1 #include <u.h>
2 #include <libc.h>
3 #include <mp.h>
4 #include <libsec.h>
5
6 typedef DigestState*(*DigestFun)(uchar*,ulong,uchar*,DigestState*);
7
8 /* ANSI offsetof, backwards. */
9 #define OFFSETOF(a, b) offsetof(b, a)
10
11 /*=============================================================*/
12 /* general ASN1 declarations and parsing
13 *
14 * For now, this is used only for extracting the key from an
15 * X509 certificate, so the entire collection is hidden. But
16 * someday we should probably make the functions visible and
17 * give them their own man page.
18 */
19 typedef struct Elem Elem;
20 typedef struct Tag Tag;
21 typedef struct Value Value;
22 typedef struct Bytes Bytes;
23 typedef struct Ints Ints;
24 typedef struct Bits Bits;
25 typedef struct Elist Elist;
26
27 /* tag classes */
28 #define Universal 0
29 #define Context 0x80
30
31 /* universal tags */
32 #define BOOLEAN 1
33 #define INTEGER 2
34 #define BIT_STRING 3
35 #define OCTET_STRING 4
36 #define NULLTAG 5
37 #define OBJECT_ID 6
38 #define ObjectDescriptor 7
39 #define EXTERNAL 8
40 #define REAL 9
41 #define ENUMERATED 10
42 #define EMBEDDED_PDV 11
43 #define SEQUENCE 16 /* also SEQUENCE OF */
44 #define SETOF 17 /* also SETOF OF */
45 #define NumericString 18
46 #define PrintableString 19
47 #define TeletexString 20
48 #define VideotexString 21
49 #define IA5String 22
50 #define UTCTime 23
51 #define GeneralizedTime 24
52 #define GraphicString 25
53 #define VisibleString 26
54 #define GeneralString 27
55 #define UniversalString 28
56 #define BMPString 30
57
58 struct Bytes {
59 int len;
60 uchar data[1];
61 };
62
63 struct Ints {
64 int len;
65 int data[1];
66 };
67
68 struct Bits {
69 int len; /* number of bytes */
70 int unusedbits; /* unused bits in last byte */
71 uchar data[1]; /* most-significant bit first */
72 };
73
74 struct Tag {
75 int class;
76 int num;
77 };
78
79 enum { VBool, VInt, VOctets, VBigInt, VReal, VOther,
80 VBitString, VNull, VEOC, VObjId, VString, VSeq, VSet };
81 struct Value {
82 int tag; /* VBool, etc. */
83 union {
84 int boolval;
85 int intval;
86 Bytes* octetsval;
87 Bytes* bigintval;
88 Bytes* realval; /* undecoded; hardly ever used */
89 Bytes* otherval;
90 Bits* bitstringval;
91 Ints* objidval;
92 char* stringval;
93 Elist* seqval;
94 Elist* setval;
95 } u; /* (Don't use anonymous unions, for ease of porting) */
96 };
97
98 struct Elem {
99 Tag tag;
100 Value val;
101 };
102
103 struct Elist {
104 Elist* tl;
105 Elem hd;
106 };
107
108 /* decoding errors */
109 enum { ASN_OK, ASN_ESHORT, ASN_ETOOBIG, ASN_EVALLEN,
110 ASN_ECONSTR, ASN_EPRIM, ASN_EINVAL, ASN_EUNIMPL };
111
112
113 /* here are the functions to consider making extern someday */
114 static Bytes* newbytes(int len);
115 static Bytes* makebytes(uchar* buf, int len);
116 static void freebytes(Bytes* b);
117 static Bytes* catbytes(Bytes* b1, Bytes* b2);
118 static Ints* newints(int len);
119 static Ints* makeints(int* buf, int len);
120 static void freeints(Ints* b);
121 static Bits* newbits(int len);
122 static Bits* makebits(uchar* buf, int len, int unusedbits);
123 static void freebits(Bits* b);
124 static Elist* mkel(Elem e, Elist* tail);
125 static void freeelist(Elist* el);
126 static int elistlen(Elist* el);
127 static int is_seq(Elem* pe, Elist** pseq);
128 static int is_set(Elem* pe, Elist** pset);
129 static int is_int(Elem* pe, int* pint);
130 static int is_bigint(Elem* pe, Bytes** pbigint);
131 static int is_bitstring(Elem* pe, Bits** pbits);
132 static int is_octetstring(Elem* pe, Bytes** poctets);
133 static int is_oid(Elem* pe, Ints** poid);
134 static int is_string(Elem* pe, char** pstring);
135 static int is_time(Elem* pe, char** ptime);
136 static int decode(uchar* a, int alen, Elem* pelem);
137 static int decode_seq(uchar* a, int alen, Elist** pelist);
138 static int decode_value(uchar* a, int alen, int kind, int isconstr, Value* pval);
139 static int encode(Elem e, Bytes** pbytes);
140 static int oid_lookup(Ints* o, Ints** tab);
141 static void freevalfields(Value* v);
142 static mpint *asn1mpint(Elem *e);
143
144
145
146 #define TAG_MASK 0x1F
147 #define CONSTR_MASK 0x20
148 #define CLASS_MASK 0xC0
149 #define MAXOBJIDLEN 20
150
151 static int ber_decode(uchar** pp, uchar* pend, Elem* pelem);
152 static int tag_decode(uchar** pp, uchar* pend, Tag* ptag, int* pisconstr);
153 static int length_decode(uchar** pp, uchar* pend, int* plength);
154 static int value_decode(uchar** pp, uchar* pend, int length, int kind, int isconstr, Value* pval);
155 static int int_decode(uchar** pp, uchar* pend, int count, int unsgned, int* pint);
156 static int uint7_decode(uchar** pp, uchar* pend, int* pint);
157 static int octet_decode(uchar** pp, uchar* pend, int length, int isconstr, Bytes** pbytes);
158 static int seq_decode(uchar** pp, uchar* pend, int length, int isconstr, Elist** pelist);
159 static int enc(uchar** pp, Elem e, int lenonly);
160 static int val_enc(uchar** pp, Elem e, int *pconstr, int lenonly);
161 static void uint7_enc(uchar** pp, int num, int lenonly);
162 static void int_enc(uchar** pp, int num, int unsgned, int lenonly);
163
164 static void *
emalloc(int n)165 emalloc(int n)
166 {
167 void *p;
168 if(n==0)
169 n=1;
170 p = malloc(n);
171 if(p == nil){
172 exits("out of memory");
173 }
174 memset(p, 0, n);
175 return p;
176 }
177
178 static char*
estrdup(char * s)179 estrdup(char *s)
180 {
181 char *d, *d0;
182
183 if(!s)
184 return 0;
185 d = d0 = emalloc(strlen(s)+1);
186 while(*d++ = *s++)
187 ;
188 return d0;
189 }
190
191
192 /*
193 * Decode a[0..len] as a BER encoding of an ASN1 type.
194 * The return value is one of ASN_OK, etc.
195 * Depending on the error, the returned elem may or may not
196 * be nil.
197 */
198 static int
decode(uchar * a,int alen,Elem * pelem)199 decode(uchar* a, int alen, Elem* pelem)
200 {
201 uchar* p = a;
202
203 return ber_decode(&p, &a[alen], pelem);
204 }
205
206 /*
207 * Like decode, but continue decoding after first element
208 * of array ends.
209 */
210 static int
decode_seq(uchar * a,int alen,Elist ** pelist)211 decode_seq(uchar* a, int alen, Elist** pelist)
212 {
213 uchar* p = a;
214
215 return seq_decode(&p, &a[alen], -1, 1, pelist);
216 }
217
218 /*
219 * Decode the whole array as a BER encoding of an ASN1 value,
220 * (i.e., the part after the tag and length).
221 * Assume the value is encoded as universal tag "kind".
222 * The constr arg is 1 if the value is constructed, 0 if primitive.
223 * If there's an error, the return string will contain the error.
224 * Depending on the error, the returned value may or may not
225 * be nil.
226 */
227 static int
decode_value(uchar * a,int alen,int kind,int isconstr,Value * pval)228 decode_value(uchar* a, int alen, int kind, int isconstr, Value* pval)
229 {
230 uchar* p = a;
231
232 return value_decode(&p, &a[alen], alen, kind, isconstr, pval);
233 }
234
235 /*
236 * All of the following decoding routines take arguments:
237 * uchar **pp;
238 * uchar *pend;
239 * Where parsing is supposed to start at **pp, and when parsing
240 * is done, *pp is updated to point at next char to be parsed.
241 * The pend pointer is just past end of string; an error should
242 * be returned parsing hasn't finished by then.
243 *
244 * The returned int is ASN_OK if all went fine, else ASN_ESHORT, etc.
245 * The remaining argument(s) are pointers to where parsed entity goes.
