1 #include <u.h>
2 #include <libc.h>
3 #include <mp.h>
4 #include <libsec.h>
5
6 typedef DigestState*(*DigestFun)(uchar*,ulong,uchar*,DigestState*);
7
8 /* ANSI offsetof, backwards. */
9 #define OFFSETOF(a, b) offsetof(b, a)
10
11 /*=============================================================*/
12 /* general ASN1 declarations and parsing
13 *
14 * For now, this is used only for extracting the key from an
15 * X509 certificate, so the entire collection is hidden. But
16 * someday we should probably make the functions visible and
17 * give them their own man page.
18 */
19 typedef struct Elem Elem;
20 typedef struct Tag Tag;
21 typedef struct Value Value;
22 typedef struct Bytes Bytes;
23 typedef struct Ints Ints;
24 typedef struct Bits Bits;
25 typedef struct Elist Elist;
26
27 /* tag classes */
28 #define Universal 0
29 #define Context 0x80
30
31 /* universal tags */
32 #define BOOLEAN 1
33 #define INTEGER 2
34 #define BIT_STRING 3
35 #define OCTET_STRING 4
36 #define NULLTAG 5
37 #define OBJECT_ID 6
38 #define ObjectDescriptor 7
39 #define EXTERNAL 8
40 #define REAL 9
41 #define ENUMERATED 10
42 #define EMBEDDED_PDV 11
43 #define SEQUENCE 16 /* also SEQUENCE OF */
44 #define SETOF 17 /* also SETOF OF */
45 #define NumericString 18
46 #define PrintableString 19
47 #define TeletexString 20
48 #define VideotexString 21
49 #define IA5String 22
50 #define UTCTime 23
51 #define GeneralizedTime 24
52 #define GraphicString 25
53 #define VisibleString 26
54 #define GeneralString 27
55 #define UniversalString 28
56 #define BMPString 30
57
58 struct Bytes {
59 int len;
60 uchar data[1];
61 };
62
63 struct Ints {
64 int len;
65 int data[1];
66 };
67
68 struct Bits {
69 int len; /* number of bytes */
70 int unusedbits; /* unused bits in last byte */
71 uchar data[1]; /* most-significant bit first */
72 };
73
74 struct Tag {
75 int class;
76 int num;
77 };
78
79 enum { VBool, VInt, VOctets, VBigInt, VReal, VOther,
80 VBitString, VNull, VEOC, VObjId, VString, VSeq, VSet };
81 struct Value {
82 int tag; /* VBool, etc. */
83 union {
84 int boolval;
85 int intval;
86 Bytes* octetsval;
87 Bytes* bigintval;
88 Bytes* realval; /* undecoded; hardly ever used */
89 Bytes* otherval;
90 Bits* bitstringval;
91 Ints* objidval;
92 char* stringval;
93 Elist* seqval;
94 Elist* setval;
95 } u; /* (Don't use anonymous unions, for ease of porting) */
96 };
97
98 struct Elem {
99 Tag tag;
100 Value val;
101 };
102
103 struct Elist {
104 Elist* tl;
105 Elem hd;
106 };
107
108 /* decoding errors */
109 enum { ASN_OK, ASN_ESHORT, ASN_ETOOBIG, ASN_EVALLEN,
110 ASN_ECONSTR, ASN_EPRIM, ASN_EINVAL, ASN_EUNIMPL };
111
112
113 /* here are the functions to consider making extern someday */
114 static Bytes* newbytes(int len);
115 static Bytes* makebytes(uchar* buf, int len);
116 static void freebytes(Bytes* b);
117 static Bytes* catbytes(Bytes* b1, Bytes* b2);
118 static Ints* newints(int len);
119 static Ints* makeints(int* buf, int len);
120 static void freeints(Ints* b);
121 static Bits* newbits(int len);
122 static Bits* makebits(uchar* buf, int len, int unusedbits);
123 static void freebits(Bits* b);
124 static Elist* mkel(Elem e, Elist* tail);
125 static void freeelist(Elist* el);
126 static int elistlen(Elist* el);
127 static int is_seq(Elem* pe, Elist** pseq);
128 static int is_set(Elem* pe, Elist** pset);
129 static int is_int(Elem* pe, int* pint);
130 static int is_bigint(Elem* pe, Bytes** pbigint);
131 static int is_bitstring(Elem* pe, Bits** pbits);
132 static int is_octetstring(Elem* pe, Bytes** poctets);
133 static int is_oid(Elem* pe, Ints** poid);
134 static int is_string(Elem* pe, char** pstring);
135 static int is_time(Elem* pe, char** ptime);
136 static int decode(uchar* a, int alen, Elem* pelem);
137 /*
138 static int decode_seq(uchar* a, int alen, Elist** pelist);
139 static int decode_value(uchar* a, int alen, int kind, int isconstr, Value* pval);
140 */
141 static int encode(Elem e, Bytes** pbytes);
142 static int oid_lookup(Ints* o, Ints** tab);
143 static void freevalfields(Value* v);
144 static mpint *asn1mpint(Elem *e);
145
146
147
148 #define TAG_MASK 0x1F
149 #define CONSTR_MASK 0x20
150 #define CLASS_MASK 0xC0
151 #define MAXOBJIDLEN 20
152
153 static int ber_decode(uchar** pp, uchar* pend, Elem* pelem);
154 static int tag_decode(uchar** pp, uchar* pend, Tag* ptag, int* pisconstr);
155 static int length_decode(uchar** pp, uchar* pend, int* plength);
156 static int value_decode(uchar** pp, uchar* pend, int length, int kind, int isconstr, Value* pval);
157 static int int_decode(uchar** pp, uchar* pend, int count, int unsgned, int* pint);
158 static int uint7_decode(uchar** pp, uchar* pend, int* pint);
159 static int octet_decode(uchar** pp, uchar* pend, int length, int isconstr, Bytes** pbytes);
160 static int seq_decode(uchar** pp, uchar* pend, int length, int isconstr, Elist** pelist);
161 static int enc(uchar** pp, Elem e, int lenonly);
162 static int val_enc(uchar** pp, Elem e, int *pconstr, int lenonly);
163 static void uint7_enc(uchar** pp, int num, int lenonly);
164 static void int_enc(uchar** pp, int num, int unsgned, int lenonly);
165
166 static void *
emalloc(int n)167 emalloc(int n)
168 {
169 void *p;
170 if(n==0)
171 n=1;
172 p = malloc(n);
173 if(p == nil){
174 exits("out of memory");
175 }
176 memset(p, 0, n);
177 return p;
178 }
179
180 static char*
estrdup(char * s)181 estrdup(char *s)
182 {
183 char *d, *d0;
184
185 if(!s)
186 return 0;
187 d = d0 = emalloc(strlen(s)+1);
188 while(*d++ = *s++)
189 ;
190 return d0;
191 }
192
193
194 /*
195 * Decode a[0..len] as a BER encoding of an ASN1 type.
196 * The return value is one of ASN_OK, etc.
197 * Depending on the error, the returned elem may or may not
198 * be nil.
199 */
200 static int
decode(uchar * a,int alen,Elem * pelem)201 decode(uchar* a, int alen, Elem* pelem)
202 {
203 uchar* p = a;
204
205 return ber_decode(&p, &a[alen], pelem);
206 }
207
208 /*
209 * Like decode, but continue decoding after first element
210 * of array ends.
211 *
212 static int
213 decode_seq(uchar* a, int alen, Elist** pelist)
214 {
215 uchar* p = a;
216
217 return seq_decode(&p, &a[alen], -1, 1, pelist);
218 }
219 */
220
221 /*
222 * Decode the whole array as a BER encoding of an ASN1 value,
223 * (i.e., the part after the tag and length).
224 * Assume the value is encoded as universal tag "kind".
225 * The constr arg is 1 if the value is constructed, 0 if primitive.
226 * If there's an error, the return string will contain the error.
227 * Depending on the error, the returned value may or may not
228 * be nil.
229 *
230 static int
231 decode_value(uchar* a, int alen, int kind, int isconstr, Value* pval)
232 {
233 uchar* p = a;
234
235 return value_decode(&p, &a[alen], alen, kind, isconstr, pval);
236 }
237 */
238
239 /*
240 * All of the following decoding routines take arguments:
241 * uchar **pp;
242 * uchar *pend;
243 * Where parsing is supposed to start at **pp, and when parsing
244 * is done, *pp is updated to point at next char to be parsed.
245 * The pend pointer is just past end of string; an error should
246 * be returned parsing hasn't finished by then.
247 *
248 * The returned int is ASN_OK if all went fine, else ASN_ESHORT, etc.
249 * The remaining argument(s) are pointers to where parsed entity goes.
