GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.sbin/relayd/ca.c Lines: 0 211 0.0 %
Date: 2017-11-13 Branches: 0 125 0.0 %

Line Branch Exec Source
1
/*	$OpenBSD: ca.c,v 1.28 2017/08/09 21:31:16 claudio Exp $	*/
2
3
/*
4
 * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
5
 *
6
 * Permission to use, copy, modify, and distribute this software for any
7
 * purpose with or without fee is hereby granted, provided that the above
8
 * copyright notice and this permission notice appear in all copies.
9
 *
10
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
 */
18
19
#include <sys/types.h>
20
#include <sys/queue.h>
21
#include <sys/uio.h>
22
23
#include <unistd.h>
24
#include <string.h>
25
#include <stdlib.h>
26
#include <poll.h>
27
#include <imsg.h>
28
29
#include <openssl/bio.h>
30
#include <openssl/pem.h>
31
#include <openssl/evp.h>
32
#include <openssl/rsa.h>
33
#include <openssl/engine.h>
34
35
#include "relayd.h"
36
37
void	 ca_init(struct privsep *, struct privsep_proc *p, void *);
38
void	 ca_launch(void);
39
40
int	 ca_dispatch_parent(int, struct privsep_proc *, struct imsg *);
41
int	 ca_dispatch_relay(int, struct privsep_proc *, struct imsg *);
42
43
int	 rsae_pub_enc(int, const u_char *, u_char *, RSA *, int);
44
int	 rsae_pub_dec(int,const u_char *, u_char *, RSA *, int);
45
int	 rsae_priv_enc(int, const u_char *, u_char *, RSA *, int);
46
int	 rsae_priv_dec(int, const u_char *, u_char *, RSA *, int);
47
int	 rsae_mod_exp(BIGNUM *, const BIGNUM *, RSA *, BN_CTX *);
48
int	 rsae_bn_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *,
49
	    const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
50
int	 rsae_init(RSA *);
51
int	 rsae_finish(RSA *);
52
int	 rsae_sign(int, const u_char *, u_int, u_char *, u_int *,
53
	    const RSA *);
54
int	 rsae_verify(int dtype, const u_char *m, u_int, const u_char *,
55
	    u_int, const RSA *);
56
int	 rsae_keygen(RSA *, int, BIGNUM *, BN_GENCB *);
57
58
static struct relayd *env = NULL;
59
60
static struct privsep_proc procs[] = {
61
	{ "parent",	PROC_PARENT,	ca_dispatch_parent },
62
	{ "relay",	PROC_RELAY,	ca_dispatch_relay },
63
};
64
65
void
66
ca(struct privsep *ps, struct privsep_proc *p)
67
{
68
	env = ps->ps_env;
69
70
	proc_run(ps, p, procs, nitems(procs), ca_init, NULL);
71
}
72
73
void
74
ca_init(struct privsep *ps, struct privsep_proc *p, void *arg)
75
{
76
	if (pledge("stdio recvfd flock rpath cpath wpath", NULL) == -1)
77
		fatal("pledge");
78
79
	if (config_init(ps->ps_env) == -1)
80
		fatal("failed to initialize configuration");
81
82
	env->sc_id = getpid() & 0xffff;
83
}
84
85
void
86
hash_x509(X509 *cert, char *hash, size_t hashlen)
87
{
88
	static const char	hex[] = "0123456789abcdef";
89
	size_t			off;
90
	char			digest[EVP_MAX_MD_SIZE];
91
	int		 	dlen, i;
92
93
	if (X509_pubkey_digest(cert, EVP_sha256(), digest, &dlen) != 1)
94
		fatalx("%s: X509_pubkey_digest failed", __func__);
95
96
	if (hashlen < 2 * dlen + sizeof("SHA256:"))
97