246 */
247
248 /* Decode an ASN1 'Elem' (tag, length, value) */
249 static int
ber_decode(uchar ** pp,uchar * pend,Elem * pelem)250 ber_decode(uchar** pp, uchar* pend, Elem* pelem)
251 {
252 int err;
253 int isconstr;
254 int length;
255 Tag tag;
256 Value val;
257
258 err = tag_decode(pp, pend, &tag, &isconstr);
259 if(err == ASN_OK) {
260 err = length_decode(pp, pend, &length);
261 if(err == ASN_OK) {
262 if(tag.class == Universal)
263 err = value_decode(pp, pend, length, tag.num, isconstr, &val);
264 else
265 err = value_decode(pp, pend, length, OCTET_STRING, 0, &val);
266 if(err == ASN_OK) {
267 pelem->tag = tag;
268 pelem->val = val;
269 }
270 }
271 }
272 return err;
273 }
274
275 /* Decode a tag field */
276 static int
tag_decode(uchar ** pp,uchar * pend,Tag * ptag,int * pisconstr)277 tag_decode(uchar** pp, uchar* pend, Tag* ptag, int* pisconstr)
278 {
279 int err;
280 int v;
281 uchar* p;
282
283 err = ASN_OK;
284 p = *pp;
285 if(pend-p >= 2) {
286 v = *p++;
287 ptag->class = v&CLASS_MASK;
288 if(v&CONSTR_MASK)
289 *pisconstr = 1;
290 else
291 *pisconstr = 0;
292 v &= TAG_MASK;
293 if(v == TAG_MASK)
294 err = uint7_decode(&p, pend, &v);
295 ptag->num = v;
296 }
297 else
298 err = ASN_ESHORT;
299 *pp = p;
300 return err;
301 }
302
303 /* Decode a length field */
304 static int
length_decode(uchar ** pp,uchar * pend,int * plength)305 length_decode(uchar** pp, uchar* pend, int* plength)
306 {
307 int err;
308 int num;
309 int v;
310 uchar* p;
311
312 err = ASN_OK;
313 num = 0;
314 p = *pp;
315 if(p < pend) {
316 v = *p++;
317 if(v&0x80)
318 err = int_decode(&p, pend, v&0x7F, 1, &num);
319 else if(v == 0x80)
320 num = -1;
321 else
322 num = v;
323 }
324 else
325 err = ASN_ESHORT;
326 *pp = p;
327 *plength = num;
328 return err;
329 }
330
331 /* Decode a value field */
332 static int
value_decode(uchar ** pp,uchar * pend,int length,int kind,int isconstr,Value * pval)333 value_decode(uchar** pp, uchar* pend, int length, int kind, int isconstr, Value* pval)
334 {
335 int err;
336 Bytes* va;
337 int num;
338 int bitsunused;
339 int subids[MAXOBJIDLEN];
340 int isubid;
341 Elist* vl;
342 uchar* p;
343 uchar* pe;
344
345 err = ASN_OK;
346 p = *pp;
347 if(length == -1) { /* "indefinite" length spec */
348 if(!isconstr)
349 err = ASN_EINVAL;
350 }
351 else if(p + length > pend)
352 err = ASN_EVALLEN;
353 if(err != ASN_OK)
354 return err;
355
356 switch(kind) {
357 case 0:
358 /* marker for end of indefinite constructions */
359 if(length == 0)
360 pval->tag = VNull;
361 else
362 err = ASN_EINVAL;
363 break;
364
365 case BOOLEAN:
366 if(isconstr)
367 err = ASN_ECONSTR;
368 else if(length != 1)
369 err = ASN_EVALLEN;
370 else {
371 pval->tag = VBool;
372 pval->u.boolval = (*p++ != 0);
373 }
374 break;
375
376 case INTEGER:
377 case ENUMERATED:
378 if(isconstr)
379 err = ASN_ECONSTR;
380 else if(length <= 4) {
381 err = int_decode(&p, pend, length, 0, &num);
382 if(err == ASN_OK) {
383 pval->tag = VInt;
384 pval->u.intval = num;
385 }
386 }
387 else {
388 pval->tag = VBigInt;
389 pval->u.bigintval = makebytes(p, length);
390 p += length;
391 }
392 break;
393
394 case BIT_STRING:
395 pval->tag = VBitString;
396 if(isconstr) {
397 if(length == -1 && p + 2 <= pend && *p == 0 && *(p+1) ==0) {
398 pval->u.bitstringval = makebits(0, 0, 0);
399 p += 2;
400 }
401 else
402 /* TODO: recurse and concat results */
403 err = ASN_EUNIMPL;
404 }
405 else {
406 if(length < 2) {
407 if(length == 1 && *p == 0) {
408 pval->u.bitstringval = makebits(0, 0, 0);
409 p++;
410 }
411 else
412 err = ASN_EINVAL;
413 }
414 else {
415 bitsunused = *p;
416 if(bitsunused > 7)
417 err = ASN_EINVAL;
418 else if(length > 0x0FFFFFFF)
419 err = ASN_ETOOBIG;
420 else {
421 pval->u.bitstringval = makebits(p+1, length-1, bitsunused);
422 p += length;
423 }
424 }
425 }
426 break;
427
428 case OCTET_STRING:
429 case ObjectDescriptor:
430 err = octet_decode(&p, pend, length, isconstr, &va);
431 if(err == ASN_OK) {
432 pval->tag = VOctets;
433 pval->u.octetsval = va;
434 }
435 break;
436
437 case NULLTAG:
438 if(isconstr)
439 err = ASN_ECONSTR;
440 else if(length != 0)
441 err = ASN_EVALLEN;
442 else
443 pval->tag = VNull;
444 break;
445
446 case OBJECT_ID:
447 if(isconstr)
448 err = ASN_ECONSTR;
449 else if(length == 0)
450 err = ASN_EVALLEN;
451 else {
452 isubid = 0;
453 pe = p+length;
454 while(p < pe && isubid < MAXOBJIDLEN) {
455 err = uint7_decode(&p, pend, &num);
456 if(err != ASN_OK)
457 break;
458 if(isubid == 0) {
459 subids[isubid++] = num / 40;
460 subids[isubid++] = num % 40;
461 }
462 else
463 subids[isubid++] = num;
464 }
465 if(err == ASN_OK) {
466 if(p != pe)
467 err = ASN_EVALLEN;
468 else {
469 pval->tag = VObjId;
470 pval->u.objidval = makeints(subids, isubid);
471 }
472 }
473 }
474 break;
475
476 case EXTERNAL:
477 case EMBEDDED_PDV:
478 /* TODO: parse this internally */
479 if(p+length > pend)
480 err = ASN_EVALLEN;
481 else {
482 pval->tag = VOther;
483 pval->u.otherval = makebytes(p, length);
484 p += length;
485 }
486 break;
487
488 case REAL:
489 /* Let the application decode */
490 if(isconstr)
491 err = ASN_ECONSTR;
492 else if(p+length > pend)
493 err = ASN_EVALLEN;
494 else {
495 pval->tag = VReal;
496 pval->u.realval = makebytes(p, length);
497 p += length;
498 }
499 break;
500
501 case SEQUENCE:
502 err = seq_decode(&p, pend, length, isconstr, &vl);
503 if(err == ASN_OK) {
504 pval->tag = VSeq ;
505 pval->u.seqval = vl;
506 }
507 break;
508
509 case SETOF:
510 err = seq_decode(&p, pend, length, isconstr, &vl);
511 if(err == ASN_OK) {
512 pval->tag = VSet;
513 pval->u.setval = vl;
514 }
515 break;
516
517 case NumericString:
518 case PrintableString:
519 case TeletexString:
520 case VideotexString:
521 case IA5String:
522 case UTCTime:
523 case GeneralizedTime:
524 case GraphicString:
525 case VisibleString:
526 case GeneralString:
527 case UniversalString:
528 case BMPString:
529 /* TODO: figure out when character set conversion is necessary */
530 err = octet_decode(&p, pend, length, isconstr, &va);
531 if(err == ASN_OK) {
532 pval->tag = VString;
533 pval->u.stringval = (char*)emalloc(va->len+1);
534 memmove(pval->u.stringval, va->data, va->len);
535 pval->u.stringval[va->len] = 0;
536 free(va);
537 }
538 break;
539
540 default:
541 if(p+length > pend)
542 err = ASN_EVALLEN;
543 else {
544 pval->tag = VOther;
545 pval->u.otherval = makebytes(p, length);
546 p += length;
547 }
548 break;
549 }
550 *pp = p;
551 return err;
552 }
553
554 /*
555 * Decode an int in format where count bytes are
556 * concatenated to form value.
557 * Although ASN1 allows any size integer, we return
558 * an error if the result doesn't fit in a 32-bit int.
559 * If unsgned is not set, make sure to propagate sign bit.
560 */
561 static int
int_decode(uchar ** pp,uchar * pend,int count,int unsgned,int * pint)562 int_decode(uchar** pp, uchar* pend, int count, int unsgned, int* pint)
563 {
564 int err;
565 int num;
566 uchar* p;
567
568 p = *pp;
569 err = ASN_OK;
570 num = 0;
571 if(p+count <= pend) {
572 if((count > 4) || (unsgned && count == 4 && (*p&0x80)))
573 err = ASN_ETOOBIG;
574 else {
575 if(!unsgned && count > 0 && count < 4 && (*p&0x80))
576 num = -1; // set all bits, initially
577 while(count--)
578 num = (num << 8)|(*p++);
579 }
580 }
581 else
582 err = ASN_ESHORT;
583 *pint = num;
584 *pp = p;
585 return err;
586 }
587
588 /*
589 * Decode an unsigned int in format where each
590 * byte except last has high bit set, and remaining
591 * seven bits of each byte are concatenated to form value.
592 * Although ASN1 allows any size integer, we return
593 * an error if the result doesn't fit in a 32 bit int.
594 */
595 static int
uint7_decode(uchar ** pp,uchar * pend,int * pint)596 uint7_decode(uchar** pp, uchar* pend, int* pint)
597 {
598 int err;
599 int num;
600 int more;
601 int v;
602 uchar* p;
603
604 p = *pp;
605 err = ASN_OK;
606 num = 0;
607 more = 1;
608 while(more && p < pend) {
609 v = *p++;
610 if(num&0x7F000000) {
611 err = ASN_ETOOBIG;
612 break;
613 }
614 num <<= 7;
615 more = v&0x80;
616 num |= (v&0x7F);
617 }
618 if(p == pend)
619 err = ASN_ESHORT;
620 *pint = num;
621 *pp = p;
622 return err;
623 }
624
625 /*
626 * Decode an octet string, recursively if isconstr.
627 * We've already checked that length==-1 implies isconstr==1,
628 * and otherwise that specified length fits within (*pp..pend)
629 */
630 static int
octet_decode(uchar ** pp,uchar * pend,int length,int isconstr,Bytes ** pbytes)631 octet_decode(uchar** pp, uchar* pend, int length, int isconstr, Bytes** pbytes)
632 {
633 int err;
634 uchar* p;
635 Bytes* ans;
636 Bytes* newans;
637 uchar* pstart;
638 uchar* pold;
639 Elem elem;
640
641 err = ASN_OK;
642 p = *pp;
643 ans = nil;
644 if(length >= 0 && !isconstr) {
645 ans = makebytes(p, length);
646 p += length;
647 }
648 else {
649 /* constructed, either definite or indefinite length */
650 pstart = p;
651 for(;;) {
652 if(length >= 0 && p >= pstart + length) {
653 if(p != pstart + length)
654 err = ASN_EVALLEN;
655 break;
656 }
657 pold = p;
658 err = ber_decode(&p, pend, &elem);
659 if(err != ASN_OK)
660 break;
661 switch(elem.val.tag) {
662 case VOctets:
663 newans = catbytes(ans, elem.val.u.octetsval);
664 freebytes(ans);
665 ans = newans;
666 break;
667
668 case VEOC:
669 if(length != -1) {
670 p = pold;
671 err = ASN_EINVAL;
672 }
673 goto cloop_done;
674
675 default:
676 p = pold;
677 err = ASN_EINVAL;
678 goto cloop_done;
679 }
680 }
681 cloop_done:
682 ;
683 }
684 *pp = p;
685 *pbytes = ans;
686 return err;
687 }
688
689 /*
690 * Decode a sequence or set.
