GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: sbin/iked/ca.c Lines: 0 722 0.0 %
Date: 2017-11-13 Branches: 0 448 0.0 %

Line Branch Exec Source
1
/*	$OpenBSD: ca.c,v 1.46 2017/10/30 09:53:27 patrick Exp $	*/
2
3
/*
4
 * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
5
 *
6
 * Permission to use, copy, modify, and distribute this software for any
7
 * purpose with or without fee is hereby granted, provided that the above
8
 * copyright notice and this permission notice appear in all copies.
9
 *
10
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
 */
18
19
#include <sys/queue.h>
20
#include <sys/socket.h>
21
#include <sys/wait.h>
22
#include <sys/uio.h>
23
24
#include <stdlib.h>
25
#include <stdio.h>
26
#include <unistd.h>
27
#include <dirent.h>
28
#include <string.h>
29
#include <signal.h>
30
#include <errno.h>
31
#include <err.h>
32
#include <pwd.h>
33
#include <event.h>
34
35
#include <openssl/bio.h>
36
#include <openssl/err.h>
37
#include <openssl/engine.h>
38
#include <openssl/ssl.h>
39
#include <openssl/x509.h>
40
#include <openssl/x509v3.h>
41
#include <openssl/pem.h>
42
#include <openssl/evp.h>
43
#include <openssl/sha.h>
44
#include <openssl/rsa.h>
45
46
#include "iked.h"
47
#include "ikev2.h"
48
49
void	 ca_run(struct privsep *, struct privsep_proc *, void *);
50
void	 ca_reset(struct privsep *);
51
int	 ca_reload(struct iked *);
52
53
int	 ca_getreq(struct iked *, struct imsg *);
54
int	 ca_getcert(struct iked *, struct imsg *);
55
int	 ca_getauth(struct iked *, struct imsg *);
56
X509	*ca_by_subjectpubkey(X509_STORE *, uint8_t *, size_t);
57
X509	*ca_by_issuer(X509_STORE *, X509_NAME *, struct iked_static_id *);
58
int	 ca_subjectpubkey_digest(X509 *, uint8_t *, unsigned int *);
59
int	 ca_x509_subject_cmp(X509 *, struct iked_static_id *);
60
int	 ca_validate_pubkey(struct iked *, struct iked_static_id *,
61
	    void *, size_t);
62
int	 ca_validate_cert(struct iked *, struct iked_static_id *,
63
	    void *, size_t);
64
int	 ca_privkey_to_method(struct iked_id *);
65
struct ibuf *
66
	 ca_x509_serialize(X509 *);
67
int	 ca_x509_subjectaltname_cmp(X509 *, struct iked_static_id *);
68
int	 ca_x509_subjectaltname(X509 *cert, struct iked_id *, int);
69
int	 ca_dispatch_parent(int, struct privsep_proc *, struct imsg *);
70
int	 ca_dispatch_ikev2(int, struct privsep_proc *, struct imsg *);
71
72
static struct privsep_proc procs[] = {
73
	{ "parent",	PROC_PARENT,	ca_dispatch_parent },
74
	{ "ikev2",	PROC_IKEV2,	ca_dispatch_ikev2 }
75
};
76
77
struct ca_store {
78
	X509_STORE	*ca_cas;
79
	X509_LOOKUP	*ca_calookup;
80
81
	X509_STORE	*ca_certs;
82
	X509_LOOKUP	*ca_certlookup;
83
84
	struct iked_id	 ca_privkey;
85
	struct iked_id	 ca_pubkey;
86
87
	uint8_t		 ca_privkey_method;
88
};
89
90
pid_t
91
caproc(struct privsep *ps, struct privsep_proc *p)
92
{
93
	return (proc_run(ps, p, procs, nitems(procs), ca_run, NULL));
94
}
95
96
void
97
ca_run(struct privsep *ps, struct privsep_proc *p, void *arg)
98
{
99
	struct iked	*env = ps->ps_env;
100
	struct ca_store	*store;
101
102
	/*
103
	 * pledge in the ca process:
104
	 * stdio - for malloc and basic I/O including events.
105
	 * rpath - for certificate files.
106
	 * recvfd - for ocsp sockets.
107
	 */
108
	if (pledge("stdio rpath recvfd flock cpath wpath", NULL) == -1)
109
		fatal("pledge");
110
111
	if ((store = calloc(1, sizeof(*store))) == NULL)
112
		fatal("%s: failed to allocate cert store", __func__);
113
114
	env->sc_priv = store;
115
}
116
117
void
118
ca_getkey(struct privsep *ps, struct iked_id *key, enum imsg_type type)
119
{
120
	struct iked	*env = ps->ps_env;
121
	struct ca_store	*store = env->sc_priv;
122
	struct iked_id	*id;
123
	const char	*name;
124
125
	if (store == NULL)
126
		fatalx("%s: invalid store", __func__);
127
128
	if (type == IMSG_PRIVKEY) {
129
		name = "private";
130
		id = &store->ca_privkey;
131
132
		store->ca_privkey_method = ca_privkey_to_method(key);
133
		if (store->ca_privkey_method == IKEV2_AUTH_NONE)
134
			fatalx("ca: failed to get auth method for privkey");
135
	} else if (type == IMSG_PUBKEY) {
136
		name = "public";
137
		id = &store->ca_pubkey;
138
	} else
139
		fatalx("%s: invalid type %d", __func__, type);
140
141
	log_debug("%s: received %s key type %s length %zd", __func__,
142
	    name, print_map(key->id_type, ikev2_cert_map),
143
	    ibuf_length(key->id_buf));
144
145
	/* clear old key and copy new one */
146
	ibuf_release(id->id_buf);
147
	memcpy(id, key, sizeof(*id));
148
}
149
150
void
151
ca_reset(struct privsep *ps)
152
{
153
	struct iked	*env = ps->ps_env;
154
	struct ca_store	*store = env->sc_priv;
155
156
	if (store->ca_privkey.id_type == IKEV2_ID_NONE ||
157
	    store->ca_pubkey.id_type == IKEV2_ID_NONE)
158
		fatalx("ca_reset: keys not loaded");
159
160
	if (store->ca_cas != NULL)
161
		X509_STORE_free(store->ca_cas);
162
	if (store->ca_certs != NULL)
163
		X509_STORE_free(store->ca_certs);
164
165
	if ((store->ca_cas = X509_STORE_new()) == NULL)
166
		fatalx("ca_reset: failed to get ca store");
167
	if ((store->ca_calookup = X509_STORE_add_lookup(store->ca_cas,
168
	    X509_LOOKUP_file())) == NULL)
169
		fatalx("ca_reset: failed to add ca lookup");
170
171
