ssize_t dsa_verify_final(struct iked_dsa *dsa, void *buf, size_t len) { uint8_t sig[EVP_MAX_MD_SIZE]; unsigned int siglen = sizeof(sig); uint8_t *ptr = buf; size_t off = 0; if (dsa->dsa_hmac) { if (!HMAC_Final(dsa->dsa_ctx, sig, &siglen)) return (-1); if (siglen != len || memcmp(buf, sig, siglen) != 0) return (-1); } else { if ((off = _dsa_verify_offset(dsa, ptr)) >= len) return (-1); if (EVP_VerifyFinal(dsa->dsa_ctx, ptr + off, len - off, dsa->dsa_key) != 1) { ca_sslerror(__func__); return (-1); } } return (0); }
/* validate the certifcate stored in 'data' by querying the ocsp-responder */ int ocsp_validate_cert(struct iked *env, struct iked_static_id *id, void *data, size_t len, struct iked_sahdr sh, uint8_t type) { struct iked_ocsp_entry *ioe; struct iked_ocsp *ocsp; BIO *rawcert = NULL, *bissuer = NULL; X509 *cert = NULL, *issuer = NULL; if ((ioe = calloc(1, sizeof(*ioe))) == NULL) return (-1); if ((ocsp = calloc(1, sizeof(*ocsp))) == NULL) { free(ioe); return (-1); } ocsp->ocsp_env = env; ocsp->ocsp_sh = sh; ocsp->ocsp_type = type; if ((rawcert = BIO_new_mem_buf(data, len)) == NULL || (cert = d2i_X509_bio(rawcert, NULL)) == NULL || (bissuer = BIO_new_file(IKED_OCSP_ISSUER, "r")) == NULL || (issuer = PEM_read_bio_X509(bissuer, NULL, NULL, NULL)) == NULL || (ocsp->ocsp_cbio = BIO_new(BIO_s_socket())) == NULL || (ocsp->ocsp_req = OCSP_REQUEST_new()) == NULL || !(ocsp->ocsp_id = OCSP_cert_to_id(NULL, cert, issuer)) || !OCSP_request_add0_id(ocsp->ocsp_req, ocsp->ocsp_id)) goto err; BIO_free(rawcert); BIO_free(bissuer); X509_free(cert); X509_free(issuer); ioe->ioe_ocsp = ocsp; TAILQ_INSERT_TAIL(&env->sc_ocsp, ioe, ioe_entry); /* request connection to ocsp-responder */ proc_compose_imsg(&env->sc_ps, PROC_PARENT, -1, IMSG_OCSP_FD, -1, NULL, 0); return (0); err: ca_sslerror(__func__); free(ioe); if (rawcert != NULL) BIO_free(rawcert); if (cert != NULL) X509_free(cert); if (bissuer != NULL) BIO_free(bissuer); if (issuer != NULL) X509_free(issuer); ocsp_validate_finish(ocsp, 0); /* failed */ return (-1); }
void cipher_final(struct iked_cipher *encr, void *out, size_t *outlen) { int olen; olen = 0; if (!EVP_CipherFinal_ex(encr->encr_ctx, out, &olen)) { ca_sslerror(__func__); *outlen = 0; return; } *outlen = (size_t)olen; }
void cipher_update(struct iked_cipher *encr, void *in, size_t inlen, void *out, size_t *outlen) { int olen; olen = 0; if (!EVP_CipherUpdate(encr->encr_ctx, out, &olen, in, inlen)) { ca_sslerror(__func__); *outlen = 0; return; } *outlen = (size_t)olen; }
/* load a stack of x509 certificates */ STACK_OF(X509)* ocsp_load_certs(const char *file) { BIO *bio = NULL; STACK_OF(X509) *certs = NULL; STACK_OF(X509_INFO) *xis = NULL; X509_INFO *xi; int i; if ((bio = BIO_new_file(file, "r")) == NULL) { log_warn("%s: BIO_new_file failed for %s", __func__, file); return (NULL); } if ((xis = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)) == NULL) { ca_sslerror(__func__); goto done; } if ((certs = sk_X509_new_null()) == NULL) { log_debug("%s: sk_X509_new_null failed for %s", __func__, file); goto done; } for (i = 0; i < sk_X509_INFO_num(xis); i++) { xi = sk_X509_INFO_value(xis, i); if (xi->x509) { if (!sk_X509_push(certs, xi->x509)) goto done; xi->x509 = NULL; } } done: if (bio) BIO_free(bio); if (xis) sk_X509_INFO_pop_free(xis, X509_INFO_free); if (certs && sk_X509_num(certs) <= 0) { sk_X509_pop_free(certs, X509_free); certs = NULL; } return (certs); }