691 * We've already checked that length==-1 implies isconstr==1,
692 * and otherwise that specified length fits within (*p..pend)
693 */
694 static int
seq_decode(uchar ** pp,uchar * pend,int length,int isconstr,Elist ** pelist)695 seq_decode(uchar** pp, uchar* pend, int length, int isconstr, Elist** pelist)
696 {
697 int err;
698 uchar* p;
699 uchar* pstart;
700 uchar* pold;
701 Elist* ans;
702 Elem elem;
703 Elist* lve;
704 Elist* lveold;
705
706 err = ASN_OK;
707 ans = nil;
708 p = *pp;
709 if(!isconstr)
710 err = ASN_EPRIM;
711 else {
712 /* constructed, either definite or indefinite length */
713 lve = nil;
714 pstart = p;
715 for(;;) {
716 if(length >= 0 && p >= pstart + length) {
717 if(p != pstart + length)
718 err = ASN_EVALLEN;
719 break;
720 }
721 pold = p;
722 err = ber_decode(&p, pend, &elem);
723 if(err != ASN_OK)
724 break;
725 if(elem.val.tag == VEOC) {
726 if(length != -1) {
727 p = pold;
728 err = ASN_EINVAL;
729 }
730 break;
731 }
732 else
733 lve = mkel(elem, lve);
734 }
735 if(err == ASN_OK) {
736 /* reverse back to original order */
737 while(lve != nil) {
738 lveold = lve;
739 lve = lve->tl;
740 lveold->tl = ans;
741 ans = lveold;
742 }
743 }
744 }
745 *pp = p;
746 *pelist = ans;
747 return err;
748 }
749
750 /*
751 * Encode e by BER rules, putting answer in *pbytes.
752 * This is done by first calling enc with lenonly==1
753 * to get the length of the needed buffer,
754 * then allocating the buffer and using enc again to fill it up.
755 */
756 static int
encode(Elem e,Bytes ** pbytes)757 encode(Elem e, Bytes** pbytes)
758 {
759 uchar* p;
760 Bytes* ans;
761 int err;
762 uchar uc;
763
764 p = &uc;
765 err = enc(&p, e, 1);
766 if(err == ASN_OK) {
767 ans = newbytes(p-&uc);
768 p = ans->data;
769 err = enc(&p, e, 0);
770 *pbytes = ans;
771 }
772 return err;
773 }
774
775 /*
776 * The various enc functions take a pointer to a pointer
777 * into a buffer, and encode their entity starting there,
778 * updating the pointer afterwards.
779 * If lenonly is 1, only the pointer update is done,
780 * allowing enc to be called first to calculate the needed
781 * buffer length.
782 * If lenonly is 0, it is assumed that the answer will fit.
783 */
784
785 static int
enc(uchar ** pp,Elem e,int lenonly)786 enc(uchar** pp, Elem e, int lenonly)
787 {
788 int err;
789 int vlen;
790 int constr;
791 Tag tag;
792 int v;
793 int ilen;
794 uchar* p;
795 uchar* psave;
796
797 p = *pp;
798 err = val_enc(&p, e, &constr, 1);
799 if(err != ASN_OK)
800 return err;
801 vlen = p - *pp;
802 p = *pp;
803 tag = e.tag;
804 v = tag.class|constr;
805 if(tag.num < 31) {
806 if(!lenonly)
807 *p = (v|tag.num);
808 p++;
809 }
810 else {
811 if(!lenonly)
812 *p = (v|31);
813 p++;
814 if(tag.num < 0)
815 return ASN_EINVAL;
816 uint7_enc(&p, tag.num, lenonly);
817 }
818 if(vlen < 0x80) {
819 if(!lenonly)
820 *p = vlen;
821 p++;
822 }
823 else {
824 psave = p;
825 int_enc(&p, vlen, 1, 1);
826 ilen = p-psave;
827 p = psave;
828 if(!lenonly) {
829 *p++ = (0x80 | ilen);
830 int_enc(&p, vlen, 1, 0);
831 }
832 else
833 p += 1 + ilen;
834 }
835 if(!lenonly)
836 val_enc(&p, e, &constr, 0);
837 else
838 p += vlen;
839 *pp = p;
840 return err;
841 }
842
843 static int
val_enc(uchar ** pp,Elem e,int * pconstr,int lenonly)844 val_enc(uchar** pp, Elem e, int *pconstr, int lenonly)
845 {
846 int err;
847 uchar* p;
848 int kind;
849 int cl;
850 int v;
851 Bytes* bb = nil;
852 Bits* bits;
853 Ints* oid;
854 int k;
855 Elist* el;
856 char* s;
857
858 p = *pp;
859 err = ASN_OK;
860 kind = e.tag.num;
861 cl = e.tag.class;
862 *pconstr = 0;
863 if(cl != Universal) {
864 switch(e.val.tag) {
865 case VBool:
866 kind = BOOLEAN;
867 break;
868 case VInt:
869 kind = INTEGER;
870 break;
871 case VBigInt:
872 kind = INTEGER;
873 break;
874 case VOctets:
875 kind = OCTET_STRING;
876 break;
877 case VReal:
878 kind = REAL;
879 break;
880 case VOther:
881 kind = OCTET_STRING;
882 break;
883 case VBitString:
884 kind = BIT_STRING;
885 break;
886 case VNull:
887 kind = NULLTAG;
888 break;
889 case VObjId:
890 kind = OBJECT_ID;
891 break;
892 case VString:
893 kind = UniversalString;
894 break;
895 case VSeq:
896 kind = SEQUENCE;
897 break;
898 case VSet:
899 kind = SETOF;
900 break;
901 }
902 }
903 switch(kind) {
904 case BOOLEAN:
905 if(is_int(&e, &v)) {
906 if(v != 0)
907 v = 255;
908 int_enc(&p, v, 1, lenonly);
909 }
910 else
911 err = ASN_EINVAL;
912 break;
913
914 case INTEGER:
915 case ENUMERATED:
916 if(is_int(&e, &v))
917 int_enc(&p, v, 0, lenonly);
918 else {
919 if(is_bigint(&e, &bb)) {
920 if(!lenonly)
921 memmove(p, bb->data, bb->len);
922 p += bb->len;
923 }
924 else
925 err = ASN_EINVAL;
926 }
927 break;
928
929 case BIT_STRING:
930 if(is_bitstring(&e, &bits)) {
931 if(bits->len == 0) {
932 if(!lenonly)
933 *p = 0;
934 p++;
935 }
936 else {
937 v = bits->unusedbits;
938 if(v < 0 || v > 7)
939 err = ASN_EINVAL;
940 else {
941 if(!lenonly) {
942 *p = v;
943 memmove(p+1, bits->data, bits->len);
944 }
945 p += 1 + bits->len;
946 }
947 }
948 }
949 else
950 err = ASN_EINVAL;
951 break;
952
953 case OCTET_STRING:
954 case ObjectDescriptor:
955 case EXTERNAL:
956 case REAL:
957 case EMBEDDED_PDV:
958 bb = nil;
959 switch(e.val.tag) {
960 case VOctets:
961 bb = e.val.u.octetsval;
962 break;
963 case VReal:
964 bb = e.val.u.realval;
965 break;
966 case VOther:
967 bb = e.val.u.otherval;
968 break;
969 }
970 if(bb != nil) {
971 if(!lenonly)
972 memmove(p, bb->data, bb->len);
973 p += bb->len;
974 }
975 else
976 err = ASN_EINVAL;
977 break;
978
979 case NULLTAG:
980 break;
981
982 case OBJECT_ID:
983 if(is_oid(&e, &oid)) {
984 for(k = 0; k < oid->len; k++) {
985 v = oid->data[k];
986 if(k == 0) {
987 v *= 40;
988 if(oid->len > 1)
989 v += oid->data[++k];
990 }
991 uint7_enc(&p, v, lenonly);
992 }
993 }
994 else
995 err = ASN_EINVAL;
996 break;
997
998 case SEQUENCE:
999 case SETOF:
1000 el = nil;
1001 if(e.val.tag == VSeq)
1002 el = e.val.u.seqval;
1003 else if(e.val.tag == VSet)
1004 el = e.val.u.setval;
1005 else
1006 err = ASN_EINVAL;
1007 if(el != nil) {
1008 *pconstr = CONSTR_MASK;
1009 for(; el != nil; el = el->tl) {
1010 err = enc(&p, el->hd, lenonly);
1011 if(err != ASN_OK)
1012 break;
1013 }
1014 }
1015 break;
1016
1017 case NumericString:
1018 case PrintableString:
1019 case TeletexString:
1020 case VideotexString:
1021 case IA5String:
1022 case UTCTime:
1023 case GeneralizedTime:
1024 case GraphicString:
1025 case VisibleString:
1026 case GeneralString:
1027 case UniversalString:
1028 case BMPString:
1029 if(e.val.tag == VString) {
1030 s = e.val.u.stringval;
1031 if(s != nil) {
1032 v = strlen(s);
1033 if(!lenonly)
1034 memmove(p, s, v);
1035 p += v;
1036 }
1037 }
1038 else
1039 err = ASN_EINVAL;
1040 break;
1041
1042 default:
1043 err = ASN_EINVAL;
1044 }
1045 *pp = p;
1046 return err;
1047 }
1048
1049 /*
1050 * Encode num as unsigned 7 bit values with top bit 1 on all bytes
1051 * except last, only putting in bytes if !lenonly.
