WebSVN – planix.SVN – Diff – /os/branches/feature_tlsv12/sys/src/libsec/port/x509.c

 #include <libsec.h>
-typedef DigestState*(*DigestFun)(uchar*,ulong,uchar*,DigestState*);
-/* ANSI offsetof, backwards. */
-#define	OFFSETOF(a, b)	offsetof(b, a)
 /*=============================================================*/
 /*  general ASN1 declarations and parsing
+ *
  *  For now, this is used only for extracting the key from an
 #define UniversalString 28
 #define BMPString 30
 struct Bytes {
 	int	len;
-	uchar	data[1];
+	uchar	data[];
 };
 struct Ints {
 	int	len;
-	int	data[1];
+	int	data[];
 };
 struct Bits {
 	int	len;		/* number of bytes */
 	int	unusedbits;	/* unused bits in last byte */
-	uchar	data[1];	/* most-significant bit first */
+	uchar	data[];		/* most-significant bit first */
 };
 struct Tag {
 	int	class;
 	int	num;
 static int	is_octetstring(Elem* pe, Bytes** poctets);
 static int	is_oid(Elem* pe, Ints** poid);
 static int	is_string(Elem* pe, char** pstring);
 static int	is_time(Elem* pe, char** ptime);
 static int	decode(uchar* a, int alen, Elem* pelem);
-static int	decode_seq(uchar* a, int alen, Elist** pelist);
-static int	decode_value(uchar* a, int alen, int kind, int isconstr, Value* pval);
 static int	encode(Elem e, Bytes** pbytes);
 static int	oid_lookup(Ints* o, Ints** tab);
 static void	freevalfields(Value* v);
 static mpint	*asn1mpint(Elem *e);
+static void	edump(Elem);
 #define TAG_MASK 0x1F
 #define CONSTR_MASK 0x20
 #define CLASS_MASK 0xC0
 #define MAXOBJIDLEN 20
+{
 	void *p;
 	if(n==0)
 		n=1;
 	p = malloc(n);
-	if(p == nil){
+	if(p == nil)
-		exits("out of memory");
+		sysfatal("out of memory");
-	}
 	memset(p, 0, n);
 	setmalloctag(p, getcallerpc(&n));
 	return p;
+}
 static char*
 estrdup(char *s)
+{
-	char *d, *d0;
+	char *d;
+	int n;
-	if(!s)
-		return 0;
+	n = strlen(s)+1;
-	d = d0 = emalloc(strlen(s)+1);
+	d = emalloc(n);
-	while(*d++ = *s++)
+	memmove(d, s, n);
-		;
-	return d0;
+	return d;
+}
 /*
  * Decode a[0..len] as a BER encoding of an ASN1 type.
  */
 static int
 decode(uchar* a, int alen, Elem* pelem)
+{
 	uchar* p = a;
+	int err;
-	return  ber_decode(&p, &a[alen], pelem);
+	err = ber_decode(&p, &a[alen], pelem);
-}
-/*
- * Like decode, but continue decoding after first element
- * of array ends.
- */
-static int
-decode_seq(uchar* a, int alen, Elist** pelist)
+	if(err == ASN_OK && p != &a[alen])
-{
-	uchar* p = a;
+		err = ASN_EVALLEN;
-	return seq_decode(&p, &a[alen], -1, 1, pelist);
-}
-/*
- * Decode the whole array as a BER encoding of an ASN1 value,
- * (i.e., the part after the tag and length).
- * Assume the value is encoded as universal tag "kind".
- * The constr arg is 1 if the value is constructed, 0 if primitive.
- * If there's an error, the return string will contain the error.
- * Depending on the error, the returned value may or may not
- * be nil.
- */
-static int
-decode_value(uchar* a, int alen, int kind, int isconstr, Value* pval)
-{
-	uchar* p = a;
+	return err;
-	return value_decode(&p, &a[alen], alen, kind, isconstr, pval);
+}
 /*
  * All of the following decoding routines take arguments:
  *	uchar **pp;
 	int isconstr;
 	int length;
 	Tag tag;
 	Value val;
+	memset(pelem, 0, sizeof(*pelem));
 	err = tag_decode(pp, pend, &tag, &isconstr);
 	if(err == ASN_OK) {
 		err = length_decode(pp, pend, &length);
 		if(err == ASN_OK) {
-			if(tag.class == Universal) {
+			if(tag.class == Universal)
 				err = value_decode(pp, pend, length, tag.num, isconstr, &val);
-				if(val.tag == VSeq || val.tag == VSet)
-					setmalloctag(val.u.seqval, getcallerpc(&pp));
-			}else
+			else
 				err = value_decode(pp, pend, length, OCTET_STRING, 0, &val);
 			if(err == ASN_OK) {
 				pelem->tag = tag;
 				pelem->val = val;
+			}
+	}
 	else
 		err = ASN_ESHORT;
 	*pp = p;
 	*plength = num;
 	return err;
 }
 /* Decode a value field  */
 static int
 value_decode(uchar** pp, uchar* pend, int length, int kind, int isconstr, Value* pval)
+{
 	int err;
 	int subids[MAXOBJIDLEN];
 	int isubid;
 	Elist*	vl;
 	uchar* p;
 	uchar* pe;
 	err = ASN_OK;
 	p = *pp;
 	if(length == -1) {	/* "indefinite" length spec */
 		if(!isconstr)
 			err = ASN_EINVAL;
+	}
 	else if(p + length > pend)
 		err = ASN_EVALLEN;
 	if(err != ASN_OK)
 		return err;
 		else
 			err = ASN_EINVAL;
 		break;
 	case BOOLEAN:
 		if(isconstr)
 			err = ASN_ECONSTR;
 		else if(length != 1)
 			err = ASN_EVALLEN;
 		else {
 			pval->tag = VBool;
 			pval->u.boolval = (*p++ != 0);
 		}
 		break;
 	case INTEGER:
 	case ENUMERATED:
 		if(isconstr)
 			err = ASN_ECONSTR;
 		if(isconstr) {
 			if(length == -1 && p + 2 <= pend && *p == 0 && *(p+1) ==0) {
 				pval->u.bitstringval = makebits(0, 0, 0);
 				p += 2;
+			}
-			else
-				/* TODO: recurse and concat results */
+			else	/* TODO: recurse and concat results */
 				err = ASN_EUNIMPL;
 		}
 		else {
 			if(length < 2) {
 				if(length == 1 && *p == 0) {
 					pval->u.bitstringval = makebits(0, 0, 0);
 					p++;
+				}
+		}
 		break;
 	case SEQUENCE:
 		err = seq_decode(&p, pend, length, isconstr, &vl);
-		setmalloctag(vl, getcallerpc(&pp));
 		if(err == ASN_OK) {
 			pval->tag = VSeq ;
 			pval->u.seqval = vl;
+		}
 		break;
 	case SETOF:
 		err = seq_decode(&p, pend, length, isconstr, &vl);
-		setmalloctag(vl, getcallerpc(&pp));
 		if(err == ASN_OK) {
 			pval->tag = VSet;
 			pval->u.setval = vl;
 		}
 		break;
 	case UTF8String:
 	case NumericString:
 	case PrintableString:
 	case TeletexString:
 	case VideotexString:
 	case GraphicString:
 	case VisibleString:
 	case GeneralString:
 	case UniversalString:
 	case BMPString:
-		/* TODO: figure out when character set conversion is necessary */
 		err = octet_decode(&p, pend, length, isconstr, &va);
 		if(err == ASN_OK) {
+			uchar *s;
+			char *d;
+			Rune r;
+			int n;
+			switch(kind){
-			pval->tag = VString;
+			case UniversalString:
+				n = va->len / 4;
+				d = emalloc(n*UTFmax+1);
-			pval->u.stringval = (char*)emalloc(va->len+1);
+				pval->u.stringval = d;
+				s = va->data;
+				while(n > 0){
+					r = s[0]<<24 | s[1]<<16 | s[2]<<8 | s[3];
+					if(r == 0)
+						break;
+					n--;
+					s += 4;
+					d += runetochar(d, &r);
+				}
+				*d = 0;
+				break;
+			case BMPString:
+				n = va->len / 2;
+				d = emalloc(n*UTFmax+1);
-			memmove(pval->u.stringval, va->data, va->len);
+				pval->u.stringval = d;
+				s = va->data;
+				while(n > 0){
+					r = s[0]<<8 | s[1];
+					if(r == 0)
+						break;
+					n--;
+					s += 2;
+					d += runetochar(d, &r);
+				}
+				*d = 0;
+				break;
+			default:
+				n = va->len;
+				d = emalloc(n+1);
-			pval->u.stringval[va->len] = 0;
+				pval->u.stringval = d;
+				s = va->data;
+				while(n > 0){
+					if((*d = *s) == 0)
+						break;
+					n--;
+					s++;
+					d++;
+				}
+				*d = 0;
+				break;
+			}
+			if(n != 0){
+				err = ASN_EINVAL;
+				free(pval->u.stringval);
+			} else
+				pval->tag = VString;
 			free(va);
 		}
 		break;
 	default:
 		if(p+length > pend)
 			err = ASN_EVALLEN;
 		else {
+}
 /*
  * Decode an int in format where count bytes are
  * concatenated to form value.
  * Although ASN1 allows any size integer, we return
  * an error if the result doesn't fit in a 32-bit int.
  * If unsgned is not set, make sure to propagate sign bit.
  */
 static int
 int_decode(uchar** pp, uchar* pend, int count, int unsgned, int* pint)
 /*
  * Decode an octet string, recursively if isconstr.