		fatalx("%s: hash buffer to small", __func__);
98
99
	off = strlcpy(hash, "SHA256:", hashlen);
100
101
	for (i = 0; i < dlen; i++) {
102
		hash[off++] = hex[(digest[i] >> 4) & 0x0f];
103
		hash[off++] = hex[digest[i] & 0x0f];
104
	}
105
	hash[off] = 0;
106
}
107
108
void
109
ca_launch(void)
110
{
111
	char		 hash[TLS_CERT_HASH_SIZE];
112
	BIO		*in = NULL;
113
	EVP_PKEY	*pkey = NULL;
114
	struct relay	*rlay;
115
	X509		*cert = NULL;
116
117
	TAILQ_FOREACH(rlay, env->sc_relays, rl_entry) {
118
		if ((rlay->rl_conf.flags & (F_TLS|F_TLSCLIENT)) == 0)
119
			continue;
120
121
		if (rlay->rl_conf.tls_cert_len) {
122
			if ((in = BIO_new_mem_buf(rlay->rl_tls_cert,
123
			    rlay->rl_conf.tls_cert_len)) == NULL)
124
				fatalx("ca_launch: cert");
125
126
			if ((cert = PEM_read_bio_X509(in, NULL,
127
			    NULL, NULL)) == NULL)
128
				fatalx("ca_launch: cert");
129
130
			hash_x509(cert, hash, sizeof(hash));
131
132
			BIO_free(in);
133
			X509_free(cert);
134
			purge_key(&rlay->rl_tls_cert,
135
			    rlay->rl_conf.tls_cert_len);
136
		}
137
		if (rlay->rl_conf.tls_key_len) {
138
			if ((in = BIO_new_mem_buf(rlay->rl_tls_key,
139
			    rlay->rl_conf.tls_key_len)) == NULL)
140
				fatalx("%s: key", __func__);
141
142
			if ((pkey = PEM_read_bio_PrivateKey(in,
143
			    NULL, NULL, NULL)) == NULL)
144
				fatalx("%s: PEM", __func__);
145
			BIO_free(in);
146
147
			rlay->rl_tls_pkey = pkey;
148
149
			if (pkey_add(env, pkey, hash) == NULL)
150
				fatalx("tls pkey");
151
152
			purge_key(&rlay->rl_tls_key,
153
			    rlay->rl_conf.tls_key_len);
154
		}
155
156
		if (rlay->rl_conf.tls_cacert_len) {
157
			if ((in = BIO_new_mem_buf(rlay->rl_tls_cacert,
158
			    rlay->rl_conf.tls_cacert_len)) == NULL)
159
				fatalx("ca_launch: cacert");
160
161
			if ((cert = PEM_read_bio_X509(in, NULL,
162
			    NULL, NULL)) == NULL)
163
				fatalx("ca_launch: cacert");
164
165
			hash_x509(cert, hash, sizeof(hash));
166
167
			BIO_free(in);
168
			X509_free(cert);
169
			purge_key(&rlay->rl_tls_cacert,
170
			    rlay->rl_conf.tls_cacert_len);
171
		}
172
		if (rlay->rl_conf.tls_cakey_len) {
173
			if ((in = BIO_new_mem_buf(rlay->rl_tls_cakey,
174
			    rlay->rl_conf.tls_cakey_len)) == NULL)
175
				fatalx("%s: key", __func__);
176
177
			if ((pkey = PEM_read_bio_PrivateKey(in,
178
			    NULL, NULL, NULL)) == NULL)
179
				fatalx("%s: PEM", __func__);
180
			BIO_free(in);
181
182
			rlay->rl_tls_capkey = pkey;
183
184
			if (pkey_add(env, pkey, hash) == NULL)
185
				fatalx("ca pkey");
186
187
			purge_key(&rlay->rl_tls_cakey,
188
			    rlay->rl_conf.tls_cakey_len);
189
		}
190
	}
191
}
192
193
int
194
ca_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
195
{
196
	switch (imsg->hdr.type) {
197
	case IMSG_CFG_RELAY:
198
		config_getrelay(env, imsg);
199
		break;
200
	case IMSG_CFG_DONE:
201
		config_getcfg(env, imsg);
202
		break;
203
	case IMSG_CTL_START:
204
		ca_launch();
205
		break;
206
	case IMSG_CTL_RESET:
207
		config_getreset(env, imsg);
208