1052 */
1053 static void
uint7_enc(uchar ** pp,int num,int lenonly)1054 uint7_enc(uchar** pp, int num, int lenonly)
1055 {
1056 int n;
1057 int v;
1058 int k;
1059 uchar* p;
1060
1061 p = *pp;
1062 n = 1;
1063 v = num >> 7;
1064 while(v > 0) {
1065 v >>= 7;
1066 n++;
1067 }
1068 if(lenonly)
1069 p += n;
1070 else {
1071 for(k = (n - 1)*7; k > 0; k -= 7)
1072 *p++= ((num >> k)|0x80);
1073 *p++ = (num&0x7F);
1074 }
1075 *pp = p;
1076 }
1077
1078 /*
1079 * Encode num as unsigned or signed integer,
1080 * only putting in bytes if !lenonly.
1081 * Encoding is length followed by bytes to concatenate.
1082 */
1083 static void
int_enc(uchar ** pp,int num,int unsgned,int lenonly)1084 int_enc(uchar** pp, int num, int unsgned, int lenonly)
1085 {
1086 int v;
1087 int n;
1088 int prevv;
1089 int k;
1090 uchar* p;
1091
1092 p = *pp;
1093 v = num;
1094 if(v < 0)
1095 v = -(v + 1);
1096 n = 1;
1097 prevv = v;
1098 v >>= 8;
1099 while(v > 0) {
1100 prevv = v;
1101 v >>= 8;
1102 n++;
1103 }
1104 if(!unsgned && (prevv&0x80))
1105 n++;
1106 if(lenonly)
1107 p += n;
1108 else {
1109 for(k = (n - 1)*8; k >= 0; k -= 8)
1110 *p++ = (num >> k);
1111 }
1112 *pp = p;
1113 }
1114
1115 static int
ints_eq(Ints * a,Ints * b)1116 ints_eq(Ints* a, Ints* b)
1117 {
1118 int alen;
1119 int i;
1120
1121 alen = a->len;
1122 if(alen != b->len)
1123 return 0;
1124 for(i = 0; i < alen; i++)
1125 if(a->data[i] != b->data[i])
1126 return 0;
1127 return 1;
1128 }
1129
1130 /*
1131 * Look up o in tab (which must have nil entry to terminate).
1132 * Return index of matching entry, or -1 if none.
1133 */
1134 static int
oid_lookup(Ints * o,Ints ** tab)1135 oid_lookup(Ints* o, Ints** tab)
1136 {
1137 int i;
1138
1139 for(i = 0; tab[i] != nil; i++)
1140 if(ints_eq(o, tab[i]))
1141 return i;
1142 return -1;
1143 }
1144
1145 /*
1146 * Return true if *pe is a SEQUENCE, and set *pseq to
1147 * the value of the sequence if so.
1148 */
1149 static int
is_seq(Elem * pe,Elist ** pseq)1150 is_seq(Elem* pe, Elist** pseq)
1151 {
1152 if(pe->tag.class == Universal && pe->tag.num == SEQUENCE && pe->val.tag == VSeq) {
1153 *pseq = pe->val.u.seqval;
1154 return 1;
1155 }
1156 return 0;
1157 }
1158
1159 static int
is_set(Elem * pe,Elist ** pset)1160 is_set(Elem* pe, Elist** pset)
1161 {
1162 if(pe->tag.class == Universal && pe->tag.num == SETOF && pe->val.tag == VSet) {
1163 *pset = pe->val.u.setval;
1164 return 1;
1165 }
1166 return 0;
1167 }
1168
1169 static int
is_int(Elem * pe,int * pint)1170 is_int(Elem* pe, int* pint)
1171 {
1172 if(pe->tag.class == Universal) {
1173 if(pe->tag.num == INTEGER && pe->val.tag == VInt) {
1174 *pint = pe->val.u.intval;
1175 return 1;
1176 }
1177 else if(pe->tag.num == BOOLEAN && pe->val.tag == VBool) {
1178 *pint = pe->val.u.boolval;
1179 return 1;
1180 }
1181 }
1182 return 0;
1183 }
1184
1185 /*
1186 * for convience, all VInt's are readable via this routine,
1187 * as well as all VBigInt's
1188 */
1189 static int
is_bigint(Elem * pe,Bytes ** pbigint)1190 is_bigint(Elem* pe, Bytes** pbigint)
1191 {
1192 int v, n, i;
1193
1194 if(pe->tag.class == Universal && pe->tag.num == INTEGER) {
1195 if(pe->val.tag == VBigInt)
1196 *pbigint = pe->val.u.bigintval;
1197 else if(pe->val.tag == VInt){
1198 v = pe->val.u.intval;
1199 for(n = 1; n < 4; n++)
1200 if((1 << (8 * n)) > v)
1201 break;
1202 *pbigint = newbytes(n);
1203 for(i = 0; i < n; i++)
1204 (*pbigint)->data[i] = (v >> ((n - 1 - i) * 8));
1205 }else
1206 return 0;
1207 return 1;
1208 }
1209 return 0;
1210 }
1211
1212 static int
is_bitstring(Elem * pe,Bits ** pbits)1213 is_bitstring(Elem* pe, Bits** pbits)
1214 {
1215 if(pe->tag.class == Universal && pe->tag.num == BIT_STRING && pe->val.tag == VBitString) {
1216 *pbits = pe->val.u.bitstringval;
1217 return 1;
1218 }
1219 return 0;
1220 }
1221
1222 static int
is_octetstring(Elem * pe,Bytes ** poctets)1223 is_octetstring(Elem* pe, Bytes** poctets)
1224 {
1225 if(pe->tag.class == Universal && pe->tag.num == OCTET_STRING && pe->val.tag == VOctets) {
1226 *poctets = pe->val.u.octetsval;
1227 return 1;
1228 }
1229 return 0;
1230 }
1231
1232 static int
is_oid(Elem * pe,Ints ** poid)1233 is_oid(Elem* pe, Ints** poid)
1234 {
1235 if(pe->tag.class == Universal && pe->tag.num == OBJECT_ID && pe->val.tag == VObjId) {
1236 *poid = pe->val.u.objidval;
1237 return 1;
1238 }
1239 return 0;
1240 }
1241
1242 static int
is_string(Elem * pe,char ** pstring)1243 is_string(Elem* pe, char** pstring)
1244 {
1245 if(pe->tag.class == Universal) {
1246 switch(pe->tag.num) {
1247 case NumericString:
1248 case PrintableString:
1249 case TeletexString:
1250 case VideotexString:
1251 case IA5String:
1252 case GraphicString:
1253 case VisibleString:
1254 case GeneralString:
1255 case UniversalString:
1256 case BMPString:
1257 if(pe->val.tag == VString) {
1258 *pstring = pe->val.u.stringval;
1259 return 1;
1260 }
1261 }
1262 }
1263 return 0;
1264 }
1265
1266 static int
is_time(Elem * pe,char ** ptime)1267 is_time(Elem* pe, char** ptime)
1268 {
1269 if(pe->tag.class == Universal
1270 && (pe->tag.num == UTCTime || pe->tag.num == GeneralizedTime)
1271 && pe->val.tag == VString) {
1272 *ptime = pe->val.u.stringval;
1273 return 1;
1274 }
1275 return 0;
1276 }
1277
1278
1279 /*
1280 * malloc and return a new Bytes structure capable of
1281 * holding len bytes. (len >= 0)
1282 */
1283 static Bytes*
newbytes(int len)1284 newbytes(int len)
1285 {
1286 Bytes* ans;
1287
1288 ans = (Bytes*)emalloc(OFFSETOF(data[0], Bytes) + len);
1289 ans->len = len;
1290 return ans;
1291 }
1292
1293 /*
1294 * newbytes(len), with data initialized from buf
1295 */
1296 static Bytes*
makebytes(uchar * buf,int len)1297 makebytes(uchar* buf, int len)
1298 {
1299 Bytes* ans;
1300
1301 ans = newbytes(len);
1302 memmove(ans->data, buf, len);
1303 return ans;
1304 }
1305
1306 static void
freebytes(Bytes * b)1307 freebytes(Bytes* b)
1308 {
1309 if(b != nil)
1310 free(b);
1311 }
1312
1313 /*
1314 * Make a new Bytes, containing bytes of b1 followed by those of b2.
1315 * Either b1 or b2 or both can be nil.
