Subversion Repositories planix.SVN

Rev

Rev 2 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
2 - 1 
#include <u.h>
2 
#include <libc.h>
3 
#include <mp.h>
4 
#include <libsec.h>
5 
 
6 
typedef DigestState*(*DigestFun)(uchar*,ulong,uchar*,DigestState*);
7 
 
8 
/* ANSI offsetof, backwards. */
9 
#define	OFFSETOF(a, b)	offsetof(b, a)
10 
 
11 
/*=============================================================*/
12 
/*  general ASN1 declarations and parsing
13 
 *
14 
 *  For now, this is used only for extracting the key from an
15 
 *  X509 certificate, so the entire collection is hidden.  But
16 
 *  someday we should probably make the functions visible and
17 
 *  give them their own man page.
18 
 */
19 
typedef struct Elem Elem;
20 
typedef struct Tag Tag;
21 
typedef struct Value Value;
22 
typedef struct Bytes Bytes;
23 
typedef struct Ints Ints;
24 
typedef struct Bits Bits;
25 
typedef struct Elist Elist;
26 
 
27 
/* tag classes */
28 
#define Universal 0
29 
#define Context 0x80
30 
 
31 
/* universal tags */
32 
#define BOOLEAN 1
33 
#define INTEGER 2
34 
#define BIT_STRING 3
35 
#define OCTET_STRING 4
36 
#define NULLTAG 5
37 
#define OBJECT_ID 6
38 
#define ObjectDescriptor 7
39 
#define EXTERNAL 8
40 
#define REAL 9
41 
#define ENUMERATED 10
42 
#define EMBEDDED_PDV 11
43 
#define UTF8String 12
44 
#define SEQUENCE 16		/* also SEQUENCE OF */
45 
#define SETOF 17				/* also SETOF OF */
46 
#define NumericString 18
47 
#define PrintableString 19
48 
#define TeletexString 20
49 
#define VideotexString 21
50 
#define IA5String 22
51 
#define UTCTime 23
52 
#define GeneralizedTime 24
53 
#define GraphicString 25
54 
#define VisibleString 26
55 
#define GeneralString 27
56 
#define UniversalString 28
57 
#define BMPString 30
58 
 
59 
struct Bytes {
60 
	int	len;
61 
	uchar	data[1];
62 
};
63 
 
64 
struct Ints {
65 
	int	len;
66 
	int	data[1];
67 
};
68 
 
69 
struct Bits {
70 
	int	len;		/* number of bytes */
71 
	int	unusedbits;	/* unused bits in last byte */
72 
	uchar	data[1];	/* most-significant bit first */
73 
};
74 
 
75 
struct Tag {
76 
	int	class;
77 
	int	num;
78 
};
79 
 
80 
enum { VBool, VInt, VOctets, VBigInt, VReal, VOther,
81 
	VBitString, VNull, VEOC, VObjId, VString, VSeq, VSet };
82 
struct Value {
83 
	int	tag;		/* VBool, etc. */
84 
	union {
85 
		int	boolval;
86 
		int	intval;
87 
		Bytes*	octetsval;
88 
		Bytes*	bigintval;
89 
		Bytes*	realval;	/* undecoded; hardly ever used */
90 
		Bytes*	otherval;
91 
		Bits*	bitstringval;
92 
		Ints*	objidval;
93 
		char*	stringval;
94 
		Elist*	seqval;
95 
		Elist*	setval;
96 
	} u;  /* (Don't use anonymous unions, for ease of porting) */
97 
};
98 
 
99 
struct Elem {
100 
	Tag	tag;
101 
	Value	val;
102 
};
103 
 
104 
struct Elist {
105 
	Elist*	tl;
106 
	Elem	hd;
107 
};
108 
 
109 
/* decoding errors */
110 
enum { ASN_OK, ASN_ESHORT, ASN_ETOOBIG, ASN_EVALLEN,
111 
		ASN_ECONSTR, ASN_EPRIM, ASN_EINVAL, ASN_EUNIMPL };
112 
 
113 
 
114 
/* here are the functions to consider making extern someday */
115 
static Bytes*	newbytes(int len);
116 
static Bytes*	makebytes(uchar* buf, int len);
117 
static void	freebytes(Bytes* b);
118 
static Bytes*	catbytes(Bytes* b1, Bytes* b2);
119 
static Ints*	newints(int len);
120 
static Ints*	makeints(int* buf, int len);
121 
static void	freeints(Ints* b);
122 
static Bits*	newbits(int len);
123 
static Bits*	makebits(uchar* buf, int len, int unusedbits);
124 
static void	freebits(Bits* b);
125 
static Elist*	mkel(Elem e, Elist* tail);
126 
static void	freeelist(Elist* el);
127 
static int	elistlen(Elist* el);
128 
static int	is_seq(Elem* pe, Elist** pseq);
129 
static int	is_set(Elem* pe, Elist** pset);
130 
static int	is_int(Elem* pe, int* pint);
131 
static int	is_bigint(Elem* pe, Bytes** pbigint);
132 
static int	is_bitstring(Elem* pe, Bits** pbits);
133 
static int	is_octetstring(Elem* pe, Bytes** poctets);
134 
static int	is_oid(Elem* pe, Ints** poid);
135 
static int	is_string(Elem* pe, char** pstring);
136 
static int	is_time(Elem* pe, char** ptime);
137 
static int	decode(uchar* a, int alen, Elem* pelem);
138 
static int	decode_seq(uchar* a, int alen, Elist** pelist);
139 
static int	decode_value(uchar* a, int alen, int kind, int isconstr, Value* pval);
140 
static int	encode(Elem e, Bytes** pbytes);
141 
static int	oid_lookup(Ints* o, Ints** tab);
142 
static void	freevalfields(Value* v);
143 
static mpint	*asn1mpint(Elem *e);
144 
 
145 
 
146 
 
147 
#define TAG_MASK 0x1F
148 
#define CONSTR_MASK 0x20
149 
#define CLASS_MASK 0xC0
150 
#define MAXOBJIDLEN 20
151 
 
152 
static int ber_decode(uchar** pp, uchar* pend, Elem* pelem);
153 
static int tag_decode(uchar** pp, uchar* pend, Tag* ptag, int* pisconstr);
154 
static int length_decode(uchar** pp, uchar* pend, int* plength);
155 
static int value_decode(uchar** pp, uchar* pend, int length, int kind, int isconstr, Value* pval);
156 
static int int_decode(uchar** pp, uchar* pend, int count, int unsgned, int* pint);
157 
static int uint7_decode(uchar** pp, uchar* pend, int* pint);
158 
static int octet_decode(uchar** pp, uchar* pend, int length, int isconstr, Bytes** pbytes);
159 
static int seq_decode(uchar** pp, uchar* pend, int length, int isconstr, Elist** pelist);
160 
static int enc(uchar** pp, Elem e, int lenonly);
161 
static int val_enc(uchar** pp, Elem e, int *pconstr, int lenonly);
162 
static void uint7_enc(uchar** pp, int num, int lenonly);
163 
static void int_enc(uchar** pp, int num, int unsgned, int lenonly);
164 
 
165 
static void *
166 
emalloc(int n)
167 
{
168 
	void *p;
169 
	if(n==0)
170 
		n=1;
171 
	p = malloc(n);
172 
	if(p == nil){
173 
		exits("out of memory");
174 
	}
175 
	memset(p, 0, n);
176 
	setmalloctag(p, getcallerpc(&n));
177 
	return p;
178 
}
179 
 
180 
static char*
181 
estrdup(char *s)
182 
{
183 
	char *d, *d0;
184 
 
185 
	if(!s)
186 
		return 0;
187 
	d = d0 = emalloc(strlen(s)+1);
188 
	while(*d++ = *s++)
189 
		;
190 
	return d0;
191 
}
192 
 
193 
 
194 
/*
195 
 * Decode a[0..len] as a BER encoding of an ASN1 type.
196 
 * The return value is one of ASN_OK, etc.
197 
 * Depending on the error, the returned elem may or may not
198 
 * be nil.
199 
 */
200 
static int
201 
decode(uchar* a, int alen, Elem* pelem)
202 
{
203 
	uchar* p = a;
204 
 
205 
	return  ber_decode(&p, &a[alen], pelem);
206 
}
207 
 
208 
/*
209 
 * Like decode, but continue decoding after first element
210 
 * of array ends.
211 
 */
212 
static int
213 
decode_seq(uchar* a, int alen, Elist** pelist)
214 
{
215 
	uchar* p = a;
216 
 
217 
	return seq_decode(&p, &a[alen], -1, 1, pelist);
218 
}
219 
 
220 
/*
221 
 * Decode the whole array as a BER encoding of an ASN1 value,
222 
 * (i.e., the part after the tag and length).
223 
 * Assume the value is encoded as universal tag "kind".
224 
 * The constr arg is 1 if the value is constructed, 0 if primitive.
225 
 * If there's an error, the return string will contain the error.
226 
 * Depending on the error, the returned value may or may not
227 
 * be nil.
228 
 */
229 
static int
230 
decode_value(uchar* a, int alen, int kind, int isconstr, Value* pval)
231 
{
232 
	uchar* p = a;
233 
 
234 
	return value_decode(&p, &a[alen], alen, kind, isconstr, pval);
235 
}
236 
 
237 
/*
238 
 * All of the following decoding routines take arguments:
239 
 *	uchar **pp;
240 
 *	uchar *pend;
241 
 * Where parsing is supposed to start at **pp, and when parsing
242 
 * is done, *pp is updated to point at next char to be parsed.
243 
 * The pend pointer is just past end of string; an error should
244 
 * be returned parsing hasn't finished by then.
245 
 *
246 
 * The returned int is ASN_OK if all went fine, else ASN_ESHORT, etc.
247 
 * The remaining argument(s) are pointers to where parsed entity goes.
248 
 */
249 
 
250 
/* Decode an ASN1 'Elem' (tag, length, value) */
251 
static int
252 
ber_decode(uchar** pp, uchar* pend, Elem* pelem)
253 
{
254 
	int err;
255 
	int isconstr;
256 
	int length;
257 
	Tag tag;
258 
	Value val;
259 
 
260 
	err = tag_decode(pp, pend, &tag, &isconstr);
261 
	if(err == ASN_OK) {
262 
		err = length_decode(pp, pend, &length);
263 
		if(err == ASN_OK) {
264 
			if(tag.class == Universal) {
265 
				err = value_decode(pp, pend, length, tag.num, isconstr, &val);
266 
				if(val.tag == VSeq || val.tag == VSet)
267 
					setmalloctag(val.u.seqval, getcallerpc(&pp));
268 
			}else
269 
				err = value_decode(pp, pend, length, OCTET_STRING, 0, &val);
270 
			if(err == ASN_OK) {
271 
				pelem->tag = tag;
272 
				pelem->val = val;
273 
			}
274 
		}
275 
	}
276 
	return err;
277 
}
278 
 
279 
/* Decode a tag field */
280 
static int
281 
tag_decode(uchar** pp, uchar* pend, Tag* ptag, int* pisconstr)
282 
{
283 
	int err;
284 
	int v;
285 
	uchar* p;
286 
 
287 
	err = ASN_OK;
288 
	p = *pp;
289 
	if(pend-p >= 2) {
290 
		v = *p++;
291 
		ptag->class = v&CLASS_MASK;
292 
		if(v&CONSTR_MASK)
293 
			*pisconstr = 1;
294 
		else
295 
			*pisconstr = 0;
296 
		v &= TAG_MASK;
297 
		if(v == TAG_MASK)
298 
			err = uint7_decode(&p, pend, &v);
299 
		ptag->num = v;
300 
	}
301 
	else
302 
		err = ASN_ESHORT;
303 
	*pp = p;
304 
	return err;
305 
}
306 
 
307 
/* Decode a length field */
308 
static int
309 
length_decode(uchar** pp, uchar* pend, int* plength)
310 
{
311 
	int err;
312 
	int num;
313 
	int v;
314 
	uchar* p;
315 
 
316 
	err = ASN_OK;
317 
	num = 0;
318 
	p = *pp;
319 
	if(p < pend) {
320 
		v = *p++;
321 
		if(v&0x80)
322 
			err = int_decode(&p, pend, v&0x7F, 1, &num);
323 
		else
324 
			num = v;
325 
	}
326 
	else
327 
		err = ASN_ESHORT;
328 
	*pp = p;
329 
	*plength = num;
330 
	return err;
331 
}
332 
 