	if ((store->ca_certs = X509_STORE_new()) == NULL)
172
		fatalx("ca_reset: failed to get cert store");
173
	if ((store->ca_certlookup = X509_STORE_add_lookup(store->ca_certs,
174
	    X509_LOOKUP_file())) == NULL)
175
		fatalx("ca_reset: failed to add cert lookup");
176
177
	if (ca_reload(env) != 0)
178
		fatal("ca_reset: reload");
179
}
180
181
int
182
ca_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
183
{
184
	struct iked		*env = p->p_env;
185
	unsigned int		 mode;
186
187
	switch (imsg->hdr.type) {
188
	case IMSG_CTL_RESET:
189
		IMSG_SIZE_CHECK(imsg, &mode);
190
		memcpy(&mode, imsg->data, sizeof(mode));
191
		if (mode == RESET_ALL || mode == RESET_CA) {
192
			log_debug("%s: config reset", __func__);
193
			ca_reset(&env->sc_ps);
194
		}
195
		break;
196
	case IMSG_OCSP_FD:
197
		ocsp_receive_fd(env, imsg);
198
		break;
199
	case IMSG_OCSP_URL:
200
		config_getocsp(env, imsg);
201
		break;
202
	case IMSG_PRIVKEY:
203
	case IMSG_PUBKEY:
204
		config_getkey(env, imsg);
205
		break;
206
	default:
207
		return (-1);
208
	}
209
210
	return (0);
211
}
212
213
int
214
ca_dispatch_ikev2(int fd, struct privsep_proc *p, struct imsg *imsg)
215
{
216
	struct iked	*env = p->p_env;
217
218
	switch (imsg->hdr.type) {
219
	case IMSG_CERTREQ:
220
		ca_getreq(env, imsg);
221
		break;
222
	case IMSG_CERT:
223
		ca_getcert(env, imsg);
224
		break;
225
	case IMSG_AUTH:
226
		ca_getauth(env, imsg);
227
		break;
228
	default:
229
		return (-1);
230
	}
231
232
	return (0);
233
}
234
235
int
236
ca_setcert(struct iked *env, struct iked_sahdr *sh, struct iked_id *id,
237
    uint8_t type, uint8_t *data, size_t len, enum privsep_procid procid)
238
{
239
	struct iovec		iov[4];
240
	int			iovcnt = 0;
241
	struct iked_static_id	idb;
242
243
	/* Must send the cert and a valid Id to the ca process */
244
	if (procid == PROC_CERT) {
245
		if (id == NULL || id->id_type == IKEV2_ID_NONE ||
246
		    ibuf_length(id->id_buf) > IKED_ID_SIZE)
247
			return (-1);
248
		bzero(&idb, sizeof(idb));
249
250
		/* Convert to a static Id */
251
		idb.id_type = id->id_type;
252
		idb.id_offset = id->id_offset;
253
		idb.id_length = ibuf_length(id->id_buf);
254
		memcpy(&idb.id_data, ibuf_data(id->id_buf),
255
		    ibuf_length(id->id_buf));
256
257
		iov[iovcnt].iov_base = &idb;
258
		iov[iovcnt].iov_len = sizeof(idb);
259
		iovcnt++;
260
	}
261
262
	iov[iovcnt].iov_base = sh;
263
	iov[iovcnt].iov_len = sizeof(*sh);
264
	iovcnt++;
265
	iov[iovcnt].iov_base = &type;
266
	iov[iovcnt].iov_len = sizeof(type);
267
	iovcnt++;
268
	iov[iovcnt].iov_base = data;
269
	iov[iovcnt].iov_len = len;
270
	iovcnt++;
271
272
	if (proc_composev(&env->sc_ps, procid, IMSG_CERT, iov, iovcnt) == -1)
273
		return (-1);
274
	return (0);
275
}
276
277
int
278
ca_setreq(struct iked *env, struct iked_sa *sa,
279
    struct iked_static_id *localid, uint8_t type, uint8_t *data,
280
    size_t len, enum privsep_procid procid)
281
{
282
	struct iovec		iov[4];
283
	int			iovcnt = 0;
284
	struct iked_static_id	idb;
285
	struct iked_id		id;
286
	int			ret = -1;
287
288
	/* Convert to a static Id */
289
	bzero(&id, sizeof(id));
290
	if (ikev2_policy2id(localid, &id, 1) != 0)
291
		return (-1);
292
293
	bzero(&idb, sizeof(idb));
294
	idb.id_type = id.id_type;
295
	idb.id_offset = id.id_offset;
296
	idb.id_length = ibuf_length(id.id_buf);
297
	memcpy(&idb.id_data, ibuf_data(id.id_buf),
298
	    ibuf_length(id.id_buf));
299
	iov[iovcnt].iov_base = &idb;
300
	iov[iovcnt].iov_len = sizeof(idb);
301
	iovcnt++;
302
303
	iov[iovcnt].iov_base = &sa->sa_hdr;
304
	iov[iovcnt].iov_len = sizeof(sa->sa_hdr);
305
	iovcnt++;
306
	iov[iovcnt].iov_base = &type;
307
	iov[iovcnt].iov_len = sizeof(type);
308
	iovcnt++;
309
	iov[iovcnt].iov_base = data;
310
	iov[iovcnt].iov_len = len;
311
	iovcnt++;
312
313
	if (proc_composev(&env->sc_ps, procid, IMSG_CERTREQ, iov, iovcnt) == -1)
314
		goto done;
315
316
	sa_stateflags(sa, IKED_REQ_CERTREQ);
317
318
	ret = 0;
319
 done:
320
	ibuf_release(id.id_buf);
321
	return (ret);
322
}
323
324
int
325
ca_setauth(struct iked *env, struct iked_sa *sa,
326
    struct ibuf *authmsg, enum privsep_procid id)
327
{
328
	struct iovec		 iov[3];
329
	int			 iovcnt = 3;
330
	struct iked_policy	*policy = sa->sa_policy;
331
	uint8_t			 type = policy->pol_auth.auth_method;
332
333
	if (id == PROC_CERT) {
334
		/* switch encoding to IKEV2_AUTH_SIG if SHA2 is supported */
335
		if (sa->sa_sigsha2 && type == IKEV2_AUTH_RSA_SIG) {
336
			log_debug("%s: switching RSA_SIG to SIG", __func__);
337
			type = IKEV2_AUTH_SIG;
338
		} else if (!sa->sa_sigsha2 && type == IKEV2_AUTH_SIG_ANY) {
339
			log_debug("%s: switching SIG to RSA_SIG(*)", __func__);
340
			/* XXX ca might auto-switch to ECDSA */
341
			type = IKEV2_AUTH_RSA_SIG;
342
		} else if (type == IKEV2_AUTH_SIG) {
343
			log_debug("%s: using SIG (RFC7427)", __func__);
344
		}
345
	}
346
347
	if (type == IKEV2_AUTH_SHARED_KEY_MIC) {
348
		sa->sa_stateflags |= IKED_REQ_AUTH;
349
		return (ikev2_msg_authsign(env, sa,
350
		    &policy->pol_auth, authmsg));
351
	}
352
353
	iov[0].iov_base = &sa->sa_hdr;
354
	iov[0].iov_len = sizeof(sa->sa_hdr);
355
	iov[1].iov_base = &type;
356
	iov[1].iov_len = sizeof(type);
357
	if (type == IKEV2_AUTH_NONE)
358
