Subversion Repositories planix.SVN

Rev

Rev 26 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 26 Rev 29
Line 2080... Line 2080...
2080 
errret:
 2080 
errret:
2081 
	freevalfields(&e.val);
 2081 
	freevalfields(&e.val);
2082 
	rsaprivfree(key);
 2082 
	rsaprivfree(key);
2083 
	return nil;
 2083 
	return nil;
2084 
}
 2084 
}
- 
 
 2085 
 
- 
 
 2086 
 
- 
 
 2087 
 
2085 
 
 2088 
 
2086 
/*
 2089 
/*
2087 
 * digest(CertificateInfo)
 2090 
 * digest(CertificateInfo)
2088 
 * Our ASN.1 library doesn't return pointers into the original
 2091 
 * Our ASN.1 library doesn't return pointers into the original
2089 
 * data array, so we need to do a little hand decoding.
 2092 
 * data array, so we need to do a little hand decoding.
Line 2110... Line 2113...
2110 
	freevalfields(&elem.val);
 2113 
	freevalfields(&elem.val);
2111 
	if(elem.tag.num != SEQUENCE)
 2114 
	if(elem.tag.num != SEQUENCE)
2112 
		return -1;
 2115 
		return -1;
2113 
	(*da->fun)(info, p - info, digest, nil);
 2116 
	(*da->fun)(info, p - info, digest, nil);
2114 
	return da->len;
 2117 
	return da->len;
2115 
}
 2118 
}
2116 
 
 2119 
 
2117 
mpint*
 2120 
mpint*
2118 
pkcs1padbuf(uchar *buf, int len, mpint *modulus, int blocktype)
 2121 
pkcs1padbuf(uchar *buf, int len, mpint *modulus, int blocktype)
2119 
{
 2122 
{
2120 
	int i, n = (mpsignif(modulus)-1)/8;
 2123 
	int i, n = (mpsignif(modulus)-1)/8;
Line 2155... Line 2158...
2155 
		return -1;
 2158 
		return -1;
2156 
	switch(blocktype){
 2159 
	switch(blocktype){
2157 
	default:
 2160 
	default:
2158 
	case 1:
 2161 
	case 1:
2159 
		while(p < e && *p == 0xFF)
 2162 
		while(p < e && *p == 0xFF)
2160 
			p++;
 2163 
			p++;
2161 
		break;
 2164 
		break;
2162 
	case 2:
 2165 
	case 2:
2163 
		while(p < e && *p != 0x00)
 2166 
		while(p < e && *p != 0x00)
2164 
			p++;
 2167 
			p++;
2165 
		break;
 2168 
		break;
Line 2197... Line 2200...
2197 
			continue;
 2200 
			continue;
2198 
		digest = encode_digest(*dp, edigest);
 2201 
		digest = encode_digest(*dp, edigest);
2199 
		if(digest->len == len && tsmemcmp(digest->data, buf, len) == 0)
 2202 
		if(digest->len == len && tsmemcmp(digest->data, buf, len) == 0)
2200 
			err = nil;
 2203 
			err = nil;
2201 
		freebytes(digest);
 2204 
		freebytes(digest);
2202 
	}
 2205 
	}
2203 
	free(buf);
 2206 
	free(buf);
2204 
	return err;
 2207 
	return err;
2205 
}
 2208 
}
2206 
 
 2209 
 
2207 
char*
 2210 
char*
2208 
X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub)
 2211 
X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub)
2209 
{
 2212 
{
Line 2435... Line 2438...
2435 
mkutc(long t)
 2438 
mkutc(long t)
2436 
{
 2439 
{
2437 
	Elem e;
 2440 
	Elem e;
2438 
	char utc[50];
 2441 
	char utc[50];
2439 
	Tm *tm = gmtime(t);
 2442 
	Tm *tm = gmtime(t);
2440 
 