  * We've already checked that length==-1 implies isconstr==1,
  * and otherwise that specified length fits within (*pp..pend)
  */
 static int
 octet_decode(uchar** pp, uchar* pend, int length, int isconstr, Bytes** pbytes)
+{
 	int err;
 	uchar* p;
 	Bytes* ans;
 	Bytes* newans;
 	uchar* pstart;
 	uchar* pold;
 	Elem	elem;
 	err = ASN_OK;
 	p = *pp;
 	ans = nil;
 	if(length >= 0 && !isconstr) {
 		ans = makebytes(p, length);
 		p += length;
 	}
 	else {
 		/* constructed, either definite or indefinite length */
 		pstart = p;
 		for(;;) {
 			if(length >= 0 && p >= pstart + length) {
 				if(p != pstart + length)
 					err = ASN_EVALLEN;
 				break;
+			}
 			pold = p;
 			err = ber_decode(&p, pend, &elem);
 			if(err != ASN_OK)
 				break;
 			switch(elem.val.tag) {
 			case VOctets:
 				newans = catbytes(ans, elem.val.u.octetsval);
+				freevalfields(&elem.val);
 				freebytes(ans);
 				ans = newans;
 				break;
 			case VEOC:
-				if(length != -1) {
+				if(length == -1)
-					p = pold;
+					goto cloop_done;
-					err = ASN_EINVAL;
-				}
-				goto cloop_done;
+				/* no break */
 			default:
+				freevalfields(&elem.val);
 				p = pold;
 				err = ASN_EINVAL;
 				goto cloop_done;
+			}
+		}
 cloop_done:
+		if(err != ASN_OK){
+			freebytes(ans);
+			ans = nil;
-		;
+		}
+	}
 	*pp = p;
 	*pbytes = ans;
 	return err;
+}
 				break;
+			}
 			else
 				lve = mkel(elem, lve);
+		}
-		if(err == ASN_OK) {
+		if(err != ASN_OK)
+			freeelist(lve);
+		else {
 			/* reverse back to original order */
 			while(lve != nil) {
 				lveold = lve;
 				lve = lve->tl;
 				lveold->tl = ans;
+			}
+		}
+	}
 	*pp = p;
 	*pelist = ans;
-	setmalloctag(ans, getcallerpc(&pp));
 	return err;
+}
 /*
  * Encode e by BER rules, putting answer in *pbytes.
 		if(bb != nil) {
 			if(!lenonly)
 				memmove(p, bb->data, bb->len);
 			p += bb->len;
+		}
-			else
+		else
-				err = ASN_EINVAL;
+			err = ASN_EINVAL;
 		break;
 	case NULLTAG:
 		break;
+		}
 		else if(pe->tag.num == BOOLEAN && pe->val.tag == VBool) {
 			*pint = pe->val.u.boolval;
 			return 1;
+		}
 	}
 	return 0;
+}
 /*
  * for convience, all VInt's are readable via this routine,
  * as well as all VBigInt's
  */
 static int
 is_bigint(Elem* pe, Bytes** pbigint)
 {
-	int v, n, i;
-	if(pe->tag.class == Universal && pe->tag.num == INTEGER) {
+	if(pe->tag.class == Universal && pe->tag.num == INTEGER && pe->val.tag == VBigInt) {
-		if(pe->val.tag == VBigInt)
-			*pbigint = pe->val.u.bigintval;
+		*pbigint = pe->val.u.bigintval;
-		else if(pe->val.tag == VInt){
-			v = pe->val.u.intval;
-			for(n = 1; n < 4; n++)
-				if((1 << (8 * n)) > v)
-					break;
-			*pbigint = newbytes(n);
-			for(i = 0; i < n; i++)
-				(*pbigint)->data[i] = (v >> ((n - 1 - i) * 8));
-		}else
-			return 0;
 		return 1;
 	}
 	return 0;
 }
 static int
 is_bitstring(Elem* pe, Bits** pbits)
+{
 	if(pe->tag.class == Universal && pe->tag.num == BIT_STRING && pe->val.tag == VBitString) {
 		*pbits = pe->val.u.bitstringval;
 		return 1;
 	}
 	return 0;
+}
 static int
 is_octetstring(Elem* pe, Bytes** poctets)
+{
 	if(pe->tag.class == Universal && pe->tag.num == OCTET_STRING && pe->val.tag == VOctets) {
 		*poctets = pe->val.u.octetsval;
 		return 1;
 	}
 	return 0;
 }
 static int
 is_oid(Elem* pe, Ints** poid)
+{
 	if(pe->tag.class == Universal && pe->tag.num == OBJECT_ID && pe->val.tag == VObjId) {
  * malloc and return a new Bytes structure capable of
  * holding len bytes. (len >= 0)
  */
 static Bytes*
 newbytes(int len)
 {
 	Bytes* ans;
+	if(len < 0)
+		abort();
-	ans = (Bytes*)emalloc(OFFSETOF(data[0], Bytes) + len);
+	ans = emalloc(sizeof(Bytes) + len);
 	ans->len = len;
 	return ans;
+}
 /*
  * newbytes(len), with data initialized from buf
+}
 static void
 freebytes(Bytes* b)
+{
-	if(b != nil)
-		free(b);
+	free(b);
+}
 /*
  * Make a new Bytes, containing bytes of b1 followed by those of b2.
  * Either b1 or b2 or both can be nil.
+}
 /* len is number of ints */
 static Ints*
 newints(int len)
 {
 	Ints* ans;
+	if(len < 0 || len > ((uint)-1>>1)/sizeof(int))
+		abort();
-	ans = (Ints*)emalloc(OFFSETOF(data[0], Ints) + len*sizeof(int));
+	ans = emalloc(sizeof(Ints) + len*sizeof(int));
 	ans->len = len;
 	return ans;
 }
 static Ints*
 makeints(int* buf, int len)
+{
 	Ints* ans;
 	ans = newints(len);
-	if(len > 0)
-		memmove(ans->data, buf, len*sizeof(int));
+	memmove(ans->data, buf, len*sizeof(int));
 	return ans;
+}
 static void
 freeints(Ints* b)
+{
-	if(b != nil)
-		free(b);
+	free(b);
+}
 /* len is number of bytes */
 static Bits*
 newbits(int len)
+{
 	Bits* ans;
+	if(len < 0)
+		abort();
-	ans = (Bits*)emalloc(OFFSETOF(data[0], Bits) + len);
+	ans = emalloc(sizeof(Bits) + len);
 	ans->len = len;
 	ans->unusedbits = 0;
 	return ans;
+}
+}
 static void
 freebits(Bits* b)
+{
-	if(b != nil)
-		free(b);
+	free(b);
+}
 static Elist*
 mkel(Elem e, Elist* tail)
+{
 static int
 elistlen(Elist* el)
+{
 	int ans = 0;
 	while(el != nil) {
 		ans++;
 		el = el->tl;
+	}
 	return ans;
+}
 		break;
 	case VObjId:
 		freeints(v->u.objidval);
 		break;
 	case VString:
-		if(v->u.stringval)
-			free(v->u.stringval);
+		free(v->u.stringval);
 		break;
 	case VSeq:
 		el = v->u.seqval;
 		for(l = el; l != nil; l = l->tl)
 			freevalfields(&l->hd.val);
-		if(el)
-			freeelist(el);
+		freeelist(el);
 		break;
 	case VSet:
 		el = v->u.setval;
 		for(l = el; l != nil; l = l->tl)
 			freevalfields(&l->hd.val);
-		if(el)
-			freeelist(el);
+		freeelist(el);
 		break;
+	}
+	memset(v, 0, sizeof(*v));
+}
+static mpint*
+asn1mpint(Elem *e)
+{
+	Bytes *b;
+	int v;
+	if(is_int(e, &v))
+		return itomp(v, nil);
+	if(is_bigint(e, &b))
+		return betomp(b->data, b->len, nil);
+	return nil;
+}
 /* end of general ASN1 functions */
 	char*	issuer;
 	char*	validity_start;
 	char*	validity_end;
 	char*	subject;
 	int	publickey_alg;
-	Bytes*	publickey;
+	Bits*	publickey;
 	int	signature_alg;
-	Bytes*	signature;
+	Bits*	signature;
+	int	curve;
 } CertX509;
 /* Algorithm object-ids */
 enum {
 	ALG_rsaEncryption,
 	ALG_md2WithRSAEncryption,
 	ALG_md4WithRSAEncryption,
 	ALG_md5WithRSAEncryption,
 	ALG_sha1WithRSAEncryption,
 	ALG_sha1WithRSAEncryptionOiw,
+	ALG_sha256WithRSAEncryption,
+	ALG_sha384WithRSAEncryption,
+	ALG_sha512WithRSAEncryption,
+	ALG_sha224WithRSAEncryption,
+	ALG_ecPublicKey,
+	ALG_sha1WithECDSA,
+	ALG_sha256WithECDSA,
+	ALG_sha384WithECDSA,
+	ALG_sha512WithECDSA,
 	ALG_md5,
+	ALG_sha1,
+	ALG_sha256,
+	ALG_sha384,
+	ALG_sha512,
+	ALG_sha224,
 	NUMALGS
 };
-typedef struct Ints7 {
