ca.c revision 1.21
1/* $OpenBSD: ca.c,v 1.21 2016/02/02 21:18:04 gilles Exp $ */ 2 3/* 4 * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org> 5 * Copyright (c) 2012 Gilles Chehade <gilles@poolp.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20#include <sys/types.h> 21#include <sys/queue.h> 22#include <sys/socket.h> 23#include <sys/tree.h> 24 25#include <err.h> 26#include <imsg.h> 27#include <limits.h> 28#include <pwd.h> 29#include <signal.h> 30#include <stdlib.h> 31#include <string.h> 32#include <unistd.h> 33 34#include <openssl/ssl.h> 35#include <openssl/pem.h> 36#include <openssl/evp.h> 37#include <openssl/rsa.h> 38#include <openssl/engine.h> 39#include <openssl/err.h> 40 41#include "smtpd.h" 42#include "log.h" 43#include "ssl.h" 44 45static int ca_verify_cb(int, X509_STORE_CTX *); 46 47static int rsae_send_imsg(int, const unsigned char *, unsigned char *, 48 RSA *, int, unsigned int); 49static int rsae_pub_enc(int, const unsigned char *, unsigned char *, 50 RSA *, int); 51static int rsae_pub_dec(int,const unsigned char *, unsigned char *, 52 RSA *, int); 53static int rsae_priv_enc(int, const unsigned char *, unsigned char *, 54 RSA *, int); 55static int rsae_priv_dec(int, const unsigned char *, unsigned char *, 56 RSA *, int); 57static int rsae_mod_exp(BIGNUM *, const BIGNUM *, RSA *, BN_CTX *); 58static int rsae_bn_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *, 59 const BIGNUM *, BN_CTX *, BN_MONT_CTX *); 60static int rsae_init(RSA *); 61static int rsae_finish(RSA *); 62static int rsae_keygen(RSA *, int, BIGNUM *, BN_GENCB *); 63 64static uint64_t rsae_reqid = 0; 65 66static void 67ca_shutdown(void) 68{ 69 log_info("info: ca agent exiting"); 70 _exit(0); 71} 72 73static void 74ca_sig_handler(int sig, short event, void *p) 75{ 76 switch (sig) { 77 case SIGINT: 78 case SIGTERM: 79 ca_shutdown(); 80 break; 81 default: 82 fatalx("ca_sig_handler: unexpected signal"); 83 } 84} 85 86pid_t 87ca(void) 88{ 89 pid_t pid; 90 struct passwd *pw; 91 struct event ev_sigint; 92 struct event ev_sigterm; 93 94 switch (pid = fork()) { 95 case -1: 96 fatal("ca: cannot fork"); 97 case 0: 98 post_fork(PROC_CA); 99 break; 100 default: 101 return (pid); 102 } 103 104 purge_config(PURGE_LISTENERS|PURGE_TABLES|PURGE_RULES); 105 106 if ((pw = getpwnam(SMTPD_USER)) == NULL) 107 fatalx("unknown user " SMTPD_USER); 108 109 if (chroot(PATH_CHROOT) == -1) 110 fatal("ca: chroot"); 111 if (chdir("/") == -1) 112 fatal("ca: chdir(\"/\")"); 113 114 config_process(PROC_CA); 115 116 if (setgroups(1, &pw->pw_gid) || 117 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || 118 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) 119 fatal("ca: cannot drop privileges"); 120 121 imsg_callback = ca_imsg; 122 event_init(); 123 124 signal_set(&ev_sigint, SIGINT, ca_sig_handler, NULL); 125 signal_set(&ev_sigterm, SIGTERM, ca_sig_handler, NULL); 126 signal_add(&ev_sigint, NULL); 127 signal_add(&ev_sigterm, NULL); 128 signal(SIGPIPE, SIG_IGN); 129 signal(SIGHUP, SIG_IGN); 130 131 config_peer(PROC_CONTROL); 132 config_peer(PROC_PARENT); 133 config_peer(PROC_PONY); 134 config_done(); 135 136 /* Ignore them until we get our config */ 137 mproc_disable(p_pony); 138 139 if (pledge("stdio", NULL) == -1) 140 err(1, "pledge"); 141 142 if (event_dispatch() < 0) 143 fatal("event_dispatch"); 144 ca_shutdown(); 145 146 return (0); 