TLS implementation

acinclude.m4

@@ -149,6 +149,94 @@ else
   AC_MSG_ERROR([Cannot find a type with size of 64 bits])
 fi])
 
+dnl
+dnl Macro: unet_TLS
+dnl
+dnl Set unet_cv_with_tls and TLS_C to an available TLS implementation.
+dnl
+AC_DEFUN([unet_TLS],
+[dnl Perform some preliminary checks for system TLS libraries.
+AX_CHECK_OPENSSL(, [:])
+PKG_CHECK_MODULES([GNUTLS], [gnutls], , [:])
+
+dnl --with-tls allows selection of the TLS library.
+AC_MSG_CHECKING([for a TLS library])
+AC_ARG_WITH([tls],
+[  --with-tls=library      TLS library to use (none, openssl, gnutls, libtls)],
+[unet_cv_with_tls=$with_tls],
+[AC_CACHE_VAL(unet_cv_with_tls,
+[unet_cv_with_tls=yes])])
+TLS_C=""
+
+dnl If --with-tls or --with-tls=yes, try to autodetect: OpenSSL first.
+if test x"$unet_cv_with_tls" = xyes ; then
+  if test x"$OPENSSL_LIBS" != x ; then
+    unet_cv_with_tls=openssl
+  fi
+fi
+dnl Try gnutls next.
+if test x"$unet_cv_with_tls" = xyes ; then
+  if test x"$GNUTLS_LIBS" != x ; then
+    unet_cv_with_tls=gnutls
+  fi
+fi
+dnl Try libtls next.
+if test x"$unet_cv_with_tls" = xyes ; then
+  dnl Temporarily disable pkg-config to force fallback path
+  dnl PKG_CHECK_MODULES([LIBTLS], [libtls], [
+  dnl   unet_cv_with_tls=libtls
+  dnl ], [
+    dnl Fallback for OpenBSD base (no .pc): header + symbol link test.
+    AC_CHECK_HEADER([tls.h], [
+      AC_CHECK_LIB([tls], [tls_init], [
+        unet_cv_with_tls=libtls
+        LIBTLS_LIBS="-ltls"
+        LIBTLS_CFLAGS=""
+        LIBTLS_LDFLAGS=""
+      ])
+    ])
+  dnl ])
+fi
+
+case x"$unet_cv_with_tls" in
+xopenssl)
+    CFLAGS="$CFLAGS $OPENSSL_CFLAGS"
+    LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"
+    LIBS="$LIBS $OPENSSL_LIBS"
+    TLS_C="tls_openssl.c"
+    ;;
+xgnutls)
+    CFLAGS="$CFLAGS $GNUTLS_CFLAGS"
+    LDFLAGS="$LDFLAGS $GNUTLS_LDFLAGS"
+    LIBS="$LIBS $GNUTLS_LIBS"
+    TLS_C="tls_gnutls.c"
+    ;;
+xlibtls)
+    # Ensure LIBTLS_LIBS is set even when explicitly specified
+    if test x"$LIBTLS_LIBS" = x ; then
+        LIBTLS_LIBS="-ltls"
+    fi
+    CFLAGS="$CFLAGS $LIBTLS_CFLAGS"
+    LDFLAGS="$LDFLAGS $LIBTLS_LDFLAGS"
+    LIBS="$LIBS $LIBTLS_LIBS"
+    TLS_C="tls_libtls.c"
+    ;;
+xyes|xno)
+    unet_cv_with_tls="none"
+    TLS_C="tls_none.c"
+    ;;
+esac
+if test x"$TLS_C" = x ; then
+  AC_MSG_WARN([Unknown TLS library $unet_cv_with_tls])
+  TLS_C="tls_none.c"
+fi
+AC_MSG_RESULT([$unet_cv_with_tls])
+AC_SUBST([TLS_C])
+
+if test x"$unet_cv_with_tls" = xopenssl ; then
+  AC_CHECK_FUNCS([SSL_set_ciphersuites])
+fi])
+
 dnl Written by John Hawkinson <jhawk@mit.edu>. This code is in the Public
 dnl Domain.
 dnl

configure.ac

@@ -724,6 +724,38 @@ AC_MSG_RESULT([$unet_cv_with_maxcon])
 AC_DEFINE_UNQUOTED(MAXCONNECTIONS, $unet_cv_with_maxcon,
 [Maximum number of network connections])
 
