MatrixSynapse/synapse/crypto/context_factory.py

# Copyright 2014-2016 OpenMarket Ltd
# Copyright 2019 New Vector Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import logging

import idna
from service_identity import VerificationError
from service_identity.pyopenssl import verify_hostname, verify_ip_address
from zope.interface import implementer

from OpenSSL import SSL, crypto
from twisted.internet._sslverify import _defaultCurveName
from twisted.internet.abstract import isIPAddress, isIPv6Address
from twisted.internet.interfaces import IOpenSSLClientConnectionCreator
from twisted.internet.ssl import (
    CertificateOptions,
    ContextFactory,
    TLSVersion,
    platformTrust,
)
from twisted.python.failure import Failure

logger = logging.getLogger(__name__)


_TLS_VERSION_MAP = {
    "1": TLSVersion.TLSv1_0,
    "1.1": TLSVersion.TLSv1_1,
    "1.2": TLSVersion.TLSv1_2,
    "1.3": TLSVersion.TLSv1_3,
}


class ServerContextFactory(ContextFactory):
    """Factory for PyOpenSSL SSL contexts that are used to handle incoming
    connections."""

    def __init__(self, config):
        self._context = SSL.Context(SSL.SSLv23_METHOD)
        self.configure_context(self._context, config)

    @staticmethod
    def configure_context(context, config):
        try:
            _ecCurve = crypto.get_elliptic_curve(_defaultCurveName)
            context.set_tmp_ecdh(_ecCurve)
        except Exception:
            logger.exception("Failed to enable elliptic curve for TLS")

        context.set_options(
            SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3 | SSL.OP_NO_TLSv1 | SSL.OP_NO_TLSv1_1
        )
        context.use_certificate_chain_file(config.tls_certificate_file)
        context.use_privatekey(config.tls_private_key)

        # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        context.set_cipher_list(
            "ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM"
        )

    def getContext(self):
        return self._context


class ClientTLSOptionsFactory(object):
    """Factory for Twisted SSLClientConnectionCreators that are used to make connections
    to remote servers for federation.

    Uses one of two OpenSSL context objects for all connections, depending on whether
    we should do SSL certificate verification.

    get_options decides whether we should do SSL certificate verification and
    constructs an SSLClientConnectionCreator factory accordingly.
    """

    def __init__(self, config):
        self._config = config

        # Check if we're using a custom list of a CA certificates
        trust_root = config.federation_ca_trust_root
        if trust_root is None:
            # Use CA root certs provided by OpenSSL
            trust_root = platformTrust()

        # "insecurelyLowerMinimumTo" is the argument that will go lower than
        # Twisted's default, which is why it is marked as "insecure" (since
        # Twisted's defaults are reasonably secure). But, since Twisted is
        # moving to TLS 1.2 by default, we want to respect the config option if
        # it is set to 1.0 (which the alternate option, raiseMinimumTo, will not
        # let us do).
        minTLS = _TLS_VERSION_MAP[config.federation_client_minimum_tls_version]

        self._verify_ssl = CertificateOptions(
            trustRoot=trust_root, insecurelyLowerMinimumTo=minTLS
        )
        self._verify_ssl_context = self._verify_ssl.getContext()
        self._verify_ssl_context.set_info_callback(self._context_info_cb)

        self._no_verify_ssl = CertificateOptions(insecurelyLowerMinimumTo=minTLS)
        self._no_verify_ssl_context = self._no_verify_ssl.getContext()
        self._no_verify_ssl_context.set_info_callback(self._context_info_cb)

    def get_options(self, host):
        # Check if certificate verification has been enabled
        should_verify = self._config.federation_verify_certificates

        # Check if we've disabled certificate verification for this host
        if should_verify:
            for regex in self._config.federation_certificate_verification_whitelist:
                if regex.match(host):
                    should_verify = False
                    break

        ssl_context = (
            self._verify_ssl_context if should_verify else self._no_verify_ssl_context
        )

        return SSLClientConnectionCreator(host, ssl_context, should_verify)

    @staticmethod
    def _context_info_cb(ssl_connection, where, ret):
        """The 'information callback' for our openssl context object."""
        # we assume that the app_data on the connection object has been set to
        # a TLSMemoryBIOProtocol object. (This is done by SSLClientConnectionCreator)
        tls_protocol = ssl_connection.get_app_data()
        try:
            # ... we further assume that SSLClientConnectionCreator has set the
            # '_synapse_tls_verifier' attribute to a ConnectionVerifier object.
            tls_protocol._synapse_tls_verifier.verify_context_info_cb(
                ssl_connection, where
            )
        except:  # noqa: E722, taken from the twisted implementation
            logger.exception("Error during info_callback")
            f = Failure()
            tls_protocol.failVerification(f)


@implementer(IOpenSSLClientConnectionCreator)
class SSLClientConnectionCreator(object):
    """Creates openssl connection objects for client connections.