147} 148 149void 150ca_init(void) 151{ 152 BIO *in = NULL; 153 EVP_PKEY *pkey = NULL; 154 struct pki *pki; 155 const char *k; 156 void *iter_dict; 157 158 log_debug("debug: init private ssl-tree"); 159 iter_dict = NULL; 160 while (dict_iter(env->sc_pki_dict, &iter_dict, &k, (void **)&pki)) { 161 if (pki->pki_key == NULL) 162 continue; 163 164 if ((in = BIO_new_mem_buf(pki->pki_key, 165 pki->pki_key_len)) == NULL) 166 fatalx("ca_launch: key"); 167 168 if ((pkey = PEM_read_bio_PrivateKey(in, 169 NULL, NULL, NULL)) == NULL) 170 fatalx("ca_launch: PEM"); 171 BIO_free(in); 172 173 pki->pki_pkey = pkey; 174 175 explicit_bzero(pki->pki_key, pki->pki_key_len); 176 free(pki->pki_key); 177 pki->pki_key = NULL; 178 } 179} 180 181static int 182ca_verify_cb(int ok, X509_STORE_CTX *ctx) 183{ 184 switch (X509_STORE_CTX_get_error(ctx)) { 185 case X509_V_OK: 186 break; 187 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 188 break; 189 case X509_V_ERR_CERT_NOT_YET_VALID: 190 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 191 break; 192 case X509_V_ERR_CERT_HAS_EXPIRED: 193 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 194 break; 195 case X509_V_ERR_NO_EXPLICIT_POLICY: 196 break; 197 } 198 return ok; 199} 200 201int 202ca_X509_verify(void *certificate, void *chain, const char *CAfile, 203 const char *CRLfile, const char **errstr) 204{ 205 X509_STORE *store = NULL; 206 X509_STORE_CTX *xsc = NULL; 207 int ret = 0; 208 209 if ((store = X509_STORE_new()) == NULL) 210 goto end; 211 212 if (!X509_STORE_load_locations(store, CAfile, NULL)) { 213 log_warn("warn: unable to load CA file %s", CAfile); 214 goto end; 215 } 216 X509_STORE_set_default_paths(store); 217 218 if ((xsc = X509_STORE_CTX_new()) == NULL) 219 goto end; 220 221 if (X509_STORE_CTX_init(xsc, store, certificate, chain) != 1) 222 goto end; 223 224 X509_STORE_CTX_set_verify_cb(xsc, ca_verify_cb); 225 226 ret = X509_verify_cert(xsc); 227 228end: 229 *errstr = NULL; 230 if (ret != 1) { 231 if (xsc) 232 *errstr = X509_verify_cert_error_string(xsc->error); 233 else if (ERR_peek_last_error()) 234 *errstr = ERR_error_string(ERR_peek_last_error(), NULL); 235 } 236 237 if (xsc) 238 X509_STORE_CTX_free(xsc); 239 if (store) 240 X509_STORE_free(store); 241 242 return ret > 0 ? 1 : 0; 243} 244 245void 246ca_imsg(struct mproc *p, struct imsg *imsg) 247{ 248 RSA *rsa; 249 const void *from = NULL; 250 unsigned char *to = NULL; 251 struct msg m; 252 const char *pkiname; 253 size_t flen, tlen, padding; 254 struct pki *pki; 255 int ret = 0; 256 uint64_t id; 257 int v; 258 259 if (p->proc == PROC_PARENT) { 260 switch (imsg->hdr.type) { 261 case IMSG_CONF_START: 262 return; 263 case IMSG_CONF_END: 264 ca_init(); 265 266 /* Start fulfilling requests */ 267 mproc_enable(p_pony); 268 return; 269 } 270 } 271 272 if (p->proc == PROC_CONTROL) { 273 switch (imsg->hdr.type) { 274 case IMSG_CTL_VERBOSE: 275 m_msg(&m, imsg); 276 m_get_int(&m, &v); 277 m_end(&m); 278 log_verbose(v); 279 return; 280 case IMSG_CTL_PROFILE: 281 m_msg(&m, imsg); 282 m_get_int(&m, &v); 283 m_end(&m); 284 profiling = v; 285 return; 286 } 287 } 288 289 if (p->proc == PROC_PONY) { 290 switch (imsg->hdr.type) { 291 case IMSG_CA_PRIVENC: 292 case IMSG_CA_PRIVDEC: 293 m_msg(&m, imsg); 294 m_get_id(&m, &id); 295 m_get_string(&m, &pkiname); 296 m_get_data(&m, &from, &flen); 297 m_get_size(&m, &tlen); 298 