 2443 
 
2441 
	e.tag.class = Universal;
 2444 
	e.tag.class = Universal;
2442 
	e.tag.num = UTCTime;
 2445 
	e.tag.num = UTCTime;
2443 
	e.val.tag = VString;
 2446 
	e.val.tag = VString;
2444 
	snprint(utc, sizeof(utc), "%.2d%.2d%.2d%.2d%.2d%.2dZ",
 2447 
	snprint(utc, sizeof(utc), "%.2d%.2d%.2d%.2d%.2d%.2dZ",
2445 
		tm->year % 100, tm->mon+1, tm->mday, tm->hour, tm->min, tm->sec);
 2448 
		tm->year % 100, tm->mon+1, tm->mday, tm->hour, tm->min, tm->sec);
2446 
	e.val.u.stringval = estrdup(utc);
 2449 
	e.val.u.stringval = estrdup(utc);
Line 2466... Line 2469...
2466 
 
 2469 
 
2467 
	e.tag.class = Universal;
 2470 
	e.tag.class = Universal;
2468 
	e.tag.num = SEQUENCE;
 2471 
	e.tag.num = SEQUENCE;
2469 
	e.val.tag = VSeq;
 2472 
	e.val.tag = VSeq;
2470 
	e.val.u.seqval = el;
 2473 
	e.val.u.seqval = el;
2471 
	return e;
 2474 
	return e;
2472 
}
 2475 
}
2473 
 
 2476 
 
2474 
static Elem
 2477 
static Elem
2475 
mkset(Elist *el)
 2478 
mkset(Elist *el)
2476 
{
 2479 
{
2477 
	Elem e;
 2480 
	Elem e;
2478 
 
 2481 
 
2479 
	e.tag.class = Universal;
 2482 
	e.tag.class = Universal;
2480 
	e.tag.num = SETOF;
 2483 
	e.tag.num = SETOF;
2481 
	e.val.tag = VSet;
 2484 
	e.val.tag = VSet;
2482 
	e.val.u.setval = el;
 2485 
	e.val.u.setval = el;
2483 
	return e;
 2486 
	return e;
2484 
}
 2487 
}
2485 
 
 2488 
 
2486 
static Elem
 2489 
static Elem
2487 
mkalg(int alg)
 2490 
mkalg(int alg)
2488 
{
 2491 
{
2489 
	return mkseq(mkel(mkoid(alg_oid_tab[alg]), mkel(Null(), nil)));
 2492 
	return mkseq(mkel(mkoid(alg_oid_tab[alg]), mkel(Null(), nil)));
2490 
}
 2493 
}
2491 
 
 2494 
 
Line 2553... Line 2556...
2553 
 
 2556 
 
2554 
int
 2557 
int
2555 
asn1encodedigest(DigestState* (*fun)(uchar*, ulong, uchar*, DigestState*), uchar *digest, uchar *buf, int len)
 2558 
asn1encodedigest(DigestState* (*fun)(uchar*, ulong, uchar*, DigestState*), uchar *digest, uchar *buf, int len)
2556 
{
 2559 
{
2557 
	Bytes *bytes;
 2560 
	Bytes *bytes;
2558 
	DigestAlg **dp;
 2561 
	DigestAlg **dp;
2559 
 
 2562 
 
2560 
	for(dp = digestalg; *dp != nil; dp++){
 2563 
	for(dp = digestalg; *dp != nil; dp++){
2561 
		if((*dp)->fun != fun)
 2564 
		if((*dp)->fun != fun)
2562 
			continue;
 2565 
			continue;
2563 
		bytes = encode_digest(*dp, digest);
 2566 
		bytes = encode_digest(*dp, digest);
2564 
		if(bytes == nil)
 2567 
		if(bytes == nil)
Line 2579... Line 2582...
2579 
mkcont(Elem e, int num)
 2582 
mkcont(Elem e, int num)
2580 
{
 2583 
{
2581 
	e = mkseq(mkel(e, nil));
 2584 
	e = mkseq(mkel(e, nil));
2582 
	e.tag.class = Context;
 2585 
	e.tag.class = Context;
2583 
	e.tag.num = num;
 2586 
	e.tag.num = num;
2584 
	return e;
 2587 
	return e;
2585 
}
 2588 
}
2586 
 
 2589 
 
2587 
static Elem
 2590 
static Elem
2588 
mkaltname(char *s)
 2591 
mkaltname(char *s)
2589 
{
 2592 
{
2590 
	Elem e;
 2593 
	Elem e;
2591 
	int i;
 2594 
	int i;
Line 2596... Line 2599...
2596 
	}
 2599 
	}
2597 
	e = mkstring(s, IA5String);
 2600 
	e = mkstring(s, IA5String);
2598 
	e.tag.class = Context;
 2601 
	e.tag.class = Context;
2599 
	e.tag.num = strchr(s, '@') != nil ? 1 : 2; /* email : DNS */
 2602 
	e.tag.num = strchr(s, '@') != nil ? 1 : 2; /* email : DNS */
2600 
	return e;
 2603 
	return e;
2601 
}
 2604 
}
2602 
 
