op public repos

Blame

Date:: Sun Jan 21 12:33:33 2024 UTC
Message:: convert crypto.c to the new imsg API
Actions:: History | Blob | Raw File
  1 86693a33 2023-06-11 op /*
  2 86693a33 2023-06-11 op  * Copyright (c) 2023 Omar Polo <op@omarpolo.com>
  3 86693a33 2023-06-11 op  * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org>
  4 86693a33 2023-06-11 op  * Copyright (c) 2012 Gilles Chehade <gilles@poolp.org>
  5 86693a33 2023-06-11 op  *
  6 86693a33 2023-06-11 op  * Permission to use, copy, modify, and distribute this software for any
  7 86693a33 2023-06-11 op  * purpose with or without fee is hereby granted, provided that the above
  8 86693a33 2023-06-11 op  * copyright notice and this permission notice appear in all copies.
  9 86693a33 2023-06-11 op  *
 10 86693a33 2023-06-11 op  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 11 86693a33 2023-06-11 op  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 12 86693a33 2023-06-11 op  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 13 86693a33 2023-06-11 op  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 14 86693a33 2023-06-11 op  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 15 86693a33 2023-06-11 op  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 16 86693a33 2023-06-11 op  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 17 86693a33 2023-06-11 op  */
 18 86693a33 2023-06-11 op 
 19 86693a33 2023-06-11 op #include "gmid.h"
 20 86693a33 2023-06-11 op 
 21 86693a33 2023-06-11 op #include <string.h>
 22 86693a33 2023-06-11 op 
 23 86693a33 2023-06-11 op #include <openssl/err.h>
 24 86693a33 2023-06-11 op #include <openssl/pem.h>
 25 86693a33 2023-06-11 op 
 26 86693a33 2023-06-11 op #include "log.h"
 27 86693a33 2023-06-11 op #include "proc.h"
 28 86693a33 2023-06-11 op 
 29 86693a33 2023-06-11 op #ifndef nitems
 30 86693a33 2023-06-11 op #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
 31 86693a33 2023-06-11 op #endif
 32 86693a33 2023-06-11 op 
 33 86693a33 2023-06-11 op static void crypto_init(struct privsep *, struct privsep_proc *, void *);
 34 86693a33 2023-06-11 op static int crypto_dispatch_parent(int, struct privsep_proc *, struct imsg *);
 35 86693a33 2023-06-11 op static int crypto_dispatch_server(int, struct privsep_proc *, struct imsg *);
 36 86693a33 2023-06-11 op 
 37 86693a33 2023-06-11 op static struct privsep_proc procs[] = {
 38 86693a33 2023-06-11 op 	{ "parent",	PROC_PARENT,	crypto_dispatch_parent },
 39 86693a33 2023-06-11 op 	{ "server",	PROC_SERVER,	crypto_dispatch_server },
 40 86693a33 2023-06-11 op };
 41 86693a33 2023-06-11 op 
 42 86693a33 2023-06-11 op struct imsg_crypto_req {
 43 86693a33 2023-06-11 op 	uint64_t	 id;
 44 86693a33 2023-06-11 op 	char		 hash[TLS_CERT_HASH_SIZE];
 45 86693a33 2023-06-11 op 	size_t		 flen;
 46 86693a33 2023-06-11 op 	size_t		 tlen;
 47 86693a33 2023-06-11 op 	int		 padding;
 48 86693a33 2023-06-11 op 	/* followed by flen bytes of `from'. */
 49 86693a33 2023-06-11 op };
 50 86693a33 2023-06-11 op 
 51 86693a33 2023-06-11 op struct imsg_crypto_res {
 52 86693a33 2023-06-11 op 	uint64_t	 id;
 53 86693a33 2023-06-11 op 	int		 ret;
 54 86693a33 2023-06-11 op 	size_t		 len;
 55 86693a33 2023-06-11 op 	/* followed by len bytes of reply */
 56 86693a33 2023-06-11 op };
 57 86693a33 2023-06-11 op 
 58 86693a33 2023-06-11 op static uint64_t		 reqid;
 59 86693a33 2023-06-11 op static struct conf	*conf;
 60 86693a33 2023-06-11 op 
 61 86693a33 2023-06-11 op void
 62 86693a33 2023-06-11 op crypto(struct privsep *ps, struct privsep_proc *p)
 63 86693a33 2023-06-11 op {
 64 86693a33 2023-06-11 op 	proc_run(ps, p, procs, nitems(procs), crypto_init, NULL);
 65 86693a33 2023-06-11 op }
 66 86693a33 2023-06-11 op 
