ca.c revision 1.5 
1/*	$OpenBSD: ca.c,v 1.5 2014/04/30 08:23:42 reyk Exp $	*/
2
3/*
4 * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
5 * Copyright (c) 2012 Gilles Chehade <gilles@poolp.org>
6 *
7 * Permission to use, copy, modify, and distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 */
19
20#include <sys/types.h>
21#include <sys/queue.h>
22#include <sys/socket.h>
23
24#include <string.h>
25#include <stdlib.h>
26#include <imsg.h>
27
28#include <openssl/pem.h>
29#include <openssl/evp.h>
30#include <openssl/rsa.h>
31#include <openssl/engine.h>
32
33#include "smtpd.h"
34#include "log.h"
35#include "ssl.h"
36
37static int	 ca_verify_cb(int, X509_STORE_CTX *);
38
39static int	 rsae_send_imsg(int, const u_char *, u_char *, RSA *,
40		    int, u_int);
41static int	 rsae_pub_enc(int, const u_char *, u_char *, RSA *, int);
42static int	 rsae_pub_dec(int,const u_char *, u_char *, RSA *, int);
43static int	 rsae_priv_enc(int, const u_char *, u_char *, RSA *, int);
44static int	 rsae_priv_dec(int, const u_char *, u_char *, RSA *, int);
45static int	 rsae_mod_exp(BIGNUM *, const BIGNUM *, RSA *, BN_CTX *);
46static int	 rsae_bn_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *,
47		    const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
48static int	 rsae_init(RSA *);
49static int	 rsae_finish(RSA *);
50static int	 rsae_sign(int, const u_char *, u_int, u_char *, u_int *,
51		    const RSA *);
52static int	 rsae_verify(int dtype, const u_char *m, u_int, const u_char *,
53		    u_int, const RSA *);
54static int	 rsae_keygen(RSA *, int, BIGNUM *, BN_GENCB *);
55
56static uint64_t	 rsae_reqid = 0;
57
58void
59ca_init(void)
60{
61	BIO		*in = NULL;
62	EVP_PKEY	*pkey = NULL;
63	struct pki	*pki;
64	const char	*k;
65	void		*iter_dict;
66
67	log_debug("debug: init private ssl-tree");
68	iter_dict = NULL;
69	while (dict_iter(env->sc_pki_dict, &iter_dict, &k, (void **)&pki)) {
70		if (pki->pki_key == NULL)
71			continue;
72
73		if ((in = BIO_new_mem_buf(pki->pki_key,
74		    pki->pki_key_len)) == NULL)
75			fatalx("ca_launch: key");
76
77		if ((pkey = PEM_read_bio_PrivateKey(in,
78		    NULL, NULL, NULL)) == NULL)
79			fatalx("ca_launch: PEM");
80		BIO_free(in);
81
82		pki->pki_pkey = pkey;
83
84		explicit_bzero(pki->pki_key, pki->pki_key_len);
85		free(pki->pki_key);
86		pki->pki_key = NULL;
87	}
88}
89
90static int
91ca_verify_cb(int ok, X509_STORE_CTX *ctx)
92{
93	switch (X509_STORE_CTX_get_error(ctx)) {
94	case X509_V_OK:
95		break;
96        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
97		log_warnx("warn: unable to get issuer cert");
98		break;
99        case X509_V_ERR_CERT_NOT_YET_VALID:
100        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
101		log_warnx("warn: certificate not yet valid");
102		break;
103        case X509_V_ERR_CERT_HAS_EXPIRED:
104        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
105		log_warnx("warn: certificate has expired");
106		break;
107        case X509_V_ERR_NO_EXPLICIT_POLICY:
108		log_warnx("warn: no explicit policy");
109		break;
110	}
111	return ok;
112}
113
114int
115ca_X509_verify(void *certificate, void *chain, const char *CAfile,
