xref: /openbsd-src/usr.sbin/relayd/ca.c (revision f2da64fbbbf1b03f09f390ab01267c93dfd77c4c) 
1 /*	$OpenBSD: ca.c,v 1.22 2016/09/03 14:09:04 reyk Exp $	*/
2 
3 /*
4  * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
5  *
6  * Permission to use, copy, modify, and distribute this software for any
7  * purpose with or without fee is hereby granted, provided that the above
8  * copyright notice and this permission notice appear in all copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17  */
18 
19 #include <sys/types.h>
20 #include <sys/queue.h>
21 #include <sys/uio.h>
22 
23 #include <unistd.h>
24 #include <string.h>
25 #include <stdlib.h>
26 #include <poll.h>
27 #include <imsg.h>
28 
29 #include <openssl/bio.h>
30 #include <openssl/pem.h>
31 #include <openssl/evp.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 
35 #include "relayd.h"
36 
37 void	 ca_init(struct privsep *, struct privsep_proc *p, void *);
38 void	 ca_launch(void);
39 
40 int	 ca_dispatch_parent(int, struct privsep_proc *, struct imsg *);
41 int	 ca_dispatch_relay(int, struct privsep_proc *, struct imsg *);
42 
43 int	 rsae_pub_enc(int, const u_char *, u_char *, RSA *, int);
44 int	 rsae_pub_dec(int,const u_char *, u_char *, RSA *, int);
45 int	 rsae_priv_enc(int, const u_char *, u_char *, RSA *, int);
46 int	 rsae_priv_dec(int, const u_char *, u_char *, RSA *, int);
47 int	 rsae_mod_exp(BIGNUM *, const BIGNUM *, RSA *, BN_CTX *);
48 int	 rsae_bn_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *,
49 	    const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
50 int	 rsae_init(RSA *);
51 int	 rsae_finish(RSA *);
52 int	 rsae_sign(int, const u_char *, u_int, u_char *, u_int *,
53 	    const RSA *);
54 int	 rsae_verify(int dtype, const u_char *m, u_int, const u_char *,
55 	    u_int, const RSA *);
56 int	 rsae_keygen(RSA *, int, BIGNUM *, BN_GENCB *);
57 
58 static struct relayd *env = NULL;
59 
60 static struct privsep_proc procs[] = {
61 	{ "parent",	PROC_PARENT,	ca_dispatch_parent },
62 	{ "relay",	PROC_RELAY,	ca_dispatch_relay },
63 };
64 
65 void
66 ca(struct privsep *ps, struct privsep_proc *p)
67 {
68 	env = ps->ps_env;
69 
70 	proc_run(ps, p, procs, nitems(procs), ca_init, NULL);
71 }
72 
73 void
74 ca_init(struct privsep *ps, struct privsep_proc *p, void *arg)
75 {
76 	if (pledge("stdio recvfd", NULL) == -1)
77 		fatal("pledge");
78 
79 	if (config_init(ps->ps_env) == -1)
80 		fatal("failed to initialize configuration");
81 
82 	env->sc_id = getpid() & 0xffff;
83 }
84 
85 void
86 ca_launch(void)
87 {
88 	BIO		*in = NULL;
89 	EVP_PKEY	*pkey = NULL;
90 	struct relay	*rlay;
91 
92 	TAILQ_FOREACH(rlay, env->sc_relays, rl_entry) {
93 		if ((rlay->rl_conf.flags & (F_TLS|F_TLSCLIENT)) == 0)
94 			continue;
95 
96 		if (rlay->rl_conf.tls_key_len) {
97 			if ((in = BIO_new_mem_buf(rlay->rl_tls_key,
98 			    rlay->rl_conf.tls_key_len)) == NULL)
99 				fatalx("ca_launch: key");
100 
101 			if ((pkey = PEM_read_bio_PrivateKey(in,
102 			    NULL, NULL, NULL)) == NULL)
103 				fatalx("ca_launch: PEM");
104 			BIO_free(in);
105 
106 			rlay->rl_tls_pkey = pkey;
107 
108 			if (pkey_add(env, pkey,
109 			    rlay->rl_conf.tls_keyid) == NULL)
110 				fatalx("tls pkey");
111 
112 			purge_key(&rlay->rl_tls_key,
113 			    rlay->rl_conf.tls_key_len);
114 		}
115 		if (rlay->rl_conf.tls_cert_len) {
116 			purge_key(&rlay->rl_tls_cert,
117 			    rlay->rl_conf.tls_cert_len);
118 		}
119 		if (rlay->rl_conf.tls_cakey_len) {
120 			if ((in = BIO_new_mem_buf(rlay->rl_tls_cakey,
121 			    rlay->rl_conf.tls_cakey_len)) == NULL)
122 				fatalx("ca_launch: key");
123 
124 			if ((pkey = PEM_read_bio_PrivateKey(in,
125 			    NULL, NULL, NULL)) == NULL)
126 				fatalx("ca_launch: PEM");