250 */
251
252 /* Decode an ASN1 'Elem' (tag, length, value) */
253 static int
ber_decode(uchar ** pp,uchar * pend,Elem * pelem)254 ber_decode(uchar** pp, uchar* pend, Elem* pelem)
255 {
256 int err;
257 int isconstr;
258 int length;
259 Tag tag;
260 Value val;
261
262 err = tag_decode(pp, pend, &tag, &isconstr);
263 if(err == ASN_OK) {
264 err = length_decode(pp, pend, &length);
265 if(err == ASN_OK) {
266 if(tag.class == Universal)
267 err = value_decode(pp, pend, length, tag.num, isconstr, &val);
268 else
269 err = value_decode(pp, pend, length, OCTET_STRING, 0, &val);
270 if(err == ASN_OK) {
271 pelem->tag = tag;
272 pelem->val = val;
273 }
274 }
275 }
276 return err;
277 }
278
279 /* Decode a tag field */
280 static int
tag_decode(uchar ** pp,uchar * pend,Tag * ptag,int * pisconstr)281 tag_decode(uchar** pp, uchar* pend, Tag* ptag, int* pisconstr)
282 {
283 int err;
284 int v;
285 uchar* p;
286
287 err = ASN_OK;
288 p = *pp;
289 if(pend-p >= 2) {
290 v = *p++;
291 ptag->class = v&CLASS_MASK;
292 if(v&CONSTR_MASK)
293 *pisconstr = 1;
294 else
295 *pisconstr = 0;
296 v &= TAG_MASK;
297 if(v == TAG_MASK)
298 err = uint7_decode(&p, pend, &v);
299 ptag->num = v;
300 }
301 else
302 err = ASN_ESHORT;
303 *pp = p;
304 return err;
305 }
306
307 /* Decode a length field */
308 static int
length_decode(uchar ** pp,uchar * pend,int * plength)309 length_decode(uchar** pp, uchar* pend, int* plength)
310 {
311 int err;
312 int num;
313 int v;
314 uchar* p;
315
316 err = ASN_OK;
317 num = 0;
318 p = *pp;
319 if(p < pend) {
320 v = *p++;
321 if(v&0x80)
322 err = int_decode(&p, pend, v&0x7F, 1, &num);
323 else
324 num = v;
325 }
326 else
327 err = ASN_ESHORT;
328 *pp = p;
329 *plength = num;
330 return err;
331 }
332
333 /* Decode a value field */
334 static int
value_decode(uchar ** pp,uchar * pend,int length,int kind,int isconstr,Value * pval)335 value_decode(uchar** pp, uchar* pend, int length, int kind, int isconstr, Value* pval)
336 {
337 int err;
338 Bytes* va;
339 int num;
340 int bitsunused;
341 int subids[MAXOBJIDLEN];
342 int isubid;
343 Elist* vl;
344 uchar* p;
345 uchar* pe;
346
347 err = ASN_OK;
348 p = *pp;
349 if(length == -1) { /* "indefinite" length spec */
350 if(!isconstr)
351 err = ASN_EINVAL;
352 }
353 else if(p + length > pend)
354 err = ASN_EVALLEN;
355 if(err != ASN_OK)
356 return err;
357
358 switch(kind) {
359 case 0:
360 /* marker for end of indefinite constructions */
361 if(length == 0)
362 pval->tag = VNull;
363 else
364 err = ASN_EINVAL;
365 break;
366
367 case BOOLEAN:
368 if(isconstr)
369 err = ASN_ECONSTR;
370 else if(length != 1)
371 err = ASN_EVALLEN;
372 else {
373 pval->tag = VBool;
374 pval->u.boolval = (*p++ != 0);
375 }
376 break;
377
378 case INTEGER:
379 case ENUMERATED:
380 if(isconstr)
381 err = ASN_ECONSTR;
382 else if(length <= 4) {
383 err = int_decode(&p, pend, length, 0, &num);
384 if(err == ASN_OK) {
385 pval->tag = VInt;
386 pval->u.intval = num;
387 }
388 }
389 else {
390 pval->tag = VBigInt;
391 pval->u.bigintval = makebytes(p, length);
392 p += length;
393 }
394 break;
395
396 case BIT_STRING:
397 pval->tag = VBitString;
398 if(isconstr) {
399 if(length == -1 && p + 2 <= pend && *p == 0 && *(p+1) ==0) {
400 pval->u.bitstringval = makebits(0, 0, 0);
401 p += 2;
402 }
403 else
404 /* TODO: recurse and concat results */
405 err = ASN_EUNIMPL;
406 }
407 else {
408 if(length < 2) {
409 if(length == 1 && *p == 0) {
410 pval->u.bitstringval = makebits(0, 0, 0);
411 p++;
412 }
413 else
414 err = ASN_EINVAL;
415 }
416 else {
417 bitsunused = *p;
418 if(bitsunused > 7)
419 err = ASN_EINVAL;
420 else if(length > 0x0FFFFFFF)
421 err = ASN_ETOOBIG;
422 else {
423 pval->u.bitstringval = makebits(p+1, length-1, bitsunused);
424 p += length;
425 }
426 }
427 }
428 break;
429
430 case OCTET_STRING:
431 case ObjectDescriptor:
432 err = octet_decode(&p, pend, length, isconstr, &va);
433 if(err == ASN_OK) {
434 pval->tag = VOctets;
435 pval->u.octetsval = va;
436 }
437 break;
438
439 case NULLTAG:
440 if(isconstr)
441 err = ASN_ECONSTR;
442 else if(length != 0)
443 err = ASN_EVALLEN;
444 else
445 pval->tag = VNull;
446 break;
447
448 case OBJECT_ID:
449 if(isconstr)
450 err = ASN_ECONSTR;
451 else if(length == 0)
452 err = ASN_EVALLEN;
453 else {
454 isubid = 0;
455 pe = p+length;
456 while(p < pe && isubid < MAXOBJIDLEN) {
457 err = uint7_decode(&p, pend, &num);
458 if(err != ASN_OK)
459 break;
460 if(isubid == 0) {
461 subids[isubid++] = num / 40;
462 subids[isubid++] = num % 40;
463 }
464 else
465 subids[isubid++] = num;
466 }
467 if(err == ASN_OK) {
468 if(p != pe)
469 err = ASN_EVALLEN;
470 else {
471 pval->tag = VObjId;
472 pval->u.objidval = makeints(subids, isubid);
473 }
474 }
475 }
476 break;
477
478 case EXTERNAL:
479 case EMBEDDED_PDV:
480 /* TODO: parse this internally */
481 if(p+length > pend)
482 err = ASN_EVALLEN;
483 else {
484 pval->tag = VOther;
485 pval->u.otherval = makebytes(p, length);
486 p += length;
487 }
488 break;
489
490 case REAL:
491 /* Let the application decode */
492 if(isconstr)
493 err = ASN_ECONSTR;
494 else if(p+length > pend)
495 err = ASN_EVALLEN;
496 else {
497 pval->tag = VReal;
498 pval->u.realval = makebytes(p, length);
499 p += length;
500 }
501 break;
502
503 case SEQUENCE:
504 err = seq_decode(&p, pend, length, isconstr, &vl);
505 if(err == ASN_OK) {
506 pval->tag = VSeq ;
507 pval->u.seqval = vl;
508 }
509 break;
510
511 case SETOF:
512 err = seq_decode(&p, pend, length, isconstr, &vl);
513 if(err == ASN_OK) {
514 pval->tag = VSet;
515 pval->u.setval = vl;
516 }
517 break;
518
519 case NumericString:
520 case PrintableString:
521 case TeletexString:
522 case VideotexString:
523 case IA5String:
524 case UTCTime:
525 case GeneralizedTime:
526 case GraphicString:
527 case VisibleString:
528 case GeneralString:
529 case UniversalString:
530 case BMPString:
531 /* TODO: figure out when character set conversion is necessary */
532 err = octet_decode(&p, pend, length, isconstr, &va);
533 if(err == ASN_OK) {
534 pval->tag = VString;
535 pval->u.stringval = (char*)emalloc(va->len+1);
536 memmove(pval->u.stringval, va->data, va->len);
537 pval->u.stringval[va->len] = 0;
538 free(va);
539 }
540 break;
541
542 default:
543 if(p+length > pend)
544 err = ASN_EVALLEN;
545 else {
546 pval->tag = VOther;
547 pval->u.otherval = makebytes(p, length);
548 p += length;
549 }
550 break;
551 }
552 *pp = p;
553 return err;
554 }
555
556 /*
557 * Decode an int in format where count bytes are
558 * concatenated to form value.
559 * Although ASN1 allows any size integer, we return
560 * an error if the result doesn't fit in a 32-bit int.
561 * If unsgned is not set, make sure to propagate sign bit.
562 */
563 static int
int_decode(uchar ** pp,uchar * pend,int count,int unsgned,int * pint)564 int_decode(uchar** pp, uchar* pend, int count, int unsgned, int* pint)
565 {
566 int err;
567 int num;
568 uchar* p;
569
570 p = *pp;
571 err = ASN_OK;
572 num = 0;
573 if(p+count <= pend) {
574 if((count > 4) || (unsgned && count == 4 && (*p&0x80)))
575 err = ASN_ETOOBIG;
576 else {
577 if(!unsgned && count > 0 && count < 4 && (*p&0x80))
578 num = -1; /* set all bits, initially */
579 while(count--)
580 num = (num << 8)|(*p++);
581 }
582 }
583 else
584 err = ASN_ESHORT;
585 *pint = num;
586 *pp = p;
587 return err;
588 }
589
590 /*
591 * Decode an unsigned int in format where each
592 * byte except last has high bit set, and remaining
593 * seven bits of each byte are concatenated to form value.
594 * Although ASN1 allows any size integer, we return
595 * an error if the result doesn't fit in a 32 bit int.
596 */
597 static int
uint7_decode(uchar ** pp,uchar * pend,int * pint)598 uint7_decode(uchar** pp, uchar* pend, int* pint)
599 {
600 int err;
601 int num;
602 int more;
603 int v;
604 uchar* p;
605
606 p = *pp;
607 err = ASN_OK;
608 num = 0;
609 more = 1;
610 while(more && p < pend) {
611 v = *p++;
612 if(num&0x7F000000) {
613 err = ASN_ETOOBIG;
614 break;
615 }
616 num <<= 7;
617 more = v&0x80;
618 num |= (v&0x7F);
619 }
620 if(p == pend)
621 err = ASN_ESHORT;
622 *pint = num;
623 *pp = p;
624 return err;
625 }
626
627 /*
628 * Decode an octet string, recursively if isconstr.
