%%{ #include "file_analysis/analyzer/x509/X509.h" #include "types.bif.h" #include "net_util.h" #include #include #include #include #include #include // This is the indexed map of X509 certificate stores. static map x509_stores; // ### NOTE: while d2i_X509 does not take a const u_char** pointer, // here we assume d2i_X509 does not write to , so it is safe to // convert data to a non-const pointer. Could some X509 guru verify // this? X509* d2i_X509_(X509** px, const u_char** in, int len) { #ifdef OPENSSL_D2I_X509_USES_CONST_CHAR return d2i_X509(px, in, len); #else return d2i_X509(px, (u_char**)in, len); #endif } // construct an error record RecordVal* x509_result_record(uint64_t num, const char* reason, Val* chainVector = 0) { RecordVal* rrecord = new RecordVal(BifType::Record::X509::Result); rrecord->Assign(0, new Val(num, TYPE_INT)); rrecord->Assign(1, new StringVal(reason)); if ( chainVector ) rrecord->Assign(2, chainVector); return rrecord; } X509_STORE* x509_get_root_store(TableVal* root_certs) { // If this certificate store was built previously, just reuse the old one. if ( x509_stores.count(root_certs) > 0 ) return x509_stores[root_certs]; X509_STORE* ctx = X509_STORE_new(); ListVal* idxs = root_certs->ConvertToPureList(); // Build the validation store for ( int i = 0; i < idxs->Length(); ++i ) { Val* key = idxs->Index(i); StringVal *sv = root_certs->Lookup(key)->AsStringVal(); assert(sv); const uint8* data = sv->Bytes(); X509* x = d2i_X509_(NULL, &data, sv->Len()); if ( ! x ) { builtin_error(fmt("Root CA error: %s", ERR_error_string(ERR_get_error(),NULL))); return 0; } X509_STORE_add_cert(ctx, x); X509_free(x); } delete idxs; // Save the newly constructed certificate store into the cacheing map. x509_stores[root_certs] = ctx; return ctx; } // get all cretificates starting at the second one (assuming the first one is the host certificate) STACK_OF(X509)* x509_get_untrusted_stack(VectorVal* certs_vec) { STACK_OF(X509)* untrusted_certs = sk_X509_new_null(); if ( ! untrusted_certs ) { builtin_error(fmt("Untrusted certificate stack initialization error: %s", ERR_error_string(ERR_get_error(),NULL))); return 0; } for ( int i = 1; i < (int) certs_vec->Size(); ++i ) // start at 1 - 0 is host cert { Val *sv = certs_vec->Lookup(i); if ( ! sv ) continue; // Fixme: check type X509* x = ((file_analysis::X509Val*) sv)->GetCertificate(); if ( ! x ) { sk_X509_free(untrusted_certs); builtin_error(fmt("No certificate in opaque in stack")); return 0; } sk_X509_push(untrusted_certs, x); } return untrusted_certs; } // We need this function to be able to identify the signer certificate of an // OCSP request out of a list of possible certificates. X509* x509_get_ocsp_signer(STACK_OF(X509) *certs, OCSP_RESPID *rid) { // We support two lookup types - either by response id or by key. if ( rid->type == V_OCSP_RESPID_NAME ) return X509_find_by_subject(certs, rid->value.byName); // There only should be name and type - but let's be sure... if ( rid->type != V_OCSP_RESPID_KEY ) return 0; // Just like OpenSSL, we just support SHA-1 lookups and bail out otherwhise. if ( rid->value.byKey->length != SHA_DIGEST_LENGTH ) return 0; unsigned char* key_hash = rid->value.byKey->data; for ( int i = 0; i < sk_X509_num(certs); ++i ) { unsigned char digest[SHA_DIGEST_LENGTH]; X509* cert = sk_X509_value(certs, i); if ( ! X509_pubkey_digest(cert, EVP_sha1(), digest, NULL) ) // digest failed for this certificate, try with next continue; if ( memcmp(digest, key_hash, SHA_DIGEST_LENGTH) == 0 ) // keys