		iovcnt--;
359
	else {
360
		iov[2].iov_base = ibuf_data(authmsg);
361
		iov[2].iov_len = ibuf_size(authmsg);
362
		log_debug("%s: auth length %zu", __func__, ibuf_size(authmsg));
363
	}
364
365
	if (proc_composev(&env->sc_ps, id, IMSG_AUTH, iov, iovcnt) == -1)
366
		return (-1);
367
	return (0);
368
}
369
370
int
371
ca_getcert(struct iked *env, struct imsg *imsg)
372
{
373
	struct iked_sahdr	 sh;
374
	uint8_t			 type;
375
	uint8_t			*ptr;
376
	size_t			 len;
377
	struct iked_static_id	 id;
378
	unsigned int		 i;
379
	struct iovec		 iov[2];
380
	int			 iovcnt = 2, cmd, ret = 0;
381
382
	ptr = (uint8_t *)imsg->data;
383
	len = IMSG_DATA_SIZE(imsg);
384
	i = sizeof(id) + sizeof(sh) + sizeof(type);
385
	if (len <= i)
386
		return (-1);
387
388
	memcpy(&id, ptr, sizeof(id));
389
	if (id.id_type == IKEV2_ID_NONE)
390
		return (-1);
391
	memcpy(&sh, ptr + sizeof(id), sizeof(sh));
392
	memcpy(&type, ptr + sizeof(id) + sizeof(sh), sizeof(uint8_t));
393
394
	ptr += i;
395
	len -= i;
396
397
	switch (type) {
398
	case IKEV2_CERT_X509_CERT:
399
		ret = ca_validate_cert(env, &id, ptr, len);
400
		if (ret == 0 && env->sc_ocsp_url) {
401
			ret = ocsp_validate_cert(env, &id, ptr, len, sh, type);
402
			if (ret == 0)
403
				return (0);
404
		}
405
		break;
406
	case IKEV2_CERT_RSA_KEY:
407
	case IKEV2_CERT_ECDSA:
408
		ret = ca_validate_pubkey(env, &id, ptr, len);
409
		break;
410
	default:
411
		log_debug("%s: unsupported cert type %d", __func__, type);
412
		ret = -1;
413
		break;
414
	}
415
416
	if (ret == 0)
417
		cmd = IMSG_CERTVALID;
418
	else
419
		cmd = IMSG_CERTINVALID;
420
421
	iov[0].iov_base = &sh;
422
	iov[0].iov_len = sizeof(sh);
423
	iov[1].iov_base = &type;
424
	iov[1].iov_len = sizeof(type);
425
426
	if (proc_composev(&env->sc_ps, PROC_IKEV2, cmd, iov, iovcnt) == -1)
427
		return (-1);
428
	return (0);
429
}
430
431
int
432
ca_getreq(struct iked *env, struct imsg *imsg)
433
{
434
	struct ca_store		*store = env->sc_priv;
435
	struct iked_sahdr	 sh;
436
	uint8_t			 type;
437
	uint8_t			*ptr;
438
	size_t			 len;
439
	unsigned int		 i, n;
440
	X509			*ca = NULL, *cert = NULL;
441
	struct ibuf		*buf;
442
	struct iked_static_id	 id;
443
444
	ptr = (uint8_t *)imsg->data;
445
	len = IMSG_DATA_SIZE(imsg);
446
	i = sizeof(id) + sizeof(uint8_t) + sizeof(sh);
447
	if (len < i || ((len - i) % SHA_DIGEST_LENGTH) != 0)
448
		return (-1);
449
450
	memcpy(&id, ptr, sizeof(id));
451
	if (id.id_type == IKEV2_ID_NONE)
452
		return (-1);
453
	memcpy(&sh, ptr + sizeof(id), sizeof(sh));
454
	memcpy(&type, ptr + sizeof(id) + sizeof(sh), sizeof(uint8_t));
455
456
	switch (type) {
457
	case IKEV2_CERT_RSA_KEY:
458
	case IKEV2_CERT_ECDSA:
459
		if (store->ca_pubkey.id_type != type ||
460
		    (buf = store->ca_pubkey.id_buf) == NULL)
461
			return (-1);
462
463
		log_debug("%s: using local public key of type %s", __func__,
464
		    print_map(type, ikev2_cert_map));
465
		break;
466
	case IKEV2_CERT_X509_CERT:
467
		for (n = 1; i < len; n++, i += SHA_DIGEST_LENGTH) {
468
			if ((ca = ca_by_subjectpubkey(store->ca_cas, ptr + i,
469
			    SHA_DIGEST_LENGTH)) == NULL)
470
				continue;
471
472
			log_debug("%s: found CA %s", __func__, ca->name);
473
474
			if ((cert = ca_by_issuer(store->ca_certs,
475
			    X509_get_subject_name(ca), &id)) != NULL) {
476
				/* XXX
477
				 * should we re-validate our own cert here?
478
				 */
479
				break;
480
			}
481
		}
482
		if (ca == NULL || cert == NULL) {
483
			log_warnx("%s: no valid local certificate found",
484
			    __func__);
485
			type = IKEV2_CERT_NONE;
486
			ca_setcert(env, &sh, NULL, type, NULL, 0, PROC_IKEV2);
487
			return (0);
488
		}
489
		log_debug("%s: found local certificate %s", __func__,
490
		    cert->name);
491
492
		if ((buf = ca_x509_serialize(cert)) == NULL)
493
			return (-1);
494
		break;
495
	default:
496
		log_warnx("%s: unknown cert type requested", __func__);
497
		return (-1);
498
	}
499
500
	ca_setcert(env, &sh, NULL, type,
501
	    ibuf_data(buf), ibuf_size(buf), PROC_IKEV2);
502
503
	return (0);
504
}
505
506
int
507
ca_getauth(struct iked *env, struct imsg *imsg)
508
{
509
	struct ca_store		*store = env->sc_priv;
510
	struct iked_sahdr	 sh;
511
	uint8_t			 method;
512
	uint8_t			*ptr;
513
	size_t			 len;
514
	unsigned int		 i;
515
	int			 ret = -1;
516
	struct iked_sa		 sa;
517
	struct iked_policy	 policy;
518
	struct iked_id		*id;
519
	struct ibuf		*authmsg;
520
521
	ptr = (uint8_t *)imsg->data;
522
	len = IMSG_DATA_SIZE(imsg);
523
	i = sizeof(method) + sizeof(sh);
524
	if (len <= i)
525
		return (-1);
526
527
	memcpy(&sh, ptr, sizeof(sh));
528
	memcpy(&method, ptr + sizeof(sh), sizeof(uint8_t));
529
	if (method == IKEV2_AUTH_SHARED_KEY_MIC)
530
		return (-1);
531
532
	ptr += i;
533
	len -= i;
534
535
	if ((authmsg = ibuf_new(ptr, len)) == NULL)
536
		return (-1);
537
538
	/*
539
	 * Create fake SA and policy
540
	 */
541
	bzero(&sa, sizeof(sa));
542
	bzero(&policy, sizeof(policy));
543
	memcpy(&sa.sa_hdr, &sh, sizeof(sh));
544
	sa.sa_policy = &policy;
545
	if (sh.sh_initiator)
546
		id = &sa.sa_icert;
547
	else
548
		id = &sa.sa_rcert;
549
	memcpy(id, &store->ca_privkey, sizeof(*id));
550
	policy.pol_auth.auth_method = method == IKEV2_AUTH_SIG ?