 67 86693a33 2023-06-11 op static void
 68 86693a33 2023-06-11 op crypto_init(struct privsep *ps, struct privsep_proc *p, void *arg)
 69 86693a33 2023-06-11 op {
 70 86693a33 2023-06-11 op #if 0
 71 86693a33 2023-06-11 op 	static volatile int attached;
 72 86693a33 2023-06-11 op 	while (!attached) sleep(1);
 73 86693a33 2023-06-11 op #endif
 74 86693a33 2023-06-11 op 
 75 86693a33 2023-06-11 op 	conf = ps->ps_env;
 76 86693a33 2023-06-11 op 
 77 86693a33 2023-06-11 op 	sandbox_crypto_process();
 78 86693a33 2023-06-11 op }
 79 86693a33 2023-06-11 op 
 80 86693a33 2023-06-11 op static int
 81 86693a33 2023-06-11 op crypto_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
 82 86693a33 2023-06-11 op {
 83 86693a33 2023-06-11 op 	switch (imsg->hdr.type) {
 84 86693a33 2023-06-11 op 	case IMSG_RECONF_START:
 85 86693a33 2023-06-11 op 	case IMSG_RECONF_CERT:
 86 86693a33 2023-06-11 op 	case IMSG_RECONF_KEY:
 87 86693a33 2023-06-11 op 	case IMSG_RECONF_END:
 88 86693a33 2023-06-11 op 		if (config_recv(conf, imsg) == -1)
 89 86693a33 2023-06-11 op 			return -1;
 90 86693a33 2023-06-11 op 		break;
 91 86693a33 2023-06-11 op 	default:
 92 86693a33 2023-06-11 op 		return -1;
 93 86693a33 2023-06-11 op 	}
 94 86693a33 2023-06-11 op 
 95 86693a33 2023-06-11 op 	return 0;
 96 86693a33 2023-06-11 op }
 97 86693a33 2023-06-11 op 
 98 86693a33 2023-06-11 op static EVP_PKEY *
 99 86693a33 2023-06-11 op get_pkey(const char *hash)
100 86693a33 2023-06-11 op {
101 86693a33 2023-06-11 op 	struct pki *pki;
102 86693a33 2023-06-11 op 
103 86693a33 2023-06-11 op 	TAILQ_FOREACH(pki, &conf->pkis, pkis) {
104 86693a33 2023-06-11 op 		if (!strcmp(pki->hash, hash))
105 86693a33 2023-06-11 op 			return pki->pkey;
106 86693a33 2023-06-11 op 	}
107 86693a33 2023-06-11 op 
108 86693a33 2023-06-11 op 	return NULL;
109 86693a33 2023-06-11 op }
110 86693a33 2023-06-11 op 
111 86693a33 2023-06-11 op static int
112 86693a33 2023-06-11 op crypto_dispatch_server(int fd, struct privsep_proc *p, struct imsg *imsg)
113 86693a33 2023-06-11 op {
114 86693a33 2023-06-11 op 	struct privsep		*ps = p->p_ps;
115 51340784 2023-06-23 op 	RSA			*rsa = NULL;
116 51340784 2023-06-23 op 	EC_KEY			*ecdsa = NULL;
117 86693a33 2023-06-11 op 	EVP_PKEY		*pkey;
118 86693a33 2023-06-11 op 	struct imsg_crypto_req	 req;
119 86693a33 2023-06-11 op 	struct imsg_crypto_res	 res;
120 86693a33 2023-06-11 op 	struct iovec		 iov[2];
121 86693a33 2023-06-11 op 	const void		*from;
122 10cc8193 2023-06-13 op 	unsigned char		*data, *to;
123 86693a33 2023-06-11 op 	size_t			 datalen;
124 b8d68fc8 2023-06-11 op 	int			 n, ret;
125 b8d68fc8 2023-06-11 op 	unsigned int		 len;
126 86693a33 2023-06-11 op 
127 10cc8193 2023-06-13 op 	data = imsg->data;
128 86693a33 2023-06-11 op 	datalen = IMSG_DATA_SIZE(imsg);
129 86693a33 2023-06-11 op 
130 86693a33 2023-06-11 op 	switch (imsg->hdr.type) {
131 86693a33 2023-06-11 op 	case IMSG_CRYPTO_RSA_PRIVENC:
132 86693a33 2023-06-11 op 	case IMSG_CRYPTO_RSA_PRIVDEC:
133 86693a33 2023-06-11 op 		if (datalen < sizeof(req))
134 86693a33 2023-06-11 op 			fatalx("size mismatch for imsg %d", imsg->hdr.type);
135 10cc8193 2023-06-13 op 		memcpy(&req, data, sizeof(req));
136 86693a33 2023-06-11 op 		if (datalen != sizeof(req) + req.flen)
137 86693a33 2023-06-11 op 			fatalx("size mismatch for imsg %d", imsg->hdr.type);
138 10cc8193 2023-06-13 op 		from = data + sizeof(req);
139 86693a33 2023-06-11 op 
140 86693a33 2023-06-11 op 		if ((pkey = get_pkey(req.hash)) == NULL ||
141 86693a33 2023-06-11 op 		    (rsa = EVP_PKEY_get1_RSA(pkey)) == NULL)
142 86693a33 2023-06-11 op 			fatalx("invalid pkey hash");
143 86693a33 2023-06-11 op 
144 86693a33 2023-06-11 op 		if ((to = calloc(1, req.tlen)) == NULL)