+typedef struct Ints15 {
+	int		len;
+	int		data[15];
+} Ints15;
+typedef struct DigestAlg {
+	int		alg;
+	DigestState*	(*fun)(uchar*,ulong,uchar*,DigestState*);
 	int		len;
-	int		data[7];
+} DigestAlg;
+static DigestAlg alg_md5 = { ALG_md5, md5, MD5dlen};
+static DigestAlg alg_sha1 = { ALG_sha1, sha1, SHA1dlen };
+static DigestAlg alg_sha256 = { ALG_sha256, sha2_256, SHA2_256dlen };
+static DigestAlg alg_sha384 = { ALG_sha384, sha2_384, SHA2_384dlen };
+static DigestAlg alg_sha512 = { ALG_sha512, sha2_512, SHA2_512dlen };
+static DigestAlg alg_sha224 = { ALG_sha224, sha2_224, SHA2_224dlen };
+/* maximum length of digest output of the digest algs above */
-} Ints7;
+enum {
+	MAXdlen = SHA2_512dlen,
+};
-static Ints7 oid_rsaEncryption = {7, 1, 2, 840, 113549, 1, 1, 1 };
+static Ints15 oid_rsaEncryption = {7, 1, 2, 840, 113549, 1, 1, 1 };
-static Ints7 oid_md2WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 2 };
+static Ints15 oid_md2WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 2 };
-static Ints7 oid_md4WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 3 };
+static Ints15 oid_md4WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 3 };
-static Ints7 oid_md5WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 4 };
+static Ints15 oid_md5WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 4 };
-static Ints7 oid_sha1WithRSAEncryption ={7, 1, 2, 840, 113549, 1, 1, 5 };
+static Ints15 oid_sha1WithRSAEncryption ={7, 1, 2, 840, 113549, 1, 1, 5 };
-static Ints7 oid_sha1WithRSAEncryptionOiw ={6, 1, 3, 14, 3, 2, 29 };
+static Ints15 oid_sha1WithRSAEncryptionOiw ={6, 1, 3, 14, 3, 2, 29 };
+static Ints15 oid_sha256WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 11 };
+static Ints15 oid_sha384WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 12 };
+static Ints15 oid_sha512WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 13 };
+static Ints15 oid_sha224WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 14 };
+static Ints15 oid_ecPublicKey = {6, 1, 2, 840, 10045, 2, 1 };
+static Ints15 oid_sha1WithECDSA = {6, 1, 2, 840, 10045, 4, 1 };
+static Ints15 oid_sha256WithECDSA = {7, 1, 2, 840, 10045, 4, 3, 2 };
+static Ints15 oid_sha384WithECDSA = {7, 1, 2, 840, 10045, 4, 3, 3 };
+static Ints15 oid_sha512WithECDSA = {7, 1, 2, 840, 10045, 4, 3, 4 };
-static Ints7 oid_md5 ={6, 1, 2, 840, 113549, 2, 5, 0 };
+static Ints15 oid_md5 = {6, 1, 2, 840, 113549, 2, 5 };
+static Ints15 oid_sha1 = {6, 1, 3, 14, 3, 2, 26 };
+static Ints15 oid_sha256= {9, 2, 16, 840, 1, 101, 3, 4, 2, 1 };
+static Ints15 oid_sha384= {9, 2, 16, 840, 1, 101, 3, 4, 2, 2 };
+static Ints15 oid_sha512= {9, 2, 16, 840, 1, 101, 3, 4, 2, 3 };
+static Ints15 oid_sha224= {9, 2, 16, 840, 1, 101, 3, 4, 2, 4 };
 static Ints *alg_oid_tab[NUMALGS+1] = {
 	(Ints*)&oid_rsaEncryption,
 	(Ints*)&oid_md2WithRSAEncryption,
 	(Ints*)&oid_md4WithRSAEncryption,
 	(Ints*)&oid_md5WithRSAEncryption,
 	(Ints*)&oid_sha1WithRSAEncryption,
 	(Ints*)&oid_sha1WithRSAEncryptionOiw,
+	(Ints*)&oid_sha256WithRSAEncryption,
+	(Ints*)&oid_sha384WithRSAEncryption,
+	(Ints*)&oid_sha512WithRSAEncryption,
+	(Ints*)&oid_sha224WithRSAEncryption,
+	(Ints*)&oid_ecPublicKey,
+	(Ints*)&oid_sha1WithECDSA,
+	(Ints*)&oid_sha256WithECDSA,
+	(Ints*)&oid_sha384WithECDSA,
+	(Ints*)&oid_sha512WithECDSA,
 	(Ints*)&oid_md5,
+	(Ints*)&oid_sha1,
+	(Ints*)&oid_sha256,
+	(Ints*)&oid_sha384,
+	(Ints*)&oid_sha512,
+	(Ints*)&oid_sha224,
+	nil
+};
+static DigestAlg *digestalg[NUMALGS+1] = {
+	&alg_md5, &alg_md5, &alg_md5, &alg_md5,
+	&alg_sha1, &alg_sha1,
+	&alg_sha256, &alg_sha384, &alg_sha512, &alg_sha224,
+	&alg_sha256, &alg_sha1, &alg_sha256, &alg_sha384, &alg_sha512,
+	&alg_md5, &alg_sha1, &alg_sha256, &alg_sha384, &alg_sha512, &alg_sha224,
 	nil
 };
+static Bytes* encode_digest(DigestAlg *da, uchar *digest);
-static DigestFun digestalg[NUMALGS+1] = { md5, md5, md5, md5, sha1, sha1, md5, nil };
+static Ints15 oid_secp256r1 = {7, 1, 2, 840, 10045, 3, 1, 7};
+static Ints15 oid_secp384r1 = {5, 1, 3, 132, 0, 34};
+static Ints *namedcurves_oid_tab[] = {
+	(Ints*)&oid_secp256r1,
+	(Ints*)&oid_secp384r1,
+	nil,
+};
+static void (*namedcurves[])(mpint *p, mpint *a, mpint *b, mpint *x, mpint *y, mpint *n, mpint *h) = {
+	secp256r1,
+	secp384r1,
+	nil,
+};
 static void
 freecert(CertX509* c)
+{
-	if(!c) return;
+	if(c == nil)
-	if(c->issuer != nil)
+		return;
-		free(c->issuer);
+	free(c->issuer);
-	if(c->validity_start != nil)
-		free(c->validity_start);
+	free(c->validity_start);
-	if(c->validity_end != nil)
-		free(c->validity_end);
+	free(c->validity_end);
-	if(c->subject != nil)
-		free(c->subject);
+	free(c->subject);
-	freebytes(c->publickey);
+	freebits(c->publickey);
-	freebytes(c->signature);
+	freebits(c->signature);
 	free(c);
+}
 /*
  * Parse the Name ASN1 type.
  * or -1 if not found.
  * For now, ignore parameters, since none of our algorithms need them.
  */
 static int
 parse_alg(Elem* e)
 {
 	Elist* el;
 	Ints* oid;
 	if(!is_seq(e, &el) || el == nil || !is_oid(&el->hd, &oid))
 		return -1;
 	return oid_lookup(oid, alg_oid_tab);
+}
+static int
+parse_curve(Elem* e)
+{
+	Elist* el;
+	Ints* oid;
+	if(!is_seq(e, &el) || elistlen(el)<2 || !is_oid(&el->tl->hd, &oid))
+		return -1;
+	return oid_lookup(oid, namedcurves_oid_tab);
+}
 static CertX509*
-decode_cert(Bytes* a)
+decode_cert(uchar *buf, int len)
+{
 	int ok = 0;
 	int n;
-	CertX509* c = nil;
 	Elem  ecert;
 	Elem* ecertinfo;
 	Elem* esigalg;
 	Elem* esig;
 	Elem* eserial;
 	Elist* elvalidity = nil;
 	Elist* elpubkey = nil;
 	Bits* bits = nil;
 	Bytes* b;
 	Elem* e;
+	CertX509* c = nil;
-	if(decode(a->data, a->len, &ecert) != ASN_OK)
+	if(decode(buf, len, &ecert) != ASN_OK)
 		goto errret;
 	c = (CertX509*)emalloc(sizeof(CertX509));
 	c->serial = -1;
 	c->issuer = nil;
 	c->validity_start = nil;
 	c->validity_end = nil;
  	evalidity = &el->hd;
  	el = el->tl;
  	esubj = &el->hd;
  	el = el->tl;
  	epubkey = &el->hd;
- 	if(!is_int(eserial, &c->serial)) {
+	if(!is_int(eserial, &c->serial)) {
 		if(!is_bigint(eserial, &b))
 			goto errret;
 		c->serial = -1;	/* else we have to change cert struct */
+  	}
 	c->issuer = parse_name(eissuer);
 		goto errret;
 	if(elistlen(elvalidity) != 2)
 		goto errret;
 	e = &elvalidity->hd;
 	if(!is_time(e, &c->validity_start))
 		goto errret;
 	e->val.u.stringval = nil;	/* string ownership transfer */
 	e = &elvalidity->tl->hd;
  	if(!is_time(e, &c->validity_end))
 		goto errret;
 	e->val.u.stringval = nil;	/* string ownership transfer */
 	/* resume CertificateInfo */