551
	    method : store->ca_privkey_method;
552
553
	if (ikev2_msg_authsign(env, &sa, &policy.pol_auth, authmsg) != 0) {
554
		log_debug("%s: AUTH sign failed", __func__);
555
		policy.pol_auth.auth_method = IKEV2_AUTH_NONE;
556
	}
557
558
	ret = ca_setauth(env, &sa, sa.sa_localauth.id_buf, PROC_IKEV2);
559
560
	ibuf_release(sa.sa_localauth.id_buf);
561
	ibuf_release(authmsg);
562
563
	return (ret);
564
}
565
566
int
567
ca_reload(struct iked *env)
568
{
569
	struct ca_store		*store = env->sc_priv;
570
	uint8_t			 md[EVP_MAX_MD_SIZE];
571
	char			 file[PATH_MAX];
572
	struct iovec		 iov[2];
573
	struct dirent		*entry;
574
	STACK_OF(X509_OBJECT)	*h;
575
	X509_OBJECT		*xo;
576
	X509			*x509;
577
	DIR			*dir;
578
	int			 i, len, iovcnt = 0;
579
580
	/*
581
	 * Load CAs
582
	 */
583
	if ((dir = opendir(IKED_CA_DIR)) == NULL)
584
		return (-1);
585
586
	while ((entry = readdir(dir)) != NULL) {
587
		if ((entry->d_type != DT_REG) &&
588
		    (entry->d_type != DT_LNK))
589
			continue;
590
591
		if (snprintf(file, sizeof(file), "%s%s",
592
		    IKED_CA_DIR, entry->d_name) == -1)
593
			continue;
594
595
		if (!X509_load_cert_file(store->ca_calookup, file,
596
		    X509_FILETYPE_PEM)) {
597
			log_warn("%s: failed to load ca file %s", __func__,
598
			    entry->d_name);
599
			ca_sslerror(__func__);
600
			continue;
601
		}
602
		log_debug("%s: loaded ca file %s", __func__, entry->d_name);
603
	}
604
	closedir(dir);
605
606
	/*
607
	 * Load CRLs for the CAs
608
	 */
609
	if ((dir = opendir(IKED_CRL_DIR)) == NULL)
610
		return (-1);
611
612
	while ((entry = readdir(dir)) != NULL) {
613
		if ((entry->d_type != DT_REG) &&
614
		    (entry->d_type != DT_LNK))
615
			continue;
616
617
		if (snprintf(file, sizeof(file), "%s%s",
618
		    IKED_CRL_DIR, entry->d_name) == -1)
619
			continue;
620
621
		if (!X509_load_crl_file(store->ca_calookup, file,
622
		    X509_FILETYPE_PEM)) {
623
			log_warn("%s: failed to load crl file %s", __func__,
624
			    entry->d_name);
625
			ca_sslerror(__func__);
626
			continue;
627
		}
628
629
		/* Only enable CRL checks if we actually loaded a CRL */
630
		X509_STORE_set_flags(store->ca_cas, X509_V_FLAG_CRL_CHECK);
631
632
		log_debug("%s: loaded crl file %s", __func__, entry->d_name);
633
	}
634
	closedir(dir);
635
636
	/*
637
	 * Save CAs signatures for the IKEv2 CERTREQ
638
	 */
639
	ibuf_release(env->sc_certreq);
640
	if ((env->sc_certreq = ibuf_new(NULL, 0)) == NULL)
641
		return (-1);
642
643
	h = store->ca_cas->objs;
644
	for (i = 0; i < sk_X509_OBJECT_num(h); i++) {
645
		xo = sk_X509_OBJECT_value(h, i);
646
		if (xo->type != X509_LU_X509)
647
			continue;
648
649
		x509 = xo->data.x509;
650
		len = sizeof(md);
651
		ca_subjectpubkey_digest(x509, md, &len);
652
		log_debug("%s: %s", __func__, x509->name);
653
654
		if (ibuf_add(env->sc_certreq, md, len) != 0) {
655
			ibuf_release(env->sc_certreq);
656
			env->sc_certreq = NULL;
657
			return (-1);
658
		}
659
	}
660
661
	if (ibuf_length(env->sc_certreq)) {
662
		env->sc_certreqtype = IKEV2_CERT_X509_CERT;
663
		iov[0].iov_base = &env->sc_certreqtype;
664
		iov[0].iov_len = sizeof(env->sc_certreqtype);
665
		iovcnt++;
666
		iov[1].iov_base = ibuf_data(env->sc_certreq);
667
		iov[1].iov_len = ibuf_length(env->sc_certreq);
668
		iovcnt++;
669
670
		log_debug("%s: loaded %zu ca certificate%s", __func__,
671
		    ibuf_length(env->sc_certreq) / SHA_DIGEST_LENGTH,
672
		    ibuf_length(env->sc_certreq) == SHA_DIGEST_LENGTH ?
673
		    "" : "s");
674
675
		(void)proc_composev(&env->sc_ps, PROC_IKEV2, IMSG_CERTREQ,
676
		    iov, iovcnt);
677
	}
678
679
	/*
680
	 * Load certificates
681
	 */
682
	if ((dir = opendir(IKED_CERT_DIR)) == NULL)
683
		return (-1);
684
685
	while ((entry = readdir(dir)) != NULL) {
686
		if ((entry->d_type != DT_REG) &&
687
		    (entry->d_type != DT_LNK))
688
			continue;
689
690
		if (snprintf(file, sizeof(file), "%s%s",
691
		    IKED_CERT_DIR, entry->d_name) == -1)
692
			continue;
693
694
		if (!X509_load_cert_file(store->ca_certlookup, file,
695
		    X509_FILETYPE_PEM)) {
696
			log_warn("%s: failed to load cert file %s", __func__,
697
			    entry->d_name);
698
			ca_sslerror(__func__);
699
			continue;
700
		}
701
		log_debug("%s: loaded cert file %s", __func__, entry->d_name);
702
	}
703
	closedir(dir);
704
705
	h = store->ca_certs->objs;
706
	for (i = 0; i < sk_X509_OBJECT_num(h); i++) {
707
		xo = sk_X509_OBJECT_value(h, i);
708
		if (xo->type != X509_LU_X509)
709
			continue;
710
711
		x509 = xo->data.x509;
712
713
		(void)ca_validate_cert(env, NULL, x509, 0);
714
	}
715
716
	if (!env->sc_certreqtype)
717