629 * We've already checked that length==-1 implies isconstr==1,
630 * and otherwise that specified length fits within (*pp..pend)
631 */
632 static int
octet_decode(uchar ** pp,uchar * pend,int length,int isconstr,Bytes ** pbytes)633 octet_decode(uchar** pp, uchar* pend, int length, int isconstr, Bytes** pbytes)
634 {
635 int err;
636 uchar* p;
637 Bytes* ans;
638 Bytes* newans;
639 uchar* pstart;
640 uchar* pold;
641 Elem elem;
642
643 err = ASN_OK;
644 p = *pp;
645 ans = nil;
646 if(length >= 0 && !isconstr) {
647 ans = makebytes(p, length);
648 p += length;
649 }
650 else {
651 /* constructed, either definite or indefinite length */
652 pstart = p;
653 for(;;) {
654 if(length >= 0 && p >= pstart + length) {
655 if(p != pstart + length)
656 err = ASN_EVALLEN;
657 break;
658 }
659 pold = p;
660 err = ber_decode(&p, pend, &elem);
661 if(err != ASN_OK)
662 break;
663 switch(elem.val.tag) {
664 case VOctets:
665 newans = catbytes(ans, elem.val.u.octetsval);
666 freebytes(ans);
667 ans = newans;
668 break;
669
670 case VEOC:
671 if(length != -1) {
672 p = pold;
673 err = ASN_EINVAL;
674 }
675 goto cloop_done;
676
677 default:
678 p = pold;
679 err = ASN_EINVAL;
680 goto cloop_done;
681 }
682 }
683 cloop_done:
684 ;
685 }
686 *pp = p;
687 *pbytes = ans;
688 return err;
689 }
690
691 /*
692 * Decode a sequence or set.
693 * We've already checked that length==-1 implies isconstr==1,
694 * and otherwise that specified length fits within (*p..pend)
695 */
696 static int
seq_decode(uchar ** pp,uchar * pend,int length,int isconstr,Elist ** pelist)697 seq_decode(uchar** pp, uchar* pend, int length, int isconstr, Elist** pelist)
698 {
699 int err;
700 uchar* p;
701 uchar* pstart;
702 uchar* pold;
703 Elist* ans;
704 Elem elem;
705 Elist* lve;
706 Elist* lveold;
707
708 err = ASN_OK;
709 ans = nil;
710 p = *pp;
711 if(!isconstr)
712 err = ASN_EPRIM;
713 else {
714 /* constructed, either definite or indefinite length */
715 lve = nil;
716 pstart = p;
717 for(;;) {
718 if(length >= 0 && p >= pstart + length) {
719 if(p != pstart + length)
720 err = ASN_EVALLEN;
721 break;
722 }
723 pold = p;
724 err = ber_decode(&p, pend, &elem);
725 if(err != ASN_OK)
726 break;
727 if(elem.val.tag == VEOC) {
728 if(length != -1) {
729 p = pold;
730 err = ASN_EINVAL;
731 }
732 break;
733 }
734 else
735 lve = mkel(elem, lve);
736 }
737 if(err == ASN_OK) {
738 /* reverse back to original order */
739 while(lve != nil) {
740 lveold = lve;
741 lve = lve->tl;
742 lveold->tl = ans;
743 ans = lveold;
744 }
745 }
746 }
747 *pp = p;
748 *pelist = ans;
749 return err;
750 }
751
752 /*
753 * Encode e by BER rules, putting answer in *pbytes.
754 * This is done by first calling enc with lenonly==1
755 * to get the length of the needed buffer,
756 * then allocating the buffer and using enc again to fill it up.
757 */
758 static int
encode(Elem e,Bytes ** pbytes)759 encode(Elem e, Bytes** pbytes)
760 {
761 uchar* p;
762 Bytes* ans;
763 int err;
764 uchar uc;
765
766 p = &uc;
767 err = enc(&p, e, 1);
768 if(err == ASN_OK) {
769 ans = newbytes(p-&uc);
770 p = ans->data;
771 err = enc(&p, e, 0);
772 *pbytes = ans;
773 }
774 return err;
775 }
776
777 /*
778 * The various enc functions take a pointer to a pointer
779 * into a buffer, and encode their entity starting there,
780 * updating the pointer afterwards.
781 * If lenonly is 1, only the pointer update is done,
782 * allowing enc to be called first to calculate the needed
783 * buffer length.
784 * If lenonly is 0, it is assumed that the answer will fit.
785 */
786
787 static int
enc(uchar ** pp,Elem e,int lenonly)788 enc(uchar** pp, Elem e, int lenonly)
789 {
790 int err;
791 int vlen;
792 int constr;
793 Tag tag;
794 int v;
795 int ilen;
796 uchar* p;
797 uchar* psave;
798
799 p = *pp;
800 err = val_enc(&p, e, &constr, 1);
801 if(err != ASN_OK)
802 return err;
803 vlen = p - *pp;
804 p = *pp;
805 tag = e.tag;
806 v = tag.class|constr;
807 if(tag.num < 31) {
808 if(!lenonly)
809 *p = (v|tag.num);
810 p++;
811 }
812 else {
813 if(!lenonly)
814 *p = (v|31);
815 p++;
816 if(tag.num < 0)
817 return ASN_EINVAL;
818 uint7_enc(&p, tag.num, lenonly);
819 }
820 if(vlen < 0x80) {
821 if(!lenonly)
822 *p = vlen;
823 p++;
824 }
825 else {
826 psave = p;
827 int_enc(&p, vlen, 1, 1);
828 ilen = p-psave;
829 p = psave;
830 if(!lenonly) {
831 *p++ = (0x80 | ilen);
832 int_enc(&p, vlen, 1, 0);
833 }
834 else
835 p += 1 + ilen;
836 }
837 if(!lenonly)
838 val_enc(&p, e, &constr, 0);
839 else
840 p += vlen;
841 *pp = p;
842 return err;
843 }
844
845 static int
val_enc(uchar ** pp,Elem e,int * pconstr,int lenonly)846 val_enc(uchar** pp, Elem e, int *pconstr, int lenonly)
847 {
848 int err;
849 uchar* p;
850 int kind;
851 int cl;
852 int v;
853 Bytes* bb = nil;
854 Bits* bits;
855 Ints* oid;
856 int k;
857 Elist* el;
858 char* s;
859
860 p = *pp;
861 err = ASN_OK;
862 kind = e.tag.num;
863 cl = e.tag.class;
864 *pconstr = 0;
865 if(cl != Universal) {
866 switch(e.val.tag) {
867 case VBool:
868 kind = BOOLEAN;
869 break;
870 case VInt:
871 kind = INTEGER;
872 break;
873 case VBigInt:
874 kind = INTEGER;
875 break;
876 case VOctets:
877 kind = OCTET_STRING;
878 break;
879 case VReal:
880 kind = REAL;
881 break;
882 case VOther:
883 kind = OCTET_STRING;
884 break;
885 case VBitString:
886 kind = BIT_STRING;
887 break;
888 case VNull:
889 kind = NULLTAG;
890 break;
891 case VObjId:
892 kind = OBJECT_ID;
893 break;
894 case VString:
895 kind = UniversalString;
896 break;
897 case VSeq:
898 kind = SEQUENCE;
899 break;
900 case VSet:
901 kind = SETOF;
902 break;
903 }
904 }
905 switch(kind) {
906 case BOOLEAN:
907 if(is_int(&e, &v)) {
908 if(v != 0)
909 v = 255;
910 int_enc(&p, v, 1, lenonly);
911 }
912 else
913 err = ASN_EINVAL;
914 break;
915
916 case INTEGER:
917 case ENUMERATED:
918 if(is_int(&e, &v))
919 int_enc(&p, v, 0, lenonly);
920 else {
921 if(is_bigint(&e, &bb)) {
922 if(!lenonly)
923 memmove(p, bb->data, bb->len);
924 p += bb->len;
925 }
926 else
927 err = ASN_EINVAL;
928 }
929 break;
930
931 case BIT_STRING:
932 if(is_bitstring(&e, &bits)) {
933 if(bits->len == 0) {
934 if(!lenonly)
935 *p = 0;
936 p++;
937 }
938 else {
939 v = bits->unusedbits;
940 if(v < 0 || v > 7)
941 err = ASN_EINVAL;
942 else {
943 if(!lenonly) {
944 *p = v;
945 memmove(p+1, bits->data, bits->len);
946 }
947 p += 1 + bits->len;
948 }
949 }
950 }
951 else
952 err = ASN_EINVAL;
953 break;
954
955 case OCTET_STRING:
956 case ObjectDescriptor:
957 case EXTERNAL:
958 case REAL:
959 case EMBEDDED_PDV:
960 bb = nil;
961 switch(e.val.tag) {
962 case VOctets:
963 bb = e.val.u.octetsval;
964 break;
965 case VReal:
966 bb = e.val.u.realval;
967 break;
968 case VOther:
969 bb = e.val.u.otherval;
970 break;
971 }
972 if(bb != nil) {
973 if(!lenonly)
974 memmove(p, bb->data, bb->len);
975 p += bb->len;
976 }
977 else
978 err = ASN_EINVAL;
979 break;
980
981 case NULLTAG:
982 break;
983
984 case OBJECT_ID:
985 if(is_oid(&e, &oid)) {
986 for(k = 0; k < oid->len; k++) {
987 v = oid->data[k];
988 if(k == 0) {
989 v *= 40;
990 if(oid->len > 1)
991 v += oid->data[++k];
992 }
993 uint7_enc(&p, v, lenonly);
994 }
995 }
996 else
997 err = ASN_EINVAL;
998 break;
999
1000 case SEQUENCE:
1001 case SETOF:
1002 el = nil;
1003 if(e.val.tag == VSeq)
1004 el = e.val.u.seqval;
1005 else if(e.val.tag == VSet)
1006 el = e.val.u.setval;
1007 else
1008 err = ASN_EINVAL;
1009 if(el != nil) {
1010 *pconstr = CONSTR_MASK;
1011 for(; el != nil; el = el->tl) {
1012 err = enc(&p, el->hd, lenonly);
1013 if(err != ASN_OK)
1014 break;
1015 }
1016 }
1017 break;
1018
1019 case NumericString:
1020 case PrintableString:
1021 case TeletexString:
1022 case VideotexString:
1023 case IA5String:
1024 case UTCTime:
1025 case GeneralizedTime:
1026 case GraphicString:
1027 case VisibleString:
1028 case GeneralString:
1029 case UniversalString:
1030 case BMPString:
1031 if(e.val.tag == VString) {
1032 s = e.val.u.stringval;
1033 if(s != nil) {
1034 v = strlen(s);
1035 if(!lenonly)
1036 memmove(p, s, v);
1037 p += v;
1038 }
1039 }
1040 else
1041 err = ASN_EINVAL;
1042 break;
1043
1044 default:
1045 err = ASN_EINVAL;
1046 }
1047 *pp = p;
1048 return err;
1049 }
1050
1051 /*
1052 * Encode num as unsigned 7 bit values with top bit 1 on all bytes
1053 * except last, only putting in bytes if !lenonly.
