ca.c revision 1.5
1/* $OpenBSD: ca.c,v 1.5 2014/04/30 08:23:42 reyk Exp $ */ 2 3/* 4 * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org> 5 * Copyright (c) 2012 Gilles Chehade <gilles@poolp.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20#include <sys/types.h> 21#include <sys/queue.h> 22#include <sys/socket.h> 23 24#include <string.h> 25#include <stdlib.h> 26#include <imsg.h> 27 28#include <openssl/pem.h> 29#include <openssl/evp.h> 30#include <openssl/rsa.h> 31#include <openssl/engine.h> 32 33#include "smtpd.h" 34#include "log.h" 35#include "ssl.h" 36 37static int ca_verify_cb(int, X509_STORE_CTX *); 38 39static int rsae_send_imsg(int, const u_char *, u_char *, RSA *, 40 int, u_int); 41static int rsae_pub_enc(int, const u_char *, u_char *, RSA *, int); 42static int rsae_pub_dec(int,const u_char *, u_char *, RSA *, int); 43static int rsae_priv_enc(int, const u_char *, u_char *, RSA *, int); 44static int rsae_priv_dec(int, const u_char *, u_char *, RSA *, int); 45static int rsae_mod_exp(BIGNUM *, const BIGNUM *, RSA *, BN_CTX *); 46static int rsae_bn_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *, 47 const BIGNUM *, BN_CTX *, BN_MONT_CTX *); 48static int rsae_init(RSA *); 49static int rsae_finish(RSA *); 50static int rsae_sign(int, const u_char *, u_int, u_char *, u_int *, 51 const RSA *); 52static int rsae_verify(int dtype, const u_char *m, u_int, const u_char *, 53 u_int, const RSA *); 54static int rsae_keygen(RSA *, int, BIGNUM *, BN_GENCB *); 55 56static uint64_t rsae_reqid = 0; 57 58void 59ca_init(void) 60{ 61 BIO *in = NULL; 62 EVP_PKEY *pkey = NULL; 63 struct pki *pki; 64 const char *k; 65 void *iter_dict; 66 67 log_debug("debug: init private ssl-tree"); 68 iter_dict = NULL; 69 while (dict_iter(env->sc_pki_dict, &iter_dict, &k, (void **)&pki)) { 70 if (pki->pki_key == NULL) 71 continue; 72 73 if ((in = BIO_new_mem_buf(pki->pki_key, 74 pki->pki_key_len)) == NULL) 75 fatalx("ca_launch: key"); 76 77 if ((pkey = PEM_read_bio_PrivateKey(in, 78 NULL, NULL, NULL)) == NULL) 79 fatalx("ca_launch: PEM"); 80 BIO_free(in); 81 82 pki->pki_pkey = pkey; 83 84 explicit_bzero(pki->pki_key, pki->pki_key_len); 85 free(pki->pki_key); 86 pki->pki_key = NULL; 87 } 88} 89 90static int 91ca_verify_cb(int ok, X509_STORE_CTX *ctx) 92{ 93 switch (X509_STORE_CTX_get_error(ctx)) { 94 case X509_V_OK: 95 break; 96 case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: 97 log_warnx("warn: unable to get issuer cert"); 98 break; 99 case X509_V_ERR_CERT_NOT_YET_VALID: 100 case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: 101 log_warnx("warn: certificate not yet valid"); 102 break; 103 case X509_V_ERR_CERT_HAS_EXPIRED: 104 case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: 105 log_warnx("warn: certificate has expired"); 106 break; 107 case X509_V_ERR_NO_EXPLICIT_POLICY: 108 log_warnx("warn: no explicit policy"); 109 break; 110 } 111 return ok; 112} 113 114int 115ca_X509_verify(void *certificate, void *chain, const char *CAfile, 116 const char *CRLfile, const char **errstr) 117{ 118 X509_STORE *store = NULL; 119 X509_STORE_CTX *xsc = NULL; 120 int ret = 0; 121 122 if ((store = X509_STORE_new()) == NULL) 123 goto end; 124 125 if (! X509_STORE_load_locations(store, CAfile, NULL)) { 126 log_warn("warn: unable to load CA file %s", CAfile); 127 goto end; 128 } 129 X509_STORE_set_default_paths(store); 130 131 if ((xsc = X509_STORE_CTX_new()) == NULL) 132 goto end; 133 134 if (X509_STORE_CTX_init(xsc, store, certificate, chain) != 1) 135 goto end; 136 137 X509_STORE_CTX_set_verify_cb(xsc, ca_verify_cb); 138 139 ret = X509_verify_cert(xsc); 140 141end: 142 *errstr = NULL; 143 if (ret != 1) { 144 if (xsc) 145 *errstr = X509_verify_cert_error_string(xsc->error); 146 else if (ERR_peek_last_error()) 147 *errstr = ERR_error_string(ERR_peek_last_error(), NULL); 148 } 149 150 if (xsc) 151 X509_STORE_CTX_free(xsc); 152 if (store) 153 X509_STORE_free(store); 154 155 return ret > 0 ? 