		env->sc_certreqtype = store->ca_pubkey.id_type;
718
719
	log_debug("%s: local cert type %s", __func__,
720
	    print_map(env->sc_certreqtype, ikev2_cert_map));
721
722
	iov[0].iov_base = &env->sc_certreqtype;
723
	iov[0].iov_len = sizeof(env->sc_certreqtype);
724
	if (iovcnt == 0)
725
		iovcnt++;
726
	(void)proc_composev(&env->sc_ps, PROC_IKEV2, IMSG_CERTREQ, iov, iovcnt);
727
728
	return (0);
729
}
730
731
X509 *
732
ca_by_subjectpubkey(X509_STORE *ctx, uint8_t *sig, size_t siglen)
733
{
734
	STACK_OF(X509_OBJECT)	*h;
735
	X509_OBJECT		*xo;
736
	X509			*ca;
737
	int			 i;
738
	unsigned int		 len;
739
	uint8_t			 md[EVP_MAX_MD_SIZE];
740
741
	h = ctx->objs;
742
743
	for (i = 0; i < sk_X509_OBJECT_num(h); i++) {
744
		xo = sk_X509_OBJECT_value(h, i);
745
		if (xo->type != X509_LU_X509)
746
			continue;
747
748
		ca = xo->data.x509;
749
		len = sizeof(md);
750
		ca_subjectpubkey_digest(ca, md, &len);
751
752
		if (len == siglen && memcmp(md, sig, len) == 0)
753
			return (ca);
754
	}
755
756
	return (NULL);
757
}
758
759
X509 *
760
ca_by_issuer(X509_STORE *ctx, X509_NAME *subject, struct iked_static_id *id)
761
{
762
	STACK_OF(X509_OBJECT)	*h;
763
	X509_OBJECT		*xo;
764
	X509			*cert;
765
	int			 i;
766
	X509_NAME		*issuer;
767
768
	if (subject == NULL)
769
		return (NULL);
770
771
	h = ctx->objs;
772
	for (i = 0; i < sk_X509_OBJECT_num(h); i++) {
773
		xo = sk_X509_OBJECT_value(h, i);
774
		if (xo->type != X509_LU_X509)
775
			continue;
776
777
		cert = xo->data.x509;
778
		if ((issuer = X509_get_issuer_name(cert)) == NULL)
779
			continue;
780
		else if (X509_NAME_cmp(subject, issuer) == 0) {
781
			switch (id->id_type) {
782
			case IKEV2_ID_ASN1_DN:
783
				if (ca_x509_subject_cmp(cert, id) == 0)
784
					return (cert);
785
				break;
786
			default:
787
				if (ca_x509_subjectaltname_cmp(cert, id) == 0)
788
					return (cert);
789
				break;
790
			}
791
		}
792
	}
793
794
	return (NULL);
795
}
796
797
int
798
ca_subjectpubkey_digest(X509 *x509, uint8_t *md, unsigned int *size)
799
{
800
	EVP_PKEY	*pkey;
801
	uint8_t		*buf = NULL;
802
	int		 buflen;
803
804
	if (*size < SHA_DIGEST_LENGTH)
805
		return (-1);
806
807
	/*
808
	 * Generate a SHA-1 digest of the Subject Public Key Info
809
	 * element in the X.509 certificate, an ASN.1 sequence
810
	 * that includes the public key type (eg. RSA) and the
811
	 * public key value (see 3.7 of RFC4306).
812
	 */
813
	if ((pkey = X509_get_pubkey(x509)) == NULL)
814
		return (-1);
815
	buflen = i2d_PUBKEY(pkey, &buf);
816
	EVP_PKEY_free(pkey);
817
	if (buflen == 0)
818
		return (-1);
819
	if (!EVP_Digest(buf, buflen, md, size, EVP_sha1(), NULL)) {
820
		free(buf);
821
		return (-1);
822
	}
823
	free(buf);
824
825
	return (0);
826
}
827
828
struct ibuf *
829
ca_x509_serialize(X509 *x509)
830
{
831
	long		 len;
832
	struct ibuf	*buf;
833
	uint8_t		*d = NULL;
834
	BIO		*out;
835
836
	if ((out = BIO_new(BIO_s_mem())) == NULL)
837
		return (NULL);
838
	if (!i2d_X509_bio(out, x509)) {
839
		BIO_free(out);
840
		return (NULL);
841
	}
842
843
	len = BIO_get_mem_data(out, &d);
844
	buf = ibuf_new(d, len);
845
	BIO_free(out);
846
847
	return (buf);
848
}
849
850
int
851
ca_pubkey_serialize(EVP_PKEY *key, struct iked_id *id)
852
{
853
	RSA		*rsa = NULL;
854
	EC_KEY		*ec = NULL;
855
	uint8_t		*d;
856
	int		 len = 0;
857
	int		 ret = -1;
858
859
	switch (key->type) {
860
	case EVP_PKEY_RSA:
861
		id->id_type = 0;
862
		id->id_offset = 0;
863
		ibuf_release(id->id_buf);
864
		id->id_buf = NULL;
865
866
		if ((rsa = EVP_PKEY_get1_RSA(key)) == NULL)
867
			goto done;
868
		if ((len = i2d_RSAPublicKey(rsa, NULL)) <= 0)
869
			goto done;
870
		if ((id->id_buf = ibuf_new(NULL, len)) == NULL)
871
			goto done;
872
873
		d = ibuf_data(id->id_buf);
874
		if (i2d_RSAPublicKey(rsa, &d) != len) {
875
			ibuf_release(id->id_buf);
876
			id->id_buf = NULL;
877
			goto done;
878
		}
879
880
		id->id_type = IKEV2_CERT_RSA_KEY;
881
		break;
882
	case EVP_PKEY_EC:
883
		id->id_type = 0;
884
		id->id_offset = 0;
885
		ibuf_release(id->id_buf);
886
		id->id_buf = NULL;
887
888
		if ((ec = EVP_PKEY_get1_EC_KEY(key)) == NULL)
889
			goto done;
890
		if ((len = i2d_EC_PUBKEY(ec, NULL)) <= 0)
891
			goto done;
892
		if ((id->id_buf = ibuf_new(NULL, len)) == NULL)
893
			goto done;
894
895
		d = ibuf_data(id->id_buf);
896
		if (i2d_EC_PUBKEY(ec, &d) != len) {
897
			ibuf_release(id->id_buf);
898
			id->id_buf = NULL;
899
			goto done;
900
		}
901
902
		id->id_type = IKEV2_CERT_ECDSA;
903
		break;
904
	default:
905
		log_debug("%s: unsupported key type %d", __func__, key->type);
906
		return (-1);
907
	}
908
909