1054 */
1055 static void
uint7_enc(uchar ** pp,int num,int lenonly)1056 uint7_enc(uchar** pp, int num, int lenonly)
1057 {
1058 int n;
1059 int v;
1060 int k;
1061 uchar* p;
1062
1063 p = *pp;
1064 n = 1;
1065 v = num >> 7;
1066 while(v > 0) {
1067 v >>= 7;
1068 n++;
1069 }
1070 if(lenonly)
1071 p += n;
1072 else {
1073 for(k = (n - 1)*7; k > 0; k -= 7)
1074 *p++= ((num >> k)|0x80);
1075 *p++ = (num&0x7F);
1076 }
1077 *pp = p;
1078 }
1079
1080 /*
1081 * Encode num as unsigned or signed integer,
1082 * only putting in bytes if !lenonly.
1083 * Encoding is length followed by bytes to concatenate.
1084 */
1085 static void
int_enc(uchar ** pp,int num,int unsgned,int lenonly)1086 int_enc(uchar** pp, int num, int unsgned, int lenonly)
1087 {
1088 int v;
1089 int n;
1090 int prevv;
1091 int k;
1092 uchar* p;
1093
1094 p = *pp;
1095 v = num;
1096 if(v < 0)
1097 v = -(v + 1);
1098 n = 1;
1099 prevv = v;
1100 v >>= 8;
1101 while(v > 0) {
1102 prevv = v;
1103 v >>= 8;
1104 n++;
1105 }
1106 if(!unsgned && (prevv&0x80))
1107 n++;
1108 if(lenonly)
1109 p += n;
1110 else {
1111 for(k = (n - 1)*8; k >= 0; k -= 8)
1112 *p++ = (num >> k);
1113 }
1114 *pp = p;
1115 }
1116
1117 static int
ints_eq(Ints * a,Ints * b)1118 ints_eq(Ints* a, Ints* b)
1119 {
1120 int alen;
1121 int i;
1122
1123 alen = a->len;
1124 if(alen != b->len)
1125 return 0;
1126 for(i = 0; i < alen; i++)
1127 if(a->data[i] != b->data[i])
1128 return 0;
1129 return 1;
1130 }
1131
1132 /*
1133 * Look up o in tab (which must have nil entry to terminate).
1134 * Return index of matching entry, or -1 if none.
1135 */
1136 static int
oid_lookup(Ints * o,Ints ** tab)1137 oid_lookup(Ints* o, Ints** tab)
1138 {
1139 int i;
1140
1141 for(i = 0; tab[i] != nil; i++)
1142 if(ints_eq(o, tab[i]))
1143 return i;
1144 return -1;
1145 }
1146
1147 /*
1148 * Return true if *pe is a SEQUENCE, and set *pseq to
1149 * the value of the sequence if so.
1150 */
1151 static int
is_seq(Elem * pe,Elist ** pseq)1152 is_seq(Elem* pe, Elist** pseq)
1153 {
1154 if(pe->tag.class == Universal && pe->tag.num == SEQUENCE && pe->val.tag == VSeq) {
1155 *pseq = pe->val.u.seqval;
1156 return 1;
1157 }
1158 return 0;
1159 }
1160
1161 static int
is_set(Elem * pe,Elist ** pset)1162 is_set(Elem* pe, Elist** pset)
1163 {
1164 if(pe->tag.class == Universal && pe->tag.num == SETOF && pe->val.tag == VSet) {
1165 *pset = pe->val.u.setval;
1166 return 1;
1167 }
1168 return 0;
1169 }
1170
1171 static int
is_int(Elem * pe,int * pint)1172 is_int(Elem* pe, int* pint)
1173 {
1174 if(pe->tag.class == Universal) {
1175 if(pe->tag.num == INTEGER && pe->val.tag == VInt) {
1176 *pint = pe->val.u.intval;
1177 return 1;
1178 }
1179 else if(pe->tag.num == BOOLEAN && pe->val.tag == VBool) {
1180 *pint = pe->val.u.boolval;
1181 return 1;
1182 }
1183 }
1184 return 0;
1185 }
1186
1187 /*
1188 * for convience, all VInt's are readable via this routine,
1189 * as well as all VBigInt's
1190 */
1191 static int
is_bigint(Elem * pe,Bytes ** pbigint)1192 is_bigint(Elem* pe, Bytes** pbigint)
1193 {
1194 int v, n, i;
1195
1196 if(pe->tag.class == Universal && pe->tag.num == INTEGER) {
1197 if(pe->val.tag == VBigInt)
1198 *pbigint = pe->val.u.bigintval;
1199 else if(pe->val.tag == VInt){
1200 v = pe->val.u.intval;
1201 for(n = 1; n < 4; n++)
1202 if((1 << (8 * n)) > v)
1203 break;
1204 *pbigint = newbytes(n);
1205 for(i = 0; i < n; i++)
1206 (*pbigint)->data[i] = (v >> ((n - 1 - i) * 8));
1207 }else
1208 return 0;
1209 return 1;
1210 }
1211 return 0;
1212 }
1213
1214 static int
is_bitstring(Elem * pe,Bits ** pbits)1215 is_bitstring(Elem* pe, Bits** pbits)
1216 {
1217 if(pe->tag.class == Universal && pe->tag.num == BIT_STRING && pe->val.tag == VBitString) {
1218 *pbits = pe->val.u.bitstringval;
1219 return 1;
1220 }
1221 return 0;
1222 }
1223
1224 static int
is_octetstring(Elem * pe,Bytes ** poctets)1225 is_octetstring(Elem* pe, Bytes** poctets)
1226 {
1227 if(pe->tag.class == Universal && pe->tag.num == OCTET_STRING && pe->val.tag == VOctets) {
1228 *poctets = pe->val.u.octetsval;
1229 return 1;
1230 }
1231 return 0;
1232 }
1233
1234 static int
is_oid(Elem * pe,Ints ** poid)1235 is_oid(Elem* pe, Ints** poid)
1236 {
1237 if(pe->tag.class == Universal && pe->tag.num == OBJECT_ID && pe->val.tag == VObjId) {
1238 *poid = pe->val.u.objidval;
1239 return 1;
1240 }
1241 return 0;
1242 }
1243
1244 static int
is_string(Elem * pe,char ** pstring)1245 is_string(Elem* pe, char** pstring)
1246 {
1247 if(pe->tag.class == Universal) {
1248 switch(pe->tag.num) {
1249 case NumericString:
1250 case PrintableString:
1251 case TeletexString:
1252 case VideotexString:
1253 case IA5String:
1254 case GraphicString:
1255 case VisibleString:
1256 case GeneralString:
1257 case UniversalString:
1258 case BMPString:
1259 if(pe->val.tag == VString) {
1260 *pstring = pe->val.u.stringval;
1261 return 1;
1262 }
1263 }
1264 }
1265 return 0;
1266 }
1267
1268 static int
is_time(Elem * pe,char ** ptime)1269 is_time(Elem* pe, char** ptime)
1270 {
1271 if(pe->tag.class == Universal
1272 && (pe->tag.num == UTCTime || pe->tag.num == GeneralizedTime)
1273 && pe->val.tag == VString) {
1274 *ptime = pe->val.u.stringval;
1275 return 1;
1276 }
1277 return 0;
1278 }
1279
1280
1281 /*
1282 * malloc and return a new Bytes structure capable of
1283 * holding len bytes. (len >= 0)
1284 */
1285 static Bytes*
newbytes(int len)1286 newbytes(int len)
1287 {
1288 Bytes* ans;
1289
1290 ans = (Bytes*)emalloc(OFFSETOF(data[0], Bytes) + len);
1291 ans->len = len;
1292 return ans;
1293 }
1294
1295 /*
1296 * newbytes(len), with data initialized from buf
1297 */
1298 static Bytes*
makebytes(uchar * buf,int len)1299 makebytes(uchar* buf, int len)
1300 {
1301 Bytes* ans;
1302
1303 ans = newbytes(len);
1304 memmove(ans->data, buf, len);
1305 return ans;
1306 }
1307
1308 static void
freebytes(Bytes * b)1309 freebytes(Bytes* b)
1310 {
1311 if(b != nil)
1312 free(b);
1313 }
1314
1315 /*
1316 * Make a new Bytes, containing bytes of b1 followed by those of b2.
