ca.c revision 1.29
1/* $OpenBSD: ca.c,v 1.29 2018/05/24 11:38:24 gilles Exp $ */ 2 3/* 4 * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org> 5 * Copyright (c) 2012 Gilles Chehade <gilles@poolp.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20#include <sys/types.h> 21#include <sys/queue.h> 22#include <sys/socket.h> 23#include <sys/tree.h> 24 25#include <err.h> 26#include <imsg.h> 27#include <limits.h> 28#include <pwd.h> 29#include <signal.h> 30#include <stdlib.h> 31#include <string.h> 32#include <unistd.h> 33 34#include <openssl/ssl.h> 35#include <openssl/pem.h> 36#include <openssl/evp.h> 37#include <openssl/rsa.h> 38#include <openssl/engine.h> 39#include <openssl/err.h> 40 41#include "smtpd.h" 42#include "log.h" 43#include "ssl.h" 44 45static int ca_verify_cb(int, X509_STORE_CTX *); 46 47static int rsae_send_imsg(int, const unsigned char *, unsigned char *, 48 RSA *, int, unsigned int); 49static int rsae_pub_enc(int, const unsigned char *, unsigned char *, 50 RSA *, int); 51static int rsae_pub_dec(int,const unsigned char *, unsigned char *, 52 RSA *, int); 53static int rsae_priv_enc(int, const unsigned char *, unsigned char *, 54 RSA *, int); 55static int rsae_priv_dec(int, const unsigned char *, unsigned char *, 56 RSA *, int); 57static int rsae_mod_exp(BIGNUM *, const BIGNUM *, RSA *, BN_CTX *); 58static int rsae_bn_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *, 59 const BIGNUM *, BN_CTX *, BN_MONT_CTX *); 60static int rsae_init(RSA *); 61static int rsae_finish(RSA *); 62static int rsae_keygen(RSA *, int, BIGNUM *, BN_GENCB *); 63 64static uint64_t rsae_reqid = 0; 65 66static void 67ca_shutdown(void) 68{ 69 log_debug("debug: ca agent exiting"); 70 _exit(0); 71} 72 73int 74ca(void) 75{ 76 struct passwd *pw; 77 78 purge_config(PURGE_LISTENERS|PURGE_TABLES|PURGE_RULES|PURGE_DISPATCHERS); 79 80 if ((pw = getpwnam(SMTPD_USER)) == NULL) 81 fatalx("unknown user " SMTPD_USER); 82 83 if (chroot(PATH_CHROOT) == -1) 84 fatal("ca: chroot"); 85 if (chdir("/") == -1) 86 fatal("ca: chdir(\"/\")"); 87 88 config_process(PROC_CA); 89 90 if (setgroups(1, &pw->pw_gid) || 91 setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || 92 setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) 93 fatal("ca: cannot drop privileges"); 94 95 imsg_callback = ca_imsg; 96 event_init(); 97 98 signal(SIGINT, SIG_IGN); 99 signal(SIGTERM, SIG_IGN); 100 signal(SIGPIPE, SIG_IGN); 101 signal(SIGHUP, SIG_IGN); 102 103 config_peer(PROC_CONTROL); 104 config_peer(PROC_PARENT); 105 config_peer(PROC_PONY); 106 107 /* Ignore them until we get our config */ 108 mproc_disable(p_pony); 109 110 if (pledge("stdio", NULL) == -1) 111 err(1, "pledge"); 112 113 event_dispatch(); 114 fatalx("exited event loop"); 115 116 return (0); 117} 118 119void 120ca_init(void) 121{ 122 BIO *in = NULL; 123 EVP_PKEY *pkey = NULL; 124 struct pki *pki; 125 const char *k; 126 void *iter_dict; 127 128 log_debug("debug: init private ssl-tree"); 129 iter_dict = NULL; 130 while (dict_iter(env->sc_pki_dict, &iter_dict, &k, (void **)&pki)) { 131 if (pki->pki_key == NULL) 132 continue; 133 134 if ((in = BIO_new_mem_buf(pki->pki_key, 135 pki->pki_key_len)) == NULL) 