ASN.1 Field Ordering in Go
A few days ago I had to generate a Certificate Signing Request using Go; dealing with crypto in Go is always a breeze, but then I was notified by the Certification Authority that fields were out of order. Technically, considering the DER nature of the CSR, the order of Organizational Unit should not matter. The CSR was regenerated to no avail.
The solution was to write the CSR manually (sort of manually, see below),
defining all asn1 bits. That comprised of digging through the documentation,
implementation files and tests, so I could understand what was happening behind
the courtains. Personally, what most intriged me was Go checking for a prefix
in a type name through reflection to determine whether it was an ASN.1 sequence
or set.
So, first of all, let’s determine what we will need to generate our Subject
line: Object IDs for all the fields we plan on filling, a custom type so we
can write UTF8String instead of PrintableString (Only Country is
PrintableString), and a custom type so we can get sets instead of sequences.
package generator
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/asn1"
"encoding/pem"
)
var (
oidCountry = asn1.ObjectIdentifier{2, 5, 4, 6}
oidOrganization = asn1.ObjectIdentifier{2, 5, 4, 10}
oidOrganizationalUnit = asn1.ObjectIdentifier{2, 5, 4, 11}
oidCommonName = asn1.ObjectIdentifier{2, 5, 4, 3}
oidLocality = asn1.ObjectIdentifier{2, 5, 4, 7}
oidProvince = asn1.ObjectIdentifier{2, 5, 4, 8}
)
type ASNUTF8String struct {
Type asn1.ObjectIdentifier
Value string `asn1:"utf8"`
}
// AnySET is an interface{} slice; SET is required by asn.1 to generate it
// as a set instead of a sequence.
type AnySET []interface{}
Then, to the implementation. The CSR requires a private key, which in my case was storad in a PKCS#12 container. Reading it is easy using Go’s crypto packages. One of the CSR’s Organizational Unit values and the Common Name is provided through arguments, together with two byte slices containing the private key, and its password. Error checks were elided to keep the example small.
func GenerateCSR(private, password []byte, commonName, OU string) ([]byte, error) {
block, _ := pem.Decode(private)
var rawBlock []byte
var key *rsa.PrivateKey
rawBlock, _ = x509.DecryptPEMBlock(block, password)
key, _ = x509.ParsePKCS1PrivateKey(rawBlock)
attributes := []AnySET{
{ASNUTF8String{Type: oidCommonName, Value: commonName}},
{ASNUTF8String{Type: oidOrganizationalUnit, Value: OU}},
{ASNUTF8String{Type: oidOrganizationalUnit, Value: "Another OU Value"}},
{ASNUTF8String{Type: oidOrganizationalUnit, Value: "Yet another OU Value"}},
{ASNUTF8String{Type: oidOrganization, Value: "Organization Name"}},
{ASNUTF8String{Type: oidLocality, Value: "Locality Name"}},
{ASNUTF8String{Type: oidProvince, Value: "Province"}},
{pkix.AttributeTypeAndValue{Type: oidCountry, Value: "Country Code"}},
}
attrBytes, _ := asn1.Marshal(attributes)
template := x509.CertificateRequest{
RawSubject: attrBytes,
}
csrBytes, _ := x509.CreateCertificateRequest(rand.Reader, &template, key)
return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE REQUEST", Bytes: csrBytes}), nil
}
Without this, the order was based on the Subject type field order, which was
considered invalid by our CA.