7 files changed, 438 insertions, 5 deletions
diff --git a/src/lib/libtls/Makefile b/src/lib/libtls/Makefile
index 23a6ed1f2a..78ff99b585 100644
--- a/src/lib/libtls/Makefile
+++ b/src/lib/libtls/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.36 2020/06/09 16:53:53 deraadt Exp $
+#       $OpenBSD: Makefile,v 1.37 2022/01/25 21:51:24 eric Exp $
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -35,6 +35,7 @@ SRCS=	tls.c \
        tls_keypair.c \
        tls_peer.c \
        tls_server.c \
+        tls_signer.c \
        tls_util.c \
        tls_ocsp.c \
        tls_verify.c
diff --git a/src/lib/libtls/Symbols.list b/src/lib/libtls/Symbols.list
index 42c039d294..d00e5e0ce6 100644
--- a/src/lib/libtls/Symbols.list
+++ b/src/lib/libtls/Symbols.list
@@ -43,6 +43,7 @@ tls_config_set_protocols
 tls_config_set_session_id
 tls_config_set_session_lifetime
 tls_config_set_session_fd
+tls_config_set_sign_cb
 tls_config_set_verify_depth
 tls_config_skip_private_key_check
 tls_config_use_fake_private_key
@@ -87,5 +88,10 @@ tls_peer_ocsp_url
 tls_read
 tls_reset
 tls_server
+tls_signer_add_keypair_file
+tls_signer_add_keypair_mem
+tls_signer_free
+tls_signer_new
+tls_signer_sign
 tls_unload_file
 tls_write
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index 608f0a3acd..fd525aa428 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.92 2021/10/21 14:31:21 tb Exp $ */
+/* $OpenBSD: tls.c,v 1.93 2022/01/25 21:51:24 eric Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -387,6 +387,8 @@ tls_keypair_to_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY **pke
 static int
 tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *pkey)
 {
+        RSA_METHOD *rsa_method;
+        ECDSA_METHOD *ecdsa_method;
        RSA *rsa = NULL;
        EC_KEY *eckey = NULL;
        int ret = -1;
@@ -407,6 +409,14 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p
                        tls_set_errorx(ctx, "RSA key setup failure");
                        goto err;
                }
+                if (ctx->config->sign_cb == NULL)
+                        break;
+                if ((rsa_method = tls_signer_rsa_method()) == NULL ||
+                    RSA_set_ex_data(rsa, 1, ctx->config) == 0 ||
+                    RSA_set_method(rsa, rsa_method) == 0) {
+                        tls_set_errorx(ctx, "failed to setup RSA key");
+                        goto err;
+                }
                break;
        case EVP_PKEY_EC:
                if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL ||
@@ -414,6 +424,14 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p
                        tls_set_errorx(ctx, "EC key setup failure");
                        goto err;
                }
+                if (ctx->config->sign_cb == NULL)
+                        break;
+                if ((ecdsa_method = tls_signer_ecdsa_method()) == NULL ||
+                    ECDSA_set_ex_data(eckey, 1, ctx->config) == 0 ||
+                    ECDSA_set_method(eckey, ecdsa_method) == 0) {
+                        tls_set_errorx(ctx, "failed to setup EC key");
+                        goto err;
+                }
                break;
        default:
                tls_set_errorx(ctx, "incorrect key type");
diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h
index 20f55dcabd..22f04f4023 100644
--- a/src/lib/libtls/tls.h
+++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.h,v 1.58 2020/01/22 06:44:02 beck Exp $ */
+/* $OpenBSD: tls.h,v 1.59 2022/01/25 21:51:24 eric Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -79,6 +79,9 @@ typedef ssize_t (*tls_read_cb)(struct tls *_ctx, void *_buf, size_t _buflen,
    void *_cb_arg);
 typedef ssize_t (*tls_write_cb)(struct tls *_ctx, const void *_buf,
    size_t _buflen, void *_cb_arg);
+typedef int (*tls_sign_cb)(void *_cb_arg, const char *_hash,
+    const uint8_t *_dgst, size_t _dgstlen, uint8_t *_psig, size_t *_psiglen,
+    int _padding);
 int tls_init(void);
@@ -135,6 +138,8 @@ int tls_config_set_ocsp_staple_file(struct tls_config *_config,
 int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);
 int tls_config_set_session_fd(struct tls_config *_config, int _session_fd);
 int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);
+int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb,
+    void *_cb_arg);