136 fatalx("ca_launch: key"); 137 138 if ((pkey = PEM_read_bio_PrivateKey(in, 139 NULL, NULL, NULL)) == NULL) 140 fatalx("ca_launch: PEM"); 141 BIO_free(in); 142 143 pki->pki_pkey = pkey; 144 145 freezero(pki->pki_key, pki->pki_key_len); 146 pki->pki_key = NULL; 147 } 148} 149 150static int 151ca_verify_cb(int ok, X509_STORE_CTX *ctx) 152{ 153 switch (X509_STORE_CTX_get_error(ctx)) { 154 case X509_V_OK: 155 break; 156 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 157 break; 158 case X509_V_ERR_CERT_NOT_YET_VALID: 159 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 160 break; 161 case X509_V_ERR_CERT_HAS_EXPIRED: 162 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 163 break; 164 case X509_V_ERR_NO_EXPLICIT_POLICY: 165 break; 166 } 167 return ok; 168} 169 170int 171ca_X509_verify(void *certificate, void *chain, const char *CAfile, 172 const char *CRLfile, const char **errstr) 173{ 174 X509_STORE *store = NULL; 175 X509_STORE_CTX *xsc = NULL; 176 int ret = 0; 177 178 if ((store = X509_STORE_new()) == NULL) 179 goto end; 180 181 if (!X509_STORE_load_locations(store, CAfile, NULL)) { 182 log_warn("warn: unable to load CA file %s", CAfile); 183 goto end; 184 } 185 X509_STORE_set_default_paths(store); 186 187 if ((xsc = X509_STORE_CTX_new()) == NULL) 188 goto end; 189 190 if (X509_STORE_CTX_init(xsc, store, certificate, chain) != 1) 191 goto end; 192 193 X509_STORE_CTX_set_verify_cb(xsc, ca_verify_cb); 194 195 ret = X509_verify_cert(xsc); 196 197end: 198 *errstr = NULL; 199 if (ret != 1) { 200 if (xsc) 201 *errstr = X509_verify_cert_error_string(xsc->error); 202 else if (ERR_peek_last_error()) 203 *errstr = ERR_error_string(ERR_peek_last_error(), NULL); 204 } 205 206 X509_STORE_CTX_free(xsc); 207 X509_STORE_free(store); 208 209 return ret > 0 ? 1 : 0; 210} 211 212void 213ca_imsg(struct mproc *p, struct imsg *imsg) 214{ 215 RSA *rsa; 216 const void *from = NULL; 217 unsigned char *to = NULL; 218 struct msg m; 219 const char *pkiname; 220 size_t flen, tlen, padding; 221 struct pki *pki; 222 int ret = 0; 223 uint64_t id; 224 int v; 225 226 if (imsg == NULL) 227 ca_shutdown(); 228 229 switch (imsg->hdr.type) { 230 case IMSG_CONF_START: 231 return; 232 case IMSG_CONF_END: 233 ca_init(); 234 235 /* Start fulfilling requests */ 236 mproc_enable(p_pony); 237 return; 238 239 case IMSG_CTL_VERBOSE: 240 m_msg(&m, imsg); 241 m_get_int(&m, &v); 242 m_end(&m); 243 log_trace_verbose(v); 244 return; 245 246 case IMSG_CTL_PROFILE: 247 m_msg(&m, imsg); 248 m_get_int(&m, &v); 249 m_end(&m); 250 profiling = v; 251 return; 252 253 case IMSG_CA_PRIVENC: 254 case IMSG_CA_PRIVDEC: 255 m_msg(&m, imsg); 256 m_get_id(&m, &id); 257 m_get_string(&m, &pkiname); 258 m_get_data(&m, &from, &flen); 259 m_get_size(&m, &tlen); 260 m_get_size(&m, &padding); 261 m_end(&m); 262 263 pki = dict_get(env->sc_pki_dict, pkiname); 264 if (pki == NULL || pki->pki_pkey == NULL || 265 (rsa = EVP_PKEY_get1_RSA(pki->pki_pkey)) == NULL) 266 fatalx("ca_imsg: invalid pki"); 267 268 if ((to = calloc(1, tlen)) == NULL) 269 fatalx("ca_imsg: calloc"); 270 271 switch (imsg->hdr.type) { 272 case IMSG_CA_PRIVENC: 273 ret = RSA_private_encrypt(flen, from, to, rsa, 