		break;
209
	default:
210
		return (-1);
211
	}
212
213
	return (0);
214
}
215
216
int
217
ca_dispatch_relay(int fd, struct privsep_proc *p, struct imsg *imsg)
218
{
219
	struct ctl_keyop	 cko;
220
	EVP_PKEY		*pkey;
221
	RSA			*rsa;
222
	u_char			*from = NULL, *to = NULL;
223
	struct iovec		 iov[2];
224
	int			 c = 0;
225
226
	switch (imsg->hdr.type) {
227
	case IMSG_CA_PRIVENC:
228
	case IMSG_CA_PRIVDEC:
229
		IMSG_SIZE_CHECK(imsg, (&cko));
230
		bcopy(imsg->data, &cko, sizeof(cko));
231
		if (cko.cko_proc > env->sc_conf.prefork_relay)
232
			fatalx("%s: invalid relay proc", __func__);
233
		if (IMSG_DATA_SIZE(imsg) != (sizeof(cko) + cko.cko_flen))
234
			fatalx("%s: invalid key operation", __func__);
235
		if ((pkey = pkey_find(env, cko.cko_hash)) == NULL)
236
			fatalx("%s: invalid relay hash '%s'",
237
			    __func__, cko.cko_hash);
238
		if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL)
239
			fatalx("%s: invalid relay key", __func__);
240
241
		DPRINTF("%s:%d: key hash %s proc %d",
242
		    __func__, __LINE__, cko.cko_hash, cko.cko_proc);
243
244
		from = (u_char *)imsg->data + sizeof(cko);
245
		if ((to = calloc(1, cko.cko_tlen)) == NULL)
246
			fatalx("%s: calloc", __func__);
247
248
		switch (imsg->hdr.type) {
249
		case IMSG_CA_PRIVENC:
250
			cko.cko_tlen = RSA_private_encrypt(cko.cko_flen,
251
			    from, to, rsa, cko.cko_padding);
252
			break;
253
		case IMSG_CA_PRIVDEC:
254
			cko.cko_tlen = RSA_private_decrypt(cko.cko_flen,
255
			    from, to, rsa, cko.cko_padding);
256
			break;
257
		}
258
259
		iov[c].iov_base = &cko;
260
		iov[c++].iov_len = sizeof(cko);
261
		if (cko.cko_tlen) {
262
			iov[c].iov_base = to;
263
			iov[c++].iov_len = cko.cko_tlen;
264
		}
265
266
		proc_composev_imsg(env->sc_ps, PROC_RELAY, cko.cko_proc,
267
		    imsg->hdr.type, -1, -1, iov, c);
268
269
		free(to);
270
		RSA_free(rsa);
271
		break;
272
	default:
273
		return (-1);
274
	}
275
276
	return (0);
277
}
278
279
/*
280
 * RSA privsep engine (called from unprivileged processes)
281
 */
282
283
const RSA_METHOD *rsa_default = NULL;
284
285
static RSA_METHOD rsae_method = {
286
	"RSA privsep engine",
287
	rsae_pub_enc,
288
	rsae_pub_dec,
289
	rsae_priv_enc,
290
	rsae_priv_dec,
291
	rsae_mod_exp,
292
	rsae_bn_mod_exp,
293
	rsae_init,
294
	rsae_finish,
295
	0,
296
	NULL,
297
	rsae_sign,
298
	rsae_verify,
299
	rsae_keygen
300
};
301
302
static int
303
rsae_send_imsg(int flen, const u_char *from, u_char *to, RSA *rsa,
304
    int padding, u_int cmd)
305
{
306
	struct privsep	*ps = env->sc_ps;
307
	struct pollfd	 pfd[1];
308
	struct ctl_keyop cko;
309
	int		 ret = 0;
310
	char		*hash;
311
	struct iovec	 iov[2];
312
	struct imsgbuf	*ibuf;
313
	struct imsgev	*iev;
314
	struct imsg	 imsg;
315
	int		 n, done = 0, cnt = 0;
316
	u_char		*toptr;
317
318
	if ((hash = RSA_get_ex_data(rsa, 0)) == NULL)
319
		return (0);
320
321
	iev = proc_iev(ps, PROC_CA, ps->ps_instance);
322
	ibuf = &iev->ibuf;
323
324
	/*
325
	 * XXX this could be nicer...
