Changeset 6fa6095 in mod_gnutls

Timestamp:

Jan 21, 2020, 2:29:27 AM (3 months ago)

Author:

Fiona Klute <fiona.klute@…>

Branches:

master

Children:

1c76ea7

Parents:

e24e3bf9

Message:

Partial post-handshake auth support

Needs proper error handling, especially for
GNUTLS_E_GOT_APPLICATION_DATA, which can randomly happen with requests
containing a body.

Files:

• src/gnutls_hooks.c (modified) (3 diffs)
• src/gnutls_io.c (modified) (2 diffs)
• src/gnutls_io.h (modified) (1 diff)
• test/Makefile.am (modified) (1 diff)
• test/data/secret/test.txt (added)
• test/tests/35_client_reauth/apache.conf (added)
• test/tests/35_client_reauth/test.yml (added)
• test/tests/Makefile.am (modified) (1 diff)

src/gnutls_hooks.c

@@ -1171 +1171 @@
     {
         /* incoming connection, server mode */
-        err = gnutls_init(&ctxt->session, GNUTLS_SERVER);
+        err = gnutls_init(&ctxt->session,
+                          GNUTLS_SERVER | GNUTLS_POST_HANDSHAKE_AUTH);
         if (err != GNUTLS_E_SUCCESS)
             ap_log_cerror(APLOG_MARK, APLOG_ERR, err, c,
@@ -1460 +1461 @@
         gnutls_certificate_get_peers(ctxt->session, &cert_list_size);
 
-    if (cert_list == NULL || cert_list_size == 0) {
+    /* We can reauthenticate the client if using TLS 1.3 and the
+     * client annouced support. Note that there may still not be any
+     * client certificate after. */
+    if ((cert_list == NULL || cert_list_size == 0)
+        && gnutls_protocol_get_version(ctxt->session) == GNUTLS_TLS1_3
+        && (gnutls_session_get_flags(ctxt->session)
+            & GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH))
+    {
         ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                      "%s: No certificate, attempting to rehandshake "
-                      "with peer (%d)",
+                      "%s: No certificate, attempting to reauthenticate "
+                      "peer (%d)",
                       __func__, client_verify_mode);
 
@@ -1483 +1491 @@
         gnutls_certificate_server_set_request(ctxt->session,
                                               client_verify_mode);
-        /* TODO: rehandshake code is broken and has been for years,
-         * replace with TLS 1.3 post-handshake auth. */
-        if (mgs_rehandshake(ctxt) != 0) {
+        if (mgs_reauth(ctxt) != GNUTLS_E_SUCCESS) {
             return HTTP_FORBIDDEN;
         }

src/gnutls_io.c

@@ -3 +3 @@
  *  Copyright 2008 Nikos Mavrogiannopoulos
  *  Copyright 2011 Dash Shendy
- *  Copyright 2015-2019 Fiona Klute
+ *  Copyright 2015-2020 Fiona Klute
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
@@ -449 +449 @@
 }
 
-int mgs_rehandshake(mgs_handle_t * ctxt) {
-    int rv;
-
+
+
+int mgs_reauth(mgs_handle_t * ctxt)
+{
     if (ctxt->session == NULL)
-        return -1;
-
-    rv = gnutls_rehandshake(ctxt->session);
-
-    if (rv != 0) {
-        /* the client did not want to rehandshake. goodbye */
+        return GNUTLS_E_INVALID_REQUEST;
+
+    int rv = gnutls_reauth(ctxt->session, 0);
+    // TODO: Handle non-fatal errors: GNUTLS_E_INTERRUPTED,
+    // GNUTLS_E_AGAIN, GNUTLS_E_GOT_APPLICATION_DATA
+
+    /* GNUTLS_E_GOT_APPLICATION_DATA can (randomly, depending on
+     * timing) happen with a request containing a body. According to
+     * https://tools.ietf.org/html/rfc8446#appendix-E.1.2
+     * post-handshake authentication proves that the authenticated
+     * party is the one that did the handshake, so caching the data
+     * is appropriate. */
+    /* Allocate cache to content-length (if available), with an upper
+     * limit to prevent resource exhaustion attacks. Do we have to
+     * prevent creating multiple caches for one connection? */
+    /* ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, */
+    /*               "Request content: %s bytes", */
+    /*               apr_table_get(r->headers_in, "Content-Length")); */
+    /* If the cache is too small,
+     * a) return HTTP_REQUEST_ENTITY_TOO_LARGE to the client
+     * b) IF reauth was successful set Retry-After to immediately: */
+    /* apr_table_setn(r->err_headers_out, "Retry-After", "0"); */
+
+    if (rv != GNUTLS_E_SUCCESS)
+    {
         ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, ctxt->c,
-                      "GnuTLS: Client Refused Rehandshake request.");
-        return -1;
-    }
-
-    ctxt->status = 0;
-
-    rv = gnutls_do_handshake(ctxt);
-
-    return rv;
+                      "Reauthentication failed: %s (%d)",
+                      gnutls_strerror(rv), rv);
+        return rv;
+    }
+
+    return GNUTLS_E_SUCCESS;
 }
 

src/gnutls_io.h

@@ -84 +84 @@
                             const void *buffer, size_t len);
 
-int mgs_rehandshake(mgs_handle_t * ctxt);
+int mgs_reauth(mgs_handle_t * ctxt);
 
 #endif /* __MOD_GNUTLS_IO_H__ */

test/Makefile.am

@@ -42 +42 @@
         test-32_vhost_SNI_serveralias_mismatch.bash \
         test-33_vhost_SNI_serveralias_missinghost.bash \
-        test-34_TLS_reverse_proxy_h2.bash
+        test-34_TLS_reverse_proxy_h2.bash \
+        test-35_client_reauth.bash
 
 MOSTLYCLEANFILES = $(test_scripts)

test/tests/Makefile.am

@@ -34 +34 @@
         32_vhost_SNI_serveralias_mismatch/apache.conf 32_vhost_SNI_serveralias_mismatch/test.yml \
         33_vhost_SNI_serveralias_missinghost/apache.conf 33_vhost_SNI_serveralias_missinghost/test.yml \
-        34_TLS_reverse_proxy_h2/apache.conf 34_TLS_reverse_proxy_h2/hooks.py 34_TLS_reverse_proxy_h2/backend.conf 34_TLS_reverse_proxy_h2/test.yml
+        34_TLS_reverse_proxy_h2/apache.conf 34_TLS_reverse_proxy_h2/hooks.py 34_TLS_reverse_proxy_h2/backend.conf 34_TLS_reverse_proxy_h2/test.yml \
+        35_client_reauth/apache.conf 35_client_reauth/test.yml