 2605 
 
2603 
static Elist*
 2606 
static Elist*
2604 
mkaltnames(char *alts)
 2607 
mkaltnames(char *alts)
2605 
{
 2608 
{
2606 
	Elist *el;
 2609 
	Elist *el;
Line 2654... Line 2657...
2654 
	if(xl != nil){
 2657 
	if(xl != nil){
2655 
		if(req) return mkel(mkcont(mkseq(
 2658 
		if(req) return mkel(mkcont(mkseq(
2656 
			mkel(mkoid((Ints*)&oid_extensionRequest),
 2659 
			mkel(mkoid((Ints*)&oid_extensionRequest),
2657 
			mkel(mkset(mkel(mkseq(xl), nil)), nil))), 0), nil);
 2660 
			mkel(mkset(mkel(mkseq(xl), nil)), nil))), 0), nil);
2658 
		return mkel(mkcont(mkseq(xl), 3), nil);
 2661 
		return mkel(mkcont(mkseq(xl), 3), nil);
2659 
	}
 2662 
	}
2660 
	return nil;
 2663 
	return nil;
2661 
}
 2664 
}
2662 
 
 2665 
 
2663 
static char*
 2666 
static char*
2664 
splitalts(char *s)
 2667 
splitalts(char *s)
2665 
{
 2668 
{
2666 
	int q;
 2669 
	int q;
Line 2669... Line 2672...
2669 
		if(*s == '\'')
 2672 
		if(*s == '\'')
2670 
			q ^= 1;
 2673 
			q ^= 1;
2671 
		else if(q == 0 && *s == ','){
 2674 
		else if(q == 0 && *s == ','){
2672 
			*s++ = 0;
 2675 
			*s++ = 0;
2673 
			return s;
 2676 
			return s;
2674 
		}
 2677 
		}
2675 
	}
 2678 
	}
2676 
	return nil;
 2679 
	return nil;
2677 
}
 2680 
}
2678 
 
 2681 
 
2679 
static Bytes*
 2682 
static Bytes*
2680 
encode_rsapubkey(RSApub *pk)
 2683 
encode_rsapubkey(RSApub *pk)
2681 
{
 2684 
{
2682 
	Bytes *b = nil;
 2685 
	Bytes *b = nil;
2683 
	Elem e = mkseq(
 2686 
	Elem e = mkseq(
Line 2701... Line 2704...
2701 
		return -1;
 2704 
		return -1;
2702 
	}
 2705 
	}
2703 
	memmove(buf, b->data, len = b->len);
 2706 
	memmove(buf, b->data, len = b->len);
2704 
	freebytes(b);
 2707 
	freebytes(b);
2705 
	return len;
 2708 
	return len;
2706 
}
 2709 
}
2707 
 
 2710 
 
2708 
uchar*
 2711 
uchar*
2709 
X509rsagen(RSApriv *priv, char *subj, ulong valid[2], int *certlen)
 2712 
X509rsagen(RSApriv *priv, char *subj, ulong valid[2], int *certlen)
2710 
{
 2713 
{
2711 
	int serial = 0, sigalg = ALG_sha256WithRSAEncryption;
 2714 
	int serial = 0, sigalg = ALG_sha256WithRSAEncryption;
2712 
	uchar *cert = nil;
 2715 
	uchar *cert = nil;
2713 
	Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
 2716 
	Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
2714 
	Elem e, certinfo;
 2717 
	Elem e, certinfo;
2715 
	DigestAlg *da;
 2718 
	DigestAlg *da;
2716 
	uchar digest[MAXdlen], *buf;
 2719 
	uchar digest[MAXdlen], *buf;
2717 
	int buflen;
 2720 
	int buflen;
2718 
	mpint *pkcs1;
 2721 
	mpint *pkcs1;
2719 
	char *alts;
 2722 
	char *alts;
2720 
 
