[WIP] x509af: dissect subjectPublicKeyx509-subjectpublickey

The subjectPublicKey field of a Certificate (TBSCertificate) is defined
as type BIT STRING. The actual contents depend on the Algorithm
Identifier which is preceding the subjectPublicKey field.

This patch (aims to) add(s) support for dissection of the public key.

Notes:

Currently only RSA is "half-working" and dissected as:

    subjectPublicKeyInfo
        algorithm (rsaEncryption)
            Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
        subjectPublicKey: 3082010a0282010100b7c769e2d0eacaeb929fc08238a9ff...
            modulus : 0x00b7c769e2d0eacaeb929fc08238a9ffc59cab39c28a2e26...
            publicExponent: 65537

It should probably become:

    subjectPublicKeyInfo
        algorithm (rsaEncryption)
            Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
        subjectPublicKey
            RSAPublicKey
                modulus : ...
                publicExponent: 65537

Right now DSA and DH keys are displayed instead of subjectPublicKey
due to the hf_id reuse. These should get a new hf ID instead.

TODO:

 - Add public key dissections below the BIT STRING subtree. This might
   require API changes to dissect_ber_bitstring.
 - Import PKIX1Algorithms2008 module from RFC 5480 (Elliptic Curve
   Cryptography Subject Public Key Information) which is based on the
   PKIX1Algorithms88 module from RFC 3279). Then import DSA, DH and
   others from it. This is more correct than exporting it from the
   PKCS#1 module.
 - Check field names, right now these are displayed as a rather
   useless/generic BER integer field (for the DH and DSA params).

Change-Id: Ib92645433b0a0078a947ff0ac26c5e6a64877b93

1 files changed, 29 insertions, 0 deletions

diff --git a/asn1/x509af/x509af.cnf b/asn1/x509af/x509af.cnf
index e0e6a82166..1b173f0513 100644
--- a/asn1/x509af/x509af.cnf
+++ b/asn1/x509af/x509af.cnf
@@ -81,6 +81,35 @@ CertificateList/signedCertificateList/revokedCertificates/_item/userCertificate
 #.FN_BODY AlgorithmIdentifier/parameters
   offset=call_ber_oid_callback(actx->external.direct_reference, tvb, offset, actx->pinfo, tree, NULL);
 
+#.FN_BODY SubjectPublicKeyInfo/subjectPublicKey
+  tvbuff_t *bs_tvb;
+
+  /* subjectPublicKey is a BIT STRING with an explicit tag. It is DER-encoded,
+   * meaning that the length field consists of hex 8n followed by n octets. */
+  /* TODO: drop dissect_ber_bitstring and use above assumptions? */
+  /* -1 for hf_index and NULL for tree as this only attempts to parse the
+   * bitstring without creating a tree, */
+  dissect_ber_bitstring(FALSE, actx, NULL, tvb, offset,
+                        NULL, -1, -1, &bs_tvb);
+
+  /* See RFC 3279 for possible subjectPublicKey values given an Algorithm ID.
+   * The contents of subjectPublicKey are always explicitly tagged. */
+
+  if (!strcmp(algorithm_id, "1.2.840.113549.1.1.1")) { /* id-rsa */
+    offset += dissect_pkcs1_RSAPublicKey(FALSE, bs_tvb, 0, actx, tree, hf_index);
+
+  } else if (!strcmp(algorithm_id, "1.2.840.10040.4.1")) { /* id-dsa */
+    offset += dissect_pkcs1_DSAPublicKey(FALSE, bs_tvb, 0, actx, tree, hf_index);
+
+  } else if (!strcmp(algorithm_id, "1.2.840.10046.2.1")) { /* dhpublicnumber */
+    offset += dissect_pkcs1_DHPublicKey(FALSE, bs_tvb, 0, actx, tree, hf_index);
+
+  } else {
+    /* unknown key type, display raw contents. */
+    offset = dissect_ber_bitstring(FALSE, actx, tree, tvb, offset,
+                                   NULL, hf_index, -1, NULL);
+  }
+
 #.FN_PARS Extension/extnId
   FN_VARIANT = _str  HF_INDEX = hf_x509af_extension_id  VAL_PTR = &actx->external.direct_reference