+
+# Call unet_TLS macro to set unet_cv_with_tls and TLS_C
+unet_TLS
+
+# Set Automake conditionals for each TLS backend
+case x"$unet_cv_with_tls" in
+    xopenssl)
+        AM_CONDITIONAL([TLS_OPENSSL], [true])
+        AM_CONDITIONAL([TLS_GNUTLS], [false])
+        AM_CONDITIONAL([TLS_LIBTLS], [false])
+        AM_CONDITIONAL([TLS_NONE], [false])
+        ;;
+    xgnutls)
+        AM_CONDITIONAL([TLS_OPENSSL], [false])
+        AM_CONDITIONAL([TLS_GNUTLS], [true])
+        AM_CONDITIONAL([TLS_LIBTLS], [false])
+        AM_CONDITIONAL([TLS_NONE], [false])
+        ;;
+    xlibtls)
+        AM_CONDITIONAL([TLS_OPENSSL], [false])
+        AM_CONDITIONAL([TLS_GNUTLS], [false])
+        AM_CONDITIONAL([TLS_LIBTLS], [true])
+        AM_CONDITIONAL([TLS_NONE], [false])
+        ;;
+    *)
+        AM_CONDITIONAL([TLS_OPENSSL], [false])
+        AM_CONDITIONAL([TLS_GNUTLS], [false])
+        AM_CONDITIONAL([TLS_LIBTLS], [false])
+        AM_CONDITIONAL([TLS_NONE], [true])
+        ;;
+esac
+
 dnl Finally really generate all output files:
 AC_CONFIG_FILES([Makefile ircd/Makefile ircd/test/Makefile])
 AC_OUTPUT
@@ -746,6 +778,7 @@ ircu is now hopefully configured for your system.
   CPath:               $unet_cv_with_cpath
   LPath:               $unet_cv_with_lpath
   Maximum connections: $unet_cv_with_maxcon
+  TLS implementation:  $unet_cv_with_tls
 
   poll() engine:       $unet_cv_enable_poll
   kqueue() engine:     $unet_cv_enable_kqueue

doc/example.conf

@@ -60,6 +60,8 @@
 #         dns vhost = "ipv6vhost";
 #         dns server = "ipaddress";
 #         dns server = "ipaddress2";
+#         tls certfile = "ircd.pem";
+#         tls keyfile = "ircd.key";
 # };
 #
 # If present, <virtual host> must contain a valid address in dotted
@@ -84,6 +86,12 @@
 # address, and the default DNS servers are read from /etc/resolv.conf.
 # In most cases, you do not need to specify either the dns vhost or
 # the dns server.
+#
+# The TLS certfile and keyfile contain, respectively, the public key
+# (and associated signatures for authenticating the public key) and the
+# private key for the server.  Both must be present, and name valid
+# files, for the server to establish or accept new TLS-protected
+# connections.
 General {
          name = "London.UK.Eu.UnderNet.org";
          description = "University of London, England";
@@ -272,6 +280,7 @@ Class {
 #  ip = "user@ip";
 #  password = "password";
 #  class = "classname";
+#  tls fingerprint = "tls-fingerprint-hex";
 # };
 #
 # Technical description (for examples, see below):
@@ -358,6 +367,17 @@ Client
  maxlinks = 5;
 };
 
