1 /* $OpenBSD: ca.c,v 1.40 2015/12/07 12:46:37 reyk Exp $ */ 2 3 /* 4 * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/queue.h> 20 #include <sys/socket.h> 21 #include <sys/wait.h> 22 #include <sys/uio.h> 23 24 #include <stdlib.h> 25 #include <stdio.h> 26 #include <unistd.h> 27 #include <dirent.h> 28 #include <string.h> 29 #include <signal.h> 30 #include <errno.h> 31 #include <err.h> 32 #include <pwd.h> 33 #include <event.h> 34 35 #include <openssl/bio.h> 36 #include <openssl/err.h> 37 #include <openssl/engine.h> 38 #include <openssl/ssl.h> 39 #include <openssl/x509.h> 40 #include <openssl/x509v3.h> 41 #include <openssl/pem.h> 42 #include <openssl/evp.h> 43 #include <openssl/sha.h> 44 #include <openssl/rsa.h> 45 46 #include "iked.h" 47 #include "ikev2.h" 48 49 void ca_run(struct privsep *, struct privsep_proc *, void *); 50 void ca_reset(struct privsep *, struct privsep_proc *, void *); 51 int ca_reload(struct iked *); 52 53 int ca_getreq(struct iked *, struct imsg *); 54 int ca_getcert(struct iked *, struct imsg *); 55 int ca_getauth(struct iked *, struct imsg *); 56 X509 *ca_by_subjectpubkey(X509_STORE *, uint8_t *, size_t); 57 X509 *ca_by_issuer(X509_STORE *, X509_NAME *, struct iked_static_id *); 58 int ca_subjectpubkey_digest(X509 *, uint8_t *, unsigned int *); 59 int ca_x509_subject_cmp(X509 *, struct iked_static_id *); 60 int ca_validate_pubkey(struct iked *, struct iked_static_id *, 61 void *, size_t); 62 int ca_validate_cert(struct iked *, struct iked_static_id *, 63 void *, size_t); 64 struct ibuf * 65 ca_x509_serialize(X509 *); 66 int ca_x509_subjectaltname_cmp(X509 *, struct iked_static_id *); 67 int ca_x509_subjectaltname(X509 *cert, struct iked_id *); 68 int ca_privkey_serialize(EVP_PKEY *, struct iked_id *); 69 int ca_pubkey_serialize(EVP_PKEY *, struct iked_id *); 70 int ca_dispatch_parent(int, struct privsep_proc *, struct imsg *); 71 int ca_dispatch_ikev2(int, struct privsep_proc *, struct imsg *); 72 73 static struct privsep_proc procs[] = { 74 { "parent", PROC_PARENT, ca_dispatch_parent }, 75 { "ikev2", PROC_IKEV2, ca_dispatch_ikev2 } 76 }; 77 78 struct ca_store { 79 X509_STORE *ca_cas; 80 X509_LOOKUP *ca_calookup; 81 82 X509_STORE *ca_certs; 83 X509_LOOKUP *ca_certlookup; 84 85 struct iked_id ca_privkey; 86 struct iked_id ca_pubkey; 87 }; 88 89 pid_t 90 caproc(struct privsep *ps, struct privsep_proc *p) 91 { 92 struct ca_store *store; 93 FILE *fp = NULL; 94 EVP_PKEY *key; 95 96 /* 97 * This function runs code before privsep 98 */ 99 if ((store = calloc(1, sizeof(*store))) == NULL) 100 fatal("ca: failed to allocate cert store"); 101 102 /* Read private key */ 103 if ((fp = fopen(IKED_PRIVKEY, "r")) == NULL) 104 fatal("ca: failed to open private key"); 105 106 if ((key = PEM_read_PrivateKey(fp, NULL, NULL, NULL)) == NULL) 107 fatalx("ca: failed to read private key"); 108 fclose(fp); 109 110 if (ca_privkey_serialize(key, &store->ca_privkey) != 0) 111 fatalx("ca: failed to serialize private key"); 112 if (ca_pubkey_serialize(key, &store->ca_pubkey) != 0) 113 fatalx("ca: failed to serialize public key"); 114 115 EVP_PKEY_free(key); 116 117 return (proc_run(ps, p, procs, nitems(procs), ca_reset, store)); 118 } 119 120 void 121 ca_run(struct privsep *ps, struct privsep_proc *p, void *arg) 122 { 123 /* 124 * pledge in the ca process: 125 * stdio - for malloc and basic I/O including events. 126 * rpath - for certificate files. 127 * recvfd - for ocsp sockets. 128 */ 129 if (pledge("stdio rpath recvfd", NULL) == -1) 130 fatal("pledge"); 131 132 ca_reset(ps, p, arg); 133 } 134 135 void 136 ca_reset(struct privsep *ps, struct privsep_proc *p, void *arg) 137 { 138 struct iked *env = ps->ps_env; 139 struct ca_store *store = arg; 140 141 if (store->ca_cas != NULL) 142 X509_STORE_free(store->ca_cas); 143 if (store->ca_certs != NULL) 144 X509_STORE_free(store->ca_certs); 145 146 if ((store->ca_cas = X509_STORE_new()) == NULL) 147 fatalx("ca_reset: failed to get ca store"); 148 if ((store->ca_calookup = X509_STORE_add_lookup(store->ca_cas, 149 X509_LOOKUP_file())) == NULL) 150 fatalx("ca_reset: failed to add ca lookup"); 151 152 if ((store->ca_certs = X509_STORE_new()) == NULL) 153 fatalx("ca_reset: failed to get cert store"); 154 if ((store->ca_certlookup = X509_STORE_add_lookup(store->ca_certs, 155 