145 86693a33 2023-06-11 op 			fatal("calloc");
146 86693a33 2023-06-11 op 
147 b90faa16 2023-06-13 op 		if (imsg->hdr.type == IMSG_CRYPTO_RSA_PRIVENC)
148 86693a33 2023-06-11 op 			ret = RSA_private_encrypt(req.flen, from,
149 86693a33 2023-06-11 op 			    to, rsa, req.padding);
150 b90faa16 2023-06-13 op 		else
151 86693a33 2023-06-11 op 			ret = RSA_private_decrypt(req.flen, from,
152 86693a33 2023-06-11 op 			    to, rsa, req.padding);
153 86693a33 2023-06-11 op 
154 86693a33 2023-06-11 op 		memset(&res, 0, sizeof(res));
155 86693a33 2023-06-11 op 		res.id = req.id;
156 86693a33 2023-06-11 op 		res.ret = ret;
157 86693a33 2023-06-11 op 
158 86693a33 2023-06-11 op 		memset(&iov, 0, sizeof(iov));
159 86693a33 2023-06-11 op 		n = 0;
160 86693a33 2023-06-11 op 		iov[n].iov_base = &res;
161 86693a33 2023-06-11 op 		iov[n].iov_len = sizeof(res);
162 86693a33 2023-06-11 op 		n++;
163 86693a33 2023-06-11 op 
164 86693a33 2023-06-11 op 		if (ret > 0) {
165 86693a33 2023-06-11 op 			res.len = ret;
166 86693a33 2023-06-11 op 			iov[n].iov_base = to;
167 86693a33 2023-06-11 op 			iov[n].iov_len = ret;
168 86693a33 2023-06-11 op 			n++;
169 86693a33 2023-06-11 op 		}
170 86693a33 2023-06-11 op 
171 86693a33 2023-06-11 op 		log_debug("replying to server #%d", imsg->hdr.pid);
172 86693a33 2023-06-11 op 		if (proc_composev_imsg(ps, PROC_SERVER, imsg->hdr.pid - 1,
173 86693a33 2023-06-11 op 		    imsg->hdr.type, 0, -1, iov, n) == -1)
174 86693a33 2023-06-11 op 			fatal("proc_composev_imsg");
175 86693a33 2023-06-11 op 
176 86693a33 2023-06-11 op 		if (proc_flush_imsg(ps, PROC_SERVER, imsg->hdr.pid - 1) == -1)
177 86693a33 2023-06-11 op 			fatal("proc_flush_imsg");
178 86693a33 2023-06-11 op 
179 86693a33 2023-06-11 op 		free(to);
180 86693a33 2023-06-11 op 		RSA_free(rsa);
181 86693a33 2023-06-11 op 		break;
182 86693a33 2023-06-11 op 
183 86693a33 2023-06-11 op 	case IMSG_CRYPTO_ECDSA_SIGN:
184 86693a33 2023-06-11 op 		if (datalen < sizeof(req))
185 86693a33 2023-06-11 op 			fatalx("size mismatch for imsg %d", imsg->hdr.type);
186 10cc8193 2023-06-13 op 		memcpy(&req, data, sizeof(req));
187 86693a33 2023-06-11 op 		if (datalen != sizeof(req) + req.flen)
188 86693a33 2023-06-11 op 			fatalx("size mismatch for imsg %d", imsg->hdr.type);
189 10cc8193 2023-06-13 op 		from = data + sizeof(req);
190 86693a33 2023-06-11 op 
191 86693a33 2023-06-11 op 		if ((pkey = get_pkey(req.hash)) == NULL ||
192 86693a33 2023-06-11 op 		    (ecdsa = EVP_PKEY_get1_EC_KEY(pkey)) == NULL)
193 86693a33 2023-06-11 op 			fatalx("invalid pkey hash");
194 86693a33 2023-06-11 op 
195 86693a33 2023-06-11 op 		len = ECDSA_size(ecdsa);
196 86693a33 2023-06-11 op 		if ((to = calloc(1, len)) == NULL)
197 86693a33 2023-06-11 op 			fatal("calloc");
198 86693a33 2023-06-11 op 		ret = ECDSA_sign(0, from, req.flen, to, &len, ecdsa);
199 86693a33 2023-06-11 op 
200 86693a33 2023-06-11 op 		memset(&res, 0, sizeof(res));
201 86693a33 2023-06-11 op 		res.id = req.id;
202 86693a33 2023-06-11 op 		res.ret = ret;
203 86693a33 2023-06-11 op 
204 86693a33 2023-06-11 op 		memset(&iov, 0, sizeof(iov));
205 86693a33 2023-06-11 op 		n = 0;
206 86693a33 2023-06-11 op 		iov[0].iov_base = &res;
207 6c86d810 2023-08-28 op 		iov[0].iov_len = sizeof(res);
208 86693a33 2023-06-11 op 		n++;
209 86693a33 2023-06-11 op 
210 86693a33 2023-06-11 op 		if (ret > 0) {
211 86693a33 2023-06-11 op 			res.len = len;
212 86693a33 2023-06-11 op 			iov[n].iov_base = to;
213 86693a33 2023-06-11 op 			iov[n].iov_len = len;
214 86693a33 2023-06-11 op 			n++;
215 86693a33 2023-06-11 op 		}
216 86693a33 2023-06-11 op 
217 86693a33 2023-06-11 op 		log_debug("replying to server #%d", imsg->hdr.pid);
218 86693a33 2023-06-11 op 		if (proc_composev_imsg(ps, PROC_SERVER, imsg->hdr.pid - 1,