1317 * Either b1 or b2 or both can be nil.
1318 */
1319 static Bytes*
catbytes(Bytes * b1,Bytes * b2)1320 catbytes(Bytes* b1, Bytes* b2)
1321 {
1322 Bytes* ans;
1323 int n;
1324
1325 if(b1 == nil) {
1326 if(b2 == nil)
1327 ans = newbytes(0);
1328 else
1329 ans = makebytes(b2->data, b2->len);
1330 }
1331 else if(b2 == nil) {
1332 ans = makebytes(b1->data, b1->len);
1333 }
1334 else {
1335 n = b1->len + b2->len;
1336 ans = newbytes(n);
1337 ans->len = n;
1338 memmove(ans->data, b1->data, b1->len);
1339 memmove(ans->data+b1->len, b2->data, b2->len);
1340 }
1341 return ans;
1342 }
1343
1344 /* len is number of ints */
1345 static Ints*
newints(int len)1346 newints(int len)
1347 {
1348 Ints* ans;
1349
1350 ans = (Ints*)emalloc(OFFSETOF(data[0], Ints) + len*sizeof(int));
1351 ans->len = len;
1352 return ans;
1353 }
1354
1355 static Ints*
makeints(int * buf,int len)1356 makeints(int* buf, int len)
1357 {
1358 Ints* ans;
1359
1360 ans = newints(len);
1361 if(len > 0)
1362 memmove(ans->data, buf, len*sizeof(int));
1363 return ans;
1364 }
1365
1366 static void
freeints(Ints * b)1367 freeints(Ints* b)
1368 {
1369 if(b != nil)
1370 free(b);
1371 }
1372
1373 /* len is number of bytes */
1374 static Bits*
newbits(int len)1375 newbits(int len)
1376 {
1377 Bits* ans;
1378
1379 ans = (Bits*)emalloc(OFFSETOF(data[0], Bits) + len);
1380 ans->len = len;
1381 ans->unusedbits = 0;
1382 return ans;
1383 }
1384
1385 static Bits*
makebits(uchar * buf,int len,int unusedbits)1386 makebits(uchar* buf, int len, int unusedbits)
1387 {
1388 Bits* ans;
1389
1390 ans = newbits(len);
1391 memmove(ans->data, buf, len);
1392 ans->unusedbits = unusedbits;
1393 return ans;
1394 }
1395
1396 static void
freebits(Bits * b)1397 freebits(Bits* b)
1398 {
1399 if(b != nil)
1400 free(b);
1401 }
1402
1403 static Elist*
mkel(Elem e,Elist * tail)1404 mkel(Elem e, Elist* tail)
1405 {
1406 Elist* el;
1407
1408 el = (Elist*)emalloc(sizeof(Elist));
1409 el->hd = e;
1410 el->tl = tail;
1411 return el;
1412 }
1413
1414 static int
elistlen(Elist * el)1415 elistlen(Elist* el)
1416 {
1417 int ans = 0;
1418 while(el != nil) {
1419 ans++;
1420 el = el->tl;
1421 }
1422 return ans;
1423 }
1424
1425 /* Frees elist, but not fields inside values of constituent elems */
1426 static void
freeelist(Elist * el)1427 freeelist(Elist* el)
1428 {
1429 Elist* next;
1430
1431 while(el != nil) {
1432 next = el->tl;
1433 free(el);
1434 el = next;
1435 }
1436 }
1437
1438 /* free any allocated structures inside v (recursively freeing Elists) */
1439 static void
freevalfields(Value * v)1440 freevalfields(Value* v)
1441 {
1442 Elist* el;
1443 Elist* l;
1444 if(v == nil)
1445 return;
1446 switch(v->tag) {
1447 case VOctets:
1448 freebytes(v->u.octetsval);
1449 break;
1450 case VBigInt:
1451 freebytes(v->u.bigintval);
1452 break;
1453 case VReal:
1454 freebytes(v->u.realval);
1455 break;
1456 case VOther:
1457 freebytes(v->u.otherval);
1458 break;
1459 case VBitString:
1460 freebits(v->u.bitstringval);
1461 break;
1462 case VObjId:
1463 freeints(v->u.objidval);
1464 break;
1465 case VString:
1466 if (v->u.stringval)
1467 free(v->u.stringval);
1468 break;
1469 case VSeq:
1470 el = v->u.seqval;
1471 for(l = el; l != nil; l = l->tl)
1472 freevalfields(&l->hd.val);
1473 if (el)
1474 freeelist(el);
1475 break;
1476 case VSet:
1477 el = v->u.setval;
1478 for(l = el; l != nil; l = l->tl)
1479 freevalfields(&l->hd.val);
1480 if (el)
1481 freeelist(el);
1482 break;
1483 }
1484 }
1485
1486 /* end of general ASN1 functions */
1487
1488
1489
1490
1491
1492 /*=============================================================*/
1493 /*
1494 * Decode and parse an X.509 Certificate, defined by this ASN1:
1495 * Certificate ::= SEQUENCE {
1496 * certificateInfo CertificateInfo,
1497 * signatureAlgorithm AlgorithmIdentifier,
1498 * signature BIT STRING }
1499 *
1500 * CertificateInfo ::= SEQUENCE {
1501 * version [0] INTEGER DEFAULT v1 (0),
1502 * serialNumber INTEGER,
1503 * signature AlgorithmIdentifier,
1504 * issuer Name,
1505 * validity Validity,
1506 * subject Name,
1507 * subjectPublicKeyInfo SubjectPublicKeyInfo }
1508 * (version v2 has two more fields, optional unique identifiers for
1509 * issuer and subject; since we ignore these anyway, we won't parse them)
1510 *
1511 * Validity ::= SEQUENCE {
1512 * notBefore UTCTime,
1513 * notAfter UTCTime }
1514 *
1515 * SubjectPublicKeyInfo ::= SEQUENCE {
1516 * algorithm AlgorithmIdentifier,
1517 * subjectPublicKey BIT STRING }
1518 *
1519 * AlgorithmIdentifier ::= SEQUENCE {
1520 * algorithm OBJECT IDENTIFER,
1521 * parameters ANY DEFINED BY ALGORITHM OPTIONAL }
1522 *
1523 * Name ::= SEQUENCE OF RelativeDistinguishedName
1524 *
1525 * RelativeDistinguishedName ::= SETOF SIZE(1..MAX) OF AttributeTypeAndValue
1526 *
1527 * AttributeTypeAndValue ::= SEQUENCE {
1528 * type OBJECT IDENTIFER,
1529 * value DirectoryString }
1530 * (selected attributes have these Object Ids:
1531 * commonName {2 5 4 3}
1532 * countryName {2 5 4 6}
1533 * localityName {2 5 4 7}
1534 * stateOrProvinceName {2 5 4 8}
1535 * organizationName {2 5 4 10}
1536 * organizationalUnitName {2 5 4 11}
1537 * )
1538 *
1539 * DirectoryString ::= CHOICE {
1540 * teletexString TeletexString,
1541 * printableString PrintableString,
1542 * universalString UniversalString }
1543 *
1544 * See rfc1423, rfc2437 for AlgorithmIdentifier, subjectPublicKeyInfo, signature.
1545 *
1546 * Not yet implemented:
1547 * CertificateRevocationList ::= SIGNED SEQUENCE{
1548 * signature AlgorithmIdentifier,
1549 * issuer Name,
1550 * lastUpdate UTCTime,
1551 * nextUpdate UTCTime,
1552 * revokedCertificates
1553 * SEQUENCE OF CRLEntry OPTIONAL}
1554 * CRLEntry ::= SEQUENCE{
1555 * userCertificate SerialNumber,
1556 * revocationDate UTCTime}
1557 */
1558
1559 typedef struct CertX509 {
1560 int serial;
1561 char* issuer;
1562 char* validity_start;
1563 char* validity_end;
1564 char* subject;
1565 int publickey_alg;
1566 Bytes* publickey;
1567 int signature_alg;
1568 Bytes* signature;
1569 } CertX509;
1570
1571 /* Algorithm object-ids */
1572 enum {
1573 ALG_rsaEncryption,
1574 ALG_md2WithRSAEncryption,
1575 ALG_md4WithRSAEncryption,
1576 ALG_md5WithRSAEncryption,
1577 ALG_sha1WithRSAEncryption,
1578 ALG_md5,
1579 NUMALGS
1580 };
1581 typedef struct Ints7 {
1582 int len;
1583 int data[7];
1584 } Ints7;
1585 static Ints7 oid_rsaEncryption = {7, 1, 2, 840, 113549, 1, 1, 1 };
1586 static Ints7 oid_md2WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 2 };
1587 static Ints7 oid_md4WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 3 };
1588 static Ints7 oid_md5WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 4 };
1589 static Ints7 oid_sha1WithRSAEncryption ={7, 1, 2, 840, 113549, 1, 1, 5 };
1590 static Ints7 oid_md5 ={6, 1, 2, 840, 113549, 2, 5, 0 };
1591 static Ints *alg_oid_tab[NUMALGS+1] = {
1592 (Ints*)(void*)&oid_rsaEncryption,
1593 (Ints*)(void*)&oid_md2WithRSAEncryption,
1594 (Ints*)(void*)&oid_md4WithRSAEncryption,
1595 (Ints*)(void*)&oid_md5WithRSAEncryption,
1596 (Ints*)(void*)&oid_sha1WithRSAEncryption,
1597 (Ints*)(void*)&oid_md5,
1598 nil
1599 };
1600 static DigestFun digestalg[NUMALGS+1] = { md5, md5, md5, md5, sha1, md5, 0 };
1601
1602 static void
freecert(CertX509 * c)1603 freecert(CertX509* c)
1604 {
1605 if (!c) return;
1606 if(c->issuer != nil)
1607 free(c->issuer);
1608 if(c->validity_start != nil)
1609 free(c->validity_start);
1610 if(c->validity_end != nil)
1611 free(c->validity_end);
1612 if(c->subject != nil)
1613 free(c->subject);
1614 freebytes(c->publickey);
1615 freebytes(c->signature);
1616 }
1617
1618 /*
1619 * Parse the Name ASN1 type.