X509_LOOKUP_file())) == NULL) 156 fatalx("ca_reset: failed to add cert lookup"); 157 158 env->sc_priv = store; 159 160 if (ca_reload(env) != 0) 161 fatal("ca_reset: reload"); 162 } 163 164 int 165 ca_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) 166 { 167 struct iked *env = p->p_env; 168 struct ca_store *store = env->sc_priv; 169 unsigned int mode; 170 171 switch (imsg->hdr.type) { 172 case IMSG_CTL_RESET: 173 IMSG_SIZE_CHECK(imsg, &mode); 174 memcpy(&mode, imsg->data, sizeof(mode)); 175 if (mode == RESET_ALL || mode == RESET_CA) { 176 log_debug("%s: config reload", __func__); 177 ca_reset(&env->sc_ps, p, store); 178 } 179 break; 180 case IMSG_OCSP_FD: 181 ocsp_receive_fd(env, imsg); 182 break; 183 case IMSG_OCSP_URL: 184 config_getocsp(env, imsg); 185 break; 186 default: 187 return (-1); 188 } 189 190 return (0); 191 } 192 193 int 194 ca_dispatch_ikev2(int fd, struct privsep_proc *p, struct imsg *imsg) 195 { 196 struct iked *env = p->p_env; 197 198 switch (imsg->hdr.type) { 199 case IMSG_CERTREQ: 200 ca_getreq(env, imsg); 201 break; 202 case IMSG_CERT: 203 ca_getcert(env, imsg); 204 break; 205 case IMSG_AUTH: 206 ca_getauth(env, imsg); 207 break; 208 default: 209 return (-1); 210 } 211 212 return (0); 213 } 214 215 int 216 ca_setcert(struct iked *env, struct iked_sahdr *sh, struct iked_id *id, 217 uint8_t type, uint8_t *data, size_t len, enum privsep_procid procid) 218 { 219 struct iovec iov[4]; 220 int iovcnt = 0; 221 struct iked_static_id idb; 222 223 /* Must send the cert and a valid Id to the ca process */ 224 if (procid == PROC_CERT) { 225 if (id == NULL || id->id_type == IKEV2_ID_NONE || 226 ibuf_length(id->id_buf) > IKED_ID_SIZE) 227 return (-1); 228 bzero(&idb, sizeof(idb)); 229 230 /* Convert to a static Id */ 231 idb.id_type = id->id_type; 232 idb.id_offset = id->id_offset; 233 idb.id_length = ibuf_length(id->id_buf); 234 memcpy(&idb.id_data, ibuf_data(id->id_buf), 235 ibuf_length(id->id_buf)); 236 237 iov[iovcnt].iov_base = &idb; 238 iov[iovcnt].iov_len = sizeof(idb); 239 iovcnt++; 240 } 241 242 iov[iovcnt].iov_base = sh; 243 iov[iovcnt].iov_len = sizeof(*sh); 244 iovcnt++; 245 iov[iovcnt].iov_base = &type; 246 iov[iovcnt].iov_len = sizeof(type); 247 iovcnt++; 248 iov[iovcnt].iov_base = data; 249 iov[iovcnt].iov_len = len; 250 iovcnt++; 251 252 if (proc_composev(&env->sc_ps, procid, IMSG_CERT, iov, iovcnt) == -1) 253 return (-1); 254 return (0); 255 } 256 257 int 258 ca_setreq(struct iked *env, struct iked_sa *sa, 259 struct iked_static_id *localid, uint8_t type, uint8_t *data, 260 size_t len, enum privsep_procid procid) 261 { 262 struct iovec iov[4]; 263 int iovcnt = 0; 264 struct iked_static_id idb; 265 struct iked_id id; 266 int ret = -1; 267 268 /* Convert to a static Id */ 269 bzero(&id, sizeof(id)); 270 if (ikev2_policy2id(localid, &id, 1) != 0) 271 return (-1); 272 273 bzero(&idb, sizeof(idb)); 274 idb.id_type = id.id_type; 275 idb.id_offset = id.id_offset; 276 idb.id_length = ibuf_length(id.id_buf); 277 memcpy(&idb.id_data, ibuf_data(id.id_buf), 278 ibuf_length(id.id_buf)); 279 iov[iovcnt].iov_base = &idb; 280 iov[iovcnt].iov_len = sizeof(idb); 281 iovcnt++; 282 283 iov[iovcnt].iov_base = &sa->sa_hdr; 284 iov[iovcnt].iov_len = sizeof(sa->sa_hdr); 285 iovcnt++; 286 iov[iovcnt].iov_base = &type; 287 iov[iovcnt].iov_len = sizeof(type); 288 iovcnt++; 289 iov[iovcnt].iov_base = data; 290 iov[iovcnt].iov_len = len; 291 iovcnt++; 292 293 if (proc_composev(&env->sc_ps, procid, IMSG_CERTREQ, iov, iovcnt) == -1) 294 goto done; 295 296 sa_stateflags(sa, IKED_REQ_CERTREQ); 297 298 ret = 0; 299 done: 300 ibuf_release(id.id_buf); 301 return (ret); 302 } 303 304 int 305 ca_setauth(struct iked *env, struct iked_sa *sa, 306 struct ibuf *authmsg, enum privsep_procid id) 307 { 308 struct iovec iov[3]; 309 int iovcnt = 3; 310 struct iked_policy *policy = sa->sa_policy; 311 uint8_t type = policy->pol_auth.auth_method; 312 313 /* switch encoding to IKEV2_AUTH_SIG if SHA2 is supported */ 314 if (sa->sa_sigsha2 && type == IKEV2_AUTH_RSA_SIG) { 315 log_debug("%s: switching from RSA_SIG to SIG", __func__); 316 type = IKEV2_AUTH_SIG; 317 } 318 319 if (type == IKEV2_AUTH_SHARED_KEY_MIC) { 320 sa->sa_stateflags |= IKED_REQ_AUTH; 321 return (ikev2_msg_authsign(env, sa, 322 &policy->pol_auth, authmsg)); 323 } 324 325 iov[0].iov_base = &sa->sa_hdr; 326 iov[0].iov_len = sizeof(sa->sa_hdr); 327 iov[1].iov_base = &type; 328 iov[1].iov_len = sizeof(type); 329 if (type == IKEV2_AUTH_NONE) 330 iovcnt--; 331 else { 332 iov[2].iov_base = ibuf_data(authmsg); 333 iov[2].iov_len = ibuf_size(authmsg); 334 log_debug("%s: auth length %zu", __func__, ibuf_size(authmsg)); 335 } 336 337 if (proc_composev(&env->sc_ps, id, IMSG_AUTH, iov, iovcnt) == -1) 338 return (-1); 339 return (0); 340 } 341 342 int 343 ca_getcert(struct iked *env, struct imsg *imsg) 344 { 345 struct iked_sahdr sh; 346 uint8_t type; 347 uint8_t *ptr; 348 size_t len; 349 struct iked_static_id id; 350 unsigned int i; 351 struct iovec iov[2]; 352 int iovcnt = 2, cmd, ret = 0; 353 354 ptr = (uint8_t *)imsg->data; 355 len = IMSG_DATA_SIZE(imsg); 356 i = sizeof(id) + sizeof(sh) + sizeof(type); 357 if (len <= i) 358 return (-1); 359 360 memcpy(&id, ptr, sizeof(id)); 361 if (id.id_type == IKEV2_ID_NONE) 362 return (-1); 363 memcpy(&sh, ptr + sizeof(id), sizeof(sh)); 364 memcpy(&type, ptr + sizeof(id) + sizeof(sh), sizeof(uint8_t)); 365 366 ptr += i; 367 len -= i; 368 369 switch (type) { 370 case IKEV2_CERT_X509_CERT: 371 ret = ca_validate_cert(env, &id, ptr, len); 372 if (ret == 0 && env->sc_ocsp_url) { 373 ret = ocsp_validate_cert(env, &id, ptr, len, sh, type); 374 if (ret == 0) 375 return (0); 376 } 377 break; 378 case IKEV2_CERT_RSA_KEY: 379 ret = ca_validate_pubkey(env, &id, ptr, len); 380 break; 381 default: 382 log_debug("%s: unsupported cert type %d", __func__, type); 383 ret = -1; 384 break; 385 } 386 387 if (ret == 0) 388 cmd = IMSG_CERTVALID; 389 else 390 cmd = IMSG_CERTINVALID; 391 392 iov[0].iov_base = &sh; 393 iov[0].iov_len = sizeof(sh); 394 iov[1].iov_base = &type; 395 iov[1].iov_len = sizeof(type); 396 397 if (proc_composev(&env->sc_ps, PROC_IKEV2, cmd, iov, iovcnt) == -1) 398 return (-1); 399 return (0); 400 } 401 402 int 403 ca_getreq(struct iked *env, struct imsg *imsg) 404 { 405 struct ca_store *store = env->sc_priv; 406 struct iked_sahdr sh; 407 uint8_t type; 408 uint8_t *ptr; 409 size_t len; 410 unsigned int i, n; 411 X509 *ca = NULL, *cert = NULL; 412 struct ibuf *buf; 413 struct iked_static_id id; 414 415 ptr = (uint8_t *)imsg->data; 416 len = IMSG_DATA_SIZE(imsg); 417 i = sizeof(id) + sizeof(uint8_t) + sizeof(sh); 418 if (len < i || ((len - i) % SHA_DIGEST_LENGTH) != 0) 419 return (-1); 420 421 memcpy(&id, ptr, sizeof(id)); 422 if (id.id_type == IKEV2_ID_NONE) 423 return (-1); 424 memcpy(&sh, ptr + sizeof(id), sizeof(sh)); 425 memcpy(&type, ptr + sizeof(id) + sizeof(sh), sizeof(uint8_t)); 426 427 switch (type) { 428 case IKEV2_CERT_RSA_KEY: 429 if (store->ca_pubkey.id_type != type || 430 (buf = store->ca_pubkey.id_buf) == NULL) 431 return (-1); 432 433 log_debug("%s: using local public key of type %s", __func__, 434 print_map(type, ikev2_cert_map)); 435 break; 436 case IKEV2_CERT_X509_CERT: 437 for (n = 1; i < len; n++, i += SHA_DIGEST_LENGTH) { 438 if ((ca = ca_by_subjectpubkey(store->ca_cas, ptr + i, 439 SHA_DIGEST_LENGTH)) == NULL) 440 continue; 441 442 log_debug("%s: found CA %s", __func__, ca->name); 443 444 if ((cert = ca_by_issuer(store->ca_certs, 445 X509_get_subject_name(ca), &id)) != NULL) { 446 /* XXX 447 * should we re-validate our own cert here? 448 */ 449 break; 450 } 451 } 452 if (ca == NULL || cert == NULL) { 453 log_warnx("%s: no valid local certificate found", 454 __func__); 455 type = IKEV2_CERT_NONE; 456 ca_setcert(env, &sh, NULL, type, NULL, 0, PROC_IKEV2); 457 return (0); 458 } 459 log_debug("%s: found local certificate %s", __func__, 460 cert->name); 461 462 if ((buf = ca_x509_serialize(cert)) == NULL) 463 return (-1); 464 break; 465 default: 466 log_warnx("%s: unknown cert type requested", __func__); 467 return (-1); 468 } 469 470 ca_setcert(env, &sh, NULL, type, 471 ibuf_data(buf), ibuf_size(buf), PROC_IKEV2); 472 473 return (0); 474 } 475 476 int 477 ca_getauth(struct iked *env, struct imsg *imsg) 478 { 479 struct ca_store *store = env->sc_priv; 480 struct iked_sahdr sh; 481 uint8_t method; 482 uint8_t *ptr; 483 size_t len; 484 unsigned int i; 485 int ret = -1; 486 struct iked_sa sa; 487 struct iked_policy policy; 488 struct iked_id *id; 489 struct ibuf *authmsg; 490 491 ptr = (uint8_t *)imsg->data; 492 len = IMSG_DATA_SIZE(imsg); 493 i = sizeof(method) + sizeof(sh); 494 if (len <= i) 495 return (-1); 496 497 memcpy(&sh, ptr, sizeof(sh)); 498 memcpy(&method, ptr + sizeof(sh), sizeof(uint8_t)); 499 if (method == IKEV2_AUTH_SHARED_KEY_MIC) 500 return (-1); 501 502 ptr += i; 503 len -= i; 504 505 if ((authmsg = ibuf_new(ptr, len)) == NULL) 506 return (-1); 507 508 /* 509 * Create fake SA and policy 510 */ 511 bzero(&sa, sizeof(sa)); 512 bzero(&policy, sizeof(policy)); 513 memcpy(&sa.sa_hdr, &sh, sizeof(sh)); 514 sa.sa_policy = &policy; 515 policy.pol_auth.auth_method = method; 516 if (sh.sh_initiator) 517 id = &sa.sa_icert; 518 else 519 id = &sa.sa_rcert; 520 memcpy(id, &store->ca_privkey, sizeof(*id)); 521 522 if (ikev2_msg_authsign(env, &sa, &policy.pol_auth, authmsg) != 0) { 523 log_debug("%s: AUTH sign failed", __func__); 524 policy.pol_auth.auth_method = IKEV2_AUTH_NONE; 525 } 526 527 ret = ca_setauth(env, &sa, sa.sa_localauth.id_buf, PROC_IKEV2); 528 529 ibuf_release(sa.sa_localauth.id_buf); 530 ibuf_release(authmsg); 531 532 return (ret); 533 } 534 535 int 536 ca_reload(struct iked *env) 537 { 538 struct ca_store *store = env->sc_priv; 539 uint8_t md[EVP_MAX_MD_SIZE]; 540 char file[PATH_MAX]; 541 struct iovec iov[2]; 542 struct dirent *entry; 543 STACK_OF(X509_OBJECT) *h; 544 X509_OBJECT *xo; 545 X509 *x509; 546 DIR *dir; 547 int i, len, iovcnt = 0; 548 549 /* 550 * Load CAs 551 */ 552 if ((dir = opendir(IKED_CA_DIR)) == NULL) 553 return (-1); 554 555 while ((entry = readdir(dir)) != NULL) { 556 if ((entry->d_type != DT_REG) && 557 (entry->d_type != DT_LNK)) 558 continue; 559 560 if (snprintf(file, sizeof(file), "%s%s", 561 IKED_CA_DIR, entry->d_name) == -1) 562 continue; 563 564 if (!X509_load_cert_file(store->ca_calookup, file, 565 X509_FILETYPE_PEM)) { 566 log_warn("%s: failed to load ca file %s", __func__, 567 entry->d_name); 568 ca_sslerror(__func__); 569 continue; 570 } 571 log_debug("%s: loaded ca file %s", __func__, entry->d_name); 572 } 573 closedir(dir); 574 575 /* 576 * Load CRLs for the CAs 577 */ 578 if ((dir = opendir(IKED_CRL_DIR)) == NULL) 579 return (-1); 580 581 while ((entry = readdir(dir)) != NULL) { 582 if ((entry->d_type != DT_REG) && 583 (entry->d_type != DT_LNK)) 584 continue; 585 586 if (snprintf(file, sizeof(file), "%s%s", 587 IKED_CRL_DIR, entry->d_name) == -1) 588 continue; 589 590 if (!X509_load_crl_file(store->ca_calookup, file, 591 X509_FILETYPE_PEM)) { 592 log_warn("%s: failed to load crl file %s", __func__, 593 entry->d_name); 594 ca_sslerror(__func__); 595 continue; 596 } 597 598 /* Only enable CRL checks if we actually loaded a CRL */ 599 X509_STORE_set_flags(store->ca_cas, X509_V_FLAG_CRL_CHECK); 600 601 log_debug("%s: loaded crl file %s", __func__, entry->d_name); 602 } 603 closedir(dir); 604 605 /* 606 * Save CAs signatures for the IKEv2 CERTREQ 607 */ 608 ibuf_release(env->sc_certreq); 609 if ((env->sc_certreq = ibuf_new(NULL, 0)) == NULL) 610 return (-1); 611 612 h = store->ca_cas->objs; 613 for (i = 0; i < sk_X509_OBJECT_num(h); i++) { 614 xo = sk_X509_OBJECT_value(h, i); 615 if (xo->type != X509_LU_X509) 616 continue; 617 618 x509 = xo->data.x509; 619 len = sizeof(md); 620 ca_subjectpubkey_digest(x509, md, &len); 621 log_debug("%s: %s", __func__, x509->name); 622 623 if (ibuf_add(env->sc_certreq, md, len) != 0) { 624 ibuf_release(env->sc_certreq); 625 return (-1); 626 } 627 } 628 629 if (ibuf_length(env->sc_certreq)) { 630 env->sc_certreqtype = IKEV2_CERT_X509_CERT; 631 iov[0].iov_base = &env->sc_certreqtype; 632 iov[0].iov_len = sizeof(env->sc_certreqtype); 633 iovcnt++; 634 iov[1].iov_base = ibuf_data(env->sc_certreq); 635 iov[1].iov_len = ibuf_length(env->sc_certreq); 636 iovcnt++; 637 638 log_debug("%s: loaded %zu ca certificate%s", __func__, 639 ibuf_length(env->sc_certreq) / SHA_DIGEST_LENGTH, 640 ibuf_length(env->sc_certreq) == SHA_DIGEST_LENGTH ? 