333 
/* Decode a value field  */
334 
static int
335 
value_decode(uchar** pp, uchar* pend, int length, int kind, int isconstr, Value* pval)
336 
{
337 
	int err;
338 
	Bytes* va;
339 
	int num;
340 
	int bitsunused;
341 
	int subids[MAXOBJIDLEN];
342 
	int isubid;
343 
	Elist*	vl;
344 
	uchar* p;
345 
	uchar* pe;
346 
 
347 
	err = ASN_OK;
348 
	p = *pp;
349 
	if(length == -1) {	/* "indefinite" length spec */
350 
		if(!isconstr)
351 
			err = ASN_EINVAL;
352 
	}
353 
	else if(p + length > pend)
354 
		err = ASN_EVALLEN;
355 
	if(err != ASN_OK)
356 
		return err;
357 
 
358 
	switch(kind) {
359 
	case 0:
360 
		/* marker for end of indefinite constructions */
361 
		if(length == 0)
362 
			pval->tag = VNull;
363 
		else
364 
			err = ASN_EINVAL;
365 
		break;
366 
 
367 
	case BOOLEAN:
368 
		if(isconstr)
369 
			err = ASN_ECONSTR;
370 
		else if(length != 1)
371 
			err = ASN_EVALLEN;
372 
		else {
373 
			pval->tag = VBool;
374 
			pval->u.boolval = (*p++ != 0);
375 
		}
376 
		break;
377 
 
378 
	case INTEGER:
379 
	case ENUMERATED:
380 
		if(isconstr)
381 
			err = ASN_ECONSTR;
382 
		else if(length <= 4) {
383 
			err = int_decode(&p, pend, length, 0, &num);
384 
			if(err == ASN_OK) {
385 
				pval->tag = VInt;
386 
				pval->u.intval = num;
387 
			}
388 
		}
389 
		else {
390 
			pval->tag = VBigInt;
391 
			pval->u.bigintval = makebytes(p, length);
392 
			p += length;
393 
		}
394 
		break;
395 
 
396 
	case BIT_STRING:
397 
		pval->tag = VBitString;
398 
		if(isconstr) {
399 
			if(length == -1 && p + 2 <= pend && *p == 0 && *(p+1) ==0) {
400 
				pval->u.bitstringval = makebits(0, 0, 0);
401 
				p += 2;
402 
			}
403 
			else
404 
				/* TODO: recurse and concat results */
405 
				err = ASN_EUNIMPL;
406 
		}
407 
		else {
408 
			if(length < 2) {
409 
				if(length == 1 && *p == 0) {
410 
					pval->u.bitstringval = makebits(0, 0, 0);
411 
					p++;
412 
				}
413 
				else
414 
					err = ASN_EINVAL;
415 
			}
416 
			else {
417 
				bitsunused = *p;
418 
				if(bitsunused > 7)
419 
					err = ASN_EINVAL;
420 
				else if(length > 0x0FFFFFFF)
421 
					err = ASN_ETOOBIG;
422 
				else {
423 
					pval->u.bitstringval = makebits(p+1, length-1, bitsunused);
424 
					p += length;
425 
				}
426 
			}
427 
		}
428 
		break;
429 
 
430 
	case OCTET_STRING:
431 
	case ObjectDescriptor:
432 
		err = octet_decode(&p, pend, length, isconstr, &va);
433 
		if(err == ASN_OK) {
434 
			pval->tag = VOctets;
435 
			pval->u.octetsval = va;
436 
		}
437 
		break;
438 
 
439 
	case NULLTAG:
440 
		if(isconstr)
441 
			err = ASN_ECONSTR;
442 
		else if(length != 0)
443 
			err = ASN_EVALLEN;
444 
		else
445 
			pval->tag = VNull;
446 
		break;
447 
 
448 
	case OBJECT_ID:
449 
		if(isconstr)
450 
			err = ASN_ECONSTR;
451 
		else if(length == 0)
452 
			err = ASN_EVALLEN;
453 
		else {
454 
			isubid = 0;
455 
			pe = p+length;
456 
			while(p < pe && isubid < MAXOBJIDLEN) {
457 
				err = uint7_decode(&p, pend, &num);
458 
				if(err != ASN_OK)
459 
					break;
460 
				if(isubid == 0) {
461 
					subids[isubid++] = num / 40;
462 
					subids[isubid++] = num % 40;
463 
				}
464 
				else
465 
					subids[isubid++] = num;
466 
			}
467 
			if(err == ASN_OK) {
468 
				if(p != pe)
469 
					err = ASN_EVALLEN;
470 
				else {
471 
					pval->tag = VObjId;
472 
					pval->u.objidval = makeints(subids, isubid);
473 
				}
474 
			}
475 
		}
476 
		break;
477 
 
478 
	case EXTERNAL:
479 
	case EMBEDDED_PDV:
480 
		/* TODO: parse this internally */
481 
		if(p+length > pend)
482 
			err = ASN_EVALLEN;
483 
		else {
484 
			pval->tag = VOther;
485 
			pval->u.otherval = makebytes(p, length);
486 
			p += length;
487 
		}
488 
		break;
489 
 
490 
	case REAL:
491 
		/* Let the application decode */
492 
		if(isconstr)
493 
			err = ASN_ECONSTR;
494 
		else if(p+length > pend)
495 
			err = ASN_EVALLEN;
496 
		else {
497 
			pval->tag = VReal;
498 
			pval->u.realval = makebytes(p, length);
499 
			p += length;
500 
		}
501 
		break;
502 
 
503 
	case SEQUENCE:
504 
		err = seq_decode(&p, pend, length, isconstr, &vl);
505 
		setmalloctag(vl, getcallerpc(&pp));
506 
		if(err == ASN_OK) {
507 
			pval->tag = VSeq ;
508 
			pval->u.seqval = vl;
509 
		}
510 
		break;
511 
 
512 
	case SETOF:
513 
		err = seq_decode(&p, pend, length, isconstr, &vl);
514 
		setmalloctag(vl, getcallerpc(&pp));
515 
		if(err == ASN_OK) {
516 
			pval->tag = VSet;
517 
			pval->u.setval = vl;
518 
		}
519 
		break;
520 
	case UTF8String:
521 
	case NumericString:
522 
	case PrintableString:
523 
	case TeletexString:
524 
	case VideotexString:
525 
	case IA5String:
526 
	case UTCTime:
527 
	case GeneralizedTime:
528 
	case GraphicString:
529 
	case VisibleString:
530 
	case GeneralString:
531 
	case UniversalString:
532 
	case BMPString:
533 
		/* TODO: figure out when character set conversion is necessary */
534 
		err = octet_decode(&p, pend, length, isconstr, &va);
535 
		if(err == ASN_OK) {
536 
			pval->tag = VString;
537 
			pval->u.stringval = (char*)emalloc(va->len+1);
538 
			memmove(pval->u.stringval, va->data, va->len);
539 
			pval->u.stringval[va->len] = 0;
540 
			free(va);
541 
		}
542 
		break;
543 
 
544 
	default:
545 
		if(p+length > pend)
546 
			err = ASN_EVALLEN;
547 
		else {
548 
			pval->tag = VOther;
549 
			pval->u.otherval = makebytes(p, length);
550 
			p += length;
551 
		}
552 
		break;
553 
	}
554 
	*pp = p;
555 
	return err;
556 
}
557 
 
558 
/*
559 
 * Decode an int in format where count bytes are
560 
 * concatenated to form value.
561 
 * Although ASN1 allows any size integer, we return
562 
 * an error if the result doesn't fit in a 32-bit int.
563 
 * If unsgned is not set, make sure to propagate sign bit.
564 
 */
565 
static int
566 
int_decode(uchar** pp, uchar* pend, int count, int unsgned, int* pint)
567 
{
568 
	int err;
569 
	int num;
570 
	uchar* p;
571 
 
572 
	p = *pp;
573 
	err = ASN_OK;
574 
	num = 0;
575 
	if(p+count <= pend) {
576 
		if((count > 4) || (unsgned && count == 4 && (*p&0x80)))
577 
			err = ASN_ETOOBIG;
578 
		else {
579 
			if(!unsgned && count > 0 && count < 4 && (*p&0x80))
580 
				num = -1;	/* set all bits, initially */
581 
			while(count--)
582 
				num = (num << 8)|(*p++);
583 
		}
584 
	}
585 
	else
586 
		err = ASN_ESHORT;
587 
	*pint = num;
588 
	*pp = p;
589 
	return err;
590 
}
591 
 
592 
/*
593 
 * Decode an unsigned int in format where each
594 
 * byte except last has high bit set, and remaining
595 
 * seven bits of each byte are concatenated to form value.
596 
 * Although ASN1 allows any size integer, we return
597 
 * an error if the result doesn't fit in a 32 bit int.
598 
 */
599 
static int
600 
uint7_decode(uchar** pp, uchar* pend, int* pint)
601 
{
602 
	int err;
603 
	int num;
604 
	int more;
605 
	int v;
606 
	uchar* p;
607 
 
608 
	p = *pp;
609 
	err = ASN_OK;
610 
	num = 0;
611 
	more = 1;
612 
	while(more && p < pend) {
613 
		v = *p++;
614 
		if(num&0x7F000000) {
615 
			err = ASN_ETOOBIG;
616 
			break;
617 
		}
618 
		num <<= 7;
619 
		more = v&0x80;
620 
		num |= (v&0x7F);
621 
	}
622 
	if(p == pend)
623 
		err = ASN_ESHORT;
624 
	*pint = num;
625 
	*pp = p;
626 
	return err;
627 
}
628 
 
629 
/*
630 
 * Decode an octet string, recursively if isconstr.
631 
 * We've already checked that length==-1 implies isconstr==1,
632 
 * and otherwise that specified length fits within (*pp..pend)
633 
 */
634 
static int
635 
octet_decode(uchar** pp, uchar* pend, int length, int isconstr, Bytes** pbytes)
636 
{
637 
	int err;
638 
	uchar* p;
639 
	Bytes* ans;
640 
	Bytes* newans;
641 
	uchar* pstart;
642 
	uchar* pold;
643 
	Elem	elem;
644 
 
645 
	err = ASN_OK;
646 
	p = *pp;
647 
	ans = nil;
648 
	if(length >= 0 && !isconstr) {
649 
		ans = makebytes(p, length);
650 
		p += length;
651 
	}
652 
	else {
653 
		/* constructed, either definite or indefinite length */
654 
		pstart = p;
655 
		for(;;) {
656 
			if(length >= 0 && p >= pstart + length) {
657 
				if(p != pstart + length)
658 
					err = ASN_EVALLEN;
659 
				break;
660 
			}
661 
			pold = p;
662 
			err = ber_decode(&p, pend, &elem);
663 
			if(err != ASN_OK)
664 
				break;
665 
			switch(elem.val.tag) {
666 
			case VOctets:
667 
				newans = catbytes(ans, elem.val.u.octetsval);
668 
				freebytes(ans);
669 
				ans = newans;
670 
				break;
671 
 
672 
			case VEOC:
673 
				if(length != -1) {
674 
					p = pold;
675 
					err = ASN_EINVAL;
676 
				}
677 
				goto cloop_done;
678 
 
679 
			default:
680 
				p = pold;
681 
				err = ASN_EINVAL;
682 
				goto cloop_done;
683 
			}
684 
		}
685 
cloop_done:
686 
		;
687 
	}
688 
	*pp = p;
689 
	*pbytes = ans;
690 
	return err;
691 
}
692 
 
693 
/*
694 
 * Decode a sequence or set.
695 
 * We've already checked that length==-1 implies isconstr==1,
696 
 * and otherwise that specified length fits within (*p..pend)
697 
 */
698 
static int
699 
seq_decode(uchar** pp, uchar* pend, int length, int isconstr, Elist** pelist)
700 
{
701 
	int err;
702 
	uchar* p;
703 
	uchar* pstart;
704 
	uchar* pold;
705 
	Elist* ans;
706 
	Elem elem;
707 
	Elist* lve;
708 
	Elist* lveold;
709 
 