1620 * The sequence of RelativeDistinguishedName's gives a sort of pathname,
1621 * from most general to most specific. Each element of the path can be
1622 * one or more (but usually just one) attribute-value pair, such as
1623 * countryName="US".
1624 * We'll just form a "postal-style" address string by concatenating the elements
1625 * from most specific to least specific, separated by commas.
1626 * Return name-as-string (which must be freed by caller).
1627 */
1628 static char*
parse_name(Elem * e)1629 parse_name(Elem* e)
1630 {
1631 Elist* el;
1632 Elem* es;
1633 Elist* esetl;
1634 Elem* eat;
1635 Elist* eatl;
1636 char* s;
1637 enum { MAXPARTS = 100 };
1638 char* parts[MAXPARTS];
1639 int i;
1640 int plen;
1641 char* ans = nil;
1642
1643 if(!is_seq(e, &el))
1644 goto errret;
1645 i = 0;
1646 plen = 0;
1647 while(el != nil) {
1648 es = &el->hd;
1649 if(!is_set(es, &esetl))
1650 goto errret;
1651 while(esetl != nil) {
1652 eat = &esetl->hd;
1653 if(!is_seq(eat, &eatl) || elistlen(eatl) != 2)
1654 goto errret;
1655 if(!is_string(&eatl->tl->hd, &s) || i>=MAXPARTS)
1656 goto errret;
1657 parts[i++] = s;
1658 plen += strlen(s) + 2; /* room for ", " after */
1659 esetl = esetl->tl;
1660 }
1661 el = el->tl;
1662 }
1663 if(i > 0) {
1664 ans = (char*)emalloc(plen);
1665 *ans = '\0';
1666 while(--i >= 0) {
1667 s = parts[i];
1668 strcat(ans, s);
1669 if(i > 0)
1670 strcat(ans, ", ");
1671 }
1672 }
1673
1674 errret:
1675 return ans;
1676 }
1677
1678 /*
1679 * Parse an AlgorithmIdentifer ASN1 type.
1680 * Look up the oid in oid_tab and return one of OID_rsaEncryption, etc..,
1681 * or -1 if not found.
1682 * For now, ignore parameters, since none of our algorithms need them.
1683 */
1684 static int
parse_alg(Elem * e)1685 parse_alg(Elem* e)
1686 {
1687 Elist* el;
1688 Ints* oid;
1689
1690 if(!is_seq(e, &el) || el == nil || !is_oid(&el->hd, &oid))
1691 return -1;
1692 return oid_lookup(oid, alg_oid_tab);
1693 }
1694
1695 static CertX509*
decode_cert(Bytes * a)1696 decode_cert(Bytes* a)
1697 {
1698 int ok = 0;
1699 int n;
1700 CertX509* c = nil;
1701 Elem ecert;
1702 Elem* ecertinfo;
1703 Elem* esigalg;
1704 Elem* esig;
1705 Elem* eserial;
1706 Elem* eissuer;
1707 Elem* evalidity;
1708 Elem* esubj;
1709 Elem* epubkey;
1710 Elist* el;
1711 Elist* elcert = nil;
1712 Elist* elcertinfo = nil;
1713 Elist* elvalidity = nil;
1714 Elist* elpubkey = nil;
1715 Bits* bits = nil;
1716 Bytes* b;
1717 Elem* e;
1718
1719 if(decode(a->data, a->len, &ecert) != ASN_OK)
1720 goto errret;
1721
1722 c = (CertX509*)emalloc(sizeof(CertX509));
1723 c->serial = -1;
1724 c->issuer = nil;
1725 c->validity_start = nil;
1726 c->validity_end = nil;
1727 c->subject = nil;
1728 c->publickey_alg = -1;
1729 c->publickey = nil;
1730 c->signature_alg = -1;
1731 c->signature = nil;
1732
1733 /* Certificate */
1734 if(!is_seq(&ecert, &elcert) || elistlen(elcert) !=3)
1735 goto errret;
1736 ecertinfo = &elcert->hd;
1737 el = elcert->tl;
1738 esigalg = &el->hd;
1739 c->signature_alg = parse_alg(esigalg);
1740 el = el->tl;
1741 esig = &el->hd;
1742
1743 /* Certificate Info */
1744 if(!is_seq(ecertinfo, &elcertinfo))
1745 goto errret;
1746 n = elistlen(elcertinfo);
1747 if(n < 6)
1748 goto errret;
1749 eserial =&elcertinfo->hd;
1750 el = elcertinfo->tl;
1751 /* check for optional version, marked by explicit context tag 0 */
1752 if(eserial->tag.class == Context && eserial->tag.num == 0) {
1753 eserial = &el->hd;
1754 if(n < 7)
1755 goto errret;
1756 el = el->tl;
1757 }
1758
1759 if(parse_alg(&el->hd) != c->signature_alg)
1760 goto errret;
1761 el = el->tl;
1762 eissuer = &el->hd;
1763 el = el->tl;
1764 evalidity = &el->hd;
1765 el = el->tl;
1766 esubj = &el->hd;
1767 el = el->tl;
1768 epubkey = &el->hd;
1769 if(!is_int(eserial, &c->serial)) {
1770 if(!is_bigint(eserial, &b))
1771 goto errret;
1772 c->serial = -1; /* else we have to change cert struct */
1773 }
1774 c->issuer = parse_name(eissuer);
1775 if(c->issuer == nil)
1776 goto errret;
1777 /* Validity */
1778 if(!is_seq(evalidity, &elvalidity))
1779 goto errret;
1780 if(elistlen(elvalidity) != 2)
1781 goto errret;
1782 e = &elvalidity->hd;
1783 if(!is_time(e, &c->validity_start))
1784 goto errret;
1785 e->val.u.stringval = nil; /* string ownership transfer */
1786 e = &elvalidity->tl->hd;
1787 if(!is_time(e, &c->validity_end))
1788 goto errret;
1789 e->val.u.stringval = nil; /* string ownership transfer */
1790
1791 /* resume CertificateInfo */
1792 c->subject = parse_name(esubj);
1793 if(c->subject == nil)
1794 goto errret;
1795
1796 /* SubjectPublicKeyInfo */
1797 if(!is_seq(epubkey, &elpubkey))
1798 goto errret;
1799 if(elistlen(elpubkey) != 2)
1800 goto errret;
1801
1802 c->publickey_alg = parse_alg(&elpubkey->hd);
1803 if(c->publickey_alg < 0)
1804 goto errret;
1805 if(!is_bitstring(&elpubkey->tl->hd, &bits))
1806 goto errret;
1807 if(bits->unusedbits != 0)
1808 goto errret;
1809 c->publickey = makebytes(bits->data, bits->len);
1810
1811 /*resume Certificate */
1812 if(c->signature_alg < 0)
1813 goto errret;
1814 if(!is_bitstring(esig, &bits))
1815 goto errret;
1816 c->signature = makebytes(bits->data, bits->len);
1817 ok = 1;
1818
1819 errret:
1820 freevalfields(&ecert.val); /* recurses through lists, too */
1821 if(!ok){
1822 freecert(c);
1823 c = nil;
1824 }
1825 return c;
1826 }
1827
1828 /*
1829 * RSAPublickKey :: SEQUENCE {
1830 * modulus INTEGER,
1831 * publicExponent INTEGER
1832 * }
1833 */
1834 static RSApub*
decode_rsapubkey(Bytes * a)1835 decode_rsapubkey(Bytes* a)
1836 {
1837 Elem e;
1838 Elist *el;
1839 mpint *mp;
1840 RSApub* key;
1841
1842 key = rsapuballoc();
1843 if(decode(a->data, a->len, &e) != ASN_OK)
1844 goto errret;
1845 if(!is_seq(&e, &el) || elistlen(el) != 2)
1846 goto errret;
1847
1848 key->n = mp = asn1mpint(&el->hd);
1849 if(mp == nil)
1850 goto errret;
1851
1852 el = el->tl;
1853 key->ek = mp = asn1mpint(&el->hd);
1854 if(mp == nil)
1855 goto errret;
1856 return key;
1857 errret:
1858 rsapubfree(key);
1859 return nil;
1860 }
1861
1862 /*
1863 * RSAPrivateKey ::= SEQUENCE {
1864 * version Version,
1865 * modulus INTEGER, -- n
1866 * publicExponent INTEGER, -- e
1867 * privateExponent INTEGER, -- d
1868 * prime1 INTEGER, -- p
1869 * prime2 INTEGER, -- q
1870 * exponent1 INTEGER, -- d mod (p-1)
1871 * exponent2 INTEGER, -- d mod (q-1)
1872 * coefficient INTEGER -- (inverse of q) mod p }
1873 */
1874 static RSApriv*
decode_rsaprivkey(Bytes * a)1875 decode_rsaprivkey(Bytes* a)
1876 {
1877 int version;
1878 Elem e;
1879 Elist *el;
1880 mpint *mp;
1881 RSApriv* key;
1882
1883 key = rsaprivalloc();
1884 if(decode(a->data, a->len, &e) != ASN_OK)
