1 /* $OpenBSD: parser.c,v 1.5 2021/02/18 16:23:17 claudio Exp $ */ 2 /* 3 * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> 4 * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <sys/queue.h> 20 #include <sys/tree.h> 21 #include <sys/types.h> 22 23 #include <assert.h> 24 #include <err.h> 25 #include <poll.h> 26 #include <stdio.h> 27 #include <stdlib.h> 28 #include <string.h> 29 #include <limits.h> 30 #include <unistd.h> 31 #include <imsg.h> 32 33 #include <openssl/asn1.h> 34 #include <openssl/err.h> 35 #include <openssl/evp.h> 36 #include <openssl/x509.h> 37 38 #include "extern.h" 39 40 static void build_chain(const struct auth *, STACK_OF(X509) **); 41 static void build_crls(const struct auth *, struct crl_tree *, 42 STACK_OF(X509_CRL) **); 43 /* 44 * Parse and validate a ROA. 45 * This is standard stuff. 46 * Returns the roa on success, NULL on failure. 47 */ 48 static struct roa * 49 proc_parser_roa(struct entity *entp, 50 X509_STORE *store, X509_STORE_CTX *ctx, 51 struct auth_tree *auths, struct crl_tree *crlt) 52 { 53 struct roa *roa; 54 X509 *x509; 55 int c; 56 struct auth *a; 57 STACK_OF(X509) *chain; 58 STACK_OF(X509_CRL) *crls; 59 60 if ((roa = roa_parse(&x509, entp->file)) == NULL) 61 return NULL; 62 63 a = valid_ski_aki(entp->file, auths, roa->ski, roa->aki); 64 65 build_chain(a, &chain); 66 build_crls(a, crlt, &crls); 67 68 assert(x509 != NULL); 69 if (!X509_STORE_CTX_init(ctx, store, x509, chain)) 70 cryptoerrx("X509_STORE_CTX_init"); 71 X509_STORE_CTX_set_flags(ctx, 72 X509_V_FLAG_IGNORE_CRITICAL | X509_V_FLAG_CRL_CHECK); 73 X509_STORE_CTX_set0_crls(ctx, crls); 74 75 if (X509_verify_cert(ctx) <= 0) { 76 c = X509_STORE_CTX_get_error(ctx); 77 X509_STORE_CTX_cleanup(ctx); 78 if (verbose > 0 || c != X509_V_ERR_UNABLE_TO_GET_CRL) 79 warnx("%s: %s", entp->file, 80 X509_verify_cert_error_string(c)); 81 X509_free(x509); 82 roa_free(roa); 83 sk_X509_free(chain); 84 sk_X509_CRL_free(crls); 85 return NULL; 86 } 87 X509_STORE_CTX_cleanup(ctx); 88 sk_X509_free(chain); 89 sk_X509_CRL_free(crls); 90 X509_free(x509); 91 92 /* 93 * If the ROA isn't valid, we accept it anyway and depend upon 94 * the code around roa_read() to check the "valid" field itself. 95 */ 96 97 if (valid_roa(entp->file, auths, roa)) 98 roa->valid = 1; 99 100 return roa; 101 } 102 103 /* 104 * Parse and validate a manifest file. 105 * Here we *don't* validate against the list of CRLs, because the 106 * certificate used to sign the manifest may specify a CRL that the root 107 * certificate didn't, and we haven't scanned for it yet. 108 * This chicken-and-egg isn't important, however, because we'll catch 109 * the revocation list by the time we scan for any contained resources 110 * (ROA, CER) and will see it then. 111 * Return the mft on success or NULL on failure. 