations below are from gnutls/abstract.h

758

pubkey_init = _library.gnutls_pubkey_init

759

pubkey_init.argtypes = [ctypes.POINTER(pubkey_t)]

760

pubkey_init.restype = _error_code

761

762

pubkey_import = _library.gnutls_pubkey_import

763

pubkey_import.argtypes = [pubkey_t, ctypes.POINTER(datum_t),

764

x509_crt_fmt_t]

765

pubkey_import.restype = _error_code

766

767

pubkey_get_key_id = _library.gnutls_pubkey_get_key_id

768

pubkey_get_key_id.argtypes = [pubkey_t, ctypes.c_int,

769

ctypes.POINTER(ctypes.c_ubyte),

770

ctypes.POINTER(ctypes.c_size_t)]

771

pubkey_get_key_id.restype = _error_code

772

773

pubkey_deinit = _library.gnutls_pubkey_deinit

774

pubkey_deinit.argtypes = [pubkey_t]

775

pubkey_deinit.restype = None

776

else:

777

# All the function declarations below are from gnutls/openpgp.h

778

779

openpgp_crt_init = _library.gnutls_openpgp_crt_init

780

openpgp_crt_init.argtypes = [ctypes.POINTER(openpgp_crt_t)]

781

openpgp_crt_init.restype = _error_code

782

783

openpgp_crt_import = _library.gnutls_openpgp_crt_import

784

openpgp_crt_import.argtypes = [openpgp_crt_t,

785

ctypes.POINTER(datum_t),

786

openpgp_crt_fmt_t]

787

openpgp_crt_import.restype = _error_code

788

789

openpgp_crt_verify_self = _library.gnutls_openpgp_crt_verify_self

790

openpgp_crt_verify_self.argtypes = [openpgp_crt_t, ctypes.c_uint,

791

ctypes.POINTER(ctypes.c_uint)]

792

openpgp_crt_verify_self.restype = _error_code

793

794

openpgp_crt_deinit = _library.gnutls_openpgp_crt_deinit

795

openpgp_crt_deinit.argtypes = [openpgp_crt_t]

796

openpgp_crt_deinit.restype = None

797

798

openpgp_crt_get_fingerprint = (

799

_library.gnutls_openpgp_crt_get_fingerprint)

800

openpgp_crt_get_fingerprint.argtypes = [openpgp_crt_t,

801

ctypes.c_void_p,

802

ctypes.POINTER(

803

ctypes.c_size_t)]

804

openpgp_crt_get_fingerprint.restype = _error_code

805

806

if check_version("3.6.4"):

807

certificate_type_get2 = _library.gnutls_certificate_type_get2

808

certificate_type_get2.argtypes = [session_t, ctypes.c_int]

809

certificate_type_get2.restype = _error_code

763

810

764

811

# Remove non-public functions

765

812

del _error_code, _retry_on_error

801

848

disable_initiator_tag: a GLib event source tag, or None

802

849

enabled: bool()

803

850

fingerprint: string (40 or 32 hexadecimal digits); used to

804

uniquely identify the client

851

uniquely identify an OpenPGP client

852

key_id: string (64 hexadecimal digits); used to uniquely identify

853

a client using raw public keys

805

854

host: string; available for use by the checker command

806

855

interval: datetime.timedelta(); How often to start a new checker

807

856

last_approval_request: datetime.datetime(); (UTC) or None

825

874

"""

826

875

827

876

runtime_expansions = ("approval_delay", "approval_duration",

828

"created", "enabled", "expires",

877

"created", "enabled", "expires", "key_id",

829

878

"fingerprint", "host", "interval",

830

879

"last_approval_request", "last_checked_ok",

831

880

"last_enabled", "name", "timeout")

861

910

client["enabled"] = config.getboolean(client_name,

862

911

"enabled")

863

912

864

# Uppercase and remove spaces from fingerprint for later

865

# comparison purposes with return value from the

866

# fingerprint() function

913

# Uppercase and remove spaces from key_id and fingerprint

914

# for later comparison purposes with return value from the

915

# key_id() and fingerprint() functions

916

client["key_id"] = (section.get("key_id", "").upper()

917

.replace(" ", ""))

867

918

client["fingerprint"] = (section["fingerprint"].upper()

868

919

.replace(" ", ""))

869

920

if "secret" in section:

913

964

self.expires = None

914

965

915

966

logger.debug("Creating client %r", self.name)

967

logger.debug(" Key ID: %s", self.key_id)

916

968

logger.debug(" Fingerprint: %s", self.fingerprint)