1885 goto errret;
1886 if(!is_seq(&e, &el) || elistlen(el) != 9)
1887 goto errret;
1888 if(!is_int(&el->hd, &version) || version != 0)
1889 goto errret;
1890
1891 el = el->tl;
1892 key->pub.n = mp = asn1mpint(&el->hd);
1893 if(mp == nil)
1894 goto errret;
1895
1896 el = el->tl;
1897 key->pub.ek = mp = asn1mpint(&el->hd);
1898 if(mp == nil)
1899 goto errret;
1900
1901 el = el->tl;
1902 key->dk = mp = asn1mpint(&el->hd);
1903 if(mp == nil)
1904 goto errret;
1905
1906 el = el->tl;
1907 key->q = mp = asn1mpint(&el->hd);
1908 if(mp == nil)
1909 goto errret;
1910
1911 el = el->tl;
1912 key->p = mp = asn1mpint(&el->hd);
1913 if(mp == nil)
1914 goto errret;
1915
1916 el = el->tl;
1917 key->kq = mp = asn1mpint(&el->hd);
1918 if(mp == nil)
1919 goto errret;
1920
1921 el = el->tl;
1922 key->kp = mp = asn1mpint(&el->hd);
1923 if(mp == nil)
1924 goto errret;
1925
1926 el = el->tl;
1927 key->c2 = mp = asn1mpint(&el->hd);
1928 if(mp == nil)
1929 goto errret;
1930
1931 return key;
1932 errret:
1933 rsaprivfree(key);
1934 return nil;
1935 }
1936
1937 /*
1938 * DSAPrivateKey ::= SEQUENCE{
1939 * version Version,
1940 * p INTEGER,
1941 * q INTEGER,
1942 * g INTEGER, -- alpha
1943 * pub_key INTEGER, -- key
1944 * priv_key INTEGER, -- secret
1945 * }
1946 */
1947 static DSApriv*
decode_dsaprivkey(Bytes * a)1948 decode_dsaprivkey(Bytes* a)
1949 {
1950 int version;
1951 Elem e;
1952 Elist *el;
1953 mpint *mp;
1954 DSApriv* key;
1955
1956 key = dsaprivalloc();
1957 if(decode(a->data, a->len, &e) != ASN_OK)
1958 goto errret;
1959 if(!is_seq(&e, &el) || elistlen(el) != 6)
1960 goto errret;
1961 version=-1;
1962 if(!is_int(&el->hd, &version) || version != 0)
1963 {
1964 fprint(2, "version %d\n", version);
1965 goto errret;
1966 }
1967
1968 el = el->tl;
1969 key->pub.p = mp = asn1mpint(&el->hd);
1970 if(mp == nil)
1971 goto errret;
1972
1973 el = el->tl;
1974 key->pub.q = mp = asn1mpint(&el->hd);
1975 if(mp == nil)
1976 goto errret;
1977
1978 el = el->tl;
1979 key->pub.alpha = mp = asn1mpint(&el->hd);
1980 if(mp == nil)
1981 goto errret;
1982
1983 el = el->tl;
1984 key->pub.key = mp = asn1mpint(&el->hd);
1985 if(mp == nil)
1986 goto errret;
1987
1988 el = el->tl;
1989 key->secret = mp = asn1mpint(&el->hd);
1990 if(mp == nil)
1991 goto errret;
1992
1993 return key;
1994 errret:
1995 dsaprivfree(key);
1996 return nil;
1997 }
1998
1999 static mpint*
asn1mpint(Elem * e)2000 asn1mpint(Elem *e)
2001 {
2002 Bytes *b;
2003 mpint *mp;
2004 int v;
2005
2006 if(is_int(e, &v))
2007 return itomp(v, nil);
2008 if(is_bigint(e, &b)) {
2009 mp = betomp(b->data, b->len, nil);
2010 freebytes(b);
2011 return mp;
2012 }
2013 return nil;
2014 }
2015
2016 static mpint*
pkcs1pad(Bytes * b,mpint * modulus)2017 pkcs1pad(Bytes *b, mpint *modulus)
2018 {
2019 int n = (mpsignif(modulus)+7)/8;
2020 int pm1, i;
2021 uchar *p;
2022 mpint *mp;
2023
2024 pm1 = n - 1 - b->len;
2025 p = (uchar*)emalloc(n);
2026 p[0] = 0;
2027 p[1] = 1;
2028 for(i = 2; i < pm1; i++)
2029 p[i] = 0xFF;
2030 p[pm1] = 0;
2031 memcpy(&p[pm1+1], b->data, b->len);
2032 mp = betomp(p, n, nil);
2033 free(p);
2034 return mp;
2035 }
2036
2037 RSApriv*
asn1toRSApriv(uchar * kd,int kn)2038 asn1toRSApriv(uchar *kd, int kn)
2039 {
2040 Bytes *b;
2041 RSApriv *key;
2042
2043 b = makebytes(kd, kn);
2044 key = decode_rsaprivkey(b);
2045 freebytes(b);
2046 return key;
2047 }
2048
2049 DSApriv*
asn1toDSApriv(uchar * kd,int kn)2050 asn1toDSApriv(uchar *kd, int kn)
2051 {
2052 Bytes *b;
2053 DSApriv *key;
2054
2055 b = makebytes(kd, kn);
2056 key = decode_dsaprivkey(b);
2057 freebytes(b);
2058 return key;
2059 }
2060
2061 /*
2062 * digest(CertificateInfo)
2063 * Our ASN.1 library doesn't return pointers into the original
2064 * data array, so we need to do a little hand decoding.
2065 */
2066 static void
digest_certinfo(Bytes * cert,DigestFun digestfun,uchar * digest)2067 digest_certinfo(Bytes *cert, DigestFun digestfun, uchar *digest)
2068 {
2069 uchar *info, *p, *pend;
2070 ulong infolen;
2071 int isconstr, length;
2072 Tag tag;
2073 Elem elem;
2074
2075 p = cert->data;
2076 pend = cert->data + cert->len;
2077 if(tag_decode(&p, pend, &tag, &isconstr) != ASN_OK ||
2078 tag.class != Universal || tag.num != SEQUENCE ||
2079 length_decode(&p, pend, &length) != ASN_OK ||
2080 length > pend - p)
2081 return;
2082 info = p;
2083 if(ber_decode(&p, pend, &elem) != ASN_OK || elem.tag.num != SEQUENCE)
2084 return;
2085 infolen = p - info;
2086 (*digestfun)(info, infolen, digest, nil);
2087 }
2088
2089 static char*
verify_signature(Bytes * signature,RSApub * pk,uchar * edigest,Elem ** psigalg)2090 verify_signature(Bytes* signature, RSApub *pk, uchar *edigest, Elem **psigalg)
2091 {
2092 Elem e;
2093 Elist *el;
2094 Bytes *digest;
2095 uchar *pkcs1buf, *buf;
2096 int buflen;
2097 mpint *pkcs1;
2098 int nlen;
2099
2100 /* one less than the byte length of the modulus */
2101 nlen = (mpsignif(pk->n)-1)/8;
2102
2103 /* see 9.2.1 of rfc2437 */
2104 pkcs1 = betomp(signature->data, signature->len, nil);
2105 mpexp(pkcs1, pk->ek, pk->n, pkcs1);
2106 pkcs1buf = nil;
2107 buflen = mptobe(pkcs1, nil, 0, &pkcs1buf);
2108 buf = pkcs1buf;
2109 if(buflen != nlen || buf[0] != 1)
2110 return "expected 1";
2111 buf++;
2112 while(buf[0] == 0xff)
2113 buf++;
2114 if(buf[0] != 0)
2115 return "expected 0";
2116 buf++;
2117 buflen -= buf-pkcs1buf;
2118 if(decode(buf, buflen, &e) != ASN_OK || !is_seq(&e, &el) || elistlen(el) != 2 ||
2119 !is_octetstring(&el->tl->hd, &digest))
2120 return "signature parse error";
2121 *psigalg = &el->hd;
2122 if(memcmp(digest->data, edigest, digest->len) == 0)
2123 return nil;
2124 return "digests did not match";
2125 }
2126
2127 RSApub*
X509toRSApub(uchar * cert,int ncert,char * name,int nname)2128 X509toRSApub(uchar *cert, int ncert, char *name, int nname)
2129 {
2130 char *e;
2131 Bytes *b;
2132 CertX509 *c;
2133 RSApub *pk;
2134
2135 b = makebytes(cert, ncert);
2136 c = decode_cert(b);
2137 freebytes(b);
2138 if(c == nil)
2139 return nil;
2140 if(name != nil && c->subject != nil){
2141 e = strchr(c->subject, ',');
2142 if(e != nil)
2143 *e = 0; /* take just CN part of Distinguished Name */
2144 strncpy(name, c->subject, nname);
2145 }
2146 pk = decode_rsapubkey(c->publickey);
2147 freecert(c);
2148 return pk;
2149 }
2150
2151 char*
X509verify(uchar * cert,int ncert,RSApub * pk)2152 X509verify(uchar *cert, int ncert, RSApub *pk)
2153 {
2154 char *e;
2155 Bytes *b;
2156 CertX509 *c;
2157 uchar digest[SHA1dlen];
2158 Elem *sigalg;
2159
2160 b = makebytes(cert, ncert);
2161 c = decode_cert(b);
2162 if(c != nil)
2163 digest_certinfo(b, digestalg[c->signature_alg], digest);