274 padding); 275 break; 276 case IMSG_CA_PRIVDEC: 277 ret = RSA_private_decrypt(flen, from, to, rsa, 278 padding); 279 break; 280 } 281 282 m_create(p, imsg->hdr.type, 0, 0, -1); 283 m_add_id(p, id); 284 m_add_int(p, ret); 285 if (ret > 0) 286 m_add_data(p, to, (size_t)ret); 287 m_close(p); 288 289 free(to); 290 RSA_free(rsa); 291 292 return; 293 } 294 295 errx(1, "ca_imsg: unexpected %s imsg", imsg_to_str(imsg->hdr.type)); 296} 297 298/* 299 * RSA privsep engine (called from unprivileged processes) 300 */ 301 302const RSA_METHOD *rsa_default = NULL; 303 304static RSA_METHOD rsae_method = { 305 "RSA privsep engine", 306 rsae_pub_enc, 307 rsae_pub_dec, 308 rsae_priv_enc, 309 rsae_priv_dec, 310 rsae_mod_exp, 311 rsae_bn_mod_exp, 312 rsae_init, 313 rsae_finish, 314 0, 315 NULL, 316 NULL, 317 NULL, 318 rsae_keygen 319}; 320 321static int 322rsae_send_imsg(int flen, const unsigned char *from, unsigned char *to, 323 RSA *rsa, int padding, unsigned int cmd) 324{ 325 int ret = 0; 326 struct imsgbuf *ibuf; 327 struct imsg imsg; 328 int n, done = 0; 329 const void *toptr; 330 char *pkiname; 331 size_t tlen; 332 struct msg m; 333 uint64_t id; 334 335 if ((pkiname = RSA_get_ex_data(rsa, 0)) == NULL) 336 return (0); 337 338 /* 339 * Send a synchronous imsg because we cannot defer the RSA 340 * operation in OpenSSL's engine layer. 341 */ 342 m_create(p_ca, cmd, 0, 0, -1); 343 rsae_reqid++; 344 m_add_id(p_ca, rsae_reqid); 345 m_add_string(p_ca, pkiname); 346 m_add_data(p_ca, (const void *)from, (size_t)flen); 347 m_add_size(p_ca, (size_t)RSA_size(rsa)); 348 m_add_size(p_ca, (size_t)padding); 349 m_flush(p_ca); 350 351 ibuf = &p_ca->imsgbuf; 352 353 while (!done) { 354 if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN) 355 fatalx("imsg_read"); 356 if (n == 0) 357 fatalx("pipe closed"); 358 359 while (!done) { 360 if ((n = imsg_get(ibuf, &imsg)) == -1) 361 fatalx("imsg_get error"); 362 if (n == 0) 363 break; 364 365 log_imsg(PROC_PONY, PROC_CA, &imsg); 366 367 switch (imsg.hdr.type) { 368 case IMSG_CA_PRIVENC: 369 case IMSG_CA_PRIVDEC: 370 break; 371 default: 372 /* Another imsg is queued up in the buffer */ 373 pony_imsg(p_ca, &imsg); 374 imsg_free(&imsg); 375 continue; 376 } 377 378 m_msg(&m, &imsg); 379 m_get_id(&m, &id); 380 if (id != rsae_reqid) 381 fatalx("invalid response id"); 382 m_get_int(&m, &ret); 383 if (ret > 0) 384 m_get_data(&m, &toptr, &tlen); 385 m_end(&m); 386 387 if (ret > 0) 388 memcpy(to, toptr, tlen); 389 done = 1; 390 391 imsg_free(&imsg); 392 } 393 } 394 mproc_event_add(p_ca); 395 396 return (ret); 397} 398 399static int 400rsae_pub_enc(int flen,const unsigned char *from, unsigned char *to, RSA *rsa, 401 int padding) 402{ 403 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 404 return (rsa_default->rsa_pub_enc(flen, from, to, rsa, padding)); 405} 406 407static int 408rsae_pub_dec(int flen,const unsigned char *from, unsigned char *to, RSA *rsa, 409 int padding) 410{ 411 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 412 return (rsa_default->rsa_pub_dec(flen, from, to, rsa, padding)); 413} 414 415static int 416rsae_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, 