m_get_size(&m, &padding); 299 m_end(&m); 300 301 pki = dict_get(env->sc_pki_dict, pkiname); 302 if (pki == NULL || pki->pki_pkey == NULL || 303 (rsa = EVP_PKEY_get1_RSA(pki->pki_pkey)) == NULL) 304 fatalx("ca_imsg: invalid pki"); 305 306 if ((to = calloc(1, tlen)) == NULL) 307 fatalx("ca_imsg: calloc"); 308 309 switch (imsg->hdr.type) { 310 case IMSG_CA_PRIVENC: 311 ret = RSA_private_encrypt(flen, from, to, rsa, 312 padding); 313 break; 314 case IMSG_CA_PRIVDEC: 315 ret = RSA_private_decrypt(flen, from, to, rsa, 316 padding); 317 break; 318 } 319 320 m_create(p, imsg->hdr.type, 0, 0, -1); 321 m_add_id(p, id); 322 m_add_int(p, ret); 323 if (ret > 0) 324 m_add_data(p, to, (size_t)ret); 325 m_close(p); 326 327 free(to); 328 RSA_free(rsa); 329 330 return; 331 } 332 } 333 334 errx(1, "ca_imsg: unexpected %s imsg", imsg_to_str(imsg->hdr.type)); 335} 336 337/* 338 * RSA privsep engine (called from unprivileged processes) 339 */ 340 341const RSA_METHOD *rsa_default = NULL; 342 343static RSA_METHOD rsae_method = { 344 "RSA privsep engine", 345 rsae_pub_enc, 346 rsae_pub_dec, 347 rsae_priv_enc, 348 rsae_priv_dec, 349 rsae_mod_exp, 350 rsae_bn_mod_exp, 351 rsae_init, 352 rsae_finish, 353 0, 354 NULL, 355 NULL, 356 NULL, 357 rsae_keygen 358}; 359 360static int 361rsae_send_imsg(int flen, const unsigned char *from, unsigned char *to, 362 RSA *rsa, int padding, unsigned int cmd) 363{ 364 int ret = 0; 365 struct imsgbuf *ibuf; 366 struct imsg imsg; 367 int n, done = 0; 368 const void *toptr; 369 char *pkiname; 370 size_t tlen; 371 struct msg m; 372 uint64_t id; 373 374 if ((pkiname = RSA_get_ex_data(rsa, 0)) == NULL) 375 return (0); 376 377 /* 378 * Send a synchronous imsg because we cannot defer the RSA 379 * operation in OpenSSL's engine layer. 380 */ 381 m_create(p_ca, cmd, 0, 0, -1); 382 rsae_reqid++; 383 m_add_id(p_ca, rsae_reqid); 384 m_add_string(p_ca, pkiname); 385 m_add_data(p_ca, (const void *)from, (size_t)flen); 386 m_add_size(p_ca, (size_t)RSA_size(rsa)); 387 m_add_size(p_ca, (size_t)padding); 388 m_flush(p_ca); 389 390 ibuf = &p_ca->imsgbuf; 391 392 while (!done) { 393 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) 394 fatalx("imsg_read"); 395 if (n == 0) 396 fatalx("pipe closed"); 397 398 while (!done) { 399 if ((n = imsg_get(ibuf, &imsg)) == -1) 400 fatalx("imsg_get error"); 401 if (n == 0) 402 break; 403 404 log_imsg(PROC_PONY, PROC_CA, &imsg); 405 406 switch (imsg.hdr.type) { 407 case IMSG_CA_PRIVENC: 408 case IMSG_CA_PRIVDEC: 409 break; 410 default: 411 /* Another imsg is queued up in the buffer */ 412 pony_imsg(p_ca, &imsg); 413 imsg_free(&imsg); 414 continue; 415 } 416 417 m_msg(&m, &imsg); 418 m_get_id(&m, &id); 419 if (id != rsae_reqid) 420 fatalx("invalid response id"); 421 m_get_int(&m, &ret); 422 if (ret > 0) 423 m_get_data(&m, &toptr, &tlen); 424 m_end(&m); 425 426 if (ret > 0) 427 memcpy(to, toptr, tlen); 428 done = 1; 429 430 imsg_free(&imsg); 431 } 432 } 433 mproc_event_add(p_ca); 434 435 return (ret); 436} 437 438static int 439rsae_pub_enc(int flen,const unsigned char *from, unsigned char *to, RSA *rsa, 440 int padding) 441{ 442 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 443 return (rsa_default->rsa_pub_enc(flen, from, to, rsa, padding)); 444} 445 446static int 447rsae_pub_dec(int flen,const unsigned char *from, unsigned char *to, RSA *rsa, 448 int padding) 449{ 450 