116    const char *CRLfile, const char **errstr)
117{
118	X509_STORE     *store = NULL;
119	X509_STORE_CTX *xsc = NULL;
120	int		ret = 0;
121
122	if ((store = X509_STORE_new()) == NULL)
123		goto end;
124
125	if (! X509_STORE_load_locations(store, CAfile, NULL)) {
126		log_warn("warn: unable to load CA file %s", CAfile);
127		goto end;
128	}
129	X509_STORE_set_default_paths(store);
130
131	if ((xsc = X509_STORE_CTX_new()) == NULL)
132		goto end;
133
134	if (X509_STORE_CTX_init(xsc, store, certificate, chain) != 1)
135		goto end;
136
137	X509_STORE_CTX_set_verify_cb(xsc, ca_verify_cb);
138
139	ret = X509_verify_cert(xsc);
140
141end:
142	*errstr = NULL;
143	if (ret != 1) {
144		if (xsc)
145			*errstr = X509_verify_cert_error_string(xsc->error);
146		else if (ERR_peek_last_error())
147			*errstr = ERR_error_string(ERR_peek_last_error(), NULL);
148	}
149
150	if (xsc)
151		X509_STORE_CTX_free(xsc);
152	if (store)
153		X509_STORE_free(store);
154
155	return ret > 0 ? 1 : 0;
156}
157
158void
159ca_imsg(struct mproc *p, struct imsg *imsg)
160{
161	RSA			*rsa;
162	const void		*from = NULL;
163	u_char			 *to = NULL;
164	struct msg		 m;
165	const char		*pkiname;
166	size_t			 flen, tlen, padding;
167	struct pki		*pki;
168	int			 ret = 0;
169	uint64_t		 id;
170
171	m_msg(&m, imsg);
172	m_get_id(&m, &id);
173	m_get_string(&m, &pkiname);
174	m_get_data(&m, &from, &flen);
175	m_get_size(&m, &tlen);
176	m_get_size(&m, &padding);
177	m_end(&m);
178
179	pki = dict_get(env->sc_pki_dict, pkiname);
180	if (pki == NULL || pki->pki_pkey == NULL ||
181	    (rsa = EVP_PKEY_get1_RSA(pki->pki_pkey)) == NULL)
182		fatalx("ca_imsg: invalid pki");
183
184	if ((to = calloc(1, tlen)) == NULL)
185		fatalx("ca_imsg: calloc");
186
187	switch (imsg->hdr.type) {
188	case IMSG_CA_PRIVENC:
189		ret = RSA_private_encrypt(flen, from, to, rsa,
190		    padding);
191		break;
192	case IMSG_CA_PRIVDEC:
193		ret = RSA_private_decrypt(flen, from, to, rsa,
194		    padding);
195		break;
196	}
197
198	m_create(p, imsg->hdr.type, 0, 0, -1);
199	m_add_id(p, id);
200	m_add_int(p, ret);
201	if (ret > 0)
202		m_add_data(p, to, (size_t)ret);
203	m_close(p);
204
205	free(to);
206	RSA_free(rsa);
207}
208
209/*
210 * RSA privsep engine (called from unprivileged processes)
211 */
212
213const RSA_METHOD *rsa_default = NULL;
214
215static RSA_METHOD rsae_method = {
216	"RSA privsep engine",
217	rsae_pub_enc,
218	rsae_pub_dec,
219	rsae_priv_enc,
220	rsae_priv_dec,
221	rsae_mod_exp,
222	rsae_bn_mod_exp,
223	rsae_init,
224	rsae_finish,
225	0,
226	NULL,
227	rsae_sign,
228	rsae_verify,
229	rsae_keygen
230};
231
232static int
233rsae_send_imsg(int flen, const u_char *from, u_char *to, RSA *rsa,
234    int padding, u_int cmd)
235{
236	int		 ret = 0;
237	struct imsgbuf	*ibuf;
238	struct imsg	 imsg;
239	int		 n, done = 0;
240	const void	*toptr;
241	char		*pkiname;
242	size_t		 tlen;
243	struct msg	 m;
244	uint64_t	 id;
245
246	if ((pkiname = RSA_get_ex_data(rsa, 0)) == NULL)
247		return (0);
248
249	/*
250	 * Send a synchronous imsg because we cannot defer the RSA
251	 * operation in OpenSSL's engine layer.