112 */ 113 static struct mft * 114 proc_parser_mft(struct entity *entp, X509_STORE *store, X509_STORE_CTX *ctx, 115 struct auth_tree *auths, struct crl_tree *crlt) 116 { 117 struct mft *mft; 118 X509 *x509; 119 int c; 120 struct auth *a; 121 STACK_OF(X509) *chain; 122 123 if ((mft = mft_parse(&x509, entp->file)) == NULL) 124 return NULL; 125 126 a = valid_ski_aki(entp->file, auths, mft->ski, mft->aki); 127 build_chain(a, &chain); 128 129 if (!X509_STORE_CTX_init(ctx, store, x509, chain)) 130 cryptoerrx("X509_STORE_CTX_init"); 131 132 /* CRL checked disabled here because CRL is referenced from mft */ 133 X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_IGNORE_CRITICAL); 134 135 if (X509_verify_cert(ctx) <= 0) { 136 c = X509_STORE_CTX_get_error(ctx); 137 X509_STORE_CTX_cleanup(ctx); 138 warnx("%s: %s", entp->file, X509_verify_cert_error_string(c)); 139 mft_free(mft); 140 X509_free(x509); 141 sk_X509_free(chain); 142 return NULL; 143 } 144 145 X509_STORE_CTX_cleanup(ctx); 146 sk_X509_free(chain); 147 X509_free(x509); 148 149 if (!mft_check(entp->file, mft)) { 150 mft_free(mft); 151 return NULL; 152 } 153 154 return mft; 155 } 156 157 /* 158 * Certificates are from manifests (has a digest and is signed with 159 * another certificate) Parse the certificate, make sure its 160 * signatures are valid (with CRLs), then validate the RPKI content. 161 * This returns a certificate (which must not be freed) or NULL on 162 * parse failure. 163 */ 164 static struct cert * 165 proc_parser_cert(const struct entity *entp, 166 X509_STORE *store, X509_STORE_CTX *ctx, 167 struct auth_tree *auths, struct crl_tree *crlt) 168 { 169 struct cert *cert; 170 X509 *x509; 171 int c; 172 struct auth *a = NULL, *na; 173 char *tal; 174 STACK_OF(X509) *chain; 175 STACK_OF(X509_CRL) *crls; 176 177 assert(!entp->has_pkey); 178 179 /* Extract certificate data and X509. */ 180 181 cert = cert_parse(&x509, entp->file); 182 if (cert == NULL) 183 return NULL; 184 185 a = valid_ski_aki(entp->file, auths, cert->ski, cert->aki); 186 build_chain(a, &chain); 187 build_crls(a, crlt, &crls); 188 189 /* 190 * Validate certificate chain w/CRLs. 191 * Only check the CRLs if specifically asked. 192 */ 193 194 assert(x509 != NULL); 195 if (!X509_STORE_CTX_init(ctx, store, x509, chain)) 196 cryptoerrx("X509_STORE_CTX_init"); 197 198 X509_STORE_CTX_set_flags(ctx, 199 X509_V_FLAG_IGNORE_CRITICAL | X509_V_FLAG_CRL_CHECK); 200 X509_STORE_CTX_set0_crls(ctx, crls); 201 202 if (X509_verify_cert(ctx) <= 0) { 203 c = X509_STORE_CTX_get_error(ctx); 204 warnx("%s: %s", entp->file, 205 X509_verify_cert_error_string(c)); 206 X509_STORE_CTX_cleanup(ctx); 207 cert_free(cert); 208 sk_X509_free(chain); 209 sk_X509_CRL_free(crls); 210 X509_free(x509); 211 return NULL; 212 } 213 214 X509_STORE_CTX_cleanup(ctx); 215 sk_X509_free(chain); 216 sk_X509_CRL_free(crls); 217 218 /* Validate the cert to get the parent */ 219 if (!valid_cert(entp->file, auths, cert)) { 220 X509_free(x509); // needed? XXX 221 return cert; 222 } 223 224 /* 225 * Add validated certs to the RPKI auth tree. 226 */ 227 228 cert->valid = 1; 229 230 na = malloc(sizeof(*na)); 231 if (na == NULL) 232 err(1, NULL); 233 234 tal = a->tal; 235 236 na->parent = a; 237 na->cert = cert; 238 na->tal = tal; 239 na->fn = strdup(entp->file); 240 if (na->fn == NULL) 241 err(1, NULL); 242 243 if (RB_INSERT(auth_tree, auths, na) != NULL) 244 err(1, "auth tree corrupted"); 245 246 return cert; 247 } 248 249 250 /* 251 * Root certificates come from TALs (has a pkey and is self-signed). 252 * Parse the certificate, ensure that it's public key matches the 253 * known public key from the TAL, and then validate the RPKI 254 * content. If valid, we add it as a trusted root (trust anchor) to 255 * "store". 