From: Rainer Jung Date: Tue, 11 Dec 2012 09:55:03 +0000 (+0000) Subject: Add support for TLS-SRP (Secure Remote Password key exchange X-Git-Tag: 2.4.4~341 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ad61aab1d7bfafeabb699ebfded32403c47066c0;p=apache Add support for TLS-SRP (Secure Remote Password key exchange for TLS, RFC 5054). Including some improvements as suggested by Kaspar PR: 51075 Submitted by: Quinn Slack , Christophe Renou, Peter Sylvester Backported by: sf Reviewed by: sf, minfrin, rjung Backports of r1347980 and r1348653 form trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1420057 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index a12c2654ca..39e017eb6c 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.4.4 + *) mod_ssl: Add support for TLS-SRP (Secure Remote Password key exchange + for TLS, RFC 5054). PR 51075. [Quinn Slack , + Christophe Renou, Peter Sylvester] + *) mod_rewrite: Stop mergeing RewriteBase down to subdirectories unless new option 'RewriteOptions MergeBase' is configured. PR 53963. [Eric Covener] diff --git a/STATUS b/STATUS index c4b72aca1f..5a32007b62 100644 --- a/STATUS +++ b/STATUS @@ -91,16 +91,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_ssl: Add support for TLS-SRP (Secure Remote Password key exchange - for TLS, RFC 5054). - trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1347980 and - http://svn.apache.org/viewvc?view=revision&revision=1348653 - 2.4.x patch: http://people.apache.org/~sf/ssl-TLS-SRP-2_4-v2.patch - +1: sf, minfrin, rjung - rjung: Please add docs compatibility note for 2.4.4. - There is another docs block missing from the backport about - how to create the verifier file using the openssl commandline tool. - * mod_proxy: Make balancers server-specific, as they should have been. Inheritance causes too many behind-the-scene interactions to be reliable in a dynamic environ. diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in index 673d1aa816..d65889cfc0 100644 --- a/docs/conf/extra/httpd-ssl.conf.in +++ b/docs/conf/extra/httpd-ssl.conf.in @@ -157,6 +157,14 @@ SSLCertificateKeyFile "@exp_sysconfdir@/server.key" #SSLVerifyClient require #SSLVerifyDepth 10 +# TLS-SRP mutual authentication: +# Enable TLS-SRP and set the path to the OpenSSL SRP verifier +# file (containing login information for SRP user accounts). +# Requires OpenSSL 1.0.1 or newer. See the mod_ssl FAQ for +# detailed instructions on creating this file. Example: +# "openssl srp -srpvfile @exp_sysconfdir@/passwd.srpv -add username" +#SSLSRPVerifierFile "@exp_sysconfdir@/passwd.srpv" + # Access Control: # With SSLRequire you can do per-directory access control based # on arbitrary complex boolean expressions containing server diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index 00a09596b2..7c231fc6d5 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -96,6 +96,8 @@ compatibility variables.

SSL_SERVER_A_SIG string Algorithm used for the signature of server's certificate SSL_SERVER_A_KEY string Algorithm used for the public key of server's certificate SSL_SERVER_CERT string PEM-encoded server certificate +SSL_SRP_USER string SRP username +SSL_SRP_USERINFO string SRP user info

x509 specifies a component of an X.509 DN; one of @@ -671,6 +673,7 @@ openssl version. Newer openssl versions may include additional ciphers.

kDHr Diffie-Hellman key exchange with RSA key kDHd Diffie-Hellman key exchange with DSA key kEDH Ephemeral (temp.key) Diffie-Hellman key exchange (no cert) +kSRP Secure Remote Password (SRP) key exchange Authentication Algorithm: aNULL No authentication aRSA RSA authentication @@ -706,6 +709,7 @@ openssl version. Newer openssl versions may include additional ciphers.

