shithub: riscv

Info  •  Files  •  Log  •  Branches

libsec: add X509reqtoRSApub() function and return subject alt names in X509to*pub() name buffer

We need a way to parse a rsa certificate request and return the public
key and subject names. The new function X509reqtoRSApub() works the
same way as X509toRSApub() but on a certificate request.

We also need to support certificates that are valid for multiple domain
names (as tlshand does not support certificate selection). For this
reason, a comma separated list is returned as the certificate subject,
making it symmetric to X509rsareq() handling.

A little helper is provided with this change (auth/x5092pub) that takes
a certificate (or a certificate request when -r flag is provided) and
outputs the RSA public key in plan 9 format appended with the subject
attribute.

--- a/sys/include/ape/libsec.h

+++ b/sys/include/ape/libsec.h

@@ -365,6 +365,7 @@

 void		rsaprivfree(RSApriv*);

 RSApub*		rsaprivtopub(RSApriv*);

 RSApub*		X509toRSApub(uchar*, int, char*, int);

+RSApub*		X509reqtoRSApub(uchar*, int, char*, int);

 RSApriv*	asn1toRSApriv(uchar*, int);

 RSApub*		asn1toRSApub(uchar*, int);

 void		asn1dump(uchar *der, int len);

--- a/sys/include/libsec.h

+++ b/sys/include/libsec.h

@@ -357,6 +357,7 @@

 void		rsaprivfree(RSApriv*);

 RSApub*		rsaprivtopub(RSApriv*);

 RSApub*		X509toRSApub(uchar*, int, char*, int);

+RSApub*		X509reqtoRSApub(uchar*, int, char*, int);

 RSApub*		asn1toRSApub(uchar*, int);

 RSApriv*	asn1toRSApriv(uchar*, int);

 void		asn1dump(uchar *der, int len);

--- a/sys/man/2/rsa

+++ b/sys/man/2/rsa

@@ -15,6 +15,7 @@

 rsapuballoc,

 rsapubfree,

 X509toRSApub,

+X509reqtoRSApub,

 X509rsagen,

 X509rsareq,

 X509rsaverify,

@@ -61,6 +62,9 @@

 RSApub*	X509toRSApub(uchar *cert, int ncert, char *name, int nname)

 .PP

 .B

+RSApub* X509reqtoRSApub(uchar *req, int nreq, char *name*, int nname)

+.PP

+.B

 RSApriv*	asn1toRSApriv(uchar *priv, int npriv)

 .PP

 .B

@@ -79,7 +83,7 @@

 uchar*	X509rsagen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);

 .PP

 .B

-uchar*	X509rsareq(RSApriv *priv, char *subj, int *certlen);

+uchar*	X509rsareq(RSApriv *priv, char *subj, int *reqlen)

 .PP

 .B

 char*	X509rsaverify(uchar *cert, int ncert, RSApub *pk)

@@ -159,9 +163,10 @@

 .I name

 is not

 .BR nil ,

-the CN part of the Distinguished Name of the

-certificate's Subject.

-(This is conventionally a userid or a host DNS name.)

+a concatenation of the CN part of the Distinguished Name of the

+certificate's Subject and further Subject Alternative Names

+separated by comma.

+(These are conventionally a userid or a host DNS name.)

 No verification is done of the certificate signature;  the

 caller should check the fingerprint,

 .IR sha1(cert) ,

@@ -180,6 +185,12 @@

 .B nil

 if successful, else an error string.

 .PP

+The routine

+.I X509reqtoRSApub

+is similar to

+.I X509toRSApub

+above, but decodes a X509 certificate request.

+.PP

 .I X509rsaverifydigest

 takes a encoded PKCS #1 signature as used in X.509 as

 .IR sig [ siglen ]

@@ -197,8 +208,8 @@

 .IR subj ,

 and the starting and ending validity dates,

 .IR valid .

-Length of the allocated binary certificate is stored in

-.IR certlen .

+Length of the allocated binary certificate request is stored in

+.IR reqlen .