	log_debug("%s: type %s length %d", __func__,
910
	    print_map(id->id_type, ikev2_cert_map), len);
911
912
	ret = 0;
913
 done:
914
	if (rsa != NULL)
915
		RSA_free(rsa);
916
	if (ec != NULL)
917
		EC_KEY_free(ec);
918
	return (ret);
919
}
920
921
int
922
ca_privkey_serialize(EVP_PKEY *key, struct iked_id *id)
923
{
924
	RSA		*rsa = NULL;
925
	EC_KEY		*ec = NULL;
926
	uint8_t		*d;
927
	int		 len = 0;
928
	int		 ret = -1;
929
930
	switch (key->type) {
931
	case EVP_PKEY_RSA:
932
		id->id_type = 0;
933
		id->id_offset = 0;
934
		ibuf_release(id->id_buf);
935
		id->id_buf = NULL;
936
937
		if ((rsa = EVP_PKEY_get1_RSA(key)) == NULL)
938
			goto done;
939
		if ((len = i2d_RSAPrivateKey(rsa, NULL)) <= 0)
940
			goto done;
941
		if ((id->id_buf = ibuf_new(NULL, len)) == NULL)
942
			goto done;
943
944
		d = ibuf_data(id->id_buf);
945
		if (i2d_RSAPrivateKey(rsa, &d) != len) {
946
			ibuf_release(id->id_buf);
947
			id->id_buf = NULL;
948
			goto done;
949
		}
950
951
		id->id_type = IKEV2_CERT_RSA_KEY;
952
		break;
953
	case EVP_PKEY_EC:
954
		id->id_type = 0;
955
		id->id_offset = 0;
956
		ibuf_release(id->id_buf);
957
		id->id_buf = NULL;
958
959
		if ((ec = EVP_PKEY_get1_EC_KEY(key)) == NULL)
960
			goto done;
961
		if ((len = i2d_ECPrivateKey(ec, NULL)) <= 0)
962
			goto done;
963
		if ((id->id_buf = ibuf_new(NULL, len)) == NULL)
964
			goto done;
965
966
		d = ibuf_data(id->id_buf);
967
		if (i2d_ECPrivateKey(ec, &d) != len) {
968
			ibuf_release(id->id_buf);
969
			id->id_buf = NULL;
970
			goto done;
971
		}
972
973
		id->id_type = IKEV2_CERT_ECDSA;
974
		break;
975
	default:
976
		log_debug("%s: unsupported key type %d", __func__, key->type);
977
		return (-1);
978
	}
979
980
	log_debug("%s: type %s length %d", __func__,
981
	    print_map(id->id_type, ikev2_cert_map), len);
982
983
	ret = 0;
984
 done:
985
	if (rsa != NULL)
986
		RSA_free(rsa);
987
	if (ec != NULL)
988
		EC_KEY_free(ec);
989
	return (ret);
990
}
991
992
int
993
ca_privkey_to_method(struct iked_id *privkey)
994
{
995
	BIO		*rawcert = NULL;
996
	EC_KEY		*ec = NULL;
997
	const EC_GROUP	*group = NULL;
998
	uint8_t	 method = IKEV2_AUTH_NONE;
999
1000
	switch (privkey->id_type) {
1001
	case IKEV2_CERT_RSA_KEY:
1002
		method = IKEV2_AUTH_RSA_SIG;
1003
		break;
1004
	case IKEV2_CERT_ECDSA:
1005
		if ((rawcert = BIO_new_mem_buf(ibuf_data(privkey->id_buf),
1006
		    ibuf_length(privkey->id_buf))) == NULL)
1007
			goto out;
1008
		if ((ec = d2i_ECPrivateKey_bio(rawcert, NULL)) == NULL)
1009
			goto out;
1010
		if ((group = EC_KEY_get0_group(ec)) == NULL)
1011
			goto out;
1012
		switch (EC_GROUP_get_degree(group)) {
1013
		case 256:
1014
			method = IKEV2_AUTH_ECDSA_256;
1015
			break;
1016
		case 384:
1017
			method = IKEV2_AUTH_ECDSA_384;
1018
			break;
1019
		case 521:
1020
			method = IKEV2_AUTH_ECDSA_521;
1021
			break;
1022
		}
1023
	}
1024
1025
	log_debug("%s: type %s method %s", __func__,
1026
	    print_map(privkey->id_type, ikev2_cert_map),
1027
	    print_map(method, ikev2_auth_map));
1028
1029
 out:
1030
	if (ec != NULL)
1031
		EC_KEY_free(ec);
1032
	if (rawcert != NULL)
1033
		BIO_free(rawcert);
1034
1035
	return (method);
1036
}
1037
1038
char *
1039
ca_asn1_name(uint8_t *asn1, size_t len)
1040
{
1041
	X509_NAME	*name = NULL;
1042
	char		*str = NULL;
1043
	const uint8_t	*p;
1044
1045
	p = asn1;
1046
	if ((name = d2i_X509_NAME(NULL, &p, len)) == NULL)
1047
		return (NULL);
1048
	str = ca_x509_name(name);
1049
	X509_NAME_free(name);
1050
1051
	return (str);
1052
}
1053
1054
char *
1055
ca_x509_name(void *ptr)
1056
{
1057
	char		 buf[BUFSIZ];
1058
	X509_NAME	*name = ptr;
1059
1060
	bzero(buf, sizeof(buf));
1061
	if (!X509_NAME_oneline(name, buf, sizeof(buf) - 1))
1062
		return (NULL);
1063
1064
	return (strdup(buf));
1065
}
1066
1067
/*
1068
 * Copy 'src' to 'dst' until 'marker' is found while unescaping '\'
1069
 * characters. The return value tells the caller where to continue
1070
 * parsing (might be the end of the string) or NULL on error.
1071
 */
1072
static char *
1073
ca_x509_name_unescape(char *src, char *dst, char marker)
1074
{
1075
	while (*src) {
1076
		if (*src == marker) {
1077
			src++;
1078
			break;
1079
		}
1080
		if (*src == '\\') {
1081
			src++;
1082
			if (!*src) {
1083
				log_warnx("%s: '\\' at end of string",
1084
				    __func__);
1085
				*dst = '\0';
1086
				return (NULL);
1087
			}
1088
		}
1089
		*dst++ = *src++;
1090
	}
1091
	*dst = '\0';
1092
	return (src);
1093
}
1094
/*
1095
 * Parse an X509 subject name where 'subject' is in the format
1096
 *    /type0=value0/type1=value1/type2=...
1097
 * where characters may be escaped by '\'.