710 
	err = ASN_OK;
711 
	ans = nil;
712 
	p = *pp;
713 
	if(!isconstr)
714 
		err = ASN_EPRIM;
715 
	else {
716 
		/* constructed, either definite or indefinite length */
717 
		lve = nil;
718 
		pstart = p;
719 
		for(;;) {
720 
			if(length >= 0 && p >= pstart + length) {
721 
				if(p != pstart + length)
722 
					err = ASN_EVALLEN;
723 
				break;
724 
			}
725 
			pold = p;
726 
			err = ber_decode(&p, pend, &elem);
727 
			if(err != ASN_OK)
728 
				break;
729 
			if(elem.val.tag == VEOC) {
730 
				if(length != -1) {
731 
					p = pold;
732 
					err = ASN_EINVAL;
733 
				}
734 
				break;
735 
			}
736 
			else
737 
				lve = mkel(elem, lve);
738 
		}
739 
		if(err == ASN_OK) {
740 
			/* reverse back to original order */
741 
			while(lve != nil) {
742 
				lveold = lve;
743 
				lve = lve->tl;
744 
				lveold->tl = ans;
745 
				ans = lveold;
746 
			}
747 
		}
748 
	}
749 
	*pp = p;
750 
	*pelist = ans;
751 
	setmalloctag(ans, getcallerpc(&pp));
752 
	return err;
753 
}
754 
 
755 
/*
756 
 * Encode e by BER rules, putting answer in *pbytes.
757 
 * This is done by first calling enc with lenonly==1
758 
 * to get the length of the needed buffer,
759 
 * then allocating the buffer and using enc again to fill it up.
760 
 */
761 
static int
762 
encode(Elem e, Bytes** pbytes)
763 
{
764 
	uchar* p;
765 
	Bytes* ans;
766 
	int err;
767 
	uchar uc;
768 
 
769 
	p = &uc;
770 
	err = enc(&p, e, 1);
771 
	if(err == ASN_OK) {
772 
		ans = newbytes(p-&uc);
773 
		p = ans->data;
774 
		err = enc(&p, e, 0);
775 
		*pbytes = ans;
776 
	}
777 
	return err;
778 
}
779 
 
780 
/*
781 
 * The various enc functions take a pointer to a pointer
782 
 * into a buffer, and encode their entity starting there,
783 
 * updating the pointer afterwards.
784 
 * If lenonly is 1, only the pointer update is done,
785 
 * allowing enc to be called first to calculate the needed
786 
 * buffer length.
787 
 * If lenonly is 0, it is assumed that the answer will fit.
788 
 */
789 
 
790 
static int
791 
enc(uchar** pp, Elem e, int lenonly)
792 
{
793 
	int err;
794 
	int vlen;
795 
	int constr;
796 
	Tag tag;
797 
	int v;
798 
	int ilen;
799 
	uchar* p;
800 
	uchar* psave;
801 
 
802 
	p = *pp;
803 
	err = val_enc(&p, e, &constr, 1);
804 
	if(err != ASN_OK)
805 
		return err;
806 
	vlen = p - *pp;
807 
	p = *pp;
808 
	tag = e.tag;
809 
	v = tag.class|constr;
810 
	if(tag.num < 31) {
811 
		if(!lenonly)
812 
			*p = (v|tag.num);
813 
		p++;
814 
	}
815 
	else {
816 
		if(!lenonly)
817 
			*p = (v|31);
818 
		p++;
819 
		if(tag.num < 0)
820 
			return ASN_EINVAL;
821 
		uint7_enc(&p, tag.num, lenonly);
822 
	}
823 
	if(vlen < 0x80) {
824 
		if(!lenonly)
825 
			*p = vlen;
826 
		p++;
827 
	}
828 
	else {
829 
		psave = p;
830 
		int_enc(&p, vlen, 1, 1);
831 
		ilen = p-psave;
832 
		p = psave;
833 
		if(!lenonly) {
834 
			*p++ = (0x80 | ilen);
835 
			int_enc(&p, vlen, 1, 0);
836 
		}
837 
		else
838 
			p += 1 + ilen;
839 
	}
840 
	if(!lenonly)
841 
		val_enc(&p, e, &constr, 0);
842 
	else
843 
		p += vlen;
844 
	*pp = p;
845 
	return err;
846 
}
847 
 
848 
static int
849 
val_enc(uchar** pp, Elem e, int *pconstr, int lenonly)
850 
{
851 
	int err;
852 
	uchar* p;
853 
	int kind;
854 
	int cl;
855 
	int v;
856 
	Bytes* bb = nil;
857 
	Bits* bits;
858 
	Ints* oid;
859 
	int k;
860 
	Elist* el;
861 
	char* s;
862 
 
863 
	p = *pp;
864 
	err = ASN_OK;
865 
	kind = e.tag.num;
866 
	cl = e.tag.class;
867 
	*pconstr = 0;
868 
	if(cl != Universal) {
869 
		switch(e.val.tag) {
870 
		case VBool:
871 
			kind = BOOLEAN;
872 
			break;
873 
		case VInt:
874 
			kind = INTEGER;
875 
			break;
876 
		case VBigInt:
877 
			kind = INTEGER;
878 
			break;
879 
		case VOctets:
880 
			kind = OCTET_STRING;
881 
			break;
882 
		case VReal:
883 
			kind = REAL;
884 
			break;
885 
		case VOther:
886 
			kind = OCTET_STRING;
887 
			break;
888 
		case VBitString:
889 
			kind = BIT_STRING;
890 
			break;
891 
		case VNull:
892 
			kind = NULLTAG;
893 
			break;
894 
		case VObjId:
895 
			kind = OBJECT_ID;
896 
			break;
897 
		case VString:
898 
			kind = UniversalString;
899 
			break;
900 
		case VSeq:
901 
			kind = SEQUENCE;
902 
			break;
903 
		case VSet:
904 
			kind = SETOF;
905 
			break;
906 
		}
907 
	}
908 
	switch(kind) {
909 
	case BOOLEAN:
910 
		if(is_int(&e, &v)) {
911 
			if(v != 0)
912 
				v = 255;
913 
			 int_enc(&p, v, 1, lenonly);
914 
		}
915 
		else
916 
			err = ASN_EINVAL;
917 
		break;
918 
 
919 
	case INTEGER:
920 
	case ENUMERATED:
921 
		if(is_int(&e, &v))
922 
			int_enc(&p, v, 0, lenonly);
923 
		else {
924 
			if(is_bigint(&e, &bb)) {
925 
				if(!lenonly)
926 
					memmove(p, bb->data, bb->len);
927 
				p += bb->len;
928 
			}
929 
			else
930 
				err = ASN_EINVAL;
931 
		}
932 
		break;
933 
 
934 
	case BIT_STRING:
935 
		if(is_bitstring(&e, &bits)) {
936 
			if(bits->len == 0) {
937 
				if(!lenonly)
938 
					*p = 0;
939 
				p++;
940 
			}
941 
			else {
942 
				v = bits->unusedbits;
943 
				if(v < 0 || v > 7)
944 
					err = ASN_EINVAL;
945 
				else {
946 
					if(!lenonly) {
947 
						*p = v;
948 
						memmove(p+1, bits->data, bits->len);
949 
					}
950 
					p += 1 + bits->len;
951 
				}
952 
			}
953 
		}
954 
		else
955 
			err = ASN_EINVAL;
956 
		break;
957 
 
958 
	case OCTET_STRING:
959 
	case ObjectDescriptor:
960 
	case EXTERNAL:
961 
	case REAL:
962 
	case EMBEDDED_PDV:
963 
		bb = nil;
964 
		switch(e.val.tag) {
965 
		case VOctets:
966 
			bb = e.val.u.octetsval;
967 
			break;
968 
		case VReal:
969 
			bb = e.val.u.realval;
970 
			break;
971 
		case VOther:
972 
			bb = e.val.u.otherval;
973 
			break;
974 
		}
975 
		if(bb != nil) {
976 
			if(!lenonly)
977 
				memmove(p, bb->data, bb->len);
978 
			p += bb->len;
979 
		}
980 
			else
981 
				err = ASN_EINVAL;
982 
		break;
983 
 
984 
	case NULLTAG:
985 
		break;
986 
 
987 
	case OBJECT_ID:
988 
		if(is_oid(&e, &oid)) {
989 
			for(k = 0; k < oid->len; k++) {
990 
				v = oid->data[k];
991 
				if(k == 0) {
992 
					v *= 40;
993 
					if(oid->len > 1)
994 
						v += oid->data[++k];
995 
				}
996 
				uint7_enc(&p, v, lenonly);
997 
			}
998 
		}
999 
		else
1000 
			err = ASN_EINVAL;
1001 
		break;
1002 
 
1003 
	case SEQUENCE:
1004 
	case SETOF:
1005 
		el = nil;
1006 
		if(e.val.tag == VSeq)
1007 
			el = e.val.u.seqval;
1008 
		else if(e.val.tag == VSet)
1009 
			el = e.val.u.setval;
1010 
		else
1011 
			err = ASN_EINVAL;
1012 
		if(el != nil) {
1013 
			*pconstr = CONSTR_MASK;
1014 
			for(; el != nil; el = el->tl) {
1015 
				err = enc(&p, el->hd, lenonly);
1016 
				if(err != ASN_OK)
1017 
					break;
1018 
			}
1019 
		}
1020 
		break;
1021 
 
1022 
	case UTF8String:
1023 
	case NumericString:
1024 
	case PrintableString:
1025 
	case TeletexString:
1026 
	case VideotexString:
1027 
	case IA5String:
1028 
	case UTCTime:
1029 
	case GeneralizedTime:
1030 
	case GraphicString:
1031 
	case VisibleString:
1032 
	case GeneralString:
1033 
	case UniversalString:
1034 
	case BMPString:
1035 
		if(e.val.tag == VString) {
1036 
			s = e.val.u.stringval;
1037 
			if(s != nil) {
1038 
				v = strlen(s);
1039 
				if(!lenonly)
1040 
					memmove(p, s, v);
1041 
				p += v;
1042 
			}
1043 
		}
1044 
		else
1045 
			err = ASN_EINVAL;
1046 
		break;
1047 
 
1048 
	default:
1049 
		err = ASN_EINVAL;
1050 
	}
1051 
	*pp = p;
1052 
	return err;
1053 
}
1054 
 
1055 
/*
1056 
 * Encode num as unsigned 7 bit values with top bit 1 on all bytes
1057 
 * except last, only putting in bytes if !lenonly.
1058 
 */
1059 
static void
1060 
uint7_enc(uchar** pp, int num, int lenonly)
1061 
{
1062 
	int n;
1063 
	int v;
1064 
	int k;
1065 
	uchar* p;
1066 
 
1067 
	p = *pp;
1068 
	n = 1;
1069 
	v = num >> 7;
1070 
	while(v > 0) {
1071 
		v >>= 7;
1072 
		n++;
1073 
	}
1074 
	if(lenonly)
1075 
		p += n;
1076 
	else {
1077 
		for(k = (n - 1)*7; k > 0; k -= 7)
1078 
			*p++= ((num >> k)|0x80);
1079 
		*p++ = (num&0x7F);
1080 
	}
1081 
	*pp = p;
1082 
}
1083 
 
1084 
/*
1085 
 * Encode num as unsigned or signed integer,
1086 
 * only putting in bytes if !lenonly.
1087 
 * Encoding is length followed by bytes to concatenate.
1088 
 */
1089 
static void
1090 
int_enc(uchar** pp, int num, int unsgned, int lenonly)
1091 
{
1092 
	int v;
1093 
	int n;
1094 
	int prevv;
1095 
	int k;
1096 
	uchar* p;
1097 
 
1098 
	p = *pp;
1099 
	v = num;
1100 
	if(v < 0)
1101 
		v = -(v + 1);
1102 
	n = 1;
1103 
	prevv = v;
1104 
	v >>= 8;
1105 
	while(v > 0) {
1106 
		prevv = v;
1107 
		v >>= 8;
1108 
		n++;
1109 
	}
1110 
	if(!unsgned && (prevv&0x80))
1111 
		n++;
1112 
	if(lenonly)
1113 
		p += n;
1114 
	else {
1115 
		for(k = (n - 1)*8; k >= 0; k -= 8)
1116 
			*p++ = (num >> k);
1117 
	}
1118 
	*pp = p;
1119 
}
1120 
 
1121 
static int
1122 
ints_eq(Ints* a, Ints* b)
1123 
{
1124 
	int	alen;
1125 
	int	i;
1126 
 