256 * 257 * This returns a certificate (which must not be freed) or NULL on 258 * parse failure. 259 */ 260 static struct cert * 261 proc_parser_root_cert(const struct entity *entp, 262 X509_STORE *store, X509_STORE_CTX *ctx, 263 struct auth_tree *auths, struct crl_tree *crlt) 264 { 265 char subject[256]; 266 ASN1_TIME *notBefore, *notAfter; 267 X509_NAME *name; 268 struct cert *cert; 269 X509 *x509; 270 struct auth *na; 271 char *tal; 272 273 assert(entp->has_pkey); 274 275 /* Extract certificate data and X509. */ 276 277 cert = ta_parse(&x509, entp->file, entp->pkey, entp->pkeysz); 278 if (cert == NULL) 279 return NULL; 280 281 if ((name = X509_get_subject_name(x509)) == NULL) { 282 warnx("%s Unable to get certificate subject", entp->file); 283 goto badcert; 284 } 285 if (X509_NAME_oneline(name, subject, sizeof(subject)) == NULL) { 286 warnx("%s: Unable to parse certificate subject name", 287 entp->file); 288 goto badcert; 289 } 290 if ((notBefore = X509_get_notBefore(x509)) == NULL) { 291 warnx("%s: certificate has invalid notBefore, subject='%s'", 292 entp->file, subject); 293 goto badcert; 294 } 295 if ((notAfter = X509_get_notAfter(x509)) == NULL) { 296 warnx("%s: certificate has invalid notAfter, subject='%s'", 297 entp->file, subject); 298 goto badcert; 299 } 300 if (X509_cmp_current_time(notBefore) != -1) { 301 warnx("%s: certificate not yet valid, subject='%s'", entp->file, 302 subject); 303 goto badcert; 304 } 305 if (X509_cmp_current_time(notAfter) != 1) { 306 warnx("%s: certificate has expired, subject='%s'", entp->file, 307 subject); 308 goto badcert; 309 } 310 if (!valid_ta(entp->file, auths, cert)) { 311 warnx("%s: certificate not a valid ta, subject='%s'", 312 entp->file, subject); 313 goto badcert; 314 } 315 316 /* 317 * Add valid roots to the RPKI auth tree and as a trusted root 318 * for chain validation to the X509_STORE. 319 */ 320 321 cert->valid = 1; 322 323 na = malloc(sizeof(*na)); 324 if (na == NULL) 325 err(1, NULL); 326 327 if ((tal = strdup(entp->descr)) == NULL) 328 err(1, NULL); 329 330 na->parent = NULL; 331 na->cert = cert; 332 na->tal = tal; 333 na->fn = strdup(entp->file); 334 if (na->fn == NULL) 335 err(1, NULL); 336 337 if (RB_INSERT(auth_tree, auths, na) != NULL) 338 err(1, "auth tree corrupted"); 339 340 X509_STORE_add_cert(store, x509); 341 342 return cert; 343 badcert: 344 X509_free(x509); // needed? XXX 345 return cert; 346 } 347 348 /* 349 * Parse a certificate revocation list 350 * This simply parses the CRL content itself, optionally validating it 351 * within the digest if it comes from a manifest, then adds it to the 352 * store of CRLs. 353 */ 354 static void 355 proc_parser_crl(struct entity *entp, X509_STORE *store, 356 X509_STORE_CTX *ctx, struct crl_tree *crlt) 357 { 358 X509_CRL *x509_crl; 359 struct crl *crl; 360 361 if ((x509_crl = crl_parse(entp->file)) != NULL) { 362 if ((crl = malloc(sizeof(*crl))) == NULL) 363 err(1, NULL); 364 if ((crl->aki = x509_crl_get_aki(x509_crl, entp->file)) == 365 NULL) 366 errx(1, "x509_crl_get_aki failed"); 367 crl->x509_crl = x509_crl; 368 369 if (RB_INSERT(crl_tree, crlt, crl) != NULL) { 