 void tls_config_prefer_ciphers_client(struct tls_config *_config);
 void tls_config_prefer_ciphers_server(struct tls_config *_config);
@@ -212,6 +217,17 @@ time_t tls_peer_ocsp_revocation_time(struct tls *_ctx);
 time_t tls_peer_ocsp_this_update(struct tls *_ctx);
 const char *tls_peer_ocsp_url(struct tls *_ctx);
+struct tls_signer* tls_signer_new(void);
+void tls_signer_free(struct tls_signer * _signer);
+const char *tls_signer_error(struct tls_signer * _signer);
+int tls_signer_add_keypair_file(struct tls_signer *_signer,
+    const char *_cert_file, const char *_key_file);
+int tls_signer_add_keypair_mem(struct tls_signer *_signer, const uint8_t *_cert,
+    size_t _cert_len, const uint8_t *_key, size_t _key_len);
+int tls_signer_sign(struct tls_signer *_signer, const char *_hash,
+    const uint8_t *_dgst, size_t _dgstlen, uint8_t **_psig, size_t *_psiglen,
+    int _padding);
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 4ca497a032..15e218b4e0 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.64 2021/10/21 08:33:07 tb Exp $ */
+/* $OpenBSD: tls_config.c,v 1.65 2022/01/25 21:51:24 eric Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -738,6 +738,17 @@ tls_config_set_session_fd(struct tls_config *config, int session_fd)
 }
 int
+tls_config_set_sign_cb(struct tls_config *config, tls_sign_cb cb, void *cb_arg)
+{
+        config->use_fake_private_key = 1;
+        config->skip_private_key_check = 1;
+        config->sign_cb = cb;
+        config->sign_cb_arg = cb_arg;
+        return (0);
+}
+int
 tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
 {
        config->verify_depth = verify_depth;
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index 5487b123ec..bc5044518b 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.78 2021/01/21 19:09:10 eric Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.79 2022/01/25 21:51:24 eric Exp $ */
 /*
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -112,6 +112,8 @@ struct tls_config {
        int verify_time;
        int skip_private_key_check;
        int use_fake_private_key;
+        tls_sign_cb sign_cb;
+        void *sign_cb_arg;
 };
 struct tls_conninfo {
@@ -291,6 +293,9 @@ int tls_cert_pubkey_hash(X509 *_cert, char **_hash);
 int tls_password_cb(char *_buf, int _size, int _rwflag, void *_u);
+RSA_METHOD *tls_signer_rsa_method(void);
+ECDSA_METHOD *tls_signer_ecdsa_method(void);
 __END_HIDDEN_DECLS
 /* XXX this function is not fully hidden so relayd can use it */
diff --git a/src/lib/libtls/tls_signer.c b/src/lib/libtls/tls_signer.c
new file mode 100644
index 0000000000..690cb51615
--- /dev/null
+++ b/src/lib/libtls/tls_signer.c
@@ -0,0 +1,376 @@
+/* $OpenBSD: tls_signer.c,v 1.1 2022/01/25 21:51:24 eric Exp $ */
+/*
+ * Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <openssl/err.h>
+#include "tls.h"
+#include "tls_internal.h"
+struct tls_signer_key {
+        char *hash;
+        RSA *rsa;
+        EC_KEY *ecdsa;
+        struct tls_signer_key *next;
+};
+struct tls_signer {
+        struct tls_error error;
+        struct tls_signer_key *keys;
+};
+static pthread_mutex_t signer_method_lock = PTHREAD_MUTEX_INITIALIZER;
+struct tls_signer *
+tls_signer_new(void)
+{
+        struct tls_signer *signer;
+        if ((signer = calloc(1, sizeof(*signer))) == NULL)
+                return (NULL);
+        return (signer);
+}
+void
+tls_signer_free(struct tls_signer *signer)
+{
+        struct tls_signer_key *skey;
+        if (signer == NULL)
+                return;
+        tls_error_clear(&signer->error);
+        while (signer->keys) {
+                skey = signer->keys;
+                signer->keys = skey->next;
+                RSA_free(skey->rsa);
+                EC_KEY_free(skey->ecdsa);
+                free(skey->hash);
+                free(skey);
+        }
+        free(signer);
+}
+const char *
+tls_signer_error(struct tls_signer *signer)
+{
+        return (signer->error.msg);
+}
+int
+tls_signer_add_keypair_mem(struct tls_signer *signer, const uint8_t *cert,
+    size_t cert_len, const uint8_t *key, size_t key_len)
+{
+        struct tls_signer_key *skey = NULL;
+        char *errstr = "unknown";
+        int ssl_err;
+        EVP_PKEY *pkey = NULL;
+        X509 *x509 = NULL;
+        BIO *bio = NULL;
+        char *hash = NULL;
+        /* Compute certificate hash */
+        if ((bio = BIO_new_mem_buf(cert, cert_len)) == NULL) {