1127 
	alen = a->len;
1128 
	if(alen != b->len)
1129 
		return 0;
1130 
	for(i = 0; i < alen; i++)
1131 
		if(a->data[i] != b->data[i])
1132 
			return 0;
1133 
	return 1;
1134 
}
1135 
 
1136 
/*
1137 
 * Look up o in tab (which must have nil entry to terminate).
1138 
 * Return index of matching entry, or -1 if none.
1139 
 */
1140 
static int
1141 
oid_lookup(Ints* o, Ints** tab)
1142 
{
1143 
	int i;
1144 
 
1145 
	for(i = 0; tab[i] != nil; i++)
1146 
		if(ints_eq(o, tab[i]))
1147 
			return  i;
1148 
	return -1;
1149 
}
1150 
 
1151 
/*
1152 
 * Return true if *pe is a SEQUENCE, and set *pseq to
1153 
 * the value of the sequence if so.
1154 
 */
1155 
static int
1156 
is_seq(Elem* pe, Elist** pseq)
1157 
{
1158 
	if(pe->tag.class == Universal && pe->tag.num == SEQUENCE && pe->val.tag == VSeq) {
1159 
		*pseq = pe->val.u.seqval;
1160 
		return 1;
1161 
	}
1162 
	return 0;
1163 
}
1164 
 
1165 
static int
1166 
is_set(Elem* pe, Elist** pset)
1167 
{
1168 
	if(pe->tag.class == Universal && pe->tag.num == SETOF && pe->val.tag == VSet) {
1169 
		*pset = pe->val.u.setval;
1170 
		return 1;
1171 
	}
1172 
	return 0;
1173 
}
1174 
 
1175 
static int
1176 
is_int(Elem* pe, int* pint)
1177 
{
1178 
	if(pe->tag.class == Universal) {
1179 
		if(pe->tag.num == INTEGER && pe->val.tag == VInt) {
1180 
			*pint = pe->val.u.intval;
1181 
			return 1;
1182 
		}
1183 
		else if(pe->tag.num == BOOLEAN && pe->val.tag == VBool) {
1184 
			*pint = pe->val.u.boolval;
1185 
			return 1;
1186 
		}
1187 
	}
1188 
	return 0;
1189 
}
1190 
 
1191 
/*
1192 
 * for convience, all VInt's are readable via this routine,
1193 
 * as well as all VBigInt's
1194 
 */
1195 
static int
1196 
is_bigint(Elem* pe, Bytes** pbigint)
1197 
{
1198 
	int v, n, i;
1199 
 
1200 
	if(pe->tag.class == Universal && pe->tag.num == INTEGER) {
1201 
		if(pe->val.tag == VBigInt)
1202 
			*pbigint = pe->val.u.bigintval;
1203 
		else if(pe->val.tag == VInt){
1204 
			v = pe->val.u.intval;
1205 
			for(n = 1; n < 4; n++)
1206 
				if((1 << (8 * n)) > v)
1207 
					break;
1208 
			*pbigint = newbytes(n);
1209 
			for(i = 0; i < n; i++)
1210 
				(*pbigint)->data[i] = (v >> ((n - 1 - i) * 8));
1211 
		}else
1212 
			return 0;
1213 
		return 1;
1214 
	}
1215 
	return 0;
1216 
}
1217 
 
1218 
static int
1219 
is_bitstring(Elem* pe, Bits** pbits)
1220 
{
1221 
	if(pe->tag.class == Universal && pe->tag.num == BIT_STRING && pe->val.tag == VBitString) {
1222 
		*pbits = pe->val.u.bitstringval;
1223 
		return 1;
1224 
	}
1225 
	return 0;
1226 
}
1227 
 
1228 
static int
1229 
is_octetstring(Elem* pe, Bytes** poctets)
1230 
{
1231 
	if(pe->tag.class == Universal && pe->tag.num == OCTET_STRING && pe->val.tag == VOctets) {
1232 
		*poctets = pe->val.u.octetsval;
1233 
		return 1;
1234 
	}
1235 
	return 0;
1236 
}
1237 
 
1238 
static int
1239 
is_oid(Elem* pe, Ints** poid)
1240 
{
1241 
	if(pe->tag.class == Universal && pe->tag.num == OBJECT_ID && pe->val.tag == VObjId) {
1242 
		*poid = pe->val.u.objidval;
1243 
		return 1;
1244 
	}
1245 
	return 0;
1246 
}
1247 
 
1248 
static int
1249 
is_string(Elem* pe, char** pstring)
1250 
{
1251 
	if(pe->tag.class == Universal) {
1252 
		switch(pe->tag.num) {
1253 
		case UTF8String:
1254 
		case NumericString:
1255 
		case PrintableString:
1256 
		case TeletexString:
1257 
		case VideotexString:
1258 
		case IA5String:
1259 
		case GraphicString:
1260 
		case VisibleString:
1261 
		case GeneralString:
1262 
		case UniversalString:
1263 
		case BMPString:
1264 
			if(pe->val.tag == VString) {
1265 
				*pstring = pe->val.u.stringval;
1266 
				return 1;
1267 
			}
1268 
		}
1269 
	}
1270 
	return 0;
1271 
}
1272 
 
1273 
static int
1274 
is_time(Elem* pe, char** ptime)
1275 
{
1276 
	if(pe->tag.class == Universal
1277 
	   && (pe->tag.num == UTCTime || pe->tag.num == GeneralizedTime)
1278 
	   && pe->val.tag == VString) {
1279 
		*ptime = pe->val.u.stringval;
1280 
		return 1;
1281 
	}
1282 
	return 0;
1283 
}
1284 
 
1285 
 
1286 
/*
1287 
 * malloc and return a new Bytes structure capable of
1288 
 * holding len bytes. (len >= 0)
1289 
 */
1290 
static Bytes*
1291 
newbytes(int len)
1292 
{
1293 
	Bytes* ans;
1294 
 
1295 
	ans = (Bytes*)emalloc(OFFSETOF(data[0], Bytes) + len);
1296 
	ans->len = len;
1297 
	return ans;
1298 
}
1299 
 
1300 
/*
1301 
 * newbytes(len), with data initialized from buf
1302 
 */
1303 
static Bytes*
1304 
makebytes(uchar* buf, int len)
1305 
{
1306 
	Bytes* ans;
1307 
 
1308 
	ans = newbytes(len);
1309 
	memmove(ans->data, buf, len);
1310 
	return ans;
1311 
}
1312 
 
1313 
static void
1314 
freebytes(Bytes* b)
1315 
{
1316 
	if(b != nil)
1317 
		free(b);
1318 
}
1319 
 
1320 
/*
1321 
 * Make a new Bytes, containing bytes of b1 followed by those of b2.
1322 
 * Either b1 or b2 or both can be nil.
1323 
 */
1324 
static Bytes*
1325 
catbytes(Bytes* b1, Bytes* b2)
1326 
{
1327 
	Bytes* ans;
1328 
	int n;
1329 
 
1330 
	if(b1 == nil) {
1331 
		if(b2 == nil)
1332 
			ans = newbytes(0);
1333 
		else
1334 
			ans = makebytes(b2->data, b2->len);
1335 
	}
1336 
	else if(b2 == nil) {
1337 
		ans = makebytes(b1->data, b1->len);
1338 
	}
1339 
	else {
1340 
		n = b1->len + b2->len;
1341 
		ans = newbytes(n);
1342 
		ans->len = n;
1343 
		memmove(ans->data, b1->data, b1->len);
1344 
		memmove(ans->data+b1->len, b2->data, b2->len);
1345 
	}
1346 
	return ans;
1347 
}
1348 
 
1349 
/* len is number of ints */
1350 
static Ints*
1351 
newints(int len)
1352 
{
1353 
	Ints* ans;
1354 
 
1355 
	ans = (Ints*)emalloc(OFFSETOF(data[0], Ints) + len*sizeof(int));
1356 
	ans->len = len;
1357 
	return ans;
1358 
}
1359 
 
1360 
static Ints*
1361 
makeints(int* buf, int len)
1362 
{
1363 
	Ints* ans;
1364 
 
1365 
	ans = newints(len);
1366 
	if(len > 0)
1367 
		memmove(ans->data, buf, len*sizeof(int));
1368 
	return ans;
1369 
}
1370 
 
1371 
static void
1372 
freeints(Ints* b)
1373 
{
1374 
	if(b != nil)
1375 
		free(b);
1376 
}
1377 
 
1378 
/* len is number of bytes */
1379 
static Bits*
1380 
newbits(int len)
1381 
{
1382 
	Bits* ans;
1383 
 
1384 
	ans = (Bits*)emalloc(OFFSETOF(data[0], Bits) + len);
1385 
	ans->len = len;
1386 
	ans->unusedbits = 0;
1387 
	return ans;
1388 
}
1389 
 
1390 
static Bits*
1391 
makebits(uchar* buf, int len, int unusedbits)
1392 
{
1393 
	Bits* ans;
1394 
 
1395 
	ans = newbits(len);
1396 
	memmove(ans->data, buf, len);
1397 
	ans->unusedbits = unusedbits;
1398 
	return ans;
1399 
}
1400 
 
1401 
static void
1402 
freebits(Bits* b)
1403 
{
1404 
	if(b != nil)
1405 
		free(b);
1406 
}
1407 
 
1408 
static Elist*
1409 
mkel(Elem e, Elist* tail)
1410 
{
1411 
	Elist* el;
1412 
 
1413 
	el = (Elist*)emalloc(sizeof(Elist));
1414 
	setmalloctag(el, getcallerpc(&e));
1415 
	el->hd = e;
1416 
	el->tl = tail;
1417 
	return el;
1418 
}
1419 
 
1420 
static int
1421 
elistlen(Elist* el)
1422 
{
1423 
	int ans = 0;
1424 
	while(el != nil) {
1425 
		ans++;
1426 
		el = el->tl;
1427 
	}
1428 
	return ans;
1429 
}
1430 
 
1431 
/* Frees elist, but not fields inside values of constituent elems */
1432 
static void
1433 
freeelist(Elist* el)
1434 
{
1435 
	Elist* next;
1436 
 
1437 
	while(el != nil) {
1438 
		next = el->tl;
1439 
		free(el);
1440 
		el = next;
1441 
	}
1442 
}
1443 
 
1444 
/* free any allocated structures inside v (recursively freeing Elists) */
1445 
static void
1446 
freevalfields(Value* v)
1447 
{
1448 
	Elist* el;
1449 
	Elist* l;
1450 
	if(v == nil)
1451 
		return;
1452 
	switch(v->tag) {
1453 
 	case VOctets:
1454 
		freebytes(v->u.octetsval);
1455 
		break;
1456 
	case VBigInt:
1457 
		freebytes(v->u.bigintval);
1458 
		break;
1459 
	case VReal:
1460 
		freebytes(v->u.realval);
1461 
		break;
1462 
	case VOther:
1463 
		freebytes(v->u.otherval);
1464 
		break;
1465 
	case VBitString:
1466 
		freebits(v->u.bitstringval);
1467 
		break;
1468 
	case VObjId:
1469 
		freeints(v->u.objidval);
1470 
		break;
1471 
	case VString:
1472 
		if(v->u.stringval)
1473 
			free(v->u.stringval);
1474 
		break;
1475 
	case VSeq:
1476 
		el = v->u.seqval;
1477 
		for(l = el; l != nil; l = l->tl)
1478 
			freevalfields(&l->hd.val);
1479 
		if(el)
1480 
			freeelist(el);
1481 
		break;
1482 
	case VSet:
1483 
		el = v->u.setval;
1484 
		for(l = el; l != nil; l = l->tl)
1485 
			freevalfields(&l->hd.val);
1486 
		if(el)
1487 
			freeelist(el);
1488 
		break;
1489 
	}
1490 
}
1491 
 