    Replaces twisted.internet.ssl.ClientTLSOptions
    """

    def __init__(self, hostname, ctx, verify_certs):
        self._ctx = ctx
        self._verifier = ConnectionVerifier(hostname, verify_certs)

    def clientConnectionForTLS(self, tls_protocol):
        context = self._ctx
        connection = SSL.Connection(context, None)

        # as per twisted.internet.ssl.ClientTLSOptions, we set the application
        # data to our TLSMemoryBIOProtocol...
        connection.set_app_data(tls_protocol)

        # ... and we also gut-wrench a '_synapse_tls_verifier' attribute into the
        # tls_protocol so that the SSL context's info callback has something to
        # call to do the cert verification.
        setattr(tls_protocol, "_synapse_tls_verifier", self._verifier)
        return connection


class ConnectionVerifier(object):
    """Set the SNI, and do cert verification

    This is a thing which is attached to the TLSMemoryBIOProtocol, and is called by
    the ssl context's info callback.
    """

    # This code is based on twisted.internet.ssl.ClientTLSOptions.

    def __init__(self, hostname, verify_certs):
        self._verify_certs = verify_certs

        if isIPAddress(hostname) or isIPv6Address(hostname):
            self._hostnameBytes = hostname.encode("ascii")
            self._is_ip_address = True
        else:
            # twisted's ClientTLSOptions falls back to the stdlib impl here if
            # idna is not installed, but points out that lacks support for
            # IDNA2008 (http://bugs.python.org/issue17305).
            #
            # We can rely on having idna.
            self._hostnameBytes = idna.encode(hostname)
            self._is_ip_address = False

        self._hostnameASCII = self._hostnameBytes.decode("ascii")

    def verify_context_info_cb(self, ssl_connection, where):
        if where & SSL.SSL_CB_HANDSHAKE_START and not self._is_ip_address:
            ssl_connection.set_tlsext_host_name(self._hostnameBytes)

        if where & SSL.SSL_CB_HANDSHAKE_DONE and self._verify_certs:
            try:
                if self._is_ip_address:
                    verify_ip_address(ssl_connection, self._hostnameASCII)
                else:
                    verify_hostname(ssl_connection, self._hostnameASCII)
            except VerificationError:
                f = Failure()
                tls_protocol = ssl_connection.get_app_data()
                tls_protocol.failVerification(f)
copyrights 2016-01-07 05:26:29 +01:00			`# Copyright 2014-2016 OpenMarket Ltd`
fix to use makeContext so that we don't need to rebuild the certificateoptions each time 2019-02-19 06:18:05 +01:00			`# Copyright 2019 New Vector Ltd`
Add copyright notices and fix pyflakes errors 2014-09-03 10:43:11 +02:00			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
fix to use makeContext so that we don't need to rebuild the certificateoptions each time 2019-02-19 06:18:05 +01:00
allow self-signed certificates 2018-06-26 20:41:05 +02:00			`import logging`
Add copyright notices and fix pyflakes errors 2014-09-03 10:43:11 +02:00
clean up impl, and import idna directly 2019-06-10 16:55:12 +02:00			`import idna`
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`from service_identity import VerificationError`
Fix federation connections to literal IP addresses turns out we need a shiny version of service_identity to enforce this correctly. 2019-06-10 16:58:35 +02:00			`from service_identity.pyopenssl import verify_hostname, verify_ip_address`
fix isort 2018-07-29 19:47:08 +02:00			`from zope.interface import implementer`

