Subversion Repositories planix.SVN

Rev

Rev 26 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
2 - 1 
#include <u.h>
2 
#include <libc.h>
3 
#include <mp.h>
4 
#include <libsec.h>
5 
 
6 
/*=============================================================*/
7 
/*  general ASN1 declarations and parsing
8 
 *
9 
 *  For now, this is used only for extracting the key from an
10 
 *  X509 certificate, so the entire collection is hidden.  But
11 
 *  someday we should probably make the functions visible and
12 
 *  give them their own man page.
13 
 */
14 
typedef struct Elem Elem;
15 
typedef struct Tag Tag;
16 
typedef struct Value Value;
17 
typedef struct Bytes Bytes;
18 
typedef struct Ints Ints;
19 
typedef struct Bits Bits;
20 
typedef struct Elist Elist;
21 
 
22 
/* tag classes */
23 
#define Universal 0
24 
#define Context 0x80
25 
 
26 
/* universal tags */
27 
#define BOOLEAN 1
28 
#define INTEGER 2
29 
#define BIT_STRING 3
30 
#define OCTET_STRING 4
31 
#define NULLTAG 5
32 
#define OBJECT_ID 6
33 
#define ObjectDescriptor 7
34 
#define EXTERNAL 8
35 
#define REAL 9
36 
#define ENUMERATED 10
37 
#define EMBEDDED_PDV 11
38 
#define UTF8String 12
39 
#define SEQUENCE 16		/* also SEQUENCE OF */
40 
#define SETOF 17				/* also SETOF OF */
41 
#define NumericString 18
42 
#define PrintableString 19
43 
#define TeletexString 20
44 
#define VideotexString 21
45 
#define IA5String 22
46 
#define UTCTime 23
47 
#define GeneralizedTime 24
48 
#define GraphicString 25
49 
#define VisibleString 26
50 
#define GeneralString 27
51 
#define UniversalString 28
52 
#define BMPString 30
53 
 
54 
struct Bytes {
55 
	int	len;
26 7u83 56 
	uchar	data[];
2 - 57 
};
58 
 
59 
struct Ints {
60 
	int	len;
26 7u83 61 
	int	data[];
2 - 62 
};
63 
 
64 
struct Bits {
65 
	int	len;		/* number of bytes */
66 
	int	unusedbits;	/* unused bits in last byte */
26 7u83 67 
	uchar	data[];		/* most-significant bit first */
2 - 68 
};
69 
 
70 
struct Tag {
71 
	int	class;
72 
	int	num;
73 
};
74 
 
75 
enum { VBool, VInt, VOctets, VBigInt, VReal, VOther,
76 
	VBitString, VNull, VEOC, VObjId, VString, VSeq, VSet };
77 
struct Value {
78 
	int	tag;		/* VBool, etc. */
79 
	union {
80 
		int	boolval;
81 
		int	intval;
82 
		Bytes*	octetsval;
83 
		Bytes*	bigintval;
84 
		Bytes*	realval;	/* undecoded; hardly ever used */
85 
		Bytes*	otherval;
86 
		Bits*	bitstringval;
87 
		Ints*	objidval;
88 
		char*	stringval;
89 
		Elist*	seqval;
90 
		Elist*	setval;
91 
	} u;  /* (Don't use anonymous unions, for ease of porting) */
92 
};
93 
 
94 
struct Elem {
95 
	Tag	tag;
96 
	Value	val;
97 
};
98 
 
99 
struct Elist {
100 
	Elist*	tl;
101 
	Elem	hd;
102 
};
103 
 
104 
/* decoding errors */
105 
enum { ASN_OK, ASN_ESHORT, ASN_ETOOBIG, ASN_EVALLEN,
106 
		ASN_ECONSTR, ASN_EPRIM, ASN_EINVAL, ASN_EUNIMPL };
107 
 
108 
 
109 
/* here are the functions to consider making extern someday */
110 
static Bytes*	newbytes(int len);
111 
static Bytes*	makebytes(uchar* buf, int len);
112 
static void	freebytes(Bytes* b);
113 
static Bytes*	catbytes(Bytes* b1, Bytes* b2);
114 
static Ints*	newints(int len);
115 
static Ints*	makeints(int* buf, int len);
116 
static void	freeints(Ints* b);
117 
static Bits*	newbits(int len);
118 
static Bits*	makebits(uchar* buf, int len, int unusedbits);
119 
static void	freebits(Bits* b);
120 
static Elist*	mkel(Elem e, Elist* tail);
121 
static void	freeelist(Elist* el);
122 
static int	elistlen(Elist* el);
123 
static int	is_seq(Elem* pe, Elist** pseq);
124 
static int	is_set(Elem* pe, Elist** pset);
125 
static int	is_int(Elem* pe, int* pint);
126 
static int	is_bigint(Elem* pe, Bytes** pbigint);
127 
static int	is_bitstring(Elem* pe, Bits** pbits);
128 
static int	is_octetstring(Elem* pe, Bytes** poctets);
129 
static int	is_oid(Elem* pe, Ints** poid);
130 
static int	is_string(Elem* pe, char** pstring);
131 
static int	is_time(Elem* pe, char** ptime);
132 
static int	decode(uchar* a, int alen, Elem* pelem);
133 
static int	encode(Elem e, Bytes** pbytes);
134 
static int	oid_lookup(Ints* o, Ints** tab);
135 
static void	freevalfields(Value* v);
136 
static mpint	*asn1mpint(Elem *e);
26 7u83 137 
static void	edump(Elem);
2 - 138 
 
139 
#define TAG_MASK 0x1F
140 
#define CONSTR_MASK 0x20
141 
#define CLASS_MASK 0xC0
142 
#define MAXOBJIDLEN 20
143 
 
144 
static int ber_decode(uchar** pp, uchar* pend, Elem* pelem);
145 
static int tag_decode(uchar** pp, uchar* pend, Tag* ptag, int* pisconstr);
146 
static int length_decode(uchar** pp, uchar* pend, int* plength);
147 
static int value_decode(uchar** pp, uchar* pend, int length, int kind, int isconstr, Value* pval);
148 
static int int_decode(uchar** pp, uchar* pend, int count, int unsgned, int* pint);
149 
static int uint7_decode(uchar** pp, uchar* pend, int* pint);
150 
static int octet_decode(uchar** pp, uchar* pend, int length, int isconstr, Bytes** pbytes);
151 
static int seq_decode(uchar** pp, uchar* pend, int length, int isconstr, Elist** pelist);
152 
static int enc(uchar** pp, Elem e, int lenonly);
153 
static int val_enc(uchar** pp, Elem e, int *pconstr, int lenonly);
154 
static void uint7_enc(uchar** pp, int num, int lenonly);
155 
static void int_enc(uchar** pp, int num, int unsgned, int lenonly);
156 
 
157 
static void *
158 
emalloc(int n)
159 
{
160 
	void *p;
161 
	if(n==0)
162 
		n=1;
163 
	p = malloc(n);
26 7u83 164 
	if(p == nil)
165 
		sysfatal("out of memory");
2 - 166 
	memset(p, 0, n);
167 
	setmalloctag(p, getcallerpc(&n));
168 
	return p;
169 
}
170 
 
171 
static char*
172 
estrdup(char *s)
173 
{
26 7u83 174 
	char *d;
175 
	int n;
2 - 176 
 
26 7u83 177 
	n = strlen(s)+1;
178 
	d = emalloc(n);
179 
	memmove(d, s, n);
180 
	return d;
2 - 181 
}
182 
 
183 
 
184 
/*
185 
 * Decode a[0..len] as a BER encoding of an ASN1 type.
186 
 * The return value is one of ASN_OK, etc.
187 
 * Depending on the error, the returned elem may or may not
188 
 * be nil.
189 
 */
190 
static int
191 
decode(uchar* a, int alen, Elem* pelem)
192 
{
193 
	uchar* p = a;
26 7u83 194 
	int err;
2 - 195 
 
26 7u83 196 
	err = ber_decode(&p, &a[alen], pelem);
197 
	if(err == ASN_OK && p != &a[alen])
198 
		err = ASN_EVALLEN;
199 
	return err;
2 - 200 
}
201 
 
202 
/*
203 
 * All of the following decoding routines take arguments:
204 
 *	uchar **pp;
205 
 *	uchar *pend;
206 
 * Where parsing is supposed to start at **pp, and when parsing
207 
 * is done, *pp is updated to point at next char to be parsed.
208 
 * The pend pointer is just past end of string; an error should
209 
 * be returned parsing hasn't finished by then.
210 
 *
211 
 * The returned int is ASN_OK if all went fine, else ASN_ESHORT, etc.
212 
 * The remaining argument(s) are pointers to where parsed entity goes.
213 
 */
214 
 
215 
/* Decode an ASN1 'Elem' (tag, length, value) */
216 
static int
217 
ber_decode(uchar** pp, uchar* pend, Elem* pelem)
218 
{
219 
	int err;
220 
	int isconstr;
221 
	int length;
222 
	Tag tag;
223 
	Value val;
224 
 
26 7u83 225 
	memset(pelem, 0, sizeof(*pelem));
2 - 226 
	err = tag_decode(pp, pend, &tag, &isconstr);
227 
	if(err == ASN_OK) {
228 
		err = length_decode(pp, pend, &length);
229 
		if(err == ASN_OK) {
26 7u83 230 
			if(tag.class == Universal)
2 - 231 
				err = value_decode(pp, pend, length, tag.num, isconstr, &val);
26 7u83 232 
			else
2 - 233 
				err = value_decode(pp, pend, length, OCTET_STRING, 0, &val);
234 
			if(err == ASN_OK) {
235 
				pelem->tag = tag;
236 
				pelem->val = val;
237 
			}
238 
		}
239 
	}
240 
	return err;
241 
}
242 
 
243 
/* Decode a tag field */
244 
static int
245 
tag_decode(uchar** pp, uchar* pend, Tag* ptag, int* pisconstr)
246 
{
247 
	int err;
248 
	int v;
249 
	uchar* p;
250 
 
251 
	err = ASN_OK;
252 
	p = *pp;
253 
	if(pend-p >= 2) {
254 
		v = *p++;
255 
		ptag->class = v&CLASS_MASK;
256 
		if(v&CONSTR_MASK)
257 
			*pisconstr = 1;
258 
		else
259 
			*pisconstr = 0;
260 
		v &= TAG_MASK;
261 
		if(v == TAG_MASK)
262 
			err = uint7_decode(&p, pend, &v);
263 
		ptag->num = v;
264 
	}
265 
	else
266 
		err = ASN_ESHORT;
267 
	*pp = p;
268 
	return err;
269 
}
270 
 
271 
/* Decode a length field */
272 
static int
273 
length_decode(uchar** pp, uchar* pend, int* plength)
274 
{
275 
	int err;
276 
	int num;
277 
	int v;
278 
	uchar* p;
279 
 
280 
	err = ASN_OK;
281 
	num = 0;
282 
	p = *pp;
283 
	if(p < pend) {
284 
		v = *p++;
285 
		if(v&0x80)
286 
			err = int_decode(&p, pend, v&0x7F, 1, &num);
287 
		else
288 
			num = v;
289 
	}
290 
	else
291 
		err = ASN_ESHORT;
292 
	*pp = p;
293 
	*plength = num;
294 
	return err;
295 
}
296 
 
297 
/* Decode a value field  */
298 
static int
299 
value_decode(uchar** pp, uchar* pend, int length, int kind, int isconstr, Value* pval)
300 
{
301 
	int err;
302 
	Bytes* va;
303 
	int num;
304 
	int bitsunused;
305 
	int subids[MAXOBJIDLEN];
306 
	int isubid;
307 
	Elist*	vl;
308 
	uchar* p;
309 
	uchar* pe;
310 
 
311 
	err = ASN_OK;
312 
	p = *pp;
313 
	if(length == -1) {	/* "indefinite" length spec */
314 
		if(!isconstr)
315 
			err = ASN_EINVAL;
316 
	}
317 
	else if(p + length > pend)
318 
		err = ASN_EVALLEN;
319 
	if(err != ASN_OK)
320 
		return err;
321 
 
322 
	switch(kind) {
323 
	case 0:
324 
		/* marker for end of indefinite constructions */
325 
		if(length == 0)
326 
			pval->tag = VNull;
327 
		else
328 
			err = ASN_EINVAL;
329 
		break;
330 
 
331 
	case BOOLEAN:
332 
		if(isconstr)
333 
			err = ASN_ECONSTR;
334 
		else if(length != 1)
335 
			err = ASN_EVALLEN;
336 
		else {
337 
			pval->tag = VBool;
338 
			pval->u.boolval = (*p++ != 0);
339 
		}
340 
		break;
341 
 
342 
	case INTEGER:
343 
	case ENUMERATED:
344 
		if(isconstr)
345 
			err = ASN_ECONSTR;
346 
		else if(length <= 4) {
347 
			err = int_decode(&p, pend, length, 0, &num);
348 
			if(err == ASN_OK) {
349 
				pval->tag = VInt;
350 
				pval->u.intval = num;
351 
			}
352 
		}
353 
		else {
354 
			pval->tag = VBigInt;
355 
			pval->u.bigintval = makebytes(p, length);
356 
			p += length;
357 
		}
358 
		break;
359 
 
360 
	case BIT_STRING:
361 
		pval->tag = VBitString;
362 
		if(isconstr) {
363 
			if(length == -1 && p + 2 <= pend && *p == 0 && *(p+1) ==0) {
364 
				pval->u.bitstringval = makebits(0, 0, 0);
365 
				p += 2;
366 
			}
26 7u83 367 
			else	/* TODO: recurse and concat results */
2 - 368 
				err = ASN_EUNIMPL;
369 
		}
370 
		else {
371 
			if(length < 2) {
372 
				if(length == 1 && *p == 0) {
373 
					pval->u.bitstringval = makebits(0, 0, 0);
374 
					p++;
375 
				}
376 
				else
377 
					err = ASN_EINVAL;
378 
			}
379 
			else {
380 
				bitsunused = *p;
381 
				if(bitsunused > 7)
382 
					err = ASN_EINVAL;
383 
				else if(length > 0x0FFFFFFF)
384 
					err = ASN_ETOOBIG;
385 
				else {
386 
					pval->u.bitstringval = makebits(p+1, length-1, bitsunused);
387 
					p += length;
388 
				}
389 
			}
390 
		}
391 
		break;
392 
 
393 
	case OCTET_STRING:
394 
	case ObjectDescriptor:
395 
		err = octet_decode(&p, pend, length, isconstr, &va);
396 
		if(err == ASN_OK) {
397 
			pval->tag = VOctets;
398 
			pval->u.octetsval = va;
399 
		}
400 
		break;
401 
 
402 
	case NULLTAG:
403 
		if(isconstr)
404 
			err = ASN_ECONSTR;
405 
		else if(length != 0)
406 
			err = ASN_EVALLEN;
407 
		else
408 
			pval->tag = VNull;
409 
		break;
410 
 
411 
	case OBJECT_ID:
412 
		if(isconstr)
413 
			err = ASN_ECONSTR;
414 
		else if(length == 0)
415 
			err = ASN_EVALLEN;
416 
		else {
417 
			isubid = 0;
418 
			pe = p+length;
419 
			while(p < pe && isubid < MAXOBJIDLEN) {
420 
				err = uint7_decode(&p, pend, &num);
421 
				if(err != ASN_OK)
422 
					break;
423 
				if(isubid == 0) {
424 
					subids[isubid++] = num / 40;
425 
					subids[isubid++] = num % 40;
426 
				}
427 
				else
428 
					subids[isubid++] = num;
429 
			}
430 
			if(err == ASN_OK) {
431 
				if(p != pe)
432 
					err = ASN_EVALLEN;
433 
				else {
434 
					pval->tag = VObjId;
435 
					pval->u.objidval = makeints(subids, isubid);
436 
				}
437 
			}
438 
		}
439 
		break;
440 
 