641 "" : "s"); 642 643 (void)proc_composev(&env->sc_ps, PROC_IKEV2, IMSG_CERTREQ, 644 iov, iovcnt); 645 } 646 647 /* 648 * Load certificates 649 */ 650 if ((dir = opendir(IKED_CERT_DIR)) == NULL) 651 return (-1); 652 653 while ((entry = readdir(dir)) != NULL) { 654 if ((entry->d_type != DT_REG) && 655 (entry->d_type != DT_LNK)) 656 continue; 657 658 if (snprintf(file, sizeof(file), "%s%s", 659 IKED_CERT_DIR, entry->d_name) == -1) 660 continue; 661 662 if (!X509_load_cert_file(store->ca_certlookup, file, 663 X509_FILETYPE_PEM)) { 664 log_warn("%s: failed to load cert file %s", __func__, 665 entry->d_name); 666 ca_sslerror(__func__); 667 continue; 668 } 669 log_debug("%s: loaded cert file %s", __func__, entry->d_name); 670 } 671 closedir(dir); 672 673 h = store->ca_certs->objs; 674 for (i = 0; i < sk_X509_OBJECT_num(h); i++) { 675 xo = sk_X509_OBJECT_value(h, i); 676 if (xo->type != X509_LU_X509) 677 continue; 678 679 x509 = xo->data.x509; 680 681 (void)ca_validate_cert(env, NULL, x509, 0); 682 } 683 684 if (!env->sc_certreqtype) 685 env->sc_certreqtype = store->ca_pubkey.id_type; 686 687 log_debug("%s: local cert type %s", __func__, 688 print_map(env->sc_certreqtype, ikev2_cert_map)); 689 690 iov[0].iov_base = &env->sc_certreqtype; 691 iov[0].iov_len = sizeof(env->sc_certreqtype); 692 if (iovcnt == 0) 693 iovcnt++; 694 (void)proc_composev(&env->sc_ps, PROC_IKEV2, IMSG_CERTREQ, iov, iovcnt); 695 696 return (0); 697 } 698 699 X509 * 700 ca_by_subjectpubkey(X509_STORE *ctx, uint8_t *sig, size_t siglen) 701 { 702 STACK_OF(X509_OBJECT) *h; 703 X509_OBJECT *xo; 704 X509 *ca; 705 int i; 706 unsigned int len; 707 uint8_t md[EVP_MAX_MD_SIZE]; 708 709 h = ctx->objs; 710 711 for (i = 0; i < sk_X509_OBJECT_num(h); i++) { 712 xo = sk_X509_OBJECT_value(h, i); 713 if (xo->type != X509_LU_X509) 714 continue; 715 716 ca = xo->data.x509; 717 len = sizeof(md); 718 ca_subjectpubkey_digest(ca, md, &len); 719 720 if (len == siglen && memcmp(md, sig, len) == 0) 721 return (ca); 722 } 723 724 return (NULL); 725 } 726 727 X509 * 728 ca_by_issuer(X509_STORE *ctx, X509_NAME *subject, struct iked_static_id *id) 729 { 730 STACK_OF(X509_OBJECT) *h; 731 X509_OBJECT *xo; 732 X509 *cert; 733 int i; 734 X509_NAME *issuer; 735 736 if (subject == NULL) 737 return (NULL); 738 739 h = ctx->objs; 740 for (i = 0; i < sk_X509_OBJECT_num(h); i++) { 741 xo = sk_X509_OBJECT_value(h, i); 742 if (xo->type != X509_LU_X509) 743 continue; 744 745 cert = xo->data.x509; 746 if ((issuer = X509_get_issuer_name(cert)) == NULL) 747 continue; 748 else if (X509_NAME_cmp(subject, issuer) == 0) { 749 switch (id->id_type) { 750 case IKEV2_ID_ASN1_DN: 751 if (ca_x509_subject_cmp(cert, id) == 0) 752 return (cert); 753 break; 754 default: 755 if (ca_x509_subjectaltname_cmp(cert, id) == 0) 756 return (cert); 757 break; 758 } 759 } 760 } 761 762 return (NULL); 763 } 764 765 int 766 ca_subjectpubkey_digest(X509 *x509, uint8_t *md, unsigned int *size) 767 { 768 uint8_t *buf = NULL; 769 int buflen; 770 771 if (*size < SHA_DIGEST_LENGTH) 772 return (-1); 773 774 /* 775 * Generate a SHA-1 digest of the Subject Public Key Info 776 * element in the X.509 certificate, an ASN.1 sequence 777 * that includes the public key type (eg. RSA) and the 778 * public key value (see 3.7 of RFC4306). 779 */ 780 buflen = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x509), &buf); 781 if (!buflen) 782 return (-1); 783 if (!EVP_Digest(buf, buflen, md, size, EVP_sha1(), NULL)) { 784 free(buf); 785 return (-1); 786 } 787 free(buf); 788 789 return (0); 790 } 791 792 struct ibuf * 793 ca_x509_serialize(X509 *x509) 794 { 795 long len; 796 struct ibuf *buf; 797 uint8_t *d = NULL; 798 BIO *out; 799 800 if ((out = BIO_new(BIO_s_mem())) == NULL) 801 return (NULL); 802 if (!i2d_X509_bio(out, x509)) { 803 BIO_free(out); 804 return (NULL); 805 } 806 807 len = BIO_get_mem_data(out, &d); 808 buf = ibuf_new(d, len); 809 BIO_free(out); 810 811 return (buf); 812 } 813 814 int 815 ca_pubkey_serialize(EVP_PKEY *key, struct iked_id *id) 816 { 817 RSA *rsa = NULL; 818 uint8_t *d; 819 int len = 0; 820 int ret = -1; 821 822 switch (key->type) { 823 case EVP_PKEY_RSA: 824 id->id_type = 0; 825 id->id_offset = 0; 826 ibuf_release(id->id_buf); 827 828 if ((rsa = EVP_PKEY_get1_RSA(key)) == NULL) 829 goto done; 830 if ((len = i2d_RSAPublicKey(rsa, NULL)) <= 0) 831 goto done; 832 if ((id->id_buf = ibuf_new(NULL, len)) == NULL) 833 goto done; 834 835 d = ibuf_data(id->id_buf); 836 if (i2d_RSAPublicKey(rsa, &d) != len) { 837 ibuf_release(id->id_buf); 838 goto done; 839 } 840 841 id->id_type = IKEV2_CERT_RSA_KEY; 842 break; 843 default: 844 log_debug("%s: unsupported key type %d", __func__, key->type); 845 return (-1); 846 } 847 848 log_debug("%s: type %s length %d", __func__, 849 