Fixes #3135 - Replace _OpenSSLECCurve with crypto.get_elliptic_curve (#3157) fixes #3135 Signed-off-by: Will Hunt will@half-shot.uk 2018-04-30 17:21:11 +02:00			`from OpenSSL import SSL, crypto`
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`from twisted.internet._sslverify import _defaultCurveName`
Don't send IP addresses as SNI (#4452) The problem here is that we have cut-and-pasted an impl from Twisted, and then failed to maintain it. It was fixed in Twisted in https://github.com/twisted/twisted/pull/1047/files; let's do the same here. 2019-01-24 10:34:44 +01:00			`from twisted.internet.abstract import isIPAddress, isIPv6Address`
allow self-signed certificates 2018-06-26 20:41:05 +02:00			`from twisted.internet.interfaces import IOpenSSLClientConnectionCreator`
Update the TLS cipher string and provide configurability for TLS on outgoing federation (#5550) 2019-06-28 10:19:09 +02:00			`from twisted.internet.ssl import (`
			`CertificateOptions,`
			`ContextFactory,`
			`TLSVersion,`
			`platformTrust,`
			`)`
include private functions from twisted 2018-08-09 21:04:22 +02:00			`from twisted.python.failure import Failure`
Add log message if we can't enable ECC. Require pyopenssl>=0.14 since 0.13 doesn't seem to have ECC 2014-10-24 20:27:12 +02:00
			`logger = logging.getLogger(__name__)`
Add server TLS context factory 2014-09-01 18:55:35 +02:00
Fix pep8 warnings 2014-10-30 12:10:17 +01:00
Update the TLS cipher string and provide configurability for TLS on outgoing federation (#5550) 2019-06-28 10:19:09 +02:00			`_TLS_VERSION_MAP = {`
			`"1": TLSVersion.TLSv1_0,`
			`"1.1": TLSVersion.TLSv1_1,`
			`"1.2": TLSVersion.TLSv1_2,`
			`"1.3": TLSVersion.TLSv1_3,`
			`}`


allow self-signed certificates 2018-06-26 20:41:05 +02:00			`class ServerContextFactory(ContextFactory):`
Add server TLS context factory 2014-09-01 18:55:35 +02:00			`"""Factory for PyOpenSSL SSL contexts that are used to handle incoming`
updated docstring for ServerContextFactory 2018-08-08 19:25:01 +02:00			`connections."""`
Add server TLS context factory 2014-09-01 18:55:35 +02:00
			`def __init__(self, config):`
			`self._context = SSL.Context(SSL.SSLv23_METHOD)`
			`self.configure_context(self._context, config)`

			`@staticmethod`
			`def configure_context(context, config):`
enable ECDHE ciphers 2014-09-01 23:29:31 +02:00			`try:`
Fixes #3135 - Replace _OpenSSLECCurve with crypto.get_elliptic_curve (#3157) fixes #3135 Signed-off-by: Will Hunt will@half-shot.uk 2018-04-30 17:21:11 +02:00			`_ecCurve = crypto.get_elliptic_curve(_defaultCurveName)`
			`context.set_tmp_ecdh(_ecCurve)`
replace 'except:' with 'except Exception:' what could possibly go wrong 2017-10-23 16:52:32 +02:00			`except Exception:`
typo 2015-07-08 19:53:41 +02:00			`logger.exception("Failed to enable elliptic curve for TLS")`
Update the TLS cipher string and provide configurability for TLS on outgoing federation (#5550) 2019-06-28 10:19:09 +02:00
			`context.set_options(`
			`SSL.OP_NO_SSLv2 \| SSL.OP_NO_SSLv3 \| SSL.OP_NO_TLSv1 \| SSL.OP_NO_TLSv1_1`
			`)`
remove the tls_certificate_chain_path param and simply support tls_certificate_path pointing to a file containing a chain of certificates 2015-07-09 01:45:41 +02:00			`context.use_certificate_chain_file(config.tls_certificate_file)`
Don't create server contexts when TLS is disabled we aren't going to use them anyway. 2019-02-11 22:30:59 +01:00			`context.use_privatekey(config.tls_private_key)`
Don't look for an TLS private key if we have set --no-tls 2015-03-06 12:34:06 +01:00
Require ECDH key exchange & remove dh_params (#4429) * remove dh_params and set better cipher string 2019-01-22 11:58:50 +01:00			`# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/`
			`context.set_cipher_list(`
Update the TLS cipher string and provide configurability for TLS on outgoing federation (#5550) 2019-06-28 10:19:09 +02:00			`"ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM"`
Require ECDH key exchange & remove dh_params (#4429) * remove dh_params and set better cipher string 2019-01-22 11:58:50 +01:00			`)`
Add server TLS context factory 2014-09-01 18:55:35 +02:00
			`def getContext(self):`
			`return self._context`
send SNI for federation requests 2018-06-24 22:38:43 +02:00

Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`class ClientTLSOptionsFactory(object):`
			`"""Factory for Twisted SSLClientConnectionCreators that are used to make connections`
			`to remote servers for federation.`
include private functions from twisted 2018-08-09 21:04:22 +02:00
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`Uses one of two OpenSSL context objects for all connections, depending on whether`
			`we should do SSL certificate verification.`
include private functions from twisted 2018-08-09 21:04:22 +02:00
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`get_options decides whether we should do SSL certificate verification and`
			`constructs an SSLClientConnectionCreator factory accordingly.`
allow self-signed certificates 2018-06-26 20:41:05 +02:00			`"""`
send SNI for federation requests 2018-06-24 22:38:43 +02:00
			`def __init__(self, config):`
Config option for verifying federation certificates (MSC 1711) (#4967) 2019-04-25 15:22:49 +02:00			`self._config = config`

			`# Check if we're using a custom list of a CA certificates`
			`trust_root = config.federation_ca_trust_root`
			`if trust_root is None:`
			`# Use CA root certs provided by OpenSSL`
			`trust_root = platformTrust()`

Update the TLS cipher string and provide configurability for TLS on outgoing federation (#5550) 2019-06-28 10:19:09 +02:00			`# "insecurelyLowerMinimumTo" is the argument that will go lower than`
			`# Twisted's default, which is why it is marked as "insecure" (since`
			`# Twisted's defaults are reasonably secure). But, since Twisted is`
			`# moving to TLS 1.2 by default, we want to respect the config option if`
			`# it is set to 1.0 (which the alternate option, raiseMinimumTo, will not`
			`# let us do).`
			`minTLS = _TLS_VERSION_MAP[config.federation_client_minimum_tls_version]`

			`self._verify_ssl = CertificateOptions(`
			`trustRoot=trust_root, insecurelyLowerMinimumTo=minTLS`
			`)`
			`self._verify_ssl_context = self._verify_ssl.getContext()`
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`self._verify_ssl_context.set_info_callback(self._context_info_cb)`
send SNI for federation requests 2018-06-24 22:38:43 +02:00
Update the TLS cipher string and provide configurability for TLS on outgoing federation (#5550) 2019-06-28 10:19:09 +02:00			`self._no_verify_ssl = CertificateOptions(insecurelyLowerMinimumTo=minTLS)`
			`self._no_verify_ssl_context = self._no_verify_ssl.getContext()`
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`self._no_verify_ssl_context.set_info_callback(self._context_info_cb)`
Config option for verifying federation certificates (MSC 1711) (#4967) 2019-04-25 15:22:49 +02:00
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`def get_options(self, host):`
Config option for verifying federation certificates (MSC 1711) (#4967) 2019-04-25 15:22:49 +02:00			`# Check if certificate verification has been enabled`
			`should_verify = self._config.federation_verify_certificates`

			`# Check if we've disabled certificate verification for this host`
			`if should_verify:`
			`for regex in self._config.federation_certificate_verification_whitelist:`
			`if regex.match(host):`
			`should_verify = False`
			`break`

Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`ssl_context = (`
			`self._verify_ssl_context if should_verify else self._no_verify_ssl_context`
			`)`

			`return SSLClientConnectionCreator(host, ssl_context, should_verify)`

			`@staticmethod`
			`def _context_info_cb(ssl_connection, where, ret):`
			`"""The 'information callback' for our openssl context object."""`
			`# we assume that the app_data on the connection object has been set to`
			`# a TLSMemoryBIOProtocol object. (This is done by SSLClientConnectionCreator)`
			`tls_protocol = ssl_connection.get_app_data()`
			`try:`
			`# ... we further assume that SSLClientConnectionCreator has set the`
rename gutwrenched attr 2019-06-10 18:51:11 +02:00			`# '_synapse_tls_verifier' attribute to a ConnectionVerifier object.`
			`tls_protocol._synapse_tls_verifier.verify_context_info_cb(`
			`ssl_connection, where`
			`)`
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`except: # noqa: E722, taken from the twisted implementation`
			`logger.exception("Error during info_callback")`
			`f = Failure()`
			`tls_protocol.failVerification(f)`