917

969

self.created = settings.get("created",

918

970

datetime.datetime.utcnow())

2000

2052

def Name_dbus_property(self):

2001

2053

return dbus.String(self.name)

2002

2054

2055

# KeyID - property

2056

@dbus_annotations(

2057

{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})

2058

@dbus_service_property(_interface, signature="s", access="read")

2059

def KeyID_dbus_property(self):

2060

return dbus.String(self.key_id)

2061

2003

2062

# Fingerprint - property

2004

2063

@dbus_annotations(

2005

2064

{"org.freedesktop.DBus.Property.EmitsChangedSignal": "const"})

2161

2220

2162

2221

2163

2222

class ProxyClient(object):

2164

def __init__(self, child_pipe, fpr, address):

2223

def __init__(self, child_pipe, key_id, fpr, address):

2165

2224

self._pipe = child_pipe

2166

self._pipe.send(('init', fpr, address))

2225

self._pipe.send(('init', key_id, fpr, address))

2167

2226

if not self._pipe.recv():

2168

raise KeyError(fpr)

2227

raise KeyError(key_id or fpr)

2169

2228

2170

2229

def __getattribute__(self, name):

2171

2230

if name == '_pipe':

2238

2297

2239

2298

approval_required = False

2240

2299

try:

2241

try:

2242

fpr = self.fingerprint(

2243

self.peer_certificate(session))

2244

except (TypeError, gnutls.Error) as error:

2245

logger.warning("Bad certificate: %s", error)

2246

return

2247

logger.debug("Fingerprint: %s", fpr)

2248

2249

try:

2250

client = ProxyClient(child_pipe, fpr,

2300

if gnutls.has_rawpk:

2301

fpr = ""

2302

try:

2303

key_id = self.key_id(

2304

self.peer_certificate(session))

2305

except (TypeError, gnutls.Error) as error:

2306

logger.warning("Bad certificate: %s", error)

2307

return

2308

logger.debug("Key ID: %s", key_id)

2309

2310

else:

2311

key_id = ""

2312

try:

2313

fpr = self.fingerprint(

2314

self.peer_certificate(session))

2315

except (TypeError, gnutls.Error) as error:

2316

logger.warning("Bad certificate: %s", error)

2317

return

2318

logger.debug("Fingerprint: %s", fpr)

2319

2320

try:

2321

client = ProxyClient(child_pipe, key_id, fpr,

2251

2322

self.client_address)

2252

2323

except KeyError:

2253

2324

return

2330

2401

2331

2402

@staticmethod

2332

2403

def peer_certificate(session):

2333

"Return the peer's OpenPGP certificate as a bytestring"

2334

# If not an OpenPGP certificate...

2335

if (gnutls.certificate_type_get(session._c_object)

2336

!= gnutls.CRT_OPENPGP):

2404

"Return the peer's certificate as a bytestring"

2405

try:

2406

cert_type = gnutls.certificate_type_get2(session._c_object,

2407

gnutls.CTYPE_PEERS)

2408

except AttributeError:

2409

cert_type = gnutls.certificate_type_get(session._c_object)

2410

if gnutls.has_rawpk:

2411

valid_cert_types = frozenset((gnutls.CRT_RAWPK,))

2412

else:

2413

valid_cert_types = frozenset((gnutls.CRT_OPENPGP,))

2414

# If not a valid certificate type...

2415

if cert_type not in valid_cert_types:

2416

logger.info("Cert type %r not in %r", cert_type,

2417

valid_cert_types)

2337

2418

# ...return invalid data

2338

2419

return b""

2339

2420

list_size = ctypes.c_uint(1)

2347

2428

return ctypes.string_at(cert.data, cert.size)

2348

2429

2349

2430

@staticmethod

2431

def key_id(certificate):

2432

"Convert a certificate bytestring to a hexdigit key ID"

2433

# New GnuTLS "datum" with the public key

2434

datum = gnutls.datum_t(

2435

ctypes.cast(ctypes.c_char_p(certificate),

2436

ctypes.POINTER(ctypes.c_ubyte)),

2437

ctypes.c_uint(len(certificate)))

2438

# XXX all these need to be created in the gnutls "module"

2439

# New empty GnuTLS certificate

2440

pubkey = gnutls.pubkey_t()

2441

gnutls.pubkey_init(ctypes.byref(pubkey))

2442

# Import the raw public key into the certificate

2443

gnutls.pubkey_import(pubkey,

2444

ctypes.byref(datum),

2445

gnutls.X509_FMT_DER)