+# You may restrict a Client connection to using a TLS client certificate
+# with a particular fingerprint.  The fingerprint is an SHA-256 digest,
+# so must be 64 hexadecimal characters long.  If a password is also
+# listed, both certificate and password must satisfy the configuration.
+Client {
+  host = "*@*";
+  ip = "*@*";
+  class = "Other";
+  tls fingerprint = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef";
+}
+
 # You can put an expression in the maxlinks value, which will make ircd
 # only accept a client when the total number of connections to the network
 # from the same IP number doesn't exceed this number.
@@ -564,6 +584,9 @@ Kill
 #  maxhops = 2;
 #  hub = "*.eu.undernet.org";
 #  autoconnect = no;
+#  tls = no;
+#  tls fingerprint = "tls-fingerprint-hex";
+#  tls ciphers = "";
 # };
 #
 # The "port" field defines the default port the server tries to connect
@@ -583,6 +606,13 @@ Kill
 # be introduced by a hub; the element 'hub;' is an alias for
 # 'hub = "*";'.
 #
+# The "tls" field defines whether TLS is required for connections to or
+# from this server.  If "tls = yes", then TLS fingerprint and ciphers
+# are used.  If "tls fingerprint" is present, the other server must use
+# a certificate with that fingerprint.  If "tls ciphers" is present, it
+# is given to the TLS library to restrict or prioritize particular
+# algorithms.  (See TLS_CIPHERS in readme.features for details.)
+#
 # Our primary uplink.
 Connect {
  name = "Amsterdam.NL.Eu.UnderNet.org";
@@ -655,6 +685,7 @@ CRULE
 #  name = "opername";
 #  password = "encryptedpass";
 #  class = "classname";
+#  tls fingerprint = "tls-fingerprint-hex";
 #  # You can also set any operator privilege; see the Class block
 #  # documentation for details.  A privilege defined for a single
 #  # Operator will override the privilege settings for the Class
@@ -667,6 +698,11 @@ CRULE
 # mechanisms.  If you use a password format that is NOT generated by
 # umkpasswd, ircu will not recognize the oper's password.
 #
+# If the tls fingerprint field is present, the client must be using TLS
+# with a certificate that has that fingerprint (in addition to any
+# checks for hostname or IP and password by the rest of the Operator
+# block).
+#
 # All privileges are shown with their default values; if you wish to
 # override defaults, you should set only those privileges for the
 # operator.  Listing defaulted privileges just makes things harder to
@@ -718,10 +754,15 @@ Operator {
 #  server = yes;
 #  # Setting to yes makes the port "hidden" from stats.
 #  hidden = yes;
+#  # Setting to yes makes the port a TLS-only port.
+#  tls = yes;
 #  # Setting to yes makes this for webirc clients only.
 #  # If the head-in-sand (HIS) webirc features are on, you probably
 #  # want WebIRC ports to also be hidden.
 #  WebIRC = yes;
+#  # Setting tls ciphers affects which TLS cipher suites are allowed on
+#  # this port.  See TLS_CIPHERS in readme.features for more details.
+#  tls ciphers = "";
 # };
 #
 # The port and vhost lines allow you to specify one or both of "ipv4"
@@ -763,10 +804,12 @@ Port {
  port = 6666;
 };
 
-# This is a hidden client port, listening on 168.8.21.107.
+# This is a hidden client port, listening on 168.8.21.107, that starts
+# each connection with TLS negotiation.
 Port {
  vhost = "168.8.21.107";
  hidden = yes;
+ tls = yes;
  port = 7000;
 };
 
@@ -979,6 +1022,10 @@ features
 #  "HIS_SERVERINFO" = "The Undernet Underworld";
 #  "HIS_URLSERVERS" = "http://www.undernet.org/servers.php";
 #  "URLREG" = "http://cservice.undernet.org/live/";
+#   TLS_CACERTFILE" = "ircd-ca.pem";
+#  "TLS_CACERTDIR" = "/etc/ssl/certs";
+#  "TLS_CIPHERS" = "";
+#  "TLS_ALLOW_SELFSIGNED" = "TRUE";
 };
 
 # Well, you have now reached the end of this sample configuration

doc/readme.features

@@ -137,6 +137,7 @@ It's used for providing promotional space to providers as per CFV-202
 
 KILL_IPMISMATCH
  * Type: boolean
+
  * Default: FALSE
 
 When a client connects to your server, the IP address of the client is
@@ -927,6 +928,112 @@ passwords, respectively) on channels where they are marked as channel
 managers.  This feature must be disabled until all servers on the
 network are able to interpret and handle these modes correctly.
 