417 int padding) 418{ 419 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 420 if (RSA_get_ex_data(rsa, 0) != NULL) { 421 return (rsae_send_imsg(flen, from, to, rsa, padding, 422 IMSG_CA_PRIVENC)); 423 } 424 return (rsa_default->rsa_priv_enc(flen, from, to, rsa, padding)); 425} 426 427static int 428rsae_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, 429 int padding) 430{ 431 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 432 if (RSA_get_ex_data(rsa, 0) != NULL) { 433 return (rsae_send_imsg(flen, from, to, rsa, padding, 434 IMSG_CA_PRIVDEC)); 435 } 436 return (rsa_default->rsa_priv_dec(flen, from, to, rsa, padding)); 437} 438 439static int 440rsae_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) 441{ 442 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 443 return (rsa_default->rsa_mod_exp(r0, I, rsa, ctx)); 444} 445 446static int 447rsae_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 448 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) 449{ 450 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 451 return (rsa_default->bn_mod_exp(r, a, p, m, ctx, m_ctx)); 452} 453 454static int 455rsae_init(RSA *rsa) 456{ 457 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 458 if (rsa_default->init == NULL) 459 return (1); 460 return (rsa_default->init(rsa)); 461} 462 463static int 464rsae_finish(RSA *rsa) 465{ 466 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 467 if (rsa_default->finish == NULL) 468 return (1); 469 return (rsa_default->finish(rsa)); 470} 471 472static int 473rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) 474{ 475 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 476 return (rsa_default->rsa_keygen(rsa, bits, e, cb)); 477} 478 479void 480ca_engine_init(void) 481{ 482 ENGINE *e; 483 const char *errstr, *name; 484 485 if ((e = ENGINE_get_default_RSA()) == NULL) { 486 if ((e = ENGINE_new()) == NULL) { 487 errstr = "ENGINE_new"; 488 goto fail; 489 } 490 if (!ENGINE_set_name(e, rsae_method.name)) { 491 errstr = "ENGINE_set_name"; 492 goto fail; 493 } 494 if ((rsa_default = RSA_get_default_method()) == NULL) { 495 errstr = "RSA_get_default_method"; 496 goto fail; 497 } 498 } else if ((rsa_default = ENGINE_get_RSA(e)) == NULL) { 499 errstr = "ENGINE_get_RSA"; 500 goto fail; 501 } 502 503 if ((name = ENGINE_get_name(e)) == NULL) 504 name = "unknown RSA engine"; 505 506 log_debug("debug: %s: using %s", __func__, name); 507 508 if (rsa_default->flags & RSA_FLAG_SIGN_VER) 509 fatalx("unsupported RSA engine"); 510 511 if (rsa_default->rsa_mod_exp == NULL) 512 rsae_method.rsa_mod_exp = NULL; 513 if (rsa_default->bn_mod_exp == NULL) 514 rsae_method.bn_mod_exp = NULL; 515 if (rsa_default->rsa_keygen == NULL) 516 rsae_method.rsa_keygen = NULL; 517 rsae_method.flags = rsa_default->flags | 518 RSA_METHOD_FLAG_NO_CHECK; 519 rsae_method.app_data = rsa_default->app_data; 520 521 if (!ENGINE_set_RSA(e, &rsae_method)) { 522 errstr = "ENGINE_set_RSA"; 523 goto fail; 524 } 525 if (!ENGINE_set_default_RSA(e)) { 526 errstr = "ENGINE_set_default_RSA"; 527 goto fail; 528 } 529 530 return; 531 532 fail: 533 ssl_error(errstr); 534 fatalx("%s", errstr); 535} 536