1316 */
1317 static Bytes*
catbytes(Bytes * b1,Bytes * b2)1318 catbytes(Bytes* b1, Bytes* b2)
1319 {
1320 Bytes* ans;
1321 int n;
1322
1323 if(b1 == nil) {
1324 if(b2 == nil)
1325 ans = newbytes(0);
1326 else
1327 ans = makebytes(b2->data, b2->len);
1328 }
1329 else if(b2 == nil) {
1330 ans = makebytes(b1->data, b1->len);
1331 }
1332 else {
1333 n = b1->len + b2->len;
1334 ans = newbytes(n);
1335 ans->len = n;
1336 memmove(ans->data, b1->data, b1->len);
1337 memmove(ans->data+b1->len, b2->data, b2->len);
1338 }
1339 return ans;
1340 }
1341
1342 /* len is number of ints */
1343 static Ints*
newints(int len)1344 newints(int len)
1345 {
1346 Ints* ans;
1347
1348 ans = (Ints*)emalloc(OFFSETOF(data[0], Ints) + len*sizeof(int));
1349 ans->len = len;
1350 return ans;
1351 }
1352
1353 static Ints*
makeints(int * buf,int len)1354 makeints(int* buf, int len)
1355 {
1356 Ints* ans;
1357
1358 ans = newints(len);
1359 if(len > 0)
1360 memmove(ans->data, buf, len*sizeof(int));
1361 return ans;
1362 }
1363
1364 static void
freeints(Ints * b)1365 freeints(Ints* b)
1366 {
1367 if(b != nil)
1368 free(b);
1369 }
1370
1371 /* len is number of bytes */
1372 static Bits*
newbits(int len)1373 newbits(int len)
1374 {
1375 Bits* ans;
1376
1377 ans = (Bits*)emalloc(OFFSETOF(data[0], Bits) + len);
1378 ans->len = len;
1379 ans->unusedbits = 0;
1380 return ans;
1381 }
1382
1383 static Bits*
makebits(uchar * buf,int len,int unusedbits)1384 makebits(uchar* buf, int len, int unusedbits)
1385 {
1386 Bits* ans;
1387
1388 ans = newbits(len);
1389 memmove(ans->data, buf, len);
1390 ans->unusedbits = unusedbits;
1391 return ans;
1392 }
1393
1394 static void
freebits(Bits * b)1395 freebits(Bits* b)
1396 {
1397 if(b != nil)
1398 free(b);
1399 }
1400
1401 static Elist*
mkel(Elem e,Elist * tail)1402 mkel(Elem e, Elist* tail)
1403 {
1404 Elist* el;
1405
1406 el = (Elist*)emalloc(sizeof(Elist));
1407 el->hd = e;
1408 el->tl = tail;
1409 return el;
1410 }
1411
1412 static int
elistlen(Elist * el)1413 elistlen(Elist* el)
1414 {
1415 int ans = 0;
1416 while(el != nil) {
1417 ans++;
1418 el = el->tl;
1419 }
1420 return ans;
1421 }
1422
1423 /* Frees elist, but not fields inside values of constituent elems */
1424 static void
freeelist(Elist * el)1425 freeelist(Elist* el)
1426 {
1427 Elist* next;
1428
1429 while(el != nil) {
1430 next = el->tl;
1431 free(el);
1432 el = next;
1433 }
1434 }
1435
1436 /* free any allocated structures inside v (recursively freeing Elists) */
1437 static void
freevalfields(Value * v)1438 freevalfields(Value* v)
1439 {
1440 Elist* el;
1441 Elist* l;
1442 if(v == nil)
1443 return;
1444 switch(v->tag) {
1445 case VOctets:
1446 freebytes(v->u.octetsval);
1447 break;
1448 case VBigInt:
1449 freebytes(v->u.bigintval);
1450 break;
1451 case VReal:
1452 freebytes(v->u.realval);
1453 break;
1454 case VOther:
1455 freebytes(v->u.otherval);
1456 break;
1457 case VBitString:
1458 freebits(v->u.bitstringval);
1459 break;
1460 case VObjId:
1461 freeints(v->u.objidval);
1462 break;
1463 case VString:
1464 if (v->u.stringval)
1465 free(v->u.stringval);
1466 break;
1467 case VSeq:
1468 el = v->u.seqval;
1469 for(l = el; l != nil; l = l->tl)
1470 freevalfields(&l->hd.val);
1471 if (el)
1472 freeelist(el);
1473 break;
1474 case VSet:
1475 el = v->u.setval;
1476 for(l = el; l != nil; l = l->tl)
1477 freevalfields(&l->hd.val);
1478 if (el)
1479 freeelist(el);
1480 break;
1481 }
1482 }
1483
1484 /* end of general ASN1 functions */
1485
1486
1487
1488
1489
1490 /*=============================================================*/
1491 /*
1492 * Decode and parse an X.509 Certificate, defined by this ASN1:
1493 * Certificate ::= SEQUENCE {
1494 * certificateInfo CertificateInfo,
1495 * signatureAlgorithm AlgorithmIdentifier,
1496 * signature BIT STRING }
1497 *
1498 * CertificateInfo ::= SEQUENCE {
1499 * version [0] INTEGER DEFAULT v1 (0),
1500 * serialNumber INTEGER,
1501 * signature AlgorithmIdentifier,
1502 * issuer Name,
1503 * validity Validity,
1504 * subject Name,
1505 * subjectPublicKeyInfo SubjectPublicKeyInfo }
1506 * (version v2 has two more fields, optional unique identifiers for
1507 * issuer and subject; since we ignore these anyway, we won't parse them)
1508 *
1509 * Validity ::= SEQUENCE {
1510 * notBefore UTCTime,
1511 * notAfter UTCTime }
1512 *
1513 * SubjectPublicKeyInfo ::= SEQUENCE {
1514 * algorithm AlgorithmIdentifier,
1515 * subjectPublicKey BIT STRING }
1516 *
1517 * AlgorithmIdentifier ::= SEQUENCE {
1518 * algorithm OBJECT IDENTIFER,
1519 * parameters ANY DEFINED BY ALGORITHM OPTIONAL }
1520 *
1521 * Name ::= SEQUENCE OF RelativeDistinguishedName
1522 *
1523 * RelativeDistinguishedName ::= SETOF SIZE(1..MAX) OF AttributeTypeAndValue
1524 *
1525 * AttributeTypeAndValue ::= SEQUENCE {
1526 * type OBJECT IDENTIFER,
1527 * value DirectoryString }
1528 * (selected attributes have these Object Ids:
1529 * commonName {2 5 4 3}
1530 * countryName {2 5 4 6}
1531 * localityName {2 5 4 7}
1532 * stateOrProvinceName {2 5 4 8}
1533 * organizationName {2 5 4 10}
1534 * organizationalUnitName {2 5 4 11}
1535 * )
1536 *
1537 * DirectoryString ::= CHOICE {
1538 * teletexString TeletexString,
1539 * printableString PrintableString,
1540 * universalString UniversalString }
1541 *
1542 * See rfc1423, rfc2437 for AlgorithmIdentifier, subjectPublicKeyInfo, signature.
1543 *
1544 * Not yet implemented:
1545 * CertificateRevocationList ::= SIGNED SEQUENCE{
1546 * signature AlgorithmIdentifier,
1547 * issuer Name,
1548 * lastUpdate UTCTime,
1549 * nextUpdate UTCTime,
1550 * revokedCertificates
1551 * SEQUENCE OF CRLEntry OPTIONAL}
1552 * CRLEntry ::= SEQUENCE{
1553 * userCertificate SerialNumber,
1554 * revocationDate UTCTime}
1555 */
1556
1557 typedef struct CertX509 {
1558 int serial;
1559 char* issuer;
1560 char* validity_start;
1561 char* validity_end;
1562 char* subject;
1563 int publickey_alg;
1564 Bytes* publickey;
1565 int signature_alg;
1566 Bytes* signature;
1567 } CertX509;
1568
1569 /* Algorithm object-ids */
1570 enum {
1571 ALG_rsaEncryption,
1572 ALG_md2WithRSAEncryption,
1573 ALG_md4WithRSAEncryption,
1574 ALG_md5WithRSAEncryption,
1575 ALG_sha1WithRSAEncryption,
1576 ALG_md5,
1577 NUMALGS
1578 };
1579 typedef struct Ints7 {
1580 int len;
1581 int data[7];
1582 } Ints7;
1583 static Ints7 oid_rsaEncryption = {7, 1, 2, 840, 113549, 1, 1, 1 };
1584 static Ints7 oid_md2WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 2 };
1585 static Ints7 oid_md4WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 3 };
1586 static Ints7 oid_md5WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 4 };
1587 static Ints7 oid_sha1WithRSAEncryption ={7, 1, 2, 840, 113549, 1, 1, 5 };
1588 static Ints7 oid_md5 ={6, 1, 2, 840, 113549, 2, 5, 0 };
1589 static Ints *alg_oid_tab[NUMALGS+1] = {
1590 (Ints*)&oid_rsaEncryption,
1591 (Ints*)&oid_md2WithRSAEncryption,
1592 (Ints*)&oid_md4WithRSAEncryption,
1593 (Ints*)&oid_md5WithRSAEncryption,
1594 (Ints*)&oid_sha1WithRSAEncryption,
1595 (Ints*)&oid_md5,
1596 nil
1597 };
1598 static DigestFun digestalg[NUMALGS+1] = { md5, md5, md5, md5, sha1, md5, nil };
1599
1600 static void
freecert(CertX509 * c)1601 freecert(CertX509* c)
1602 {
1603 if (!c) return;
1604 if(c->issuer != nil)
1605 free(c->issuer);
1606 if(c->validity_start != nil)
1607 free(c->validity_start);
1608 if(c->validity_end != nil)
1609 free(c->validity_end);
1610 if(c->subject != nil)
1611 free(c->subject);
1612 freebytes(c->publickey);
1613 freebytes(c->signature);
1614 }
1615
1616 /*
1617 * Parse the Name ASN1 type.
1618 * The sequence of RelativeDistinguishedName's gives a sort of pathname,
1619 * from most general to most specific. Each element of the path can be
1620 * one or more (but usually just one) attribute-value pair, such as
1621 * countryName="US".
1622 * We'll just form a "postal-style" address string by concatenating the elements
1623 * from most specific to least specific, separated by commas.
1624 * Return name-as-string (which must be freed by caller).
1625 */
1626 static char*
parse_name(Elem * e)1627 parse_name(Elem* e)
1628 {
1629 Elist* el;
1630 Elem* es;
1631 Elist* esetl;
1632 Elem* eat;
1633 Elist* eatl;
1634 char* s;
1635 enum { MAXPARTS = 100 };
1636 char* parts[MAXPARTS];
1637 int i;
1638 int plen;
1639 char* ans = nil;
1640
1641 if(!is_seq(e, &el))
1642 goto errret;
1643 i = 0;
1644 plen = 0;
1645 while(el != nil) {
1646 es = &el->hd;
1647 if(!is_set(es, &esetl))
1648 goto errret;
1649 while(esetl != nil) {
1650 eat = &esetl->hd;
1651 if(!is_seq(eat, &eatl) || elistlen(eatl) != 2)
1652 goto errret;
1653 if(!is_string(&eatl->tl->hd, &s) || i>=MAXPARTS)
1654 goto errret;
1655 parts[i++] = s;
1656 plen += strlen(s) + 2; /* room for ", " after */
1657 esetl = esetl->tl;
1658 }
1659 el = el->tl;
1660 }
1661 if(i > 0) {
1662 ans = (char*)emalloc(plen);
1663 *ans = '\0';
1664 while(--i >= 0) {
1665 s = parts[i];
1666 strcat(ans, s);
1667 if(i > 0)
1668 strcat(ans, ", ");
1669 }
1670 }
1671
1672 errret:
1673 return ans;
1674 }
1675
1676 /*
1677 * Parse an AlgorithmIdentifer ASN1 type.
1678 * Look up the oid in oid_tab and return one of OID_rsaEncryption, etc..,
1679 * or -1 if not found.
