xref: /openbsd-src/usr.sbin/relayd/ca.c (revision 50b7afb2c2c0993b0894d4e34bf857cb13ed9c80) 
1 /*	$OpenBSD: ca.c,v 1.8 2014/05/04 16:38:19 reyk Exp $	*/
2 
3 /*
4  * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
5  *
6  * Permission to use, copy, modify, and distribute this software for any
7  * purpose with or without fee is hereby granted, provided that the above
8  * copyright notice and this permission notice appear in all copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17  */
18 
19 #include <sys/param.h>
20 #include <sys/queue.h>
21 #include <sys/socket.h>
22 #include <sys/uio.h>
23 
24 #include <net/if.h>
25 #include <netinet/in.h>
26 
27 #include <limits.h>
28 #include <event.h>
29 #include <fcntl.h>
30 #include <unistd.h>
31 #include <string.h>
32 #include <stdlib.h>
33 #include <errno.h>
34 
35 #include <openssl/pem.h>
36 #include <openssl/evp.h>
37 #include <openssl/rsa.h>
38 #include <openssl/engine.h>
39 
40 #include "relayd.h"
41 
42 void	 ca_init(struct privsep *, struct privsep_proc *p, void *);
43 void	 ca_launch(void);
44 
45 int	 ca_dispatch_parent(int, struct privsep_proc *, struct imsg *);
46 int	 ca_dispatch_relay(int, struct privsep_proc *, struct imsg *);
47 
48 int	 rsae_pub_enc(int, const u_char *, u_char *, RSA *, int);
49 int	 rsae_pub_dec(int,const u_char *, u_char *, RSA *, int);
50 int	 rsae_priv_enc(int, const u_char *, u_char *, RSA *, int);
51 int	 rsae_priv_dec(int, const u_char *, u_char *, RSA *, int);
52 int	 rsae_mod_exp(BIGNUM *, const BIGNUM *, RSA *, BN_CTX *);
53 int	 rsae_bn_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *,
54 	    const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
55 int	 rsae_init(RSA *);
56 int	 rsae_finish(RSA *);
57 int	 rsae_sign(int, const u_char *, u_int, u_char *, u_int *,
58 	    const RSA *);
59 int	 rsae_verify(int dtype, const u_char *m, u_int, const u_char *,
60 	    u_int, const RSA *);
61 int	 rsae_keygen(RSA *, int, BIGNUM *, BN_GENCB *);
62 
63 static struct relayd *env = NULL;
64 extern int		 proc_id;
65 
66 static struct privsep_proc procs[] = {
67 	{ "parent",	PROC_PARENT,	ca_dispatch_parent },
68 	{ "relay",	PROC_RELAY,	ca_dispatch_relay },
69 };
70 
71 pid_t
72 ca(struct privsep *ps, struct privsep_proc *p)
73 {
74 	env = ps->ps_env;
75 
76 	return (proc_run(ps, p, procs, nitems(procs), ca_init, NULL));
77 }
78 
79 void
80 ca_init(struct privsep *ps, struct privsep_proc *p, void *arg)
81 {
82 	if (config_init(ps->ps_env) == -1)
83 		fatal("failed to initialize configuration");
84 
85 	proc_id = p->p_instance;
86 	env->sc_id = getpid() & 0xffff;
87 }
88 
89 void
90 ca_launch(void)
91 {
92 	BIO		*in = NULL;
93 	EVP_PKEY	*pkey = NULL;
94 	struct relay	*rlay;
95 
96 	TAILQ_FOREACH(rlay, env->sc_relays, rl_entry) {
97 		if ((rlay->rl_conf.flags & (F_SSL|F_SSLCLIENT)) == 0)
98 			continue;
99 
100 		if (rlay->rl_conf.ssl_key_len) {
101 			if ((in = BIO_new_mem_buf(rlay->rl_ssl_key,
102 			    rlay->rl_conf.ssl_key_len)) == NULL)
103 				fatalx("ca_launch: key");
104 
105 			if ((pkey = PEM_read_bio_PrivateKey(in,
106 			    NULL, NULL, NULL)) == NULL)
107 				fatalx("ca_launch: PEM");
108 			BIO_free(in);
109 
110 			rlay->rl_ssl_pkey = pkey;
111 