127 			BIO_free(in);
128 
129 			rlay->rl_tls_capkey = pkey;
130 
131 			if (pkey_add(env, pkey,
132 			    rlay->rl_conf.tls_cakeyid) == NULL)
133 				fatalx("ca pkey");
134 
135 			purge_key(&rlay->rl_tls_cakey,
136 			    rlay->rl_conf.tls_cakey_len);
137 		}
138 		if (rlay->rl_conf.tls_cacert_len) {
139 			purge_key(&rlay->rl_tls_cacert,
140 			    rlay->rl_conf.tls_cacert_len);
141 		}
142 	}
143 }
144 
145 int
146 ca_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
147 {
148 	switch (imsg->hdr.type) {
149 	case IMSG_CFG_RELAY:
150 		config_getrelay(env, imsg);
151 		break;
152 	case IMSG_CFG_DONE:
153 		config_getcfg(env, imsg);
154 		break;
155 	case IMSG_CTL_START:
156 		ca_launch();
157 		break;
158 	case IMSG_CTL_RESET:
159 		config_getreset(env, imsg);
160 		break;
161 	default:
162 		return (-1);
163 	}
164 
165 	return (0);
166 }
167 
168 int
169 ca_dispatch_relay(int fd, struct privsep_proc *p, struct imsg *imsg)
170 {
171 	struct ctl_keyop	 cko;
172 	EVP_PKEY		*pkey;
173 	RSA			*rsa;
174 	u_char			*from = NULL, *to = NULL;
175 	struct iovec		 iov[2];
176 	int			 c = 0;
177 
178 	switch (imsg->hdr.type) {
179 	case IMSG_CA_PRIVENC:
180 	case IMSG_CA_PRIVDEC:
181 		IMSG_SIZE_CHECK(imsg, (&cko));
182 		bcopy(imsg->data, &cko, sizeof(cko));
183 		if (cko.cko_proc > env->sc_conf.prefork_relay)
184 			fatalx("ca_dispatch_relay: "
185 			    "invalid relay proc");
186 		if (IMSG_DATA_SIZE(imsg) != (sizeof(cko) + cko.cko_flen))
187 			fatalx("ca_dispatch_relay: "
188 			    "invalid key operation");
189 		if ((pkey = pkey_find(env, cko.cko_id)) == NULL ||
190 		    (rsa = EVP_PKEY_get1_RSA(pkey)) == NULL)
191 			fatalx("ca_dispatch_relay: "
192 			    "invalid relay key or id");
193 
194 		DPRINTF("%s:%d: key id %d", __func__, __LINE__, cko.cko_id);
195 
196 		from = (u_char *)imsg->data + sizeof(cko);
197 		if ((to = calloc(1, cko.cko_tlen)) == NULL)
198 			fatalx("ca_dispatch_relay: calloc");
199 
200 		switch (imsg->hdr.type) {
201 		case IMSG_CA_PRIVENC:
202 			cko.cko_tlen = RSA_private_encrypt(cko.cko_flen,
203 			    from, to, rsa, cko.cko_padding);
204 			break;
205 		case IMSG_CA_PRIVDEC:
206 			cko.cko_tlen = RSA_private_decrypt(cko.cko_flen,
207 			    from, to, rsa, cko.cko_padding);
208 			break;
209 		}
210 
211 		iov[c].iov_base = &cko;
212 		iov[c++].iov_len = sizeof(cko);
213 		if (cko.cko_tlen) {
214 			iov[c].iov_base = to;
215 			iov[c++].iov_len = cko.cko_tlen;
216 		}
217 
218 		proc_composev_imsg(env->sc_ps, PROC_RELAY, cko.cko_proc,
219 		    imsg->hdr.type, -1, -1, iov, c);
220 
221 		free(to);
222 		RSA_free(rsa);
223 		break;
224 	default:
225 		return (-1);
226 	}
227 
228 	return (0);
229 }
230 
231 /*
232  * RSA privsep engine (called from unprivileged processes)
233  */
234 
235 const RSA_METHOD *rsa_default = NULL;
236 
237 static RSA_METHOD rsae_method = {
238 	"RSA privsep engine",
239 	rsae_pub_enc,
240 	rsae_pub_dec,
241 	rsae_priv_enc,
242 	rsae_priv_dec,
243 	rsae_mod_exp,
244 	rsae_bn_mod_exp,
245 	rsae_init,
246 	rsae_finish,
247 	0,
248 	NULL,
249 	rsae_sign,
250 	rsae_verify,
251 	rsae_keygen
252 };
253 
254 static int
255 rsae_send_imsg(int flen, const u_char *from, u_char *to, RSA *rsa,
256     int padding, u_int cmd)
257 {
258 	struct privsep	*ps = env->sc_ps;
259 	struct pollfd	 pfd[1];
260 	struct ctl_keyop cko;
261 	int		 ret = 0;
262 	objid_t		*id;
263 	struct iovec	 iov[2];
264 	struct imsgbuf	*ibuf;
265 	struct imsgev	*iev;
266 	struct imsg	 imsg;
267 	int		 n, done = 0, cnt = 0;
268 	u_char		*toptr;
269 
270 	if ((id = RSA_get_ex_data(rsa, 0)) == NULL)
271 		return (0);
272 
273 	iev = proc_iev(ps, PROC_CA, ps->ps_instance);
274 	ibuf = &iev->ibuf;
275 
276 	/*
277 	 * XXX this could be nicer...