print_map(id->id_type, ikev2_cert_map), len); 850 851 ret = 0; 852 done: 853 if (rsa != NULL) 854 RSA_free(rsa); 855 return (ret); 856 } 857 858 int 859 ca_privkey_serialize(EVP_PKEY *key, struct iked_id *id) 860 { 861 RSA *rsa = NULL; 862 uint8_t *d; 863 int len = 0; 864 int ret = -1; 865 866 switch (key->type) { 867 case EVP_PKEY_RSA: 868 id->id_type = 0; 869 id->id_offset = 0; 870 ibuf_release(id->id_buf); 871 872 if ((rsa = EVP_PKEY_get1_RSA(key)) == NULL) 873 goto done; 874 if ((len = i2d_RSAPrivateKey(rsa, NULL)) <= 0) 875 goto done; 876 if ((id->id_buf = ibuf_new(NULL, len)) == NULL) 877 goto done; 878 879 d = ibuf_data(id->id_buf); 880 if (i2d_RSAPrivateKey(rsa, &d) != len) { 881 ibuf_release(id->id_buf); 882 goto done; 883 } 884 885 id->id_type = IKEV2_CERT_RSA_KEY; 886 break; 887 default: 888 log_debug("%s: unsupported key type %d", __func__, key->type); 889 return (-1); 890 } 891 892 log_debug("%s: type %s length %d", __func__, 893 print_map(id->id_type, ikev2_cert_map), len); 894 895 ret = 0; 896 done: 897 if (rsa != NULL) 898 RSA_free(rsa); 899 return (ret); 900 } 901 902 char * 903 ca_asn1_name(uint8_t *asn1, size_t len) 904 { 905 X509_NAME *name = NULL; 906 char *str = NULL; 907 const uint8_t *p; 908 909 p = asn1; 910 if ((name = d2i_X509_NAME(NULL, &p, len)) == NULL) 911 return (NULL); 912 str = ca_x509_name(name); 913 X509_NAME_free(name); 914 915 return (str); 916 } 917 918 char * 919 ca_x509_name(void *ptr) 920 { 921 char buf[BUFSIZ]; 922 X509_NAME *name = ptr; 923 924 bzero(buf, sizeof(buf)); 925 if (!X509_NAME_oneline(name, buf, sizeof(buf) - 1)) 926 return (NULL); 927 928 return (strdup(buf)); 929 } 930 931 /* 932 * Copy 'src' to 'dst' until 'marker' is found while unescaping '\' 933 * characters. The return value tells the caller where to continue 934 * parsing (might be the end of the string) or NULL on error. 935 */ 936 static char * 937 ca_x509_name_unescape(char *src, char *dst, char marker) 938 { 939 while (*src) { 940 if (*src == marker) { 941 src++; 942 break; 943 } 944 if (*src == '\\') { 945 src++; 946 if (!*src) { 947 log_warnx("%s: '\\' at end of string", 948 __func__); 949 *dst = '\0'; 950 return (NULL); 951 } 952 } 953 *dst++ = *src++; 954 } 955 *dst = '\0'; 956 return (src); 957 } 958 /* 959 * Parse an X509 subject name where 'subject' is in the format 960 * /type0=value0/type1=value1/type2=... 961 * where characters may be escaped by '\'. 962 * See lib/libssl/src/apps/apps.c:parse_name() 963 */ 964 void * 965 ca_x509_name_parse(char *subject) 966 { 967 char *cp, *value = NULL, *type = NULL; 968 size_t maxlen; 969 X509_NAME *name = NULL; 970 971 if (*subject != '/') { 972 log_warnx("%s: leading '/' missing in '%s'", __func__, subject); 973 goto err; 974 } 975 976 /* length of subject is upper bound for unescaped type/value */ 977 maxlen = strlen(subject) + 1; 978 979 if ((type = calloc(1, maxlen)) == NULL || 980 (value = calloc(1, maxlen)) == NULL || 981 (name = X509_NAME_new()) == NULL) 982 goto err; 983 984 cp = subject + 1; 985 while (*cp) { 986 /* unescape type, terminated by '=' */ 987 cp = ca_x509_name_unescape(cp, type, '='); 988 if (cp == NULL) { 989 log_warnx("%s: could not parse type", __func__); 990 goto err; 991 } 992 if (!*cp) { 993 log_warnx("%s: missing value", __func__); 994 goto err; 995 } 996 /* unescape value, terminated by '/' */ 997 cp = ca_x509_name_unescape(cp, value, '/'); 998 if (cp == NULL) { 999 log_warnx("%s: could not parse value", __func__); 1000 goto err; 1001 } 1002 if (!*type || !*value) { 1003 log_warnx("%s: empty type or value", __func__); 1004 goto err; 1005 } 1006 log_debug("%s: setting '%s' to '%s'", __func__, type, value); 1007 if (!X509_NAME_add_entry_by_txt(name, type, MBSTRING_ASC, 1008 value, -1, -1, 0)) { 1009 log_warnx("%s: setting '%s' to '%s' failed", __func__, 1010 type, value); 1011 ca_sslerror(__func__); 1012 goto err; 1013 } 1014 } 1015 free(type); 1016 free(value); 1017 return (name); 1018 1019 err: 1020 X509_NAME_free(name); 1021 free(type); 1022 free(value); 1023 return (NULL); 1024 } 1025 1026 int 1027 ca_validate_pubkey(struct iked *env, struct iked_static_id *id, 1028 void *data, size_t len) 1029 { 1030 BIO *rawcert = NULL; 1031 RSA *peerrsa = NULL, *localrsa = NULL; 1032 EVP_PKEY *peerkey = NULL, *localkey = NULL; 1033 int ret = -1; 