219 86693a33 2023-06-11 op 		    imsg->hdr.type, 0, -1, iov, n) == -1)
220 86693a33 2023-06-11 op 			fatal("proc_composev_imsg");
221 86693a33 2023-06-11 op 
222 86693a33 2023-06-11 op 		if (proc_flush_imsg(ps, PROC_SERVER, imsg->hdr.pid - 1) == -1)
223 86693a33 2023-06-11 op 			fatal("proc_flush_imsg");
224 86693a33 2023-06-11 op 
225 86693a33 2023-06-11 op 		free(to);
226 86693a33 2023-06-11 op 		EC_KEY_free(ecdsa);
227 86693a33 2023-06-11 op 		break;
228 86693a33 2023-06-11 op 
229 86693a33 2023-06-11 op 	default:
230 86693a33 2023-06-11 op 		return -1;
231 86693a33 2023-06-11 op 	}
232 86693a33 2023-06-11 op 
233 86693a33 2023-06-11 op 	return 0;
234 86693a33 2023-06-11 op }
235 86693a33 2023-06-11 op 
236 86693a33 2023-06-11 op 
237 86693a33 2023-06-11 op /*
238 86693a33 2023-06-11 op  * RSA privsep engine (called from unprivileged processes)
239 86693a33 2023-06-11 op  */
240 86693a33 2023-06-11 op 
241 86693a33 2023-06-11 op static const RSA_METHOD	*rsa_default;
242 86693a33 2023-06-11 op static RSA_METHOD	*rsae_method;
243 86693a33 2023-06-11 op 
244 86693a33 2023-06-11 op static int
245 86693a33 2023-06-11 op rsae_send_imsg(int flen, const unsigned char *from, unsigned char *to,
246 86693a33 2023-06-11 op     RSA *rsa, int padding, unsigned int cmd)
247 86693a33 2023-06-11 op {
248 86693a33 2023-06-11 op 	struct imsg_crypto_req	 req;
249 86693a33 2023-06-11 op 	struct iovec		 iov[2];
250 86693a33 2023-06-11 op 	struct imsg_crypto_res	 res;
251 86693a33 2023-06-11 op 	struct imsgev		*iev;
252 86693a33 2023-06-11 op 	struct privsep_proc	*p;
253 86693a33 2023-06-11 op 	struct privsep		*ps = conf->ps;
254 aa2cb5c2 2024-01-21 op 	struct imsgbuf		*imsgbuf;
255 86693a33 2023-06-11 op 	struct imsg		 imsg;
256 561b9f00 2024-01-21 op 	struct ibuf		 ibuf;
257 86693a33 2023-06-11 op 	int			 ret = 0;
258 86693a33 2023-06-11 op 	int			 n, done = 0;
259 86693a33 2023-06-11 op 	const void		*toptr;
260 86693a33 2023-06-11 op 	char			*hash;
261 86693a33 2023-06-11 op 
262 86693a33 2023-06-11 op 	if ((hash = RSA_get_ex_data(rsa, 0)) == NULL)
263 86693a33 2023-06-11 op 		return (0);
264 86693a33 2023-06-11 op 
265 86693a33 2023-06-11 op 	/*
266 86693a33 2023-06-11 op 	 * Send a synchronous imsg because we cannot defer the RSA
267 86693a33 2023-06-11 op 	 * operation in OpenSSL's engine layer.
268 86693a33 2023-06-11 op 	 */
269 86693a33 2023-06-11 op 	memset(&req, 0, sizeof(req));
270 86693a33 2023-06-11 op 	req.id = ++reqid;
271 86693a33 2023-06-11 op 	if (strlcpy(req.hash, hash, sizeof(req.hash)) >= sizeof(req.hash))
272 86693a33 2023-06-11 op 		fatalx("%s: hash too long (%zu)", __func__, strlen(hash));
273 86693a33 2023-06-11 op 	req.flen = flen;
274 86693a33 2023-06-11 op 	req.tlen = RSA_size(rsa);
275 86693a33 2023-06-11 op 	req.padding = padding;
276 86693a33 2023-06-11 op 
277 86693a33 2023-06-11 op 	memset(&iov, 0, sizeof(iov));
278 86693a33 2023-06-11 op 	iov[0].iov_base = &req;
279 86693a33 2023-06-11 op 	iov[0].iov_len = sizeof(req);
280 86693a33 2023-06-11 op 	iov[1].iov_base = (void *)from;
281 86693a33 2023-06-11 op 	iov[1].iov_len = flen;
282 86693a33 2023-06-11 op 
283 86693a33 2023-06-11 op 	if (proc_composev(ps, PROC_CRYPTO, cmd, iov, 2) == -1)
284 86693a33 2023-06-11 op 		fatal("proc_composev");
285 86693a33 2023-06-11 op 
286 86693a33 2023-06-11 op 	if (proc_flush_imsg(ps, PROC_CRYPTO, -1) == -1)
287 86693a33 2023-06-11 op 		fatal("proc_flush_imsg");
288 86693a33 2023-06-11 op 
289 86693a33 2023-06-11 op 	iev = ps->ps_ievs[PROC_CRYPTO];
290 86693a33 2023-06-11 op 	p = iev->proc;
291 aa2cb5c2 2024-01-21 op 	imsgbuf = &iev->ibuf;
292 86693a33 2023-06-11 op 
293 86693a33 2023-06-11 op 	while (!done) {