+                tls_error_setx(&signer->error,
+                    "failed to create certificate bio");
+                goto err;
+        }
+        if ((x509 = PEM_read_bio_X509(bio, NULL, tls_password_cb,
+            NULL)) == NULL) {
+                if ((ssl_err = ERR_peek_error()) != 0)
+                        errstr = ERR_error_string(ssl_err, NULL);
+                tls_error_setx(&signer->error, "failed to load certificate: %s",
+                    errstr);
+                goto err;
+        }
+        if (tls_cert_pubkey_hash(x509, &hash) == -1) {
+                tls_error_setx(&signer->error,
+                    "failed to get certificate hash");
+                goto err;
+        }
+        X509_free(x509);
+        x509 = NULL;
+        BIO_free(bio);
+        bio = NULL;
+        /* Read private key */
+        if ((bio = BIO_new_mem_buf(key, key_len)) == NULL) {
+                tls_error_setx(&signer->error, "failed to create key bio");
+                goto err;
+        }
+        if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb,
+            NULL)) == NULL) {
+                tls_error_setx(&signer->error, "failed to read private key");
+                goto err;
+        }
+        if ((skey = calloc(1, sizeof(*skey))) == NULL) {
+                tls_error_set(&signer->error, "failed to create key entry");
+                goto err;
+        }
+        skey->hash = hash;
+        if ((skey->rsa = EVP_PKEY_get1_RSA(pkey)) == NULL &&
+            (skey->ecdsa = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) {
+                tls_error_setx(&signer->error, "unknown key type");
+                goto err;
+        }
+        skey->next = signer->keys;
+        signer->keys = skey;
+        EVP_PKEY_free(pkey);
+        BIO_free(bio);
+        return (0);
+ err:
+        EVP_PKEY_free(pkey);
+        X509_free(x509);
+        BIO_free(bio);
+        free(hash);
+        free(skey);
+        return (-1);
+}
+int
+tls_signer_add_keypair_file(struct tls_signer *signer, const char *cert_file,
+    const char *key_file)
+{
+        char *cert = NULL, *key = NULL;
+        size_t cert_len, key_len;
+        int rv = -1;
+        if (tls_config_load_file(&signer->error, "certificate", cert_file,
+            &cert, &cert_len) == -1)
+                goto err;
+        if (tls_config_load_file(&signer->error, "key", key_file, &key,
+            &key_len) == -1)
+                goto err;
+        rv = tls_signer_add_keypair_mem(signer, cert, cert_len, key, key_len);
+ err:
+        free(cert);
+        free(key);
+        return (rv);
+}
+static int
+tls_sign_rsa(struct tls_signer *signer, struct tls_signer_key *skey,
+    const uint8_t *dgst, size_t dgstlen, uint8_t **psig, size_t *psiglen,
+    int padding)
+{
+        char *buf;
+        int siglen, r;
+        *psig = NULL;
+        *psiglen = 0;
+        siglen = RSA_size(skey->rsa);
+        if (siglen <= 0) {
+                tls_error_setx(&signer->error, "incorrect RSA_size: %d",
+                    siglen);
+                return (-1);
+        }
+        if ((buf = malloc(siglen)) == NULL) {
+                tls_error_set(&signer->error, "RSA sign");
+                return (-1);
+        }
+        r = RSA_private_encrypt((int)dgstlen, dgst, buf, skey->rsa, padding);
+        if (r == -1) {
+                tls_error_setx(&signer->error, "RSA_private_encrypt failed");
+                free(buf);
+                return (-1);
+        }
+        *psig = buf;
+        *psiglen = (size_t)r;
+        return (0);
+}
+static int
+tls_sign_ecdsa(struct tls_signer *signer, struct tls_signer_key *skey,
+    const uint8_t *dgst, size_t dgstlen, uint8_t **psig, size_t *psiglen)
+{
+        unsigned char *sig;
+        unsigned int siglen;
+        *psig = NULL;
+        *psiglen = 0;
+        siglen = ECDSA_size(skey->ecdsa);
+        if (siglen == 0) {
+                tls_error_setx(&signer->error, "incorrect ECDSA_size: %u",
+                    siglen);
+                return (-1);
+        }
+        if ((sig = malloc(siglen)) == NULL) {
+                tls_error_set(&signer->error, "ECDSA sign");
+                return (-1);
+        }
+        if (!ECDSA_sign(0, dgst, dgstlen, sig, &siglen, skey->ecdsa)) {
+                tls_error_setx(&signer->error, "ECDSA_sign failed");