326
	 */
327
328
	(void)strlcpy(cko.cko_hash, hash, sizeof(cko.cko_hash));
329
	cko.cko_proc = ps->ps_instance;
330
	cko.cko_flen = flen;
331
	cko.cko_tlen = RSA_size(rsa);
332
	cko.cko_padding = padding;
333
334
	iov[cnt].iov_base = &cko;
335
	iov[cnt++].iov_len = sizeof(cko);
336
	iov[cnt].iov_base = (void *)(uintptr_t)from;
337
	iov[cnt++].iov_len = flen;
338
339
	/*
340
	 * Send a synchronous imsg because we cannot defer the RSA
341
	 * operation in OpenSSL's engine layer.
342
	 */
343
	imsg_composev(ibuf, cmd, 0, 0, -1, iov, cnt);
344
	if (imsg_flush(ibuf) == -1)
345
		log_warn("%s: imsg_flush", __func__);
346
347
	pfd[0].fd = ibuf->fd;
348
	pfd[0].events = POLLIN;
349
	while (!done) {
350
		switch (poll(pfd, 1, RELAY_TLS_PRIV_TIMEOUT)) {
351
		case -1:
352
			fatal("%s: poll", __func__);
353
		case 0:
354
			log_warnx("%s: poll timeout", __func__);
355
			break;
356
		default:
357
			break;
358
		}
359
		if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
360
			fatalx("imsg_read");
361
		if (n == 0)
362
			fatalx("pipe closed");
363
364
		while (!done) {
365
			if ((n = imsg_get(ibuf, &imsg)) == -1)
366
				fatalx("imsg_get error");
367
			if (n == 0)
368
				break;
369
			if (imsg.hdr.type != cmd)
370
				fatalx("invalid response");
371
372
			IMSG_SIZE_CHECK(&imsg, (&cko));
373
			memcpy(&cko, imsg.data, sizeof(cko));
374
			if (IMSG_DATA_SIZE(&imsg) !=
375
			    (sizeof(cko) + cko.cko_tlen))
376
				fatalx("data size");
377
378
			ret = cko.cko_tlen;
379
			if (ret) {
380
				toptr = (u_char *)imsg.data + sizeof(cko);
381
				memcpy(to, toptr, ret);
382
			}
383
			done = 1;
384
385
			imsg_free(&imsg);
386
		}
387
	}
388
	imsg_event_add(iev);
389
390
	return (ret);
391
}
392
393
int
394
rsae_pub_enc(int flen,const u_char *from, u_char *to, RSA *rsa,int padding)
395
{
396
	DPRINTF("%s:%d", __func__, __LINE__);
397
	return (rsa_default->rsa_pub_enc(flen, from, to, rsa, padding));
398
}
399
400
int
401
rsae_pub_dec(int flen,const u_char *from, u_char *to, RSA *rsa,int padding)
402
{
403
	DPRINTF("%s:%d", __func__, __LINE__);
404
	return (rsa_default->rsa_pub_dec(flen, from, to, rsa, padding));
405
}
406
407
int
408
rsae_priv_enc(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
409
{
410
	DPRINTF("%s:%d", __func__, __LINE__);
411
	return (rsae_send_imsg(flen, from, to, rsa, padding,
412
	    IMSG_CA_PRIVENC));
413
}
414
415
int
416
rsae_priv_dec(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
417
{
418
	DPRINTF("%s:%d", __func__, __LINE__);
419
	return (rsae_send_imsg(flen, from, to, rsa, padding,
420
	    IMSG_CA_PRIVDEC));
421
}
422
423
int
424
rsae_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
425
{
426
	DPRINTF("%s:%d", __func__, __LINE__);
427
	return (rsa_default->rsa_mod_exp(r0, I, rsa, ctx));
428
}
429
430
int
431
rsae_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
432