294 aa2cb5c2 2024-01-21 op 		if ((n = imsg_read(imsgbuf)) == -1 && errno != EAGAIN)
295 86693a33 2023-06-11 op 			fatalx("imsg_read");
296 86693a33 2023-06-11 op 		if (n == 0)
297 86693a33 2023-06-11 op 			fatalx("pipe closed");
298 86693a33 2023-06-11 op 
299 86693a33 2023-06-11 op 		while (!done) {
300 aa2cb5c2 2024-01-21 op 			if ((n = imsg_get(imsgbuf, &imsg)) == -1)
301 86693a33 2023-06-11 op 				fatalx("imsg_get error");
302 86693a33 2023-06-11 op 			if (n == 0)
303 86693a33 2023-06-11 op 				break;
304 86693a33 2023-06-11 op 
305 86693a33 2023-06-11 op #if DEBUG > 1
306 86693a33 2023-06-11 op 			log_debug(
307 561b9f00 2024-01-21 op 			    "%s: %s %d got imsg %d id %d from %s %d",
308 561b9f00 2024-01-21 op 			    __func__, title, 1, imsg_get_type(&imsg),
309 561b9f00 2024-01-21 op 			    imsg_get_id(&imsg), "crypto", imsg_get_pid(&imsg));
310 86693a33 2023-06-11 op #endif
311 86693a33 2023-06-11 op 
312 aa2cb5c2 2024-01-21 op 			if ((p->p_cb)(imsgbuf->fd, p, &imsg) == 0) {
313 86693a33 2023-06-11 op 				/* Message was handled by the callback */
314 86693a33 2023-06-11 op 				imsg_free(&imsg);
315 86693a33 2023-06-11 op 				continue;
316 86693a33 2023-06-11 op 			}
317 86693a33 2023-06-11 op 
318 561b9f00 2024-01-21 op 			switch (imsg_get_type(&imsg)) {
319 86693a33 2023-06-11 op 			case IMSG_CRYPTO_RSA_PRIVENC:
320 86693a33 2023-06-11 op 			case IMSG_CRYPTO_RSA_PRIVDEC:
321 86693a33 2023-06-11 op 				break;
322 86693a33 2023-06-11 op 			default:
323 86693a33 2023-06-11 op 				fatalx("%s: %s %d got invalid imsg %d"
324 561b9f00 2024-01-21 op 				    " id %d from %s %d",
325 86693a33 2023-06-11 op 				    __func__, "server", ps->ps_instance + 1,
326 561b9f00 2024-01-21 op 				    imsg_get_type(&imsg), imsg_get_id(&imsg),
327 561b9f00 2024-01-21 op 				    "crypto", imsg_get_pid(&imsg));
328 86693a33 2023-06-11 op 			}
329 86693a33 2023-06-11 op 
330 561b9f00 2024-01-21 op 			if (imsg_get_ibuf(&imsg, &ibuf) == -1 ||
331 561b9f00 2024-01-21 op 			    ibuf_get(&ibuf, &res, sizeof(res)) == -1 ||
332 561b9f00 2024-01-21 op 			    (int)ibuf_size(&ibuf) != res.ret)
333 86693a33 2023-06-11 op 				fatalx("size mismatch for imsg %d",
334 86693a33 2023-06-11 op 				    imsg.hdr.type);
335 86693a33 2023-06-11 op 			ret = res.ret;
336 561b9f00 2024-01-21 op 			toptr = ibuf_data(&ibuf);
337 86693a33 2023-06-11 op 
338 86693a33 2023-06-11 op 			if (res.id != reqid)
339 d1739e3f 2023-06-11 op 				fatalx("invalid id; got %llu, want %llu",
340 d1739e3f 2023-06-11 op 				    (unsigned long long)res.id,
341 d1739e3f 2023-06-11 op 				    (unsigned long long)reqid);
342 86693a33 2023-06-11 op 			if (res.ret > 0)
343 86693a33 2023-06-11 op 				memcpy(to, toptr, res.len);
344 86693a33 2023-06-11 op 
345 86693a33 2023-06-11 op 			done = 1;
346 86693a33 2023-06-11 op 
347 86693a33 2023-06-11 op 			imsg_free(&imsg);
348 86693a33 2023-06-11 op 		}
349 86693a33 2023-06-11 op 	}
350 86693a33 2023-06-11 op 	imsg_event_add(iev);
351 86693a33 2023-06-11 op 
352 86693a33 2023-06-11 op 	return (ret);
353 86693a33 2023-06-11 op }
354 86693a33 2023-06-11 op 
355 86693a33 2023-06-11 op static int
356 86693a33 2023-06-11 op rsae_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,
357 86693a33 2023-06-11 op     int padding)
358 86693a33 2023-06-11 op {
359 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
360 86693a33 2023-06-11 op 	if (RSA_get_ex_data(rsa, 0) != NULL)
361 86693a33 2023-06-11 op 		return (rsae_send_imsg(flen, from, to, rsa, padding,
362 86693a33 2023-06-11 op 		    IMSG_CRYPTO_RSA_PRIVENC));
363 86693a33 2023-06-11 op 	return (RSA_meth_get_priv_enc(rsa_default)(flen, from, to, rsa, padding));
364 86693a33 2023-06-11 op }
365 86693a33 2023-06-11 op 
366 86693a33 2023-06-11 op static int