1492 
/* end of general ASN1 functions */
1493 
 
1494 
 
1495 
 
1496 
 
1497 
 
1498 
/*=============================================================*/
1499 
/*
1500 
 * Decode and parse an X.509 Certificate, defined by this ASN1:
1501 
 *	Certificate ::= SEQUENCE {
1502 
 *		certificateInfo CertificateInfo,
1503 
 *		signatureAlgorithm AlgorithmIdentifier,
1504 
 *		signature BIT STRING }
1505 
 *
1506 
 *	CertificateInfo ::= SEQUENCE {
1507 
 *		version [0] INTEGER DEFAULT v1 (0),
1508 
 *		serialNumber INTEGER,
1509 
 *		signature AlgorithmIdentifier,
1510 
 *		issuer Name,
1511 
 *		validity Validity,
1512 
 *		subject Name,
1513 
 *		subjectPublicKeyInfo SubjectPublicKeyInfo }
1514 
 *	(version v2 has two more fields, optional unique identifiers for
1515 
 *  issuer and subject; since we ignore these anyway, we won't parse them)
1516 
 *
1517 
 *	Validity ::= SEQUENCE {
1518 
 *		notBefore UTCTime,
1519 
 *		notAfter UTCTime }
1520 
 *
1521 
 *	SubjectPublicKeyInfo ::= SEQUENCE {
1522 
 *		algorithm AlgorithmIdentifier,
1523 
 *		subjectPublicKey BIT STRING }
1524 
 *
1525 
 *	AlgorithmIdentifier ::= SEQUENCE {
1526 
 *		algorithm OBJECT IDENTIFER,
1527 
 *		parameters ANY DEFINED BY ALGORITHM OPTIONAL }
1528 
 *
1529 
 *	Name ::= SEQUENCE OF RelativeDistinguishedName
1530 
 *
1531 
 *	RelativeDistinguishedName ::= SETOF SIZE(1..MAX) OF AttributeTypeAndValue
1532 
 *
1533 
 *	AttributeTypeAndValue ::= SEQUENCE {
1534 
 *		type OBJECT IDENTIFER,
1535 
 *		value DirectoryString }
1536 
 *	(selected attributes have these Object Ids:
1537 
 *		commonName {2 5 4 3}
1538 
 *		countryName {2 5 4 6}
1539 
 *		localityName {2 5 4 7}
1540 
 *		stateOrProvinceName {2 5 4 8}
1541 
 *		organizationName {2 5 4 10}
1542 
 *		organizationalUnitName {2 5 4 11}
1543 
 *	)
1544 
 *
1545 
 *	DirectoryString ::= CHOICE {
1546 
 *		teletexString TeletexString,
1547 
 *		printableString PrintableString,
1548 
 *		universalString UniversalString }
1549 
 *
1550 
 *  See rfc1423, rfc2437 for AlgorithmIdentifier, subjectPublicKeyInfo, signature.
1551 
 *
1552 
 *  Not yet implemented:
1553 
 *   CertificateRevocationList ::= SIGNED SEQUENCE{
1554 
 *           signature       AlgorithmIdentifier,
1555 
 *           issuer          Name,
1556 
 *           lastUpdate      UTCTime,
1557 
 *           nextUpdate      UTCTime,
1558 
 *           revokedCertificates
1559 
 *                           SEQUENCE OF CRLEntry OPTIONAL}
1560 
 *   CRLEntry ::= SEQUENCE{
1561 
 *           userCertificate SerialNumber,
1562 
 *           revocationDate UTCTime}
1563 
 */
1564 
 
1565 
typedef struct CertX509 {
1566 
	int	serial;
1567 
	char*	issuer;
1568 
	char*	validity_start;
1569 
	char*	validity_end;
1570 
	char*	subject;
1571 
	int	publickey_alg;
1572 
	Bytes*	publickey;
1573 
	int	signature_alg;
1574 
	Bytes*	signature;
1575 
} CertX509;
1576 
 
1577 
/* Algorithm object-ids */
1578 
enum {
1579 
	ALG_rsaEncryption,
1580 
	ALG_md2WithRSAEncryption,
1581 
	ALG_md4WithRSAEncryption,
1582 
	ALG_md5WithRSAEncryption,
1583 
	ALG_sha1WithRSAEncryption,
1584 
	ALG_sha1WithRSAEncryptionOiw,
1585 
	ALG_md5,
1586 
	NUMALGS
1587 
};
1588 
typedef struct Ints7 {
1589 
	int		len;
1590 
	int		data[7];
1591 
} Ints7;
1592 
static Ints7 oid_rsaEncryption = {7, 1, 2, 840, 113549, 1, 1, 1 };
1593 
static Ints7 oid_md2WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 2 };
1594 
static Ints7 oid_md4WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 3 };
1595 
static Ints7 oid_md5WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 4 };
1596 
static Ints7 oid_sha1WithRSAEncryption ={7, 1, 2, 840, 113549, 1, 1, 5 };
1597 
static Ints7 oid_sha1WithRSAEncryptionOiw ={6, 1, 3, 14, 3, 2, 29 };
1598 
static Ints7 oid_md5 ={6, 1, 2, 840, 113549, 2, 5, 0 };
1599 
static Ints *alg_oid_tab[NUMALGS+1] = {
1600 
	(Ints*)&oid_rsaEncryption,
1601 
	(Ints*)&oid_md2WithRSAEncryption,
1602 
	(Ints*)&oid_md4WithRSAEncryption,
1603 
	(Ints*)&oid_md5WithRSAEncryption,
1604 
	(Ints*)&oid_sha1WithRSAEncryption,
1605 
	(Ints*)&oid_sha1WithRSAEncryptionOiw,
1606 
	(Ints*)&oid_md5,
1607 
	nil
1608 
};
1609 
static DigestFun digestalg[NUMALGS+1] = { md5, md5, md5, md5, sha1, sha1, md5, nil };
1610 
 
1611 
static void
1612 
freecert(CertX509* c)
1613 
{
1614 
	if(!c) return;
1615 
	if(c->issuer != nil)
1616 
		free(c->issuer);
1617 
	if(c->validity_start != nil)
1618 
		free(c->validity_start);
1619 
	if(c->validity_end != nil)
1620 
		free(c->validity_end);
1621 
	if(c->subject != nil)
1622 
		free(c->subject);
1623 
	freebytes(c->publickey);
1624 
	freebytes(c->signature);
1625 
	free(c);
1626 
}
1627 
 
1628 
/*
1629 
 * Parse the Name ASN1 type.
1630 
 * The sequence of RelativeDistinguishedName's gives a sort of pathname,
1631 
 * from most general to most specific.  Each element of the path can be
1632 
 * one or more (but usually just one) attribute-value pair, such as
1633 
 * countryName="US".
1634 
 * We'll just form a "postal-style" address string by concatenating the elements
1635 
 * from most specific to least specific, separated by commas.
1636 
 * Return name-as-string (which must be freed by caller).
1637 
 */
1638 
static char*
1639 
parse_name(Elem* e)
1640 
{
1641 
	Elist* el;
1642 
	Elem* es;
1643 
	Elist* esetl;
1644 
	Elem* eat;
1645 
	Elist* eatl;
1646 
	char* s;
1647 
	enum { MAXPARTS = 100 };
1648 
	char* parts[MAXPARTS];
1649 
	int i;
1650 
	int plen;
1651 
	char* ans = nil;
1652 
 
1653 
	if(!is_seq(e, &el))
1654 
		goto errret;
1655 
	i = 0;
1656 
	plen = 0;
1657 
	while(el != nil) {
1658 
		es = &el->hd;
1659 
		if(!is_set(es, &esetl))
1660 
			goto errret;
1661 
		while(esetl != nil) {
1662 
			eat = &esetl->hd;
1663 
			if(!is_seq(eat, &eatl) || elistlen(eatl) != 2)
1664 
				goto errret;
1665 
			if(!is_string(&eatl->tl->hd, &s) || i>=MAXPARTS)
1666 
				goto errret;
1667 
			parts[i++] = s;
1668 
			plen += strlen(s) + 2;		/* room for ", " after */
1669 
			esetl = esetl->tl;
1670 
		}
1671 
		el = el->tl;
1672 
	}
1673 
	if(i > 0) {
1674 
		ans = (char*)emalloc(plen);
1675 
		*ans = '\0';
1676 
		while(--i >= 0) {
1677 
			s = parts[i];
1678 
			strcat(ans, s);
1679 
			if(i > 0)
1680 
				strcat(ans, ", ");
1681 
		}
1682 
	}
1683 
 
1684 
errret:
1685 
	return ans;
1686 
}
1687 
 
1688 
/*
1689 
 * Parse an AlgorithmIdentifer ASN1 type.
1690 
 * Look up the oid in oid_tab and return one of OID_rsaEncryption, etc..,
1691 
 * or -1 if not found.
1692 
 * For now, ignore parameters, since none of our algorithms need them.
1693 
 */
1694 
static int
1695 
parse_alg(Elem* e)
1696 
{
1697 
	Elist* el;
1698 
	Ints* oid;
1699 
 
1700 
	if(!is_seq(e, &el) || el == nil || !is_oid(&el->hd, &oid))
1701 
		return -1;
1702 
	return oid_lookup(oid, alg_oid_tab);
1703 
}
1704 
 
1705 
static CertX509*
1706 
decode_cert(Bytes* a)
1707 
{
1708 
	int ok = 0;
1709 
	int n;
1710 
	CertX509* c = nil;
1711 
	Elem  ecert;
1712 
	Elem* ecertinfo;
1713 
	Elem* esigalg;
1714 
	Elem* esig;
1715 
	Elem* eserial;
1716 
	Elem* eissuer;
1717 
	Elem* evalidity;
1718 
	Elem* esubj;
1719 
	Elem* epubkey;
1720 
	Elist* el;
1721 
	Elist* elcert = nil;
1722 
	Elist* elcertinfo = nil;
1723 
	Elist* elvalidity = nil;
1724 
	Elist* elpubkey = nil;
1725 
	Bits* bits = nil;
1726 
	Bytes* b;
1727 
	Elem* e;
1728 
 
1729 
	if(decode(a->data, a->len, &ecert) != ASN_OK)
1730 
		goto errret;
1731 
 
1732 
	c = (CertX509*)emalloc(sizeof(CertX509));
1733 
	c->serial = -1;
1734 
	c->issuer = nil;
1735 
	c->validity_start = nil;
1736 
	c->validity_end = nil;
1737 
	c->subject = nil;
1738 
	c->publickey_alg = -1;
1739 
	c->publickey = nil;
1740 
	c->signature_alg = -1;
1741 
	c->signature = nil;
1742 
 
1743 
	/* Certificate */
1744 
 	if(!is_seq(&ecert, &elcert) || elistlen(elcert) !=3)
1745 
		goto errret;
1746 
 	ecertinfo = &elcert->hd;
1747 
 	el = elcert->tl;
1748 
 	esigalg = &el->hd;
1749 
	c->signature_alg = parse_alg(esigalg);
1750 
 	el = el->tl;
1751 
 	esig = &el->hd;
1752 
 
1753 
	/* Certificate Info */
1754 
	if(!is_seq(ecertinfo, &elcertinfo))
1755 
		goto errret;
1756 
	n = elistlen(elcertinfo);
1757 
  	if(n < 6)
1758 
		goto errret;
1759 
	eserial =&elcertinfo->hd;
1760 
 	el = elcertinfo->tl;
1761 
 	/* check for optional version, marked by explicit context tag 0 */
1762 
	if(eserial->tag.class == Context && eserial->tag.num == 0) {
1763 
 		eserial = &el->hd;
1764 
 		if(n < 7)
1765 
 			goto errret;
1766 
 		el = el->tl;
1767 
 	}
1768 
 
1769 
	if(parse_alg(&el->hd) != c->signature_alg)
1770 
		goto errret;
1771 
 	el = el->tl;
1772 
 	eissuer = &el->hd;
1773 
 	el = el->tl;
1774 
 	evalidity = &el->hd;
1775 
 	el = el->tl;
1776 
 	esubj = &el->hd;
1777 
 	el = el->tl;
1778 
 	epubkey = &el->hd;
1779 
 	if(!is_int(eserial, &c->serial)) {
1780 
		if(!is_bigint(eserial, &b))
1781 
			goto errret;
1782 
		c->serial = -1;	/* else we have to change cert struct */
1783 
  	}
1784 
	c->issuer = parse_name(eissuer);
1785 
	if(c->issuer == nil)
1786 
		goto errret;
1787 
	/* Validity */
1788 
  	if(!is_seq(evalidity, &elvalidity))
1789 
		goto errret;
1790 
	if(elistlen(elvalidity) != 2)
1791 
		goto errret;
1792 
	e = &elvalidity->hd;
1793 
	if(!is_time(e, &c->validity_start))
1794 
		goto errret;
1795 
	e->val.u.stringval = nil;	/* string ownership transfer */
1796 
	e = &elvalidity->tl->hd;
1797 
 	if(!is_time(e, &c->validity_end))
1798 
		goto errret;
1799 
	e->val.u.stringval = nil;	/* string ownership transfer */
1800 
 