1680 * For now, ignore parameters, since none of our algorithms need them.
1681 */
1682 static int
parse_alg(Elem * e)1683 parse_alg(Elem* e)
1684 {
1685 Elist* el;
1686 Ints* oid;
1687
1688 if(!is_seq(e, &el) || el == nil || !is_oid(&el->hd, &oid))
1689 return -1;
1690 return oid_lookup(oid, alg_oid_tab);
1691 }
1692
1693 static CertX509*
decode_cert(Bytes * a)1694 decode_cert(Bytes* a)
1695 {
1696 int ok = 0;
1697 int n;
1698 CertX509* c = nil;
1699 Elem ecert;
1700 Elem* ecertinfo;
1701 Elem* esigalg;
1702 Elem* esig;
1703 Elem* eserial;
1704 Elem* eissuer;
1705 Elem* evalidity;
1706 Elem* esubj;
1707 Elem* epubkey;
1708 Elist* el;
1709 Elist* elcert = nil;
1710 Elist* elcertinfo = nil;
1711 Elist* elvalidity = nil;
1712 Elist* elpubkey = nil;
1713 Bits* bits = nil;
1714 Bytes* b;
1715 Elem* e;
1716
1717 if(decode(a->data, a->len, &ecert) != ASN_OK)
1718 goto errret;
1719
1720 c = (CertX509*)emalloc(sizeof(CertX509));
1721 c->serial = -1;
1722 c->issuer = nil;
1723 c->validity_start = nil;
1724 c->validity_end = nil;
1725 c->subject = nil;
1726 c->publickey_alg = -1;
1727 c->publickey = nil;
1728 c->signature_alg = -1;
1729 c->signature = nil;
1730
1731 /* Certificate */
1732 if(!is_seq(&ecert, &elcert) || elistlen(elcert) !=3)
1733 goto errret;
1734 ecertinfo = &elcert->hd;
1735 el = elcert->tl;
1736 esigalg = &el->hd;
1737 c->signature_alg = parse_alg(esigalg);
1738 el = el->tl;
1739 esig = &el->hd;
1740
1741 /* Certificate Info */
1742 if(!is_seq(ecertinfo, &elcertinfo))
1743 goto errret;
1744 n = elistlen(elcertinfo);
1745 if(n < 6)
1746 goto errret;
1747 eserial =&elcertinfo->hd;
1748 el = elcertinfo->tl;
1749 /* check for optional version, marked by explicit context tag 0 */
1750 if(eserial->tag.class == Context && eserial->tag.num == 0) {
1751 eserial = &el->hd;
1752 if(n < 7)
1753 goto errret;
1754 el = el->tl;
1755 }
1756
1757 if(parse_alg(&el->hd) != c->signature_alg)
1758 goto errret;
1759 el = el->tl;
1760 eissuer = &el->hd;
1761 el = el->tl;
1762 evalidity = &el->hd;
1763 el = el->tl;
1764 esubj = &el->hd;
1765 el = el->tl;
1766 epubkey = &el->hd;
1767 if(!is_int(eserial, &c->serial)) {
1768 if(!is_bigint(eserial, &b))
1769 goto errret;
1770 c->serial = -1; /* else we have to change cert struct */
1771 }
1772 c->issuer = parse_name(eissuer);
1773 if(c->issuer == nil)
1774 goto errret;
1775 /* Validity */
1776 if(!is_seq(evalidity, &elvalidity))
1777 goto errret;
1778 if(elistlen(elvalidity) != 2)
1779 goto errret;
1780 e = &elvalidity->hd;
1781 if(!is_time(e, &c->validity_start))
1782 goto errret;
1783 e->val.u.stringval = nil; /* string ownership transfer */
1784 e = &elvalidity->tl->hd;
1785 if(!is_time(e, &c->validity_end))
1786 goto errret;
1787 e->val.u.stringval = nil; /* string ownership transfer */
1788
1789 /* resume CertificateInfo */
1790 c->subject = parse_name(esubj);
1791 if(c->subject == nil)
1792 goto errret;
1793
1794 /* SubjectPublicKeyInfo */
1795 if(!is_seq(epubkey, &elpubkey))
1796 goto errret;
1797 if(elistlen(elpubkey) != 2)
1798 goto errret;
1799
1800 c->publickey_alg = parse_alg(&elpubkey->hd);
1801 if(c->publickey_alg < 0)
1802 goto errret;
1803 if(!is_bitstring(&elpubkey->tl->hd, &bits))
1804 goto errret;
1805 if(bits->unusedbits != 0)
1806 goto errret;
1807 c->publickey = makebytes(bits->data, bits->len);
1808
1809 /*resume Certificate */
1810 if(c->signature_alg < 0)
1811 goto errret;
1812 if(!is_bitstring(esig, &bits))
1813 goto errret;
1814 c->signature = makebytes(bits->data, bits->len);
1815 ok = 1;
1816
1817 errret:
1818 freevalfields(&ecert.val); /* recurses through lists, too */
1819 if(!ok){
1820 freecert(c);
1821 c = nil;
1822 }
1823 return c;
1824 }
1825
1826 /*
1827 * RSAPublickKey :: SEQUENCE {
1828 * modulus INTEGER,
1829 * publicExponent INTEGER
1830 * }
1831 */
1832 static RSApub*
decode_rsapubkey(Bytes * a)1833 decode_rsapubkey(Bytes* a)
1834 {
1835 Elem e;
1836 Elist *el;
1837 mpint *mp;
1838 RSApub* key;
1839
1840 key = rsapuballoc();
1841 if(decode(a->data, a->len, &e) != ASN_OK)
1842 goto errret;
1843 if(!is_seq(&e, &el) || elistlen(el) != 2)
1844 goto errret;
1845
1846 key->n = mp = asn1mpint(&el->hd);
1847 if(mp == nil)
1848 goto errret;
1849
1850 el = el->tl;
1851 key->ek = mp = asn1mpint(&el->hd);
1852 if(mp == nil)
1853 goto errret;
1854 return key;
1855 errret:
1856 rsapubfree(key);
1857 return nil;
1858 }
1859
1860 /*
1861 * RSAPrivateKey ::= SEQUENCE {
1862 * version Version,
1863 * modulus INTEGER, -- n
1864 * publicExponent INTEGER, -- e
1865 * privateExponent INTEGER, -- d
1866 * prime1 INTEGER, -- p
1867 * prime2 INTEGER, -- q
1868 * exponent1 INTEGER, -- d mod (p-1)
1869 * exponent2 INTEGER, -- d mod (q-1)
1870 * coefficient INTEGER -- (inverse of q) mod p }
1871 */
1872 static RSApriv*
decode_rsaprivkey(Bytes * a)1873 decode_rsaprivkey(Bytes* a)
1874 {
1875 int version;
1876 Elem e;
1877 Elist *el;
1878 mpint *mp;
1879 RSApriv* key;
1880
1881 key = rsaprivalloc();
1882 if(decode(a->data, a->len, &e) != ASN_OK)
1883 goto errret;
1884 if(!is_seq(&e, &el) || elistlen(el) != 9)
1885 goto errret;
1886 if(!is_int(&el->hd, &version) || version != 0)
1887 goto errret;
1888
1889 el = el->tl;
1890 key->pub.n = mp = asn1mpint(&el->hd);
1891 if(mp == nil)
1892 goto errret;
1893
1894 el = el->tl;
1895 key->pub.ek = mp = asn1mpint(&el->hd);
1896 if(mp == nil)
1897 goto errret;
1898
1899 el = el->tl;
1900 key->dk = mp = asn1mpint(&el->hd);
1901 if(mp == nil)
1902 goto errret;
1903
1904 el = el->tl;
1905 key->q = mp = asn1mpint(&el->hd);
1906 if(mp == nil)
1907 goto errret;
1908
1909 el = el->tl;
1910 key->p = mp = asn1mpint(&el->hd);
1911 if(mp == nil)
1912 goto errret;
1913
1914 el = el->tl;
1915 key->kq = mp = asn1mpint(&el->hd);
1916 if(mp == nil)
1917 goto errret;
1918
1919 el = el->tl;
1920 key->kp = mp = asn1mpint(&el->hd);
1921 if(mp == nil)
1922 goto errret;
1923
1924 el = el->tl;
1925 key->c2 = mp = asn1mpint(&el->hd);
1926 if(mp == nil)
1927 goto errret;
1928
1929 return key;
1930 errret:
1931 rsaprivfree(key);
1932 return nil;
1933 }
1934
1935 static mpint*
asn1mpint(Elem * e)1936 asn1mpint(Elem *e)
1937 {
1938 Bytes *b;
1939 mpint *mp;
1940 int v;
1941
1942 if(is_int(e, &v))
1943 return itomp(v, nil);
1944 if(is_bigint(e, &b)) {
1945 mp = betomp(b->data, b->len, nil);
1946 freebytes(b);
1947 return mp;
1948 }
1949 return nil;
1950 }
1951
1952 static mpint*
pkcs1pad(Bytes * b,mpint * modulus)1953 pkcs1pad(Bytes *b, mpint *modulus)
1954 {
1955 int n = (mpsignif(modulus)+7)/8;
1956 int pm1, i;
1957 uchar *p;
1958 mpint *mp;
1959
1960 pm1 = n - 1 - b->len;
1961 p = (uchar*)emalloc(n);
1962 p[0] = 0;
1963 p[1] = 1;
1964 for(i = 2; i < pm1; i++)
1965 p[i] = 0xFF;
1966 p[pm1] = 0;
1967 memcpy(&p[pm1+1], b->data, b->len);
1968 mp = betomp(p, n, nil);
1969 free(p);
1970 return mp;
1971 }
1972
1973 RSApriv*
asn1toRSApriv(uchar * kd,int kn)1974 asn1toRSApriv(uchar *kd, int kn)
1975 {
1976 Bytes *b;
1977 RSApriv *key;
1978
1979 b = makebytes(kd, kn);
1980 key = decode_rsaprivkey(b);
1981 freebytes(b);
1982 return key;
1983 }
1984
1985 /*
1986 * digest(CertificateInfo)
1987 * Our ASN.1 library doesn't return pointers into the original
1988 * data array, so we need to do a little hand decoding.