  	c->subject = parse_name(esubj);
 	if(c->subject == nil)
 		goto errret;
 	/* SubjectPublicKeyInfo */
- 	if(!is_seq(epubkey, &elpubkey))
+	if(!is_seq(epubkey, &elpubkey))
 		goto errret;
 	if(elistlen(elpubkey) != 2)
 		goto errret;
 	c->publickey_alg = parse_alg(&elpubkey->hd);
 	if(c->publickey_alg < 0)
 		goto errret;
+	c->curve = -1;
+	if(c->publickey_alg == ALG_ecPublicKey){
-  	if(!is_bitstring(&elpubkey->tl->hd, &bits))
+		c->curve = parse_curve(&elpubkey->hd);
+		if(c->curve < 0)
-		goto errret;
+			goto errret;
+	}
+	elpubkey = elpubkey->tl;
-	if(bits->unusedbits != 0)
+	if(!is_bitstring(&elpubkey->hd, &bits))
 		goto errret;
+	elpubkey->hd.val.u.bitstringval = nil;	/* transfer ownership */
- 	c->publickey = makebytes(bits->data, bits->len);
+	c->publickey = bits;
 	/*resume Certificate */
 	if(c->signature_alg < 0)
 		goto errret;
- 	if(!is_bitstring(esig, &bits))
+	if(!is_bitstring(esig, &bits))
 		goto errret;
+	esig->val.u.bitstringval = nil;	/* transfer ownership */
- 	c->signature = makebytes(bits->data, bits->len);
+	c->signature = bits;
 	ok = 1;
 errret:
 	freevalfields(&ecert.val);	/* recurses through lists, too */
 	if(!ok){
+	}
 	return c;
+}
 /*
- *	RSAPublickKey :: SEQUENCE {
+ *	RSAPublickKey ::= SEQUENCE {
  *		modulus INTEGER,
  *		publicExponent INTEGER
  *	}
  */
-static RSApub*
+RSApub*
-decode_rsapubkey(Bytes* a)
+asn1toRSApub(uchar *buf, int len)
+{
 	Elem e;
-	Elist *el, *l;
+	Elist *el;
-	mpint *mp;
 	RSApub* key;
-	l = nil;
+	key = nil;
-	key = rsapuballoc();
-	if(decode(a->data, a->len, &e) != ASN_OK)
+	if(decode(buf, len, &e) != ASN_OK)
 		goto errret;
 	if(!is_seq(&e, &el) || elistlen(el) != 2)
 		goto errret;
-	l = el;
+	key = rsapuballoc();
-	key->n = mp = asn1mpint(&el->hd);
+	if((key->n = asn1mpint(&el->hd)) == nil)
-	if(mp == nil)
 		goto errret;
 	el = el->tl;
-	key->ek = mp = asn1mpint(&el->hd);
+	if((key->ek = asn1mpint(&el->hd)) == nil)
-	if(mp == nil)
 		goto errret;
-	if(l != nil)
-		freeelist(l);
+	freevalfields(&e.val);
 	return key;
 errret:
-	if(l != nil)
-		freeelist(l);
+	freevalfields(&e.val);
 	rsapubfree(key);
 	return nil;
+}
 /*
  *	RSAPrivateKey ::= SEQUENCE {
  *		version Version,
  *		prime2 INTEGER, -- q
  *		exponent1 INTEGER, -- d mod (p-1)
  *		exponent2 INTEGER, -- d mod (q-1)
  *		coefficient INTEGER -- (inverse of q) mod p }
  */
-static RSApriv*
+RSApriv*
-decode_rsaprivkey(Bytes* a)
+asn1toRSApriv(uchar *buf, int len)
+{
 	int version;
 	Elem e;
 	Elist *el;
-	mpint *mp;
+	Bytes *b;
-	RSApriv* key;
+	RSApriv* key = nil;
+	if(decode(buf, len, &e) != ASN_OK)
+		goto errret;
+	if(!is_seq(&e, &el))
+		goto errret;
+	if(!is_int(&el->hd, &version) || version != 0)
+		goto errret;
+	if(elistlen(el) != 9){
+		if(elistlen(el) == 3
+		&& parse_alg(&el->tl->hd) == ALG_rsaEncryption
+		&& is_octetstring(&el->tl->tl->hd, &b)){
+			key = asn1toRSApriv(b->data, b->len);
+			if(key != nil)
+				goto done;
+		}
+		goto errret;
+	}
 	key = rsaprivalloc();
-	if(decode(a->data, a->len, &e) != ASN_OK)
-		goto errret;
-	if(!is_seq(&e, &el) || elistlen(el) != 9)
-		goto errret;
-	if(!is_int(&el->hd, &version) || version != 0)
-		goto errret;
 	el = el->tl;
-	key->pub.n = mp = asn1mpint(&el->hd);
+	if((key->pub.n = asn1mpint(&el->hd)) == nil)
-	if(mp == nil)
 		goto errret;
 	el = el->tl;
-	key->pub.ek = mp = asn1mpint(&el->hd);
+	if((key->pub.ek = asn1mpint(&el->hd)) == nil)
-	if(mp == nil)
 		goto errret;
 	el = el->tl;
-	key->dk = mp = asn1mpint(&el->hd);
+	if((key->dk = asn1mpint(&el->hd)) == nil)
-	if(mp == nil)
 		goto errret;
 	el = el->tl;
-	key->q = mp = asn1mpint(&el->hd);
+	if((key->q = asn1mpint(&el->hd)) == nil)
-	if(mp == nil)
 		goto errret;
 	el = el->tl;
-	key->p = mp = asn1mpint(&el->hd);
+	if((key->p = asn1mpint(&el->hd)) == nil)
-	if(mp == nil)
 		goto errret;
 	el = el->tl;
-	key->kq = mp = asn1mpint(&el->hd);
+	if((key->kq = asn1mpint(&el->hd)) == nil)
-	if(mp == nil)
-		goto errret;
-	el = el->tl;
-	key->kp = mp = asn1mpint(&el->hd);
-	if(mp == nil)
-		goto errret;
-	el = el->tl;
-	key->c2 = mp = asn1mpint(&el->hd);
-	if(mp == nil)
-		goto errret;
-	return key;
-errret:
-	rsaprivfree(key);
-	return nil;
-}
-/*
- * 	DSAPrivateKey ::= SEQUENCE{
- *		version Version,
- *		p INTEGER,
- *		q INTEGER,
- *		g INTEGER, -- alpha
- *		pub_key INTEGER, -- key
- *		priv_key INTEGER, -- secret
- *	}
- */
-static DSApriv*
-decode_dsaprivkey(Bytes* a)
-{
-	int version;
-	Elem e;
-	Elist *el;
-	mpint *mp;
-	DSApriv* key;
-	key = dsaprivalloc();
-	if(decode(a->data, a->len, &e) != ASN_OK)
-		goto errret;
-	if(!is_seq(&e, &el) || elistlen(el) != 6)
-		goto errret;
-version = -1;
-	if(!is_int(&el->hd, &version) || version != 0)
-{
-fprint(2, "version %d\n", version);
-		goto errret;
-}
-	el = el->tl;
-	key->pub.p = mp = asn1mpint(&el->hd);
-	if(mp == nil)
-		goto errret;
-	el = el->tl;
-	key->pub.q = mp = asn1mpint(&el->hd);
-	if(mp == nil)
-		goto errret;
-	el = el->tl;
-	key->pub.alpha = mp = asn1mpint(&el->hd);
-	if(mp == nil)
-		goto errret;
-	el = el->tl;
-	key->pub.key = mp = asn1mpint(&el->hd);
-	if(mp == nil)
 		goto errret;
 	el = el->tl;
-	key->secret = mp = asn1mpint(&el->hd);
+	if((key->kp = asn1mpint(&el->hd)) == nil)
-	if(mp == nil)
 		goto errret;
+	el = el->tl;
+	if((key->c2 = asn1mpint(&el->hd)) == nil)
+		goto errret;
+done:
+	freevalfields(&e.val);
 	return key;
 errret:
+	freevalfields(&e.val);
-	dsaprivfree(key);
+	rsaprivfree(key);
 	return nil;
-}
-static mpint*
-asn1mpint(Elem *e)
-{
-	Bytes *b;
-	mpint *mp;
-	int v;
-	if(is_int(e, &v))
-		return itomp(v, nil);
-	if(is_bigint(e, &b)) {
-		mp = betomp(b->data, b->len, nil);
-		freebytes(b);
-		return mp;
-	}
-	return nil;
-}
-static mpint*
-pkcs1pad(Bytes *b, mpint *modulus)
-{
-	int n = (mpsignif(modulus)+7)/8;
-	int pm1, i;
-	uchar *p;
-	mpint *mp;
-	pm1 = n - 1 - b->len;
-	p = (uchar*)emalloc(n);
-	p[0] = 0;
-	p[1] = 1;
-	for(i = 2; i < pm1; i++)
-		p[i] = 0xFF;
-	p[pm1] = 0;
-	memcpy(&p[pm1+1], b->data, b->len);
-	mp = betomp(p, n, nil);
-	free(p);
-	return mp;
-}
-RSApriv*
-asn1toRSApriv(uchar *kd, int kn)
-{
-	Bytes *b;
-	RSApriv *key;
-	b = makebytes(kd, kn);
-	key = decode_rsaprivkey(b);
-	freebytes(b);
-	return key;
-}
-DSApriv*
-asn1toDSApriv(uchar *kd, int kn)
-{
-	Bytes *b;
-	DSApriv *key;
-	b = makebytes(kd, kn);
-	key = decode_dsaprivkey(b);
-	freebytes(b);
-	return key;
+}
 /*
  * digest(CertificateInfo)
  * Our ASN.1 library doesn't return pointers into the original
  * data array, so we need to do a little hand decoding.
