Skip to content

Commit

Permalink
[backend] use BSX509::keydata2pubkey, remove BSTUF::keydata2asn1
Browse files Browse the repository at this point in the history 
Also make use of the pack_sigalgo() function.
  • Loading branch information
@mlschroe
mlschroe committed Jan 19, 2022
1 parent ca1eec3 commit 0971c27
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 11 deletions.
13 changes: 3 additions & 10 deletions src/backend/BSTUF.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,21 +24,14 @@ package BSTUF;

use JSON::XS ();
use MIME::Base64 ();
use Digest::SHA;
use Digest::SHA ();

use BSUtil;
use BSASN1;
use BSX509;

use strict;

sub keydata2asn1 {
my ($keydata) = @_;
die("need an rsa pubkey\n") unless ($keydata->{'algo'} || '') eq 'rsa';
my $pubkey = BSASN1::pack_sequence(BSASN1::pack_integer_mpi($keydata->{'mpis'}->[0]->{'data'}), BSASN1::pack_integer_mpi($keydata->{'mpis'}->[1]->{'data'}));
return BSASN1::pack_sequence(BSASN1::pack_sequence($BSX509::oid_rsaencryption, BSASN1::pack_null()), BSASN1::pack_bytes($pubkey));
}

sub rfc3339time {
my ($t) = @_;
my @gt = gmtime($t || time());
Expand All @@ -58,7 +51,7 @@ sub mktbscert {
my ($cn, $not_before, $not_after, $subjectkeyinfo) = @_;
my $certversion = BSASN1::pack_tagged(0, BSASN1::pack_integer(2));
my $certserial = BSX509::pack_random_serial();
my $sigalgo = BSASN1::pack_sequence($BSX509::oid_sha256withrsaencryption, BSASN1::pack_null());
my $sigalgo = BSX509::pack_sigalgo('rsa', 'sha256');
my $issuer = BSX509::pack_distinguished_name([ $BSX509::oid_common_name, $cn ]);
my $validity = BSX509::pack_validity($not_before, $not_after);
my $basic_constraints = BSASN1::pack_sequence();
Expand All @@ -75,7 +68,7 @@ sub mktbscert {
sub mkcert {
my ($tbscert, $signfunc) = @_;
my $signature = $signfunc->($tbscert);
my $sigalgo = BSASN1::pack_sequence($BSX509::oid_sha256withrsaencryption, BSASN1::pack_null());
my $sigalgo = BSX509::pack_sigalgo('rsa', 'sha256');
my $cert = BSASN1::pack_sequence($tbscert, $sigalgo, BSASN1::pack_bytes($signature));
return BSASN1::der2pem($cert, 'CERTIFICATE');
}
Expand Down
3 changes: 2 additions & 1 deletion src/backend/bs_notar
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ use BSUtil;
use BSPGP;
use BSBearer;
use BSTUF;
use BSX509;

use strict;

Expand Down Expand Up @@ -266,7 +267,7 @@ my $pubkey_data = BSPGP::pk2keydata($gpgpubkey) || {};
die("need an rsa pubkey for container signing\n") unless ($pubkey_data->{'algo'} || '') eq 'rsa';
my $pubkey_times = BSPGP::pk2times($gpgpubkey) || {};
# generate pub key and cert from pgp key data
my $pub_bin = BSTUF::keydata2asn1($pubkey_data);
my $pub_bin = BSX509::keydata2pubkey($pubkey_data);

# create new to-be-signed cert
my $root_expire = $pubkey_times->{'key_expire'} + $root_extra_expire;
Expand Down

0 comments on commit 0971c27

Please sign in to comment.