441 
	case EXTERNAL:
442 
	case EMBEDDED_PDV:
443 
		/* TODO: parse this internally */
444 
		if(p+length > pend)
445 
			err = ASN_EVALLEN;
446 
		else {
447 
			pval->tag = VOther;
448 
			pval->u.otherval = makebytes(p, length);
449 
			p += length;
450 
		}
451 
		break;
452 
 
453 
	case REAL:
454 
		/* Let the application decode */
455 
		if(isconstr)
456 
			err = ASN_ECONSTR;
457 
		else if(p+length > pend)
458 
			err = ASN_EVALLEN;
459 
		else {
460 
			pval->tag = VReal;
461 
			pval->u.realval = makebytes(p, length);
462 
			p += length;
463 
		}
464 
		break;
465 
 
466 
	case SEQUENCE:
467 
		err = seq_decode(&p, pend, length, isconstr, &vl);
468 
		if(err == ASN_OK) {
469 
			pval->tag = VSeq ;
470 
			pval->u.seqval = vl;
471 
		}
472 
		break;
473 
 
474 
	case SETOF:
475 
		err = seq_decode(&p, pend, length, isconstr, &vl);
476 
		if(err == ASN_OK) {
477 
			pval->tag = VSet;
478 
			pval->u.setval = vl;
479 
		}
480 
		break;
26 7u83 481 
 
2 - 482 
	case UTF8String:
483 
	case NumericString:
484 
	case PrintableString:
485 
	case TeletexString:
486 
	case VideotexString:
487 
	case IA5String:
488 
	case UTCTime:
489 
	case GeneralizedTime:
490 
	case GraphicString:
491 
	case VisibleString:
492 
	case GeneralString:
493 
	case UniversalString:
494 
	case BMPString:
495 
		err = octet_decode(&p, pend, length, isconstr, &va);
496 
		if(err == ASN_OK) {
26 7u83 497 
			uchar *s;
498 
			char *d;
499 
			Rune r;
500 
			int n;
501 
 
502 
			switch(kind){
503 
			case UniversalString:
504 
				n = va->len / 4;
505 
				d = emalloc(n*UTFmax+1);
506 
				pval->u.stringval = d;
507 
				s = va->data;
508 
				while(n > 0){
509 
					r = s[0]<<24 | s[1]<<16 | s[2]<<8 | s[3];
510 
					if(r == 0)
511 
						break;
512 
					n--;
513 
					s += 4;
514 
					d += runetochar(d, &r);
515 
				}
516 
				*d = 0;
517 
				break;
518 
			case BMPString:
519 
				n = va->len / 2;
520 
				d = emalloc(n*UTFmax+1);
521 
				pval->u.stringval = d;
522 
				s = va->data;
523 
				while(n > 0){
524 
					r = s[0]<<8 | s[1];
525 
					if(r == 0)
526 
						break;
527 
					n--;
528 
					s += 2;
529 
					d += runetochar(d, &r);
530 
				}
531 
				*d = 0;
532 
				break;
533 
			default:
534 
				n = va->len;
535 
				d = emalloc(n+1);
536 
				pval->u.stringval = d;
537 
				s = va->data;
538 
				while(n > 0){
539 
					if((*d = *s) == 0)
540 
						break;
541 
					n--;
542 
					s++;
543 
					d++;
544 
				}
545 
				*d = 0;
546 
				break;
547 
			}
548 
			if(n != 0){
549 
				err = ASN_EINVAL;
550 
				free(pval->u.stringval);
551 
			} else
552 
				pval->tag = VString;
2 - 553 
			free(va);
554 
		}
555 
		break;
556 
 
557 
	default:
558 
		if(p+length > pend)
559 
			err = ASN_EVALLEN;
560 
		else {
561 
			pval->tag = VOther;
562 
			pval->u.otherval = makebytes(p, length);
563 
			p += length;
564 
		}
565 
		break;
566 
	}
567 
	*pp = p;
568 
	return err;
569 
}
570 
 
571 
/*
572 
 * Decode an int in format where count bytes are
573 
 * concatenated to form value.
574 
 * Although ASN1 allows any size integer, we return
575 
 * an error if the result doesn't fit in a 32-bit int.
576 
 * If unsgned is not set, make sure to propagate sign bit.
577 
 */
578 
static int
579 
int_decode(uchar** pp, uchar* pend, int count, int unsgned, int* pint)
580 
{
581 
	int err;
582 
	int num;
583 
	uchar* p;
584 
 
585 
	p = *pp;
586 
	err = ASN_OK;
587 
	num = 0;
588 
	if(p+count <= pend) {
589 
		if((count > 4) || (unsgned && count == 4 && (*p&0x80)))
590 
			err = ASN_ETOOBIG;
591 
		else {
592 
			if(!unsgned && count > 0 && count < 4 && (*p&0x80))
593 
				num = -1;	/* set all bits, initially */
594 
			while(count--)
595 
				num = (num << 8)|(*p++);
596 
		}
597 
	}
598 
	else
599 
		err = ASN_ESHORT;
600 
	*pint = num;
601 
	*pp = p;
602 
	return err;
603 
}
604 
 
605 
/*
606 
 * Decode an unsigned int in format where each
607 
 * byte except last has high bit set, and remaining
608 
 * seven bits of each byte are concatenated to form value.
609 
 * Although ASN1 allows any size integer, we return
610 
 * an error if the result doesn't fit in a 32 bit int.
611 
 */
612 
static int
613 
uint7_decode(uchar** pp, uchar* pend, int* pint)
614 
{
615 
	int err;
616 
	int num;
617 
	int more;
618 
	int v;
619 
	uchar* p;
620 
 
621 
	p = *pp;
622 
	err = ASN_OK;
623 
	num = 0;
624 
	more = 1;
625 
	while(more && p < pend) {
626 
		v = *p++;
627 
		if(num&0x7F000000) {
628 
			err = ASN_ETOOBIG;
629 
			break;
630 
		}
631 
		num <<= 7;
632 
		more = v&0x80;
633 
		num |= (v&0x7F);
634 
	}
635 
	if(p == pend)
636 
		err = ASN_ESHORT;
637 
	*pint = num;
638 
	*pp = p;
639 
	return err;
640 
}
641 
 
642 
/*
643 
 * Decode an octet string, recursively if isconstr.
644 
 * We've already checked that length==-1 implies isconstr==1,
645 
 * and otherwise that specified length fits within (*pp..pend)
646 
 */
647 
static int
648 
octet_decode(uchar** pp, uchar* pend, int length, int isconstr, Bytes** pbytes)
649 
{
650 
	int err;
651 
	uchar* p;
652 
	Bytes* ans;
653 
	Bytes* newans;
654 
	uchar* pstart;
655 
	uchar* pold;
656 
	Elem	elem;
657 
 
658 
	err = ASN_OK;
659 
	p = *pp;
660 
	ans = nil;
661 
	if(length >= 0 && !isconstr) {
662 
		ans = makebytes(p, length);
663 
		p += length;
664 
	}
665 
	else {
666 
		/* constructed, either definite or indefinite length */
667 
		pstart = p;
668 
		for(;;) {
669 
			if(length >= 0 && p >= pstart + length) {
670 
				if(p != pstart + length)
671 
					err = ASN_EVALLEN;
672 
				break;
673 
			}
674 
			pold = p;
675 
			err = ber_decode(&p, pend, &elem);
676 
			if(err != ASN_OK)
677 
				break;
678 
			switch(elem.val.tag) {
679 
			case VOctets:
680 
				newans = catbytes(ans, elem.val.u.octetsval);
26 7u83 681 
				freevalfields(&elem.val);
2 - 682 
				freebytes(ans);
683 
				ans = newans;
684 
				break;
685 
 
686 
			case VEOC:
26 7u83 687 
				if(length == -1)
688 
					goto cloop_done;
689 
				/* no break */
2 - 690 
			default:
26 7u83 691 
				freevalfields(&elem.val);
2 - 692 
				p = pold;
693 
				err = ASN_EINVAL;
694 
				goto cloop_done;
695 
			}
696 
		}
697 
cloop_done:
26 7u83 698 
		if(err != ASN_OK){
699 
			freebytes(ans);
700 
			ans = nil;
701 
		}
2 - 702 
	}
703 
	*pp = p;
704 
	*pbytes = ans;
705 
	return err;
706 
}
707 
 
708 
/*
709 
 * Decode a sequence or set.
710 
 * We've already checked that length==-1 implies isconstr==1,
711 
 * and otherwise that specified length fits within (*p..pend)
712 
 */
713 
static int
714 
seq_decode(uchar** pp, uchar* pend, int length, int isconstr, Elist** pelist)
715 
{
716 
	int err;
717 
	uchar* p;
718 
	uchar* pstart;
719 
	uchar* pold;
720 
	Elist* ans;
721 
	Elem elem;
722 
	Elist* lve;
723 
	Elist* lveold;
724 
 
725 
	err = ASN_OK;
726 
	ans = nil;
727 
	p = *pp;
728 
	if(!isconstr)
729 
		err = ASN_EPRIM;
730 
	else {
731 
		/* constructed, either definite or indefinite length */
732 
		lve = nil;
733 
		pstart = p;
734 
		for(;;) {
735 
			if(length >= 0 && p >= pstart + length) {
736 
				if(p != pstart + length)
737 
					err = ASN_EVALLEN;
738 
				break;
739 
			}
740 
			pold = p;
741 
			err = ber_decode(&p, pend, &elem);
742 
			if(err != ASN_OK)
743 
				break;
744 
			if(elem.val.tag == VEOC) {
745 
				if(length != -1) {
746 
					p = pold;
747 
					err = ASN_EINVAL;
748 
				}
749 
				break;
750 
			}
751 
			else
752 
				lve = mkel(elem, lve);
753 
		}
26 7u83 754 
		if(err != ASN_OK)
755 
			freeelist(lve);
756 
		else {
2 - 757 
			/* reverse back to original order */
758 
			while(lve != nil) {
759 
				lveold = lve;
760 
				lve = lve->tl;
761 
				lveold->tl = ans;
762 
				ans = lveold;
763 
			}
764 
		}
765 
	}
766 
	*pp = p;
767 
	*pelist = ans;
768 
	return err;
769 
}
770 
 
771 
/*
772 
 * Encode e by BER rules, putting answer in *pbytes.
773 
 * This is done by first calling enc with lenonly==1
774 
 * to get the length of the needed buffer,
775 
 * then allocating the buffer and using enc again to fill it up.
776 
 */
777 
static int
778 
encode(Elem e, Bytes** pbytes)
779 
{
780 
	uchar* p;
781 
	Bytes* ans;
782 
	int err;
783 
	uchar uc;
784 
 
785 
	p = &uc;
786 
	err = enc(&p, e, 1);
787 
	if(err == ASN_OK) {
788 
		ans = newbytes(p-&uc);
789 
		p = ans->data;
790 
		err = enc(&p, e, 0);
791 
		*pbytes = ans;
792 
	}
793 
	return err;
794 
}
795 
 
796 
/*
797 
 * The various enc functions take a pointer to a pointer
798 
 * into a buffer, and encode their entity starting there,
799 
 * updating the pointer afterwards.
800 
 * If lenonly is 1, only the pointer update is done,
801 
 * allowing enc to be called first to calculate the needed
802 
 * buffer length.
803 
 * If lenonly is 0, it is assumed that the answer will fit.
804 
 */
805 
 
806 
static int
807 
enc(uchar** pp, Elem e, int lenonly)
808 
{
809 
	int err;
810 
	int vlen;
811 
	int constr;
812 
	Tag tag;
813 
	int v;
814 
	int ilen;
815 
	uchar* p;
816 
	uchar* psave;
817 
 
818 
	p = *pp;
819 
	err = val_enc(&p, e, &constr, 1);
820 
	if(err != ASN_OK)
821 
		return err;
822 
	vlen = p - *pp;
823 
	p = *pp;
824 
	tag = e.tag;
825 
	v = tag.class|constr;
826 
	if(tag.num < 31) {
827 
		if(!lenonly)
828 
			*p = (v|tag.num);
829 
		p++;
830 
	}
831 
	else {
832 
		if(!lenonly)
833 
			*p = (v|31);
834 
		p++;
835 
		if(tag.num < 0)
836 
			return ASN_EINVAL;
837 
		uint7_enc(&p, tag.num, lenonly);
838 
	}
839 
	if(vlen < 0x80) {
840 
		if(!lenonly)
841 
			*p = vlen;
842 
		p++;
843 
	}
844 
	else {
845 
		psave = p;
846 
		int_enc(&p, vlen, 1, 1);
847 
		ilen = p-psave;
848 
		p = psave;
849 
		if(!lenonly) {
850 
			*p++ = (0x80 | ilen);
851 
			int_enc(&p, vlen, 1, 0);
852 
		}
853 
		else
854 
			p += 1 + ilen;
855 
	}
856 
	if(!lenonly)
857 
		val_enc(&p, e, &constr, 0);
858 
	else
859 
		p += vlen;
860 
	*pp = p;
861 
	return err;
862 
}
863 
 
864 
static int
865 
val_enc(uchar** pp, Elem e, int *pconstr, int lenonly)
866 
{
867 
	int err;
868 
	uchar* p;
869 
	int kind;
870 
	int cl;
871 
	int v;
872 
	Bytes* bb = nil;
873 
	Bits* bits;
874 
	Ints* oid;
875 
	int k;
876 
	Elist* el;
877 
	char* s;
878 
 
879 
	p = *pp;
880 
	err = ASN_OK;
881 
	kind = e.tag.num;
882 
	cl = e.tag.class;
883 
	*pconstr = 0;
884 
	if(cl != Universal) {
885 
		switch(e.val.tag) {
886 
		case VBool:
887 
			kind = BOOLEAN;
888 
			break;
889 
		case VInt:
890 
			kind = INTEGER;
891 
			break;
892 
		case VBigInt:
893 
			kind = INTEGER;
894 
			break;
895 
		case VOctets:
896 
			kind = OCTET_STRING;
897 
			break;
898 
		case VReal:
899 
			kind = REAL;
900 
			break;
901 
		case VOther:
902 
			kind = OCTET_STRING;
903 
			break;
904 
		case VBitString:
905 
			kind = BIT_STRING;
906 
			break;
907 
		case VNull:
908 
			kind = NULLTAG;
909 
			break;
910 
		case VObjId:
911 
			kind = OBJECT_ID;
912 
			break;
913 
		case VString:
914 
			kind = UniversalString;
915 
			break;
916 
		case VSeq:
917 
			kind = SEQUENCE;
918 
			break;
919 
		case VSet:
920 
			kind = SETOF;
921 
			break;
922 
		}
923 
	}
924 
	switch(kind) {
925 
	case BOOLEAN:
926 
		if(is_int(&e, &v)) {
927 
			if(v != 0)
928 
				v = 255;
929 
			 int_enc(&p, v, 1, lenonly);
930 
		}
931 
		else
932 
			err = ASN_EINVAL;
933 
		break;
934 
 