  */
-static void
+static int
-digest_certinfo(Bytes *cert, DigestFun digestfun, uchar *digest)
+digest_certinfo(uchar *cert, int ncert, DigestAlg *da, uchar *digest)
+{
 	uchar *info, *p, *pend;
-	ulong infolen;
 	int isconstr, length;
 	Tag tag;
 	Elem elem;
-	p = cert->data;
+	p = cert;
-	pend = cert->data + cert->len;
+	pend = cert + ncert;
 	if(tag_decode(&p, pend, &tag, &isconstr) != ASN_OK ||
 	   tag.class != Universal || tag.num != SEQUENCE ||
 	   length_decode(&p, pend, &length) != ASN_OK ||
 	   p+length > pend ||
 	   p+length < p)
-		return;
+		return -1;
 	info = p;
 	if(ber_decode(&p, pend, &elem) != ASN_OK)
-		return;
+		return -1;
 	freevalfields(&elem.val);
 	if(elem.tag.num != SEQUENCE)
-		return;
+		return -1;
+	(*da->fun)(info, p - info, digest, nil);
+	return da->len;
+}
+mpint*
+pkcs1padbuf(uchar *buf, int len, mpint *modulus, int blocktype)
+{
+	int i, n = (mpsignif(modulus)-1)/8;
-	infolen = p - info;
+	int pad = n - 2 - len;
+	uchar *p;
+	mpint *mp;
+	if(pad < 8){
+		werrstr("rsa modulus too small");
+		return nil;
+	}
+	if((p = malloc(n)) == nil)
+		return nil;
+	p[0] = blocktype;
+	switch(blocktype){
+	default:
+	case 1:
+		memset(p+1, 0xFF, pad);
+		break;
+	case 2:
+		for(i=1; i <= pad; i++)
+			p[i] = 1 + nfastrand(255);
+		break;
+	}
+	p[1+pad] = 0;
+	memmove(p+2+pad, buf, len);
+	mp = betomp(p, n, nil);
+	free(p);
+	return mp;
+}
+int
+pkcs1unpadbuf(uchar *buf, int len, mpint *modulus, int blocktype)
+{
+	uchar *p = buf + 1, *e = buf + len;
+	if(len < 1 || len != (mpsignif(modulus)-1)/8 || buf[0] != blocktype)
+		return -1;
+	switch(blocktype){
+	default:
+	case 1:
+		while(p < e && *p == 0xFF)
+			p++;
+		break;
+	case 2:
+		while(p < e && *p != 0x00)
+			p++;
+		break;
+	}
+	if(p - buf <= 8 || p >= e || *p++ != 0x00)
+		return -1;
+	memmove(buf, p, len = e - p);
+	return len;
+}
+static char Ebadsig[] = "bad signature";
+char*
+X509rsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, RSApub *pk)
+{
+	mpint *x, *y;
+	DigestAlg **dp;
+	Bytes *digest;
+	uchar *buf;
+	int len;
+	char *err;
+	x = betomp(sig, siglen, nil);
+	y = rsaencrypt(pk, x, nil);
+	mpfree(x);
+	len = mptobe(y, nil, 0, &buf);
+	mpfree(y);
+	err = Ebadsig;
+	len = pkcs1unpadbuf(buf, len, pk->n, 1);
+	if(len == edigestlen && tsmemcmp(buf, edigest, edigestlen) == 0)
+		err = nil;
+	for(dp = digestalg; err != nil && *dp != nil; dp++){
+		if((*dp)->len != edigestlen)
+			continue;
-	(*digestfun)(info, infolen, digest, nil);
+		digest = encode_digest(*dp, edigest);
+		if(digest->len == len && tsmemcmp(digest->data, buf, len) == 0)
+			err = nil;
+		freebytes(digest);
+	}
+	free(buf);
+	return err;
+}
-static char*
+char*
-verify_signature(Bytes* signature, RSApub *pk, uchar *edigest, Elem **psigalg)
+X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub)
+{
 	Elem e;
 	Elist *el;
-	Bytes *digest;
-	uchar *pkcs1buf, *buf;
-	int buflen;
-	mpint *pkcs1;
+	mpint *r, *s;
-	int nlen;
 	char *err;
-	err = nil;
+	r = s = nil;
-	pkcs1buf = nil;
-	/* one less than the byte length of the modulus */
-	nlen = (mpsignif(pk->n)-1)/8;
-	/* see 9.2.1 of rfc2437 */
-	pkcs1 = betomp(signature->data, signature->len, nil);
-	mpexp(pkcs1, pk->ek, pk->n, pkcs1);
-	buflen = mptobe(pkcs1, nil, 0, &pkcs1buf);
-	buf = pkcs1buf;
+	err = Ebadsig;
-	if(buflen != nlen || buf[0] != 1) {
+	if(decode(sig, siglen, &e) != ASN_OK)
-		err = "expected 1";
 		goto end;
-	}
-	buf++;
-	while(buf[0] == 0xff)
-		buf++;
-	if(buf[0] != 0) {
-		err = "expected 0";
+	if(!is_seq(&e, &el) || elistlen(el) != 2)
 		goto end;
-	}
-	buf++;
-	buflen -= buf-pkcs1buf;
+	r = asn1mpint(&el->hd);
-	if(decode(buf, buflen, &e) != ASN_OK || !is_seq(&e, &el) || elistlen(el) != 2 ||
-			!is_octetstring(&el->tl->hd, &digest)) {
-		err = "signature parse error";
+	if(r == nil)
 		goto end;
-	}
+	el = el->tl;
-	*psigalg = &el->hd;
+	s = asn1mpint(&el->hd);
-	if(memcmp(digest->data, edigest, digest->len) == 0)
+	if(s == nil)
 		goto end;
-	err = "digests did not match";
+	if(ecdsaverify(dom, pub, edigest, edigestlen, r, s))
+		err = nil;
 end:
-	if(pkcs1 != nil)
+	freevalfields(&e.val);
-		mpfree(pkcs1);
+	mpfree(s);
-	if(pkcs1buf != nil)
-		free(pkcs1buf);
+	mpfree(r);
 	return err;
 }
-RSApub*
+static void
-X509toRSApub(uchar *cert, int ncert, char *name, int nname)
+copysubject(char *name, int nname, char *subject)
+{
 	char *e;
-	Bytes *b;
-	CertX509 *c;
-	RSApub *pk;
-	b = makebytes(cert, ncert);
+	if(name == nil)
-	c = decode_cert(b);
+		return;
-	freebytes(b);
+	memset(name, 0, nname);
-	if(c == nil)
+	if(subject == nil)
-		return nil;
+		return;
-	if(name != nil && c->subject != nil){
+	strncpy(name, subject, nname-1);
-		e = strchr(c->subject, ',');
+	e = strchr(name, ',');
-		if(e != nil)
+	if(e != nil)
-			*e = 0;	/* take just CN part of Distinguished Name */
+		*e = 0;	/* take just CN part of Distinguished Name */
-		strncpy(name, c->subject, nname);
-	}
-	pk = decode_rsapubkey(c->publickey);
-	freecert(c);
-	return pk;
-}
-int
-getalgo(Elem *e)
-{
-	Value *v;
-	Elist *el;
-	int a;
-	if((a = parse_alg(e)) >= 0)
-		return a;
-	v = &e->val;
-	if(v->tag == VSeq){
-		print("Seq\n");
-		for(el = v->u.seqval; el!=nil; el = el->tl){
-			if((a = getalgo(&el->hd)) >= 0)
-				return a;
-		}
-	}
-	return -1;
+}
-static void edump(Elem e);
-RSApub*
+ECpub*
-asn1toRSApub(uchar *der, int nder)
+X509toECpub(uchar *cert, int ncert, char *name, int nname, ECdomain *dom)
+{
-	Elem e;
-	Elist *el, *l;
-	int n;
-	Bits *b;
+	CertX509 *c;
-	RSApub *key;
+	ECpub *pub;
-	mpint *mp;
-	if(decode(der, nder, &e) != ASN_OK){
+	c = decode_cert(cert, ncert);
-		print("didn't parse\n");
-		return nil;
-	}
-	if(!is_seq(&e, &el)){
-		print("no seq");
-		return nil;
-	}
-	if((n = elistlen(el)) != 2){
-		print("bad length %d\n", n);
-		return nil;
-	}
-	if((n = getalgo(&el->hd)) < 0){
-		print("no algo\n");
-		return nil;
-	}
-	if(n != 0){
+	if(c == nil)
-		print("cant do algorithm %d\n", n);
-		return nil;
-	}
-	if(!is_bitstring(&el->tl->hd, &b)){
-		print("no bits\n");
-		return nil;
-	}
-	if(decode(b->data, b->len, &e) != ASN_OK){
-		print("no second decode\n");
-		return nil;
-	}
-	if(!is_seq(&e, &el)){
-		print("no second seq\n");
-		return nil;
-	}
-	if(elistlen(el) != 2){
-		print("no second length\n");
 		return nil;
+	copysubject(name, nname, c->subject);
+	pub = nil;
+	if(c->publickey_alg == ALG_ecPublicKey){
+		ecdominit(dom, namedcurves[c->curve]);
+		pub = ecdecodepub(dom, c->publickey->data, c->publickey->len);
+		if(pub == nil)
+			ecdomfree(dom);
+	}
-	key = rsapuballoc();
-	l = el;
-	key->n = mp = asn1mpint(&el->hd);
-	if(mp == nil)
+	freecert(c);
-		goto errret;
+	return pub;
+}
-	el = el->tl;
-	key->ek = mp = asn1mpint(&el->hd);
-	if(mp == nil)
-		goto errret;