+                free(sig);
+                return (-1);
+        }
+        *psig = sig;
+        *psiglen = siglen;
+        return (0);
+}
+int
+tls_signer_sign(struct tls_signer *signer, const char *hash,
+    const uint8_t *dgst, size_t dgstlen, uint8_t **psig, size_t *psiglen,
+    int padding)
+{
+        struct tls_signer_key *skey;
+        for (skey = signer->keys; skey; skey = skey->next)
+                if (!strcmp(hash, skey->hash))
+                        break;
+        if (skey == NULL) {
+                tls_error_setx(&signer->error, "key not found");
+                return (-1);
+        }
+        if (skey->rsa != NULL)
+                return tls_sign_rsa(signer, skey, dgst, dgstlen, psig, psiglen,
+                    padding);
+        if (skey->ecdsa != NULL)
+                return tls_sign_ecdsa(signer, skey, dgst, dgstlen, psig, psiglen);
+        tls_error_setx(&signer->error, "unknown key type");
+        return (-1);
+}
+static int
+tls_rsa_priv_enc(int srclen, const unsigned char *src, unsigned char *to,
+    RSA *rsa, int padding)
+{
+        struct tls_config *config;
+        const char *hash;
+        size_t tolen;
+        hash = RSA_get_ex_data(rsa, 0);
+        config = RSA_get_ex_data(rsa, 1);
+        if (hash == NULL || config == NULL)
+                return (-1);
+        if (config->sign_cb(config->sign_cb_arg, hash, (const uint8_t *)src,
+            srclen, (uint8_t *)to, &tolen, padding) == -1)
+                return (-1);
+        if (tolen > INT_MAX)
+                return (-1);
+        return ((int)tolen);
+}
+RSA_METHOD *
+tls_signer_rsa_method(void)
+{
+        static RSA_METHOD *rsa_method = NULL;
+        pthread_mutex_lock(&signer_method_lock);
+        if (rsa_method != NULL)
+                goto out;
+        rsa_method = RSA_meth_new("libtls RSA method", 0);
+        if (rsa_method == NULL)
+                goto out;
+        RSA_meth_set_priv_enc(rsa_method, tls_rsa_priv_enc);
+ out:
+        pthread_mutex_unlock(&signer_method_lock);
+        return (rsa_method);
+}
+static ECDSA_SIG *
+tls_ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
+    const BIGNUM *rp, EC_KEY *eckey)
+{
+        struct tls_config *config;
+        ECDSA_SIG *sig = NULL;
+        const unsigned char *tsigbuf;
+        const char *hash;
+        char *sigbuf;
+        size_t siglen;
+        hash = ECDSA_get_ex_data(eckey, 0);
+        config = ECDSA_get_ex_data(eckey, 1);
+        if (hash == NULL || config == NULL)
+                return (NULL);
+        siglen = ECDSA_size(eckey);
+        if ((sigbuf = malloc(siglen)) == NULL)
+                return (NULL);
+        if (config->sign_cb(config->sign_cb_arg, hash, dgst, dgst_len, sigbuf,
+            &siglen, 0) != -1) {
+                tsigbuf = sigbuf;
+                sig = d2i_ECDSA_SIG(NULL, &tsigbuf, siglen);
+        }
+        free(sigbuf);
+        return (sig);
+}
+ECDSA_METHOD *
+tls_signer_ecdsa_method(void)
+{
+        static ECDSA_METHOD *ecdsa_method = NULL;
+        pthread_mutex_lock(&signer_method_lock);
+        if (ecdsa_method != NULL)
+                goto out;
+        ecdsa_method = calloc(1, sizeof(*ecdsa_method));
+        if (ecdsa_method == NULL)
+                goto out;
+        ecdsa_method->ecdsa_do_sign = tls_ecdsa_do_sign;
+        ecdsa_method->name = strdup("libtls ECDSA method");
+        if (ecdsa_method->name == NULL) {
+                free(ecdsa_method);
+                ecdsa_method = NULL;
+        }
+ out:
+        pthread_mutex_unlock(&signer_method_lock);
+        return (ecdsa_method);
+}

diff --git a/src/lib/libtls/Makefile b/src/lib/libtls/Makefile index 23a6ed1f2a..78ff99b585 100644 --- a/src/lib/libtls/Makefile +++ b/src/lib/libtls/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.36 2020/06/09 16:53:53 deraadt Exp $	1	# $OpenBSD: Makefile,v 1.37 2022/01/25 21:51:24 eric Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4	.ifndef NOMAN	4	.ifndef NOMAN
@@ -35,6 +35,7 @@ SRCS= tls.c \
35	tls_keypair.c \	35	tls_keypair.c \
36	tls_peer.c \	36	tls_peer.c \
37	tls_server.c \	37	tls_server.c \
		38	tls_signer.c \
38	tls_util.c \	39	tls_util.c \
39	tls_ocsp.c \	40	tls_ocsp.c \
40	tls_verify.c	41	tls_verify.c


diff --git a/src/lib/libtls/Symbols.list b/src/lib/libtls/Symbols.list index 42c039d294..d00e5e0ce6 100644 --- a/src/lib/libtls/Symbols.list +++ b/src/lib/libtls/Symbols.list