1801 
	/* resume CertificateInfo */
1802 
 	c->subject = parse_name(esubj);
1803 
	if(c->subject == nil)
1804 
		goto errret;
1805 
 
1806 
	/* SubjectPublicKeyInfo */
1807 
 	if(!is_seq(epubkey, &elpubkey))
1808 
		goto errret;
1809 
	if(elistlen(elpubkey) != 2)
1810 
		goto errret;
1811 
 
1812 
	c->publickey_alg = parse_alg(&elpubkey->hd);
1813 
	if(c->publickey_alg < 0)
1814 
		goto errret;
1815 
  	if(!is_bitstring(&elpubkey->tl->hd, &bits))
1816 
		goto errret;
1817 
	if(bits->unusedbits != 0)
1818 
		goto errret;
1819 
 	c->publickey = makebytes(bits->data, bits->len);
1820 
 
1821 
	/*resume Certificate */
1822 
	if(c->signature_alg < 0)
1823 
		goto errret;
1824 
 	if(!is_bitstring(esig, &bits))
1825 
		goto errret;
1826 
 	c->signature = makebytes(bits->data, bits->len);
1827 
	ok = 1;
1828 
 
1829 
errret:
1830 
	freevalfields(&ecert.val);	/* recurses through lists, too */
1831 
	if(!ok){
1832 
		freecert(c);
1833 
		c = nil;
1834 
	}
1835 
	return c;
1836 
}
1837 
 
1838 
/*
1839 
 *	RSAPublickKey :: SEQUENCE {
1840 
 *		modulus INTEGER,
1841 
 *		publicExponent INTEGER
1842 
 *	}
1843 
 */
1844 
static RSApub*
1845 
decode_rsapubkey(Bytes* a)
1846 
{
1847 
	Elem e;
1848 
	Elist *el, *l;
1849 
	mpint *mp;
1850 
	RSApub* key;
1851 
 
1852 
	l = nil;
1853 
	key = rsapuballoc();
1854 
	if(decode(a->data, a->len, &e) != ASN_OK)
1855 
		goto errret;
1856 
	if(!is_seq(&e, &el) || elistlen(el) != 2)
1857 
		goto errret;
1858 
 
1859 
	l = el;
1860 
 
1861 
	key->n = mp = asn1mpint(&el->hd);
1862 
	if(mp == nil)
1863 
		goto errret;
1864 
 
1865 
	el = el->tl;
1866 
	key->ek = mp = asn1mpint(&el->hd);
1867 
	if(mp == nil)
1868 
		goto errret;
1869 
 
1870 
	if(l != nil)
1871 
		freeelist(l);
1872 
	return key;
1873 
errret:
1874 
	if(l != nil)
1875 
		freeelist(l);
1876 
	rsapubfree(key);
1877 
	return nil;
1878 
}
1879 
 
1880 
/*
1881 
 *	RSAPrivateKey ::= SEQUENCE {
1882 
 *		version Version,
1883 
 *		modulus INTEGER, -- n
1884 
 *		publicExponent INTEGER, -- e
1885 
 *		privateExponent INTEGER, -- d
1886 
 *		prime1 INTEGER, -- p
1887 
 *		prime2 INTEGER, -- q
1888 
 *		exponent1 INTEGER, -- d mod (p-1)
1889 
 *		exponent2 INTEGER, -- d mod (q-1)
1890 
 *		coefficient INTEGER -- (inverse of q) mod p }
1891 
 */
1892 
static RSApriv*
1893 
decode_rsaprivkey(Bytes* a)
1894 
{
1895 
	int version;
1896 
	Elem e;
1897 
	Elist *el;
1898 
	mpint *mp;
1899 
	RSApriv* key;
1900 
 
1901 
	key = rsaprivalloc();
1902 
	if(decode(a->data, a->len, &e) != ASN_OK)
1903 
		goto errret;
1904 
	if(!is_seq(&e, &el) || elistlen(el) != 9)
1905 
		goto errret;
1906 
	if(!is_int(&el->hd, &version) || version != 0)
1907 
		goto errret;
1908 
 
1909 
	el = el->tl;
1910 
	key->pub.n = mp = asn1mpint(&el->hd);
1911 
	if(mp == nil)
1912 
		goto errret;
1913 
 
1914 
	el = el->tl;
1915 
	key->pub.ek = mp = asn1mpint(&el->hd);
1916 
	if(mp == nil)
1917 
		goto errret;
1918 
 
1919 
	el = el->tl;
1920 
	key->dk = mp = asn1mpint(&el->hd);
1921 
	if(mp == nil)
1922 
		goto errret;
1923 
 
1924 
	el = el->tl;
1925 
	key->q = mp = asn1mpint(&el->hd);
1926 
	if(mp == nil)
1927 
		goto errret;
1928 
 
1929 
	el = el->tl;
1930 
	key->p = mp = asn1mpint(&el->hd);
1931 
	if(mp == nil)
1932 
		goto errret;
1933 
 
1934 
	el = el->tl;
1935 
	key->kq = mp = asn1mpint(&el->hd);
1936 
	if(mp == nil)
1937 
		goto errret;
1938 
 
1939 
	el = el->tl;
1940 
	key->kp = mp = asn1mpint(&el->hd);
1941 
	if(mp == nil)
1942 
		goto errret;
1943 
 
1944 
	el = el->tl;
1945 
	key->c2 = mp = asn1mpint(&el->hd);
1946 
	if(mp == nil)
1947 
		goto errret;
1948 
 
1949 
	return key;
1950 
errret:
1951 
	rsaprivfree(key);
1952 
	return nil;
1953 
}
1954 
 
1955 
/*
1956 
 * 	DSAPrivateKey ::= SEQUENCE{
1957 
 *		version Version,
1958 
 *		p INTEGER,
1959 
 *		q INTEGER,
1960 
 *		g INTEGER, -- alpha
1961 
 *		pub_key INTEGER, -- key
1962 
 *		priv_key INTEGER, -- secret
1963 
 *	}
1964 
 */
1965 
static DSApriv*
1966 
decode_dsaprivkey(Bytes* a)
1967 
{
1968 
	int version;
1969 
	Elem e;
1970 
	Elist *el;
1971 
	mpint *mp;
1972 
	DSApriv* key;
1973 
 
1974 
	key = dsaprivalloc();
1975 
	if(decode(a->data, a->len, &e) != ASN_OK)
1976 
		goto errret;
1977 
	if(!is_seq(&e, &el) || elistlen(el) != 6)
1978 
		goto errret;
1979 
version = -1;
1980 
	if(!is_int(&el->hd, &version) || version != 0)
1981 
{
1982 
fprint(2, "version %d\n", version);
1983 
		goto errret;
1984 
}
1985 
 
1986 
	el = el->tl;
1987 
	key->pub.p = mp = asn1mpint(&el->hd);
1988 
	if(mp == nil)
1989 
		goto errret;
1990 
 
1991 
	el = el->tl;
1992 
	key->pub.q = mp = asn1mpint(&el->hd);
1993 
	if(mp == nil)
1994 
		goto errret;
1995 
 
1996 
	el = el->tl;
1997 
	key->pub.alpha = mp = asn1mpint(&el->hd);
1998 
	if(mp == nil)
1999 
		goto errret;
2000 
 
2001 
	el = el->tl;
2002 
	key->pub.key = mp = asn1mpint(&el->hd);
2003 
	if(mp == nil)
2004 
		goto errret;
2005 
 
2006 
	el = el->tl;
2007 
	key->secret = mp = asn1mpint(&el->hd);
2008 
	if(mp == nil)
2009 
		goto errret;
2010 
 
2011 
	return key;
2012 
errret:
2013 
	dsaprivfree(key);
2014 
	return nil;
2015 
}
2016 
 
2017 
static mpint*
2018 
asn1mpint(Elem *e)
2019 
{
2020 
	Bytes *b;
2021 
	mpint *mp;
2022 
	int v;
2023 
 
2024 
	if(is_int(e, &v))
2025 
		return itomp(v, nil);
2026 
	if(is_bigint(e, &b)) {
2027 
		mp = betomp(b->data, b->len, nil);
2028 
		freebytes(b);
2029 
		return mp;
2030 
	}
2031 
	return nil;
2032 
}
2033 
 
2034 
static mpint*
2035 
pkcs1pad(Bytes *b, mpint *modulus)
2036 
{
2037 
	int n = (mpsignif(modulus)+7)/8;
2038 
	int pm1, i;
2039 
	uchar *p;
2040 
	mpint *mp;
2041 
 
2042 
	pm1 = n - 1 - b->len;
2043 
	p = (uchar*)emalloc(n);
2044 
	p[0] = 0;
2045 
	p[1] = 1;
2046 
	for(i = 2; i < pm1; i++)
2047 
		p[i] = 0xFF;
2048 
	p[pm1] = 0;
2049 
	memcpy(&p[pm1+1], b->data, b->len);
2050 
	mp = betomp(p, n, nil);
2051 
	free(p);
2052 
	return mp;
2053 
}
2054 
 
2055 
RSApriv*
2056 
asn1toRSApriv(uchar *kd, int kn)
2057 
{
2058 
	Bytes *b;
2059 
	RSApriv *key;
2060 
 
2061 
	b = makebytes(kd, kn);
2062 
	key = decode_rsaprivkey(b);
2063 
	freebytes(b);
2064 
	return key;
2065 
}
2066 
 
2067 
DSApriv*
2068 
asn1toDSApriv(uchar *kd, int kn)
2069 
{
2070 
	Bytes *b;
2071 
	DSApriv *key;
2072 
 
2073 
	b = makebytes(kd, kn);
2074 
	key = decode_dsaprivkey(b);
2075 
	freebytes(b);
2076 
	return key;
2077 
}
2078 
 
2079 
/*
2080 
 * digest(CertificateInfo)
2081 
 * Our ASN.1 library doesn't return pointers into the original
2082 
 * data array, so we need to do a little hand decoding.
2083 
 */
2084 
static void
2085 
digest_certinfo(Bytes *cert, DigestFun digestfun, uchar *digest)
2086 
{
2087 
	uchar *info, *p, *pend;
2088 
	ulong infolen;
2089 
	int isconstr, length;
2090 
	Tag tag;
2091 
	Elem elem;
2092 
 
2093 
	p = cert->data;
2094 
	pend = cert->data + cert->len;
2095 
	if(tag_decode(&p, pend, &tag, &isconstr) != ASN_OK ||
2096 
	   tag.class != Universal || tag.num != SEQUENCE ||
2097 
	   length_decode(&p, pend, &length) != ASN_OK ||
2098 
	   p+length > pend ||
2099 
	   p+length < p)
2100 
		return;
2101 
	info = p;
2102 
	if(ber_decode(&p, pend, &elem) != ASN_OK)
2103 
		return;
2104 
	freevalfields(&elem.val);
2105 
	if(elem.tag.num != SEQUENCE)
2106 
		return;
2107 
	infolen = p - info;
2108 
	(*digestfun)(info, infolen, digest, nil);
2109 
}
2110 
 
2111 
static char*
2112 
verify_signature(Bytes* signature, RSApub *pk, uchar *edigest, Elem **psigalg)
2113 
{
2114 
	Elem e;
2115 
	Elist *el;
2116 
	Bytes *digest;
2117 
	uchar *pkcs1buf, *buf;
2118 
	int buflen;
2119 
	mpint *pkcs1;
2120 
	int nlen;
2121 
	char *err;
2122 
 
2123 
	err = nil;
2124 
	pkcs1buf = nil;
2125 
 
2126 
	/* one less than the byte length of the modulus */
2127 
	nlen = (mpsignif(pk->n)-1)/8;
2128 
 
