Xray-core/transport/internet/tls/config.go

456 lines
12 KiB
Go

package tls
import (
"bytes"
"context"
"crypto/hmac"
"crypto/tls"
"crypto/x509"
"encoding/base64"
"os"
"strings"
"sync"
"time"
"github.com/xtls/xray-core/common/errors"
"github.com/xtls/xray-core/common/net"
"github.com/xtls/xray-core/common/ocsp"
"github.com/xtls/xray-core/common/platform/filesystem"
"github.com/xtls/xray-core/common/protocol/tls/cert"
"github.com/xtls/xray-core/transport/internet"
)
var globalSessionCache = tls.NewLRUClientSessionCache(128)
// ParseCertificate converts a cert.Certificate to Certificate.
func ParseCertificate(c *cert.Certificate) *Certificate {
if c != nil {
certPEM, keyPEM := c.ToPEM()
return &Certificate{
Certificate: certPEM,
Key: keyPEM,
}
}
return nil
}
func (c *Config) loadSelfCertPool() (*x509.CertPool, error) {
root := x509.NewCertPool()
for _, cert := range c.Certificate {
if !root.AppendCertsFromPEM(cert.Certificate) {
return nil, errors.New("failed to append cert").AtWarning()
}
}
return root, nil
}
// BuildCertificates builds a list of TLS certificates from proto definition.
func (c *Config) BuildCertificates() []*tls.Certificate {
certs := make([]*tls.Certificate, 0, len(c.Certificate))
for _, entry := range c.Certificate {
if entry.Usage != Certificate_ENCIPHERMENT {
continue
}
getX509KeyPair := func() *tls.Certificate {
keyPair, err := tls.X509KeyPair(entry.Certificate, entry.Key)
if err != nil {
errors.LogWarningInner(context.Background(), err, "ignoring invalid X509 key pair")
return nil
}
keyPair.Leaf, err = x509.ParseCertificate(keyPair.Certificate[0])
if err != nil {
errors.LogWarningInner(context.Background(), err, "ignoring invalid certificate")
return nil
}
return &keyPair
}
if keyPair := getX509KeyPair(); keyPair != nil {
certs = append(certs, keyPair)
} else {
continue
}
index := len(certs) - 1
setupOcspTicker(entry, func(isReloaded, isOcspstapling bool) {
cert := certs[index]
if isReloaded {
if newKeyPair := getX509KeyPair(); newKeyPair != nil {
cert = newKeyPair
} else {
return
}
}
if isOcspstapling {
if newOCSPData, err := ocsp.GetOCSPForCert(cert.Certificate); err != nil {
errors.LogWarningInner(context.Background(), err, "ignoring invalid OCSP")
} else if string(newOCSPData) != string(cert.OCSPStaple) {
cert.OCSPStaple = newOCSPData
}
}
certs[index] = cert
})
}
return certs
}
func setupOcspTicker(entry *Certificate, callback func(isReloaded, isOcspstapling bool)) {
go func() {
if entry.OneTimeLoading {
return
}
var isOcspstapling bool
hotReloadCertInterval := uint64(3600)
if entry.OcspStapling != 0 {
hotReloadCertInterval = entry.OcspStapling
isOcspstapling = true
}
t := time.NewTicker(time.Duration(hotReloadCertInterval) * time.Second)
for {
var isReloaded bool
if entry.CertificatePath != "" && entry.KeyPath != "" {
newCert, err := filesystem.ReadFile(entry.CertificatePath)
if err != nil {
errors.LogErrorInner(context.Background(), err, "failed to parse certificate")
return
}
newKey, err := filesystem.ReadFile(entry.KeyPath)
if err != nil {
errors.LogErrorInner(context.Background(), err, "failed to parse key")
return
}
if string(newCert) != string(entry.Certificate) || string(newKey) != string(entry.Key) {
entry.Certificate = newCert
entry.Key = newKey
isReloaded = true
}
}
callback(isReloaded, isOcspstapling)
<-t.C
}
}()
}
func isCertificateExpired(c *tls.Certificate) bool {
if c.Leaf == nil && len(c.Certificate) > 0 {
if pc, err := x509.ParseCertificate(c.Certificate[0]); err == nil {
c.Leaf = pc
}
}
// If leaf is not there, the certificate is probably not used yet. We trust user to provide a valid certificate.