match, return certificate return cert; } return 0; } // Convert hash algorithm registry numbers to the OpenSSL EVP_MD. // Mapping at https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18 const EVP_MD* hash_to_evp(int hash) { switch ( hash ) { case 1: return EVP_md5(); break; case 2: return EVP_sha1(); break; case 3: return EVP_sha224(); break; case 4: return EVP_sha256(); break; case 5: return EVP_sha384(); break; case 6: return EVP_sha512(); break; default: return nullptr; } } %%} ## Parses a certificate into an X509::Certificate structure. ## ## cert: The X509 certificate opaque handle. ## ## Returns: A X509::Certificate structure. ## ## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints ## x509_ext_subject_alternative_name x509_verify ## x509_get_certificate_string function x509_parse%(cert: opaque of x509%): X509::Certificate %{ assert(cert); file_analysis::X509Val* h = (file_analysis::X509Val*) cert; return file_analysis::X509::ParseCertificate(h); %} ## Returns the string form of a certificate. ## ## cert: The X509 certificate opaque handle. ## ## pem: A boolean that specifies if the certificate is returned ## in pem-form (true), or as the raw ASN1 encoded binary ## (false). ## ## Returns: X509 certificate as a string. ## ## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints ## x509_ext_subject_alternative_name x509_parse x509_verify function x509_get_certificate_string%(cert: opaque of x509, pem: bool &default=F%): string %{ assert(cert); file_analysis::X509Val* h = (file_analysis::X509Val*) cert; BIO *bio = BIO_new(BIO_s_mem()); if ( pem ) PEM_write_bio_X509(bio, h->GetCertificate()); else i2d_X509_bio(bio, h->GetCertificate()); StringVal* ext_val = file_analysis::X509::GetExtensionFromBIO(bio); if ( ! ext_val ) ext_val = new StringVal(""); return ext_val; %} ## Verifies an OCSP reply. ## ## certs: Specifies the certificate chain to use. Server certificate first. ## ## ocsp_reply: the ocsp reply to validate. ## ## root_certs: A list of root certificates to validate the certificate chain. ## ## verify_time: Time for the validity check of the certificates. ## ## Returns: A record of type X509::Result containing the result code of the ## verify operation. ## ## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints ## x509_ext_subject_alternative_name x509_parse ## x509_get_certificate_string x509_verify function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_certs: table_string_of_string, verify_time: time &default=network_time()%): X509::Result %{ RecordVal* rval = 0; X509_STORE* ctx = x509_get_root_store(root_certs->AsTableVal()); if ( ! ctx ) return x509_result_record(-1, "Problem initializing root store"); VectorVal *certs_vec = certs->AsVectorVal(); if ( certs_vec->Size() < 1 ) { reporter->Error("No certificates given in vector"); return x509_result_record(-1, "no certificates"); } // host certificate unsigned int index = 0; // to prevent overloading to 0pointer Val *sv = certs_vec->Lookup(index); if ( ! sv ) { builtin_error("undefined value in certificate vector"); return x509_result_record(-1, "undefined value in certificate vector"); } file_analysis::X509Val* cert_handle = (file_analysis::X509Val*) sv; X509* cert = cert_handle->GetCertificate(); if ( ! cert ) { builtin_error(fmt("No certificate in opaque")); return x509_result_record(-1, "No certificate in opaque"); } const unsigned char* start = ocsp_reply->Bytes(); STACK_OF(X509)* untrusted_certs = x509_get_untrusted_stack(certs_vec); if ( ! untrusted_certs ) return