Where to find trusted root certificates on every OS to satisfy mbedtls? - c++

I'm writing a cross platform websocket client using mbedtls. Now I'm left with the burden of feeding a suitable pack of trustet root certificates to the mbedtls API which looks like this:
/* Structure to load trusted root certs into. */
mbedtls_x509_crt ca_certs;
mbedtls_x509_crt_init(&ca_certs);
/* Parse the file with root certificates. */
if (mbedtls_x509_crt_parse_file(&ca_certs, "trusted_certs.pem") != 0) {
exit(EXIT_FAILURE);
}
/* Set the certificates as trusted for this session. */
mbedtls_ssl_conf_ca_chain(&conf, &ca_certs, NULL);
It's pretty straightforward, I just need to concatenate all found certificates and feed it into the function.
I know that on my embedded system (esp32) which is also using
mbedtls, there's already a library that provides me with the
system-wide CA store, so that should be no problem.
On linux systems I know that the certificate bundle will mostly
reside under /etc/ssl/certs. Question: Is this true for every
(major) distribution?
On Windows I frankly have no idea. There seems to be something like a certificate store, but how do I get my certificates out of there?
On Apple I don't really care (yet) <3
A reference codebase would also be very helpful!

Related

Using Boost Beast to build Platform specific client-side authentication in SSL connection

I’m working on boost::beast based application on macOS platform, and I wonder how I can provide a client-side certificate to authenticate against the server ?
basically , in macOS the certificates are stored in keychain, and cannot be exported (backed by dedicated hardware called secured-enclave for better security)…
So I wonder if there’s any callback suitable to sign server’s challenge manually with native macOS native code that send the challenge to the keychain/secure-enclave for signing.
basically, I'm looking for a callback that have roughly the following signature :
bool validate_client_side_certificate(const std::string& challenge)
So basically What I've got right not is the ability to provide the certificate + private key from file
boost::asio::ssl::context ctx_;
std::string client_cert_ = read_pem_file(client_cert_path);
std::string client_cert_private_key_ = read_pem_file(private_key_path);
ctx_.use_certificate(
boost::asio::buffer(client_cert_.c_str(), client_cert_.length()),
boost::asio::ssl::context::pem);
ctx_.use_private_key(
boost::asio::buffer(client_cert_key_.c_str(), client_cert_key_.length()),
boost::asio::ssl::context::pem);
This flow works perfectly, but if I want to use the certificates that are inside the keychain (macOS storage for crypto data) I cannot get the private key but only a reference (because it's protected).
So in macOS we cannot just provide the private key to ctx_ do that the challenge will be signed automatically. instead, we need to get the callback that occur when client-side authentication is required, along with the challenge... and use macOS native code to sign the challenge inside the keychain hardware, using the key reference.
See set_verify_callback
There are examples here:
asio/example/cpp11/ssl/client.cpp
asio/example/cpp03/ssl/client.cpp
You can see it integrated in Beast's ssl_stream: https://www.boost.org/doc/libs/1_78_0/libs/beast/doc/html/beast/ref/boost__beast__ssl_stream/set_verify_callback/overload2.html

How to implement secure socket communication in c++ application using winsock?