367 86693a33 2023-06-11 op rsae_priv_dec(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,
368 86693a33 2023-06-11 op     int padding)
369 86693a33 2023-06-11 op {
370 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
371 86693a33 2023-06-11 op 	if (RSA_get_ex_data(rsa, 0) != NULL)
372 86693a33 2023-06-11 op 		return (rsae_send_imsg(flen, from, to, rsa, padding,
373 86693a33 2023-06-11 op 		    IMSG_CRYPTO_RSA_PRIVDEC));
374 86693a33 2023-06-11 op 
375 86693a33 2023-06-11 op 	return (RSA_meth_get_priv_dec(rsa_default)(flen, from, to, rsa, padding));
376 86693a33 2023-06-11 op }
377 86693a33 2023-06-11 op 
378 86693a33 2023-06-11 op 
379 86693a33 2023-06-11 op /*
380 86693a33 2023-06-11 op  * ECDSA privsep engine (called from unprivileged processes)
381 86693a33 2023-06-11 op  */
382 86693a33 2023-06-11 op 
383 86693a33 2023-06-11 op static const EC_KEY_METHOD	*ecdsa_default;
384 86693a33 2023-06-11 op static EC_KEY_METHOD		*ecdsae_method;
385 86693a33 2023-06-11 op 
386 86693a33 2023-06-11 op static ECDSA_SIG *
387 86693a33 2023-06-11 op ecdsae_send_enc_imsg(const unsigned char *dgst, int dgst_len,
388 86693a33 2023-06-11 op     const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey)
389 86693a33 2023-06-11 op {
390 86693a33 2023-06-11 op 	ECDSA_SIG		*sig = NULL;
391 86693a33 2023-06-11 op 	struct imsg_crypto_req	 req;
392 86693a33 2023-06-11 op 	struct iovec		 iov[2];
393 86693a33 2023-06-11 op 	struct imsg_crypto_res	 res;
394 86693a33 2023-06-11 op 	struct imsgev		*iev;
395 86693a33 2023-06-11 op 	struct privsep_proc	*p;
396 86693a33 2023-06-11 op 	struct privsep		*ps = conf->ps;
397 aa2cb5c2 2024-01-21 op 	struct imsgbuf		*imsgbuf;
398 86693a33 2023-06-11 op 	struct imsg		 imsg;
399 561b9f00 2024-01-21 op 	struct ibuf		 ibuf;
400 86693a33 2023-06-11 op 	int			 n, done = 0;
401 86693a33 2023-06-11 op 	const void		*toptr;
402 86693a33 2023-06-11 op 	char			*hash;
403 86693a33 2023-06-11 op 
404 86693a33 2023-06-11 op 	if ((hash = EC_KEY_get_ex_data(eckey, 0)) == NULL)
405 86693a33 2023-06-11 op 		return (0);
406 86693a33 2023-06-11 op 
407 86693a33 2023-06-11 op 	/*
408 86693a33 2023-06-11 op 	 * Send a synchronous imsg because we cannot defer the RSA
409 86693a33 2023-06-11 op 	 * operation in OpenSSL's engine layer.
410 86693a33 2023-06-11 op 	 */
411 86693a33 2023-06-11 op 	memset(&req, 0, sizeof(req));
412 3cba037a 2023-08-28 op 	req.id = ++reqid;
413 86693a33 2023-06-11 op 	if (strlcpy(req.hash, hash, sizeof(req.hash)) >= sizeof(req.hash))
414 86693a33 2023-06-11 op 		fatalx("%s: hash too long (%zu)", __func__, strlen(hash));
415 86693a33 2023-06-11 op 	req.flen = dgst_len;
416 86693a33 2023-06-11 op 
417 86693a33 2023-06-11 op 	memset(&iov, 0, sizeof(iov));
418 86693a33 2023-06-11 op 	iov[0].iov_base = &req;
419 86693a33 2023-06-11 op 	iov[0].iov_len = sizeof(req);
420 86693a33 2023-06-11 op 	iov[1].iov_base = (void *)dgst;
421 86693a33 2023-06-11 op 	iov[1].iov_len = dgst_len;
422 86693a33 2023-06-11 op 
423 86693a33 2023-06-11 op 	if (proc_composev(ps, PROC_CRYPTO, IMSG_CRYPTO_ECDSA_SIGN, iov, 2) == -1)
424 86693a33 2023-06-11 op 		fatal("proc_composev");
425 86693a33 2023-06-11 op 
426 86693a33 2023-06-11 op 	if (proc_flush_imsg(ps, PROC_CRYPTO, -1) == -1)
427 86693a33 2023-06-11 op 		fatal("proc_flush_imsg");
428 86693a33 2023-06-11 op 
429 86693a33 2023-06-11 op 	iev = ps->ps_ievs[PROC_CRYPTO];
430 86693a33 2023-06-11 op 	p = iev->proc;
431 aa2cb5c2 2024-01-21 op 	imsgbuf = &iev->ibuf;
432 86693a33 2023-06-11 op 
433 86693a33 2023-06-11 op 	while (!done) {
434 aa2cb5c2 2024-01-21 op 		if ((n = imsg_read(imsgbuf)) == -1 && errno != EAGAIN)
435 86693a33 2023-06-11 op 			fatalx("imsg_read");
436 86693a33 2023-06-11 op 		if (n == 0)
