346d6d8bf5fdb446921d754c07c8a7d913a048d5René Genz SSSD - certificate handling utils - OpenSSL version
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose Copyright (C) Sumit Bose <sbose@redhat.com> 2015
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose This program is free software; you can redistribute it and/or modify
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose it under the terms of the GNU General Public License as published by
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose the Free Software Foundation; either version 3 of the License, or
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose (at your option) any later version.
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose This program is distributed in the hope that it will be useful,
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose but WITHOUT ANY WARRANTY; without even the implied warranty of
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose GNU General Public License for more details.
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose You should have received a copy of the GNU General Public License
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose along with this program. If not, see <http://www.gnu.org/licenses/>.
bf01e8179cbb2be476805340636098deda7e1366Sumit Boseerrno_t sss_cert_der_to_pem(TALLOC_CTX *mem_ctx, const uint8_t *der_blob,
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose const unsigned char *d;
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose d = (const unsigned char *) der_blob;
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "PEM_write_bio_X509 failed.\n");
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "Unexpected PEM size [%ld].\n", p_size);
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_memdup failed.\n");
bf01e8179cbb2be476805340636098deda7e1366Sumit Boseerrno_t sss_cert_pem_to_der(TALLOC_CTX *mem_ctx, const char *pem,
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose x509 = PEM_read_bio_X509(bio_mem, NULL, NULL, NULL);
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "PEM_read_bio_X509 failed.\n");
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n");
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose "i2d_X509 size mismatch between two calls.\n");
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose#define SSH_RSA_HEADER_LEN (sizeof(SSH_RSA_HEADER) - 1)
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Boseerrno_t cert_to_ssh_key(TALLOC_CTX *mem_ctx, const char *ca_db,
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose const unsigned char *d;
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose unsigned char modulus[OPENSSL_RSA_MAX_MODULUS_BITS/8];
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose unsigned char exponent[OPENSSL_RSA_MAX_PUBEXP_BITS/8];
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose d = (const unsigned char *) der_blob;
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose /* TODO: verify certificate !!!!! */
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "X509_get_pubkey failed.\n");
8f1316a0c677f211eaaa1346e21a03446b8c4fb1Lukas Slebodnik if (EVP_PKEY_base_id(cert_pub_key) != EVP_PKEY_RSA) {
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose "Expected RSA public key, found unsupported [%d].\n",
8f1316a0c677f211eaaa1346e21a03446b8c4fb1Lukas Slebodnik rsa_pub_key = EVP_PKEY_get0_RSA(cert_pub_key);
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n");
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose SAFEALIGN_SET_UINT32(buf, htobe32(SSH_RSA_HEADER_LEN), &c);
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose safealign_memcpy(&buf[c], SSH_RSA_HEADER, SSH_RSA_HEADER_LEN, &c);
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose SAFEALIGN_SET_UINT32(&buf[c], htobe32(exponent_len), &c);
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose safealign_memcpy(&buf[c], exponent, exponent_len, &c);
346d6d8bf5fdb446921d754c07c8a7d913a048d5René Genz /* Adding missing 00 which AFAIK is added to make sure
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose * the bigint is handled as positive number */
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose /* TODO: make a better check if 00 must be added or not, e.g. ... & 0x80)
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose SAFEALIGN_SET_UINT32(&buf[c], htobe32(modulus_len + 1), &c);
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Bose SAFEALIGN_SETMEM_VALUE(&buf[c], '\0', unsigned char, &c);