2446

# New buffer for the key ID

2447

buf = ctypes.create_string_buffer(32)

2448

buf_len = ctypes.c_size_t(len(buf))

2449

# Get the key ID from the raw public key into the buffer

2450

gnutls.pubkey_get_key_id(pubkey,

2451

gnutls.KEYID_USE_SHA256,

2452

ctypes.cast(ctypes.byref(buf),

2453

ctypes.POINTER(ctypes.c_ubyte)),

2454

ctypes.byref(buf_len))

2455

# Deinit the certificate

2456

gnutls.pubkey_deinit(pubkey)

2457

2458

# Convert the buffer to a Python bytestring

2459

key_id = ctypes.string_at(buf, buf_len.value)

2460

# Convert the bytestring to hexadecimal notation

2461

hex_key_id = binascii.hexlify(key_id).upper()

2462

return hex_key_id

2463

2464

@staticmethod

2350

2465

def fingerprint(openpgp):

2351

2466

"Convert an OpenPGP bytestring to a hexdigit fingerprint"

2352

2467

# New GnuTLS "datum" with the OpenPGP public key

2366

2481

ctypes.byref(crtverify))

2367

2482

if crtverify.value != 0:

2368

2483

gnutls.openpgp_crt_deinit(crt)

2369

raise gnutls.CertificateSecurityError("Verify failed")

2484

raise gnutls.CertificateSecurityError(code

2485

=crtverify.value)

2370

2486

# New buffer for the fingerprint

2371

2487

buf = ctypes.create_string_buffer(20)

2372

2488

buf_len = ctypes.c_size_t()

2579

2695

command = request[0]

2580

2696

2581

2697

if command == 'init':

2582

fpr = request[1].decode("ascii")

2583

address = request[2]

2698

key_id = request[1].decode("ascii")

2699

fpr = request[2].decode("ascii")

2700

address = request[3]

2584

2701

2585

2702

for c in self.clients.values():

2586

if c.fingerprint == fpr:

2703

if key_id and c.key_id == key_id:

2704

client = c

2705

break

2706

if fpr and c.fingerprint == fpr:

2587

2707

client = c

2588

2708

break

2589

2709

else:

2590

logger.info("Client not found for fingerprint: %s, ad"

2591

"dress: %s", fpr, address)

2710

logger.info("Client not found for key ID: %s, address"

2711

": %s", key_id or fpr, address)

2592

2712

if self.use_dbus:

2593

2713

# Emit D-Bus signal

2594

mandos_dbus_service.ClientNotFound(fpr,

2714

mandos_dbus_service.ClientNotFound(key_id or fpr,

2595

2715

address[0])

2596

2716

parent_pipe.send(False)

2597

2717

return False

2860

2980

sys.exit(os.EX_OK if fail_count == 0 else 1)

2861

2981

2862

2982

# Default values for config file for server-global settings

2983

if gnutls.has_rawpk:

2984

priority = ("SECURE128:!CTYPE-X.509:+CTYPE-RAWPK:!RSA"

2985

":!VERS-ALL:+VERS-TLS1.3:%PROFILE_ULTRA")

2986

else:

2987

priority = ("SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA"

2988

":+SIGN-DSA-SHA256")

2863

2989

server_defaults = {"interface": "",

2864

2990

"address": "",

2865

2991

"port": "",

2866

2992

"debug": "False",

2867

"priority":

2868

"SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA"

2869

":+SIGN-DSA-SHA256",

2993

"priority": priority,

2870

2994

"servicename": "Mandos",

2871

2995

"use_dbus": "True",

2872

2996

"use_ipv6": "True",

2877

3001

"foreground": "False",

2878

3002

"zeroconf": "True",

2879

3003

}

3004

del priority

2880

3005

2881

3006

# Parse config file for server-global settings

2882

3007

server_config = configparser.SafeConfigParser(server_defaults)

3126

3251

for k in ("name", "host"):

3127

3252

if isinstance(value[k], bytes):

3128

3253

value[k] = value[k].decode("utf-8")

3254

if not value.has_key("key_id"):

3255

value["key_id"] = ""

3256

elif not value.has_key("fingerprint"):

3257

value["fingerprint"] = ""

3129

3258

# old_client_settings

3130

3259

# .keys()

3131

3260

old_client_settings = {

3268

3397

pass

3269

3398

3270

3399

@dbus.service.signal(_interface, signature="ss")

3271

def ClientNotFound(self, fingerprint, address):

3400

def ClientNotFound(self, key_id, address):

3272

3401

"D-Bus signal"

3273

3402

pass

3274

3403

Older »