ECDH Elliptic Curve Diffie-Hellman key exchange ADH all ciphers using Anonymous Diffie-Hellman key exchange AECDH all ciphers using Anonymous Elliptic Curve Diffie-Hellman key exchange +SRP all ciphers using Secure Remote Password (SRP) key exchange DSS all ciphers using DSS authentication ECDSA all ciphers using ECDSA authentication aNULL all ciphers using no authentication @@ -1179,6 +1183,57 @@ SSLVerifyDepth 10 + +SSLSRPVerifierFile +Path to SRP verifier file +SSLSRPVerifierFile file-path +server config +virtual host +Available in httpd 2.4.4 and later, if using OpenSSL 1.0.1 or +later + + +

+This directive enables TLS-SRP and sets the path to the OpenSSL SRP (Secure +Remote Password) verifier file containing TLS-SRP usernames, verifiers, salts, +and group parameters.

+Example +SSLSRPVerifierFile "/path/to/file.srpv" + +

+The verifier file can be created with the openssl command line +utility:

+Creating the SRP verifier file +openssl srp -srpvfile passwd.srpv -userinfo "some info" -add username + +

The value given with the optional -userinfo parameter is +avalable in the SSL_SRP_USERINFO request environment variable.

+ + + + + +SSLSRPUnknownUserSeed +SRP unknown user seed +SSLSRPUnknownUserSeed secret-string +server config +virtual host +Available in httpd 2.4.4 and later, if using OpenSSL 1.0.1 or +later + + +

+This directive sets the seed used to fake SRP user parameters for unknown +users, to avoid leaking whether a given user exists. Specify a secret +string. If this directive is not used, then Apache will return the +UNKNOWN_PSK_IDENTITY alert to clients who specify an unknown username. +

+Example +SSLSRPUnknownUserSeed "secret" + + + + SSLOptions Configure various SSL engine run-time options diff --git a/docs/manual/ssl/ssl_faq.xml b/docs/manual/ssl/ssl_faq.xml index d1d0c105e4..22aa7b32f0 100644 --- a/docs/manual/ssl/ssl_faq.xml +++ b/docs/manual/ssl/ssl_faq.xml @@ -719,6 +719,27 @@ SetEnvIf User-Agent "MSIE [2-5]" \ or otherwise.

+
How do I enable TLS-SRP? +

TLS-SRP (Secure Remote Password key exchange for TLS, specified in RFC 5054) + can supplement or replace certificates in authenticating an SSL connection. + To use TLS-SRP, set the + SSLSRPVerifierFile directive to + point to an OpenSSL SRP verifier file. To create the verifier file, use the + openssl tool:

+ + openssl srp -srpvfile passwd.srpv -add username + +

After creating this file, specify it in the SSL server configuration:

+ + SSLSRPVerifierFile /path/to/passwd.srpv + +

To force clients to use non-certificate TLS-SRP cipher suites, use the + following directive:

+ + SSLCipherSuite "!DSS:!aRSA:SRP" + +
+ diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 0872da8a82..12d473bafb 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -148,6 +148,15 @@ static const command_rec ssl_config_cmds[] = { SSL_CMD_SRV(StrictSNIVHostCheck, FLAG, "Strict SNI virtual host checking") +#ifndef OPENSSL_NO_SRP + SSL_CMD_SRV(SRPVerifierFile, TAKE1, + "SRP verifier file " + "('/path/to/file' - created by srptool)") + SSL_CMD_SRV(SRPUnknownUserSeed, TAKE1, + "SRP seed for unknown users (to avoid leaking a user's existence) " + "('some secret text')") +#endif + /* * Proxy configuration for remote SSL connections */ diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index 15993f16cc..658ef6b379 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -149,6 +149,12 @@ static void modssl_ctx_init(modssl_ctx_t *mctx) mctx->stapling_responder_timeout = UNSET; mctx->stapling_force_url = NULL; #endif + +#ifndef OPENSSL_NO_SRP + mctx->srp_vfile = NULL; + mctx->srp_unknown_user_seed = NULL; + mctx->srp_vbase = NULL; +#endif } static void modssl_ctx_init_proxy(SSLSrvConfigRec *sc, @@ -274,6 +280,11 @@ static void modssl_ctx_cfg_merge(modssl_ctx_t *base, cfgMergeInt(stapling_responder_timeout); cfgMerge(stapling_force_url, NULL); #endif + +#ifndef OPENSSL_NO_SRP + cfgMergeString(srp_vfile); + cfgMergeString(srp_unknown_user_seed); +#endif } static void modssl_ctx_cfg_merge_proxy(modssl_ctx_t *base, @@ -1782,6 +1793,32 @@ const char *ssl_cmd_SSLStaplingForceURL(cmd_parms *cmd, void *dcfg, #endif /* HAVE_OCSP_STAPLING */ +#ifndef OPENSSL_NO_SRP + +const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg, + const char *arg) +{ + SSLSrvConfigRec *sc = mySrvConfig(cmd->server); + const char *err; + + if ((err = ssl_cmd_check_file(cmd, &arg))) + return err; + /* SRP_VBASE_init takes char*, not const char* */ + sc->server->srp_vfile = apr_pstrdup(cmd->pool, arg); + return NULL; +} + +const char *ssl_cmd_SSLSRPUnknownUserSeed(cmd_parms *cmd, void *dcfg, + const char *arg) +{ + SSLSrvConfigRec *sc = mySrvConfig(cmd->server); + /* SRP_VBASE_new takes char*, not const char* */ + sc->server->srp_unknown_user_seed = apr_pstrdup(cmd->pool, arg); + return NULL; +} + +#endif /* OPENSSL_NO_SRP */ + void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s) { apr_file_t *out = NULL; diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index aa24652f22..be891d6277 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -526,6 +526,38 @@ static void ssl_init_ctx_tls_extensions(server_rec *s, modssl_init_stapling(s, p, ptemp, mctx); } #endif + +#ifndef OPENSSL_NO_SRP + /* + * TLS-SRP support + */ + if (mctx->srp_vfile != NULL) { + int err; + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02308) + "Using SRP verifier file [%s]", mctx->srp_vfile); + + if (!(mctx->srp_vbase = SRP_VBASE_new(mctx->srp_unknown_user_seed))) { + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02309) + "Unable to initialize SRP verifier structure " + "[%s seed]", + mctx->srp_unknown_user_seed ? "with" : "without"); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); + ssl_die(s); + } + + err = SRP_VBASE_init(mctx->srp_vbase, mctx->srp_vfile); + if (err != SRP_NO_ERROR) { + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02310) + "Unable to load SRP verifier file [error %d]", err); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); + ssl_die(s); + } + + SSL_CTX_set_srp_username_callback(mctx->ssl_ctx, + ssl_callback_SRPServerParams); + SSL_CTX_set_srp_cb_arg(mctx->ssl_ctx, mctx); + } +#endif } #endif @@ -1687,6 +1719,13 @@ void ssl_init_Child(apr_pool_t *p, server_rec *s) static void ssl_init_ctx_cleanup(modssl_ctx_t *mctx) { MODSSL_CFG_ITEM_FREE(SSL_CTX_free, mctx->ssl_ctx); + +#ifndef OPENSSL_NO_SRP + if (mctx->srp_vbase != NULL) { + SRP_VBASE_free(mctx->srp_vbase); + mctx->srp_vbase = NULL; + } +#endif } static void ssl_init_ctx_cleanup_proxy(modssl_ctx_t *mctx) diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index