935 
	case INTEGER:
936 
	case ENUMERATED:
937 
		if(is_int(&e, &v))
938 
			int_enc(&p, v, 0, lenonly);
939 
		else {
940 
			if(is_bigint(&e, &bb)) {
941 
				if(!lenonly)
942 
					memmove(p, bb->data, bb->len);
943 
				p += bb->len;
944 
			}
945 
			else
946 
				err = ASN_EINVAL;
947 
		}
948 
		break;
949 
 
950 
	case BIT_STRING:
951 
		if(is_bitstring(&e, &bits)) {
952 
			if(bits->len == 0) {
953 
				if(!lenonly)
954 
					*p = 0;
955 
				p++;
956 
			}
957 
			else {
958 
				v = bits->unusedbits;
959 
				if(v < 0 || v > 7)
960 
					err = ASN_EINVAL;
961 
				else {
962 
					if(!lenonly) {
963 
						*p = v;
964 
						memmove(p+1, bits->data, bits->len);
965 
					}
966 
					p += 1 + bits->len;
967 
				}
968 
			}
969 
		}
970 
		else
971 
			err = ASN_EINVAL;
972 
		break;
973 
 
974 
	case OCTET_STRING:
975 
	case ObjectDescriptor:
976 
	case EXTERNAL:
977 
	case REAL:
978 
	case EMBEDDED_PDV:
979 
		bb = nil;
980 
		switch(e.val.tag) {
981 
		case VOctets:
982 
			bb = e.val.u.octetsval;
983 
			break;
984 
		case VReal:
985 
			bb = e.val.u.realval;
986 
			break;
987 
		case VOther:
988 
			bb = e.val.u.otherval;
989 
			break;
990 
		}
991 
		if(bb != nil) {
992 
			if(!lenonly)
993 
				memmove(p, bb->data, bb->len);
994 
			p += bb->len;
995 
		}
26 7u83 996 
		else
997 
			err = ASN_EINVAL;
2 - 998 
		break;
999 
 
1000 
	case NULLTAG:
1001 
		break;
1002 
 
1003 
	case OBJECT_ID:
1004 
		if(is_oid(&e, &oid)) {
1005 
			for(k = 0; k < oid->len; k++) {
1006 
				v = oid->data[k];
1007 
				if(k == 0) {
1008 
					v *= 40;
1009 
					if(oid->len > 1)
1010 
						v += oid->data[++k];
1011 
				}
1012 
				uint7_enc(&p, v, lenonly);
1013 
			}
1014 
		}
1015 
		else
1016 
			err = ASN_EINVAL;
1017 
		break;
1018 
 
1019 
	case SEQUENCE:
1020 
	case SETOF:
1021 
		el = nil;
1022 
		if(e.val.tag == VSeq)
1023 
			el = e.val.u.seqval;
1024 
		else if(e.val.tag == VSet)
1025 
			el = e.val.u.setval;
1026 
		else
1027 
			err = ASN_EINVAL;
1028 
		if(el != nil) {
1029 
			*pconstr = CONSTR_MASK;
1030 
			for(; el != nil; el = el->tl) {
1031 
				err = enc(&p, el->hd, lenonly);
1032 
				if(err != ASN_OK)
1033 
					break;
1034 
			}
1035 
		}
1036 
		break;
1037 
 
1038 
	case UTF8String:
1039 
	case NumericString:
1040 
	case PrintableString:
1041 
	case TeletexString:
1042 
	case VideotexString:
1043 
	case IA5String:
1044 
	case UTCTime:
1045 
	case GeneralizedTime:
1046 
	case GraphicString:
1047 
	case VisibleString:
1048 
	case GeneralString:
1049 
	case UniversalString:
1050 
	case BMPString:
1051 
		if(e.val.tag == VString) {
1052 
			s = e.val.u.stringval;
1053 
			if(s != nil) {
1054 
				v = strlen(s);
1055 
				if(!lenonly)
1056 
					memmove(p, s, v);
1057 
				p += v;
1058 
			}
1059 
		}
1060 
		else
1061 
			err = ASN_EINVAL;
1062 
		break;
1063 
 
1064 
	default:
1065 
		err = ASN_EINVAL;
1066 
	}
1067 
	*pp = p;
1068 
	return err;
1069 
}
1070 
 
1071 
/*
1072 
 * Encode num as unsigned 7 bit values with top bit 1 on all bytes
1073 
 * except last, only putting in bytes if !lenonly.
1074 
 */
1075 
static void
1076 
uint7_enc(uchar** pp, int num, int lenonly)
1077 
{
1078 
	int n;
1079 
	int v;
1080 
	int k;
1081 
	uchar* p;
1082 
 
1083 
	p = *pp;
1084 
	n = 1;
1085 
	v = num >> 7;
1086 
	while(v > 0) {
1087 
		v >>= 7;
1088 
		n++;
1089 
	}
1090 
	if(lenonly)
1091 
		p += n;
1092 
	else {
1093 
		for(k = (n - 1)*7; k > 0; k -= 7)
1094 
			*p++= ((num >> k)|0x80);
1095 
		*p++ = (num&0x7F);
1096 
	}
1097 
	*pp = p;
1098 
}
1099 
 
1100 
/*
1101 
 * Encode num as unsigned or signed integer,
1102 
 * only putting in bytes if !lenonly.
1103 
 * Encoding is length followed by bytes to concatenate.
1104 
 */
1105 
static void
1106 
int_enc(uchar** pp, int num, int unsgned, int lenonly)
1107 
{
1108 
	int v;
1109 
	int n;
1110 
	int prevv;
1111 
	int k;
1112 
	uchar* p;
1113 
 
1114 
	p = *pp;
1115 
	v = num;
1116 
	if(v < 0)
1117 
		v = -(v + 1);
1118 
	n = 1;
1119 
	prevv = v;
1120 
	v >>= 8;
1121 
	while(v > 0) {
1122 
		prevv = v;
1123 
		v >>= 8;
1124 
		n++;
1125 
	}
1126 
	if(!unsgned && (prevv&0x80))
1127 
		n++;
1128 
	if(lenonly)
1129 
		p += n;
1130 
	else {
1131 
		for(k = (n - 1)*8; k >= 0; k -= 8)
1132 
			*p++ = (num >> k);
1133 
	}
1134 
	*pp = p;
1135 
}
1136 
 
1137 
static int
1138 
ints_eq(Ints* a, Ints* b)
1139 
{
1140 
	int	alen;
1141 
	int	i;
1142 
 
1143 
	alen = a->len;
1144 
	if(alen != b->len)
1145 
		return 0;
1146 
	for(i = 0; i < alen; i++)
1147 
		if(a->data[i] != b->data[i])
1148 
			return 0;
1149 
	return 1;
1150 
}
1151 
 
1152 
/*
1153 
 * Look up o in tab (which must have nil entry to terminate).
1154 
 * Return index of matching entry, or -1 if none.
1155 
 */
1156 
static int
1157 
oid_lookup(Ints* o, Ints** tab)
1158 
{
1159 
	int i;
1160 
 
1161 
	for(i = 0; tab[i] != nil; i++)
1162 
		if(ints_eq(o, tab[i]))
1163 
			return  i;
1164 
	return -1;
1165 
}
1166 
 
1167 
/*
1168 
 * Return true if *pe is a SEQUENCE, and set *pseq to
1169 
 * the value of the sequence if so.
1170 
 */
1171 
static int
1172 
is_seq(Elem* pe, Elist** pseq)
1173 
{
1174 
	if(pe->tag.class == Universal && pe->tag.num == SEQUENCE && pe->val.tag == VSeq) {
1175 
		*pseq = pe->val.u.seqval;
1176 
		return 1;
1177 
	}
1178 
	return 0;
1179 
}
1180 
 
1181 
static int
1182 
is_set(Elem* pe, Elist** pset)
1183 
{
1184 
	if(pe->tag.class == Universal && pe->tag.num == SETOF && pe->val.tag == VSet) {
1185 
		*pset = pe->val.u.setval;
1186 
		return 1;
1187 
	}
1188 
	return 0;
1189 
}
1190 
 
1191 
static int
1192 
is_int(Elem* pe, int* pint)
1193 
{
1194 
	if(pe->tag.class == Universal) {
1195 
		if(pe->tag.num == INTEGER && pe->val.tag == VInt) {
1196 
			*pint = pe->val.u.intval;
1197 
			return 1;
1198 
		}
1199 
		else if(pe->tag.num == BOOLEAN && pe->val.tag == VBool) {
1200 
			*pint = pe->val.u.boolval;
1201 
			return 1;
1202 
		}
1203 
	}
1204 
	return 0;
1205 
}
1206 
 
1207 
/*
1208 
 * for convience, all VInt's are readable via this routine,
1209 
 * as well as all VBigInt's
1210 
 */
1211 
static int
1212 
is_bigint(Elem* pe, Bytes** pbigint)
1213 
{
26 7u83 1214 
	if(pe->tag.class == Universal && pe->tag.num == INTEGER && pe->val.tag == VBigInt) {
1215 
		*pbigint = pe->val.u.bigintval;
2 - 1216 
		return 1;
1217 
	}
1218 
	return 0;
1219 
}
1220 
 
1221 
static int
1222 
is_bitstring(Elem* pe, Bits** pbits)
1223 
{
1224 
	if(pe->tag.class == Universal && pe->tag.num == BIT_STRING && pe->val.tag == VBitString) {
1225 
		*pbits = pe->val.u.bitstringval;
1226 
		return 1;
1227 
	}
1228 
	return 0;
1229 
}
1230 
 
1231 
static int
1232 
is_octetstring(Elem* pe, Bytes** poctets)
1233 
{
1234 
	if(pe->tag.class == Universal && pe->tag.num == OCTET_STRING && pe->val.tag == VOctets) {
1235 
		*poctets = pe->val.u.octetsval;
1236 
		return 1;
1237 
	}
1238 
	return 0;
1239 
}
1240 
 
1241 
static int
1242 
is_oid(Elem* pe, Ints** poid)
1243 
{
1244 
	if(pe->tag.class == Universal && pe->tag.num == OBJECT_ID && pe->val.tag == VObjId) {
1245 
		*poid = pe->val.u.objidval;
1246 
		return 1;
1247 
	}
1248 
	return 0;
1249 
}
1250 
 
1251 
static int
1252 
is_string(Elem* pe, char** pstring)
1253 
{
1254 
	if(pe->tag.class == Universal) {
1255 
		switch(pe->tag.num) {
1256 
		case UTF8String:
1257 
		case NumericString:
1258 
		case PrintableString:
1259 
		case TeletexString:
1260 
		case VideotexString:
1261 
		case IA5String:
1262 
		case GraphicString:
1263 
		case VisibleString:
1264 
		case GeneralString:
1265 
		case UniversalString:
1266 
		case BMPString:
1267 
			if(pe->val.tag == VString) {
1268 
				*pstring = pe->val.u.stringval;
1269 
				return 1;
1270 
			}
1271 
		}
1272 
	}
1273 
	return 0;
1274 
}
1275 
 
1276 
static int
1277 
is_time(Elem* pe, char** ptime)
1278 
{
1279 
	if(pe->tag.class == Universal
1280 
	   && (pe->tag.num == UTCTime || pe->tag.num == GeneralizedTime)
1281 
	   && pe->val.tag == VString) {
1282 
		*ptime = pe->val.u.stringval;
1283 
		return 1;
1284 
	}
1285 
	return 0;
1286 
}
1287 
 
1288 
 
1289 
/*
1290 
 * malloc and return a new Bytes structure capable of
1291 
 * holding len bytes. (len >= 0)
1292 
 */
1293 
static Bytes*
1294 
newbytes(int len)
1295 
{
1296 
	Bytes* ans;
1297 
 
26 7u83 1298 
	if(len < 0)
1299 
		abort();
1300 
	ans = emalloc(sizeof(Bytes) + len);
2 - 1301 
	ans->len = len;
1302 
	return ans;
1303 
}
1304 
 
1305 
/*
1306 
 * newbytes(len), with data initialized from buf
1307 
 */
1308 
static Bytes*
1309 
makebytes(uchar* buf, int len)
1310 
{
1311 
	Bytes* ans;
1312 
 
1313 
	ans = newbytes(len);
1314 
	memmove(ans->data, buf, len);
1315 
	return ans;
1316 
}
1317 
 
1318 
static void
1319 
freebytes(Bytes* b)
1320 
{
26 7u83 1321 
	free(b);
2 - 1322 
}
1323 
 
1324 
/*
1325 
 * Make a new Bytes, containing bytes of b1 followed by those of b2.
1326 
 * Either b1 or b2 or both can be nil.
1327 
 */
1328 
static Bytes*
1329 
catbytes(Bytes* b1, Bytes* b2)
1330 
{
1331 
	Bytes* ans;
1332 
	int n;
1333 
 
1334 
	if(b1 == nil) {
1335 
		if(b2 == nil)
1336 
			ans = newbytes(0);
1337 
		else
1338 
			ans = makebytes(b2->data, b2->len);
1339 
	}
1340 
	else if(b2 == nil) {
1341 
		ans = makebytes(b1->data, b1->len);
1342 
	}
1343 
	else {
1344 
		n = b1->len + b2->len;
1345 
		ans = newbytes(n);
1346 
		ans->len = n;
1347 
		memmove(ans->data, b1->data, b1->len);
1348 
		memmove(ans->data+b1->len, b2->data, b2->len);
1349 
	}
1350 
	return ans;
1351 
}
1352 
 
1353 
/* len is number of ints */
1354 
static Ints*
1355 
newints(int len)
1356 
{
1357 
	Ints* ans;
1358 
 
26 7u83 1359 
	if(len < 0 || len > ((uint)-1>>1)/sizeof(int))
1360 
		abort();
1361 
	ans = emalloc(sizeof(Ints) + len*sizeof(int));
2 - 1362 
	ans->len = len;
1363 
	return ans;
1364 
}
1365 
 
1366 
static Ints*
1367 
makeints(int* buf, int len)
1368 
{
1369 
	Ints* ans;
1370 
 
1371 
	ans = newints(len);
26 7u83 1372 
	memmove(ans->data, buf, len*sizeof(int));
2 - 1373 
	return ans;
1374 
}
1375 
 
1376 
static void
1377 
freeints(Ints* b)
1378 
{
26 7u83 1379 
	free(b);
2 - 1380 
}
1381 
 
1382 
/* len is number of bytes */
1383 
static Bits*
1384 
newbits(int len)
1385 
{
1386 
	Bits* ans;
1387 
 
26 7u83 1388 
	if(len < 0)
1389 
		abort();
1390 
	ans = emalloc(sizeof(Bits) + len);
2 - 1391 
	ans->len = len;
1392 
	ans->unusedbits = 0;
1393 
	return ans;
1394 
}
1395 
 
1396 
static Bits*
1397 
makebits(uchar* buf, int len, int unusedbits)
1398 
{
1399 
	Bits* ans;
1400 
 
1401 
	ans = newbits(len);
1402 
	memmove(ans->data, buf, len);
1403 
	ans->unusedbits = unusedbits;
1404 
	return ans;
1405 
}
1406 
 
1407 
static void
1408 
freebits(Bits* b)
1409 
{
26 7u83 1410 
	free(b);
2 - 1411 
}
1412 
 
1413 
static Elist*
1414 
mkel(Elem e, Elist* tail)
1415 
{
1416 
	Elist* el;
1417 
 