252	 */
253	m_create(p_lka, cmd, 0, 0, -1);
254	rsae_reqid++;
255	m_add_id(p_lka, rsae_reqid);
256	m_add_string(p_lka, pkiname);
257	m_add_data(p_lka, (const void *)from, (size_t)flen);
258	m_add_size(p_lka, (size_t)RSA_size(rsa));
259	m_add_size(p_lka, (size_t)padding);
260	m_flush(p_lka);
261
262	ibuf = &p_lka->imsgbuf;
263
264	while (!done) {
265		if ((n = imsg_read(ibuf)) == -1)
266			fatalx("imsg_read");
267		if (n == 0)
268			fatalx("pipe closed");
269
270		while (!done) {
271			if ((n = imsg_get(ibuf, &imsg)) == -1)
272				fatalx("imsg_get error");
273			if (n == 0)
274				break;
275
276			log_imsg(PROC_PONY, PROC_LKA, &imsg);
277
278			switch (imsg.hdr.type) {
279			case IMSG_CA_PRIVENC:
280			case IMSG_CA_PRIVDEC:
281				break;
282			default:
283				/* Another imsg is queued up in the buffer */
284				pony_imsg(p_lka, &imsg);
285				imsg_free(&imsg);
286				continue;
287			}
288
289			m_msg(&m, &imsg);
290			m_get_id(&m, &id);
291			if (id != rsae_reqid)
292				fatalx("invalid response id");
293			m_get_int(&m, &ret);
294			if (ret > 0)
295				m_get_data(&m, &toptr, &tlen);
296			m_end(&m);
297
298			if (ret > 0)
299				memcpy(to, toptr, tlen);
300			done = 1;
301
302			imsg_free(&imsg);
303		}
304	}
305	mproc_event_add(p_lka);
306
307	return (ret);
308}
309
310static int
311rsae_pub_enc(int flen,const u_char *from, u_char *to, RSA *rsa,int padding)
312{
313	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
314	return (rsa_default->rsa_pub_enc(flen, from, to, rsa, padding));
315}
316
317static int
318rsae_pub_dec(int flen,const u_char *from, u_char *to, RSA *rsa,int padding)
319{
320	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
321	return (rsa_default->rsa_pub_dec(flen, from, to, rsa, padding));
322}
323
324static int
325rsae_priv_enc(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
326{
327	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
328	if (RSA_get_ex_data(rsa, 0) != NULL) {
329		return (rsae_send_imsg(flen, from, to, rsa, padding,
330		    IMSG_CA_PRIVENC));
331	}
332	return (rsa_default->rsa_priv_enc(flen, from, to, rsa, padding));
333}
334
335static int
336rsae_priv_dec(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
337{
338	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
339	if (RSA_get_ex_data(rsa, 0) != NULL) {
340		return (rsae_send_imsg(flen, from, to, rsa, padding,
341		    IMSG_CA_PRIVDEC));
342	}
343	return (rsa_default->rsa_priv_dec(flen, from, to, rsa, padding));
344}
345
346static int
347rsae_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
348{
349	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
350	return (rsa_default->rsa_mod_exp(r0, I, rsa, ctx));
351}
352
353static int
354rsae_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
355    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
356{
357	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
358	return (rsa_default->bn_mod_exp(r, a, p, m, ctx, m_ctx));
359}
360
361static int
362rsae_init(RSA *rsa)
363{
364	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
365	if (rsa_default->init == NULL)
366		return (1);
367	return (rsa_default->init(rsa));
368}
369
370static int
371rsae_finish(RSA *rsa)
372{
373	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
374	if (rsa_default->finish == NULL)
375		return (1);
376	return (rsa_default->finish(rsa));
377}
378
379static int
380rsae_sign(int type, const u_char *m, u_int m_length, u_char *sigret,
381    u_int *siglen, const RSA *rsa)
382{
383	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
384	return (rsa_default->rsa_sign(type, m, m_length,
385	    sigret, siglen, rsa));
386}
387
388static int
389rsae_verify(int dtype, const u_char *m, u_int m_length, const u_char *sigbuf,
390    u_int siglen, const RSA *rsa)
391{
392	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
393	return (rsa_default->rsa_verify(dtype, m, m_length,
394	    sigbuf, siglen, rsa));
395}
396
397static int
398rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
399{
400	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
401	return (rsa_default->rsa_keygen(rsa, bits, e, cb));
402}
403
404int
405ca_engine_init(void)
406{
407	ENGINE	*e;
408
409	log_debug("debug: %s: %s", proc_name(smtpd_process), __func__);
410
411	if ((e = ENGINE_get_default_RSA()) == NULL ||
412	    (rsa_default = ENGINE_get_RSA(e)) == NULL)
413		return (-1);
414
415	if (rsa_default->flags & RSA_FLAG_SIGN_VER)
416		fatalx("unsupported RSA engine");
417
418	if (rsa_default->rsa_mod_exp == NULL)
419		rsae_method.rsa_mod_exp = NULL;
420	if (rsa_default->rsa_mod_exp == NULL)
421		rsae_method.rsa_mod_exp = NULL;
422	if (rsa_default->bn_mod_exp == NULL)
423		rsae_method.bn_mod_exp = NULL;
424	if (rsa_default->rsa_keygen == NULL)
425		rsae_method.rsa_keygen = NULL;
426	rsae_method.flags = rsa_default->flags |
427	    RSA_METHOD_FLAG_NO_CHECK;
428	rsae_method.app_data = rsa_default->app_data;
429
430	if (!ENGINE_set_RSA(e, &rsae_method) ||
431	    !ENGINE_set_default_RSA(e))
432		return (-1);
433
434	return (0);
435}
436