 2723 
 
2721 
	if((pkbytes = encode_rsapubkey(&priv->pub)) == nil)
 2724 
	if((pkbytes = encode_rsapubkey(&priv->pub)) == nil)
2722 
		return nil;
 2725 
		return nil;
2723 
 
 2726 
 
2724 
	subj = estrdup(subj);
 2727 
	subj = estrdup(subj);
2725 
	alts = splitalts(subj);
 2728 
	alts = splitalts(subj);
2726 
 
 2729 
 
2727 
	e = mkseq(
 2730 
	e = mkseq(
2728 
		mkel(mkcont(mkint(2), 0),
 2731 
		mkel(mkcont(mkint(2), 0),
Line 2791... Line 2794...
2791 
	mpint *pkcs1;
 2794 
	mpint *pkcs1;
2792 
	char *alts;
 2795 
	char *alts;
2793 
 
 2796 
 
2794 
	if((pkbytes = encode_rsapubkey(&priv->pub)) == nil)
 2797 
	if((pkbytes = encode_rsapubkey(&priv->pub)) == nil)
2795 
		return nil;
 2798 
		return nil;
2796 
 
 2799 
 
2797 
	subj = estrdup(subj);
 2800 
	subj = estrdup(subj);
2798 
	alts = splitalts(subj);
 2801 
	alts = splitalts(subj);
2799 
 
 2802 
 
2800 
	e = mkseq(
 2803 
	e = mkseq(
2801 
		mkel(mkint(version),
 2804 
		mkel(mkint(version),
Line 2910... Line 2913...
2910 
	}
 2913 
	}
2911 
}
 2914 
}
2912 
 
 2915 
 
2913 
static void
 2916 
static void
2914 
edump(Elem e)
 2917 
edump(Elem e)
2915 
{
 2918 
{
2916 
	Value v;
 2919 
	Value v;
2917 
	Elist *el;
 2920 
	Elist *el;
2918 
	int i;
 2921 
	int i;
2919 
 
 2922 
 
2920 
	print("%s{", tagdump(e.tag));
 2923 
	print("%s{", tagdump(e.tag));
Line 2939... Line 2942...
2939 
			edump(el->hd);
 2942 
			edump(el->hd);
2940 
		break;
 2943 
		break;
2941 
	case VSet: print("Set\n");
 2944 
	case VSet: print("Set\n");
2942 
		for(el = v.u.setval; el!=nil; el = el->tl)
 2945 
		for(el = v.u.setval; el!=nil; el = el->tl)
2943 
			edump(el->hd);
 2946 
			edump(el->hd);
2944 
		break;
 2947 
		break;
2945 
	}
 2948 
	}
2946 
	print("}\n");
 2949 
	print("}\n");
2947 
}
 2950 
}
2948 
 
 2951 
 
2949 
void
 2952 
void
2950 
asn1dump(uchar *der, int len)
 2953 
asn1dump(uchar *der, int len)
Line 2954... Line 2957...
2954 
	if(decode(der, len, &e) != ASN_OK){
 2957 
	if(decode(der, len, &e) != ASN_OK){
2955 
		print("didn't parse\n");
 2958 
		print("didn't parse\n");
2956 
		exits("didn't parse");
 2959 
		exits("didn't parse");
2957 
	}
 2960 
	}
2958 
	edump(e);
 2961 
	edump(e);
2959 
}
 2962 
}
2960 
 
 2963 
 
2961 
void
 2964 
void
2962 
X509dump(uchar *cert, int ncert)
 2965 
X509dump(uchar *cert, int ncert)
2963 
{
 2966 
{
2964 
	char *e;
 2967 
	char *e;
2965 
	CertX509 *c;
 2968 
	CertX509 *c;
Line 3029... Line 3032...
3029 
	print("cert_thumbprint sha1=%.*H\n", SHA1dlen, digest);
 3032 
	print("cert_thumbprint sha1=%.*H\n", SHA1dlen, digest);
3030 
 
 3033 
 
3031 
	freecert(c);
 3034 
	freecert(c);
3032 
	print("end X509dump\n");
 3035 
	print("end X509dump\n");
3033 
}
 3036 
}
- 
 