struct ibuf * dsa_setkey(struct iked_dsa *dsa, void *key, size_t keylen, uint8_t type) { BIO *rawcert = NULL; X509 *cert = NULL; RSA *rsa = NULL; EVP_PKEY *pkey = NULL; ibuf_release(dsa->dsa_keydata); if ((dsa->dsa_keydata = ibuf_new(key, keylen)) == NULL) { log_debug("%s: alloc signature key", __func__); return (NULL); } if ((rawcert = BIO_new_mem_buf(key, keylen)) == NULL) goto err; switch (type) { case IKEV2_CERT_X509_CERT: if ((cert = d2i_X509_bio(rawcert, NULL)) == NULL) goto sslerr; if ((pkey = X509_get_pubkey(cert)) == NULL) goto sslerr; dsa->dsa_cert = cert; dsa->dsa_key = pkey; break; case IKEV2_CERT_RSA_KEY: if (dsa->dsa_sign) { if ((rsa = d2i_RSAPrivateKey_bio(rawcert, NULL)) == NULL) goto sslerr; } else { if ((rsa = d2i_RSAPublicKey_bio(rawcert, NULL)) == NULL) goto sslerr; } if ((pkey = EVP_PKEY_new()) == NULL) goto sslerr; if (!EVP_PKEY_set1_RSA(pkey, rsa)) goto sslerr; RSA_free(rsa); /* pkey now has the reference */ dsa->dsa_cert = NULL; dsa->dsa_key = pkey; break; default: if (dsa->dsa_hmac) break; log_debug("%s: unsupported key type", __func__); goto err; } return (dsa->dsa_keydata); sslerr: ca_sslerror(__func__); err: log_debug("%s: error", __func__); if (rsa != NULL) RSA_free(rsa); if (pkey != NULL) EVP_PKEY_free(pkey); if (cert != NULL) X509_free(cert); if (rawcert != NULL) BIO_free(rawcert); ibuf_release(dsa->dsa_keydata); return (NULL); }
/* * Parse an X509 subject name where 'subject' is in the format * /type0=value0/type1=value1/type2=... * where characters may be escaped by '\'. * See lib/libssl/src/apps/apps.c:parse_name() */ void * ca_x509_name_parse(char *subject) { char *cp, *value = NULL, *type = NULL; size_t maxlen; X509_NAME *name = NULL; if (*subject != '/') { log_warnx("%s: leading '/' missing in '%s'", __func__, subject); goto err; } /* length of subject is upper bound for unescaped type/value */ maxlen = strlen(subject) + 1; if ((type = calloc(1, maxlen)) == NULL || (value = calloc(1, maxlen)) == NULL || (name = X509_NAME_new()) == NULL) goto err; cp = subject + 1; while (*cp) { /* unescape type, terminated by '=' */ cp = ca_x509_name_unescape(cp, type, '='); if (cp == NULL) { log_warnx("%s: could not parse type", __func__); goto err; } if (!*cp) { log_warnx("%s: missing value", __func__); goto err; } /* unescape value, terminated by '/' */ cp = ca_x509_name_unescape(cp, value, '/'); if (cp == NULL) { log_warnx("%s: could not parse value", __func__); goto err; } if (!*type || !*value) { log_warnx("%s: empty type or value", __func__); goto err; } log_debug("%s: setting '%s' to '%s'", __func__, type, value); if (!X509_NAME_add_entry_by_txt(name, type, MBSTRING_ASC, value, -1, -1, 0)) { log_warnx("%s: setting '%s' to '%s' failed", __func__, type, value); ca_sslerror(__func__); goto err; } } free(type); free(value); return (name); err: X509_NAME_free(name); free(type); free(value); return (NULL); }
int ca_reload(struct iked *env) { struct ca_store *store = env->sc_priv; uint8_t md[EVP_MAX_MD_SIZE]; char file[PATH_MAX]; struct iovec iov[2]; struct dirent *entry; STACK_OF(X509_OBJECT) *h; X509_OBJECT *xo; X509 *x509; DIR *dir; int i, len, iovcnt = 0; /* * Load CAs */ if ((dir = opendir(IKED_CA_DIR)) == NULL) return (-1); while ((entry = readdir(dir)) != NULL) { if ((entry->d_type != DT_REG) && (entry->d_type != DT_LNK)) continue; if (snprintf(file, sizeof(file), "%s%s", IKED_CA_DIR, entry->d_name) == -1) continue; if (!X509_load_cert_file(store->ca_calookup, file, X509_FILETYPE_PEM)) { log_warn("%s: failed to load ca file %s", __func__, entry->d_name); ca_sslerror(__func__); continue; } log_debug("%s: loaded ca file %s", __func__, entry->d_name); } closedir(dir); /* * Load CRLs for the CAs */ if ((dir = opendir(IKED_CRL_DIR)) == NULL) return (-1); while ((entry = readdir(dir)) != NULL) { if ((entry->d_type != DT_REG) && (entry->d_type != DT_LNK)) continue; if (snprintf(file, sizeof(file), "%s%s", IKED_CRL_DIR, entry->d_name) == -1) continue; if (!X509_load_crl_file(store->ca_calookup, file, X509_FILETYPE_PEM)) { log_warn("%s: failed to load crl file %s", __func__, entry->d_name); ca_sslerror(__func__); continue; } /* Only enable CRL checks if we actually loaded a CRL */ X509_STORE_set_flags(store->ca_cas, X509_V_FLAG_CRL_CHECK); log_debug("%s: loaded crl file %s", __func__, entry->d_name); } closedir(dir); /* * Save CAs signatures for the IKEv2 CERTREQ */ ibuf_release(env->sc_certreq); if ((env->sc_certreq = ibuf_new(NULL, 0)) == NULL) return (-1); h = store->ca_cas->objs; for (i = 0; i < sk_X509_OBJECT_num(h); i++) { xo = sk_X509_OBJECT_value(h, i); if (xo->type != X509_LU_X509) continue; x509 = xo->data.x509; len = sizeof(md); ca_subjectpubkey_digest(x509, md, &len); log_debug("%s: %s", __func__, x509->name); if (ibuf_add(env->sc_certreq, md, len) != 0) { ibuf_release(env->sc_certreq); return (-1); } } if (ibuf_length(env->sc_certreq)) { env->sc_certreqtype = IKEV2_CERT_X509_CERT; iov[0].iov_base = &env->sc_certreqtype; iov[0].iov_len = sizeof(env->sc_certreqtype); iovcnt++; iov[1].iov_base = ibuf_data(env->sc_certreq); iov[1].iov_len = ibuf_length(env->sc_certreq); iovcnt++; log_debug("%s: loaded %zu ca certificate%s", __func__, ibuf_length(env->sc_certreq) / SHA_DIGEST_LENGTH, ibuf_length(env->sc_certreq) == SHA_DIGEST_LENGTH ? "" : "s"); (void)proc_composev(&env->sc_ps, PROC_IKEV2, IMSG_CERTREQ, iov, iovcnt); } /* * Load certificates */ if ((dir = opendir(IKED_CERT_DIR)) == NULL) return (-1); while ((entry = readdir(dir)) != NULL) { if ((entry->d_type != DT_REG) && (entry->d_type != DT_LNK)) continue; if (snprintf(file, sizeof(file), "%s%s", IKED_CERT_DIR, entry->d_name) == -1) continue; if (!X509_load_cert_file(store->ca_certlookup, file, X509_FILETYPE_PEM)) { log_warn("%s: failed to load cert file %s", __func__, entry->d_name); ca_sslerror(__func__); continue; } log_debug("%s: loaded cert file %s", __func__, entry->d_name); } closedir(dir); h = store->ca_certs->objs; for (i = 0; i < sk_X509_OBJECT_num(h); i++) { xo = sk_X509_OBJECT_value(h, i); if (xo->type != X509_LU_X509) continue; x509 = xo->data.x509; (void)ca_validate_cert(env, NULL, x509, 0); } if (!env->sc_certreqtype) env->sc_certreqtype = store->ca_pubkey.id_type; log_debug("%s: local cert type %s", __func__, print_map(env->sc_certreqtype, ikev2_cert_map)); iov[0].iov_base = &env->sc_certreqtype; iov[0].iov_len = sizeof(env->sc_certreqtype); if (iovcnt == 0) iovcnt++; (void)proc_composev(&env->sc_ps, PROC_IKEV2, IMSG_CERTREQ, iov, iovcnt); return (0); }