    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
433
{
434
	DPRINTF("%s:%d", __func__, __LINE__);
435
	return (rsa_default->bn_mod_exp(r, a, p, m, ctx, m_ctx));
436
}
437
438
int
439
rsae_init(RSA *rsa)
440
{
441
	DPRINTF("%s:%d", __func__, __LINE__);
442
	if (rsa_default->init == NULL)
443
		return (1);
444
	return (rsa_default->init(rsa));
445
}
446
447
int
448
rsae_finish(RSA *rsa)
449
{
450
	DPRINTF("%s:%d", __func__, __LINE__);
451
	if (rsa_default->finish == NULL)
452
		return (1);
453
	return (rsa_default->finish(rsa));
454
}
455
456
int
457
rsae_sign(int type, const u_char *m, u_int m_length, u_char *sigret,
458
    u_int *siglen, const RSA *rsa)
459
{
460
	DPRINTF("%s:%d", __func__, __LINE__);
461
	return (rsa_default->rsa_sign(type, m, m_length,
462
	    sigret, siglen, rsa));
463
}
464
465
int
466
rsae_verify(int dtype, const u_char *m, u_int m_length, const u_char *sigbuf,
467
    u_int siglen, const RSA *rsa)
468
{
469
	DPRINTF("%s:%d", __func__, __LINE__);
470
	return (rsa_default->rsa_verify(dtype, m, m_length,
471
	    sigbuf, siglen, rsa));
472
}
473
474
int
475
rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
476
{
477
	DPRINTF("%s:%d", __func__, __LINE__);
478
	return (rsa_default->rsa_keygen(rsa, bits, e, cb));
479
}
480
481
void
482
ca_engine_init(struct relayd *x_env)
483
{
484
	ENGINE		*e = NULL;
485
	const char	*errstr, *name;
486
487
	if (env == NULL)
488
		env = x_env;
489
490
	if (rsa_default != NULL)
491
		return;
492
493
	if ((e = ENGINE_get_default_RSA()) == NULL) {
494
		if ((e = ENGINE_new()) == NULL) {
495
			errstr = "ENGINE_new";
496
			goto fail;
497
		}
498
		if (!ENGINE_set_name(e, rsae_method.name)) {
499
			errstr = "ENGINE_set_name";
500
			goto fail;
501
		}
502
		if ((rsa_default = RSA_get_default_method()) == NULL) {
503
			errstr = "RSA_get_default_method";
504
			goto fail;
505
		}
506
	} else if ((rsa_default = ENGINE_get_RSA(e)) == NULL) {
507
		errstr = "ENGINE_get_RSA";
508
		goto fail;
509
	}
510
511
	if ((name = ENGINE_get_name(e)) == NULL)
512
		name = "unknown RSA engine";
513
514
	log_debug("%s: using %s", __func__, name);
515
516
	if (rsa_default->flags & RSA_FLAG_SIGN_VER)
517
		fatalx("unsupported RSA engine");
518
519
	if (rsa_default->rsa_mod_exp == NULL)
520
		rsae_method.rsa_mod_exp = NULL;
521
	if (rsa_default->bn_mod_exp == NULL)
522
		rsae_method.bn_mod_exp = NULL;
523
	if (rsa_default->rsa_keygen == NULL)
524
		rsae_method.rsa_keygen = NULL;
525
	rsae_method.flags = rsa_default->flags |
526
	    RSA_METHOD_FLAG_NO_CHECK;
527
	rsae_method.app_data = rsa_default->app_data;
528
529
	if (!ENGINE_set_RSA(e, &rsae_method)) {
530
		errstr = "ENGINE_set_RSA";
531
		goto fail;
532
	}
533
	if (!ENGINE_set_default_RSA(e)) {
534
		errstr = "ENGINE_set_default_RSA";
535
		goto fail;
536
	}
537
538
	return;
539
540
 fail:
541
	fatalx("%s: %s", __func__, errstr);
542
}