x509_result_record(-1, "Problem initializing list of untrusted certificates"); // from here, always goto cleanup. Initialize all other required variables... time_t vtime = (time_t) verify_time; OCSP_BASICRESP *basic = 0; OCSP_SINGLERESP *single = 0; X509_STORE_CTX *csc = 0; OCSP_CERTID *certid = 0; stack_st_X509* ocsp_certs = nullptr; int status = -1; int out = -1; int result = -1; X509* issuer_certificate = 0; X509* signer = 0; OCSP_RESPONSE *resp = d2i_OCSP_RESPONSE(NULL, &start, ocsp_reply->Len()); if ( ! resp ) { rval = x509_result_record(-1, "Could not parse OCSP response"); goto x509_ocsp_cleanup; } status = OCSP_response_status(resp); if ( status != OCSP_RESPONSE_STATUS_SUCCESSFUL ) { rval = x509_result_record(-2, OCSP_response_status_str(status)); goto x509_ocsp_cleanup; } basic = OCSP_response_get1_basic(resp); if ( ! basic ) { rval = x509_result_record(-1, "Could not parse OCSP response"); goto x509_ocsp_cleanup; } // the following code took me _forever_ to get right. // The OCSP_basic_verify command takes a list of certificates. However (which is not immediately // visible or understandable), those are only used to find the signer certificate. They are _not_ // used for chain building during the actual verification (this would be stupid). But - if we sneakily // inject the certificates in the certificate list of the OCSP reply, they actually are used during // the lookup. // Yay. issuer_certificate = 0; for ( int i = 0; i < sk_X509_num(untrusted_certs); i++) { OCSP_basic_add1_cert(basic, sk_X509_value(untrusted_certs, i)); if ( X509_NAME_cmp(X509_get_issuer_name(cert), X509_get_subject_name(sk_X509_value(untrusted_certs, i))) == 0 ) issuer_certificate = sk_X509_value(untrusted_certs, i); } // Because we actually want to be able to give nice error messages that show why we were // not able to verify the OCSP response - do our own verification logic first. signer = x509_get_ocsp_signer(basic->certs, basic->tbsResponseData->responderId); /* Do this perhaps - OpenSSL also cannot do it, so I do not really feel bad about it. Needs a different lookup because the root store is no stack of X509 certs if ( !s igner ) // if we did not find it in the certificates that were sent, search in the root store signer = x509_get_ocsp_signer(ocsp_certs, basic->tbsResponseData->responderId); */ if ( ! signer ) { rval = x509_result_record(-1, "Could not find OCSP responder certificate"); goto x509_ocsp_cleanup; } { auto basic_certs = OCSP_resp_get0_certs(basic); if ( basic_certs ) ocsp_certs = sk_X509_dup(basic_certs); assert(ocsp_certs); } csc = X509_STORE_CTX_new(); X509_STORE_CTX_init(csc, ctx, signer, ocsp_certs); X509_STORE_CTX_set_time(csc, 0, (time_t) verify_time); X509_STORE_CTX_set_purpose(csc, X509_PURPOSE_OCSP_HELPER); result = X509_verify_cert(csc); if ( result != 1 ) { const char *reason = X509_verify_cert_error_string(X509_STORE_CTX_get_error(csc)); rval = x509_result_record(result, X509_verify_cert_error_string(X509_STORE_CTX_get_error(csc))); goto x509_ocsp_cleanup; } // We pass OCSP_NOVERIFY to let OCSP_basic_verify skip the chain verification. // With that, it only verifies the signature of the basic response and we are responsible // for the chain ourselves. We have to do that since we cannot get OCSP_basic_verify to use our timestamp. out = OCSP_basic_verify(basic, NULL, ctx, OCSP_NOVERIFY); if ( out < 1 ) { rval = x509_result_record(out, ERR_error_string(ERR_get_error(),NULL)); goto x509_ocsp_cleanup; } // ok, now we verified the OCSP response. This