437 86693a33 2023-06-11 op 			fatalx("pipe closed");
438 86693a33 2023-06-11 op 
439 86693a33 2023-06-11 op 		while (!done) {
440 aa2cb5c2 2024-01-21 op 			if ((n = imsg_get(imsgbuf, &imsg)) == -1)
441 86693a33 2023-06-11 op 				fatalx("imsg_get error");
442 86693a33 2023-06-11 op 			if (n == 0)
443 86693a33 2023-06-11 op 				break;
444 86693a33 2023-06-11 op 
445 86693a33 2023-06-11 op #if DEBUG > 1
446 86693a33 2023-06-11 op 			log_debug(
447 86693a33 2023-06-11 op 			    "%s: %s %d got imsg %d peerid %d from %s %d",
448 86693a33 2023-06-11 op 			    __func__, title, 1, imsg.hdr.type,
449 86693a33 2023-06-11 op 			    imsg.hdr.peerid, "crypto", imsg.hdr.pid);
450 86693a33 2023-06-11 op #endif
451 86693a33 2023-06-11 op 
452 a6c8b805 2023-08-28 op 			if (imsg.hdr.type != IMSG_CRYPTO_ECDSA_SIGN &&
453 aa2cb5c2 2024-01-21 op 			    crypto_dispatch_server(imsgbuf->fd, p, &imsg)
454 aa2cb5c2 2024-01-21 op 			    == 0) {
455 86693a33 2023-06-11 op 				/* Message was handled by the callback */
456 86693a33 2023-06-11 op 				imsg_free(&imsg);
457 86693a33 2023-06-11 op 				continue;
458 86693a33 2023-06-11 op 			}
459 86693a33 2023-06-11 op 
460 86693a33 2023-06-11 op 			if (imsg.hdr.type != IMSG_CRYPTO_ECDSA_SIGN)
461 86693a33 2023-06-11 op 				fatalx("%s: %s %d got invalid imsg %d"
462 86693a33 2023-06-11 op 				    " peerid %d from %s %d",
463 86693a33 2023-06-11 op 				    __func__, "server", ps->ps_instance + 1,
464 86693a33 2023-06-11 op 				    imsg.hdr.type, imsg.hdr.peerid,
465 86693a33 2023-06-11 op 				    "crypto", imsg.hdr.pid);
466 86693a33 2023-06-11 op 
467 561b9f00 2024-01-21 op 			if (imsg_get_ibuf(&imsg, &ibuf) == -1 ||
468 561b9f00 2024-01-21 op 			    ibuf_get(&ibuf, &res, sizeof(res)) == -1 ||
469 561b9f00 2024-01-21 op 			    ibuf_size(&ibuf) != res.len)
470 86693a33 2023-06-11 op 				fatalx("size mismatch for imsg %d",
471 86693a33 2023-06-11 op 				    imsg.hdr.type);
472 86693a33 2023-06-11 op 
473 561b9f00 2024-01-21 op 			toptr = ibuf_data(&ibuf);
474 561b9f00 2024-01-21 op 
475 86693a33 2023-06-11 op 			if (res.id != reqid)
476 86693a33 2023-06-11 op 				fatalx("invalid response id");
477 86693a33 2023-06-11 op 			if (res.ret > 0) {
478 86693a33 2023-06-11 op 				d2i_ECDSA_SIG(&sig,
479 86693a33 2023-06-11 op 				    (const unsigned char **)&toptr, res.len);
480 86693a33 2023-06-11 op 			}
481 86693a33 2023-06-11 op 
482 86693a33 2023-06-11 op 			done = 1;
483 86693a33 2023-06-11 op 
484 86693a33 2023-06-11 op 			imsg_free(&imsg);
485 86693a33 2023-06-11 op 		}
486 86693a33 2023-06-11 op 	}
487 86693a33 2023-06-11 op 	imsg_event_add(iev);
488 86693a33 2023-06-11 op 
489 86693a33 2023-06-11 op 	return (sig);
490 86693a33 2023-06-11 op }
491 86693a33 2023-06-11 op 
492 86693a33 2023-06-11 op static ECDSA_SIG *
493 86693a33 2023-06-11 op ecdsae_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
494 86693a33 2023-06-11 op     const BIGNUM *rp, EC_KEY *eckey)
495 86693a33 2023-06-11 op {
496 86693a33 2023-06-11 op 	ECDSA_SIG *(*psign_sig)(const unsigned char *, int, const BIGNUM *,
497 86693a33 2023-06-11 op 	    const BIGNUM *, EC_KEY *);
498 86693a33 2023-06-11 op 
499 86693a33 2023-06-11 op 	log_debug("debug: %s", __func__);
500 86693a33 2023-06-11 op 	if (EC_KEY_get_ex_data(eckey, 0) != NULL)
501 86693a33 2023-06-11 op 		return (ecdsae_send_enc_imsg(dgst, dgst_len, inv, rp, eckey));
502 86693a33 2023-06-11 op 	EC_KEY_METHOD_get_sign(ecdsa_default, NULL, NULL, &psign_sig);
503 86693a33 2023-06-11 op 	return (psign_sig(dgst, dgst_len, inv, rp, eckey));
504 86693a33 2023-06-11 op }
505 86693a33 2023-06-11 op 
506 86693a33 2023-06-11 op 
507 86693a33 2023-06-11 op /*
508 86693a33 2023-06-11 op  * Initialize the two engines.