370 warnx("%s: duplicate AKI %s", entp->file, crl->aki); 371 free_crl(crl); 372 } 373 } 374 } 375 376 /* 377 * Parse a ghostbuster record 378 */ 379 static void 380 proc_parser_gbr(struct entity *entp, X509_STORE *store, 381 X509_STORE_CTX *ctx, struct auth_tree *auths, struct crl_tree *crlt) 382 { 383 struct gbr *gbr; 384 X509 *x509; 385 int c; 386 struct auth *a; 387 STACK_OF(X509) *chain; 388 STACK_OF(X509_CRL) *crls; 389 390 if ((gbr = gbr_parse(&x509, entp->file)) == NULL) 391 return; 392 393 a = valid_ski_aki(entp->file, auths, gbr->ski, gbr->aki); 394 395 build_chain(a, &chain); 396 build_crls(a, crlt, &crls); 397 398 assert(x509 != NULL); 399 if (!X509_STORE_CTX_init(ctx, store, x509, chain)) 400 cryptoerrx("X509_STORE_CTX_init"); 401 X509_STORE_CTX_set_flags(ctx, 402 X509_V_FLAG_IGNORE_CRITICAL | X509_V_FLAG_CRL_CHECK); 403 X509_STORE_CTX_set0_crls(ctx, crls); 404 405 if (X509_verify_cert(ctx) <= 0) { 406 c = X509_STORE_CTX_get_error(ctx); 407 if (verbose > 0 || c != X509_V_ERR_UNABLE_TO_GET_CRL) 408 warnx("%s: %s", entp->file, 409 X509_verify_cert_error_string(c)); 410 } 411 412 X509_STORE_CTX_cleanup(ctx); 413 sk_X509_free(chain); 414 sk_X509_CRL_free(crls); 415 X509_free(x509); 416 gbr_free(gbr); 417 } 418 419 /* use the parent (id) to walk the tree to the root and 420 build a certificate chain from cert->x509 */ 421 static void 422 build_chain(const struct auth *a, STACK_OF(X509) **chain) 423 { 424 *chain = NULL; 425 426 if (a == NULL) 427 return; 428 429 if ((*chain = sk_X509_new_null()) == NULL) 430 err(1, "sk_X509_new_null"); 431 for (; a != NULL; a = a->parent) { 432 assert(a->cert->x509 != NULL); 433 if (!sk_X509_push(*chain, a->cert->x509)) 434 errx(1, "sk_X509_push"); 435 } 436 } 437 438 /* use the parent (id) to walk the tree to the root and 439 build a stack of CRLs */ 440 static void 441 build_crls(const struct auth *a, struct crl_tree *crlt, 442 STACK_OF(X509_CRL) **crls) 443 { 444 struct crl find, *found; 445 446 if ((*crls = sk_X509_CRL_new_null()) == NULL) 447 errx(1, "sk_X509_CRL_new_null"); 448 449 if (a == NULL) 450 return; 451 452 find.aki = a->cert->ski; 453 found = RB_FIND(crl_tree, crlt, &find); 454 if (found && !sk_X509_CRL_push(*crls, found->x509_crl)) 455 err(1, "sk_X509_CRL_push"); 456 } 457 458 /* 459 * Process responsible for parsing and validating content. 460 * All this process does is wait to be told about a file to parse, then 461 * it parses it and makes sure that the data being returned is fully 462 * validated and verified. 463 * The process will exit cleanly only when fd is closed. 464 */ 465 void 466 proc_parser(int fd) 467 { 468 struct tal *tal; 469 struct cert *cert; 470 struct mft *mft; 471 struct roa *roa; 472 struct entity *entp; 473 struct entityq q; 474 int c, rc = 1; 475 struct msgbuf msgq; 476 struct pollfd pfd; 477 struct ibuf *b; 478 X509_STORE *store; 479 X509_STORE_CTX *ctx; 480 struct auth_tree auths = RB_INITIALIZER(&auths); 481 struct crl_tree crlt = RB_INITIALIZER(&crlt); 482 483 ERR_load_crypto_strings(); 484 OpenSSL_add_all_ciphers(); 485 OpenSSL_add_all_digests(); 486 487 if ((store = X509_STORE_new()) == NULL) 488 cryptoerrx("X509_STORE_new"); 489 if ((ctx = X509_STORE_CTX_new()) == NULL) 