1098
 * See lib/libssl/src/apps/apps.c:parse_name()
1099
 */
1100
void *
1101
ca_x509_name_parse(char *subject)
1102
{
1103
	char		*cp, *value = NULL, *type = NULL;
1104
	size_t		 maxlen;
1105
	X509_NAME	*name = NULL;
1106
1107
	if (*subject != '/') {
1108
		log_warnx("%s: leading '/' missing in '%s'", __func__, subject);
1109
		goto err;
1110
	}
1111
1112
	/* length of subject is upper bound for unescaped type/value */
1113
	maxlen = strlen(subject) + 1;
1114
1115
	if ((type = calloc(1, maxlen)) == NULL ||
1116
	    (value = calloc(1, maxlen)) == NULL ||
1117
	    (name = X509_NAME_new()) == NULL)
1118
		goto err;
1119
1120
	cp = subject + 1;
1121
	while (*cp) {
1122
		/* unescape type, terminated by '=' */
1123
		cp = ca_x509_name_unescape(cp, type, '=');
1124
		if (cp == NULL) {
1125
			log_warnx("%s: could not parse type", __func__);
1126
			goto err;
1127
		}
1128
		if (!*cp) {
1129
			log_warnx("%s: missing value", __func__);
1130
			goto err;
1131
		}
1132
		/* unescape value, terminated by '/' */
1133
		cp = ca_x509_name_unescape(cp, value, '/');
1134
		if (cp == NULL) {
1135
			log_warnx("%s: could not parse value", __func__);
1136
			goto err;
1137
		}
1138
		if (!*type || !*value) {
1139
			log_warnx("%s: empty type or value", __func__);
1140
			goto err;
1141
		}
1142
		log_debug("%s: setting '%s' to '%s'", __func__, type, value);
1143
		if (!X509_NAME_add_entry_by_txt(name, type, MBSTRING_ASC,
1144
		    value, -1, -1, 0)) {
1145
			log_warnx("%s: setting '%s' to '%s' failed", __func__,
1146
			    type, value);
1147
			ca_sslerror(__func__);
1148
			goto err;
1149
		}
1150
	}
1151
	free(type);
1152
	free(value);
1153
	return (name);
1154
1155
err:
1156
	X509_NAME_free(name);
1157
	free(type);
1158
	free(value);
1159
	return (NULL);
1160
}
1161
1162
int
1163
ca_validate_pubkey(struct iked *env, struct iked_static_id *id,
1164
    void *data, size_t len)
1165
{
1166
	BIO		*rawcert = NULL;
1167
	RSA		*peerrsa = NULL, *localrsa = NULL;
1168
	EC_KEY		*peerec = NULL;
1169
	EVP_PKEY	*peerkey = NULL, *localkey = NULL;
1170
	int		 ret = -1;
1171
	FILE		*fp = NULL;
1172
	char		 idstr[IKED_ID_SIZE];
1173
	char		 file[PATH_MAX];
1174
	struct iked_id	 idp;
1175
1176
	if (len == 0 && data == NULL)
1177
		return (-1);
1178
1179
	switch (id->id_type) {
1180
	case IKEV2_ID_IPV4:
1181
	case IKEV2_ID_FQDN:
1182
	case IKEV2_ID_UFQDN:
1183
	case IKEV2_ID_IPV6:
1184
		break;
1185
	default:
1186
		/* Some types like ASN1_DN will not be mapped to file names */
1187
		log_debug("%s: unsupported public key type %s",
1188
		    __func__, print_map(id->id_type, ikev2_id_map));
1189
		return (-1);
1190
	}
1191
1192
	bzero(&idp, sizeof(idp));
1193
	if ((idp.id_buf = ibuf_new(id->id_data, id->id_length)) == NULL)
1194
		goto done;
1195
1196
	idp.id_type = id->id_type;
1197
	idp.id_offset = id->id_offset;
1198
	if (ikev2_print_id(&idp, idstr, sizeof(idstr)) == -1)
1199
		goto done;
1200
1201
	if (len == 0) {
1202
		/* Data is already an public key */
1203
		peerkey = (EVP_PKEY *)data;
1204
	} else {
1205
		if ((rawcert = BIO_new_mem_buf(data, len)) == NULL)
1206
			goto done;
1207
1208
		if ((peerkey = EVP_PKEY_new()) == NULL)
1209
			goto sslerr;
1210
		if ((peerrsa = d2i_RSAPublicKey_bio(rawcert, NULL))) {
1211
			if (!EVP_PKEY_set1_RSA(peerkey, peerrsa)) {
1212
				goto sslerr;
1213
			}
1214
		} else if (BIO_reset(rawcert) == 1 &&
1215
		    (peerec = d2i_EC_PUBKEY_bio(rawcert, NULL))) {
1216
			if (!EVP_PKEY_set1_EC_KEY(peerkey, peerec)) {
1217
				goto sslerr;
1218
			}
1219
		} else {
1220
			log_debug("%s: unknown key type received", __func__);
1221
			goto sslerr;
1222
		}
1223
	}
1224
1225
	lc_string(idstr);
1226
	if (strlcpy(file, IKED_PUBKEY_DIR, sizeof(file)) >= sizeof(file) ||
1227
	    strlcat(file, idstr, sizeof(file)) >= sizeof(file)) {
1228
		log_debug("%s: public key id too long %s", __func__, idstr);
1229
		goto done;
1230
	}
1231
1232
	if ((fp = fopen(file, "r")) == NULL) {
1233
		log_debug("%s: could not open public key %s", __func__, file);
1234
		goto done;
1235
	}
1236
	localkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL);
1237
	if (localkey == NULL) {
1238
		/* reading PKCS #8 failed, try PEM RSA */
1239
		rewind(fp);
1240
		localrsa = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL);
1241
		fclose(fp);
1242
		if (localrsa == NULL)
1243
			goto sslerr;
1244
		if ((localkey = EVP_PKEY_new()) == NULL)
1245
			goto sslerr;
1246
		if (!EVP_PKEY_set1_RSA(localkey, localrsa))
1247
			goto sslerr;
1248
	} else {
1249
		fclose(fp);
1250
	}
1251
	if (localkey == NULL)
1252
		goto sslerr;
1253
1254
	if (!EVP_PKEY_cmp(peerkey, localkey)) {
1255
		log_debug("%s: public key does not match %s", __func__, file);
1256
		goto done;
1257
	}
1258
1259
	log_debug("%s: valid public key in file %s", __func__, file);
1260
1261
	ret = 0;
1262
 sslerr:
1263
	if (ret != 0)
1264
		ca_sslerror(__func__);
1265
 done:
1266
	ibuf_release(idp.id_buf);
1267
	if (peerkey != NULL)
1268
		EVP_PKEY_free(peerkey);
1269
	if (localkey != NULL)
1270
		EVP_PKEY_free(localkey);
1271
	if (peerrsa != NULL)
1272
		RSA_free(peerrsa);
1273
	if (peerec != NULL)
1274
		EC_KEY_free(peerec);
1275
	if (localrsa != NULL)
1276
		RSA_free(localrsa);
1277
	if (rawcert != NULL)
1278
		BIO_free(rawcert);
1279
1280
	return (ret);
1281
}
1282
1283
int
1284
ca_validate_cert(struct iked *env, struct iked_static_id *id,
1285
    void *data, size_t len)
1286
{
1287
	struct ca_store	*store = env->sc_priv;
1288
	X509_STORE_CTX	 csc;
1289
	BIO		*rawcert = NULL;
1290
	X509		*cert = NULL;
1291
	int		 ret = -1, result, error;
1292
	X509_NAME	*subject;
1293
	const char	*errstr = "failed";
1294
1295
	if (len == 0) {
1296
		/* Data is already an X509 certificate */
1297
		cert = (X509 *)data;
1298
	} else {
1299
		/* Convert data to X509 certificate */
1300
		if ((rawcert = BIO_new_mem_buf(data, len)) == NULL)
1301
			goto done;
1302
		if ((cert = d2i_X509_bio(rawcert, NULL)) == NULL)