return c.Leaf != nil && c.Leaf.NotAfter.Before(time.Now().Add(time.Minute*2))
}
func issueCertificate(rawCA *Certificate, domain string) (*tls.Certificate, error) {
parent, err := cert.ParseCertificate(rawCA.Certificate, rawCA.Key)
if err != nil {
return nil, errors.New("failed to parse raw certificate").Base(err)
}
newCert, err := cert.Generate(parent, cert.CommonName(domain), cert.DNSNames(domain))
if err != nil {
return nil, errors.New("failed to generate new certificate for ", domain).Base(err)
}
newCertPEM, newKeyPEM := newCert.ToPEM()
if rawCA.BuildChain {
newCertPEM = bytes.Join([][]byte{newCertPEM, rawCA.Certificate}, []byte("\n"))
}
cert, err := tls.X509KeyPair(newCertPEM, newKeyPEM)
return &cert, err
}
func (c *Config) getCustomCA() []*Certificate {
certs := make([]*Certificate, 0, len(c.Certificate))
for _, certificate := range c.Certificate {
if certificate.Usage == Certificate_AUTHORITY_ISSUE {
certs = append(certs, certificate)
setupOcspTicker(certificate, func(isReloaded, isOcspstapling bool) {})
}
}
return certs
}
func getGetCertificateFunc(c *tls.Config, ca []*Certificate) func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
var access sync.RWMutex
return func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
domain := hello.ServerName
certExpired := false
access.RLock()
certificate, found := c.NameToCertificate[domain]
access.RUnlock()
if found {
if !isCertificateExpired(certificate) {
return certificate, nil
}
certExpired = true
}
if certExpired {
newCerts := make([]tls.Certificate, 0, len(c.Certificates))
access.Lock()
for _, certificate := range c.Certificates {
if !isCertificateExpired(&certificate) {
newCerts = append(newCerts, certificate)
} else if certificate.Leaf != nil {
expTime := certificate.Leaf.NotAfter.Format(time.RFC3339)
errors.LogInfo(context.Background(), "old certificate for ", domain, " (expire on ", expTime, ") discarded")
}
}
c.Certificates = newCerts
access.Unlock()
}
var issuedCertificate *tls.Certificate
// Create a new certificate from existing CA if possible
for _, rawCert := range ca {
if rawCert.Usage == Certificate_AUTHORITY_ISSUE {
newCert, err := issueCertificate(rawCert, domain)
if err != nil {
errors.LogInfoInner(context.Background(), err, "failed to issue new certificate for ", domain)
continue
}
parsed, err := x509.ParseCertificate(newCert.Certificate[0])
if err == nil {
newCert.Leaf = parsed
expTime := parsed.NotAfter.Format(time.RFC3339)
errors.LogInfo(context.Background(), "new certificate for ", domain, " (expire on ", expTime, ") issued")
} else {
errors.LogInfoInner(context.Background(), err, "failed to parse new certificate for ", domain)
}
access.Lock()
c.Certificates = append(c.Certificates, *newCert)
issuedCertificate = &c.Certificates[len(c.Certificates)-1]
access.Unlock()
break
}
}
if issuedCertificate == nil {
return nil, errors.New("failed to create a new certificate for ", domain)
}
access.Lock()
c.BuildNameToCertificate()
access.Unlock()
return issuedCertificate, nil
}
}
func getNewGetCertificateFunc(certs []*tls.Certificate, rejectUnknownSNI bool) func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
return func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
if len(certs) == 0 {
return nil, errNoCertificates
}
sni := strings.ToLower(hello.ServerName)
if !rejectUnknownSNI && (len(certs) == 1 || sni == "") {
return certs[0], nil
}
gsni := "*"
if index := strings.IndexByte(sni, '.'); index != -1 {
gsni += sni[index:]
}
for _, keyPair := range certs {
if keyPair.Leaf.Subject.CommonName == sni || keyPair.Leaf.Subject.CommonName == gsni {
return keyPair, nil
}
for _, name := range keyPair.Leaf.DNSNames {
if name == sni || name == gsni {
return keyPair, nil
}
}
}
if rejectUnknownSNI {
return nil, errNoCertificates
}
return certs[0], nil
}
}
func (c *Config) parseServerName() string {
return c.ServerName
}
func (c *Config) verifyPeerCert(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
if c.PinnedPeerCertificateChainSha256 != nil {
hashValue := GenerateCertChainHash(rawCerts)
for _, v := range c.PinnedPeerCertificateChainSha256 {
if hmac.Equal(hashValue, v) {
return nil
}
}
return errors.New("peer cert is unrecognized: ", base64.StdEncoding.EncodeToString(hashValue))
}
if c.PinnedPeerCertificatePublicKeySha256 != nil {
for _, v := range verifiedChains {
for _, cert := range v {
publicHash := GenerateCertPublicKeyHash(cert)
for _, c := range c.PinnedPeerCertificatePublicKeySha256 {
if hmac.Equal(publicHash, c) {
return nil
}
}
}
}
return errors.New("peer public key is unrecognized.")