@@ -43,6 +43,7 @@ tls_config_set_protocols
43	tls_config_set_session_id	43	tls_config_set_session_id
44	tls_config_set_session_lifetime	44	tls_config_set_session_lifetime
45	tls_config_set_session_fd	45	tls_config_set_session_fd
		46	tls_config_set_sign_cb
46	tls_config_set_verify_depth	47	tls_config_set_verify_depth
47	tls_config_skip_private_key_check	48	tls_config_skip_private_key_check
48	tls_config_use_fake_private_key	49	tls_config_use_fake_private_key
@@ -87,5 +88,10 @@ tls_peer_ocsp_url
87	tls_read	88	tls_read
88	tls_reset	89	tls_reset
89	tls_server	90	tls_server
		91	tls_signer_add_keypair_file
		92	tls_signer_add_keypair_mem
		93	tls_signer_free
		94	tls_signer_new
		95	tls_signer_sign
90	tls_unload_file	96	tls_unload_file
91	tls_write	97	tls_write


diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index 608f0a3acd..fd525aa428 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls.c,v 1.92 2021/10/21 14:31:21 tb Exp $ */	1	/* $OpenBSD: tls.c,v 1.93 2022/01/25 21:51:24 eric Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -387,6 +387,8 @@ tls_keypair_to_pkey(struct tls ctx, struct tls_keypair keypair, EVP_PKEY **pke
387	static int	387	static int
388	tls_keypair_setup_pkey(struct tls ctx, struct tls_keypair keypair, EVP_PKEY *pkey)	388	tls_keypair_setup_pkey(struct tls ctx, struct tls_keypair keypair, EVP_PKEY *pkey)
389	{	389	{
		390	RSA_METHOD *rsa_method;
		391	ECDSA_METHOD *ecdsa_method;
390	RSA *rsa = NULL;	392	RSA *rsa = NULL;
391	EC_KEY *eckey = NULL;	393	EC_KEY *eckey = NULL;
392	int ret = -1;	394	int ret = -1;
@@ -407,6 +409,14 @@ tls_keypair_setup_pkey(struct tls ctx, struct tls_keypair keypair, EVP_PKEY *p
407	tls_set_errorx(ctx, "RSA key setup failure");	409	tls_set_errorx(ctx, "RSA key setup failure");
408	goto err;	410	goto err;
409	}	411	}
		412	if (ctx->config->sign_cb == NULL)
		413	break;
		414	if ((rsa_method = tls_signer_rsa_method()) == NULL \|\|
		415	RSA_set_ex_data(rsa, 1, ctx->config) == 0 \|\|
		416	RSA_set_method(rsa, rsa_method) == 0) {
		417	tls_set_errorx(ctx, "failed to setup RSA key");
		418	goto err;
		419	}
410	break;	420	break;
411	case EVP_PKEY_EC:	421	case EVP_PKEY_EC:
412	if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL \|\|	422	if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL \|\|
@@ -414,6 +424,14 @@ tls_keypair_setup_pkey(struct tls ctx, struct tls_keypair keypair, EVP_PKEY *p
414	tls_set_errorx(ctx, "EC key setup failure");	424	tls_set_errorx(ctx, "EC key setup failure");
415	goto err;	425	goto err;
416	}	426	}
		427	if (ctx->config->sign_cb == NULL)
		428	break;
		429	if ((ecdsa_method = tls_signer_ecdsa_method()) == NULL \|\|
		430	ECDSA_set_ex_data(eckey, 1, ctx->config) == 0 \|\|
		431	ECDSA_set_method(eckey, ecdsa_method) == 0) {
		432	tls_set_errorx(ctx, "failed to setup EC key");
		433	goto err;
		434	}
417	break;	435	break;
418	default:	436	default:
419	tls_set_errorx(ctx, "incorrect key type");	437	tls_set_errorx(ctx, "incorrect key type");


diff --git a/src/lib/libtls/tls.h b/src/lib/libtls/tls.h index 20f55dcabd..22f04f4023 100644 --- a/src/lib/libtls/tls.h +++ b/src/lib/libtls/tls.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls.h,v 1.58 2020/01/22 06:44:02 beck Exp $ */	1	/* $OpenBSD: tls.h,v 1.59 2022/01/25 21:51:24 eric Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -79,6 +79,9 @@ typedef ssize_t (tls_read_cb)(struct tls _ctx, void *_buf, size_t _buflen,
79	void *_cb_arg);	79	void *_cb_arg);
80	typedef ssize_t (tls_write_cb)(struct tls _ctx, const void *_buf,	80	typedef ssize_t (tls_write_cb)(struct tls _ctx, const void *_buf,
81	size_t _buflen, void *_cb_arg);	81	size_t _buflen, void *_cb_arg);
		82	typedef int (tls_sign_cb)(void _cb_arg, const char *_hash,
		83	const uint8_t _dgst, size_t _dgstlen, uint8_t _psig, size_t *_psiglen,
		84	int _padding);
82		85
83	int tls_init(void);	86	int tls_init(void);
84		87
@@ -135,6 +138,8 @@ int tls_config_set_ocsp_staple_file(struct tls_config *_config,
135	int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);	138	int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);
136	int tls_config_set_session_fd(struct tls_config *_config, int _session_fd);	139	int tls_config_set_session_fd(struct tls_config *_config, int _session_fd);
137	int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);	140	int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);