112 			if (pkey_add(env, pkey,
113 			    rlay->rl_conf.ssl_keyid) == NULL)
114 				fatalx("ssl pkey");
115 
116 			purge_key(&rlay->rl_ssl_key,
117 			    rlay->rl_conf.ssl_key_len);
118 		}
119 		if (rlay->rl_conf.ssl_cert_len) {
120 			purge_key(&rlay->rl_ssl_cert,
121 			    rlay->rl_conf.ssl_cert_len);
122 		}
123 		if (rlay->rl_conf.ssl_cakey_len) {
124 			if ((in = BIO_new_mem_buf(rlay->rl_ssl_cakey,
125 			    rlay->rl_conf.ssl_cakey_len)) == NULL)
126 				fatalx("ca_launch: key");
127 
128 			if ((pkey = PEM_read_bio_PrivateKey(in,
129 			    NULL, NULL, NULL)) == NULL)
130 				fatalx("ca_launch: PEM");
131 			BIO_free(in);
132 
133 			rlay->rl_ssl_capkey = pkey;
134 
135 			if (pkey_add(env, pkey,
136 			    rlay->rl_conf.ssl_cakeyid) == NULL)
137 				fatalx("ca pkey");
138 
139 			purge_key(&rlay->rl_ssl_cakey,
140 			    rlay->rl_conf.ssl_cakey_len);
141 		}
142 		if (rlay->rl_conf.ssl_cacert_len) {
143 			purge_key(&rlay->rl_ssl_cacert,
144 			    rlay->rl_conf.ssl_cacert_len);
145 		}
146 	}
147 }
148 
149 int
150 ca_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
151 {
152 	switch (imsg->hdr.type) {
153 	case IMSG_CFG_RELAY:
154 		config_getrelay(env, imsg);
155 		break;
156 	case IMSG_CFG_DONE:
157 		config_getcfg(env, imsg);
158 		break;
159 	case IMSG_CTL_START:
160 		ca_launch();
161 		break;
162 	case IMSG_CTL_RESET:
163 		config_getreset(env, imsg);
164 		break;
165 	default:
166 		return (-1);
167 	}
168 
169 	return (0);
170 }
171 
172 int
173 ca_dispatch_relay(int fd, struct privsep_proc *p, struct imsg *imsg)
174 {
175 	struct ctl_keyop	 cko;
176 	EVP_PKEY		*pkey;
177 	RSA			*rsa;
178 	u_char			*from = NULL, *to = NULL;
179 	struct iovec		 iov[2];
180 	int			 c = 0;
181 
182 	switch (imsg->hdr.type) {
183 	case IMSG_CA_PRIVENC:
184 	case IMSG_CA_PRIVDEC:
185 		IMSG_SIZE_CHECK(imsg, (&cko));
186 		bcopy(imsg->data, &cko, sizeof(cko));
187 		if (cko.cko_proc > env->sc_prefork_relay)
188 			fatalx("ca_dispatch_relay: "
189 			    "invalid relay proc");
190 		if (IMSG_DATA_SIZE(imsg) != (sizeof(cko) + cko.cko_flen))
191 			fatalx("ca_dispatch_relay: "
192 			    "invalid key operation");
193 		if ((pkey = pkey_find(env, cko.cko_id)) == NULL ||
194 		    (rsa = EVP_PKEY_get1_RSA(pkey)) == NULL)
195 			fatalx("ca_dispatch_relay: "
196 			    "invalid relay key or id");
197 
198 		DPRINTF("%s:%d: key id %d", __func__, __LINE__, cko.cko_id);
199 
200 		from = (u_char *)imsg->data + sizeof(cko);
201 		if ((to = calloc(1, cko.cko_tlen)) == NULL)
202 			fatalx("ca_dispatch_relay: calloc");
203 
204 		switch (imsg->hdr.type) {
205 		case IMSG_CA_PRIVENC:
206 			cko.cko_tlen = RSA_private_encrypt(cko.cko_flen,
207 			    from, to, rsa, cko.cko_padding);
208 			break;
209 		case IMSG_CA_PRIVDEC:
210 			cko.cko_tlen = RSA_private_decrypt(cko.cko_flen,
211 			    from, to, rsa, cko.cko_padding);
212 			break;
213 		}
214 
215 		iov[c].iov_base = &cko;
216 		iov[c++].iov_len = sizeof(cko);
217 		if (cko.cko_tlen) {
218 			iov[c].iov_base = to;
219 			iov[c++].iov_len = cko.cko_tlen;
220 		}
221 
222 		proc_composev_imsg(env->sc_ps, PROC_RELAY, cko.cko_proc,
223 		    imsg->hdr.type, -1, iov, c);
224 
225 		free(to);
226 		RSA_free(rsa);
227 		break;
228 	default:
229 		return (-1);
230 	}
231 
232 	return (0);
233 }
234 
235 /*
236  * RSA privsep engine (called from unprivileged processes)
237  */
238 
239 const RSA_METHOD *rsa_default = NULL;
240 
241 static RSA_METHOD rsae_method = {
242 	"RSA privsep engine",
243 	rsae_pub_enc,
244 	rsae_pub_dec,
245 	rsae_priv_enc,
246 	rsae_priv_dec,
247 	rsae_mod_exp,
248 	rsae_bn_mod_exp,
249 	rsae_init,
250 	rsae_finish,
251 	0,
252 	NULL,
253 	rsae_sign,
254 	rsae_verify,
255 	rsae_keygen
256 };
257 
258 static int
259 rsae_send_imsg(int flen, const u_char *from, u_char *to, RSA *rsa,
260     int padding, u_int cmd)
261 {
262 	struct ctl_keyop cko;
263 	int		 ret = 0;
264 	objid_t		*id;
265 	struct iovec	 iov[2];
266 	struct imsgbuf	*ibuf;
267 	struct imsgev	*iev;
268 	struct imsg	 imsg;
269 	int		 n, done = 0, cnt = 0;
270 	u_char		*toptr;
271 
272 	if ((id = RSA_get_ex_data(rsa, 0)) == NULL)
273 		return (0);
274 
275 	iev = proc_iev(env->sc_ps, PROC_CA, proc_id);
276 	ibuf = &iev->ibuf;
277 
278 	/*
279 	 * XXX this could be nicer...
280 	 */
281 
282 	cko.cko_id = *id;
283 	cko.cko_proc = proc_id;
284 	cko.cko_flen = flen;
285 	cko.cko_tlen = RSA_size(rsa);
286 	cko.cko_padding = padding;
287 
288 	iov[cnt].iov_base = &cko;
289 	iov[cnt++].iov_len = sizeof(cko);
290 	iov[cnt].iov_base = (void *)from;
291 	iov[cnt++].iov_len = flen;
292 
293 	/*
294 	 * Send a synchronous imsg because we cannot defer the RSA
295 	 * operation in OpenSSL's engine layer.
296 	 */
297 	imsg_composev(ibuf, cmd, 0, 0, -1, iov, cnt);
298 	imsg_flush(ibuf);
299 
300 	while (!done) {
301 		if ((n = imsg_read(ibuf)) == -1)
302 			fatalx("imsg_read");
303 		if (n == 0)
304 			fatalx("pipe closed");
305 
306 		while (!done) {
307 			if ((n = imsg_get(ibuf, &imsg)) == -1)
308 				fatalx("imsg_get error");
309 			if (n == 0)
310 				break;
311 			if (imsg.hdr.type != cmd)
312 				fatalx("invalid response");
313 
314 			IMSG_SIZE_CHECK(&imsg, (&cko));
315 			memcpy(&cko, imsg.data, sizeof(cko));
316 			if (IMSG_DATA_SIZE(&imsg) !=
317 			    (sizeof(cko) + cko.cko_tlen))
318 				fatalx("data size");
319 
320 			ret = cko.cko_tlen;
321 			if (ret) {
322 				toptr = (u_char *)imsg.data + sizeof(cko);
323 				memcpy(to, toptr, ret);
324 			}
325 			done = 1;
326 
327 			imsg_free(&imsg);
328 		}
329 	}
330 	imsg_event_add(iev);
331 
332 	return (ret);
333 }
334 
335 int
336 rsae_pub_enc(int flen,const u_char *from, u_char *to, RSA *rsa,int padding)
337 {
338 	DPRINTF("%s:%d", __func__, __LINE__);
339 	return (rsa_default->rsa_pub_enc(flen, from, to, rsa, padding));
340 }
341 
342 int
343 rsae_pub_dec(int flen,const u_char *from, u_char *to, RSA *rsa,int padding)
344 {
345 	DPRINTF("%s:%d", __func__, __LINE__);
346 	return (rsa_default->rsa_pub_dec(flen, from, to, rsa, padding));
347 }
348 
349 int
350 rsae_priv_enc(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
351 {
352 	DPRINTF("%s:%d", __func__, __LINE__);
353 	return (rsae_send_imsg(flen, from, to, rsa, padding,
354 	    IMSG_CA_PRIVENC));
355 }
356 
357 int
358 rsae_priv_dec(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
359 {
360 	DPRINTF("%s:%d", __func__, __LINE__);
361 	return (rsae_send_imsg(flen, from, to, rsa, padding,
362 	    IMSG_CA_PRIVDEC));