509 86693a33 2023-06-11 op  */
510 86693a33 2023-06-11 op 
511 86693a33 2023-06-11 op static void
512 86693a33 2023-06-11 op rsa_engine_init(void)
513 86693a33 2023-06-11 op {
514 bd233076 2023-07-22 op 	const char	*errstr;
515 86693a33 2023-06-11 op 
516 bd233076 2023-07-22 op 	if ((rsa_default = RSA_get_default_method()) == NULL) {
517 bd233076 2023-07-22 op 		errstr = "RSA_get_default_method";
518 86693a33 2023-06-11 op 		goto fail;
519 86693a33 2023-06-11 op 	}
520 86693a33 2023-06-11 op 
521 21617eda 2023-07-22 op 	if ((rsae_method = RSA_meth_dup(rsa_default)) == NULL) {
522 21617eda 2023-07-22 op 		errstr = "RSA_meth_dup";
523 21617eda 2023-07-22 op 		goto fail;
524 21617eda 2023-07-22 op 	}
525 21617eda 2023-07-22 op 
526 21617eda 2023-07-22 op 	RSA_meth_set_priv_enc(rsae_method, rsae_priv_enc);
527 21617eda 2023-07-22 op 	RSA_meth_set_priv_dec(rsae_method, rsae_priv_dec);
528 21617eda 2023-07-22 op 
529 86693a33 2023-06-11 op 	RSA_meth_set_flags(rsae_method,
530 6a996ec2 2023-07-22 op 	    RSA_meth_get_flags(rsa_default) | RSA_METHOD_FLAG_NO_CHECK);
531 86693a33 2023-06-11 op 	RSA_meth_set0_app_data(rsae_method,
532 6a996ec2 2023-07-22 op 	    RSA_meth_get0_app_data(rsa_default));
533 86693a33 2023-06-11 op 
534 bd233076 2023-07-22 op 	RSA_set_default_method(rsae_method);
535 86693a33 2023-06-11 op 
536 86693a33 2023-06-11 op 	return;
537 86693a33 2023-06-11 op 
538 86693a33 2023-06-11 op  fail:
539 86693a33 2023-06-11 op 	ssl_error(errstr);
540 86693a33 2023-06-11 op 	fatalx("%s", errstr);
541 86693a33 2023-06-11 op }
542 86693a33 2023-06-11 op 
543 86693a33 2023-06-11 op static void
544 86693a33 2023-06-11 op ecdsa_engine_init(void)
545 86693a33 2023-06-11 op {
546 21617eda 2023-07-22 op 	int (*sign)(int, const unsigned char *, int, unsigned char *,
547 21617eda 2023-07-22 op 	    unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *);
548 21617eda 2023-07-22 op 	int (*sign_setup)(EC_KEY *, BN_CTX *, BIGNUM **, BIGNUM **);
549 bd233076 2023-07-22 op 	const char *errstr;
550 86693a33 2023-06-11 op 
551 bd233076 2023-07-22 op 	if ((ecdsa_default = EC_KEY_get_default_method()) == NULL) {
552 bd233076 2023-07-22 op 		errstr = "EC_KEY_get_default_method";
553 86693a33 2023-06-11 op 		goto fail;
554 86693a33 2023-06-11 op 	}
555 86693a33 2023-06-11 op 
556 21617eda 2023-07-22 op 	if ((ecdsae_method = EC_KEY_METHOD_new(ecdsa_default)) == NULL) {
557 21617eda 2023-07-22 op 		errstr = "EC_KEY_METHOD_new";
558 21617eda 2023-07-22 op 		goto fail;
559 21617eda 2023-07-22 op 	}
560 21617eda 2023-07-22 op 
561 21617eda 2023-07-22 op 	EC_KEY_METHOD_get_sign(ecdsa_default, &sign, &sign_setup, NULL);
562 21617eda 2023-07-22 op 	EC_KEY_METHOD_set_sign(ecdsae_method, sign, sign_setup,
563 21617eda 2023-07-22 op 	    ecdsae_do_sign);
564 21617eda 2023-07-22 op 
565 bd233076 2023-07-22 op 	EC_KEY_set_default_method(ecdsae_method);
566 86693a33 2023-06-11 op 
567 86693a33 2023-06-11 op 	return;
568 86693a33 2023-06-11 op 
569 86693a33 2023-06-11 op  fail:
570 86693a33 2023-06-11 op 	ssl_error(errstr);
571 86693a33 2023-06-11 op 	fatalx("%s", errstr);
572 86693a33 2023-06-11 op }
573 86693a33 2023-06-11 op 
574 86693a33 2023-06-11 op void
575 86693a33 2023-06-11 op crypto_engine_init(struct conf *c)
576 86693a33 2023-06-11 op {
577 86693a33 2023-06-11 op 	conf = c;
578 86693a33 2023-06-11 op 
579 86693a33 2023-06-11 op 	rsa_engine_init();
580 86693a33 2023-06-11 op 	ecdsa_engine_init();
581 86693a33 2023-06-11 op }
582 86693a33 2023-06-11 op