278 	 */
279 
280 	cko.cko_id = *id;
281 	cko.cko_proc = ps->ps_instance;
282 	cko.cko_flen = flen;
283 	cko.cko_tlen = RSA_size(rsa);
284 	cko.cko_padding = padding;
285 
286 	iov[cnt].iov_base = &cko;
287 	iov[cnt++].iov_len = sizeof(cko);
288 	iov[cnt].iov_base = (void *)from;
289 	iov[cnt++].iov_len = flen;
290 
291 	/*
292 	 * Send a synchronous imsg because we cannot defer the RSA
293 	 * operation in OpenSSL's engine layer.
294 	 */
295 	imsg_composev(ibuf, cmd, 0, 0, -1, iov, cnt);
296 	if (imsg_flush(ibuf) == -1)
297 		log_warn("rsae_send_imsg: imsg_flush");
298 
299 	pfd[0].fd = ibuf->fd;
300 	pfd[0].events = POLLIN;
301 	while (!done) {
302 		switch (poll(pfd, 1, RELAY_TLS_PRIV_TIMEOUT)) {
303 		case -1:
304 			fatal("rsae_send_imsg: poll");
305 		case 0:
306 			log_warnx("rsae_send_imsg: poll timeout");
307 			break;
308 		default:
309 			break;
310 		}
311 		if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
312 			fatalx("imsg_read");
313 		if (n == 0)
314 			fatalx("pipe closed");
315 
316 		while (!done) {
317 			if ((n = imsg_get(ibuf, &imsg)) == -1)
318 				fatalx("imsg_get error");
319 			if (n == 0)
320 				break;
321 			if (imsg.hdr.type != cmd)
322 				fatalx("invalid response");
323 
324 			IMSG_SIZE_CHECK(&imsg, (&cko));
325 			memcpy(&cko, imsg.data, sizeof(cko));
326 			if (IMSG_DATA_SIZE(&imsg) !=
327 			    (sizeof(cko) + cko.cko_tlen))
328 				fatalx("data size");
329 
330 			ret = cko.cko_tlen;
331 			if (ret) {
332 				toptr = (u_char *)imsg.data + sizeof(cko);
333 				memcpy(to, toptr, ret);
334 			}
335 			done = 1;
336 
337 			imsg_free(&imsg);
338 		}
339 	}
340 	imsg_event_add(iev);
341 
342 	return (ret);
343 }
344 
345 int
346 rsae_pub_enc(int flen,const u_char *from, u_char *to, RSA *rsa,int padding)
347 {
348 	DPRINTF("%s:%d", __func__, __LINE__);
349 	return (rsa_default->rsa_pub_enc(flen, from, to, rsa, padding));
350 }
351 
352 int
353 rsae_pub_dec(int flen,const u_char *from, u_char *to, RSA *rsa,int padding)
354 {
355 	DPRINTF("%s:%d", __func__, __LINE__);
356 	return (rsa_default->rsa_pub_dec(flen, from, to, rsa, padding));
357 }
358 
359 int
360 rsae_priv_enc(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
361 {
362 	DPRINTF("%s:%d", __func__, __LINE__);
363 	return (rsae_send_imsg(flen, from, to, rsa, padding,
364 	    IMSG_CA_PRIVENC));
365 }
366 
367 int
368 rsae_priv_dec(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
369 {
370 	DPRINTF("%s:%d", __func__, __LINE__);
371 	return (rsae_send_imsg(flen, from, to, rsa, padding,
372 	    IMSG_CA_PRIVDEC));
373 }
374 
375 int
376 rsae_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
377 {
378 	DPRINTF("%s:%d", __func__, __LINE__);
379 	return (rsa_default->rsa_mod_exp(r0, I, rsa, ctx));
380 }
381 
382 int
383 rsae_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
384     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