 The subject line is conventionally of the form

 .IP

 .EX

--- a/sys/src/cmd/auth/mkfile

+++ b/sys/src/cmd/auth/mkfile

@@ -35,6 +35,7 @@

 	userpasswd\

 	warning\

 	wrkey\

+	x5092pub\

 DIRS=\

 	factotum\

--- /dev/null

+++ b/sys/src/cmd/auth/x5092pub.c

@@ -1,0 +1,63 @@

+#include <u.h>

+#include <libc.h>

+#include <bio.h>

+#include <auth.h>

+#include <mp.h>

+#include <libsec.h>

+

+int fd;

+int req = 0;

+char subject[1024];

+

+void

+usage(void)

+{

+	fprint(2, "usage: aux/x5092pub [-r] [file]\n");

+	exits("usage");

+}

+

+void

+main(int argc, char **argv)

+{

+	int tot, n;

+	uchar *buf;

+	RSApub *pub;

+

+	quotefmtinstall();

+	fmtinstall('B', mpfmt);

+	fmtinstall('H', encodefmt);

+

+	ARGBEGIN{

+	case 'r':

+		req = 1;

+		break;

+	default:

+		usage();

+	}ARGEND

+

+	fd = 0;

+	if(argc == 1)

+		fd = open(argv[0], OREAD);

+	else if(argc != 0)

+		usage();

+	buf = nil;

+	tot = 0;

+	for(;;){

+		buf = realloc(buf, tot+8192);

+		if(buf == nil)

+			sysfatal("realloc: %r");

+		if((n = read(fd, buf+tot, 8192)) < 0)

+			sysfatal("read: %r");

+		if(n == 0)

+			break;

+		tot += n;

+	}

+	if(req)

+		pub = X509reqtoRSApub(buf, tot, subject, sizeof(subject));

+	else

+		pub = X509toRSApub(buf, tot, subject, sizeof(subject));

+	if(pub == nil)

+		sysfatal("X509toRSApub: %r");

+	print("key proto=rsa size=%d ek=%B n=%B subject=%q \n", mpsignif(pub->n), pub->ek, pub->n, subject);

+	exits(nil);

+}

--- a/sys/src/libsec/port/x509.c

+++ b/sys/src/libsec/port/x509.c

@@ -1589,6 +1589,7 @@

 	int	signature_alg;

 	Bits*	signature;

 	int	curve;

+	Bytes*	ext;

 } CertX509;

 /* Algorithm object-ids */

@@ -1724,6 +1725,8 @@

 	nil,

 };

+static void appendaltnames(char *name, int nname, Bytes *ext, int req);

+

 static void

 freecert(CertX509* c)

 {

@@ -1735,6 +1738,7 @@

 	free(c->subject);

 	freebits(c->publickey);

 	freebits(c->signature);

+	freebytes(c->ext);

 	free(c);

 }

@@ -1863,6 +1867,7 @@

 	c->publickey = nil;

 	c->signature_alg = -1;

 	c->signature = nil;

+	c->ext = nil;

 	/* Certificate */

  	if(!is_seq(&ecert, &elcert) || elistlen(elcert) !=3)

@@ -1900,6 +1905,10 @@

  	esubj = &el->hd;

  	el = el->tl;

  	epubkey = &el->hd;

+	if(el->tl != nil && el->tl->hd.tag.class == Context && el->tl->hd.tag.num == 3){

+		c->ext = el->tl->hd.val.u.octetsval;

+		el->tl->hd.val.u.octetsval = nil;	/* transfer ownership */

+	}

 	if(!is_int(eserial, &c->serial)) {

 		if(!is_bigint(eserial, &b))

 			goto errret;

@@ -2260,6 +2269,7 @@

 	if(c == nil)

 		return nil;

 	copysubject(name, nname, c->subject);

+	appendaltnames(name, nname, c->ext, 0);

 	pub = nil;

 	if(c->publickey_alg == ALG_ecPublicKey){

 		ecdominit(dom, namedcurves[c->curve]);

@@ -2302,6 +2312,7 @@

 	if(c == nil)

 		return nil;

 	copysubject(name, nname, c->subject);

+	appendaltnames(name, nname, c->ext, 0);

 	pub = nil;

 	if(c->publickey_alg == ALG_rsaEncryption)

 		pub = asn1toRSApub(c->publickey->data, c->publickey->len);

@@ -2644,7 +2655,7 @@

 static Ints15 oid_extensionRequest = { 7, 1, 2, 840, 113549, 1, 9, 14};

 static Elist*

-mkextensions(char *alts, int req)

+mkextensions(char *alts, int isreq)

 {

 	Elist *sl, *xl;

@@ -2653,12 +2664,12 @@

 		xl = mkextel(mkseq(sl), (Ints*)&oid_subjectAltName, xl);

 	if(xl != nil){

 		xl = mkel(mkseq(xl), nil);

-		if(req)

+		if(isreq)

 			xl = mkel(mkseq(

 				mkel(mkoid((Ints*)&oid_extensionRequest),

 				mkel(mkset(xl), nil))), nil);