I am trying to implement secure communication between a server and client in c++. The limitation is that both the client and server must run on windows and have to be in c++. This is for a research project I am working on at my university.
So far I have found that SChannel is the best option, but the documentation is extremely confusing and I can not find any guides/tutorials on how to use it. I have already looked at this link https://learn.microsoft.com/en-us/windows/desktop/secauthn/creating-a-secure-connection-using-schannel but still do not understand how to get it working. Could someone guide me through this if this is the best way?
I also looked into use SSLStream using the CLR to have .net run inside of a c++ application. However I can not use this because the client application is threaded and threads can't be used with CLR.
I already have a dummy client and server set up with communication between the two, I am just trying to secure and encrypt that communication.
Any help is greatly appreciated!
Whichever SSL library you choose to use there are a few things you need to know as a beginner in this field:
The server and client implementations will end up looking quite different in places.
Your server is absolutely going to need a certificate with a private key. During development you clearly don't want to get one from Verisign or something so you need to create a self-signed certificate. You can do this with openssl or other tools.
The certificate consists of a private part and a public part. The public part needs to go to the client, and will be used to validate the connection. When you are using something like SChannel the certificates (private and public) will need to be installed in the certificate stores of the server and client respectively.
SChannel does not send or receive data for you. So the core of your implementation is going to be: when the network has data: read ciphertext from socket and write to SChannel. Read clear text from SChannel (if any) and pass to application. When the application has data to send, get clear text from Application and pass to SChannel. Get the resulting ciphertext buffers from SChannel and write to the socket.
buffers from the internet may be partial, and negotiations and re-negotiations means there's no 1:1 mapping of passing data into SChannel and getting data out.
You therefore can't get away with a naive implementation that calls SChannel once to pass data in, and once again to get un/encrypted data. There will potentially be nothing available, or a whole lot of packets to send between the client and the server, before you'll get any application bytes. i.e. You will need some kind of state machine to keeptrack of this.
Obviously, don't write both the client and server at the same time: Start with your client against an https server.
That's the general outline of the process - the things that confused me when I first encountered SSL and why none of the samples were nearly as simple as I had hoped them to be.

Using ECDHE TLS with Boost ASIO

The TL;DR version
I'd like to know:
Where does the specification for the use of ECDHE get defined (in a cert parameter or a server configuration of SSL contexts, or elsewhere)?
In a non-home-rolled certificate setup, who's responsibility is it to define the ECDHE public and private information (the end user or cert provider)?
Can an existing Certificate which does not appear to use ECDHE be made to without causing issues with the Certificate?
Are there any examples of someone using SSL in Boost::ASIO with an ECDHE setup?
The Longer Version
We've been building an application which is using a proper-paid-for certificate from an external Cert Authority. The application uses a home-rolled server setup based off of Boost ASIO and Boost Beast, and we only recently noticed it doesn't play nice with iOS - ASIO says there is no shared cipher.
Reading into how TLS works has led me to the fact that some part of our server was preventing us from serving TLS using the ECDHE-* suite of ciphers (which iOS seems to want) - but I'm having difficulty in figuring out how to wrangle ASIO and our current cert/key into serving ECDHE.
What I've tried:
Using the same cert and key, adding in the results of openssl dhparam into ASIO using set_tmp_dh, then specifying ciphers. Curl reports that this allows a connection using DHE but not ECDHE. Specifying ciphers that only use ECDHE causes errors when connecting.
Trying to pass the output of openssl ecparam to ASIO using a similar method to the above. I've not been able to format something that ASIO accepts.
Trying to see if there is a way you can use the output of openssl ecparam with another combining function to modify the original cert into one that uses ECDHE. I clued onto this one from the OpenSSL wiki suggesting that if the cert does not contain the line ASN1 OID: prime256v1 (or a similar named curve), then it is not suitable for ECDHE usage.
At this point I'm unsure as to where the issue truly lies (in ASIO, in the certificates or in how I'm putting it all together) and most of the information on the internet I can find relates to home-rolling everything from scratch, rather than working with existing certs.
Update 11/05/19
https://github.com/chriskohlhoff/asio/pull/117 pulled in changes for ASIO with ECDHE. Will need to wait a while to see which Boost lib version it makes it into.
Original Answer
I seem to have found an answer for any googlers - ASIO does not appear to support ECDHE natively at the time of writing. This issue from the main repo suggests that ECDHE is on the cards for support but is not yet implemented.
Here is a link to the ECDHE implementation that's been waiting to be merged since 2016: https://github.com/chriskohlhoff/asio/pull/117.
+1 to get the attention of the Boost ASIO maintainer; he's been pretty slow with it.