1418 
	el = (Elist*)emalloc(sizeof(Elist));
1419 
	setmalloctag(el, getcallerpc(&e));
1420 
	el->hd = e;
1421 
	el->tl = tail;
1422 
	return el;
1423 
}
1424 
 
1425 
static int
1426 
elistlen(Elist* el)
1427 
{
1428 
	int ans = 0;
1429 
	while(el != nil) {
1430 
		ans++;
1431 
		el = el->tl;
1432 
	}
1433 
	return ans;
1434 
}
1435 
 
1436 
/* Frees elist, but not fields inside values of constituent elems */
1437 
static void
1438 
freeelist(Elist* el)
1439 
{
1440 
	Elist* next;
1441 
 
1442 
	while(el != nil) {
1443 
		next = el->tl;
1444 
		free(el);
1445 
		el = next;
1446 
	}
1447 
}
1448 
 
1449 
/* free any allocated structures inside v (recursively freeing Elists) */
1450 
static void
1451 
freevalfields(Value* v)
1452 
{
1453 
	Elist* el;
1454 
	Elist* l;
1455 
	if(v == nil)
1456 
		return;
1457 
	switch(v->tag) {
1458 
 	case VOctets:
1459 
		freebytes(v->u.octetsval);
1460 
		break;
1461 
	case VBigInt:
1462 
		freebytes(v->u.bigintval);
1463 
		break;
1464 
	case VReal:
1465 
		freebytes(v->u.realval);
1466 
		break;
1467 
	case VOther:
1468 
		freebytes(v->u.otherval);
1469 
		break;
1470 
	case VBitString:
1471 
		freebits(v->u.bitstringval);
1472 
		break;
1473 
	case VObjId:
1474 
		freeints(v->u.objidval);
1475 
		break;
1476 
	case VString:
26 7u83 1477 
		free(v->u.stringval);
2 - 1478 
		break;
1479 
	case VSeq:
1480 
		el = v->u.seqval;
1481 
		for(l = el; l != nil; l = l->tl)
1482 
			freevalfields(&l->hd.val);
26 7u83 1483 
		freeelist(el);
2 - 1484 
		break;
1485 
	case VSet:
1486 
		el = v->u.setval;
1487 
		for(l = el; l != nil; l = l->tl)
1488 
			freevalfields(&l->hd.val);
26 7u83 1489 
		freeelist(el);
2 - 1490 
		break;
1491 
	}
26 7u83 1492 
	memset(v, 0, sizeof(*v));
2 - 1493 
}
1494 
 
26 7u83 1495 
static mpint*
1496 
asn1mpint(Elem *e)
1497 
{
1498 
	Bytes *b;
1499 
	int v;
1500 
 
1501 
	if(is_int(e, &v))
1502 
		return itomp(v, nil);
1503 
	if(is_bigint(e, &b))
1504 
		return betomp(b->data, b->len, nil);
1505 
	return nil;
1506 
}
1507 
 
2 - 1508 
/* end of general ASN1 functions */
1509 
 
1510 
 
1511 
 
1512 
 
1513 
 
1514 
/*=============================================================*/
1515 
/*
1516 
 * Decode and parse an X.509 Certificate, defined by this ASN1:
1517 
 *	Certificate ::= SEQUENCE {
1518 
 *		certificateInfo CertificateInfo,
1519 
 *		signatureAlgorithm AlgorithmIdentifier,
1520 
 *		signature BIT STRING }
1521 
 *
1522 
 *	CertificateInfo ::= SEQUENCE {
1523 
 *		version [0] INTEGER DEFAULT v1 (0),
1524 
 *		serialNumber INTEGER,
1525 
 *		signature AlgorithmIdentifier,
1526 
 *		issuer Name,
1527 
 *		validity Validity,
1528 
 *		subject Name,
1529 
 *		subjectPublicKeyInfo SubjectPublicKeyInfo }
1530 
 *	(version v2 has two more fields, optional unique identifiers for
1531 
 *  issuer and subject; since we ignore these anyway, we won't parse them)
1532 
 *
1533 
 *	Validity ::= SEQUENCE {
1534 
 *		notBefore UTCTime,
1535 
 *		notAfter UTCTime }
1536 
 *
1537 
 *	SubjectPublicKeyInfo ::= SEQUENCE {
1538 
 *		algorithm AlgorithmIdentifier,
1539 
 *		subjectPublicKey BIT STRING }
1540 
 *
1541 
 *	AlgorithmIdentifier ::= SEQUENCE {
1542 
 *		algorithm OBJECT IDENTIFER,
1543 
 *		parameters ANY DEFINED BY ALGORITHM OPTIONAL }
1544 
 *
1545 
 *	Name ::= SEQUENCE OF RelativeDistinguishedName
1546 
 *
1547 
 *	RelativeDistinguishedName ::= SETOF SIZE(1..MAX) OF AttributeTypeAndValue
1548 
 *
1549 
 *	AttributeTypeAndValue ::= SEQUENCE {
1550 
 *		type OBJECT IDENTIFER,
1551 
 *		value DirectoryString }
1552 
 *	(selected attributes have these Object Ids:
1553 
 *		commonName {2 5 4 3}
1554 
 *		countryName {2 5 4 6}
1555 
 *		localityName {2 5 4 7}
1556 
 *		stateOrProvinceName {2 5 4 8}
1557 
 *		organizationName {2 5 4 10}
1558 
 *		organizationalUnitName {2 5 4 11}
1559 
 *	)
1560 
 *
1561 
 *	DirectoryString ::= CHOICE {
1562 
 *		teletexString TeletexString,
1563 
 *		printableString PrintableString,
1564 
 *		universalString UniversalString }
1565 
 *
1566 
 *  See rfc1423, rfc2437 for AlgorithmIdentifier, subjectPublicKeyInfo, signature.
1567 
 *
1568 
 *  Not yet implemented:
1569 
 *   CertificateRevocationList ::= SIGNED SEQUENCE{
1570 
 *           signature       AlgorithmIdentifier,
1571 
 *           issuer          Name,
1572 
 *           lastUpdate      UTCTime,
1573 
 *           nextUpdate      UTCTime,
1574 
 *           revokedCertificates
1575 
 *                           SEQUENCE OF CRLEntry OPTIONAL}
1576 
 *   CRLEntry ::= SEQUENCE{
1577 
 *           userCertificate SerialNumber,
1578 
 *           revocationDate UTCTime}
1579 
 */
1580 
 
1581 
typedef struct CertX509 {
1582 
	int	serial;
1583 
	char*	issuer;
1584 
	char*	validity_start;
1585 
	char*	validity_end;
1586 
	char*	subject;
1587 
	int	publickey_alg;
26 7u83 1588 
	Bits*	publickey;
2 - 1589 
	int	signature_alg;
26 7u83 1590 
	Bits*	signature;
1591 
	int	curve;
2 - 1592 
} CertX509;
1593 
 
1594 
/* Algorithm object-ids */
1595 
enum {
1596 
	ALG_rsaEncryption,
1597 
	ALG_md2WithRSAEncryption,
1598 
	ALG_md4WithRSAEncryption,
1599 
	ALG_md5WithRSAEncryption,
26 7u83 1600 
 
2 - 1601 
	ALG_sha1WithRSAEncryption,
1602 
	ALG_sha1WithRSAEncryptionOiw,
26 7u83 1603 
 
1604 
	ALG_sha256WithRSAEncryption,
1605 
	ALG_sha384WithRSAEncryption,
1606 
	ALG_sha512WithRSAEncryption,
1607 
	ALG_sha224WithRSAEncryption,
1608 
 
1609 
	ALG_ecPublicKey,
1610 
	ALG_sha1WithECDSA,
1611 
	ALG_sha256WithECDSA,
1612 
	ALG_sha384WithECDSA,
1613 
	ALG_sha512WithECDSA,
1614 
 
2 - 1615 
	ALG_md5,
26 7u83 1616 
	ALG_sha1,
1617 
	ALG_sha256,
1618 
	ALG_sha384,
1619 
	ALG_sha512,
1620 
	ALG_sha224,
1621 
 
2 - 1622 
	NUMALGS
1623 
};
26 7u83 1624 
 
1625 
typedef struct Ints15 {
2 - 1626 
	int		len;
26 7u83 1627 
	int		data[15];
1628 
} Ints15;
1629 
 
1630 
typedef struct DigestAlg {
1631 
	int		alg;
1632 
	DigestState*	(*fun)(uchar*,ulong,uchar*,DigestState*);
1633 
	int		len;
1634 
} DigestAlg;
1635 
 
1636 
static DigestAlg alg_md5 = { ALG_md5, md5, MD5dlen};
1637 
static DigestAlg alg_sha1 = { ALG_sha1, sha1, SHA1dlen };
1638 
static DigestAlg alg_sha256 = { ALG_sha256, sha2_256, SHA2_256dlen };
1639 
static DigestAlg alg_sha384 = { ALG_sha384, sha2_384, SHA2_384dlen };
1640 
static DigestAlg alg_sha512 = { ALG_sha512, sha2_512, SHA2_512dlen };
1641 
static DigestAlg alg_sha224 = { ALG_sha224, sha2_224, SHA2_224dlen };
1642 
 
1643 
/* maximum length of digest output of the digest algs above */
1644 
enum {
1645 
	MAXdlen = SHA2_512dlen,
1646 
};
1647 
 
1648 
static Ints15 oid_rsaEncryption = {7, 1, 2, 840, 113549, 1, 1, 1 };
1649 
 
1650 
static Ints15 oid_md2WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 2 };
1651 
static Ints15 oid_md4WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 3 };
1652 
static Ints15 oid_md5WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 4 };
1653 
static Ints15 oid_sha1WithRSAEncryption ={7, 1, 2, 840, 113549, 1, 1, 5 };
1654 
static Ints15 oid_sha1WithRSAEncryptionOiw ={6, 1, 3, 14, 3, 2, 29 };
1655 
static Ints15 oid_sha256WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 11 };
1656 
static Ints15 oid_sha384WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 12 };
1657 
static Ints15 oid_sha512WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 13 };
1658 
static Ints15 oid_sha224WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 14 };
1659 
 
1660 
static Ints15 oid_ecPublicKey = {6, 1, 2, 840, 10045, 2, 1 };
1661 
static Ints15 oid_sha1WithECDSA = {6, 1, 2, 840, 10045, 4, 1 };
1662 
static Ints15 oid_sha256WithECDSA = {7, 1, 2, 840, 10045, 4, 3, 2 };
1663 
static Ints15 oid_sha384WithECDSA = {7, 1, 2, 840, 10045, 4, 3, 3 };
1664 
static Ints15 oid_sha512WithECDSA = {7, 1, 2, 840, 10045, 4, 3, 4 };
1665 
 
1666 
static Ints15 oid_md5 = {6, 1, 2, 840, 113549, 2, 5 };
1667 
static Ints15 oid_sha1 = {6, 1, 3, 14, 3, 2, 26 };
1668 
static Ints15 oid_sha256= {9, 2, 16, 840, 1, 101, 3, 4, 2, 1 };
1669 
static Ints15 oid_sha384= {9, 2, 16, 840, 1, 101, 3, 4, 2, 2 };
1670 
static Ints15 oid_sha512= {9, 2, 16, 840, 1, 101, 3, 4, 2, 3 };
1671 
static Ints15 oid_sha224= {9, 2, 16, 840, 1, 101, 3, 4, 2, 4 };
1672 
 
2 - 1673 
static Ints *alg_oid_tab[NUMALGS+1] = {
1674 
	(Ints*)&oid_rsaEncryption,
1675 
	(Ints*)&oid_md2WithRSAEncryption,
1676 
	(Ints*)&oid_md4WithRSAEncryption,
1677 
	(Ints*)&oid_md5WithRSAEncryption,
26 7u83 1678 
 
2 - 1679 
	(Ints*)&oid_sha1WithRSAEncryption,
1680 
	(Ints*)&oid_sha1WithRSAEncryptionOiw,
26 7u83 1681 
 
1682 
	(Ints*)&oid_sha256WithRSAEncryption,
1683 
	(Ints*)&oid_sha384WithRSAEncryption,
1684 
	(Ints*)&oid_sha512WithRSAEncryption,
1685 
	(Ints*)&oid_sha224WithRSAEncryption,
1686 
 
1687 
	(Ints*)&oid_ecPublicKey,
1688 
	(Ints*)&oid_sha1WithECDSA,
1689 
	(Ints*)&oid_sha256WithECDSA,
1690 
	(Ints*)&oid_sha384WithECDSA,
1691 
	(Ints*)&oid_sha512WithECDSA,
1692 
 
2 - 1693 
	(Ints*)&oid_md5,
26 7u83 1694 
	(Ints*)&oid_sha1,
1695 
	(Ints*)&oid_sha256,
1696 
	(Ints*)&oid_sha384,
1697 
	(Ints*)&oid_sha512,
1698 
	(Ints*)&oid_sha224,
2 - 1699 
	nil
1700 
};
1701 
 
26 7u83 1702 
static DigestAlg *digestalg[NUMALGS+1] = {
1703 
	&alg_md5, &alg_md5, &alg_md5, &alg_md5,
1704 
	&alg_sha1, &alg_sha1,
1705 
	&alg_sha256, &alg_sha384, &alg_sha512, &alg_sha224,
1706 
	&alg_sha256, &alg_sha1, &alg_sha256, &alg_sha384, &alg_sha512,
1707 
	&alg_md5, &alg_sha1, &alg_sha256, &alg_sha384, &alg_sha512, &alg_sha224,
1708 
	nil
1709 
};
1710 
 
1711 
static Bytes* encode_digest(DigestAlg *da, uchar *digest);
1712 
 
1713 
static Ints15 oid_secp256r1 = {7, 1, 2, 840, 10045, 3, 1, 7};
1714 
static Ints15 oid_secp384r1 = {5, 1, 3, 132, 0, 34};
1715 
 
1716 
static Ints *namedcurves_oid_tab[] = {
1717 
	(Ints*)&oid_secp256r1,
1718 
	(Ints*)&oid_secp384r1,
1719 
	nil,
1720 
};
1721 
static void (*namedcurves[])(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h) = {
1722 
	secp256r1,
1723 
	secp384r1,
1724 
	nil,
1725 
};
1726 
 
2 - 1727 
static void
1728 
freecert(CertX509* c)
1729 
{
26 7u83 1730 
	if(c == nil)
1731 
		return;
1732 
	free(c->issuer);
1733 
	free(c->validity_start);
1734 
	free(c->validity_end);
1735 
	free(c->subject);
1736 
	freebits(c->publickey);
1737 
	freebits(c->signature);
2 - 1738 
	free(c);
1739 
}
1740 
 
1741 
/*
1742 
 * Parse the Name ASN1 type.
1743 
 * The sequence of RelativeDistinguishedName's gives a sort of pathname,
1744 
 * from most general to most specific.  Each element of the path can be
1745 
 * one or more (but usually just one) attribute-value pair, such as
1746 
 * countryName="US".
1747 
 * We'll just form a "postal-style" address string by concatenating the elements
1748 
 * from most specific to least specific, separated by commas.
1749 
 * Return name-as-string (which must be freed by caller).
1750 
 */
1751 
static char*
1752 
parse_name(Elem* e)
1753 
{
1754 
	Elist* el;
1755 
	Elem* es;
1756 
	Elist* esetl;
1757 
	Elem* eat;
1758 
	Elist* eatl;
1759 
	char* s;
1760 
	enum { MAXPARTS = 100 };
1761 
	char* parts[MAXPARTS];
1762 
	int i;
1763 
	int plen;
1764 
	char* ans = nil;
1765 
 