+char*
+X509ecdsaverify(uchar *cert, int ncert, ECdomain *dom, ECpub *pk)
+{
+	char *e;
+	CertX509 *c;
+	int digestlen;
+	uchar digest[MAXdlen];
+	c = decode_cert(cert, ncert);
-	if(l != nil)
+	if(c == nil)
+		return "cannot decode cert";
+	digestlen = digest_certinfo(cert, ncert, digestalg[c->signature_alg], digest);
+	if(digestlen <= 0){
-		freeelist(l);
+		freecert(c);
+		return "cannot decode certinfo";
+	}
+	e = X509ecdsaverifydigest(c->signature->data, c->signature->len, digest, digestlen, dom, pk);
+	freecert(c);
-	return key;
+	return e;
+}
-errret:
+RSApub*
+X509toRSApub(uchar *cert, int ncert, char *name, int nname)
+{
+	CertX509 *c;
+	RSApub *pub;
+	c = decode_cert(cert, ncert);
-	if(l != nil)
+	if(c == nil)
-		freeelist(l);
+		return nil;
+	copysubject(name, nname, c->subject);
+	pub = nil;
+	if(c->publickey_alg == ALG_rsaEncryption)
+		pub = asn1toRSApub(c->publickey->data, c->publickey->len);
-	rsapubfree(key);
+	freecert(c);
-	return nil;
+	return pub;
+}
 char*
-X509verify(uchar *cert, int ncert, RSApub *pk)
+X509rsaverify(uchar *cert, int ncert, RSApub *pk)
+{
 	char *e;
-	Bytes *b;
 	CertX509 *c;
-	uchar digest[SHA1dlen];
+	int digestlen;
-	Elem *sigalg;
+	uchar digest[MAXdlen];
-	b = makebytes(cert, ncert);
+	c = decode_cert(cert, ncert);
-	c = decode_cert(b);
-	if(c != nil)
-		digest_certinfo(b, digestalg[c->signature_alg], digest);
-	freebytes(b);
 	if(c == nil)
 		return "cannot decode cert";
+	digestlen = digest_certinfo(cert, ncert, digestalg[c->signature_alg], digest);
+	if(digestlen <= 0){
+		freecert(c);
+		return "cannot decode certinfo";
+	}
-	e = verify_signature(c->signature, pk, digest, &sigalg);
+	e = X509rsaverifydigest(c->signature->data, c->signature->len, digest, digestlen, pk);
 	freecert(c);
 	return e;
 }
 /* ------- Elem constructors ---------- */
 static Elem
 Null(void)
 {
 	Elem e;
 	e.tag.class = Universal;
 	e.tag.num = NULLTAG;
 	e.val.tag = VNull;
 	return e;
+}
 	e.tag.class = Universal;
 	e.tag.num = INTEGER;
 	e.val.tag = VInt;
 	e.val.u.intval = j;
 	return e;
 }
 static Elem
 mkbigint(mpint *p)
 {
 	Elem e;
-	uchar *buf;
-	int buflen;
 	e.tag.class = Universal;
 	e.tag.num = INTEGER;
 	e.val.tag = VBigInt;
+	e.val.u.bigintval = newbytes((mpsignif(p)+8)/8);
+	if(p->sign < 0){
+		mpint *s = mpnew(e.val.u.bigintval->len*8+1);
+		mpleft(mpone, e.val.u.bigintval->len*8, s);
-	buflen = mptobe(p, nil, 0, &buf);
+		mpadd(p, s, s);
-	e.val.u.bigintval = makebytes(buf, buflen);
+		mptober(s, e.val.u.bigintval->data, e.val.u.bigintval->len);
-	free(buf);
+		mpfree(s);
+	} else {
+		mptober(p, e.val.u.bigintval->data, e.val.u.bigintval->len);
+	}
 	return e;
+}
+static int
+printable(char *s)
+{
+	int c;
+	while((c = (uchar)*s++) != 0){
+		if((c >= 'a' && c <= 'z')
+		|| (c >= 'A' && c <= 'Z')
+		|| (c >= '0' && c <= '9')
+		|| strchr("'=()+,-./:? ", c) != nil)
+			continue;
+		return 0;
+	}
+	return 1;
+}
+#define DirectoryString 0
 static Elem
-mkstring(char *s)
+mkstring(char *s, int t)
+{
 	Elem e;
+	if(t == DirectoryString)
+		t = printable(s) ? PrintableString : UTF8String;
 	e.tag.class = Universal;
-	e.tag.num = IA5String;
+	e.tag.num = t;
 	e.val.tag = VString;
 	e.val.u.stringval = estrdup(s);
 	return e;
 }
-static Elem
-mkoctet(uchar *buf, int buflen)
-{
-	Elem e;
+static Elem
+mkoctet(uchar *buf, int buflen)
+{
+	Elem e;
 	e.tag.class = Universal;
 	e.tag.num = OCTET_STRING;
 	e.val.tag = VOctets;
 	e.val.u.octetsval = makebytes(buf, buflen);
 	return e;
 }
 static Elem
 mkbits(uchar *buf, int buflen)
 {
 	Elem e;
 	e.tag.class = Universal;
 	e.tag.num = BIT_STRING;
 	e.val.tag = VBitString;
 	Tm *tm = gmtime(t);
 	e.tag.class = Universal;
 	e.tag.num = UTCTime;
 	e.val.tag = VString;
-	snprint(utc, 50, "%.2d%.2d%.2d%.2d%.2d%.2dZ",
+	snprint(utc, sizeof(utc), "%.2d%.2d%.2d%.2d%.2d%.2dZ",
 		tm->year % 100, tm->mon+1, tm->mday, tm->hour, tm->min, tm->sec);
 	e.val.u.stringval = estrdup(utc);
 	return e;
 }
 static Elem
 mkoid(Ints *oid)
 {
 	Elem e;
 	e.tag.class = Universal;
 	e.tag.num = OBJECT_ID;
 	e.val.tag = VObjId;
 	e.val.u.objidval = makeints(oid->data, oid->len);
 	return e;
 }
 static Elem
 mkseq(Elist *el)
 {
 	Elem e;
 	e.tag.class = Universal;
 	e.tag.num = SEQUENCE;
 	e.val.tag = VSeq;
 	e.val.u.seqval = el;
 	return e;
 }
 static Elem
 mkset(Elist *el)
+{
 	Elem e;
 	e.tag.class = Universal;
 	e.tag.num = SETOF;
 	e.val.tag = VSet;
 	e.val.u.setval = el;
 	return e;
 }
 static Elem
 mkalg(int alg)
+{
 	return mkseq(mkel(mkoid(alg_oid_tab[alg]), mkel(Null(), nil)));
+}
 typedef struct Ints7pref {
-	int		len;
+	int	len;
-	int		data[7];
+	int	data[7];
 	char	prefix[4];
+	int	stype;
 } Ints7pref;
 Ints7pref DN_oid[] = {
-	{4, 2, 5, 4, 6, 0, 0, 0,  "C="},
+	{4, 2, 5, 4, 6, 0, 0, 0,        "C=", PrintableString},
-	{4, 2, 5, 4, 8, 0, 0, 0,  "ST="},
+	{4, 2, 5, 4, 8, 0, 0, 0,        "ST=",DirectoryString},
-	{4, 2, 5, 4, 7, 0, 0, 0,  "L="},
+	{4, 2, 5, 4, 7, 0, 0, 0,        "L=", DirectoryString},
-	{4, 2, 5, 4, 10, 0, 0, 0, "O="},
+	{4, 2, 5, 4, 10, 0, 0, 0,       "O=", DirectoryString},
-	{4, 2, 5, 4, 11, 0, 0, 0, "OU="},
+	{4, 2, 5, 4, 11, 0, 0, 0,       "OU=",DirectoryString},
-	{4, 2, 5, 4, 3, 0, 0, 0,  "CN="},
+	{4, 2, 5, 4, 3, 0, 0, 0,        "CN=",DirectoryString},
- 	{7, 1,2,840,113549,1,9,1, "E="},
+	{7, 1,2,840,113549,1,9,1,       "E=", IA5String},
+	{7, 0,9,2342,19200300,100,1,25,	"DC=",IA5String},
 };
 static Elem
 mkname(Ints7pref *oid, char *subj)
+{
-	return mkset(mkel(mkseq(mkel(mkoid((Ints*)oid), mkel(mkstring(subj), nil))), nil));
+	return mkset(mkel(mkseq(mkel(mkoid((Ints*)oid), mkel(mkstring(subj, oid->stype), nil))), nil));
+}
 static Elem
 mkDN(char *dn)
+{
+	}
 	free(d2);
 	return mkseq(el);
+}
-uchar*
+/*
+ * DigestInfo ::= SEQUENCE {
+ *	digestAlgorithm AlgorithmIdentifier,
+ *	digest OCTET STRING }
+ */
+static Bytes*
-RSApubtoasn1(RSApub *pub, int *keylen)
+encode_digest(DigestAlg *da, uchar *digest)
 {
+	Bytes *b = nil;
-	Elem pubkey;
+	Elem e = mkseq(
+		mkel(mkalg(da->alg),
+		mkel(mkoctet(digest, da->len),
+		nil)));
+	encode(e, &b);
+	freevalfields(&e.val);
+	return b;
+}
+int
+asn1encodedigest(DigestState* (*fun)(uchar*, ulong, uchar*, DigestState*), uchar *digest, uchar *buf, int len)
+{
-	Bytes *pkbytes;
+	Bytes *bytes;
+	DigestAlg **dp;
+	for(dp = digestalg; *dp != nil; dp++){
+		if((*dp)->fun != fun)
+			continue;
+		bytes = encode_digest(*dp, digest);
+		if(bytes == nil)
+			break;
+		if(bytes->len > len){
+			freebytes(bytes);
+			break;
+		}
+		len = bytes->len;
+		memmove(buf, bytes->data, len);
+		freebytes(bytes);
+		return len;
+	}
+	return -1;
+}
+static Elem
+mkcont(Elem e, int num)
+{
+	e = mkseq(mkel(e, nil));
+	e.tag.class = Context;
+	e.tag.num = num;
+	return e;