1989 */
1990 static void
digest_certinfo(Bytes * cert,DigestFun digestfun,uchar * digest)1991 digest_certinfo(Bytes *cert, DigestFun digestfun, uchar *digest)
1992 {
1993 uchar *info, *p, *pend;
1994 ulong infolen;
1995 int isconstr, length;
1996 Tag tag;
1997 Elem elem;
1998
1999 p = cert->data;
2000 pend = cert->data + cert->len;
2001 if(tag_decode(&p, pend, &tag, &isconstr) != ASN_OK ||
2002 tag.class != Universal || tag.num != SEQUENCE ||
2003 length_decode(&p, pend, &length) != ASN_OK ||
2004 p+length > pend)
2005 return;
2006 info = p;
2007 if(ber_decode(&p, pend, &elem) != ASN_OK || elem.tag.num != SEQUENCE)
2008 return;
2009 infolen = p - info;
2010 (*digestfun)(info, infolen, digest, nil);
2011 }
2012
2013 static char*
verify_signature(Bytes * signature,RSApub * pk,uchar * edigest,Elem ** psigalg)2014 verify_signature(Bytes* signature, RSApub *pk, uchar *edigest, Elem **psigalg)
2015 {
2016 Elem e;
2017 Elist *el;
2018 Bytes *digest;
2019 uchar *pkcs1buf, *buf;
2020 int buflen;
2021 mpint *pkcs1;
2022
2023 /* see 9.2.1 of rfc2437 */
2024 pkcs1 = betomp(signature->data, signature->len, nil);
2025 mpexp(pkcs1, pk->ek, pk->n, pkcs1);
2026 buflen = mptobe(pkcs1, nil, 0, &pkcs1buf);
2027 buf = pkcs1buf;
2028 if(buflen < 4 || buf[0] != 1)
2029 return "expected 1";
2030 buf++;
2031 while(buf[0] == 0xff)
2032 buf++;
2033 if(buf[0] != 0)
2034 return "expected 0";
2035 buf++;
2036 buflen -= buf-pkcs1buf;
2037 if(decode(buf, buflen, &e) != ASN_OK || !is_seq(&e, &el) || elistlen(el) != 2 ||
2038 !is_octetstring(&el->tl->hd, &digest))
2039 return "signature parse error";
2040 *psigalg = &el->hd;
2041 if(memcmp(digest->data, edigest, digest->len) == 0)
2042 return nil;
2043 return "digests did not match";
2044 }
2045
2046 RSApub*
X509toRSApub(uchar * cert,int ncert,char * name,int nname)2047 X509toRSApub(uchar *cert, int ncert, char *name, int nname)
2048 {
2049 char *e;
2050 Bytes *b;
2051 CertX509 *c;
2052 RSApub *pk;
2053
2054 b = makebytes(cert, ncert);
2055 c = decode_cert(b);
2056 freebytes(b);
2057 if(c == nil)
2058 return nil;
2059 if(name != nil && c->subject != nil){
2060 e = strchr(c->subject, ',');
2061 if(e != nil)
2062 *e = 0; // take just CN part of Distinguished Name
2063 strncpy(name, c->subject, nname);
2064 }
2065 pk = decode_rsapubkey(c->publickey);
2066 freecert(c);
2067 return pk;
2068 }
2069
2070 char*
X509verify(uchar * cert,int ncert,RSApub * pk)2071 X509verify(uchar *cert, int ncert, RSApub *pk)
2072 {
2073 char *e;
2074 Bytes *b;
2075 CertX509 *c;
2076 uchar digest[SHA1dlen];
2077 Elem *sigalg;
2078
2079 b = makebytes(cert, ncert);
2080 c = decode_cert(b);
2081 if(c != nil)
2082 digest_certinfo(b, digestalg[c->signature_alg], digest);
2083 freebytes(b);
2084 if(c == nil)
2085 return "cannot decode cert";
2086 e = verify_signature(c->signature, pk, digest, &sigalg);
2087 freecert(c);
2088 return e;
2089 }
2090
2091 /* ------- Elem constructors ---------- */
2092 static Elem
Null(void)2093 Null(void)
2094 {
2095 Elem e;
2096
2097 e.tag.class = Universal;
2098 e.tag.num = NULLTAG;
2099 e.val.tag = VNull;
2100 return e;
2101 }
2102
2103 static Elem
mkint(int j)2104 mkint(int j)
2105 {
2106 Elem e;
2107
2108 e.tag.class = Universal;
2109 e.tag.num = INTEGER;
2110 e.val.tag = VInt;
2111 e.val.u.intval = j;
2112 return e;
2113 }
2114
2115 static Elem
mkbigint(mpint * p)2116 mkbigint(mpint *p)
2117 {
2118 Elem e;
2119 uchar *buf;
2120 int buflen;
2121
2122 e.tag.class = Universal;
2123 e.tag.num = INTEGER;
2124 e.val.tag = VBigInt;
2125 buflen = mptobe(p, nil, 0, &buf);
2126 e.val.u.bigintval = makebytes(buf, buflen);
2127 free(buf);
2128 return e;
2129 }
2130
2131 static Elem
mkstring(char * s)2132 mkstring(char *s)
2133 {
2134 Elem e;
2135
2136 e.tag.class = Universal;
2137 e.tag.num = IA5String;
2138 e.val.tag = VString;
2139 e.val.u.stringval = estrdup(s);
2140 return e;
2141 }
2142
2143 static Elem
mkoctet(uchar * buf,int buflen)2144 mkoctet(uchar *buf, int buflen)
2145 {
2146 Elem e;
2147
2148 e.tag.class = Universal;
2149 e.tag.num = OCTET_STRING;
2150 e.val.tag = VOctets;
2151 e.val.u.octetsval = makebytes(buf, buflen);
2152 return e;
2153 }
2154
2155 static Elem
mkbits(uchar * buf,int buflen)2156 mkbits(uchar *buf, int buflen)
2157 {
2158 Elem e;
2159
2160 e.tag.class = Universal;
2161 e.tag.num = BIT_STRING;
2162 e.val.tag = VBitString;
2163 e.val.u.bitstringval = makebits(buf, buflen, 0);
2164 return e;
2165 }
2166
2167 static Elem
mkutc(long t)2168 mkutc(long t)
2169 {
2170 Elem e;
2171 char utc[50];
2172 Tm *tm = gmtime(t);
2173
2174 e.tag.class = Universal;
2175 e.tag.num = UTCTime;
2176 e.val.tag = VString;
2177 snprint(utc, 50, "%.2d%.2d%.2d%.2d%.2d%.2dZ",
2178 tm->year % 100, tm->mon+1, tm->mday, tm->hour, tm->min, tm->sec);
2179 e.val.u.stringval = estrdup(utc);
2180 return e;
2181 }
2182
2183 static Elem
mkoid(Ints * oid)2184 mkoid(Ints *oid)
2185 {
2186 Elem e;
2187
2188 e.tag.class = Universal;
2189 e.tag.num = OBJECT_ID;
2190 e.val.tag = VObjId;
2191 e.val.u.objidval = makeints(oid->data, oid->len);
2192 return e;
2193 }
2194
2195 static Elem
mkseq(Elist * el)2196 mkseq(Elist *el)
2197 {
2198 Elem e;
2199
2200 e.tag.class = Universal;
2201 e.tag.num = SEQUENCE;
2202 e.val.tag = VSeq;
2203 e.val.u.seqval = el;
2204 return e;
2205 }
2206
2207 static Elem
mkset(Elist * el)2208 mkset(Elist *el)
2209 {
2210 Elem e;
2211
2212 e.tag.class = Universal;
2213 e.tag.num = SETOF;
2214 e.val.tag = VSet;
2215 e.val.u.setval = el;
2216 return e;
2217 }
2218
2219 static Elem
mkalg(int alg)2220 mkalg(int alg)
2221 {
2222 return mkseq(mkel(mkoid(alg_oid_tab[alg]), mkel(Null(), nil)));
2223 }
2224
2225 typedef struct Ints7pref {
2226 int len;
2227 int data[7];
2228 char prefix[4];
2229 } Ints7pref;
2230 Ints7pref DN_oid[] = {
2231 {4, 2, 5, 4, 6, 0, 0, 0, "C="},
2232 {4, 2, 5, 4, 8, 0, 0, 0, "ST="},
2233 {4, 2, 5, 4, 7, 0, 0, 0, "L="},
2234 {4, 2, 5, 4, 10, 0, 0, 0, "O="},
2235 {4, 2, 5, 4, 11, 0, 0, 0, "OU="},
2236 {4, 2, 5, 4, 3, 0, 0, 0, "CN="},
2237 {7, 1,2,840,113549,1,9,1, "E="},
2238 };
2239
2240 static Elem
mkname(Ints7pref * oid,char * subj)2241 mkname(Ints7pref *oid, char *subj)
2242 {
2243 return mkset(mkel(mkseq(mkel(mkoid((Ints*)oid), mkel(mkstring(subj), nil))), nil));
2244 }
2245
2246 static Elem
mkDN(char * dn)2247 mkDN(char *dn)
2248 {
2249 int i, j, nf;
2250 char *f[20], *prefix, *d2 = estrdup(dn);
2251 Elist* el = nil;
2252
2253 nf = tokenize(d2, f, nelem(f));
2254 for(i=nf-1; i>=0; i--){
2255 for(j=0; j<nelem(DN_oid); j++){
2256 prefix = DN_oid[j].prefix;
2257 if(strncmp(f[i],prefix,strlen(prefix))==0){
2258 el = mkel(mkname(&DN_oid[j],f[i]+strlen(prefix)), el);
2259 break;
2260 }
2261 }
2262 }
2263 free(d2);
2264 return mkseq(el);
2265 }
2266
2267
2268 uchar*
X509gen(RSApriv * priv,char * subj,ulong valid[2],int * certlen)2269 X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen)
2270 {
2271 int serial = 0;
2272 uchar *cert = nil;
2273 RSApub *pk = rsaprivtopub(priv);
2274 Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
2275 Elem e, certinfo, issuer, subject, pubkey, validity, sig;
2276 uchar digest[MD5dlen], *buf;
2277 int buflen;
2278 mpint *pkcs1;
2279
2280 e.val.tag = VInt; /* so freevalfields at errret is no-op */
2281 issuer = mkDN(subj);
2282 subject = mkDN(subj);