 3037 
 
- 
 
 3038 
 
- 
 
 3039 
 
- 
 
 3040 
 
- 
 
 3041 
static mpint*
- 
 
 3042 
pkcs1pad(Bytes *b, mpint *modulus)
- 
 
 3043 
{
- 
 
 3044 
	int n = (mpsignif(modulus)+7)/8;
- 
 
 3045 
	int pm1, i;
- 
 
 3046 
	uchar *p;
- 
 
 3047 
	mpint *mp;
- 
 
 3048 
 
- 
 
 3049 
	pm1 = n - 1 - b->len;
- 
 
 3050 
	p = (uchar*)emalloc(n);
- 
 
 3051 
	p[0] = 0;
- 
 
 3052 
	p[1] = 1;
- 
 
 3053 
	for(i = 2; i < pm1; i++)
- 
 
 3054 
		p[i] = 0xFF;
- 
 
 3055 
	p[pm1] = 0;
- 
 
 3056 
	memcpy(&p[pm1+1], b->data, b->len);
- 
 
 3057 
	mp = betomp(p, n, nil);
- 
 
 3058 
	free(p);
- 
 
 3059 
	return mp;
- 
 
 3060 
}
- 
 
 3061 
 
- 
 
 3062 
uchar*
- 
 
 3063 
X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen)
- 
 
 3064 
{
- 
 
 3065 
	int serial = 0;
- 
 
 3066 
	uchar *cert = nil;
- 
 
 3067 
	RSApub *pk = rsaprivtopub(priv);
- 
 
 3068 
	Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
- 
 
 3069 
	Elem e, certinfo, issuer, subject, pubkey, validity, sig;
- 
 
 3070 
	uchar digest[MD5dlen], *buf;
- 
 
 3071 
	int buflen;
- 
 
 3072 
	mpint *pkcs1;
- 
 
 3073 
 
- 
 
 3074 
	e.val.tag = VInt;  /* so freevalfields at errret is no-op */
- 
 
 3075 
	issuer = mkDN(subj);
- 
 
 3076 
	subject = mkDN(subj);
- 
 
 3077 
	pubkey = mkseq(mkel(mkbigint(pk->n),mkel(mkint(mptoi(pk->ek)),nil)));
- 
 
 3078 
	if(encode(pubkey, &pkbytes) != ASN_OK)
- 
 
 3079 
		goto errret;
- 
 
 3080 
	freevalfields(&pubkey.val);
- 
 
 3081 
	pubkey = mkseq(
- 
 
 3082 
		mkel(mkalg(ALG_rsaEncryption),
- 
 
 3083 
		mkel(mkbits(pkbytes->data, pkbytes->len),
- 
 
 3084 
		nil)));
- 
 
 3085 
	freebytes(pkbytes);
- 
 
 3086 
	validity = mkseq(
- 
 
 3087 
		mkel(mkutc(valid[0]),
- 
 
 3088 
		mkel(mkutc(valid[1]),
- 
 
 3089 
		nil)));
- 
 
 3090 
	certinfo = mkseq(
- 
 
 3091 
		mkel(mkint(serial),
- 
 
 3092 
		mkel(mkalg(ALG_md5WithRSAEncryption),
- 
 
 3093 
		mkel(issuer,
- 
 
 3094 
		mkel(validity,
- 
 
 3095 
		mkel(subject,
- 
 
 3096 
		mkel(pubkey,
- 
 
 3097 
		nil)))))));
- 
 
 3098 
	if(encode(certinfo, &certinfobytes) != ASN_OK)
- 
 
 3099 
		goto errret;
- 
 
 3100 
	md5(certinfobytes->data, certinfobytes->len, digest, 0);
- 
 
 3101 
	freebytes(certinfobytes);
- 
 
 3102 
	sig = mkseq(
- 
 
 3103 
		mkel(mkalg(ALG_md5),
- 
 
 3104 
		mkel(mkoctet(digest, MD5dlen),
- 
 
 3105 
		nil)));
- 
 
 3106 
	if(encode(sig, &sigbytes) != ASN_OK)
- 
 
 3107 
		goto errret;
- 
 
 3108 
	pkcs1 = pkcs1pad(sigbytes, pk->n);
- 
 
 3109 
	freebytes(sigbytes);
- 
 