e514a74bdf..a088df166f 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -329,6 +329,19 @@ int ssl_hook_Access(request_rec *r) return DECLINED; } +#ifndef OPENSSL_NO_SRP + /* + * Support for per-directory reconfigured SSL connection parameters + * + * We do not force any renegotiation if the user is already authenticated + * via SRP. + * + */ + if (SSL_get_srp_username(ssl)) { + return DECLINED; + } +#endif + /* * Support for per-directory reconfigured SSL connection parameters. * @@ -1088,6 +1101,10 @@ static const char *ssl_hook_Fixup_vars[] = { "SSL_SERVER_A_SIG", "SSL_SESSION_ID", "SSL_SESSION_RESUMED", +#ifndef OPENSSL_NO_SRP + "SSL_SRP_USER", + "SSL_SRP_USERINFO", +#endif NULL }; @@ -2072,7 +2089,7 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s) return 0; } -#endif +#endif /* OPENSSL_NO_TLSEXT */ #ifdef HAVE_TLS_SESSION_TICKETS /* @@ -2142,4 +2159,30 @@ int ssl_callback_SessionTicket(SSL *ssl, /* OpenSSL is not expected to call us with modes other than 1 or 0 */ return -1; } -#endif +#endif /* HAVE_TLS_SESSION_TICKETS */ + +#ifndef OPENSSL_NO_SRP + +int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg) +{ + modssl_ctx_t *mctx = (modssl_ctx_t *)arg; + char *username = SSL_get_srp_username(ssl); + SRP_user_pwd *u; + + if (username == NULL + || (u = SRP_VBASE_get_by_user(mctx->srp_vbase, username)) == NULL) { + *ad = SSL_AD_UNKNOWN_PSK_IDENTITY; + return SSL3_AL_FATAL; + } + + if (SSL_set_srp_server_param(ssl, u->N, u->g, u->s, u->v, u->info) < 0) { + *ad = SSL_AD_INTERNAL_ERROR; + return SSL3_AL_FATAL; + } + + /* reset all other options */ + SSL_set_verify(ssl, SSL_VERIFY_NONE, ssl_callback_SSLVerify); + return SSL_ERROR_NONE; +} + +#endif /* OPENSSL_NO_SRP */ diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c index 223ac9a406..536e6b1f73 100644 --- a/modules/ssl/ssl_engine_vars.c +++ b/modules/ssl/ssl_engine_vars.c @@ -395,6 +395,18 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, request_rec *r, #endif result = apr_pstrdup(p, flag ? "true" : "false"); } +#ifndef OPENSSL_NO_SRP + else if (ssl != NULL && strcEQ(var, "SRP_USER")) { + if ((result = SSL_get_srp_username(ssl)) != NULL) { + result = apr_pstrdup(p, result); + } + } + else if (ssl != NULL && strcEQ(var, "SRP_USERINFO")) { + if ((result = SSL_get_srp_userinfo(ssl)) != NULL) { + result = apr_pstrdup(p, result); + } + } +#endif return result; } diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index f2fb7d5240..a9269680bc 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -185,6 +185,15 @@ #define OPENSSL_NO_COMP #endif +/* SRP support came in OpenSSL 1.0.1 */ +#ifndef OPENSSL_NO_SRP +#ifdef SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB +#include +#else +#define OPENSSL_NO_SRP +#endif +#endif + /* mod_ssl headers */ #include "ssl_util_ssl.h" @@ -647,6 +656,12 @@ typedef struct { const char *stapling_force_url; #endif +#ifndef OPENSSL_NO_SRP + char *srp_vfile; + char *srp_unknown_user_seed; + SRP_VBASE *srp_vbase; +#endif + modssl_auth_ctx_t auth; BOOL ocsp_enabled; /* true if OCSP verification enabled */ @@ -775,6 +790,11 @@ const char *ssl_cmd_SSLOCSPResponseMaxAge(cmd_parms *cmd, void *dcfg, const char const char *ssl_cmd_SSLOCSPResponderTimeout(cmd_parms *cmd, void *dcfg, const char *arg); const char *ssl_cmd_SSLOCSPEnable(cmd_parms *cmd, void *dcfg, int flag); +#ifndef OPENSSL_NO_SRP +const char *ssl_cmd_SSLSRPVerifierFile(cmd_parms *cmd, void *dcfg, const char *arg); +const char *ssl_cmd_SSLSRPUnknownUserSeed(cmd_parms *cmd, void *dcfg, const char *arg); +#endif + const char *ssl_cmd_SSLFIPS(cmd_parms *cmd, void *dcfg, int flag); /** module initialization */ @@ -851,6 +871,9 @@ void modssl_init_stapling(server_rec *, apr_pool_t *, apr_pool_t *, mods void ssl_stapling_ex_init(void); int ssl_stapling_init_cert(server_rec *s, modssl_ctx_t *mctx, X509 *x); #endif +#ifndef OPENSSL_NO_SRP +int ssl_callback_SRPServerParams(SSL *, int *, void *); +#endif /** I/O */ void ssl_io_filter_init(conn_rec *, request_rec *r, SSL *);