1766 
	if(!is_seq(e, &el))
1767 
		goto errret;
1768 
	i = 0;
1769 
	plen = 0;
1770 
	while(el != nil) {
1771 
		es = &el->hd;
1772 
		if(!is_set(es, &esetl))
1773 
			goto errret;
1774 
		while(esetl != nil) {
1775 
			eat = &esetl->hd;
1776 
			if(!is_seq(eat, &eatl) || elistlen(eatl) != 2)
1777 
				goto errret;
1778 
			if(!is_string(&eatl->tl->hd, &s) || i>=MAXPARTS)
1779 
				goto errret;
1780 
			parts[i++] = s;
1781 
			plen += strlen(s) + 2;		/* room for ", " after */
1782 
			esetl = esetl->tl;
1783 
		}
1784 
		el = el->tl;
1785 
	}
1786 
	if(i > 0) {
1787 
		ans = (char*)emalloc(plen);
1788 
		*ans = '\0';
1789 
		while(--i >= 0) {
1790 
			s = parts[i];
1791 
			strcat(ans, s);
1792 
			if(i > 0)
1793 
				strcat(ans, ", ");
1794 
		}
1795 
	}
1796 
 
1797 
errret:
1798 
	return ans;
1799 
}
1800 
 
1801 
/*
1802 
 * Parse an AlgorithmIdentifer ASN1 type.
1803 
 * Look up the oid in oid_tab and return one of OID_rsaEncryption, etc..,
1804 
 * or -1 if not found.
1805 
 * For now, ignore parameters, since none of our algorithms need them.
1806 
 */
1807 
static int
1808 
parse_alg(Elem* e)
1809 
{
1810 
	Elist* el;
1811 
	Ints* oid;
1812 
 
1813 
	if(!is_seq(e, &el) || el == nil || !is_oid(&el->hd, &oid))
1814 
		return -1;
1815 
	return oid_lookup(oid, alg_oid_tab);
1816 
}
1817 
 
26 7u83 1818 
static int
1819 
parse_curve(Elem* e)
1820 
{
1821 
	Elist* el;
1822 
	Ints* oid;
1823 
 
1824 
	if(!is_seq(e, &el) || elistlen(el)<2 || !is_oid(&el->tl->hd, &oid))
1825 
		return -1;
1826 
	return oid_lookup(oid, namedcurves_oid_tab);
1827 
}
1828 
 
2 - 1829 
static CertX509*
26 7u83 1830 
decode_cert(uchar *buf, int len)
2 - 1831 
{
1832 
	int ok = 0;
1833 
	int n;
1834 
	Elem  ecert;
1835 
	Elem* ecertinfo;
1836 
	Elem* esigalg;
1837 
	Elem* esig;
1838 
	Elem* eserial;
1839 
	Elem* eissuer;
1840 
	Elem* evalidity;
1841 
	Elem* esubj;
1842 
	Elem* epubkey;
1843 
	Elist* el;
1844 
	Elist* elcert = nil;
1845 
	Elist* elcertinfo = nil;
1846 
	Elist* elvalidity = nil;
1847 
	Elist* elpubkey = nil;
1848 
	Bits* bits = nil;
1849 
	Bytes* b;
1850 
	Elem* e;
26 7u83 1851 
	CertX509* c = nil;
2 - 1852 
 
26 7u83 1853 
	if(decode(buf, len, &ecert) != ASN_OK)
2 - 1854 
		goto errret;
1855 
 
1856 
	c = (CertX509*)emalloc(sizeof(CertX509));
1857 
	c->serial = -1;
1858 
	c->issuer = nil;
1859 
	c->validity_start = nil;
1860 
	c->validity_end = nil;
1861 
	c->subject = nil;
1862 
	c->publickey_alg = -1;
1863 
	c->publickey = nil;
1864 
	c->signature_alg = -1;
1865 
	c->signature = nil;
1866 
 
1867 
	/* Certificate */
1868 
 	if(!is_seq(&ecert, &elcert) || elistlen(elcert) !=3)
1869 
		goto errret;
1870 
 	ecertinfo = &elcert->hd;
1871 
 	el = elcert->tl;
1872 
 	esigalg = &el->hd;
1873 
	c->signature_alg = parse_alg(esigalg);
1874 
 	el = el->tl;
1875 
 	esig = &el->hd;
1876 
 
1877 
	/* Certificate Info */
1878 
	if(!is_seq(ecertinfo, &elcertinfo))
1879 
		goto errret;
1880 
	n = elistlen(elcertinfo);
1881 
  	if(n < 6)
1882 
		goto errret;
1883 
	eserial =&elcertinfo->hd;
1884 
 	el = elcertinfo->tl;
1885 
 	/* check for optional version, marked by explicit context tag 0 */
1886 
	if(eserial->tag.class == Context && eserial->tag.num == 0) {
1887 
 		eserial = &el->hd;
1888 
 		if(n < 7)
1889 
 			goto errret;
1890 
 		el = el->tl;
1891 
 	}
1892 
 
1893 
	if(parse_alg(&el->hd) != c->signature_alg)
1894 
		goto errret;
1895 
 	el = el->tl;
1896 
 	eissuer = &el->hd;
1897 
 	el = el->tl;
1898 
 	evalidity = &el->hd;
1899 
 	el = el->tl;
1900 
 	esubj = &el->hd;
1901 
 	el = el->tl;
1902 
 	epubkey = &el->hd;
26 7u83 1903 
	if(!is_int(eserial, &c->serial)) {
2 - 1904 
		if(!is_bigint(eserial, &b))
1905 
			goto errret;
1906 
		c->serial = -1;	/* else we have to change cert struct */
1907 
  	}
1908 
	c->issuer = parse_name(eissuer);
1909 
	if(c->issuer == nil)
1910 
		goto errret;
1911 
	/* Validity */
1912 
  	if(!is_seq(evalidity, &elvalidity))
1913 
		goto errret;
1914 
	if(elistlen(elvalidity) != 2)
1915 
		goto errret;
1916 
	e = &elvalidity->hd;
1917 
	if(!is_time(e, &c->validity_start))
1918 
		goto errret;
1919 
	e->val.u.stringval = nil;	/* string ownership transfer */
1920 
	e = &elvalidity->tl->hd;
1921 
 	if(!is_time(e, &c->validity_end))
1922 
		goto errret;
1923 
	e->val.u.stringval = nil;	/* string ownership transfer */
1924 
 
1925 
	/* resume CertificateInfo */
1926 
 	c->subject = parse_name(esubj);
1927 
	if(c->subject == nil)
1928 
		goto errret;
1929 
 
1930 
	/* SubjectPublicKeyInfo */
26 7u83 1931 
	if(!is_seq(epubkey, &elpubkey))
2 - 1932 
		goto errret;
1933 
	if(elistlen(elpubkey) != 2)
1934 
		goto errret;
1935 
 
1936 
	c->publickey_alg = parse_alg(&elpubkey->hd);
1937 
	if(c->publickey_alg < 0)
1938 
		goto errret;
26 7u83 1939 
	c->curve = -1;
1940 
	if(c->publickey_alg == ALG_ecPublicKey){
1941 
		c->curve = parse_curve(&elpubkey->hd);
1942 
		if(c->curve < 0)
1943 
			goto errret;
1944 
	}
1945 
	elpubkey = elpubkey->tl;
1946 
	if(!is_bitstring(&elpubkey->hd, &bits))
2 - 1947 
		goto errret;
26 7u83 1948 
	elpubkey->hd.val.u.bitstringval = nil;	/* transfer ownership */
1949 
	c->publickey = bits;
2 - 1950 
 
1951 
	/*resume Certificate */
1952 
	if(c->signature_alg < 0)
1953 
		goto errret;
26 7u83 1954 
	if(!is_bitstring(esig, &bits))
2 - 1955 
		goto errret;
26 7u83 1956 
	esig->val.u.bitstringval = nil;	/* transfer ownership */
1957 
	c->signature = bits;
2 - 1958 
	ok = 1;
1959 
 
1960 
errret:
1961 
	freevalfields(&ecert.val);	/* recurses through lists, too */
1962 
	if(!ok){
1963 
		freecert(c);
1964 
		c = nil;
1965 
	}
1966 
	return c;
1967 
}
1968 
 
1969 
/*
26 7u83 1970 
 *	RSAPublickKey ::= SEQUENCE {
2 - 1971 
 *		modulus INTEGER,
1972 
 *		publicExponent INTEGER
1973 
 *	}
1974 
 */
26 7u83 1975 
RSApub*
1976 
asn1toRSApub(uchar *buf, int len)
2 - 1977 
{
1978 
	Elem e;
26 7u83 1979 
	Elist *el;
2 - 1980 
	RSApub* key;
1981 
 
26 7u83 1982 
	key = nil;
1983 
	if(decode(buf, len, &e) != ASN_OK)
2 - 1984 
		goto errret;
1985 
	if(!is_seq(&e, &el) || elistlen(el) != 2)
1986 
		goto errret;
1987 
 
26 7u83 1988 
	key = rsapuballoc();
1989 
	if((key->n = asn1mpint(&el->hd)) == nil)
2 - 1990 
		goto errret;
1991 
	el = el->tl;
26 7u83 1992 
	if((key->ek = asn1mpint(&el->hd)) == nil)
2 - 1993 
		goto errret;
1994 
 
26 7u83 1995 
	freevalfields(&e.val);
2 - 1996 
	return key;
1997 
errret:
26 7u83 1998 
	freevalfields(&e.val);
2 - 1999 
	rsapubfree(key);
2000 
	return nil;
26 7u83 2001 
 
2 - 2002 
}
2003 
 
2004 
/*
2005 
 *	RSAPrivateKey ::= SEQUENCE {
2006 
 *		version Version,
2007 
 *		modulus INTEGER, -- n
2008 
 *		publicExponent INTEGER, -- e
2009 
 *		privateExponent INTEGER, -- d
2010 
 *		prime1 INTEGER, -- p
2011 
 *		prime2 INTEGER, -- q
2012 
 *		exponent1 INTEGER, -- d mod (p-1)
2013 
 *		exponent2 INTEGER, -- d mod (q-1)
2014 
 *		coefficient INTEGER -- (inverse of q) mod p }
2015 
 */
26 7u83 2016 
RSApriv*
2017 
asn1toRSApriv(uchar *buf, int len)
2 - 2018 
{
2019 
	int version;
2020 
	Elem e;
2021 
	Elist *el;
26 7u83 2022 
	Bytes *b;
2023 
	RSApriv* key = nil;
2 - 2024 
 
26 7u83 2025 
	if(decode(buf, len, &e) != ASN_OK)
2 - 2026 
		goto errret;
26 7u83 2027 
	if(!is_seq(&e, &el))
2 - 2028 
		goto errret;
26 7u83 2029 
 
2 - 2030 
	if(!is_int(&el->hd, &version) || version != 0)
2031 
		goto errret;
2032 
 
26 7u83 2033 
	if(elistlen(el) != 9){
2034 
		if(elistlen(el) == 3
2035 
		&& parse_alg(&el->tl->hd) == ALG_rsaEncryption
2036 
		&& is_octetstring(&el->tl->tl->hd, &b)){
2037 
			key = asn1toRSApriv(b->data, b->len);
2038 
			if(key != nil)
2039 
				goto done;
2040 
		}
2041 
		goto errret;
2042 
	}
2043 
 
2044 
	key = rsaprivalloc();
2 - 2045 
	el = el->tl;
26 7u83 2046 
	if((key->pub.n = asn1mpint(&el->hd)) == nil)
2 - 2047 
		goto errret;
2048 
 
2049 
	el = el->tl;
26 7u83 2050 
	if((key->pub.ek = asn1mpint(&el->hd)) == nil)
2 - 2051 
		goto errret;
2052 
 
2053 
	el = el->tl;
26 7u83 2054 
	if((key->dk = asn1mpint(&el->hd)) == nil)
2 - 2055 
		goto errret;
2056 
 
2057 
	el = el->tl;
26 7u83 2058 
	if((key->q = asn1mpint(&el->hd)) == nil)
2 - 2059 
		goto errret;
2060 
 
2061 
	el = el->tl;
26 7u83 2062 
	if((key->p = asn1mpint(&el->hd)) == nil)
2 - 2063 
		goto errret;
2064 
 
2065 
	el = el->tl;
26 7u83 2066 
	if((key->kq = asn1mpint(&el->hd)) == nil)
2 - 2067 
		goto errret;
2068 
 
2069 
	el = el->tl;
26 7u83 2070 
	if((key->kp = asn1mpint(&el->hd)) == nil)
2 - 2071 
		goto errret;
2072 
 
2073 
	el = el->tl;
26 7u83 2074 
	if((key->c2 = asn1mpint(&el->hd)) == nil)
2 - 2075 
		goto errret;
2076 
 
26 7u83 2077 
done:
2078 
	freevalfields(&e.val);
2 - 2079 
	return key;
2080 
errret:
26 7u83 2081 
	freevalfields(&e.val);
2 - 2082 
	rsaprivfree(key);
2083 
	return nil;
2084 
}
2085 
 
29 7u83 2086 
 
2087 
 
2088 
 
2 - 2089 
/*
26 7u83 2090 
 * digest(CertificateInfo)
2091 
 * Our ASN.1 library doesn't return pointers into the original
2092 
 * data array, so we need to do a little hand decoding.
2 - 2093 
 */
26 7u83 2094 
static int
2095 
digest_certinfo(uchar *cert, int ncert, DigestAlg *da, uchar *digest)
2 - 2096 
{
26 7u83 2097 
	uchar *info, *p, *pend;
2098 
	int isconstr, length;
2099 
	Tag tag;
2100 
	Elem elem;
2 - 2101 
 
26 7u83 2102 
	p = cert;
2103 
	pend = cert + ncert;
2104 
	if(tag_decode(&p, pend, &tag, &isconstr) != ASN_OK ||
2105 
	   tag.class != Universal || tag.num != SEQUENCE ||
2106 
	   length_decode(&p, pend, &length) != ASN_OK ||
2107 
	   p+length > pend ||
2108 
	   p+length < p)
2109 
		return -1;
2110 
	info = p;
2111 
	if(ber_decode(&p, pend, &elem) != ASN_OK)
2112 
		return -1;
2113 
	freevalfields(&elem.val);
2114 
	if(elem.tag.num != SEQUENCE)
2115 
		return -1;
2116 
	(*da->fun)(info, p - info, digest, nil);
2117 
	return da->len;
2 - 2118 
}
2119 
 
26 7u83 2120 
mpint*
2121 
pkcs1padbuf(uchar *buf, int len, mpint *modulus, int blocktype)
2 - 2122 
{
26 7u83 2123 
	int i, n = (mpsignif(modulus)-1)/8;
2124 
	int pad = n - 2 - len;
2125 
	uchar *p;
2 - 2126 
	mpint *mp;
2127 
 
26 7u83 2128 
	if(pad < 8){
2129 
		werrstr("rsa modulus too small");
2130 
		return nil;
2 - 2131 
	}
26 7u83 2132 
	if((p = malloc(n)) == nil)
2133 
		return nil;
2134 
	p[0] = blocktype;
2135 
	switch(blocktype){
2136 
	default:
2137 
	case 1:
2138 
		memset(p+1, 0xFF, pad);
2139 
		break;
2140 
	case 2:
2141 
		for(i=1; i <= pad; i++)
2142 
			p[i] = 1 + nfastrand(255);
2143 
		break;
2144 
	}
2145 
	p[1+pad] = 0;
2146 
	memmove(p+2+pad, buf, len);
2 - 2147 
	mp = betomp(p, n, nil);
2148 
	free(p);
2149 
	return mp;
2150 
}
2151 
 