385 {
386 	DPRINTF("%s:%d", __func__, __LINE__);
387 	return (rsa_default->bn_mod_exp(r, a, p, m, ctx, m_ctx));
388 }
389 
390 int
391 rsae_init(RSA *rsa)
392 {
393 	DPRINTF("%s:%d", __func__, __LINE__);
394 	if (rsa_default->init == NULL)
395 		return (1);
396 	return (rsa_default->init(rsa));
397 }
398 
399 int
400 rsae_finish(RSA *rsa)
401 {
402 	DPRINTF("%s:%d", __func__, __LINE__);
403 	if (rsa_default->finish == NULL)
404 		return (1);
405 	return (rsa_default->finish(rsa));
406 }
407 
408 int
409 rsae_sign(int type, const u_char *m, u_int m_length, u_char *sigret,
410     u_int *siglen, const RSA *rsa)
411 {
412 	DPRINTF("%s:%d", __func__, __LINE__);
413 	return (rsa_default->rsa_sign(type, m, m_length,
414 	    sigret, siglen, rsa));
415 }
416 
417 int
418 rsae_verify(int dtype, const u_char *m, u_int m_length, const u_char *sigbuf,
419     u_int siglen, const RSA *rsa)
420 {
421 	DPRINTF("%s:%d", __func__, __LINE__);
422 	return (rsa_default->rsa_verify(dtype, m, m_length,
423 	    sigbuf, siglen, rsa));
424 }
425 
426 int
427 rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
428 {
429 	DPRINTF("%s:%d", __func__, __LINE__);
430 	return (rsa_default->rsa_keygen(rsa, bits, e, cb));
431 }
432 
433 void
434 ca_engine_init(struct relayd *x_env)
435 {
436 	ENGINE		*e = NULL;
437 	const char	*errstr, *name;
438 
439 	if (env == NULL)
440 		env = x_env;
441 
442 	if (rsa_default != NULL)
443 		return;
444 
445 	if ((e = ENGINE_get_default_RSA()) == NULL) {
446 		if ((e = ENGINE_new()) == NULL) {
447 			errstr = "ENGINE_new";
448 			goto fail;
449 		}
450 		if (!ENGINE_set_name(e, rsae_method.name)) {
451 			errstr = "ENGINE_set_name";
452 			goto fail;
453 		}
454 		if ((rsa_default = RSA_get_default_method()) == NULL) {
455 			errstr = "RSA_get_default_method";
456 			goto fail;
457 		}
458 	} else if ((rsa_default = ENGINE_get_RSA(e)) == NULL) {
459 		errstr = "ENGINE_get_RSA";
460 		goto fail;
461 	}
462 
463 	if ((name = ENGINE_get_name(e)) == NULL)
464 		name = "unknown RSA engine";
465 
466 	log_debug("%s: using %s", __func__, name);
467 
468 	if (rsa_default->flags & RSA_FLAG_SIGN_VER)
469 		fatalx("unsupported RSA engine");
470 
471 	if (rsa_default->rsa_mod_exp == NULL)
472 		rsae_method.rsa_mod_exp = NULL;
473 	if (rsa_default->bn_mod_exp == NULL)
474 		rsae_method.bn_mod_exp = NULL;
475 	if (rsa_default->rsa_keygen == NULL)
476 		rsae_method.rsa_keygen = NULL;
477 	rsae_method.flags = rsa_default->flags |
478 	    RSA_METHOD_FLAG_NO_CHECK;
479 	rsae_method.app_data = rsa_default->app_data;
480 
481 	if (!ENGINE_set_RSA(e, &rsae_method)) {
482 		errstr = "ENGINE_set_RSA";
483 		goto fail;
484 	}
485 	if (!ENGINE_set_default_RSA(e)) {
486 		errstr = "ENGINE_set_default_RSA";
487 		goto fail;
488 	}
489 
490 	return;
491 
492  fail:
493 	ssl_error(__func__, errstr);
494 	fatalx(errstr);
495 }
496