1034 FILE *fp = NULL; 1035 char idstr[IKED_ID_SIZE]; 1036 char file[PATH_MAX]; 1037 struct iked_id idp; 1038 1039 if (len == 0 && data == NULL) 1040 return (-1); 1041 1042 switch (id->id_type) { 1043 case IKEV2_ID_IPV4: 1044 case IKEV2_ID_FQDN: 1045 case IKEV2_ID_UFQDN: 1046 case IKEV2_ID_IPV6: 1047 break; 1048 default: 1049 /* Some types like ASN1_DN will not be mapped to file names */ 1050 return (-1); 1051 } 1052 1053 bzero(&idp, sizeof(idp)); 1054 if ((idp.id_buf = ibuf_new(id->id_data, id->id_length)) == NULL) 1055 goto done; 1056 1057 idp.id_type = id->id_type; 1058 idp.id_offset = id->id_offset; 1059 if (ikev2_print_id(&idp, idstr, sizeof(idstr)) == -1) 1060 goto done; 1061 1062 if (len == 0) { 1063 /* Data is already an public key */ 1064 peerkey = (EVP_PKEY *)data; 1065 } else { 1066 if ((rawcert = BIO_new_mem_buf(data, len)) == NULL) 1067 goto done; 1068 1069 if ((peerrsa = d2i_RSAPublicKey_bio(rawcert, NULL)) == NULL) 1070 goto sslerr; 1071 if ((peerkey = EVP_PKEY_new()) == NULL) 1072 goto sslerr; 1073 if (!EVP_PKEY_set1_RSA(peerkey, peerrsa)) 1074 goto sslerr; 1075 } 1076 1077 lc_string(idstr); 1078 if (strlcpy(file, IKED_PUBKEY_DIR, sizeof(file)) >= sizeof(file) || 1079 strlcat(file, idstr, sizeof(file)) >= sizeof(file)) 1080 goto done; 1081 1082 if ((fp = fopen(file, "r")) == NULL) 1083 goto done; 1084 localkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL); 1085 if (localkey == NULL) { 1086 /* reading PKCS #8 failed, try PEM */ 1087 rewind(fp); 1088 localrsa = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL); 1089 fclose(fp); 1090 if (localrsa == NULL) 1091 goto sslerr; 1092 if ((localkey = EVP_PKEY_new()) == NULL) 1093 goto sslerr; 1094 if (!EVP_PKEY_set1_RSA(localkey, localrsa)) 1095 goto sslerr; 1096 } else { 1097 fclose(fp); 1098 } 1099 if (localkey == NULL) 1100 goto sslerr; 1101 1102 if (!EVP_PKEY_cmp(peerkey, localkey)) 1103 goto done; 1104 1105 log_debug("%s: valid public key in file %s", __func__, file); 1106 1107 ret = 0; 1108 sslerr: 1109 if (ret != 0) 1110 ca_sslerror(__func__); 1111 done: 1112 ibuf_release(idp.id_buf); 1113 if (peerkey != NULL) 1114 EVP_PKEY_free(peerkey); 1115 if (localkey != NULL) 1116 EVP_PKEY_free(localkey); 1117 if (peerrsa != NULL) 1118 RSA_free(peerrsa); 1119 if (localrsa != NULL) 1120 RSA_free(localrsa); 1121 if (rawcert != NULL) 1122 BIO_free(rawcert); 1123 1124 return (ret); 1125 } 1126 1127 int 1128 ca_validate_cert(struct iked *env, struct iked_static_id *id, 1129 void *data, size_t len) 1130 { 1131 struct ca_store *store = env->sc_priv; 1132 X509_STORE_CTX csc; 1133 BIO *rawcert = NULL; 1134 X509 *cert = NULL; 1135 int ret = -1, result, error; 1136 X509_NAME *subject; 1137 const char *errstr = "failed"; 1138 1139 if (len == 0) { 1140 /* Data is already an X509 certificate */ 1141 cert = (X509 *)data; 1142 } else { 1143 /* Convert data to X509 certificate */ 1144 if ((rawcert = BIO_new_mem_buf(data, len)) == NULL) 1145 goto done; 1146 if ((cert = d2i_X509_bio(rawcert, NULL)) == NULL) 1147 goto done; 1148 } 1149 1150 /* Certificate needs a valid subjectName */ 1151 if ((subject = X509_get_subject_name(cert)) == NULL) { 1152 errstr = "invalid subject"; 1153 goto done; 1154 } 1155 1156 if (id != NULL) { 1157 if ((ret = ca_validate_pubkey(env, id, X509_get_pubkey(cert), 1158 0)) == 0) { 1159 errstr = "in public key file, ok"; 1160 goto done; 1161 } 1162 1163 switch (id->id_type) { 1164 case IKEV2_ID_ASN1_DN: 1165 if (ca_x509_subject_cmp(cert, id) < 0) { 1166 errstr = "ASN1_DN identifier mismatch"; 1167 goto done; 1168 } 1169 break; 1170 default: 1171 if (ca_x509_subjectaltname_cmp(cert, id) != 0) { 1172 errstr = "invalid subjectAltName extension"; 1173 goto done; 1174 } 1175 break; 1176 } 1177 } 1178 1179 bzero(&csc, sizeof(csc)); 1180 X509_STORE_CTX_init(&csc, store->ca_cas, cert, NULL); 1181 if (store->ca_cas->param->flags & X509_V_FLAG_CRL_CHECK) { 1182 X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK); 1183 X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK_ALL); 1184 } 1185 1186 result = X509_verify_cert(&csc); 1187 error = csc.error; 1188 X509_STORE_CTX_cleanup(&csc); 1189 if (error != 0) { 1190 errstr = X509_verify_cert_error_string(error); 1191 goto done; 1192 } 1193 1194 if (!result) { 1195 /* XXX should we accept self-signed