		141	int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb,
		142	void *_cb_arg);
138		143
139	void tls_config_prefer_ciphers_client(struct tls_config *_config);	144	void tls_config_prefer_ciphers_client(struct tls_config *_config);
140	void tls_config_prefer_ciphers_server(struct tls_config *_config);	145	void tls_config_prefer_ciphers_server(struct tls_config *_config);
@@ -212,6 +217,17 @@ time_t tls_peer_ocsp_revocation_time(struct tls *_ctx);
212	time_t tls_peer_ocsp_this_update(struct tls *_ctx);	217	time_t tls_peer_ocsp_this_update(struct tls *_ctx);
213	const char tls_peer_ocsp_url(struct tls _ctx);	218	const char tls_peer_ocsp_url(struct tls _ctx);
214		219
		220	struct tls_signer* tls_signer_new(void);
		221	void tls_signer_free(struct tls_signer * _signer);
		222	const char tls_signer_error(struct tls_signer _signer);
		223	int tls_signer_add_keypair_file(struct tls_signer *_signer,
		224	const char _cert_file, const char _key_file);
		225	int tls_signer_add_keypair_mem(struct tls_signer _signer, const uint8_t _cert,
		226	size_t _cert_len, const uint8_t *_key, size_t _key_len);
		227	int tls_signer_sign(struct tls_signer _signer, const char _hash,
		228	const uint8_t _dgst, size_t _dgstlen, uint8_t _psig, size_t _psiglen,
		229	int _padding);
		230
215	#ifdef __cplusplus	231	#ifdef __cplusplus
216	}	232	}
217	#endif	233	#endif


diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c index 4ca497a032..15e218b4e0 100644 --- a/src/lib/libtls/tls_config.c +++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_config.c,v 1.64 2021/10/21 08:33:07 tb Exp $ */	1	/* $OpenBSD: tls_config.c,v 1.65 2022/01/25 21:51:24 eric Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -738,6 +738,17 @@ tls_config_set_session_fd(struct tls_config *config, int session_fd)
738	}	738	}
739		739
740	int	740	int
		741	tls_config_set_sign_cb(struct tls_config config, tls_sign_cb cb, void cb_arg)
		742	{
		743	config->use_fake_private_key = 1;
		744	config->skip_private_key_check = 1;
		745	config->sign_cb = cb;
		746	config->sign_cb_arg = cb_arg;
		747
		748	return (0);
		749	}
		750
		751	int
741	tls_config_set_verify_depth(struct tls_config *config, int verify_depth)	752	tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
742	{	753	{
743	config->verify_depth = verify_depth;	754	config->verify_depth = verify_depth;


diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h index 5487b123ec..bc5044518b 100644 --- a/src/lib/libtls/tls_internal.h +++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_internal.h,v 1.78 2021/01/21 19:09:10 eric Exp $ */	1	/* $OpenBSD: tls_internal.h,v 1.79 2022/01/25 21:51:24 eric Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>	3	* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
4	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	4	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -112,6 +112,8 @@ struct tls_config {
112	int verify_time;	112	int verify_time;
113	int skip_private_key_check;	113	int skip_private_key_check;
114	int use_fake_private_key;	114	int use_fake_private_key;
		115	tls_sign_cb sign_cb;
		116	void *sign_cb_arg;
115	};	117	};
116		118
117	struct tls_conninfo {	119	struct tls_conninfo {
@@ -291,6 +293,9 @@ int tls_cert_pubkey_hash(X509 _cert, char *_hash);
291		293
292	int tls_password_cb(char _buf, int _size, int _rwflag, void _u);	294	int tls_password_cb(char _buf, int _size, int _rwflag, void _u);
293		295
		296	RSA_METHOD *tls_signer_rsa_method(void);
		297	ECDSA_METHOD *tls_signer_ecdsa_method(void);
		298
294	__END_HIDDEN_DECLS	299	__END_HIDDEN_DECLS
295		300
296	/* XXX this function is not fully hidden so relayd can use it */	301	/* XXX this function is not fully hidden so relayd can use it */


diff --git a/src/lib/libtls/tls_signer.c b/src/lib/libtls/tls_signer.c new file mode 100644 index 0000000000..690cb51615 --- /dev/null +++ b/src/lib/libtls/tls_signer.c
@@ -0,0 +1,376 @@
		1	/* $OpenBSD: tls_signer.c,v 1.1 2022/01/25 21:51:24 eric Exp $ */
		2	/*
		3	* Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#include <openssl/err.h>
		19
		20	#include "tls.h"
		21	#include "tls_internal.h"
		22
		23	struct tls_signer_key {
		24	char *hash;
		25	RSA *rsa;
		26	EC_KEY *ecdsa;
		27	struct tls_signer_key *next;
		28	};
		29
		30	struct tls_signer {
		31	struct tls_error error;