}
return nil
}
// GetTLSConfig converts this Config into tls.Config.
func (c *Config) GetTLSConfig(opts ...Option) *tls.Config {
root, err := c.getCertPool()
if err != nil {
errors.LogErrorInner(context.Background(), err, "failed to load system root certificate")
}
if c == nil {
return &tls.Config{
ClientSessionCache: globalSessionCache,
RootCAs: root,
InsecureSkipVerify: false,
NextProtos: nil,
SessionTicketsDisabled: true,
}
}
config := &tls.Config{
ClientSessionCache: globalSessionCache,
RootCAs: root,
InsecureSkipVerify: c.AllowInsecure,
NextProtos: c.NextProtocol,
SessionTicketsDisabled: !c.EnableSessionResumption,
VerifyPeerCertificate: c.verifyPeerCert,
}
for _, opt := range opts {
opt(config)
}
caCerts := c.getCustomCA()
if len(caCerts) > 0 {
config.GetCertificate = getGetCertificateFunc(config, caCerts)
} else {
config.GetCertificate = getNewGetCertificateFunc(c.BuildCertificates(), c.RejectUnknownSni)
}
if sn := c.parseServerName(); len(sn) > 0 {
config.ServerName = sn
}
if len(c.CurvePreferences) > 0 {
config.CurvePreferences = ParseCurveName(c.CurvePreferences)
}
if len(config.NextProtos) == 0 {
config.NextProtos = []string{"h2", "http/1.1"}
}
switch c.MinVersion {
case "1.0":
config.MinVersion = tls.VersionTLS10
case "1.1":
config.MinVersion = tls.VersionTLS11
case "1.2":
config.MinVersion = tls.VersionTLS12
case "1.3":
config.MinVersion = tls.VersionTLS13
}
switch c.MaxVersion {
case "1.0":
config.MaxVersion = tls.VersionTLS10
case "1.1":
config.MaxVersion = tls.VersionTLS11
case "1.2":
config.MaxVersion = tls.VersionTLS12
case "1.3":
config.MaxVersion = tls.VersionTLS13
}
if len(c.CipherSuites) > 0 {
id := make(map[string]uint16)
for _, s := range tls.CipherSuites() {
id[s.Name] = s.ID
}
for _, n := range strings.Split(c.CipherSuites, ":") {
if id[n] != 0 {
config.CipherSuites = append(config.CipherSuites, id[n])
}
}
}
if len(c.MasterKeyLog) > 0 && c.MasterKeyLog != "none" {
writer, err := os.OpenFile(c.MasterKeyLog, os.O_CREATE|os.O_RDWR|os.O_APPEND, 0644)
if err != nil {
errors.LogErrorInner(context.Background(), err, "failed to open ", c.MasterKeyLog, " as master key log")
} else {
config.KeyLogWriter = writer
}
}
return config
}
// Option for building TLS config.
type Option func(*tls.Config)
// WithDestination sets the server name in TLS config.
// Due to the incorrect structure of GetTLSConfig(), the config.ServerName will always be empty.
// So the real logic for SNI is:
// set it to dest -> overwrite it with servername(if it's len>0).
func WithDestination(dest net.Destination) Option {
return func(config *tls.Config) {
if config.ServerName == "" {
config.ServerName = dest.Address.String()
}
}
}
// WithNextProto sets the ALPN values in TLS config.
func WithNextProto(protocol ...string) Option {
return func(config *tls.Config) {
if len(config.NextProtos) == 0 {
config.NextProtos = protocol
}
}
}
// ConfigFromStreamSettings fetches Config from stream settings. Nil if not found.
func ConfigFromStreamSettings(settings *internet.MemoryStreamConfig) *Config {
if settings == nil {
return nil
}
config, ok := settings.SecuritySettings.(*Config)
if !ok {
return nil
}
return config
}
func ParseCurveName(curveNames []string) []tls.CurveID {
curveMap := map[string]tls.CurveID{
"curvep256": tls.CurveP256,
"curvep384": tls.CurveP384,
"curvep521": tls.CurveP521,
"x25519": tls.X25519,
"x25519kyber768draft00": 0x6399,
}
var curveIDs []tls.CurveID
for _, name := range curveNames {
if curveID, ok := curveMap[strings.ToLower(name)]; ok {
curveIDs = append(curveIDs, curveID)
} else {
errors.LogWarning(context.Background(), "unsupported curve name: "+name)
}
}
return curveIDs
}