26 7u83 2152 
int
2153 
pkcs1unpadbuf(uchar *buf, int len, mpint *modulus, int blocktype)
2 - 2154 
{
26 7u83 2155 
	uchar *p = buf + 1, *e = buf + len;
2 - 2156 
 
26 7u83 2157 
	if(len < 1 || len != (mpsignif(modulus)-1)/8 || buf[0] != blocktype)
2158 
		return -1;
2159 
	switch(blocktype){
2160 
	default:
2161 
	case 1:
2162 
		while(p < e && *p == 0xFF)
2163 
			p++;
2164 
		break;
2165 
	case 2:
2166 
		while(p < e && *p != 0x00)
2167 
			p++;
2168 
		break;
2169 
	}
2170 
	if(p - buf <= 8 || p >= e || *p++ != 0x00)
2171 
		return -1;
2172 
	memmove(buf, p, len = e - p);
2173 
	return len;
2 - 2174 
}
2175 
 
26 7u83 2176 
static char Ebadsig[] = "bad signature";
2177 
 
2178 
char*
2179 
X509rsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, RSApub *pk)
2 - 2180 
{
26 7u83 2181 
	mpint *x, *y;
2182 
	DigestAlg **dp;
2183 
	Bytes *digest;
2184 
	uchar *buf;
2185 
	int len;
2186 
	char *err;
2 - 2187 
 
26 7u83 2188 
	x = betomp(sig, siglen, nil);
2189 
	y = rsaencrypt(pk, x, nil);
2190 
	mpfree(x);
2191 
	len = mptobe(y, nil, 0, &buf);
2192 
	mpfree(y);
2 - 2193 
 
26 7u83 2194 
	err = Ebadsig;
2195 
	len = pkcs1unpadbuf(buf, len, pk->n, 1);
2196 
	if(len == edigestlen && tsmemcmp(buf, edigest, edigestlen) == 0)
2197 
		err = nil;
2198 
	for(dp = digestalg; err != nil && *dp != nil; dp++){
2199 
		if((*dp)->len != edigestlen)
2200 
			continue;
2201 
		digest = encode_digest(*dp, edigest);
2202 
		if(digest->len == len && tsmemcmp(digest->data, buf, len) == 0)
2203 
			err = nil;
2204 
		freebytes(digest);
2205 
	}
2206 
	free(buf);
2207 
	return err;
2 - 2208 
}
2209 
 
26 7u83 2210 
char*
2211 
X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub)
2 - 2212 
{
2213 
	Elem e;
2214 
	Elist *el;
26 7u83 2215 
	mpint *r, *s;
2 - 2216 
	char *err;
2217 
 
26 7u83 2218 
	r = s = nil;
2219 
	err = Ebadsig;
2220 
	if(decode(sig, siglen, &e) != ASN_OK)
2 - 2221 
		goto end;
26 7u83 2222 
	if(!is_seq(&e, &el) || elistlen(el) != 2)
2 - 2223 
		goto end;
26 7u83 2224 
	r = asn1mpint(&el->hd);
2225 
	if(r == nil)
2 - 2226 
		goto end;
26 7u83 2227 
	el = el->tl;
2228 
	s = asn1mpint(&el->hd);
2229 
	if(s == nil)
2 - 2230 
		goto end;
26 7u83 2231 
	if(ecdsaverify(dom, pub, edigest, edigestlen, r, s))
2232 
		err = nil;
2 - 2233 
end:
26 7u83 2234 
	freevalfields(&e.val);
2235 
	mpfree(s);
2236 
	mpfree(r);
2 - 2237 
	return err;
2238 
}
2239 
 
26 7u83 2240 
static void
2241 
copysubject(char *name, int nname, char *subject)
2 - 2242 
{
2243 
	char *e;
26 7u83 2244 
 
2245 
	if(name == nil)
2246 
		return;
2247 
	memset(name, 0, nname);
2248 
	if(subject == nil)
2249 
		return;
2250 
	strncpy(name, subject, nname-1);
2251 
	e = strchr(name, ',');
2252 
	if(e != nil)
2253 
		*e = 0;	/* take just CN part of Distinguished Name */
2254 
}
2255 
 
2256 
ECpub*
2257 
X509toECpub(uchar *cert, int ncert, char *name, int nname, ECdomain *dom)
2258 
{
2 - 2259 
	CertX509 *c;
26 7u83 2260 
	ECpub *pub;
2 - 2261 
 
26 7u83 2262 
	c = decode_cert(cert, ncert);
2 - 2263 
	if(c == nil)
2264 
		return nil;
26 7u83 2265 
	copysubject(name, nname, c->subject);
2266 
	pub = nil;
2267 
	if(c->publickey_alg == ALG_ecPublicKey){
2268 
		ecdominit(dom, namedcurves[c->curve]);
2269 
		pub = ecdecodepub(dom, c->publickey->data, c->publickey->len);
2270 
		if(pub == nil)
2271 
			ecdomfree(dom);
2 - 2272 
	}
2273 
	freecert(c);
26 7u83 2274 
	return pub;
2 - 2275 
}
2276 
 
26 7u83 2277 
char*
2278 
X509ecdsaverify(uchar *cert, int ncert, ECdomain *dom, ECpub *pk)
2 - 2279 
{
26 7u83 2280 
	char *e;
2281 
	CertX509 *c;
2282 
	int digestlen;
2283 
	uchar digest[MAXdlen];
2 - 2284 
 
26 7u83 2285 
	c = decode_cert(cert, ncert);
2286 
	if(c == nil)
2287 
		return "cannot decode cert";
2288 
	digestlen = digest_certinfo(cert, ncert, digestalg[c->signature_alg], digest);
2289 
	if(digestlen <= 0){
2290 
		freecert(c);
2291 
		return "cannot decode certinfo";
2 - 2292 
	}
26 7u83 2293 
	e = X509ecdsaverifydigest(c->signature->data, c->signature->len, digest, digestlen, dom, pk);
2294 
	freecert(c);
2295 
	return e;
2 - 2296 
}
2297 
 
2298 
RSApub*
26 7u83 2299 
X509toRSApub(uchar *cert, int ncert, char *name, int nname)
2 - 2300 
{
26 7u83 2301 
	CertX509 *c;
2302 
	RSApub *pub;
2 - 2303 
 
26 7u83 2304 
	c = decode_cert(cert, ncert);
2305 
	if(c == nil)
2 - 2306 
		return nil;
26 7u83 2307 
	copysubject(name, nname, c->subject);
2308 
	pub = nil;
2309 
	if(c->publickey_alg == ALG_rsaEncryption)
2310 
		pub = asn1toRSApub(c->publickey->data, c->publickey->len);
2311 
	freecert(c);
2312 
	return pub;
2 - 2313 
}
2314 
 
2315 
char*
26 7u83 2316 
X509rsaverify(uchar *cert, int ncert, RSApub *pk)
2 - 2317 
{
2318 
	char *e;
2319 
	CertX509 *c;
26 7u83 2320 
	int digestlen;
2321 
	uchar digest[MAXdlen];
2 - 2322 
 
26 7u83 2323 
	c = decode_cert(cert, ncert);
2 - 2324 
	if(c == nil)
2325 
		return "cannot decode cert";
26 7u83 2326 
	digestlen = digest_certinfo(cert, ncert, digestalg[c->signature_alg], digest);
2327 
	if(digestlen <= 0){
2328 
		freecert(c);
2329 
		return "cannot decode certinfo";
2330 
	}
2331 
	e = X509rsaverifydigest(c->signature->data, c->signature->len, digest, digestlen, pk);
2 - 2332 
	freecert(c);
2333 
	return e;
2334 
}
2335 
 
2336 
/* ------- Elem constructors ---------- */
2337 
static Elem
2338 
Null(void)
2339 
{
2340 
	Elem e;
2341 
 
2342 
	e.tag.class = Universal;
2343 
	e.tag.num = NULLTAG;
2344 
	e.val.tag = VNull;
2345 
	return e;
2346 
}
2347 
 
2348 
static Elem
2349 
mkint(int j)
2350 
{
2351 
	Elem e;
2352 
 
2353 
	e.tag.class = Universal;
2354 
	e.tag.num = INTEGER;
2355 
	e.val.tag = VInt;
2356 
	e.val.u.intval = j;
2357 
	return e;
2358 
}
2359 
 
2360 
static Elem
2361 
mkbigint(mpint *p)
2362 
{
2363 
	Elem e;
2364 
 
2365 
	e.tag.class = Universal;
2366 
	e.tag.num = INTEGER;
2367 
	e.val.tag = VBigInt;
26 7u83 2368 
	e.val.u.bigintval = newbytes((mpsignif(p)+8)/8);
2369 
	if(p->sign < 0){
2370 
		mpint *s = mpnew(e.val.u.bigintval->len*8+1);
2371 
		mpleft(mpone, e.val.u.bigintval->len*8, s);
2372 
		mpadd(p, s, s);
2373 
		mptober(s, e.val.u.bigintval->data, e.val.u.bigintval->len);
2374 
		mpfree(s);
2375 
	} else {
2376 
		mptober(p, e.val.u.bigintval->data, e.val.u.bigintval->len);
2377 
	}
2 - 2378 
	return e;
2379 
}
2380 
 
26 7u83 2381 
static int
2382 
printable(char *s)
2383 
{
2384 
	int c;
2385 
 
2386 
	while((c = (uchar)*s++) != 0){
2387 
		if((c >= 'a' && c <= 'z')
2388 
		|| (c >= 'A' && c <= 'Z')
2389 
		|| (c >= '0' && c <= '9')
2390 
		|| strchr("'=()+,-./:? ", c) != nil)
2391 
			continue;
2392 
		return 0;
2393 
	}
2394 
	return 1;
2395 
}
2396 
 
2397 
#define DirectoryString 0
2398 
 
2 - 2399 
static Elem
26 7u83 2400 
mkstring(char *s, int t)
2 - 2401 
{
2402 
	Elem e;
2403 
 
26 7u83 2404 
	if(t == DirectoryString)
2405 
		t = printable(s) ? PrintableString : UTF8String;
2 - 2406 
	e.tag.class = Universal;
26 7u83 2407 
	e.tag.num = t;
2 - 2408 
	e.val.tag = VString;
2409 
	e.val.u.stringval = estrdup(s);
2410 
	return e;
2411 
}
2412 
 
2413 
static Elem
2414 
mkoctet(uchar *buf, int buflen)
2415 
{
2416 
	Elem e;
2417 
 
2418 
	e.tag.class = Universal;
2419 
	e.tag.num = OCTET_STRING;
2420 
	e.val.tag = VOctets;
2421 
	e.val.u.octetsval = makebytes(buf, buflen);
2422 
	return e;
2423 
}
2424 
 
2425 
static Elem
2426 
mkbits(uchar *buf, int buflen)
2427 
{
2428 
	Elem e;
2429 
 
2430 
	e.tag.class = Universal;
2431 
	e.tag.num = BIT_STRING;
2432 
	e.val.tag = VBitString;
2433 
	e.val.u.bitstringval = makebits(buf, buflen, 0);
2434 
	return e;
2435 
}
2436 
 
2437 
static Elem
2438 
mkutc(long t)
2439 
{
2440 
	Elem e;
2441 
	char utc[50];
2442 
	Tm *tm = gmtime(t);
2443 
 
2444 
	e.tag.class = Universal;
2445 
	e.tag.num = UTCTime;
2446 
	e.val.tag = VString;
26 7u83 2447 
	snprint(utc, sizeof(utc), "%.2d%.2d%.2d%.2d%.2d%.2dZ",
2 - 2448 
		tm->year % 100, tm->mon+1, tm->mday, tm->hour, tm->min, tm->sec);
2449 
	e.val.u.stringval = estrdup(utc);
2450 
	return e;
2451 
}
2452 
 
2453 
static Elem
2454 
mkoid(Ints *oid)
2455 
{
2456 
	Elem e;
2457 
 
2458 
	e.tag.class = Universal;
2459 
	e.tag.num = OBJECT_ID;
2460 
	e.val.tag = VObjId;
2461 
	e.val.u.objidval = makeints(oid->data, oid->len);
2462 
	return e;
2463 
}
2464 
 
2465 
static Elem
2466 
mkseq(Elist *el)
2467 
{
2468 
	Elem e;
2469 
 
2470 
	e.tag.class = Universal;
2471 
	e.tag.num = SEQUENCE;
2472 
	e.val.tag = VSeq;
2473 
	e.val.u.seqval = el;
2474 
	return e;
2475 
}
2476 
 
2477 
static Elem
2478 
mkset(Elist *el)
2479 
{
2480 
	Elem e;
2481 
 
2482 
	e.tag.class = Universal;
2483 
	e.tag.num = SETOF;
2484 
	e.val.tag = VSet;
2485 
	e.val.u.setval = el;
2486 
	return e;
2487 
}
2488 
 
2489 
static Elem
2490 
mkalg(int alg)
2491 
{
2492 
	return mkseq(mkel(mkoid(alg_oid_tab[alg]), mkel(Null(), nil)));
2493 
}
2494 
 
2495 
typedef struct Ints7pref {
26 7u83 2496 
	int	len;
2497 
	int	data[7];
2 - 2498 
	char	prefix[4];
26 7u83 2499 
	int	stype;
2 - 2500 
} Ints7pref;
2501 
Ints7pref DN_oid[] = {
26 7u83 2502 
	{4, 2, 5, 4, 6, 0, 0, 0,        "C=", PrintableString},
2503 
	{4, 2, 5, 4, 8, 0, 0, 0,        "ST=",DirectoryString},
2504 
	{4, 2, 5, 4, 7, 0, 0, 0,        "L=", DirectoryString},
2505 
	{4, 2, 5, 4, 10, 0, 0, 0,       "O=", DirectoryString},
2506 
	{4, 2, 5, 4, 11, 0, 0, 0,       "OU=",DirectoryString},
2507 
	{4, 2, 5, 4, 3, 0, 0, 0,        "CN=",DirectoryString},
2508 
	{7, 1,2,840,113549,1,9,1,       "E=", IA5String},
2509 
	{7, 0,9,2342,19200300,100,1,25,	"DC=",IA5String},
2 - 2510 
};
2511 
 
2512 
static Elem
2513 
mkname(Ints7pref *oid, char *subj)
2514 
{
26 7u83 2515 
	return mkset(mkel(mkseq(mkel(mkoid((Ints*)oid), mkel(mkstring(subj, oid->stype), nil))), nil));
2 - 2516 
}
2517 
 
2518 
static Elem
2519 
mkDN(char *dn)
2520 
{
2521 
	int i, j, nf;
2522 
	char *f[20], *prefix, *d2 = estrdup(dn);
2523 
	Elist* el = nil;
2524 
 
2525 
	nf = tokenize(d2, f, nelem(f));
2526 
	for(i=nf-1; i>=0; i--){
2527 
		for(j=0; j<nelem(DN_oid); j++){
2528 
			prefix = DN_oid[j].prefix;
2529 
			if(strncmp(f[i],prefix,strlen(prefix))==0){
2530 
				el = mkel(mkname(&DN_oid[j],f[i]+strlen(prefix)), el);
2531 
				break;
2532 
			}
2533 
		}
2534 
	}
2535 
	free(d2);
2536 
	return mkseq(el);
2537 
}
2538 
 