 	}

-	if(req)

+	if(isreq)

 		xl = mkel(mkcont(0, xl), nil);

 	else if(xl != nil)

 		xl = mkel(mkcont(3, xl), nil);

@@ -2681,6 +2692,85 @@

 	return nil;

 }

+static void

+appendaltnames(char *name, int nname, Bytes *ext, int isreq)

+{

+	Elem eext, ealt, edn;

+	Elist *el, *l;

+	Ints *oid;

+	char *alt;

+	int len;

+

+	if(name == nil || ext == nil)

+		return;

+	if(decode(ext->data, ext->len, &eext) != ASN_OK)

+		return;

+	if(isreq){

+		if(!is_seq(&eext, &el) || elistlen(el) != 2)

+			goto errext;

+		if(!is_oid(&el->hd, &oid) || !ints_eq(oid, (Ints*)&oid_extensionRequest))

+			goto errext;

+		el = el->tl;

+		if(!is_set(&el->hd, &el))

+			goto errext;

+		if(!is_seq(&el->hd, &el))

+			goto errext;

+	} else {

+		if(!is_seq(&eext, &el))

+			goto errext;

+	}

+	for(; el != nil; el = el->tl){

+		if(!is_seq(&el->hd, &l) || elistlen(l) != 2)

+			goto errext;

+		if(!is_oid(&l->hd, &oid) || !ints_eq(oid, (Ints*)&oid_subjectAltName))

+			continue;

+		el = l->tl;

+		break;

+	}

+	if(el == nil)

+		goto errext;

+	if(!is_octetstring(&el->hd, &ext))

+		goto errext;

+	if(decode(ext->data, ext->len, &ealt) != ASN_OK)

+		goto errext;

+	if(!is_seq(&ealt, &el))

+		goto erralt;

+	for(; el != nil; el = el->tl){

+		ext = el->hd.val.u.octetsval;

+		switch(el->hd.tag.num){

+		default:

+			continue;

+		case 1:	/* email */

+		case 2:	/* DNS */

+			if(ext == nil)

+				goto erralt;

+			alt = smprint("%.*s", ext->len, (char*)ext->data);

+			break;

+		case 4:	/* DN */

+			if(ext == nil || decode(ext->data, ext->len, &edn) != ASN_OK)

+				goto erralt;

+			alt = parse_name(&edn);

+			freevalfields(&edn.val);

+			break;

+		}

+		if(alt == nil)

+			goto erralt;

+		len = strlen(alt);

+		if(strncmp(name, alt, len) == 0 && strchr(",", name[len]) == nil){

+			free(alt);	/* same as the subject */

+			continue;

+		}

+		if(name[0] != '\0')

+			strncat(name, ", ", nname-1);

+		strncat(name, alt, nname-1);

+		free(alt);

+	}

+erralt:

+	freevalfields(&ealt.val);

+errext:

+	freevalfields(&eext.val);

+}

+	

 static Bytes*

 encode_rsapubkey(RSApub *pk)

 {

@@ -2883,6 +2973,46 @@

 	freevalfields(&e.val);

 	free(subj);

 	return cert;

+}

+

+RSApub*

+X509reqtoRSApub(uchar *req, int nreq, char *name, int nname)

+{

+	Elem ereq;

+	Elist *el;

+	char *subject;

+	Bits *bits;

+	RSApub *pub;

+

+	pub = nil;

+	if(decode(req, nreq, &ereq) != ASN_OK)

+		goto errret;

+	if(!is_seq(&ereq, &el) || elistlen(el) != 3)

+		goto errret;

+	if(!is_seq(&el->hd, &el) || elistlen(el) < 3)

+		goto errret;

+ 	el = el->tl;

+	subject = parse_name(&el->hd);

+	if(subject == nil)

+		goto errret;

+	copysubject(name, nname, subject);

+	free(subject);

+	el = el->tl;

+	if(el->tl != nil && el->tl->hd.tag.class == Context && el->tl->hd.tag.num == 0)

+		appendaltnames(name, nname, el->tl->hd.val.u.octetsval, 1);

+	if(!is_seq(&el->hd, &el) || elistlen(el) != 2)

+		goto errret;

+	if(parse_alg(&el->hd) != ALG_rsaEncryption)

+		goto errret;

+	el = el->tl;

+	if(!is_bitstring(&el->hd, &bits))

+		goto errret;

+	pub = asn1toRSApub(bits->data, bits->len);

+	if(pub == nil)

+		goto errret;

+errret:

+	freevalfields(&ereq.val);

+	return pub;

 }

 static void