+}
+static Elem
+mkaltname(char *s)
+{
+	Elem e;
+	int i;
+	for(i=0; i<nelem(DN_oid); i++){
+		if(strstr(s, DN_oid[i].prefix) != nil)
+			return mkcont(mkDN(s), 4); /* DN */
+	}
+	e = mkstring(s, IA5String);
+	e.tag.class = Context;
+	e.tag.num = strchr(s, '@') != nil ? 1 : 2; /* email : DNS */
+	return e;
+}
+static Elist*
+mkaltnames(char *alts)
+{
+	Elist *el;
-	uchar *key;
+	char *s, *p;
+	if(alts == nil)
+		return nil;
-	key = nil;
+	el = nil;
+	alts = estrdup(alts);
+	for(s = alts; s != nil; s = p){
+		while(*s == ' ')
+			s++;
+		if(*s == '\0')
+			break;
+		if((p = strchr(s, ',')) != nil)
+			*p++ = 0;
-	pubkey = mkseq(mkel(mkbigint(pub->n),mkel(mkint(mptoi(pub->ek)),nil)));
+		el = mkel(mkaltname(s), el);
+	}
+	free(alts);
+	return el;
+}
+static Elist*
+mkextel(Elem e, Ints *oid, Elist *el)
+{
+	Bytes *b = nil;
-	if(encode(pubkey, &pkbytes) != ASN_OK)
+	if(encode(e, &b) == ASN_OK){
+		el = mkel(mkseq(
+			mkel(mkoid(oid),
+			mkel(mkoctet(b->data, b->len),
-		goto errret;
+			nil))), el);
+		freebytes(b);
+	}
-	freevalfields(&pubkey.val);
+	freevalfields(&e.val);
+	return el;
+}
+static Ints15 oid_subjectAltName = {4, 2, 5, 29, 17 };
+static Ints15 oid_extensionRequest = { 7, 1, 2, 840, 113549, 1, 9, 14};
+static Elist*
+mkextensions(char *alts, int req)
+{
+	Elist *sl, *xl;
+	xl = nil;
+	if((sl = mkaltnames(alts)) != nil)
+		xl = mkextel(mkseq(sl), (Ints*)&oid_subjectAltName, xl);
+	if(xl != nil){
+		if(req) return mkel(mkcont(mkseq(
+			mkel(mkoid((Ints*)&oid_extensionRequest),
+			mkel(mkset(mkel(mkseq(xl), nil)), nil))), 0), nil);
+		return mkel(mkcont(mkseq(xl), 3), nil);
+	}
+	return nil;
+}
+static char*
+splitalts(char *s)
+{
+	int q;
+	for(q = 0; *s != '\0'; s++){
+		if(*s == '\'')
+			q ^= 1;
+		else if(q == 0 && *s == ','){
+			*s++ = 0;
+			return s;
+		}
+	}
+	return nil;
+}
+static Bytes*
+encode_rsapubkey(RSApub *pk)
+{
+	Bytes *b = nil;
-	pubkey = mkseq(
+	Elem e = mkseq(
-		mkel(mkalg(ALG_rsaEncryption),
+		mkel(mkbigint(pk->n),
-		mkel(mkbits(pkbytes->data, pkbytes->len),
+		mkel(mpsignif(pk->ek)<32 ? mkint(mptoi(pk->ek)) : mkbigint(pk->ek),
 		nil)));
+	encode(e, &b);
-	freebytes(pkbytes);
+	freevalfields(&e.val);
+	return b;
+}
+int
-	if(encode(pubkey, &pkbytes) != ASN_OK)
+asn1encodeRSApub(RSApub *pk, uchar *buf, int len)
+{
+	Bytes *b = encode_rsapubkey(pk);
+	if(b == nil)
-		goto errret;
+		return -1;
-	if(keylen)
+	if(b->len > len){
-		*keylen = pkbytes->len;
+		freebytes(b);
-	key = malloc(pkbytes->len);
+		werrstr("buffer too small");
+		return -1;
+	}
-	memmove(key, pkbytes->data, pkbytes->len);
+	memmove(buf, b->data, len = b->len);
-	free(pkbytes);
+	freebytes(b);
-errret:
-	freevalfields(&pubkey.val);
-	return key;
+	return len;
+}
 uchar*
-X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen)
+X509rsagen(RSApriv *priv, char *subj, ulong valid[2], int *certlen)
+{
-	int serial = 0;
+	int serial = 0, sigalg = ALG_sha256WithRSAEncryption;
 	uchar *cert = nil;
-	RSApub *pk = rsaprivtopub(priv);
 	Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
-	Elem e, certinfo, issuer, subject, pubkey, validity, sig;
+	Elem e, certinfo;
+	DigestAlg *da;
-	uchar digest[MD5dlen], *buf;
+	uchar digest[MAXdlen], *buf;
 	int buflen;
 	mpint *pkcs1;
+	char *alts;
+	if((pkbytes = encode_rsapubkey(&priv->pub)) == nil)
+		return nil;
+	subj = estrdup(subj);
+	alts = splitalts(subj);
-	e.val.tag = VInt;  /* so freevalfields at errret is no-op */
-	issuer = mkDN(subj);
-	subject = mkDN(subj);
-	pubkey = mkseq(mkel(mkbigint(pk->n),mkel(mkint(mptoi(pk->ek)),nil)));
-	if(encode(pubkey, &pkbytes) != ASN_OK)
-		goto errret;
-	freevalfields(&pubkey.val);
-	pubkey = mkseq(
-		mkel(mkalg(ALG_rsaEncryption),
-		mkel(mkbits(pkbytes->data, pkbytes->len),
-		nil)));
-	freebytes(pkbytes);
-	validity = mkseq(
-		mkel(mkutc(valid[0]),
-		mkel(mkutc(valid[1]),
-		nil)));
-	certinfo = mkseq(
-		mkel(mkint(serial),
-		mkel(mkalg(ALG_md5WithRSAEncryption),
-		mkel(issuer,
-		mkel(validity,
-		mkel(subject,
-		mkel(pubkey,
-		nil)))))));
-	if(encode(certinfo, &certinfobytes) != ASN_OK)
-		goto errret;
-	md5(certinfobytes->data, certinfobytes->len, digest, 0);
-	freebytes(certinfobytes);
-	sig = mkseq(
-		mkel(mkalg(ALG_md5),
-		mkel(mkoctet(digest, MD5dlen),
-		nil)));
-	if(encode(sig, &sigbytes) != ASN_OK)
-		goto errret;
-	pkcs1 = pkcs1pad(sigbytes, pk->n);
-	freebytes(sigbytes);
-	rsadecrypt(priv, pkcs1, pkcs1);
-	buflen = mptobe(pkcs1, nil, 0, &buf);
-	mpfree(pkcs1);
 	e = mkseq(
+		mkel(mkcont(mkint(2), 0),
+		mkel(mkint(serial),
+		mkel(mkalg(sigalg),
+		mkel(mkDN(subj),
+		mkel(mkseq(
+			mkel(mkutc(valid[0]),
+			mkel(mkutc(valid[1]),
+			nil))),
+		mkel(mkDN(subj),
+		mkel(mkseq(
+			mkel(mkalg(ALG_rsaEncryption),
+			mkel(mkbits(pkbytes->data, pkbytes->len),
+			nil))),
+		mkextensions(alts, 0)))))))));
+	freebytes(pkbytes);
+	if(encode(e, &certinfobytes) != ASN_OK)
+		goto errret;
+	da = digestalg[sigalg];
+	(*da->fun)(certinfobytes->data, certinfobytes->len, digest, 0);
+	freebytes(certinfobytes);
+	certinfo = e;
+	sigbytes = encode_digest(da, digest);
+	if(sigbytes == nil)
+		goto errret;
+	pkcs1 = pkcs1padbuf(sigbytes->data, sigbytes->len, priv->pub.n, 1);
+	freebytes(sigbytes);
+	if(pkcs1 == nil)
+		goto errret;
+	rsadecrypt(priv, pkcs1, pkcs1);
+	buflen = mptobe(pkcs1, nil, 0, &buf);
+	mpfree(pkcs1);
+	e = mkseq(
 		mkel(certinfo,
-		mkel(mkalg(ALG_md5WithRSAEncryption),
+		mkel(mkalg(sigalg),
 		mkel(mkbits(buf, buflen),
 		nil))));
 	free(buf);
 	if(encode(e, &certbytes) != ASN_OK)
 		goto errret;
-	if(certlen)
+	if(certlen != nil)
 		*certlen = certbytes->len;
-	cert = certbytes->data;
+	cert = (uchar*)certbytes;
+	memmove(cert, certbytes->data, certbytes->len);
 errret:
 	freevalfields(&e.val);
+	free(subj);
 	return cert;
+}
 uchar*
-X509req(RSApriv *priv, char *subj, int *certlen)
+X509rsareq(RSApriv *priv, char *subj, int *certlen)
+{
 	/* RFC 2314, PKCS #10 Certification Request Syntax */
-	int version = 0;
+	int version = 0, sigalg = ALG_sha256WithRSAEncryption;
 	uchar *cert = nil;
-	RSApub *pk = rsaprivtopub(priv);
 	Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
-	Elem e, certinfo, subject, pubkey, sig;
+	Elem e, certinfo;
+	DigestAlg *da;
-	uchar digest[MD5dlen], *buf;
+	uchar digest[MAXdlen], *buf;
 	int buflen;
 	mpint *pkcs1;
+	char *alts;
-	e.val.tag = VInt;  /* so freevalfields at errret is no-op */
-	subject = mkDN(subj);
-	pubkey = mkseq(mkel(mkbigint(pk->n),mkel(mkint(mptoi(pk->ek)),nil)));
-	if(encode(pubkey, &pkbytes) != ASN_OK)
+	if((pkbytes = encode_rsapubkey(&priv->pub)) == nil)
-		goto errret;
+		return nil;
-	freevalfields(&pubkey.val);
-	pubkey = mkseq(
+	subj = estrdup(subj);
-		mkel(mkalg(ALG_rsaEncryption),