26 7u83 2539 
/*
2540 
 * DigestInfo ::= SEQUENCE {
2541 
 *	digestAlgorithm AlgorithmIdentifier,
2542 
 *	digest OCTET STRING }
2543 
 */
2544 
static Bytes*
2545 
encode_digest(DigestAlg *da, uchar *digest)
2 - 2546 
{
26 7u83 2547 
	Bytes *b = nil;
2548 
	Elem e = mkseq(
2549 
		mkel(mkalg(da->alg),
2550 
		mkel(mkoctet(digest, da->len),
2551 
		nil)));
2552 
	encode(e, &b);
2553 
	freevalfields(&e.val);
2554 
	return b;
2555 
}
2 - 2556 
 
26 7u83 2557 
int
2558 
asn1encodedigest(DigestState* (*fun)(uchar*, ulong, uchar*, DigestState*), uchar *digest, uchar *buf, int len)
2559 
{
2560 
	Bytes *bytes;
2561 
	DigestAlg **dp;
2562 
 
2563 
	for(dp = digestalg; *dp != nil; dp++){
2564 
		if((*dp)->fun != fun)
2565 
			continue;
2566 
		bytes = encode_digest(*dp, digest);
2567 
		if(bytes == nil)
2568 
			break;
2569 
		if(bytes->len > len){
2570 
			freebytes(bytes);
2571 
			break;
2572 
		}
2573 
		len = bytes->len;
2574 
		memmove(buf, bytes->data, len);
2575 
		freebytes(bytes);
2576 
		return len;
2577 
	}
2578 
	return -1;
2579 
}
2580 
 
2581 
static Elem
2582 
mkcont(Elem e, int num)
2583 
{
2584 
	e = mkseq(mkel(e, nil));
2585 
	e.tag.class = Context;
2586 
	e.tag.num = num;
2587 
	return e;
2588 
}
2589 
 
2590 
static Elem
2591 
mkaltname(char *s)
2592 
{
2593 
	Elem e;
2594 
	int i;
2595 
 
2596 
	for(i=0; i<nelem(DN_oid); i++){
2597 
		if(strstr(s, DN_oid[i].prefix) != nil)
2598 
			return mkcont(mkDN(s), 4); /* DN */
2599 
	}
2600 
	e = mkstring(s, IA5String);
2601 
	e.tag.class = Context;
2602 
	e.tag.num = strchr(s, '@') != nil ? 1 : 2; /* email : DNS */
2603 
	return e;
2604 
}
2605 
 
2606 
static Elist*
2607 
mkaltnames(char *alts)
2608 
{
2609 
	Elist *el;
2610 
	char *s, *p;
2611 
 
2612 
	if(alts == nil)
2613 
		return nil;
2614 
 
2615 
	el = nil;
2616 
	alts = estrdup(alts);
2617 
	for(s = alts; s != nil; s = p){
2618 
		while(*s == ' ')
2619 
			s++;
2620 
		if(*s == '\0')
2621 
			break;
2622 
		if((p = strchr(s, ',')) != nil)
2623 
			*p++ = 0;
2624 
		el = mkel(mkaltname(s), el);
2625 
	}
2626 
	free(alts);
2627 
	return el;
2628 
}
2629 
 
2630 
static Elist*
2631 
mkextel(Elem e, Ints *oid, Elist *el)
2632 
{
2633 
	Bytes *b = nil;
2634 
 
2635 
	if(encode(e, &b) == ASN_OK){
2636 
		el = mkel(mkseq(
2637 
			mkel(mkoid(oid),
2638 
			mkel(mkoctet(b->data, b->len),
2639 
			nil))), el);
2640 
		freebytes(b);
2641 
	}
2642 
	freevalfields(&e.val);
2643 
	return el;
2644 
}
2645 
 
2646 
static Ints15 oid_subjectAltName = {4, 2, 5, 29, 17 };
2647 
static Ints15 oid_extensionRequest = { 7, 1, 2, 840, 113549, 1, 9, 14};
2648 
 
2649 
static Elist*
2650 
mkextensions(char *alts, int req)
2651 
{
2652 
	Elist *sl, *xl;
2653 
 
2654 
	xl = nil;
2655 
	if((sl = mkaltnames(alts)) != nil)
2656 
		xl = mkextel(mkseq(sl), (Ints*)&oid_subjectAltName, xl);
2657 
	if(xl != nil){
2658 
		if(req) return mkel(mkcont(mkseq(
2659 
			mkel(mkoid((Ints*)&oid_extensionRequest),
2660 
			mkel(mkset(mkel(mkseq(xl), nil)), nil))), 0), nil);
2661 
		return mkel(mkcont(mkseq(xl), 3), nil);
2662 
	}
2663 
	return nil;
2664 
}
2665 
 
2666 
static char*
2667 
splitalts(char *s)
2668 
{
2669 
	int q;
2670 
 
2671 
	for(q = 0; *s != '\0'; s++){
2672 
		if(*s == '\'')
2673 
			q ^= 1;
2674 
		else if(q == 0 && *s == ','){
2675 
			*s++ = 0;
2676 
			return s;
2677 
		}
2678 
	}
2679 
	return nil;
2680 
}
2681 
 
2682 
static Bytes*
2683 
encode_rsapubkey(RSApub *pk)
2684 
{
2685 
	Bytes *b = nil;
2686 
	Elem e = mkseq(
2687 
		mkel(mkbigint(pk->n),
2688 
		mkel(mpsignif(pk->ek)<32 ? mkint(mptoi(pk->ek)) : mkbigint(pk->ek),
2 - 2689 
		nil)));
26 7u83 2690 
	encode(e, &b);
2691 
	freevalfields(&e.val);
2692 
	return b;
2 - 2693 
}
2694 
 
26 7u83 2695 
int
2696 
asn1encodeRSApub(RSApub *pk, uchar *buf, int len)
2697 
{
2698 
	Bytes *b = encode_rsapubkey(pk);
2699 
	if(b == nil)
2700 
		return -1;
2701 
	if(b->len > len){
2702 
		freebytes(b);
2703 
		werrstr("buffer too small");
2704 
		return -1;
2705 
	}
2706 
	memmove(buf, b->data, len = b->len);
2707 
	freebytes(b);
2708 
	return len;
2709 
}
2710 
 
2 - 2711 
uchar*
26 7u83 2712 
X509rsagen(RSApriv *priv, char *subj, ulong valid[2], int *certlen)
2 - 2713 
{
26 7u83 2714 
	int serial = 0, sigalg = ALG_sha256WithRSAEncryption;
2 - 2715 
	uchar *cert = nil;
2716 
	Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
26 7u83 2717 
	Elem e, certinfo;
2718 
	DigestAlg *da;
2719 
	uchar digest[MAXdlen], *buf;
2 - 2720 
	int buflen;
2721 
	mpint *pkcs1;
26 7u83 2722 
	char *alts;
2 - 2723 
 
26 7u83 2724 
	if((pkbytes = encode_rsapubkey(&priv->pub)) == nil)
2725 
		return nil;
2726 
 
2727 
	subj = estrdup(subj);
2728 
	alts = splitalts(subj);
2729 
 
2730 
	e = mkseq(
2731 
		mkel(mkcont(mkint(2), 0),
2732 
		mkel(mkint(serial),
2733 
		mkel(mkalg(sigalg),
2734 
		mkel(mkDN(subj),
2735 
		mkel(mkseq(
2736 
			mkel(mkutc(valid[0]),
2737 
			mkel(mkutc(valid[1]),
2738 
			nil))),
2739 
		mkel(mkDN(subj),
2740 
		mkel(mkseq(
2741 
			mkel(mkalg(ALG_rsaEncryption),
2742 
			mkel(mkbits(pkbytes->data, pkbytes->len),
2743 
			nil))),
2744 
		mkextensions(alts, 0)))))))));
2 - 2745 
	freebytes(pkbytes);
26 7u83 2746 
	if(encode(e, &certinfobytes) != ASN_OK)
2 - 2747 
		goto errret;
26 7u83 2748 
 
2749 
	da = digestalg[sigalg];
2750 
	(*da->fun)(certinfobytes->data, certinfobytes->len, digest, 0);
2 - 2751 
	freebytes(certinfobytes);
26 7u83 2752 
	certinfo = e;
2753 
 
2754 
	sigbytes = encode_digest(da, digest);
2755 
	if(sigbytes == nil)
2 - 2756 
		goto errret;
26 7u83 2757 
	pkcs1 = pkcs1padbuf(sigbytes->data, sigbytes->len, priv->pub.n, 1);
2 - 2758 
	freebytes(sigbytes);
26 7u83 2759 
	if(pkcs1 == nil)
2760 
		goto errret;
2761 
 
2 - 2762 
	rsadecrypt(priv, pkcs1, pkcs1);
2763 
	buflen = mptobe(pkcs1, nil, 0, &buf);
2764 
	mpfree(pkcs1);
2765 
	e = mkseq(
2766 
		mkel(certinfo,
26 7u83 2767 
		mkel(mkalg(sigalg),
2 - 2768 
		mkel(mkbits(buf, buflen),
2769 
		nil))));
2770 
	free(buf);
2771 
	if(encode(e, &certbytes) != ASN_OK)
2772 
		goto errret;
26 7u83 2773 
	if(certlen != nil)
2 - 2774 
		*certlen = certbytes->len;
26 7u83 2775 
	cert = (uchar*)certbytes;
2776 
	memmove(cert, certbytes->data, certbytes->len);
2 - 2777 
errret:
2778 
	freevalfields(&e.val);
26 7u83 2779 
	free(subj);
2 - 2780 
	return cert;
2781 
}
2782 
 
2783 
uchar*
26 7u83 2784 
X509rsareq(RSApriv *priv, char *subj, int *certlen)
2 - 2785 
{
2786 
	/* RFC 2314, PKCS #10 Certification Request Syntax */
26 7u83 2787 
	int version = 0, sigalg = ALG_sha256WithRSAEncryption;
2 - 2788 
	uchar *cert = nil;
2789 
	Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
26 7u83 2790 
	Elem e, certinfo;
2791 
	DigestAlg *da;
2792 
	uchar digest[MAXdlen], *buf;
2 - 2793 
	int buflen;
2794 
	mpint *pkcs1;
26 7u83 2795 
	char *alts;
2 - 2796 
 
26 7u83 2797 
	if((pkbytes = encode_rsapubkey(&priv->pub)) == nil)
2798 
		return nil;
2799 
 
2800 
	subj = estrdup(subj);
2801 
	alts = splitalts(subj);
2802 
 
2803 
	e = mkseq(
2804 
		mkel(mkint(version),
2805 
		mkel(mkDN(subj),
2806 
		mkel(mkseq(
2807 
			mkel(mkalg(ALG_rsaEncryption),
2808 
			mkel(mkbits(pkbytes->data, pkbytes->len),
2809 
			nil))),
2810 
		mkextensions(alts, 1)))));
2 - 2811 
	freebytes(pkbytes);
26 7u83 2812 
	if(encode(e, &certinfobytes) != ASN_OK)
2 - 2813 
		goto errret;
26 7u83 2814 
	da = digestalg[sigalg];
2815 
	(*da->fun)(certinfobytes->data, certinfobytes->len, digest, 0);
2 - 2816 
	freebytes(certinfobytes);
26 7u83 2817 
	certinfo = e;
2818 
 
2819 
	sigbytes = encode_digest(da, digest);
2820 
	if(sigbytes == nil)
2 - 2821 
		goto errret;
26 7u83 2822 
	pkcs1 = pkcs1padbuf(sigbytes->data, sigbytes->len, priv->pub.n, 1);
2 - 2823 
	freebytes(sigbytes);
26 7u83 2824 
	if(pkcs1 == nil)
2825 
		goto errret;
2826 
 
2 - 2827 
	rsadecrypt(priv, pkcs1, pkcs1);
2828 
	buflen = mptobe(pkcs1, nil, 0, &buf);
2829 
	mpfree(pkcs1);
2830 
	e = mkseq(
2831 
		mkel(certinfo,
26 7u83 2832 
		mkel(mkalg(sigalg),
2 - 2833 
		mkel(mkbits(buf, buflen),
2834 
		nil))));
2835 
	free(buf);
2836 
	if(encode(e, &certbytes) != ASN_OK)
2837 
		goto errret;
26 7u83 2838 
	if(certlen != nil)
2 - 2839 
		*certlen = certbytes->len;
26 7u83 2840 
	cert = (uchar*)certbytes;
2841 
	memmove(cert, certbytes->data, certbytes->len);
2 - 2842 
errret:
2843 
	freevalfields(&e.val);
26 7u83 2844 
	free(subj);
2 - 2845 
	return cert;
2846 
}
2847 
 
26 7u83 2848 
static void
2849 
digestSPKI(int alg, uchar *pubkey, int npubkey, DigestState* (*fun)(uchar*, ulong, uchar*, DigestState*), uchar *digest)
2850 
{
2851 
	Bytes *b = nil;
2852 
	Elem e = mkseq(mkel(mkalg(alg), mkel(mkbits(pubkey, npubkey), nil)));
2853 
	encode(e, &b);
2854 
	freevalfields(&e.val);
2855 
	(*fun)(b->data, b->len, digest, nil);
2856 
	freebytes(b);
2857 
}
2858 
 
2859 
int
2860 
X509digestSPKI(uchar *cert, int ncert, DigestState* (*fun)(uchar*, ulong, uchar*, DigestState*), uchar *digest)
2861 
{
2862 
	CertX509 *c;
2863 
 
2864 
	c = decode_cert(cert, ncert);
2865 
	if(c == nil){
2866 
		werrstr("cannot decode cert");
2867 
		return -1;
2868 
	}
2869 
	digestSPKI(c->publickey_alg, c->publickey->data, c->publickey->len, fun, digest);
2870 
	freecert(c);
2871 
	return 0;
2872 
}
2873 
 
2 - 2874 
static char*
2875 
tagdump(Tag tag)
2876 
{
26 7u83 2877 
	static char buf[32];
2878 
 
2879 
	if(tag.class != Universal){
2880 
		snprint(buf, sizeof(buf), "class%d,num%d", tag.class, tag.num);
2881 
		return buf;
2882 
	}
2 - 2883 
	switch(tag.num){
2884 
	case BOOLEAN: return "BOOLEAN";
2885 
	case INTEGER: return "INTEGER";
2886 
	case BIT_STRING: return "BIT STRING";
2887 
	case OCTET_STRING: return "OCTET STRING";
2888 
	case NULLTAG: return "NULLTAG";
2889 
	case OBJECT_ID: return "OID";
2890 
	case ObjectDescriptor: return "OBJECT_DES";
2891 
	case EXTERNAL: return "EXTERNAL";
2892 
	case REAL: return "REAL";
2893 
	case ENUMERATED: return "ENUMERATED";
2894 
	case EMBEDDED_PDV: return "EMBEDDED PDV";
2895 
	case SEQUENCE: return "SEQUENCE";
2896 
	case SETOF: return "SETOF";
2897 
	case UTF8String: return "UTF8String";
2898 
	case NumericString: return "NumericString";
2899 
	case PrintableString: return "PrintableString";
2900 
	case TeletexString: return "TeletexString";
2901 
	case VideotexString: return "VideotexString";
2902 
	case IA5String: return "IA5String";
2903 
	case UTCTime: return "UTCTime";
2904 
	case GeneralizedTime: return "GeneralizedTime";
2905 
	case GraphicString: return "GraphicString";
2906 
	case VisibleString: return "VisibleString";
2907 
	case GeneralString: return "GeneralString";
2908 
	case UniversalString: return "UniversalString";
2909 
	case BMPString: return "BMPString";
2910 
	default:
26 7u83 2911 
		snprint(buf, sizeof(buf), "Universal,num%d", tag.num);
2912 
		return buf;
2 - 2913 
	}
2914 
}
2915 
 