 3110 
	rsadecrypt(priv, pkcs1, pkcs1);
- 
 
 3111 
	buflen = mptobe(pkcs1, nil, 0, &buf);
- 
 
 3112 
	mpfree(pkcs1);
- 
 
 3113 
	e = mkseq(
- 
 
 3114 
		mkel(certinfo,
- 
 
 3115 
		mkel(mkalg(ALG_md5WithRSAEncryption),
- 
 
 3116 
		mkel(mkbits(buf, buflen),
- 
 
 3117 
		nil))));
- 
 
 3118 
	free(buf);
- 
 
 3119 
	if(encode(e, &certbytes) != ASN_OK)
- 
 
 3120 
		goto errret;
- 
 
 3121 
	if(certlen)
- 
 
 3122 
		*certlen = certbytes->len;
- 
 
 3123 
	cert = certbytes->data;
- 
 
 3124 
errret:
- 
 
 3125 
	freevalfields(&e.val);
- 
 
 3126 
	return cert;
- 
 
 3127 
}
- 
 
 3128 
 
- 
 
 3129 
 
- 
 
 3130 
 
- 
 
 3131 
uchar*
- 
 
 3132 
X509req(RSApriv *priv, char *subj, int *certlen)
- 
 
 3133 
{
- 
 
 3134 
	/* RFC 2314, PKCS #10 Certification Request Syntax */
- 
 
 3135 
	int version = 0;
- 
 
 3136 
	uchar *cert = nil;
- 
 
 3137 
	RSApub *pk = rsaprivtopub(priv);
- 
 
 3138 
	Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
- 
 
 3139 
	Elem e, certinfo, subject, pubkey, sig;
- 
 
 3140 
	uchar digest[MD5dlen], *buf;
- 
 
 3141 
	int buflen;
- 
 
 3142 
	mpint *pkcs1;
- 
 
 3143 
 
- 
 
 3144 
	e.val.tag = VInt;  /* so freevalfields at errret is no-op */
- 
 
 3145 
	subject = mkDN(subj);
- 
 
 3146 
	pubkey = mkseq(mkel(mkbigint(pk->n),mkel(mkint(mptoi(pk->ek)),nil)));
- 
 
 3147 
	if(encode(pubkey, &pkbytes) != ASN_OK)
- 
 
 3148 
		goto errret;
- 
 
 3149 
	freevalfields(&pubkey.val);
- 
 
 3150 
	pubkey = mkseq(
- 
 
 3151 
		mkel(mkalg(ALG_rsaEncryption),
- 
 
 3152 
		mkel(mkbits(pkbytes->data, pkbytes->len),
- 
 
 3153 
		nil)));
- 
 
 3154 
	freebytes(pkbytes);
- 
 
 3155 
	certinfo = mkseq(
- 
 
 3156 
		mkel(mkint(version),
- 
 
 3157 
		mkel(subject,
- 
 
 3158 
		mkel(pubkey,
- 
 
 3159 
		nil))));
- 
 
 3160 
	if(encode(certinfo, &certinfobytes) != ASN_OK)
- 
 
 3161 
		goto errret;
- 
 
 3162 
	md5(certinfobytes->data, certinfobytes->len, digest, 0);
- 
 
 3163 
	freebytes(certinfobytes);
- 
 
 3164 
	sig = mkseq(
- 
 
 3165 
		mkel(mkalg(ALG_md5),
- 
 
 3166 
		mkel(mkoctet(digest, MD5dlen),
- 
 
 3167 
		nil)));
- 
 
 3168 
	if(encode(sig, &sigbytes) != ASN_OK)
- 
 
 3169 
		goto errret;
- 
 
 3170 
	pkcs1 = pkcs1pad(sigbytes, pk->n);
- 
 
 3171 
	freebytes(sigbytes);
- 
 
 3172 
	rsadecrypt(priv, pkcs1, pkcs1);
- 
 
 3173 
	buflen = mptobe(pkcs1, nil, 0, &buf);
- 
 
 3174 
	mpfree(pkcs1);
- 
 
 3175 
	e = mkseq(
- 
 
 3176 
		mkel(certinfo,
- 
 
 3177 
		mkel(mkalg(ALG_md5),
- 
 
 3178 
		mkel(mkbits(buf, buflen),