-		mkel(mkbits(pkbytes->data, pkbytes->len),
+	alts = splitalts(subj);
-		nil)));
-	freebytes(pkbytes);
-	certinfo = mkseq(
+	e = mkseq(
 		mkel(mkint(version),
-		mkel(subject,
+		mkel(mkDN(subj),
-		mkel(pubkey,
+		mkel(mkseq(
+			mkel(mkalg(ALG_rsaEncryption),
+			mkel(mkbits(pkbytes->data, pkbytes->len),
-		nil))));
+			nil))),
+		mkextensions(alts, 1)))));
+	freebytes(pkbytes);
-	if(encode(certinfo, &certinfobytes) != ASN_OK)
+	if(encode(e, &certinfobytes) != ASN_OK)
 		goto errret;
+	da = digestalg[sigalg];
-	md5(certinfobytes->data, certinfobytes->len, digest, 0);
+	(*da->fun)(certinfobytes->data, certinfobytes->len, digest, 0);
 	freebytes(certinfobytes);
-	sig = mkseq(
+	certinfo = e;
-		mkel(mkalg(ALG_md5),
-		mkel(mkoctet(digest, MD5dlen),
+	sigbytes = encode_digest(da, digest);
-		nil)));
-	if(encode(sig, &sigbytes) != ASN_OK)
+	if(sigbytes == nil)
 		goto errret;
-	pkcs1 = pkcs1pad(sigbytes, pk->n);
+	pkcs1 = pkcs1padbuf(sigbytes->data, sigbytes->len, priv->pub.n, 1);
 	freebytes(sigbytes);
+	if(pkcs1 == nil)
+		goto errret;
 	rsadecrypt(priv, pkcs1, pkcs1);
 	buflen = mptobe(pkcs1, nil, 0, &buf);
 	mpfree(pkcs1);
 	e = mkseq(
 		mkel(certinfo,
-		mkel(mkalg(ALG_md5),
+		mkel(mkalg(sigalg),
 		mkel(mkbits(buf, buflen),
 		nil))));
 	free(buf);
 	if(encode(e, &certbytes) != ASN_OK)
 		goto errret;
-	if(certlen)
+	if(certlen != nil)
 		*certlen = certbytes->len;
-	cert = certbytes->data;
+	cert = (uchar*)certbytes;
+	memmove(cert, certbytes->data, certbytes->len);
 errret:
 	freevalfields(&e.val);
+	free(subj);
 	return cert;
+}
+static void
+digestSPKI(int alg, uchar *pubkey, int npubkey, DigestState* (*fun)(uchar*, ulong, uchar*, DigestState*), uchar *digest)
+{
+	Bytes *b = nil;
+	Elem e = mkseq(mkel(mkalg(alg), mkel(mkbits(pubkey, npubkey), nil)));
+	encode(e, &b);
+	freevalfields(&e.val);
+	(*fun)(b->data, b->len, digest, nil);
+	freebytes(b);
+}
+int
+X509digestSPKI(uchar *cert, int ncert, DigestState* (*fun)(uchar*, ulong, uchar*, DigestState*), uchar *digest)
+{
+	CertX509 *c;
+	c = decode_cert(cert, ncert);
+	if(c == nil){
+		werrstr("cannot decode cert");
+		return -1;
+	}
+	digestSPKI(c->publickey_alg, c->publickey->data, c->publickey->len, fun, digest);
+	freecert(c);
+	return 0;
+}
 static char*
 tagdump(Tag tag)
+{
+	static char buf[32];
-	if(tag.class != Universal)
+	if(tag.class != Universal){
-		return smprint("class%d,num%d", tag.class, tag.num);
+		snprint(buf, sizeof(buf), "class%d,num%d", tag.class, tag.num);
+		return buf;
+	}
 	switch(tag.num){
 	case BOOLEAN: return "BOOLEAN";
 	case INTEGER: return "INTEGER";
 	case BIT_STRING: return "BIT STRING";
 	case OCTET_STRING: return "OCTET STRING";
 	case VisibleString: return "VisibleString";
 	case GeneralString: return "GeneralString";
 	case UniversalString: return "UniversalString";
 	case BMPString: return "BMPString";
 	default:
-		return smprint("Universal,num%d", tag.num);
+		snprint(buf, sizeof(buf), "Universal,num%d", tag.num);
+		return buf;
+	}
+}
 static void
 edump(Elem e)
 	case VInt: print("Int %d",v.u.intval); break;
 	case VOctets: print("Octets[%d] %.2x%.2x...",v.u.octetsval->len,v.u.octetsval->data[0],v.u.octetsval->data[1]); break;
 	case VBigInt: print("BigInt[%d] %.2x%.2x...",v.u.bigintval->len,v.u.bigintval->data[0],v.u.bigintval->data[1]); break;
 	case VReal: print("Real..."); break;
 	case VOther: print("Other..."); break;
-	case VBitString: print("BitString");
-		for(i = 0; i<v.u.bitstringval->len; i++)
-			print(" %02x", v.u.bitstringval->data[i]);
+	case VBitString: print("BitString[%d]...", v.u.bitstringval->len*8 - v.u.bitstringval->unusedbits); break;
-		break;
 	case VNull: print("Null"); break;
 	case VEOC: print("EOC..."); break;
 	case VObjId: print("ObjId");
 		for(i = 0; i<v.u.objidval->len; i++)
 			print(" %d", v.u.objidval->data[i]);
 void
 X509dump(uchar *cert, int ncert)
+{
 	char *e;
-	Bytes *b;
 	CertX509 *c;
-	RSApub *pk;
+	RSApub *rsapub;
+	ECpub *ecpub;
+	ECdomain ecdom;
-	uchar digest[SHA1dlen];
+	int digestlen;
-	Elem *sigalg;
+	uchar digest[MAXdlen];
 	print("begin X509dump\n");
-	b = makebytes(cert, ncert);
+	c = decode_cert(cert, ncert);
-	c = decode_cert(b);
-	if(c != nil)
-		digest_certinfo(b, digestalg[c->signature_alg], digest);
-	freebytes(b);
 	if(c == nil){
-		print("cannot decode cert");
+		print("cannot decode cert\n");
+		return;
+	}
+	digestlen = digest_certinfo(cert, ncert, digestalg[c->signature_alg], digest);
+	if(digestlen <= 0){
+		freecert(c);
+		print("cannot decode certinfo\n");
 		return;
+	}
 	print("serial %d\n", c->serial);
 	print("issuer %s\n", c->issuer);
 	print("validity %s %s\n", c->validity_start, c->validity_end);
 	print("subject %s\n", c->subject);
-	pk = decode_rsapubkey(c->publickey);
+	print("sigalg=%d digest=%.*H\n", c->signature_alg, digestlen, digest);
-	print("pubkey e=%B n(%d)=%B\n", pk->ek, mpsignif(pk->n), pk->n);
+	print("publickey_alg=%d pubkey[%d] %.*H\n", c->publickey_alg, c->publickey->len,
+		c->publickey->len, c->publickey->data);
+	switch(c->publickey_alg){
+	case ALG_rsaEncryption:
+		rsapub = asn1toRSApub(c->publickey->data, c->publickey->len);
+		if(rsapub != nil){
-	print("sigalg=%d digest=%.*H\n", c->signature_alg, MD5dlen, digest);
+			print("rsa pubkey e=%B n(%d)=%B\n", rsapub->ek, mpsignif(rsapub->n), rsapub->n);
-	e = verify_signature(c->signature, pk, digest, &sigalg);
+			e = X509rsaverifydigest(c->signature->data, c->signature->len,
+				digest, digestlen, rsapub);
-	if(e==nil){
+			if(e==nil)
-		e = "nil (meaning ok)";
+				e = "nil (meaning ok)";
+			print("self-signed X509rsaverifydigest returns: %s\n", e);
+			rsapubfree(rsapub);
+		}
+		break;
+	case ALG_ecPublicKey:
+		ecdominit(&ecdom, namedcurves[c->curve]);
+		ecpub = ecdecodepub(&ecdom, c->publickey->data, c->publickey->len);
-		print("sigalg=\n");
+		if(ecpub != nil){
+			e = X509ecdsaverifydigest(c->signature->data, c->signature->len,
+				digest, digestlen, &ecdom, ecpub);
-		if(sigalg)
+			if(e==nil)
+				e = "nil (meaning ok)";
+			print("self-signed X509ecdsaverifydigest returns: %s\n", e);
-			edump(*sigalg);
+			ecpubfree(ecpub);
+		}
+		ecdomfree(&ecdom);
+		break;
+	}
-	print("self-signed verify_signature returns: %s\n", e);
+	digestSPKI(c->publickey_alg, c->publickey->data, c->publickey->len, sha2_256, digest);
+	print("publickey_thumbprint sha256=%.*[\n", SHA2_256dlen, digest);
+	sha2_256(cert, ncert, digest, nil);
+	print("cert_thumbprint sha256=%.*[\n", SHA2_256dlen, digest);
-	rsapubfree(pk);
+	sha1(cert, ncert, digest, nil);
+	print("cert_thumbprint sha1=%.*H\n", SHA1dlen, digest);
 	freecert(c);
 	print("end X509dump\n");
+}

Subversion Repositories planix.SVN

(root)/os/branches/feature_tlsv12/sys/src/libsec/port/x509.c – Rev 22 → 26