		32	struct tls_signer_key *keys;
		33	};
		34
		35	static pthread_mutex_t signer_method_lock = PTHREAD_MUTEX_INITIALIZER;
		36
		37	struct tls_signer *
		38	tls_signer_new(void)
		39	{
		40	struct tls_signer *signer;
		41
		42	if ((signer = calloc(1, sizeof(*signer))) == NULL)
		43	return (NULL);
		44
		45	return (signer);
		46	}
		47
		48	void
		49	tls_signer_free(struct tls_signer *signer)
		50	{
		51	struct tls_signer_key *skey;
		52
		53	if (signer == NULL)
		54	return;
		55
		56	tls_error_clear(&signer->error);
		57
		58	while (signer->keys) {
		59	skey = signer->keys;
		60	signer->keys = skey->next;
		61	RSA_free(skey->rsa);
		62	EC_KEY_free(skey->ecdsa);
		63	free(skey->hash);
		64	free(skey);
		65	}
		66
		67	free(signer);
		68	}
		69
		70	const char *
		71	tls_signer_error(struct tls_signer *signer)
		72	{
		73	return (signer->error.msg);
		74	}
		75
		76	int
		77	tls_signer_add_keypair_mem(struct tls_signer signer, const uint8_t cert,
		78	size_t cert_len, const uint8_t *key, size_t key_len)
		79	{
		80	struct tls_signer_key *skey = NULL;
		81	char *errstr = "unknown";
		82	int ssl_err;
		83	EVP_PKEY *pkey = NULL;
		84	X509 *x509 = NULL;
		85	BIO *bio = NULL;
		86	char *hash = NULL;
		87
		88	/* Compute certificate hash */
		89	if ((bio = BIO_new_mem_buf(cert, cert_len)) == NULL) {
		90	tls_error_setx(&signer->error,
		91	"failed to create certificate bio");
		92	goto err;
		93	}
		94	if ((x509 = PEM_read_bio_X509(bio, NULL, tls_password_cb,
		95	NULL)) == NULL) {
		96	if ((ssl_err = ERR_peek_error()) != 0)
		97	errstr = ERR_error_string(ssl_err, NULL);
		98	tls_error_setx(&signer->error, "failed to load certificate: %s",
		99	errstr);
		100	goto err;
		101	}
		102	if (tls_cert_pubkey_hash(x509, &hash) == -1) {
		103	tls_error_setx(&signer->error,
		104	"failed to get certificate hash");
		105	goto err;
		106	}
		107
		108	X509_free(x509);
		109	x509 = NULL;
		110	BIO_free(bio);
		111	bio = NULL;
		112
		113	/* Read private key */
		114	if ((bio = BIO_new_mem_buf(key, key_len)) == NULL) {
		115	tls_error_setx(&signer->error, "failed to create key bio");
		116	goto err;
		117	}
		118	if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, tls_password_cb,
		119	NULL)) == NULL) {
		120	tls_error_setx(&signer->error, "failed to read private key");
		121	goto err;
		122	}
		123
		124	if ((skey = calloc(1, sizeof(*skey))) == NULL) {
		125	tls_error_set(&signer->error, "failed to create key entry");
		126	goto err;
		127	}
		128	skey->hash = hash;
		129	if ((skey->rsa = EVP_PKEY_get1_RSA(pkey)) == NULL &&
		130	(skey->ecdsa = EVP_PKEY_get1_EC_KEY(pkey)) == NULL) {
		131	tls_error_setx(&signer->error, "unknown key type");
		132	goto err;
		133	}
		134
		135	skey->next = signer->keys;
		136	signer->keys = skey;
		137	EVP_PKEY_free(pkey);
		138	BIO_free(bio);
		139
		140	return (0);
		141
		142	err:
		143	EVP_PKEY_free(pkey);
		144	X509_free(x509);
		145	BIO_free(bio);
		146	free(hash);
		147	free(skey);
		148
		149	return (-1);
		150	}
		151
		152	int
		153	tls_signer_add_keypair_file(struct tls_signer signer, const char cert_file,
		154	const char *key_file)
		155	{
		156	char cert = NULL, key = NULL;
		157	size_t cert_len, key_len;
		158	int rv = -1;
		159
		160	if (tls_config_load_file(&signer->error, "certificate", cert_file,
		161	&cert, &cert_len) == -1)
		162	goto err;
		163
		164	if (tls_config_load_file(&signer->error, "key", key_file, &key,
		165	&key_len) == -1)
		166	goto err;
		167
		168	rv = tls_signer_add_keypair_mem(signer, cert, cert_len, key, key_len);
		169
		170	err:
		171	free(cert);
		172	free(key);
		173
		174	return (rv);
		175	}
		176
		177	static int
		178	tls_sign_rsa(struct tls_signer signer, struct tls_signer_key skey,
		179	const uint8_t dgst, size_t dgstlen, uint8_t psig, size_t psiglen,
		180	int padding)
		181	{
		182
		183	char *buf;
		184	int siglen, r;
		185
		186	*psig = NULL;
		187	*psiglen = 0;
		188
		189	siglen = RSA_size(skey->rsa);
		190	if (siglen <= 0) {
		191	tls_error_setx(&signer->error, "incorrect RSA_size: %d",
		192	siglen);
		193	return (-1);
		194	}
		195
		196	if ((buf = malloc(siglen)) == NULL) {
		197	tls_error_set(&signer->error, "RSA sign");
		198	return (-1);
		199	}
		200
		201	r = RSA_private_encrypt((int)dgstlen, dgst, buf, skey->rsa, padding);
		202	if (r == -1) {
		203	tls_error_setx(&signer->error, "RSA_private_encrypt failed");