means that we have a valid chain tying it // to a root that we trust and that the signature also hopefully is valid. This does not yet // mean that the ocsp response actually matches the certificate the server sent us or that // the OCSP response even says that the certificate is valid. // let's start this out by checking that the response is actually for the certificate we want // to validate and not for something completely unrelated that the server is trying to trick us // into accepting. if ( issuer_certificate ) certid = OCSP_cert_to_id(NULL, cert, issuer_certificate); else { // issuer not in list sent by server, check store X509_OBJECT *obj = X509_OBJECT_new(); int lookup = X509_STORE_get_by_subject(csc, X509_LU_X509, X509_get_subject_name(cert), obj); if ( lookup <= 0) { rval = x509_result_record(lookup, "Could not find issuer of host certificate"); X509_OBJECT_free(obj); goto x509_ocsp_cleanup; } certid = OCSP_cert_to_id(NULL, cert,X509_OBJECT_get0_X509( obj)); X509_OBJECT_free(obj); } if ( ! certid ) { rval = x509_result_record(-1, "Certificate ID construction failed"); goto x509_ocsp_cleanup; } // for now, assume we have one reply... single = OCSP_resp_get0(basic, 0); if ( ! single ) { rval = x509_result_record(-1, "Could not lookup OCSP response information"); goto x509_ocsp_cleanup; } if ( OCSP_id_cmp(certid, (OCSP_CERTID*)OCSP_SINGLERESP_get0_id(single)) != 0 ) return x509_result_record(-1, "OCSP reply is not for host certificate"); // next - check freshness of proof... ASN1_GENERALIZEDTIME *thisUpdate; ASN1_GENERALIZEDTIME *nextUpdate; int type; type = OCSP_single_get0_status(single, NULL, NULL, &thisUpdate, &nextUpdate); if ( ! ASN1_GENERALIZEDTIME_check(thisUpdate) || ! ASN1_GENERALIZEDTIME_check(nextUpdate) ) { rval = x509_result_record(-1, "OCSP reply contains invalid dates"); goto x509_ocsp_cleanup; } // now - nearly done. Check freshness and status code. // There is a function to check the freshness of the ocsp reply in the ocsp code of OpenSSL. But - it only // supports comparing it against the current time, not against arbitrary times. Hence it is kind of unusable // for us... // Well, we will do it manually. if ( X509_cmp_time(thisUpdate, &vtime) > 0 ) rval = x509_result_record(-1, "OCSP reply specifies time in future"); else if ( X509_cmp_time(nextUpdate, &vtime) < 0 ) rval = x509_result_record(-1, "OCSP reply expired"); else if ( type != V_OCSP_CERTSTATUS_GOOD ) rval = x509_result_record(-1, OCSP_cert_status_str(type)); // if we have no error so far, we are done. if ( !rval ) rval = x509_result_record(1, OCSP_cert_status_str(type)); x509_ocsp_cleanup: if ( ocsp_certs ) sk_X509_free(ocsp_certs); if ( untrusted_certs ) sk_X509_free(untrusted_certs); if ( resp ) OCSP_RESPONSE_free(resp); if ( basic ) OCSP_BASICRESP_free(basic); if ( csc ) { X509_STORE_CTX_cleanup(csc); X509_STORE_CTX_free(csc); } if ( certid ) OCSP_CERTID_free(certid); return rval; %} ## Verifies a certificate. ## ## certs: Specifies a certificate chain that is being used to validate ## the given certificate against the root store given in *root_certs*. ## The host certificate has to be at index 0. ## ## root_certs: A list of root certificates to validate the certificate chain. ## ## verify_time: Time for the validity check of the certificates. ## ## Returns: A record of type X509::Result containing the result code of the ## verify operation. In case of success also returns the full ## certificate chain. ## ## .. bro:see:: x509_certificate x509_extension x509_ext_basic_constraints ## x509_ext_subject_alternative_name x509_parse ## x509_get_certificate_string x509_ocsp_verify sct_verify function x509_verify%(certs: x509_opaque_vector, root_certs: table_string_of_string, verify_time: time &default=network_time()%): X509::Result %{ X509_STORE* ctx = x509_get_root_store(root_certs->AsTableVal()); if ( ! ctx ) return x509_result_record(-1, "Problem initializing root store"); VectorVal *certs_vec = certs->AsVectorVal(); if ( ! certs_vec || certs_vec->Size() < 1 ) { reporter->Error("No certificates given in vector"); return x509_result_record(-1, "no certificates"); } // host certificate unsigned int index = 0; // to prevent overloading to 0pointer Val *sv = certs_vec->Lookup(index); if ( !sv ) { builtin_error("undefined value in certificate vector"); return x509_result_record(-1, "undefined value in certificate vector"); } file_analysis::X509Val* cert_handle = (file_analysis::X509Val*) sv; X509* cert = cert_handle->GetCertificate(); if ( ! cert ) { builtin_error(fmt("No certificate in opaque")); return x509_result_record(-1, "No certificate in opaque"); } STACK_OF(X509)* untrusted_certs = x509_get_untrusted_stack(certs_vec); if ( ! untrusted_certs ) return x509_result_record(-1, "Problem initializing list of untrusted certificates"); X509_STORE_CTX *csc = X509_STORE_CTX_new(); X509_STORE_CTX_init(csc, ctx, cert, untrusted_certs); X509_STORE_CTX_set_time(csc, 0, (time_t) verify_time); X509_STORE_CTX_set_flags(csc, X509_V_FLAG_USE_CHECK_TIME); int result = X509_verify_cert(csc); VectorVal* chainVector = 0; if ( result == 1 ) // we have a valid chain. try to get it... { STACK_OF(X509)* chain = X509_STORE_CTX_get1_chain(csc); // get1 = deep copy if ( ! chain ) { reporter->Error("Encountered valid chain that could not be resolved"); sk_X509_pop_free(chain, X509_free); goto x509_verify_chainerror; } int num_certs = sk_X509_num(chain); chainVector = new VectorVal(internal_type("x509_opaque_vector")->AsVectorType()); for ( int i = 0; i < num_certs; i++ ) { X509* currcert = sk_X509_value(chain, i); if ( currcert ) // X509Val takes ownership of currcert. chainVector->Assign(i, new file_analysis::X509Val(currcert)); else { reporter->InternalWarning("OpenSSL returned null certificate"); sk_X509_pop_free(chain, X509_free); goto x509_verify_chainerror; } } sk_X509_free(chain); } x509_verify_chainerror: RecordVal* rrecord = x509_result_record(X509_STORE_CTX_get_error(csc), X509_verify_cert_error_string(X509_STORE_CTX_get_error(csc)), chainVector); X509_STORE_CTX_cleanup(csc); X509_STORE_CTX_free(csc); sk_X509_free(untrusted_certs); return rrecord; %} ## Verifies a Signed Certificate Timestamp as used for Certificate Transparency. ## See RFC6962 for more details. ## ## cert: Certificate against which the SCT should be validated. ## ## logid: Log id of the SCT. ## ## log_key: Public key of the Log that issued the SCT proof. ## ## timestamp: Timestamp at which the proof was generated. ## ## hash_algorithm: Hash algorithm that was used for the SCT proof. ## ## issuer_key_hash: The SHA-256 hash of the certificate issuer's public key. ## This only has to be provided if the SCT was encountered in an X.509 ## certificate extension; in that case, it is necessary for validation. ## ## Returns: T if the validation could be performed succesfully, F otherwhise. ## ## .. bro:see:: ssl_extension_signed_certificate_timestamp ## x509_ocsp_ext_signed_certificate_timestamp ## x509_verify function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signature: string, timestamp: count, hash_algorithm: count, issuer_key_hash: string &default=""%): bool %{ assert(cert); file_analysis::X509Val* h = (file_analysis::X509Val*) cert; X509* x = ((file_analysis::X509Val*) h)->GetCertificate(); assert(sizeof(timestamp) >= 8); uint64_t timestamp_network = htonll(timestamp); bool precert = issuer_key_hash->Len() > 0; if ( precert && issuer_key_hash->Len() != 32) { reporter->Error("Invalid issuer_key_hash length"); return new Val(0, TYPE_BOOL); } std::string data; data.push_back(0); // version data.push_back(0); // signature_type -> certificate_timestamp data.append(reinterpret_cast(×tamp_network), sizeof(timestamp_network)); // timestamp -> 64 bits if ( precert ) data.append("\0\1", 2); // entry-type: precert_entry else data.append("\0\0", 2); // entry-type: x509_entry if ( precert ) { x = X509_dup(x); assert(x); // In OpenSSL 1.0.2+, we can get the extension by using NID_ct_precert_scts. // In OpenSSL <= 1.0.1, this is not yet defined yet, so we have to manually // look it up by performing a string comparison on the oid. #ifdef NID_ct_precert_scts int pos = X509_get_ext_by_NID(x, NID_ct_precert_scts, -1); if ( pos < 0 ) { reporter->Error("NID_ct_precert_scts not found"); return new Val(0, TYPE_BOOL); } #else int num_ext = X509_get_ext_count(x); int pos = -1; for ( int k = 0; k < num_ext; ++k ) { char oid[256]; X509_EXTENSION* ex = X509_get_ext(x, k); ASN1_OBJECT* ext_asn = X509_EXTENSION_get_object(ex); OBJ_obj2txt(oid, 255, ext_asn, 1); if ( strcmp(oid, "1.3.6.1.4.1.11129.2.4.2") == 0 ) { pos = k; break; } } #endif X509_EXTENSION_free(X509_delete_ext(x, pos)); #ifdef NID_ct_precert_scts assert( X509_get_ext_by_NID(x, NID_ct_precert_scts, -1) == -1 ); #endif } unsigned char *cert_out = nullptr; uint32 cert_length; if ( precert ) { #if (OPENSSL_VERSION_NUMBER < 0x10002000L) x->cert_info->enc.modified = 1; cert_length = i2d_X509_CINF(x->cert_info, &cert_out); #else cert_length = i2d_re_X509_tbs(x, &cert_out); #endif data.append(reinterpret_cast(issuer_key_hash->Bytes()), issuer_key_hash->Len()); } else cert_length = i2d_X509(x, &cert_out); assert( cert_out ); uint32 cert_length_network = htonl(cert_length); assert( sizeof(cert_length_network) == 4); data.append(reinterpret_cast(&cert_length_network)+1, 3); // 3 bytes certificate length data.append(reinterpret_cast(cert_out), cert_length); // der-encoded certificate OPENSSL_free(cert_out); if ( precert ) X509_free(x); data.append("\0\0", 2); // no extensions // key is given as a DER-encoded SubjectPublicKeyInfo. const unsigned char *key_char = log_key->Bytes(); EVP_PKEY* key = d2i_PUBKEY(nullptr, &key_char, log_key->Len()); EVP_MD_CTX *mdctx = EVP_MD_CTX_create(); assert(mdctx); string errstr; int success = 0; const EVP_MD* hash = hash_to_evp(hash_algorithm); if ( ! hash ) { errstr = "Unknown hash algorithm"; goto sct_verify_err; } if ( ! key ) { errstr = "Could not load log key"; goto sct_verify_err; } if ( ! EVP_DigestVerifyInit(mdctx, NULL, hash, NULL, key) ) { errstr = "Could not init signature verification"; goto sct_verify_err; } if ( ! EVP_DigestVerifyUpdate(mdctx, data.data(), data.size()) ) { errstr = "Could not update digest for verification"; goto sct_verify_err; } #ifdef NID_ct_precert_scts success = EVP_DigestVerifyFinal(mdctx, signature->Bytes(), signature->Len()); #else // older versions of OpenSSL use a non-const-char *sigh* // I don't think they actually manipulate the value though. // todo - this needs a cmake test success = EVP_DigestVerifyFinal(mdctx, (unsigned