cert.c revision 8f1316a0c677f211eaaa1346e21a03446b8c4fb1
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen SSSD - certificate handling utils - openssl version
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen Copyright (C) Sumit Bose <sbose@redhat.com> 2015
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen This program is free software; you can redistribute it and/or modify
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen it under the terms of the GNU General Public License as published by
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen the Free Software Foundation; either version 3 of the License, or
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen (at your option) any later version.
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen This program is distributed in the hope that it will be useful,
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen but WITHOUT ANY WARRANTY; without even the implied warranty of
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen GNU General Public License for more details.
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen You should have received a copy of the GNU General Public License
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen along with this program. If not, see <http://www.gnu.org/licenses/>.
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainenerrno_t sss_cert_der_to_pem(TALLOC_CTX *mem_ctx, const uint8_t *der_blob,
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen size_t der_size, char **pem, size_t *pem_size)
fc1696e32dd732a5bbabc3c8f64810448e327043Timo Sirainen const unsigned char *d;
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen d = (const unsigned char *) der_blob;
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "d2i_X509 failed.\n");
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "BIO_new failed.\n");
fc1696e32dd732a5bbabc3c8f64810448e327043Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "PEM_write_bio_X509 failed.\n");
fc1696e32dd732a5bbabc3c8f64810448e327043Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "Unexpected PEM size [%ld].\n", p_size);
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "talloc_memdup failed.\n");
fc1696e32dd732a5bbabc3c8f64810448e327043Timo Sirainenerrno_t sss_cert_pem_to_der(TALLOC_CTX *mem_ctx, const char *pem,
fc1696e32dd732a5bbabc3c8f64810448e327043Timo Sirainen unsigned char *buf;
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen DEBUG(SSSDBG_OP_FAILURE, "BIO_new failed.\n");
fc1696e32dd732a5bbabc3c8f64810448e327043Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "BIO_puts failed.\n");
fc1696e32dd732a5bbabc3c8f64810448e327043Timo Sirainen x509 = PEM_read_bio_X509(bio_mem, NULL, NULL, NULL);
fc1696e32dd732a5bbabc3c8f64810448e327043Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "PEM_read_bio_X509 failed.\n");
fc1696e32dd732a5bbabc3c8f64810448e327043Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "i2d_X509 failed.\n");
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n");
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen "i2d_X509 size mismatch between two calls.\n");
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen#define SSH_RSA_HEADER_LEN (sizeof(SSH_RSA_HEADER) - 1)
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainenerrno_t cert_to_ssh_key(TALLOC_CTX *mem_ctx, const char *ca_db,
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen const unsigned char *d;
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen unsigned char modulus[OPENSSL_RSA_MAX_MODULUS_BITS/8];
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen unsigned char exponent[OPENSSL_RSA_MAX_PUBEXP_BITS/8];
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen d = (const unsigned char *) der_blob;
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "d2i_X509 failed.\n");
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen /* TODO: verify certificate !!!!! */
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "X509_get_pubkey failed.\n");
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen if (EVP_PKEY_base_id(cert_pub_key) != EVP_PKEY_RSA) {
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen "Expected RSA public key, found unsupported [%d].\n",
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen rsa_pub_key = EVP_PKEY_get0_RSA(cert_pub_key);
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen size = SSH_RSA_HEADER_LEN + 3 * sizeof(uint32_t)
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n");
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen SAFEALIGN_SET_UINT32(buf, htobe32(SSH_RSA_HEADER_LEN), &c);
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen safealign_memcpy(&buf[c], SSH_RSA_HEADER, SSH_RSA_HEADER_LEN, &c);
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen SAFEALIGN_SET_UINT32(&buf[c], htobe32(exponent_len), &c);
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen safealign_memcpy(&buf[c], exponent, exponent_len, &c);
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen /* Adding missing 00 which afaik is added to make sure
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen * the bigint is handled as positive number */
704efd0b34e3611e3decf1d559fe6a93214b0bd0Timo Sirainen /* TODO: make a better check if 00 must be added or not, e.g. ... & 0x80)
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen SAFEALIGN_SET_UINT32(&buf[c], htobe32(modulus_len + 1), &c);
8fcff4c5b52f24d9c681805fdf06b486f1d0fcbeTimo Sirainen SAFEALIGN_SETMEM_VALUE(&buf[c], '\0', unsigned char, &c);