2129 
	/* see 9.2.1 of rfc2437 */
2130 
	pkcs1 = betomp(signature->data, signature->len, nil);
2131 
	mpexp(pkcs1, pk->ek, pk->n, pkcs1);
2132 
	buflen = mptobe(pkcs1, nil, 0, &pkcs1buf);
2133 
	buf = pkcs1buf;
2134 
	if(buflen != nlen || buf[0] != 1) {
2135 
		err = "expected 1";
2136 
		goto end;
2137 
	}
2138 
	buf++;
2139 
	while(buf[0] == 0xff)
2140 
		buf++;
2141 
	if(buf[0] != 0) {
2142 
		err = "expected 0";
2143 
		goto end;
2144 
	}
2145 
	buf++;
2146 
	buflen -= buf-pkcs1buf;
2147 
	if(decode(buf, buflen, &e) != ASN_OK || !is_seq(&e, &el) || elistlen(el) != 2 ||
2148 
			!is_octetstring(&el->tl->hd, &digest)) {
2149 
		err = "signature parse error";
2150 
		goto end;
2151 
	}
2152 
	*psigalg = &el->hd;
2153 
	if(memcmp(digest->data, edigest, digest->len) == 0)
2154 
		goto end;
2155 
	err = "digests did not match";
2156 
 
2157 
end:
2158 
	if(pkcs1 != nil)
2159 
		mpfree(pkcs1);
2160 
	if(pkcs1buf != nil)
2161 
		free(pkcs1buf);
2162 
	return err;
2163 
}
2164 
 
2165 
RSApub*
2166 
X509toRSApub(uchar *cert, int ncert, char *name, int nname)
2167 
{
2168 
	char *e;
2169 
	Bytes *b;
2170 
	CertX509 *c;
2171 
	RSApub *pk;
2172 
 
2173 
	b = makebytes(cert, ncert);
2174 
	c = decode_cert(b);
2175 
	freebytes(b);
2176 
	if(c == nil)
2177 
		return nil;
2178 
	if(name != nil && c->subject != nil){
2179 
		e = strchr(c->subject, ',');
2180 
		if(e != nil)
2181 
			*e = 0;	/* take just CN part of Distinguished Name */
2182 
		strncpy(name, c->subject, nname);
2183 
	}
2184 
	pk = decode_rsapubkey(c->publickey);
2185 
	freecert(c);
2186 
	return pk;
2187 
}
2188 
 
2189 
int
2190 
getalgo(Elem *e)
2191 
{
2192 
	Value *v;
2193 
	Elist *el;
2194 
	int a;
2195 
 
2196 
	if((a = parse_alg(e)) >= 0)
2197 
		return a;
2198 
	v = &e->val;
2199 
	if(v->tag == VSeq){
2200 
		print("Seq\n");
2201 
		for(el = v->u.seqval; el!=nil; el = el->tl){
2202 
			if((a = getalgo(&el->hd)) >= 0)
2203 
				return a;
2204 
		}
2205 
	}
2206 
	return -1;
2207 
}
2208 
 
2209 
static void edump(Elem e);
2210 
 
2211 
RSApub*
2212 
asn1toRSApub(uchar *der, int nder)
2213 
{
2214 
	Elem e;
2215 
	Elist *el, *l;
2216 
	int n;
2217 
	Bits *b;
2218 
	RSApub *key;
2219 
	mpint *mp;
2220 
 
2221 
	if(decode(der, nder, &e) != ASN_OK){
2222 
		print("didn't parse\n");
2223 
		return nil;
2224 
	}
2225 
	if(!is_seq(&e, &el)){
2226 
		print("no seq");
2227 
		return nil;
2228 
	}
2229 
	if((n = elistlen(el)) != 2){
2230 
		print("bad length %d\n", n);
2231 
		return nil;
2232 
	}
2233 
	if((n = getalgo(&el->hd)) < 0){
2234 
		print("no algo\n");
2235 
		return nil;
2236 
	}
2237 
	if(n != 0){
2238 
		print("cant do algorithm %d\n", n);
2239 
		return nil;
2240 
	}
2241 
	if(!is_bitstring(&el->tl->hd, &b)){
2242 
		print("no bits\n");
2243 
		return nil;
2244 
	}
2245 
	if(decode(b->data, b->len, &e) != ASN_OK){
2246 
		print("no second decode\n");
2247 
		return nil;
2248 
	}
2249 
	if(!is_seq(&e, &el)){
2250 
		print("no second seq\n");
2251 
		return nil;
2252 
	}
2253 
	if(elistlen(el) != 2){
2254 
		print("no second length\n");
2255 
		return nil;
2256 
	}
2257 
	key = rsapuballoc();
2258 
 
2259 
	l = el;
2260 
 
2261 
	key->n = mp = asn1mpint(&el->hd);
2262 
	if(mp == nil)
2263 
		goto errret;
2264 
 
2265 
	el = el->tl;
2266 
	key->ek = mp = asn1mpint(&el->hd);
2267 
	if(mp == nil)
2268 
		goto errret;
2269 
 
2270 
	if(l != nil)
2271 
		freeelist(l);
2272 
	return key;
2273 
errret:
2274 
	if(l != nil)
2275 
		freeelist(l);
2276 
	rsapubfree(key);
2277 
	return nil;
2278 
}
2279 
 
2280 
char*
2281 
X509verify(uchar *cert, int ncert, RSApub *pk)
2282 
{
2283 
	char *e;
2284 
	Bytes *b;
2285 
	CertX509 *c;
2286 
	uchar digest[SHA1dlen];
2287 
	Elem *sigalg;
2288 
 
2289 
	b = makebytes(cert, ncert);
2290 
	c = decode_cert(b);
2291 
	if(c != nil)
2292 
		digest_certinfo(b, digestalg[c->signature_alg], digest);
2293 
	freebytes(b);
2294 
	if(c == nil)
2295 
		return "cannot decode cert";
2296 
	e = verify_signature(c->signature, pk, digest, &sigalg);
2297 
	freecert(c);
2298 
	return e;
2299 
}
2300 
 
2301 
/* ------- Elem constructors ---------- */
2302 
static Elem
2303 
Null(void)
2304 
{
2305 
	Elem e;
2306 
 
2307 
	e.tag.class = Universal;
2308 
	e.tag.num = NULLTAG;
2309 
	e.val.tag = VNull;
2310 
	return e;
2311 
}
2312 
 
2313 
static Elem
2314 
mkint(int j)
2315 
{
2316 
	Elem e;
2317 
 
2318 
	e.tag.class = Universal;
2319 
	e.tag.num = INTEGER;
2320 
	e.val.tag = VInt;
2321 
	e.val.u.intval = j;
2322 
	return e;
2323 
}
2324 
 
2325 
static Elem
2326 
mkbigint(mpint *p)
2327 
{
2328 
	Elem e;
2329 
	uchar *buf;
2330 
	int buflen;
2331 
 
2332 
	e.tag.class = Universal;
2333 
	e.tag.num = INTEGER;
2334 
	e.val.tag = VBigInt;
2335 
	buflen = mptobe(p, nil, 0, &buf);
2336 
	e.val.u.bigintval = makebytes(buf, buflen);
2337 
	free(buf);
2338 
	return e;
2339 
}
2340 
 
2341 
static Elem
2342 
mkstring(char *s)
2343 
{
2344 
	Elem e;
2345 
 
2346 
	e.tag.class = Universal;
2347 
	e.tag.num = IA5String;
2348 
	e.val.tag = VString;
2349 
	e.val.u.stringval = estrdup(s);
2350 
	return e;
2351 
}
2352 
 
2353 
static Elem
2354 
mkoctet(uchar *buf, int buflen)
2355 
{
2356 
	Elem e;
2357 
 
2358 
	e.tag.class = Universal;
2359 
	e.tag.num = OCTET_STRING;
2360 
	e.val.tag = VOctets;
2361 
	e.val.u.octetsval = makebytes(buf, buflen);
2362 
	return e;
2363 
}
2364 
 
2365 
static Elem
2366 
mkbits(uchar *buf, int buflen)
2367 
{
2368 
	Elem e;
2369 
 
2370 
	e.tag.class = Universal;
2371 
	e.tag.num = BIT_STRING;
2372 
	e.val.tag = VBitString;
2373 
	e.val.u.bitstringval = makebits(buf, buflen, 0);
2374 
	return e;
2375 
}
2376 
 
2377 
static Elem
2378 
mkutc(long t)
2379 
{
2380 
	Elem e;
2381 
	char utc[50];
2382 
	Tm *tm = gmtime(t);
2383 
 
2384 
	e.tag.class = Universal;
2385 
	e.tag.num = UTCTime;
2386 
	e.val.tag = VString;
2387 
	snprint(utc, 50, "%.2d%.2d%.2d%.2d%.2d%.2dZ",
2388 
		tm->year % 100, tm->mon+1, tm->mday, tm->hour, tm->min, tm->sec);
2389 
	e.val.u.stringval = estrdup(utc);
2390 
	return e;
2391 
}
2392 
 
2393 
static Elem
2394 
mkoid(Ints *oid)
2395 
{
2396 
	Elem e;
2397 
 
2398 
	e.tag.class = Universal;
2399 
	e.tag.num = OBJECT_ID;
2400 
	e.val.tag = VObjId;
2401 
	e.val.u.objidval = makeints(oid->data, oid->len);
2402 
	return e;
2403 
}
2404 
 
2405 
static Elem
2406 
mkseq(Elist *el)
2407 
{
2408 
	Elem e;
2409 
 
2410 
	e.tag.class = Universal;
2411 
	e.tag.num = SEQUENCE;
2412 
	e.val.tag = VSeq;
2413 
	e.val.u.seqval = el;
2414 
	return e;
2415 
}
2416 
 
2417 
static Elem
2418 
mkset(Elist *el)
2419 
{
2420 
	Elem e;
2421 
 
2422 
	e.tag.class = Universal;
2423 
	e.tag.num = SETOF;
2424 
	e.val.tag = VSet;
2425 
	e.val.u.setval = el;
2426 
	return e;
2427 
}
2428 
 
2429 
static Elem
2430 
mkalg(int alg)
2431 
{
2432 
	return mkseq(mkel(mkoid(alg_oid_tab[alg]), mkel(Null(), nil)));
2433 
}
2434 
 
2435 
typedef struct Ints7pref {
2436 
	int		len;
2437 
	int		data[7];
2438 
	char	prefix[4];
2439 
} Ints7pref;
2440 
Ints7pref DN_oid[] = {
2441 
	{4, 2, 5, 4, 6, 0, 0, 0,  "C="},
2442 
	{4, 2, 5, 4, 8, 0, 0, 0,  "ST="},
2443 
	{4, 2, 5, 4, 7, 0, 0, 0,  "L="},
2444 
	{4, 2, 5, 4, 10, 0, 0, 0, "O="},
2445 
	{4, 2, 5, 4, 11, 0, 0, 0, "OU="},
2446 
	{4, 2, 5, 4, 3, 0, 0, 0,  "CN="},
2447 
 	{7, 1,2,840,113549,1,9,1, "E="},
2448 
};
2449 
 
2450 
static Elem
2451 
mkname(Ints7pref *oid, char *subj)
2452 
{
2453 
	return mkset(mkel(mkseq(mkel(mkoid((Ints*)oid), mkel(mkstring(subj), nil))), nil));
2454 
}
2455 
 
2456 
static Elem
2457 
mkDN(char *dn)
2458 
{
2459 
	int i, j, nf;
2460 
	char *f[20], *prefix, *d2 = estrdup(dn);
2461 
	Elist* el = nil;
2462 
 
2463 
	nf = tokenize(d2, f, nelem(f));
2464 
	for(i=nf-1; i>=0; i--){
2465 
		for(j=0; j<nelem(DN_oid); j++){
2466 
			prefix = DN_oid[j].prefix;
2467 
			if(strncmp(f[i],prefix,strlen(prefix))==0){
2468 
				el = mkel(mkname(&DN_oid[j],f[i]+strlen(prefix)), el);
2469 
				break;
2470 
			}
2471 
		}
2472 
	}
2473 
	free(d2);
2474 
	return mkseq(el);
2475 
}
2476 
 
2477 
uchar*
2478 
RSApubtoasn1(RSApub *pub, int *keylen)
2479 
{
2480 
	Elem pubkey;
2481 
	Bytes *pkbytes;
2482 
	uchar *key;
2483 
 