2916 
static void
2917 
edump(Elem e)
2918 
{
2919 
	Value v;
2920 
	Elist *el;
2921 
	int i;
2922 
 
2923 
	print("%s{", tagdump(e.tag));
2924 
	v = e.val;
2925 
	switch(v.tag){
2926 
	case VBool: print("Bool %d",v.u.boolval); break;
2927 
	case VInt: print("Int %d",v.u.intval); break;
2928 
	case VOctets: print("Octets[%d] %.2x%.2x...",v.u.octetsval->len,v.u.octetsval->data[0],v.u.octetsval->data[1]); break;
2929 
	case VBigInt: print("BigInt[%d] %.2x%.2x...",v.u.bigintval->len,v.u.bigintval->data[0],v.u.bigintval->data[1]); break;
2930 
	case VReal: print("Real..."); break;
2931 
	case VOther: print("Other..."); break;
26 7u83 2932 
	case VBitString: print("BitString[%d]...", v.u.bitstringval->len*8 - v.u.bitstringval->unusedbits); break;
2 - 2933 
	case VNull: print("Null"); break;
2934 
	case VEOC: print("EOC..."); break;
2935 
	case VObjId: print("ObjId");
2936 
		for(i = 0; i<v.u.objidval->len; i++)
2937 
			print(" %d", v.u.objidval->data[i]);
2938 
		break;
2939 
	case VString: print("String \"%s\"",v.u.stringval); break;
2940 
	case VSeq: print("Seq\n");
2941 
		for(el = v.u.seqval; el!=nil; el = el->tl)
2942 
			edump(el->hd);
2943 
		break;
2944 
	case VSet: print("Set\n");
2945 
		for(el = v.u.setval; el!=nil; el = el->tl)
2946 
			edump(el->hd);
2947 
		break;
2948 
	}
2949 
	print("}\n");
2950 
}
2951 
 
2952 
void
2953 
asn1dump(uchar *der, int len)
2954 
{
2955 
	Elem e;
2956 
 
2957 
	if(decode(der, len, &e) != ASN_OK){
2958 
		print("didn't parse\n");
2959 
		exits("didn't parse");
2960 
	}
2961 
	edump(e);
2962 
}
2963 
 
2964 
void
2965 
X509dump(uchar *cert, int ncert)
2966 
{
2967 
	char *e;
2968 
	CertX509 *c;
26 7u83 2969 
	RSApub *rsapub;
2970 
	ECpub *ecpub;
2971 
	ECdomain ecdom;
2972 
	int digestlen;
2973 
	uchar digest[MAXdlen];
2 - 2974 
 
2975 
	print("begin X509dump\n");
26 7u83 2976 
	c = decode_cert(cert, ncert);
2 - 2977 
	if(c == nil){
26 7u83 2978 
		print("cannot decode cert\n");
2 - 2979 
		return;
2980 
	}
2981 
 
26 7u83 2982 
	digestlen = digest_certinfo(cert, ncert, digestalg[c->signature_alg], digest);
2983 
	if(digestlen <= 0){
2984 
		freecert(c);
2985 
		print("cannot decode certinfo\n");
2986 
		return;
2987 
	}
2988 
 
2 - 2989 
	print("serial %d\n", c->serial);
2990 
	print("issuer %s\n", c->issuer);
2991 
	print("validity %s %s\n", c->validity_start, c->validity_end);
2992 
	print("subject %s\n", c->subject);
26 7u83 2993 
	print("sigalg=%d digest=%.*H\n", c->signature_alg, digestlen, digest);
2994 
	print("publickey_alg=%d pubkey[%d] %.*H\n", c->publickey_alg, c->publickey->len,
2995 
		c->publickey->len, c->publickey->data);
2 - 2996 
 
26 7u83 2997 
	switch(c->publickey_alg){
2998 
	case ALG_rsaEncryption:
2999 
		rsapub = asn1toRSApub(c->publickey->data, c->publickey->len);
3000 
		if(rsapub != nil){
3001 
			print("rsa pubkey e=%B n(%d)=%B\n", rsapub->ek, mpsignif(rsapub->n), rsapub->n);
3002 
			e = X509rsaverifydigest(c->signature->data, c->signature->len,
3003 
				digest, digestlen, rsapub);
3004 
			if(e==nil)
3005 
				e = "nil (meaning ok)";
3006 
			print("self-signed X509rsaverifydigest returns: %s\n", e);
3007 
			rsapubfree(rsapub);
3008 
		}
3009 
		break;
3010 
	case ALG_ecPublicKey:
3011 
		ecdominit(&ecdom, namedcurves[c->curve]);
3012 
		ecpub = ecdecodepub(&ecdom, c->publickey->data, c->publickey->len);
3013 
		if(ecpub != nil){
3014 
			e = X509ecdsaverifydigest(c->signature->data, c->signature->len,
3015 
				digest, digestlen, &ecdom, ecpub);
3016 
			if(e==nil)
3017 
				e = "nil (meaning ok)";
3018 
			print("self-signed X509ecdsaverifydigest returns: %s\n", e);
3019 
			ecpubfree(ecpub);
3020 
		}
3021 
		ecdomfree(&ecdom);
3022 
		break;
2 - 3023 
	}
3024 
 
26 7u83 3025 
	digestSPKI(c->publickey_alg, c->publickey->data, c->publickey->len, sha2_256, digest);
3026 
	print("publickey_thumbprint sha256=%.*[\n", SHA2_256dlen, digest);
3027 
 
3028 
	sha2_256(cert, ncert, digest, nil);
3029 
	print("cert_thumbprint sha256=%.*[\n", SHA2_256dlen, digest);
3030 
 
3031 
	sha1(cert, ncert, digest, nil);
3032 
	print("cert_thumbprint sha1=%.*H\n", SHA1dlen, digest);
3033 
 
2 - 3034 
	freecert(c);
3035 
	print("end X509dump\n");
3036 
}
29 7u83 3037 
 
3038 
 
3039 
 
3040 
 
3041 
static mpint*
3042 
pkcs1pad(Bytes *b, mpint *modulus)
3043 
{
3044 
	int n = (mpsignif(modulus)+7)/8;
3045 
	int pm1, i;
3046 
	uchar *p;
3047 
	mpint *mp;
3048 
 
3049 
	pm1 = n - 1 - b->len;
3050 
	p = (uchar*)emalloc(n);
3051 
	p[0] = 0;
3052 
	p[1] = 1;
3053 
	for(i = 2; i < pm1; i++)
3054 
		p[i] = 0xFF;
3055 
	p[pm1] = 0;
3056 
	memcpy(&p[pm1+1], b->data, b->len);
3057 
	mp = betomp(p, n, nil);
3058 
	free(p);
3059 
	return mp;
3060 
}
3061 
 
3062 
uchar*
3063 
X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen)
3064 
{
3065 
	int serial = 0;
3066 
	uchar *cert = nil;
3067 
	RSApub *pk = rsaprivtopub(priv);
3068 
	Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
3069 
	Elem e, certinfo, issuer, subject, pubkey, validity, sig;
3070 
	uchar digest[MD5dlen], *buf;
3071 
	int buflen;
3072 
	mpint *pkcs1;
3073 
 
3074 
	e.val.tag = VInt;  /* so freevalfields at errret is no-op */
3075 
	issuer = mkDN(subj);
3076 
	subject = mkDN(subj);
3077 
	pubkey = mkseq(mkel(mkbigint(pk->n),mkel(mkint(mptoi(pk->ek)),nil)));
3078 
	if(encode(pubkey, &pkbytes) != ASN_OK)
3079 
		goto errret;
3080 
	freevalfields(&pubkey.val);
3081 
	pubkey = mkseq(
3082 
		mkel(mkalg(ALG_rsaEncryption),
3083 
		mkel(mkbits(pkbytes->data, pkbytes->len),
3084 
		nil)));
3085 
	freebytes(pkbytes);
3086 
	validity = mkseq(
3087 
		mkel(mkutc(valid[0]),
3088 
		mkel(mkutc(valid[1]),
3089 
		nil)));
3090 
	certinfo = mkseq(
3091 
		mkel(mkint(serial),
3092 
		mkel(mkalg(ALG_md5WithRSAEncryption),
3093 
		mkel(issuer,
3094 
		mkel(validity,
3095 
		mkel(subject,
3096 
		mkel(pubkey,
3097 
		nil)))))));
3098 
	if(encode(certinfo, &certinfobytes) != ASN_OK)
3099 
		goto errret;
3100 
	md5(certinfobytes->data, certinfobytes->len, digest, 0);
3101 
	freebytes(certinfobytes);
3102 
	sig = mkseq(
3103 
		mkel(mkalg(ALG_md5),
3104 
		mkel(mkoctet(digest, MD5dlen),
3105 
		nil)));
3106 
	if(encode(sig, &sigbytes) != ASN_OK)
3107 
		goto errret;
3108 
	pkcs1 = pkcs1pad(sigbytes, pk->n);
3109 
	freebytes(sigbytes);
3110 
	rsadecrypt(priv, pkcs1, pkcs1);
3111 
	buflen = mptobe(pkcs1, nil, 0, &buf);
3112 
	mpfree(pkcs1);
3113 
	e = mkseq(
3114 
		mkel(certinfo,
3115 
		mkel(mkalg(ALG_md5WithRSAEncryption),
3116 
		mkel(mkbits(buf, buflen),
3117 
		nil))));
3118 
	free(buf);
3119 
	if(encode(e, &certbytes) != ASN_OK)
3120 
		goto errret;
3121 
	if(certlen)
3122 
		*certlen = certbytes->len;
3123 
	cert = certbytes->data;
3124 
errret:
3125 
	freevalfields(&e.val);
3126 
	return cert;
3127 
}
3128 
 
3129 
 
3130 
 
3131 
uchar*
3132 
X509req(RSApriv *priv, char *subj, int *certlen)
3133 
{
3134 
	/* RFC 2314, PKCS #10 Certification Request Syntax */
3135 
	int version = 0;
3136 
	uchar *cert = nil;
3137 
	RSApub *pk = rsaprivtopub(priv);
3138 
	Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
3139 
	Elem e, certinfo, subject, pubkey, sig;
3140 
	uchar digest[MD5dlen], *buf;
3141 
	int buflen;
3142 
	mpint *pkcs1;
3143 
 
3144 
	e.val.tag = VInt;  /* so freevalfields at errret is no-op */
3145 
	subject = mkDN(subj);
3146 
	pubkey = mkseq(mkel(mkbigint(pk->n),mkel(mkint(mptoi(pk->ek)),nil)));
3147 
	if(encode(pubkey, &pkbytes) != ASN_OK)
3148 
		goto errret;
3149 
	freevalfields(&pubkey.val);
3150 
	pubkey = mkseq(
3151 
		mkel(mkalg(ALG_rsaEncryption),
3152 
		mkel(mkbits(pkbytes->data, pkbytes->len),
3153 
		nil)));
3154 
	freebytes(pkbytes);
3155 
	certinfo = mkseq(
3156 
		mkel(mkint(version),
3157 
		mkel(subject,
3158 
		mkel(pubkey,
3159 
		nil))));
3160 
	if(encode(certinfo, &certinfobytes) != ASN_OK)
3161 
		goto errret;
3162 
	md5(certinfobytes->data, certinfobytes->len, digest, 0);
3163 
	freebytes(certinfobytes);
3164 
	sig = mkseq(
3165 
		mkel(mkalg(ALG_md5),
3166 
		mkel(mkoctet(digest, MD5dlen),
3167 
		nil)));
3168 
	if(encode(sig, &sigbytes) != ASN_OK)
3169 
		goto errret;
3170 
	pkcs1 = pkcs1pad(sigbytes, pk->n);
3171 
	freebytes(sigbytes);
3172 
	rsadecrypt(priv, pkcs1, pkcs1);
3173 
	buflen = mptobe(pkcs1, nil, 0, &buf);
3174 
	mpfree(pkcs1);
3175 
	e = mkseq(
3176 
		mkel(certinfo,
3177 
		mkel(mkalg(ALG_md5),
3178 
		mkel(mkbits(buf, buflen),
3179 
		nil))));
3180 
	free(buf);
3181 
	if(encode(e, &certbytes) != ASN_OK)
3182 
		goto errret;
3183 
	if(certlen)
3184 
		*certlen = certbytes->len;
3185 
	cert = certbytes->data;
3186 
errret:
3187 
	freevalfields(&e.val);
3188 
	return cert;
3189 
}
3190 
 
3191 
 
3192 
/*
3193 
 * 	DSAPrivateKey ::= SEQUENCE{
3194 
 *		version Version,
3195 
 *		p INTEGER,
3196 
 *		q INTEGER,
3197 
 *		g INTEGER, -- alpha
3198 
 *		pub_key INTEGER, -- key
3199 
 *		priv_key INTEGER, -- secret
3200 
 *	}
3201 
 */
3202 
static DSApriv*
3203 
decode_dsaprivkey(Bytes* a)
3204 
{
3205 
	int version;
3206 
	Elem e;
3207 
	Elist *el;
3208 
	mpint *mp;
3209 
	DSApriv* key;
3210 
 
3211 
	key = dsaprivalloc();
3212 
	if(decode(a->data, a->len, &e) != ASN_OK)
3213 
		goto errret;
3214 
	if(!is_seq(&e, &el) || elistlen(el) != 6)
3215 
		goto errret;
3216 
version = -1;
3217 
	if(!is_int(&el->hd, &version) || version != 0)
3218 
{
3219 
fprint(2, "version %d\n", version);
3220 
		goto errret;
3221 
}
3222 
 
3223 
	el = el->tl;
3224 
	key->pub.p = mp = asn1mpint(&el->hd);
3225 
	if(mp == nil)
3226 
		goto errret;
3227 
 
3228 
	el = el->tl;
3229 
	key->pub.q = mp = asn1mpint(&el->hd);
3230 
	if(mp == nil)
3231 
		goto errret;
3232 
 
3233 
	el = el->tl;
3234 
	key->pub.alpha = mp = asn1mpint(&el->hd);
3235 
	if(mp == nil)
3236 
		goto errret;
3237 
 
3238 
	el = el->tl;
3239 
	key->pub.key = mp = asn1mpint(&el->hd);
3240 
	if(mp == nil)
3241 
		goto errret;
3242 
 
3243 
	el = el->tl;
3244 
	key->secret = mp = asn1mpint(&el->hd);
3245 
	if(mp == nil)
3246 
		goto errret;
3247 
 
3248 
	return key;
3249 
errret:
3250 
	dsaprivfree(key);
3251 
	return nil;
3252 
}
3253 
 
3254 
 
3255 
 
3256 
DSApriv*
3257 
asn1toDSApriv(uchar *kd, int kn)
3258 
{
3259 
	Bytes *b;
3260 
	DSApriv *key;
3261 
 
3262 
	b = makebytes(kd, kn);
3263 
	key = decode_dsaprivkey(b);
3264 
	freebytes(b);
3265 
	return key;
3266 
}
3267 
 
3268 
 
3269