			`@implementer(IOpenSSLClientConnectionCreator)`
			`class SSLClientConnectionCreator(object):`
			`"""Creates openssl connection objects for client connections.`

			`Replaces twisted.internet.ssl.ClientTLSOptions`
			`"""`
rename gutwrenched attr 2019-06-10 18:51:11 +02:00
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`def __init__(self, hostname, ctx, verify_certs):`
			`self._ctx = ctx`
			`self._verifier = ConnectionVerifier(hostname, verify_certs)`

			`def clientConnectionForTLS(self, tls_protocol):`
			`context = self._ctx`
			`connection = SSL.Connection(context, None)`

			`# as per twisted.internet.ssl.ClientTLSOptions, we set the application`
			`# data to our TLSMemoryBIOProtocol...`
			`connection.set_app_data(tls_protocol)`

rename gutwrenched attr 2019-06-10 18:51:11 +02:00			`# ... and we also gut-wrench a '_synapse_tls_verifier' attribute into the`
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`# tls_protocol so that the SSL context's info callback has something to`
			`# call to do the cert verification.`
rename gutwrenched attr 2019-06-10 18:51:11 +02:00			`setattr(tls_protocol, "_synapse_tls_verifier", self._verifier)`
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`return connection`


			`class ConnectionVerifier(object):`
			`"""Set the SNI, and do cert verification`

			`This is a thing which is attached to the TLSMemoryBIOProtocol, and is called by`
			`the ssl context's info callback.`
			`"""`
rename gutwrenched attr 2019-06-10 18:51:11 +02:00
clean up impl, and import idna directly 2019-06-10 16:55:12 +02:00			`# This code is based on twisted.internet.ssl.ClientTLSOptions.`

Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`def __init__(self, hostname, verify_certs):`
			`self._verify_certs = verify_certs`
clean up impl, and import idna directly 2019-06-10 16:55:12 +02:00
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`if isIPAddress(hostname) or isIPv6Address(hostname):`
rename gutwrenched attr 2019-06-10 18:51:11 +02:00			`self._hostnameBytes = hostname.encode("ascii")`
Fix federation connections to literal IP addresses turns out we need a shiny version of service_identity to enforce this correctly. 2019-06-10 16:58:35 +02:00			`self._is_ip_address = True`
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`else:`
clean up impl, and import idna directly 2019-06-10 16:55:12 +02:00			`# twisted's ClientTLSOptions falls back to the stdlib impl here if`
			`# idna is not installed, but points out that lacks support for`
			`# IDNA2008 (http://bugs.python.org/issue17305).`
			`#`
			`# We can rely on having idna.`
			`self._hostnameBytes = idna.encode(hostname)`
Fix federation connections to literal IP addresses turns out we need a shiny version of service_identity to enforce this correctly. 2019-06-10 16:58:35 +02:00			`self._is_ip_address = False`
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00
			`self._hostnameASCII = self._hostnameBytes.decode("ascii")`

			`def verify_context_info_cb(self, ssl_connection, where):`
Fix federation connections to literal IP addresses turns out we need a shiny version of service_identity to enforce this correctly. 2019-06-10 16:58:35 +02:00			`if where & SSL.SSL_CB_HANDSHAKE_START and not self._is_ip_address:`
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`ssl_connection.set_tlsext_host_name(self._hostnameBytes)`
clean up impl, and import idna directly 2019-06-10 16:55:12 +02:00
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`if where & SSL.SSL_CB_HANDSHAKE_DONE and self._verify_certs:`
			`try:`
Fix federation connections to literal IP addresses turns out we need a shiny version of service_identity to enforce this correctly. 2019-06-10 16:58:35 +02:00			`if self._is_ip_address:`
			`verify_ip_address(ssl_connection, self._hostnameASCII)`
			`else:`
			`verify_hostname(ssl_connection, self._hostnameASCII)`
Share an SSL context object between SSL connections This involves changing how the info callbacks work. 2019-06-09 15:01:32 +02:00			`except VerificationError:`
			`f = Failure()`
			`tls_protocol = ssl_connection.get_app_data()`
			`tls_protocol.failVerification(f)`