libcurl ca bundle included in binary

I have an application which statically linked with all dependent libraries and at the end I have a single binary file for Windows and Linux.
Is there a way to set ca certificate at compile time the content wil be included together with binary and it will not be necessary to move it together with application binary.
If you use the native SSL library on Windows (sometimes referred to as winssl), there's no need to ship any CA cert at all since curl will then use the internal one Windows features.
If you built libcurl to use OpenSSL, you can set a callback to verify the CA with a fixed built-in CA store. Showed in the cacertinmem example on the curl web site using the CURLOPT_SSL_CTX_FUNCTION option.
Shipping an app with a fixed internal CA cert storage might be troublesome when the services your app are using update/change their certs along the way, so maybe using an external file that you can update occasionally is still a better idea?

How to perform successful SSL encryption with pkcs12/pfx in Qt on Mac OSX?

Novice to Qt and developing a cross platform app, which requires SSL authentication from the server as well as client sides The .pem based encryption is working on Linux, Android, Windows. However there are problems with Mac OSX. Our code looks like below:
QFile privateKeyFile(":/Certificate.pem"); // --> has certificate + key
privateKeyFile.open(QIODevice::ReadOnly | QIODevice::Text);
setLocalCertificateChain(QSslCertificate::fromPath(":/Certificate.pem", QSsl::Pem));
setPrivateKey(QSslKey(privateKeyFile.readAll(), QSsl::Rsa));
In above code privateKey().isNull() returns true for Mac. When we referred this post, it says that Mac doesn't support .pem based encryption.
The Secure Transport back-end to curl only supports client IDs that are in PKCS#12 (P12) format; it does not support client IDs in PEM format because Apple does not allow us to create a security identity from an identity file in PEM format without using a private API. And we can't use the private API, because apps that use private API are not allowed in any of Apple's app stores.
With my limited understanding, I interpreted that .pem is not a good idea for SSL communication with the server. Please stop me if it's wrong!
Hence, we decided to move to .pfx for all the platforms. We already had a .pfx file with a passphrase. We converted above code to be compatible with .pfx (i.e. "Certificate.pfx", we had this old file along with "Certificate.pem"). Instead of QSsl::Pem, we tried QSsl::Der. But as expected, it didn't work. However, there was no encryption error either, but we are sure that we are doing something wrong. :-)
We referred this post and try to regenerate a .pfx from .pem, but that also didn't help.
QSslCertificate::importPkcs12 fails to parse PFX file
In above case, the QSslCertificate::importPkcs12() returns false for the original .pfx file. Even if we generate a new .pfx from the command line, that also fails for the above function.
Question: Can someone help with exact way of performing the .pfx encryption with the server?
.pem authentication is also fine.
Note:
Server supports both .pfx & .pem. That we confirmed with regular C OpenSSL libraries. But we want to achieve it using Qt.
We are open to formats other than .pfx, should they work in all the platforms
DISCLAIMER: I am writing this from the top of my mind, since I don't personally own a Mac and cannot verify it anymore.
We had this exact problem about a year or two ago at my last job.
It all boils down to Apple dropping support for OpenSSL.
Because of that, Qt switched from OpenSSL backend to Secure Transport backend on Mac with Qt5.6. Now the Secure Transport implementation is lacking some features. For example we were not able to load private key pem-files. I think switching from PKCS#8 to PKCS#1 helped, which can both be stored in .pem files and look almost identical, so that took a while to figure out.
We also noticed that a successfully loaded private key will be stored inside the Mac's key store and could be viewed and exported from there by the user, which we also did not want.
We finally went with re-compiling the QtNetwork module to use OpenSSL instead of Secure Transport. You will need to provide OpenSSL for that, since OSX does not include the headers anymore. A homebrew installation was sufficient I think. Other than that the compilation was surprisingly painless and fast, since you just have to compile one small module, not the whole Qt.
The easiest way to do this is:
download the source distribution of the Qt version you are running
./configure it to use OpenSSL (the -openssl switch I believe)
cdinto the network folder
make
copy the generated QtNetwork.framework inside your Qt-Installation and replace the existing one.
With that everything worked as expected.