490 cryptoerrx("X509_STORE_CTX_new"); 491 492 TAILQ_INIT(&q); 493 494 msgbuf_init(&msgq); 495 msgq.fd = fd; 496 497 pfd.fd = fd; 498 499 io_socket_nonblocking(pfd.fd); 500 501 for (;;) { 502 pfd.events = POLLIN; 503 if (msgq.queued) 504 pfd.events |= POLLOUT; 505 506 if (poll(&pfd, 1, INFTIM) == -1) 507 err(1, "poll"); 508 if ((pfd.revents & (POLLERR|POLLNVAL))) 509 errx(1, "poll: bad descriptor"); 510 511 /* If the parent closes, return immediately. */ 512 513 if ((pfd.revents & POLLHUP)) 514 break; 515 516 /* 517 * Start with read events. 518 * This means that the parent process is sending us 519 * something we need to parse. 520 * We don't actually parse it til we have space in our 521 * outgoing buffer for responding, though. 522 */ 523 524 if ((pfd.revents & POLLIN)) { 525 io_socket_blocking(fd); 526 entp = calloc(1, sizeof(struct entity)); 527 if (entp == NULL) 528 err(1, NULL); 529 entity_read_req(fd, entp); 530 TAILQ_INSERT_TAIL(&q, entp, entries); 531 io_socket_nonblocking(fd); 532 } 533 534 if (pfd.revents & POLLOUT) { 535 switch (msgbuf_write(&msgq)) { 536 case 0: 537 errx(1, "write: connection closed"); 538 case -1: 539 err(1, "write"); 540 } 541 } 542 543 /* 544 * If there's nothing to parse, then stop waiting for 545 * the write signal. 546 */ 547 548 if (TAILQ_EMPTY(&q)) { 549 pfd.events &= ~POLLOUT; 550 continue; 551 } 552 553 entp = TAILQ_FIRST(&q); 554 assert(entp != NULL); 555 556 if ((b = ibuf_dynamic(256, UINT_MAX)) == NULL) 557 err(1, NULL); 558 io_simple_buffer(b, &entp->type, sizeof(entp->type)); 559 560 switch (entp->type) { 561 case RTYPE_TAL: 562 if ((tal = tal_parse(entp->file, entp->descr)) == NULL) 563 goto out; 564 tal_buffer(b, tal); 565 tal_free(tal); 566 break; 567 case RTYPE_CER: 568 if (entp->has_pkey) 569 cert = proc_parser_root_cert(entp, store, ctx, 570 &auths, &crlt); 571 else 572 cert = proc_parser_cert(entp, store, ctx, 573 &auths, &crlt); 574 c = (cert != NULL); 575 io_simple_buffer(b, &c, sizeof(int)); 576 if (cert != NULL) 577 cert_buffer(b, cert); 578 /* 579 * The parsed certificate data "cert" is now 580 * managed in the "auths" table, so don't free 581 * it here (see the loop after "out"). 582 */ 583 break; 584 case RTYPE_MFT: 585 mft = proc_parser_mft(entp, store, ctx, &auths, &crlt); 586 c = (mft != NULL); 587 io_simple_buffer(b, &c, sizeof(int)); 588 if (mft != NULL) 589 mft_buffer(b, mft); 590 mft_free(mft); 591 break; 592 case RTYPE_CRL: 593 proc_parser_crl(entp, store, ctx, &crlt); 594 break; 595 case RTYPE_ROA: 596 roa = proc_parser_roa(entp, store, ctx, &auths, &crlt); 597 c = (roa != NULL); 598 io_simple_buffer(b, &c, sizeof(int)); 599 if (roa != NULL) 600 roa_buffer(b, roa); 601 roa_free(roa); 602 break; 603 case RTYPE_GBR: 604 proc_parser_gbr(entp, store, ctx, &auths, &crlt); 605 break; 606 default: 607 abort(); 608 } 609 610 ibuf_close(&msgq, b); 611 TAILQ_REMOVE(&q, entp, entries); 612 entity_free(entp); 613 } 614 615 rc = 0; 616 out: 617 while ((entp = TAILQ_FIRST(&q)) != NULL) { 618 TAILQ_REMOVE(&q, entp, entries); 619 entity_free(entp); 620 } 621 622 /* XXX free auths and crl tree */ 623 624 X509_STORE_CTX_free(ctx); 625 X509_STORE_free(store); 626 627 msgbuf_clear(&msgq); 628 629 exit(rc); 630 } 631