1303
			goto done;
1304
	}
1305
1306
	/* Certificate needs a valid subjectName */
1307
	if ((subject = X509_get_subject_name(cert)) == NULL) {
1308
		errstr = "invalid subject";
1309
		goto done;
1310
	}
1311
1312
	if (id != NULL) {
1313
		if ((ret = ca_validate_pubkey(env, id, X509_get_pubkey(cert),
1314
		    0)) == 0) {
1315
			errstr = "in public key file, ok";
1316
			goto done;
1317
		}
1318
1319
		switch (id->id_type) {
1320
		case IKEV2_ID_ASN1_DN:
1321
			if (ca_x509_subject_cmp(cert, id) < 0) {
1322
				errstr = "ASN1_DN identifier mismatch";
1323
				goto done;
1324
			}
1325
			break;
1326
		default:
1327
			if (ca_x509_subjectaltname_cmp(cert, id) != 0) {
1328
				errstr = "invalid subjectAltName extension";
1329
				goto done;
1330
			}
1331
			break;
1332
		}
1333
	}
1334
1335
	bzero(&csc, sizeof(csc));
1336
	X509_STORE_CTX_init(&csc, store->ca_cas, cert, NULL);
1337
	if (store->ca_cas->param->flags & X509_V_FLAG_CRL_CHECK) {
1338
		X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK);
1339
		X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK_ALL);
1340
	}
1341
1342
	result = X509_verify_cert(&csc);
1343
	error = csc.error;
1344
	X509_STORE_CTX_cleanup(&csc);
1345
	if (error != 0) {
1346
		errstr = X509_verify_cert_error_string(error);
1347
		goto done;
1348
	}
1349
1350
	if (!result) {
1351
		/* XXX should we accept self-signed certificates? */
1352
		errstr = "rejecting self-signed certificate";
1353
		goto done;
1354
	}
1355
1356
	/* Success */
1357
	ret = 0;
1358
	errstr = "ok";
1359
1360
 done:
1361
	if (cert != NULL)
1362
		log_debug("%s: %s %.100s", __func__, cert->name, errstr);
1363
1364
	if (rawcert != NULL) {
1365
		BIO_free(rawcert);
1366
		if (cert != NULL)
1367
			X509_free(cert);
1368
	}
1369
1370
	return (ret);
1371
}
1372
1373
/* check if subject from cert matches the id */
1374
int
1375
ca_x509_subject_cmp(X509 *cert, struct iked_static_id *id)
1376
{
1377
	X509_NAME	*subject, *idname = NULL;
1378
	const uint8_t	*idptr;
1379
	size_t		 idlen;
1380
	int		 ret = -1;
1381
1382
	if (id->id_type != IKEV2_ID_ASN1_DN)
1383
		return (-1);
1384
	if ((subject = X509_get_subject_name(cert)) == NULL)
1385
		return (-1);
1386
	if (id->id_length <= id->id_offset)
1387
		return (-1);
1388
	idlen = id->id_length - id->id_offset;
1389
	idptr = id->id_data + id->id_offset;
1390
	if ((idname = d2i_X509_NAME(NULL, &idptr, idlen)) == NULL)
1391
		return (-1);
1392
	if (X509_NAME_cmp(subject, idname) == 0)
1393
		ret = 0;
1394
	X509_NAME_free(idname);
1395
	return (ret);
1396
}
1397
1398
int
1399
ca_x509_subjectaltname_cmp(X509 *cert, struct iked_static_id *id)
1400
{
1401
	struct iked_id	 sanid;
1402
	char		 idstr[IKED_ID_SIZE];
1403
	int		 ret = -1, lastpos = -1;
1404
1405
	bzero(&sanid, sizeof(sanid));
1406
	while (ca_x509_subjectaltname(cert, &sanid, lastpos++) == 0) {
1407
		ikev2_print_id(&sanid, idstr, sizeof(idstr));
1408
1409
		/* Compare id types, length and data */
1410
		if ((id->id_type == sanid.id_type) &&
1411
		    ((ssize_t)ibuf_size(sanid.id_buf) ==
1412
		    (id->id_length - id->id_offset)) &&
1413
		    (memcmp(id->id_data + id->id_offset,
1414
		    ibuf_data(sanid.id_buf),
1415
		    ibuf_size(sanid.id_buf)) == 0)) {
1416
			ret = 0;
1417
			break;
1418
		}
1419
		log_debug("%s: %s mismatched", __func__, idstr);
1420
	}
1421
1422
	ibuf_release(sanid.id_buf);
1423
	return (ret);
1424
}
1425
1426
int
1427
ca_x509_subjectaltname(X509 *cert, struct iked_id *id, int lastpos)
1428
{
1429
	X509_EXTENSION	*san;
1430
	uint8_t		 sanhdr[4], *data;
1431
	int		 ext, santype, sanlen;
1432
	char		 idstr[IKED_ID_SIZE];
1433
1434
	if ((ext = X509_get_ext_by_NID(cert,
1435
	    NID_subject_alt_name, lastpos)) == -1 ||
1436
	    ((san = X509_get_ext(cert, ext)) == NULL)) {
1437
		log_debug("%s: did not find subjectAltName in certificate",
1438
		    __func__);
1439
		return (-1);
1440
	}
1441
1442
	if (san->value == NULL || san->value->data == NULL ||
1443
	    san->value->length < (int)sizeof(sanhdr)) {
1444
		log_debug("%s: invalid subjectAltName in certificate",
1445
		    __func__);
1446
		return (-1);
1447
	}
1448
1449
	/* This is partially based on isakmpd's x509 subjectaltname code */
1450
	data = (uint8_t *)san->value->data;
1451
	memcpy(&sanhdr, data, sizeof(sanhdr));
1452
	santype = sanhdr[2] & 0x3f;
1453
	sanlen = sanhdr[3];
1454
1455
	if ((sanlen + (int)sizeof(sanhdr)) > san->value->length) {
1456
		log_debug("%s: invalid subjectAltName length", __func__);
1457
		return (-1);
1458
	}
1459
1460
	switch (santype) {
1461
	case GEN_DNS:
1462
		id->id_type = IKEV2_ID_FQDN;
1463
		break;
1464
	case GEN_EMAIL:
1465
		id->id_type = IKEV2_ID_UFQDN;
1466
		break;
1467
	case GEN_IPADD:
1468
		if (sanlen == 4)
1469
			id->id_type = IKEV2_ID_IPV4;
1470
		else if (sanlen == 16)
1471
			id->id_type = IKEV2_ID_IPV6;
1472
		else {
1473
			log_debug("%s: invalid subjectAltName IP address",
1474
			    __func__);
1475
			return (-1);
1476
		}
1477
		break;
1478
	default:
1479
		log_debug("%s: unsupported subjectAltName type %d",
1480
		    __func__, santype);
1481
		return (-1);
1482
	}
1483
1484
	ibuf_release(id->id_buf);
1485
	if ((id->id_buf = ibuf_new(data + sizeof(sanhdr), sanlen)) == NULL) {
1486
		log_debug("%s: failed to get id buffer", __func__);
1487
		return (-1);
1488
	}
1489
	id->id_offset = 0;
1490
1491
	ikev2_print_id(id, idstr, sizeof(idstr));
1492
	log_debug("%s: %s", __func__, idstr);
1493
1494
	return (0);
1495
}
1496
1497
void
1498
ca_sslinit(void)
1499
{
1500
	OpenSSL_add_all_algorithms();
1501
	ERR_load_crypto_strings();
1502
1503
	/* Init hardware crypto engines. */
1504
	ENGINE_load_builtin_engines();
1505
	ENGINE_register_all_complete();
1506
}
1507
1508
void
1509
ca_sslerror(const char *caller)
1510
{
1511
	unsigned long	 error;
1512
1513
	while ((error = ERR_get_error()) != 0)
1514
		log_warnx("%s: %s: %.100s", __func__, caller,
1515
		    ERR_error_string(error, NULL));
1516
}