363 }
364 
365 int
366 rsae_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
367 {
368 	DPRINTF("%s:%d", __func__, __LINE__);
369 	return (rsa_default->rsa_mod_exp(r0, I, rsa, ctx));
370 }
371 
372 int
373 rsae_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
374     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
375 {
376 	DPRINTF("%s:%d", __func__, __LINE__);
377 	return (rsa_default->bn_mod_exp(r, a, p, m, ctx, m_ctx));
378 }
379 
380 int
381 rsae_init(RSA *rsa)
382 {
383 	DPRINTF("%s:%d", __func__, __LINE__);
384 	if (rsa_default->init == NULL)
385 		return (1);
386 	return (rsa_default->init(rsa));
387 }
388 
389 int
390 rsae_finish(RSA *rsa)
391 {
392 	DPRINTF("%s:%d", __func__, __LINE__);
393 	if (rsa_default->finish == NULL)
394 		return (1);
395 	return (rsa_default->finish(rsa));
396 }
397 
398 int
399 rsae_sign(int type, const u_char *m, u_int m_length, u_char *sigret,
400     u_int *siglen, const RSA *rsa)
401 {
402 	DPRINTF("%s:%d", __func__, __LINE__);
403 	return (rsa_default->rsa_sign(type, m, m_length,
404 	    sigret, siglen, rsa));
405 }
406 
407 int
408 rsae_verify(int dtype, const u_char *m, u_int m_length, const u_char *sigbuf,
409     u_int siglen, const RSA *rsa)
410 {
411 	DPRINTF("%s:%d", __func__, __LINE__);
412 	return (rsa_default->rsa_verify(dtype, m, m_length,
413 	    sigbuf, siglen, rsa));
414 }
415 
416 int
417 rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
418 {
419 	DPRINTF("%s:%d", __func__, __LINE__);
420 	return (rsa_default->rsa_keygen(rsa, bits, e, cb));
421 }
422 
423 void
424 ca_engine_init(struct relayd *x_env)
425 {
426 	ENGINE		*e;
427 	const char	*errstr, *name;
428 
429 	if (env == NULL)
430 		env = x_env;
431 
432 	if ((e = ENGINE_get_default_RSA()) == NULL) {
433 		if ((e = ENGINE_new()) == NULL) {
434 			errstr = "ENGINE_new";
435 			goto fail;
436 		}
437 		if (!ENGINE_set_name(e, rsae_method.name)) {
438 			errstr = "ENGINE_set_name";
439 			goto fail;
440 		}
441 		if ((rsa_default = RSA_get_default_method()) == NULL) {
442 			errstr = "RSA_get_default_method";
443 			goto fail;
444 		}
445 	} else if ((rsa_default = ENGINE_get_RSA(e)) == NULL) {
446 		errstr = "ENGINE_get_RSA";
447 		goto fail;
448 	}
449 
450 	if ((name = ENGINE_get_name(e)) == NULL)
451 		name = "unknown RSA engine";
452 
453 	log_debug("%s: using %s", __func__, name);
454 
455 	if (rsa_default->flags & RSA_FLAG_SIGN_VER)
456 		fatalx("unsupported RSA engine");
457 
458 	if (rsa_default->rsa_mod_exp == NULL)
459 		rsae_method.rsa_mod_exp = NULL;
460 	if (rsa_default->rsa_mod_exp == NULL)
461 		rsae_method.rsa_mod_exp = NULL;
462 	if (rsa_default->bn_mod_exp == NULL)
463 		rsae_method.bn_mod_exp = NULL;
464 	if (rsa_default->rsa_keygen == NULL)
465 		rsae_method.rsa_keygen = NULL;
466 	rsae_method.flags = rsa_default->flags |
467 	    RSA_METHOD_FLAG_NO_CHECK;
468 	rsae_method.app_data = rsa_default->app_data;
469 
470 	if (!ENGINE_set_RSA(e, &rsae_method)) {
471 		errstr = "ENGINE_set_RSA";
472 		goto fail;
473 	}
474 	if (!ENGINE_set_default_RSA(e)) {
475 		errstr = "ENGINE_set_default_RSA";
476 		goto fail;
477 	}
478 
479 	return;
480 
481  fail:
482 	ssl_error(__func__, errstr);
483 	fatalx(errstr);
484 }
485