- 
 
 3179 
		nil))));
- 
 
 3180 
	free(buf);
- 
 
 3181 
	if(encode(e, &certbytes) != ASN_OK)
- 
 
 3182 
		goto errret;
- 
 
 3183 
	if(certlen)
- 
 
 3184 
		*certlen = certbytes->len;
- 
 
 3185 
	cert = certbytes->data;
- 
 
 3186 
errret:
- 
 
 3187 
	freevalfields(&e.val);
- 
 
 3188 
	return cert;
- 
 
 3189 
}
- 
 
 3190 
 
- 
 
 3191 
 
- 
 
 3192 
/*
- 
 
 3193 
 * 	DSAPrivateKey ::= SEQUENCE{
- 
 
 3194 
 *		version Version,
- 
 
 3195 
 *		p INTEGER,
- 
 
 3196 
 *		q INTEGER,
- 
 
 3197 
 *		g INTEGER, -- alpha
- 
 
 3198 
 *		pub_key INTEGER, -- key
- 
 
 3199 
 *		priv_key INTEGER, -- secret
- 
 
 3200 
 *	}
- 
 
 3201 
 */
- 
 
 3202 
static DSApriv*
- 
 
 3203 
decode_dsaprivkey(Bytes* a)
- 
 
 3204 
{
- 
 
 3205 
	int version;
- 
 
 3206 
	Elem e;
- 
 
 3207 
	Elist *el;
- 
 
 3208 
	mpint *mp;
- 
 
 3209 
	DSApriv* key;
- 
 
 3210 
 
- 
 
 3211 
	key = dsaprivalloc();
- 
 
 3212 
	if(decode(a->data, a->len, &e) != ASN_OK)
- 
 
 3213 
		goto errret;
- 
 
 3214 
	if(!is_seq(&e, &el) || elistlen(el) != 6)
- 
 
 3215 
		goto errret;
- 
 
 3216 
version = -1;
- 
 
 3217 
	if(!is_int(&el->hd, &version) || version != 0)
- 
 
 3218 
{
- 
 
 3219 
fprint(2, "version %d\n", version);
- 
 
 3220 
		goto errret;
- 
 
 3221 
}
- 
 
 3222 
 
- 
 
 3223 
	el = el->tl;
- 
 
 3224 
	key->pub.p = mp = asn1mpint(&el->hd);
- 
 
 3225 
	if(mp == nil)
- 
 
 3226 
		goto errret;
- 
 
 3227 
 
- 
 
 3228 
	el = el->tl;
- 
 
 3229 
	key->pub.q = mp = asn1mpint(&el->hd);
- 
 
 3230 
	if(mp == nil)
- 
 
 3231 
		goto errret;
- 
 
 3232 
 
- 
 
 3233 
	el = el->tl;
- 
 
 3234 
	key->pub.alpha = mp = asn1mpint(&el->hd);
- 
 
 3235 
	if(mp == nil)
- 
 
 3236 
		goto errret;
- 
 
 3237 
 
- 
 
 3238 
	el = el->tl;
- 
 
 3239 
	key->pub.key = mp = asn1mpint(&el->hd);
- 
 
 3240 
	if(mp == nil)
- 
 
 3241 
		goto errret;
- 
 
 3242 
 
- 
 
 3243 
	el = el->tl;
- 
 
 3244 
	key->secret = mp = asn1mpint(&el->hd);
- 
 
 3245 
	if(mp == nil)
- 
 
 3246 
		goto errret;
- 
 
 3247 
 
- 
 
 3248 
	return key;
- 
 
 3249 
errret:
- 
 
 3250 
	dsaprivfree(key);
- 
 
 3251 
	return nil;
- 
 
 3252 
}
- 
 
 3253 
 
- 
 
 3254 
 
- 
 
 3255 
 
- 
 
 3256 
DSApriv*
- 
 
 3257 
asn1toDSApriv(uchar *kd, int kn)
- 
 
 3258 
{
- 
 
 3259 
	Bytes *b;
- 
 
 3260 
	DSApriv *key;
- 
 
 3261 
 
- 
 
 3262 
	b = makebytes(kd, kn);
- 
 
 3263 
	key = decode_dsaprivkey(b);
- 
 
 3264 
	freebytes(b);
- 
 
 3265 
	return key;
- 
 
 3266 
}
- 
 
 3267 
 
- 
 
 3268 
 
- 
 
 3269