+TLS_CACERTFILE
+ * Type: string
+ * Default: ""
+
+This optionally names a file that contains public keys for certificate
+authorities (CAs) that are trusted to sign keys for clients and servers
+connected to this server.  Certificates in this file take precedence
+over those in TLS_CACERTDIR.
+
+TLS_CACERTDIR
+ * Type: string
+ * Default: ""
+
+This optionally names a directory that contains public keys for
+certificate authorities (CAs) that are trusted to sign keys for clients
+and servers connected to this server.
+
+TLS_CIPHERS
+ * Type: string
+ * Default: ""
+
+This specifies the default list of ciphers to use.  This list is used
+for client connections that use STARTTLS, for outbound connections to
+servers with no "tls ciphers" directive in their Connect blocks, and for
+inbound connections on TLS-only ports with no "tls ciphers" directive in
+their Port blocks.
+
+This cipher list is interpreted by, and thus depends on, the TLS library
+in use:
+
+ - For all libraries, an empty string represents use of the library's
+   default cipher suites.
+ - For OpenSSL, it is parsed as "L1 L2" (two lists, separated by spaces)
+   where L1 is used for TLSv1.2 and below (with SSL_set_cipher_list())
+   and L2 is used for TLSv1.3 (with SSL_set_ciphersuites()).
+ - For GnuTLS, it is parsed as a "priority string" by the function
+   gnutls_priority_init() and then applied to sessions.
+ - For OpenBSD's libtls, it is passed to tls_config_set_ciphers().
+
+TLS_SSLV2
+ * Type: boolean
+ * Default: FALSE
+
+This controls whether SSLv2 connections are supported.  DO NOT USE SSLv2
+unless you are aware of, and willing to accept, the serious security
+weaknesses of the SSLv2 protocol.
+
+NOTE: This feature only affects ircu2 when using OpenSSL.  gnutls and
+libtls have no support for SSLv2.
+
+TLS_SSLV3
+ * Type: boolean
+ * Default: FALSE
+
+This controls whether SSLv3 connections are supported.  DO NOT USE SSLv3
+unless you are aware of, and willing to accept, the serious security
+weaknesses of the SSLv3 protocol.
+
+NOTE: This feature only affects ircu2 when using OpenSSL.  libtls has
+no support for SSLv2.  For gnutls, add "-VERS-SSL3.0" to TLS_CIPHERS.
+
+TLS_V1P0
+ * Type: boolean
+ * Default: FALSE (except for gnutls, which uses TRUE)
+
+This controls whether TLS 1.0 connections are supported.  This is
+strongly discouraged in favor of TLS 1.1 and later because of security
+weaknesses in CBC modes of operation under TLS 1.1.
+
+NOTE: This feature only affects ircu2 when using OpenSSL or libtls.  For
+gnutls, add "-VERS-TLS1.0" to TLS_CIPHERS.
+
+TLS_V1P1
+ * Type: boolean
+ * Default: TRUE
+
+This controls whether TLS 1.1 connections are supported.  In most cases,
+TLS 1.2 is strictly preferable to TLS 1.1, so a server might want to
+disable TLS 1.1.
+
+NOTE: This feature only affects ircu2 when using OpenSSL or libtls.  For
+gnutls, add "-VERS-TLS1.1" to TLS_CIPHERS.
+
+TLS_V1P2
+ * Type: boolean
+ * Default: TRUE
+
+This controls whether TLS 1.2 connections are supported.
+
+NOTE: This feature only affects ircu2 when using OpenSSL or libtls.  For
+gnutls, add "-VERS-TLS1.2" to TLS_CIPHERS.
+
+TLS_V1P3
+ * Type: boolean
+ * Default: TRUE
+
+This controls whether TLS 1.3 connections are supported.  This offers a
+number of minor security improvements over TLS 1.2, but is incompatible
+with some proxies, so it may break connections.  At the time of writing
+this documentation (December 2019), not all deployed TLS libraries
+support TLS 1.3; this feature setting is effectively false for such
+libraries.
+
+NOTE: This feature only affects ircu2 when using OpenSSL or libtls.  For
+gnutls, add "-VERS-TLS1.3" to TLS_CIPHERS.
+
 ZANNELS
  * Type: boolean
  * Default: FALSE