2484 
	key = nil;
2485 
	pubkey = mkseq(mkel(mkbigint(pub->n),mkel(mkint(mptoi(pub->ek)),nil)));
2486 
	if(encode(pubkey, &pkbytes) != ASN_OK)
2487 
		goto errret;
2488 
	freevalfields(&pubkey.val);
2489 
	pubkey = mkseq(
2490 
		mkel(mkalg(ALG_rsaEncryption),
2491 
		mkel(mkbits(pkbytes->data, pkbytes->len),
2492 
		nil)));
2493 
	freebytes(pkbytes);
2494 
	if(encode(pubkey, &pkbytes) != ASN_OK)
2495 
		goto errret;
2496 
	if(keylen)
2497 
		*keylen = pkbytes->len;
2498 
	key = malloc(pkbytes->len);
2499 
	memmove(key, pkbytes->data, pkbytes->len);
2500 
	free(pkbytes);
2501 
errret:
2502 
	freevalfields(&pubkey.val);
2503 
	return key;
2504 
}
2505 
 
2506 
uchar*
2507 
X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen)
2508 
{
2509 
	int serial = 0;
2510 
	uchar *cert = nil;
2511 
	RSApub *pk = rsaprivtopub(priv);
2512 
	Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
2513 
	Elem e, certinfo, issuer, subject, pubkey, validity, sig;
2514 
	uchar digest[MD5dlen], *buf;
2515 
	int buflen;
2516 
	mpint *pkcs1;
2517 
 
2518 
	e.val.tag = VInt;  /* so freevalfields at errret is no-op */
2519 
	issuer = mkDN(subj);
2520 
	subject = mkDN(subj);
2521 
	pubkey = mkseq(mkel(mkbigint(pk->n),mkel(mkint(mptoi(pk->ek)),nil)));
2522 
	if(encode(pubkey, &pkbytes) != ASN_OK)
2523 
		goto errret;
2524 
	freevalfields(&pubkey.val);
2525 
	pubkey = mkseq(
2526 
		mkel(mkalg(ALG_rsaEncryption),
2527 
		mkel(mkbits(pkbytes->data, pkbytes->len),
2528 
		nil)));
2529 
	freebytes(pkbytes);
2530 
	validity = mkseq(
2531 
		mkel(mkutc(valid[0]),
2532 
		mkel(mkutc(valid[1]),
2533 
		nil)));
2534 
	certinfo = mkseq(
2535 
		mkel(mkint(serial),
2536 
		mkel(mkalg(ALG_md5WithRSAEncryption),
2537 
		mkel(issuer,
2538 
		mkel(validity,
2539 
		mkel(subject,
2540 
		mkel(pubkey,
2541 
		nil)))))));
2542 
	if(encode(certinfo, &certinfobytes) != ASN_OK)
2543 
		goto errret;
2544 
	md5(certinfobytes->data, certinfobytes->len, digest, 0);
2545 
	freebytes(certinfobytes);
2546 
	sig = mkseq(
2547 
		mkel(mkalg(ALG_md5),
2548 
		mkel(mkoctet(digest, MD5dlen),
2549 
		nil)));
2550 
	if(encode(sig, &sigbytes) != ASN_OK)
2551 
		goto errret;
2552 
	pkcs1 = pkcs1pad(sigbytes, pk->n);
2553 
	freebytes(sigbytes);
2554 
	rsadecrypt(priv, pkcs1, pkcs1);
2555 
	buflen = mptobe(pkcs1, nil, 0, &buf);
2556 
	mpfree(pkcs1);
2557 
	e = mkseq(
2558 
		mkel(certinfo,
2559 
		mkel(mkalg(ALG_md5WithRSAEncryption),
2560 
		mkel(mkbits(buf, buflen),
2561 
		nil))));
2562 
	free(buf);
2563 
	if(encode(e, &certbytes) != ASN_OK)
2564 
		goto errret;
2565 
	if(certlen)
2566 
		*certlen = certbytes->len;
2567 
	cert = certbytes->data;
2568 
errret:
2569 
	freevalfields(&e.val);
2570 
	return cert;
2571 
}
2572 
 
2573 
uchar*
2574 
X509req(RSApriv *priv, char *subj, int *certlen)
2575 
{
2576 
	/* RFC 2314, PKCS #10 Certification Request Syntax */
2577 
	int version = 0;
2578 
	uchar *cert = nil;
2579 
	RSApub *pk = rsaprivtopub(priv);
2580 
	Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
2581 
	Elem e, certinfo, subject, pubkey, sig;
2582 
	uchar digest[MD5dlen], *buf;
2583 
	int buflen;
2584 
	mpint *pkcs1;
2585 
 
2586 
	e.val.tag = VInt;  /* so freevalfields at errret is no-op */
2587 
	subject = mkDN(subj);
2588 
	pubkey = mkseq(mkel(mkbigint(pk->n),mkel(mkint(mptoi(pk->ek)),nil)));
2589 
	if(encode(pubkey, &pkbytes) != ASN_OK)
2590 
		goto errret;
2591 
	freevalfields(&pubkey.val);
2592 
	pubkey = mkseq(
2593 
		mkel(mkalg(ALG_rsaEncryption),
2594 
		mkel(mkbits(pkbytes->data, pkbytes->len),
2595 
		nil)));
2596 
	freebytes(pkbytes);
2597 
	certinfo = mkseq(
2598 
		mkel(mkint(version),
2599 
		mkel(subject,
2600 
		mkel(pubkey,
2601 
		nil))));
2602 
	if(encode(certinfo, &certinfobytes) != ASN_OK)
2603 
		goto errret;
2604 
	md5(certinfobytes->data, certinfobytes->len, digest, 0);
2605 
	freebytes(certinfobytes);
2606 
	sig = mkseq(
2607 
		mkel(mkalg(ALG_md5),
2608 
		mkel(mkoctet(digest, MD5dlen),
2609 
		nil)));
2610 
	if(encode(sig, &sigbytes) != ASN_OK)
2611 
		goto errret;
2612 
	pkcs1 = pkcs1pad(sigbytes, pk->n);
2613 
	freebytes(sigbytes);
2614 
	rsadecrypt(priv, pkcs1, pkcs1);
2615 
	buflen = mptobe(pkcs1, nil, 0, &buf);
2616 
	mpfree(pkcs1);
2617 
	e = mkseq(
2618 
		mkel(certinfo,
2619 
		mkel(mkalg(ALG_md5),
2620 
		mkel(mkbits(buf, buflen),
2621 
		nil))));
2622 
	free(buf);
2623 
	if(encode(e, &certbytes) != ASN_OK)
2624 
		goto errret;
2625 
	if(certlen)
2626 
		*certlen = certbytes->len;
2627 
	cert = certbytes->data;
2628 
errret:
2629 
	freevalfields(&e.val);
2630 
	return cert;
2631 
}
2632 
 
2633 
static char*
2634 
tagdump(Tag tag)
2635 
{
2636 
	if(tag.class != Universal)
2637 
		return smprint("class%d,num%d", tag.class, tag.num);
2638 
	switch(tag.num){
2639 
	case BOOLEAN: return "BOOLEAN";
2640 
	case INTEGER: return "INTEGER";
2641 
	case BIT_STRING: return "BIT STRING";
2642 
	case OCTET_STRING: return "OCTET STRING";
2643 
	case NULLTAG: return "NULLTAG";
2644 
	case OBJECT_ID: return "OID";
2645 
	case ObjectDescriptor: return "OBJECT_DES";
2646 
	case EXTERNAL: return "EXTERNAL";
2647 
	case REAL: return "REAL";
2648 
	case ENUMERATED: return "ENUMERATED";
2649 
	case EMBEDDED_PDV: return "EMBEDDED PDV";
2650 
	case SEQUENCE: return "SEQUENCE";
2651 
	case SETOF: return "SETOF";
2652 
	case UTF8String: return "UTF8String";
2653 
	case NumericString: return "NumericString";
2654 
	case PrintableString: return "PrintableString";
2655 
	case TeletexString: return "TeletexString";
2656 
	case VideotexString: return "VideotexString";
2657 
	case IA5String: return "IA5String";
2658 
	case UTCTime: return "UTCTime";
2659 
	case GeneralizedTime: return "GeneralizedTime";
2660 
	case GraphicString: return "GraphicString";
2661 
	case VisibleString: return "VisibleString";
2662 
	case GeneralString: return "GeneralString";
2663 
	case UniversalString: return "UniversalString";
2664 
	case BMPString: return "BMPString";
2665 
	default:
2666 
		return smprint("Universal,num%d", tag.num);
2667 
	}
2668 
}
2669 
 
2670 
static void
2671 
edump(Elem e)
2672 
{
2673 
	Value v;
2674 
	Elist *el;
2675 
	int i;
2676 
 
2677 
	print("%s{", tagdump(e.tag));
2678 
	v = e.val;
2679 
	switch(v.tag){
2680 
	case VBool: print("Bool %d",v.u.boolval); break;
2681 
	case VInt: print("Int %d",v.u.intval); break;
2682 
	case VOctets: print("Octets[%d] %.2x%.2x...",v.u.octetsval->len,v.u.octetsval->data[0],v.u.octetsval->data[1]); break;
2683 
	case VBigInt: print("BigInt[%d] %.2x%.2x...",v.u.bigintval->len,v.u.bigintval->data[0],v.u.bigintval->data[1]); break;
2684 
	case VReal: print("Real..."); break;
2685 
	case VOther: print("Other..."); break;
2686 
	case VBitString: print("BitString");
2687 
		for(i = 0; i<v.u.bitstringval->len; i++)
2688 
			print(" %02x", v.u.bitstringval->data[i]);
2689 
		break;
2690 
	case VNull: print("Null"); break;
2691 
	case VEOC: print("EOC..."); break;
2692 
	case VObjId: print("ObjId");
2693 
		for(i = 0; i<v.u.objidval->len; i++)
2694 
			print(" %d", v.u.objidval->data[i]);
2695 
		break;
2696 
	case VString: print("String \"%s\"",v.u.stringval); break;
2697 
	case VSeq: print("Seq\n");
2698 
		for(el = v.u.seqval; el!=nil; el = el->tl)
2699 
			edump(el->hd);
2700 
		break;
2701 
	case VSet: print("Set\n");
2702 
		for(el = v.u.setval; el!=nil; el = el->tl)
2703 
			edump(el->hd);
2704 
		break;
2705 
	}
2706 
	print("}\n");
2707 
}
2708 
 
2709 
void
2710 
asn1dump(uchar *der, int len)
2711 
{
2712 
	Elem e;
2713 
 
2714 
	if(decode(der, len, &e) != ASN_OK){
2715 
		print("didn't parse\n");
2716 
		exits("didn't parse");
2717 
	}
2718 
	edump(e);
2719 
}
2720 
 
2721 
void
2722 
X509dump(uchar *cert, int ncert)
2723 
{
2724 
	char *e;
2725 
	Bytes *b;
2726 
	CertX509 *c;
2727 
	RSApub *pk;
2728 
	uchar digest[SHA1dlen];
2729 
	Elem *sigalg;
2730 
 
2731 
	print("begin X509dump\n");
2732 
	b = makebytes(cert, ncert);
2733 
	c = decode_cert(b);
2734 
	if(c != nil)
2735 
		digest_certinfo(b, digestalg[c->signature_alg], digest);
2736 
	freebytes(b);
2737 
	if(c == nil){
2738 
		print("cannot decode cert");
2739 
		return;
2740 
	}
2741 
 
2742 
	print("serial %d\n", c->serial);
2743 
	print("issuer %s\n", c->issuer);
2744 
	print("validity %s %s\n", c->validity_start, c->validity_end);
2745 
	print("subject %s\n", c->subject);
2746 
	pk = decode_rsapubkey(c->publickey);
2747 
	print("pubkey e=%B n(%d)=%B\n", pk->ek, mpsignif(pk->n), pk->n);
2748 
 
2749 
	print("sigalg=%d digest=%.*H\n", c->signature_alg, MD5dlen, digest);
2750 
	e = verify_signature(c->signature, pk, digest, &sigalg);
2751 
	if(e==nil){
2752 
		e = "nil (meaning ok)";
2753 
		print("sigalg=\n");
2754 
		if(sigalg)
2755 
			edump(*sigalg);
2756 
	}
2757 
	print("self-signed verify_signature returns: %s\n", e);
2758 
 
2759 
	rsapubfree(pk);
2760 
	freecert(c);
2761 
	print("end X509dump\n");
2762 
}