cert.c revision 544a20de7667f05c1a406c4dea0706b0ab507430
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen SSSD - certificate handling utils - openssl version
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen Copyright (C) Sumit Bose <sbose@redhat.com> 2015
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen This program is free software; you can redistribute it and/or modify
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen it under the terms of the GNU General Public License as published by
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen the Free Software Foundation; either version 3 of the License, or
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen (at your option) any later version.
3ba9a079592f46e94ce846e5aa80e4d479cd5e41Timo Sirainen This program is distributed in the hope that it will be useful,
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen but WITHOUT ANY WARRANTY; without even the implied warranty of
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen GNU General Public License for more details.
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen You should have received a copy of the GNU General Public License
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen along with this program. If not, see <http://www.gnu.org/licenses/>.
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainenerrno_t sss_cert_der_to_pem(TALLOC_CTX *mem_ctx, const uint8_t *der_blob,
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen size_t der_size, char **pem, size_t *pem_size)
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen const unsigned char *d;
3ba9a079592f46e94ce846e5aa80e4d479cd5e41Timo Sirainen d = (const unsigned char *) der_blob;
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen DEBUG(SSSDBG_OP_FAILURE, "d2i_X509 failed.\n");
4e56e6408815c04f2e5b904a648a366a2dcbd408Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "BIO_new failed.\n");
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "PEM_write_bio_X509 failed.\n");
7891c8e6debdcfec552cb1beea2a0230fe89957bTimo Sirainen DEBUG(SSSDBG_OP_FAILURE, "Unexpected PEM size [%ld].\n", p_size);
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "talloc_memdup failed.\n");
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainenerrno_t sss_cert_pem_to_der(TALLOC_CTX *mem_ctx, const char *pem,
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen unsigned char *buf;
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "BIO_new failed.\n");
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "BIO_puts failed.\n");
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen x509 = PEM_read_bio_X509(bio_mem, NULL, NULL, NULL);
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "PEM_read_bio_X509 failed.\n");
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "i2d_X509 failed.\n");
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n");
cf0ad1a0bddb0787f3d7b408a96d721a8b2a98a3Timo Sirainen "i2d_X509 size mismatch between two calls.\n");
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen#define SSH_RSA_HEADER_LEN (sizeof(SSH_RSA_HEADER) - 1)
7891c8e6debdcfec552cb1beea2a0230fe89957bTimo Sirainenerrno_t cert_to_ssh_key(TALLOC_CTX *mem_ctx, const char *ca_db,
7891c8e6debdcfec552cb1beea2a0230fe89957bTimo Sirainen const unsigned char *d;
7891c8e6debdcfec552cb1beea2a0230fe89957bTimo Sirainen unsigned char modulus[OPENSSL_RSA_MAX_MODULUS_BITS/8];
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen unsigned char exponent[OPENSSL_RSA_MAX_PUBEXP_BITS/8];
f096367f0f7b0e481f8abe0969afdf2d8250057eTimo Sirainen d = (const unsigned char *) der_blob;
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen DEBUG(SSSDBG_OP_FAILURE, "d2i_X509 failed.\n");
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen /* TODO: verify certificate !!!!! */
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen DEBUG(SSSDBG_OP_FAILURE, "X509_get_pubkey failed.\n");
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen "Expected RSA public key, found unsupported [%d].\n",
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen modulus_len = BN_bn2bin(cert_pub_key->pkey.rsa->n, modulus);
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen exponent_len = BN_bn2bin(cert_pub_key->pkey.rsa->e, exponent);
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen size = SSH_RSA_HEADER_LEN + 3 * sizeof(uint32_t)
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n");
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen SAFEALIGN_SET_UINT32(buf, htobe32(SSH_RSA_HEADER_LEN), &c);
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen safealign_memcpy(&buf[c], SSH_RSA_HEADER, SSH_RSA_HEADER_LEN, &c);
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen SAFEALIGN_SET_UINT32(&buf[c], htobe32(exponent_len), &c);
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen safealign_memcpy(&buf[c], exponent, exponent_len, &c);
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen /* Adding missing 00 which afaik is added to make sure
4e56e6408815c04f2e5b904a648a366a2dcbd408Timo Sirainen * the bigint is handled as positive number */
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen /* TODO: make a better check if 00 must be added or not, e.g. ... & 0x80)
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen SAFEALIGN_SET_UINT32(&buf[c], htobe32(modulus_len + 1), &c);
1d3b9fce06b466bcf64f9ab7b622f3a6e4e939baTimo Sirainen SAFEALIGN_SETMEM_VALUE(&buf[c], '\0', unsigned char, &c);