1 : 0; 156} 157 158void 159ca_imsg(struct mproc *p, struct imsg *imsg) 160{ 161 RSA *rsa; 162 const void *from = NULL; 163 u_char *to = NULL; 164 struct msg m; 165 const char *pkiname; 166 size_t flen, tlen, padding; 167 struct pki *pki; 168 int ret = 0; 169 uint64_t id; 170 171 m_msg(&m, imsg); 172 m_get_id(&m, &id); 173 m_get_string(&m, &pkiname); 174 m_get_data(&m, &from, &flen); 175 m_get_size(&m, &tlen); 176 m_get_size(&m, &padding); 177 m_end(&m); 178 179 pki = dict_get(env->sc_pki_dict, pkiname); 180 if (pki == NULL || pki->pki_pkey == NULL || 181 (rsa = EVP_PKEY_get1_RSA(pki->pki_pkey)) == NULL) 182 fatalx("ca_imsg: invalid pki"); 183 184 if ((to = calloc(1, tlen)) == NULL) 185 fatalx("ca_imsg: calloc"); 186 187 switch (imsg->hdr.type) { 188 case IMSG_CA_PRIVENC: 189 ret = RSA_private_encrypt(flen, from, to, rsa, 190 padding); 191 break; 192 case IMSG_CA_PRIVDEC: 193 ret = RSA_private_decrypt(flen, from, to, rsa, 194 padding); 195 break; 196 } 197 198 m_create(p, imsg->hdr.type, 0, 0, -1); 199 m_add_id(p, id); 200 m_add_int(p, ret); 201 if (ret > 0) 202 m_add_data(p, to, (size_t)ret); 203 m_close(p); 204 205 free(to); 206 RSA_free(rsa); 207} 208 209/* 210 * RSA privsep engine (called from unprivileged processes) 211 */ 212 213const RSA_METHOD *rsa_default = NULL; 214 215static RSA_METHOD rsae_method = { 216 "RSA privsep engine", 217 rsae_pub_enc, 218 rsae_pub_dec, 219 rsae_priv_enc, 220 rsae_priv_dec, 221 rsae_mod_exp, 222 rsae_bn_mod_exp, 223 rsae_init, 224 rsae_finish, 225 0, 226 NULL, 227 rsae_sign, 228 rsae_verify, 229 rsae_keygen 230}; 231 232static int 233rsae_send_imsg(int flen, const u_char *from, u_char *to, RSA *rsa, 234 int padding, u_int cmd) 235{ 236 int ret = 0; 237 struct imsgbuf *ibuf; 238 struct imsg imsg; 239 int n, done = 0; 240 const void *toptr; 241 char *pkiname; 242 size_t tlen; 243 struct msg m; 244 uint64_t id; 245 246 if ((pkiname = RSA_get_ex_data(rsa, 0)) == NULL) 247 return (0); 248 249 /* 250 * Send a synchronous imsg because we cannot defer the RSA 251 * operation in OpenSSL's engine layer. 252 */ 253 m_create(p_lka, cmd, 0, 0, -1); 254 rsae_reqid++; 255 m_add_id(p_lka, rsae_reqid); 256 m_add_string(p_lka, pkiname); 257 m_add_data(p_lka, (const void *)from, (size_t)flen); 258 m_add_size(p_lka, (size_t)RSA_size(rsa)); 259 m_add_size(p_lka, (size_t)padding); 260 m_flush(p_lka); 261 262 ibuf = &p_lka->imsgbuf; 263 264 while (!done) { 265 if ((n = imsg_read(ibuf)) == -1) 266 fatalx("imsg_read"); 267 if (n == 0) 268 fatalx("pipe closed"); 269 270 while (!done) { 271 if ((n = imsg_get(ibuf, &imsg)) == -1) 272 fatalx("imsg_get error"); 273 if (n == 0) 274 break; 275 276 log_imsg(PROC_PONY, PROC_LKA, &imsg); 277 278 switch (imsg.hdr.type) { 279 case IMSG_CA_PRIVENC: 280 case IMSG_CA_PRIVDEC: 281 break; 282 default: 283 /* Another imsg is queued up in the buffer */ 284 pony_imsg(p_lka, &imsg); 285 imsg_free(&imsg); 286 continue; 287 } 288 289 m_msg(&m, &imsg); 290 m_get_id(&m, &id); 291 if (id != rsae_reqid) 292 fatalx("invalid response id"); 293 m_get_int(&m, &ret); 294 if (ret > 0) 295 m_get_data(&m, &toptr, &tlen); 296 m_end(&m); 297 298 if (ret > 0) 299 memcpy(to, toptr, tlen); 300 done = 1; 301 302 imsg_free(&imsg); 303 } 304 } 305 mproc_event_add(p_lka); 306 307 return (ret); 308} 309 310static int 311rsae_pub_enc(int flen,const u_char *from, u_char *to, RSA *rsa,int padding) 312{ 313 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 314 return (rsa_default->rsa_pub_enc(flen, from, to, rsa, padding)); 315} 316 317static int 318rsae_pub_dec(int flen,const u_char *from, u_char *to, RSA *rsa,int padding) 319{ 320 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 321 return (rsa_default->rsa_pub_dec(flen, from, to, rsa, padding)); 322} 323 324static int 325rsae_priv_enc(int flen, const u_char *from, u_char *to, RSA *rsa, int padding) 326{ 327 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 328 if (RSA_get_ex_data(rsa, 0) != NULL) { 329 return (rsae_send_imsg(flen, from, to, rsa, padding, 330 IMSG_CA_PRIVENC)); 331 } 332 return (rsa_default->rsa_priv_enc(flen, from, to, rsa, padding)); 333} 334 335static int 336rsae_priv_dec(int flen, const u_char *from, u_char *to, RSA *rsa, int padding) 337{ 338 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 339 if (RSA_get_ex_data(rsa, 0) != NULL) { 340 return (rsae_send_imsg(flen, from, to, rsa, padding, 341 IMSG_CA_PRIVDEC)); 342 } 343 return (rsa_default->rsa_priv_dec(flen, from, to, rsa, padding)); 344} 345 346static int 347rsae_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) 348{ 349 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 350 return (rsa_default->rsa_mod_exp(r0, I, rsa, ctx)); 351} 352 353static int 354rsae_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 355 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) 356{ 357 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 358 return (rsa_default->bn_mod_exp(r, a, p, m, ctx, m_ctx)); 359} 360 361static int 362rsae_init(RSA *rsa) 363{ 364 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 365 if (rsa_default->init == NULL) 366 return (1); 367 return (rsa_default->init(rsa)); 368} 369 370static int 371rsae_finish(RSA *rsa) 372{ 373 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 374 if (rsa_default->finish == NULL) 375 return (1); 376 return (rsa_default->finish(rsa)); 377} 378 379static int 380rsae_sign(int type, const u_char *m, u_int m_length, u_char *sigret, 381 u_int *siglen, const RSA *rsa) 382{ 383 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 384 return (rsa_default->rsa_sign(type, m, m_length, 385 sigret, siglen, rsa)); 386} 387 388static int 389rsae_verify(int dtype, const u_char *m, u_int m_length, const u_char *sigbuf, 390 u_int siglen, const RSA *rsa) 391{ 392 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 393 return (rsa_default->rsa_verify(dtype, m, m_length, 394 sigbuf, siglen, rsa)); 395} 396 397static int 398rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) 399{ 400 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 401 return (rsa_default->rsa_keygen(rsa, bits, e, cb)); 402} 403 404int 405ca_engine_init(void) 406{ 407 ENGINE *e; 408 409 log_debug("debug: %s: %s", proc_name(smtpd_process), __func__); 410 411 if ((e = ENGINE_get_default_RSA()) == NULL || 412 (rsa_default = ENGINE_get_RSA(e)) == NULL) 413 return (-1); 414 415 if (rsa_default->flags & RSA_FLAG_SIGN_VER) 416 fatalx("unsupported RSA engine"); 417 418 if (rsa_default->rsa_mod_exp == NULL) 419 rsae_method.rsa_mod_exp = NULL; 420 if (rsa_default->rsa_mod_exp == NULL) 421 rsae_method.rsa_mod_exp = NULL; 422 if (rsa_default->bn_mod_exp == NULL) 423 rsae_method.bn_mod_exp = NULL; 424 if (rsa_default->rsa_keygen == NULL) 425 rsae_method.rsa_keygen = NULL; 426 rsae_method.flags = rsa_default->flags | 427 RSA_METHOD_FLAG_NO_CHECK; 428 rsae_method.app_data = rsa_default->app_data; 429 430 if (!ENGINE_set_RSA(e, &rsae_method) || 431 !ENGINE_set_default_RSA(e)) 432 return (-1); 433 434 return (0); 435} 436