		204	free(buf);
		205	return (-1);
		206	}
		207
		208	*psig = buf;
		209	*psiglen = (size_t)r;
		210
		211	return (0);
		212	}
		213
		214	static int
		215	tls_sign_ecdsa(struct tls_signer signer, struct tls_signer_key skey,
		216	const uint8_t dgst, size_t dgstlen, uint8_t psig, size_t psiglen)
		217	{
		218	unsigned char *sig;
		219	unsigned int siglen;
		220
		221	*psig = NULL;
		222	*psiglen = 0;
		223
		224	siglen = ECDSA_size(skey->ecdsa);
		225	if (siglen == 0) {
		226	tls_error_setx(&signer->error, "incorrect ECDSA_size: %u",
		227	siglen);
		228	return (-1);
		229	}
		230	if ((sig = malloc(siglen)) == NULL) {
		231	tls_error_set(&signer->error, "ECDSA sign");
		232	return (-1);
		233	}
		234
		235	if (!ECDSA_sign(0, dgst, dgstlen, sig, &siglen, skey->ecdsa)) {
		236	tls_error_setx(&signer->error, "ECDSA_sign failed");
		237	free(sig);
		238	return (-1);
		239	}
		240
		241	*psig = sig;
		242	*psiglen = siglen;
		243
		244	return (0);
		245	}
		246
		247	int
		248	tls_signer_sign(struct tls_signer signer, const char hash,
		249	const uint8_t dgst, size_t dgstlen, uint8_t psig, size_t psiglen,
		250	int padding)
		251	{
		252	struct tls_signer_key *skey;
		253
		254	for (skey = signer->keys; skey; skey = skey->next)
		255	if (!strcmp(hash, skey->hash))
		256	break;
		257
		258	if (skey == NULL) {
		259	tls_error_setx(&signer->error, "key not found");
		260	return (-1);
		261	}
		262
		263	if (skey->rsa != NULL)
		264	return tls_sign_rsa(signer, skey, dgst, dgstlen, psig, psiglen,
		265	padding);
		266
		267	if (skey->ecdsa != NULL)
		268	return tls_sign_ecdsa(signer, skey, dgst, dgstlen, psig, psiglen);
		269
		270	tls_error_setx(&signer->error, "unknown key type");
		271	return (-1);
		272	}
		273
		274	static int
		275	tls_rsa_priv_enc(int srclen, const unsigned char src, unsigned char to,
		276	RSA *rsa, int padding)
		277	{
		278	struct tls_config *config;
		279	const char *hash;
		280	size_t tolen;
		281
		282	hash = RSA_get_ex_data(rsa, 0);
		283	config = RSA_get_ex_data(rsa, 1);
		284
		285	if (hash == NULL \|\| config == NULL)
		286	return (-1);
		287
		288	if (config->sign_cb(config->sign_cb_arg, hash, (const uint8_t *)src,
		289	srclen, (uint8_t *)to, &tolen, padding) == -1)
		290	return (-1);
		291
		292	if (tolen > INT_MAX)
		293	return (-1);
		294
		295	return ((int)tolen);
		296	}
		297
		298	RSA_METHOD *
		299	tls_signer_rsa_method(void)
		300	{
		301	static RSA_METHOD *rsa_method = NULL;
		302
		303	pthread_mutex_lock(&signer_method_lock);
		304
		305	if (rsa_method != NULL)
		306	goto out;
		307
		308	rsa_method = RSA_meth_new("libtls RSA method", 0);
		309	if (rsa_method == NULL)
		310	goto out;
		311
		312	RSA_meth_set_priv_enc(rsa_method, tls_rsa_priv_enc);
		313
		314	out:
		315	pthread_mutex_unlock(&signer_method_lock);
		316
		317	return (rsa_method);
		318	}
		319
		320	static ECDSA_SIG *
		321	tls_ecdsa_do_sign(const unsigned char dgst, int dgst_len, const BIGNUM inv,
		322	const BIGNUM rp, EC_KEY eckey)
		323	{
		324	struct tls_config *config;
		325	ECDSA_SIG *sig = NULL;
		326	const unsigned char *tsigbuf;
		327	const char *hash;
		328	char *sigbuf;
		329	size_t siglen;
		330
		331	hash = ECDSA_get_ex_data(eckey, 0);
		332	config = ECDSA_get_ex_data(eckey, 1);
		333
		334	if (hash == NULL \|\| config == NULL)
		335	return (NULL);
		336
		337	siglen = ECDSA_size(eckey);
		338	if ((sigbuf = malloc(siglen)) == NULL)
		339	return (NULL);
		340
		341	if (config->sign_cb(config->sign_cb_arg, hash, dgst, dgst_len, sigbuf,
		342	&siglen, 0) != -1) {
		343	tsigbuf = sigbuf;
		344	sig = d2i_ECDSA_SIG(NULL, &tsigbuf, siglen);
		345	}
		346	free(sigbuf);
		347
		348	return (sig);
		349	}
		350
		351	ECDSA_METHOD *
		352	tls_signer_ecdsa_method(void)
		353	{
		354	static ECDSA_METHOD *ecdsa_method = NULL;
		355
		356	pthread_mutex_lock(&signer_method_lock);
		357
		358	if (ecdsa_method != NULL)
		359	goto out;
		360
		361	ecdsa_method = calloc(1, sizeof(*ecdsa_method));
		362	if (ecdsa_method == NULL)
		363	goto out;
		364
		365	ecdsa_method->ecdsa_do_sign = tls_ecdsa_do_sign;
		366	ecdsa_method->name = strdup("libtls ECDSA method");
		367	if (ecdsa_method->name == NULL) {
		368	free(ecdsa_method);
		369	ecdsa_method = NULL;
		370	}
		371
		372	out:
		373	pthread_mutex_unlock(&signer_method_lock);
		374
		375	return (ecdsa_method);
		376	}