char*) signature->Bytes(), signature->Len()); #endif EVP_MD_CTX_destroy(mdctx); EVP_PKEY_free(key); return new Val(success, TYPE_BOOL); sct_verify_err: if (mdctx) EVP_MD_CTX_destroy(mdctx); if (key) EVP_PKEY_free(key); reporter->Error("%s", errstr.c_str()); return new Val(0, TYPE_BOOL); %} %%{ /** * 0 -> subject name * 1 -> issuer name * 2 -> pubkey */ StringVal* x509_entity_hash(file_analysis::X509Val *cert_handle, unsigned int hash_alg, unsigned int type) { assert(cert_handle); if ( type > 2 ) { reporter->InternalError("Unknown type in x509_entity_hash"); return nullptr; } X509 *cert_x509 = cert_handle->GetCertificate(); if ( cert_x509 == nullptr ) { builtin_error("cannot get cert from opaque"); return nullptr; } X509_NAME *subject_name = X509_get_subject_name(cert_x509); X509_NAME *issuer_name = X509_get_issuer_name(cert_x509); if ( subject_name == nullptr || issuer_name == nullptr ) { builtin_error("fail to get subject/issuer name from certificate"); return nullptr; } const EVP_MD *dgst = hash_to_evp(hash_alg); if ( dgst == nullptr ) { builtin_error("Unknown hash algorithm."); return nullptr; } unsigned char md[EVP_MAX_MD_SIZE]; memset(md, 0, sizeof(md)); unsigned int len = 0; int res = 0; if ( type == 0 ) res = X509_NAME_digest(subject_name, dgst, md, &len); else if ( type == 1 ) res = X509_NAME_digest(issuer_name, dgst, md, &len); else if ( type == 2 ) { unsigned char *spki = nullptr; int pklen = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert_x509), &spki); if ( ! pklen ) { builtin_error("Could not get SPKI"); return nullptr; } res = EVP_Digest(spki, pklen, md, &len, dgst, nullptr); OPENSSL_free(spki); } if ( ! res ) { builtin_error("Could not perform hash"); return nullptr; } assert( len <= sizeof(md) ); return new StringVal(len, reinterpret_cast(md)); } %%} ## Get the hash of the subject's distinguished name. ## ## cert: The X509 certificate opaque handle. ## ## hash_alg: the hash algorithm to use, according to the IANA mapping at ## https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18 ## ## Returns: The hash as a string. ## ## .. bro:see:: x509_issuer_name_hash x509_spki_hash ## x509_verify sct_verify function x509_subject_name_hash%(cert: opaque of x509, hash_alg: count%): string %{ file_analysis::X509Val *cert_handle = (file_analysis::X509Val *) cert; return x509_entity_hash(cert_handle, hash_alg, 0); %} ## Get the hash of the issuer's distinguished name. ## ## cert: The X509 certificate opaque handle. ## ## hash_alg: the hash algorithm to use, according to the IANA mapping at ## https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18 ## ## Returns: The hash as a string. ## ## .. bro:see:: x509_subject_name_hash x509_spki_hash ## x509_verify sct_verify function x509_issuer_name_hash%(cert: opaque of x509, hash_alg: count%): string %{ file_analysis::X509Val *cert_handle = (file_analysis::X509Val *) cert; return x509_entity_hash(cert_handle, hash_alg, 1); %} ## Get the hash of the Subject Public Key Information of the certificate. ## ## cert: The X509 certificate opaque handle. ## ## hash_alg: the hash algorithm to use, according to the IANA mapping at ## https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-18 ## ## Returns: The hash as a string. ## ## .. bro:see:: x509_subject_name_hash x509_issuer_name_hash ## x509_verify sct_verify function x509_spki_hash%(cert: opaque of x509, hash_alg: count%): string %{ file_analysis::X509Val *cert_handle = (file_analysis::X509Val *) cert; return x509_entity_hash(cert_handle, hash_alg, 2); %}