int ca_validate_pubkey(struct iked *env, struct iked_static_id *id, void *data, size_t len) { BIO *rawcert = NULL; RSA *peerrsa = NULL, *localrsa = NULL; EVP_PKEY *peerkey = NULL, *localkey = NULL; int ret = -1; FILE *fp = NULL; char idstr[IKED_ID_SIZE]; char file[PATH_MAX]; struct iked_id idp; if (len == 0 && data == NULL) return (-1); switch (id->id_type) { case IKEV2_ID_IPV4: case IKEV2_ID_FQDN: case IKEV2_ID_UFQDN: case IKEV2_ID_IPV6: break; default: /* Some types like ASN1_DN will not be mapped to file names */ return (-1); } bzero(&idp, sizeof(idp)); if ((idp.id_buf = ibuf_new(id->id_data, id->id_length)) == NULL) goto done; idp.id_type = id->id_type; idp.id_offset = id->id_offset; if (ikev2_print_id(&idp, idstr, sizeof(idstr)) == -1) goto done; if (len == 0) { /* Data is already an public key */ peerkey = (EVP_PKEY *)data; } else { if ((rawcert = BIO_new_mem_buf(data, len)) == NULL) goto done; if ((peerrsa = d2i_RSAPublicKey_bio(rawcert, NULL)) == NULL) goto sslerr; if ((peerkey = EVP_PKEY_new()) == NULL) goto sslerr; if (!EVP_PKEY_set1_RSA(peerkey, peerrsa)) goto sslerr; } lc_string(idstr); if (strlcpy(file, IKED_PUBKEY_DIR, sizeof(file)) >= sizeof(file) || strlcat(file, idstr, sizeof(file)) >= sizeof(file)) goto done; if ((fp = fopen(file, "r")) == NULL) goto done; localkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL); if (localkey == NULL) { /* reading PKCS #8 failed, try PEM */ rewind(fp); localrsa = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL); fclose(fp); if (localrsa == NULL) goto sslerr; if ((localkey = EVP_PKEY_new()) == NULL) goto sslerr; if (!EVP_PKEY_set1_RSA(localkey, localrsa)) goto sslerr; } else { fclose(fp); } if (localkey == NULL) goto sslerr; if (!EVP_PKEY_cmp(peerkey, localkey)) goto done; log_debug("%s: valid public key in file %s", __func__, file); ret = 0; sslerr: if (ret != 0) ca_sslerror(__func__); done: ibuf_release(idp.id_buf); if (peerkey != NULL) EVP_PKEY_free(peerkey); if (localkey != NULL) EVP_PKEY_free(localkey); if (peerrsa != NULL) RSA_free(peerrsa); if (localrsa != NULL) RSA_free(localrsa); if (rawcert != NULL) BIO_free(rawcert); return (ret); }
/* parse the actual OCSP response */ void ocsp_parse_response(struct iked_ocsp *ocsp, OCSP_RESPONSE *resp) { int status; X509_STORE *store = NULL; STACK_OF(X509) *verify_other = NULL; OCSP_BASICRESP *bs = NULL; int verify_flags = 0; ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd; int reason = 0; int error = 1; if (!resp) { log_warnx("%s: error querying OCSP responder", __func__); goto done; } status = OCSP_response_status(resp); if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) { log_warnx("%s: responder error: %s (%i)\n", __func__, OCSP_response_status_str(status), status); goto done; } verify_other = ocsp_load_certs(IKED_OCSP_RESPCERT); verify_flags |= OCSP_TRUSTOTHER; if (!verify_other) goto done; bs = OCSP_response_get1_basic(resp); if (!bs) { log_warnx("%s: error parsing response", __func__); goto done; } status = OCSP_check_nonce(ocsp->ocsp_req, bs); if (status <= 0) { if (status == -1) log_warnx("%s: no nonce in response", __func__); else { log_warnx("%s: nonce verify error", __func__); goto done; } } store = X509_STORE_new(); status = OCSP_basic_verify(bs, verify_other, store, verify_flags); if (status < 0) status = OCSP_basic_verify(bs, NULL, store, 0); if (status <= 0) { ca_sslerror(__func__); log_warnx("%s: response verify failure", __func__); goto done; } else log_debug("%s: response verify ok", __func__); if (!OCSP_resp_find_status(bs, ocsp->ocsp_id, &status, &reason, &rev, &thisupd, &nextupd)) { log_warnx("%s: no status found", __func__); goto done; } log_debug("%s: status: %s", __func__, OCSP_cert_status_str(status)); if (status == V_OCSP_CERTSTATUS_GOOD) error = 0; done: if (store) X509_STORE_free(store); if (verify_other) sk_X509_pop_free(verify_other, X509_free); if (resp) OCSP_RESPONSE_free(resp); if (bs) OCSP_BASICRESP_free(bs); ocsp_validate_finish(ocsp, error == 0); }