certificates? */ 1196 errstr = "rejecting self-signed certificate"; 1197 goto done; 1198 } 1199 1200 /* Success */ 1201 ret = 0; 1202 errstr = "ok"; 1203 1204 done: 1205 if (cert != NULL) 1206 log_debug("%s: %s %.100s", __func__, cert->name, errstr); 1207 1208 if (rawcert != NULL) { 1209 BIO_free(rawcert); 1210 if (cert != NULL) 1211 X509_free(cert); 1212 } 1213 1214 return (ret); 1215 } 1216 1217 /* check if subject from cert matches the id */ 1218 int 1219 ca_x509_subject_cmp(X509 *cert, struct iked_static_id *id) 1220 { 1221 X509_NAME *subject, *idname = NULL; 1222 const uint8_t *idptr; 1223 size_t idlen; 1224 int ret = -1; 1225 1226 if (id->id_type != IKEV2_ID_ASN1_DN) 1227 return (-1); 1228 if ((subject = X509_get_subject_name(cert)) == NULL) 1229 return (-1); 1230 if (id->id_length <= id->id_offset) 1231 return (-1); 1232 idlen = id->id_length - id->id_offset; 1233 idptr = id->id_data + id->id_offset; 1234 if ((idname = d2i_X509_NAME(NULL, &idptr, idlen)) == NULL) 1235 return (-1); 1236 if (X509_NAME_cmp(subject, idname) == 0) 1237 ret = 0; 1238 X509_NAME_free(idname); 1239 return (ret); 1240 } 1241 1242 int 1243 ca_x509_subjectaltname_cmp(X509 *cert, struct iked_static_id *id) 1244 { 1245 struct iked_id sanid; 1246 char idstr[IKED_ID_SIZE]; 1247 int ret = -1; 1248 1249 bzero(&sanid, sizeof(sanid)); 1250 1251 if (ca_x509_subjectaltname(cert, &sanid) != 0) 1252 return (-1); 1253 1254 ikev2_print_id(&sanid, idstr, sizeof(idstr)); 1255 1256 /* Compare id types, length and data */ 1257 if ((id->id_type != sanid.id_type) || 1258 ((ssize_t)ibuf_size(sanid.id_buf) != 1259 (id->id_length - id->id_offset)) || 1260 (memcmp(id->id_data + id->id_offset, 1261 ibuf_data(sanid.id_buf), 1262 ibuf_size(sanid.id_buf)) != 0)) { 1263 log_debug("%s: %s mismatched", __func__, idstr); 1264 goto done; 1265 } 1266 1267 ret = 0; 1268 done: 1269 ibuf_release(sanid.id_buf); 1270 return (ret); 1271 } 1272 1273 int 1274 ca_x509_subjectaltname(X509 *cert, struct iked_id *id) 1275 { 1276 X509_EXTENSION *san; 1277 uint8_t sanhdr[4], *data; 1278 int ext, santype, sanlen; 1279 char idstr[IKED_ID_SIZE]; 1280 1281 if ((ext = X509_get_ext_by_NID(cert, 1282 NID_subject_alt_name, -1)) == -1 || 1283 ((san = X509_get_ext(cert, ext)) == NULL)) { 1284 log_debug("%s: did not find subjectAltName in certificate", 1285 __func__); 1286 return (-1); 1287 } 1288 1289 if (san->value == NULL || san->value->data == NULL || 1290 san->value->length < (int)sizeof(sanhdr)) { 1291 log_debug("%s: invalid subjectAltName in certificate", 1292 __func__); 1293 return (-1); 1294 } 1295 1296 /* This is partially based on isakmpd's x509 subjectaltname code */ 1297 data = (uint8_t *)san->value->data; 1298 memcpy(&sanhdr, data, sizeof(sanhdr)); 1299 santype = sanhdr[2] & 0x3f; 1300 sanlen = sanhdr[3]; 1301 1302 if ((sanlen + (int)sizeof(sanhdr)) > san->value->length) { 1303 log_debug("%s: invalid subjectAltName length", __func__); 1304 return (-1); 1305 } 1306 1307 switch (santype) { 1308 case GEN_DNS: 1309 id->id_type = IKEV2_ID_FQDN; 1310 break; 1311 case GEN_EMAIL: 1312 id->id_type = IKEV2_ID_UFQDN; 1313 break; 1314 case GEN_IPADD: 1315 if (sanlen == 4) 1316 id->id_type = IKEV2_ID_IPV4; 1317 else if (sanlen == 16) 1318 id->id_type = IKEV2_ID_IPV6; 1319 else { 1320 log_debug("%s: invalid subjectAltName IP address", 1321 __func__); 1322 return (-1); 1323 } 1324 break; 1325 default: 1326 log_debug("%s: unsupported subjectAltName type %d", 1327 __func__, santype); 1328 return (-1); 1329 } 1330 1331 ibuf_release(id->id_buf); 1332 if ((id->id_buf = ibuf_new(data + sizeof(sanhdr), sanlen)) == NULL) { 1333 log_debug("%s: failed to get id buffer", __func__); 1334 return (-1); 1335 } 1336 id->id_offset = 0; 1337 1338 ikev2_print_id(id, idstr, sizeof(idstr)); 1339 log_debug("%s: %s", __func__, idstr); 1340 1341 return (0); 1342 } 1343 1344 void 1345 ca_sslinit(void) 1346 { 1347 OpenSSL_add_all_algorithms(); 1348 ERR_load_crypto_strings(); 1349 1350 /* Init hardware crypto engines. */ 1351 ENGINE_load_builtin_engines(); 1352 ENGINE_register_all_complete(); 1353 } 1354 1355 void 1356 ca_sslerror(const char *caller) 1357 { 1358 unsigned long error; 1359 1360 while ((error = ERR_get_error()) != 0) 1361 log_warn("%s: %s: %.100s", __func__, caller, 1362 ERR_error_string(error, NULL)); 1363 } 1364