2283 pubkey = mkseq(mkel(mkbigint(pk->n),mkel(mkint(mptoi(pk->ek)),nil)));
2284 if(encode(pubkey, &pkbytes) != ASN_OK)
2285 goto errret;
2286 freevalfields(&pubkey.val);
2287 pubkey = mkseq(
2288 mkel(mkalg(ALG_rsaEncryption),
2289 mkel(mkbits(pkbytes->data, pkbytes->len),
2290 nil)));
2291 freebytes(pkbytes);
2292 validity = mkseq(
2293 mkel(mkutc(valid[0]),
2294 mkel(mkutc(valid[1]),
2295 nil)));
2296 certinfo = mkseq(
2297 mkel(mkint(serial),
2298 mkel(mkalg(ALG_md5WithRSAEncryption),
2299 mkel(issuer,
2300 mkel(validity,
2301 mkel(subject,
2302 mkel(pubkey,
2303 nil)))))));
2304 if(encode(certinfo, &certinfobytes) != ASN_OK)
2305 goto errret;
2306 md5(certinfobytes->data, certinfobytes->len, digest, 0);
2307 freebytes(certinfobytes);
2308 sig = mkseq(
2309 mkel(mkalg(ALG_md5),
2310 mkel(mkoctet(digest, MD5dlen),
2311 nil)));
2312 if(encode(sig, &sigbytes) != ASN_OK)
2313 goto errret;
2314 pkcs1 = pkcs1pad(sigbytes, pk->n);
2315 freebytes(sigbytes);
2316 rsadecrypt(priv, pkcs1, pkcs1);
2317 buflen = mptobe(pkcs1, nil, 0, &buf);
2318 mpfree(pkcs1);
2319 e = mkseq(
2320 mkel(certinfo,
2321 mkel(mkalg(ALG_md5WithRSAEncryption),
2322 mkel(mkbits(buf, buflen),
2323 nil))));
2324 free(buf);
2325 if(encode(e, &certbytes) != ASN_OK)
2326 goto errret;
2327 if(certlen)
2328 *certlen = certbytes->len;
2329 cert = certbytes->data;
2330 errret:
2331 freevalfields(&e.val);
2332 return cert;
2333 }
2334
2335 uchar*
X509req(RSApriv * priv,char * subj,int * certlen)2336 X509req(RSApriv *priv, char *subj, int *certlen)
2337 {
2338 /* RFC 2314, PKCS #10 Certification Request Syntax */
2339 int version = 0;
2340 uchar *cert = nil;
2341 RSApub *pk = rsaprivtopub(priv);
2342 Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
2343 Elem e, certinfo, subject, pubkey, sig;
2344 uchar digest[MD5dlen], *buf;
2345 int buflen;
2346 mpint *pkcs1;
2347
2348 e.val.tag = VInt; /* so freevalfields at errret is no-op */
2349 subject = mkDN(subj);
2350 pubkey = mkseq(mkel(mkbigint(pk->n),mkel(mkint(mptoi(pk->ek)),nil)));
2351 if(encode(pubkey, &pkbytes) != ASN_OK)
2352 goto errret;
2353 freevalfields(&pubkey.val);
2354 pubkey = mkseq(
2355 mkel(mkalg(ALG_rsaEncryption),
2356 mkel(mkbits(pkbytes->data, pkbytes->len),
2357 nil)));
2358 freebytes(pkbytes);
2359 certinfo = mkseq(
2360 mkel(mkint(version),
2361 mkel(subject,
2362 mkel(pubkey,
2363 nil))));
2364 if(encode(certinfo, &certinfobytes) != ASN_OK)
2365 goto errret;
2366 md5(certinfobytes->data, certinfobytes->len, digest, 0);
2367 freebytes(certinfobytes);
2368 sig = mkseq(
2369 mkel(mkalg(ALG_md5),
2370 mkel(mkoctet(digest, MD5dlen),
2371 nil)));
2372 if(encode(sig, &sigbytes) != ASN_OK)
2373 goto errret;
2374 pkcs1 = pkcs1pad(sigbytes, pk->n);
2375 freebytes(sigbytes);
2376 rsadecrypt(priv, pkcs1, pkcs1);
2377 buflen = mptobe(pkcs1, nil, 0, &buf);
2378 mpfree(pkcs1);
2379 e = mkseq(
2380 mkel(certinfo,
2381 mkel(mkalg(ALG_md5),
2382 mkel(mkbits(buf, buflen),
2383 nil))));
2384 free(buf);
2385 if(encode(e, &certbytes) != ASN_OK)
2386 goto errret;
2387 if(certlen)
2388 *certlen = certbytes->len;
2389 cert = certbytes->data;
2390 errret:
2391 freevalfields(&e.val);
2392 return cert;
2393 }
2394
2395 static char*
tagdump(Tag tag)2396 tagdump(Tag tag)
2397 {
2398 if(tag.class != Universal)
2399 return smprint("class%d,num%d", tag.class, tag.num);
2400 switch(tag.num){
2401 case BOOLEAN: return "BOOLEAN"; break;
2402 case INTEGER: return "INTEGER"; break;
2403 case BIT_STRING: return "BIT STRING"; break;
2404 case OCTET_STRING: return "OCTET STRING"; break;
2405 case NULLTAG: return "NULLTAG"; break;
2406 case OBJECT_ID: return "OID"; break;
2407 case ObjectDescriptor: return "OBJECT_DES"; break;
2408 case EXTERNAL: return "EXTERNAL"; break;
2409 case REAL: return "REAL"; break;
2410 case ENUMERATED: return "ENUMERATED"; break;
2411 case EMBEDDED_PDV: return "EMBEDDED PDV"; break;
2412 case SEQUENCE: return "SEQUENCE"; break;
2413 case SETOF: return "SETOF"; break;
2414 case NumericString: return "NumericString"; break;
2415 case PrintableString: return "PrintableString"; break;
2416 case TeletexString: return "TeletexString"; break;
2417 case VideotexString: return "VideotexString"; break;
2418 case IA5String: return "IA5String"; break;
2419 case UTCTime: return "UTCTime"; break;
2420 case GeneralizedTime: return "GeneralizedTime"; break;
2421 case GraphicString: return "GraphicString"; break;
2422 case VisibleString: return "VisibleString"; break;
2423 case GeneralString: return "GeneralString"; break;
2424 case UniversalString: return "UniversalString"; break;
2425 case BMPString: return "BMPString"; break;
2426 default:
2427 return smprint("Universal,num%d", tag.num);
2428 }
2429 }
2430
2431 static void
edump(Elem e)2432 edump(Elem e)
2433 {
2434 Value v;
2435 Elist *el;
2436 int i;
2437
2438 print("%s{", tagdump(e.tag));
2439 v = e.val;
2440 switch(v.tag){
2441 case VBool: print("Bool %d",v.u.boolval); break;
2442 case VInt: print("Int %d",v.u.intval); break;
2443 case VOctets: print("Octets[%d] %.2x%.2x...",v.u.octetsval->len,v.u.octetsval->data[0],v.u.octetsval->data[1]); break;
2444 case VBigInt: print("BigInt[%d] %.2x%.2x...",v.u.bigintval->len,v.u.bigintval->data[0],v.u.bigintval->data[1]); break;
2445 case VReal: print("Real..."); break;
2446 case VOther: print("Other..."); break;
2447 case VBitString: print("BitString..."); break;
2448 case VNull: print("Null"); break;
2449 case VEOC: print("EOC..."); break;
2450 case VObjId: print("ObjId");
2451 for(i = 0; i<v.u.objidval->len; i++)
2452 print(" %d", v.u.objidval->data[i]);
2453 break;
2454 case VString: print("String \"%s\"",v.u.stringval); break;
2455 case VSeq: print("Seq\n");
2456 for(el = v.u.seqval; el!=nil; el = el->tl)
2457 edump(el->hd);
2458 break;
2459 case VSet: print("Set\n");
2460 for(el = v.u.setval; el!=nil; el = el->tl)
2461 edump(el->hd);
2462 break;
2463 }
2464 print("}\n");
2465 }
2466
2467 void
asn1dump(uchar * der,int len)2468 asn1dump(uchar *der, int len)
2469 {
2470 Elem e;
2471
2472 if(decode(der, len, &e) != ASN_OK){
2473 print("didn't parse\n");
2474 exits("didn't parse");
2475 }
2476 edump(e);
2477 }
2478
2479 void
X509dump(uchar * cert,int ncert)2480 X509dump(uchar *cert, int ncert)
2481 {
2482 char *e;
2483 Bytes *b;
2484 CertX509 *c;
2485 RSApub *pk;
2486 uchar digest[SHA1dlen];
2487 Elem *sigalg;
2488
2489 print("begin X509dump\n");
2490 b = makebytes(cert, ncert);
2491 c = decode_cert(b);
2492 if(c != nil)
2493 digest_certinfo(b, digestalg[c->signature_alg], digest);
2494 freebytes(b);
2495 if(c == nil){
2496 print("cannot decode cert");
2497 return;
2498 }
2499
2500 print("serial %d\n", c->serial);
2501 print("issuer %s\n", c->issuer);
2502 print("validity %s %s\n", c->validity_start, c->validity_end);
2503 print("subject %s\n", c->subject);
2504 pk = decode_rsapubkey(c->publickey);
2505 print("pubkey e=%B n(%d)=%B\n", pk->ek, mpsignif(pk->n), pk->n);
2506
2507 print("sigalg=%d digest=%.*H\n", c->signature_alg, MD5dlen, digest);
2508 e = verify_signature(c->signature, pk, digest, &sigalg);
2509 if(e==nil){
2510 e = "nil (meaning ok)";
2511 print("sigalg=\n");
2512 if(sigalg)
2513 edump(*sigalg);
2514 }
2515 print("self-signed verify_signature returns: %s\n", e);
2516
2517 rsapubfree(pk);
2518 freecert(c);
2519 print("end X509dump\n");
2520 }
2521