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 451 return (rsa_default->rsa_pub_dec(flen, from, to, rsa, padding)); 452} 453 454static int 455rsae_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, 456 int padding) 457{ 458 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 459 if (RSA_get_ex_data(rsa, 0) != NULL) { 460 return (rsae_send_imsg(flen, from, to, rsa, padding, 461 IMSG_CA_PRIVENC)); 462 } 463 return (rsa_default->rsa_priv_enc(flen, from, to, rsa, padding)); 464} 465 466static int 467rsae_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, 468 int padding) 469{ 470 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 471 if (RSA_get_ex_data(rsa, 0) != NULL) { 472 return (rsae_send_imsg(flen, from, to, rsa, padding, 473 IMSG_CA_PRIVDEC)); 474 } 475 return (rsa_default->rsa_priv_dec(flen, from, to, rsa, padding)); 476} 477 478static int 479rsae_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) 480{ 481 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 482 return (rsa_default->rsa_mod_exp(r0, I, rsa, ctx)); 483} 484 485static int 486rsae_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 487 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) 488{ 489 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 490 return (rsa_default->bn_mod_exp(r, a, p, m, ctx, m_ctx)); 491} 492 493static int 494rsae_init(RSA *rsa) 495{ 496 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 497 if (rsa_default->init == NULL) 498 return (1); 499 return (rsa_default->init(rsa)); 500} 501 502static int 503rsae_finish(RSA *rsa) 504{ 505 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 506 if (rsa_default->finish == NULL) 507 return (1); 508 return (rsa_default->finish(rsa)); 509} 510 511static int 512rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) 513{ 514 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 515 return (rsa_default->rsa_keygen(rsa, bits, e, cb)); 516} 517 518void 519ca_engine_init(void) 520{ 521 ENGINE *e; 522 const char *errstr, *name; 523 524 if ((e = ENGINE_get_default_RSA()) == NULL) { 525 if ((e = ENGINE_new()) == NULL) { 526 errstr = "ENGINE_new"; 527 goto fail; 528 } 529 if (!ENGINE_set_name(e, rsae_method.name)) { 530 errstr = "ENGINE_set_name"; 531 goto fail; 532 } 533 if ((rsa_default = RSA_get_default_method()) == NULL) { 534 errstr = "RSA_get_default_method"; 535 goto fail; 536 } 537 } else if ((rsa_default = ENGINE_get_RSA(e)) == NULL) { 538 errstr = "ENGINE_get_RSA"; 539 goto fail; 540 } 541 542 if ((name = ENGINE_get_name(e)) == NULL) 543 name = "unknown RSA engine"; 544 545 log_debug("debug: %s: using %s", __func__, name); 546 547 if (rsa_default->flags & RSA_FLAG_SIGN_VER) 548 fatalx("unsupported RSA engine"); 549 550 if (rsa_default->rsa_mod_exp == NULL) 551 rsae_method.rsa_mod_exp = NULL; 552 if (rsa_default->bn_mod_exp == NULL) 553 rsae_method.bn_mod_exp = NULL; 554 if (rsa_default->rsa_keygen == NULL) 555 rsae_method.rsa_keygen = NULL; 556 rsae_method.flags = rsa_default->flags | 557 RSA_METHOD_FLAG_NO_CHECK; 558 rsae_method.app_data = rsa_default->app_data; 559 560 if (!ENGINE_set_RSA(e, &rsae_method)) { 561 errstr = "ENGINE_set_RSA"; 562 goto fail; 563 } 564 if (!ENGINE_set_default_RSA(e)) { 565 errstr = "ENGINE_set_default_RSA"; 566 goto fail; 567 } 568 569 return; 570 571 fail: 572 ssl_error(errstr); 573 fatalx("%s", errstr); 574} 575