2164 freebytes(b);
2165 if(c == nil)
2166 return "cannot decode cert";
2167 e = verify_signature(c->signature, pk, digest, &sigalg);
2168 freecert(c);
2169 return e;
2170 }
2171
2172 /* ------- Elem constructors ---------- */
2173 static Elem
Null(void)2174 Null(void)
2175 {
2176 Elem e;
2177
2178 e.tag.class = Universal;
2179 e.tag.num = NULLTAG;
2180 e.val.tag = VNull;
2181 return e;
2182 }
2183
2184 static Elem
mkint(int j)2185 mkint(int j)
2186 {
2187 Elem e;
2188
2189 e.tag.class = Universal;
2190 e.tag.num = INTEGER;
2191 e.val.tag = VInt;
2192 e.val.u.intval = j;
2193 return e;
2194 }
2195
2196 static Elem
mkbigint(mpint * p)2197 mkbigint(mpint *p)
2198 {
2199 Elem e;
2200 uchar *buf;
2201 int buflen;
2202
2203 e.tag.class = Universal;
2204 e.tag.num = INTEGER;
2205 e.val.tag = VBigInt;
2206 buflen = mptobe(p, nil, 0, &buf);
2207 e.val.u.bigintval = makebytes(buf, buflen);
2208 free(buf);
2209 return e;
2210 }
2211
2212 static Elem
mkstring(char * s)2213 mkstring(char *s)
2214 {
2215 Elem e;
2216
2217 e.tag.class = Universal;
2218 e.tag.num = IA5String;
2219 e.val.tag = VString;
2220 e.val.u.stringval = estrdup(s);
2221 return e;
2222 }
2223
2224 static Elem
mkoctet(uchar * buf,int buflen)2225 mkoctet(uchar *buf, int buflen)
2226 {
2227 Elem e;
2228
2229 e.tag.class = Universal;
2230 e.tag.num = OCTET_STRING;
2231 e.val.tag = VOctets;
2232 e.val.u.octetsval = makebytes(buf, buflen);
2233 return e;
2234 }
2235
2236 static Elem
mkbits(uchar * buf,int buflen)2237 mkbits(uchar *buf, int buflen)
2238 {
2239 Elem e;
2240
2241 e.tag.class = Universal;
2242 e.tag.num = BIT_STRING;
2243 e.val.tag = VBitString;
2244 e.val.u.bitstringval = makebits(buf, buflen, 0);
2245 return e;
2246 }
2247
2248 static Elem
mkutc(long t)2249 mkutc(long t)
2250 {
2251 Elem e;
2252 char utc[50];
2253 Tm *tm = gmtime(t);
2254
2255 e.tag.class = Universal;
2256 e.tag.num = UTCTime;
2257 e.val.tag = VString;
2258 snprint(utc, 50, "%.2d%.2d%.2d%.2d%.2d%.2dZ",
2259 tm->year % 100, tm->mon+1, tm->mday, tm->hour, tm->min, tm->sec);
2260 e.val.u.stringval = estrdup(utc);
2261 return e;
2262 }
2263
2264 static Elem
mkoid(Ints * oid)2265 mkoid(Ints *oid)
2266 {
2267 Elem e;
2268
2269 e.tag.class = Universal;
2270 e.tag.num = OBJECT_ID;
2271 e.val.tag = VObjId;
2272 e.val.u.objidval = makeints(oid->data, oid->len);
2273 return e;
2274 }
2275
2276 static Elem
mkseq(Elist * el)2277 mkseq(Elist *el)
2278 {
2279 Elem e;
2280
2281 e.tag.class = Universal;
2282 e.tag.num = SEQUENCE;
2283 e.val.tag = VSeq;
2284 e.val.u.seqval = el;
2285 return e;
2286 }
2287
2288 static Elem
mkset(Elist * el)2289 mkset(Elist *el)
2290 {
2291 Elem e;
2292
2293 e.tag.class = Universal;
2294 e.tag.num = SETOF;
2295 e.val.tag = VSet;
2296 e.val.u.setval = el;
2297 return e;
2298 }
2299
2300 static Elem
mkalg(int alg)2301 mkalg(int alg)
2302 {
2303 return mkseq(mkel(mkoid(alg_oid_tab[alg]), mkel(Null(), nil)));
2304 }
2305
2306 typedef struct Ints7pref {
2307 int len;
2308 int data[7];
2309 char prefix[4];
2310 } Ints7pref;
2311 Ints7pref DN_oid[] = {
2312 {4, 2, 5, 4, 6, 0, 0, 0, "C="},
2313 {4, 2, 5, 4, 8, 0, 0, 0, "ST="},
2314 {4, 2, 5, 4, 7, 0, 0, 0, "L="},
2315 {4, 2, 5, 4, 10, 0, 0, 0, "O="},
2316 {4, 2, 5, 4, 11, 0, 0, 0, "OU="},
2317 {4, 2, 5, 4, 3, 0, 0, 0, "CN="},
2318 {7, 1,2,840,113549,1,9,1, "E="},
2319 };
2320
2321 static Elem
mkname(Ints7pref * oid,char * subj)2322 mkname(Ints7pref *oid, char *subj)
2323 {
2324 return mkset(mkel(mkseq(mkel(mkoid((Ints*)oid), mkel(mkstring(subj), nil))), nil));
2325 }
2326
2327 static Elem
mkDN(char * dn)2328 mkDN(char *dn)
2329 {
2330 int i, j, nf;
2331 char *f[20], *prefix, *d2 = estrdup(dn);
2332 Elist* el = nil;
2333
2334 nf = tokenize(d2, f, nelem(f));
2335 for(i=nf-1; i>=0; i--){
2336 for(j=0; j<nelem(DN_oid); j++){
2337 prefix = DN_oid[j].prefix;
2338 if(strncmp(f[i],prefix,strlen(prefix))==0){
2339 el = mkel(mkname(&DN_oid[j],f[i]+strlen(prefix)), el);
2340 break;
2341 }
2342 }
2343 }
2344 free(d2);
2345 return mkseq(el);
2346 }
2347
2348
2349 uchar*
X509gen(RSApriv * priv,char * subj,ulong valid[2],int * certlen)2350 X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen)
2351 {
2352 int serial = 0;
2353 uchar *cert = nil;
2354 RSApub *pk = rsaprivtopub(priv);
2355 Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
2356 Elem e, certinfo, issuer, subject, pubkey, validity, sig;
2357 uchar digest[MD5dlen], *buf;
2358 int buflen;
2359 mpint *pkcs1;
2360
2361 e.val.tag = VInt; /* so freevalfields at errret is no-op */
2362 issuer = mkDN(subj);
2363 subject = mkDN(subj);
2364 pubkey = mkseq(mkel(mkbigint(pk->n),mkel(mkint(mptoi(pk->ek)),nil)));
2365 if(encode(pubkey, &pkbytes) != ASN_OK)
2366 goto errret;
2367 freevalfields(&pubkey.val);
2368 pubkey = mkseq(
2369 mkel(mkalg(ALG_rsaEncryption),
2370 mkel(mkbits(pkbytes->data, pkbytes->len),
2371 nil)));
2372 freebytes(pkbytes);
2373 validity = mkseq(
2374 mkel(mkutc(valid[0]),
2375 mkel(mkutc(valid[1]),
2376 nil)));
2377 certinfo = mkseq(
2378 mkel(mkint(serial),
2379 mkel(mkalg(ALG_md5WithRSAEncryption),
2380 mkel(issuer,
2381 mkel(validity,
2382 mkel(subject,
2383 mkel(pubkey,
2384 nil)))))));
2385 if(encode(certinfo, &certinfobytes) != ASN_OK)
2386 goto errret;
2387 md5(certinfobytes->data, certinfobytes->len, digest, 0);
2388 freebytes(certinfobytes);
2389 sig = mkseq(
2390 mkel(mkalg(ALG_md5),
2391 mkel(mkoctet(digest, MD5dlen),
2392 nil)));
2393 if(encode(sig, &sigbytes) != ASN_OK)
2394 goto errret;
2395 pkcs1 = pkcs1pad(sigbytes, pk->n);
2396 freebytes(sigbytes);
2397 rsadecrypt(priv, pkcs1, pkcs1);
2398 buflen = mptobe(pkcs1, nil, 0, &buf);
2399 mpfree(pkcs1);
2400 e = mkseq(
2401 mkel(certinfo,
2402 mkel(mkalg(ALG_md5WithRSAEncryption),
2403 mkel(mkbits(buf, buflen),
2404 nil))));
2405 free(buf);
2406 if(encode(e, &certbytes) != ASN_OK)
2407 goto errret;
2408 if(certlen)
2409 *certlen = certbytes->len;
2410 cert = certbytes->data;
2411 errret:
2412 freevalfields(&e.val);
2413 return cert;
2414 }
2415
2416 uchar*
X509req(RSApriv * priv,char * subj,int * certlen)2417 X509req(RSApriv *priv, char *subj, int *certlen)
2418 {
2419 /* RFC 2314, PKCS #10 Certification Request Syntax */
2420 int version = 0;
2421 uchar *cert = nil;
2422 RSApub *pk = rsaprivtopub(priv);
2423 Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
2424 Elem e, certinfo, subject, pubkey, sig;
2425 uchar digest[MD5dlen], *buf;
2426 int buflen;
2427 mpint *pkcs1;
2428
2429 e.val.tag = VInt; /* so freevalfields at errret is no-op */
2430 subject = mkDN(subj);
2431 pubkey = mkseq(mkel(mkbigint(pk->n),mkel(mkint(mptoi(pk->ek)),nil)));
2432 if(encode(pubkey, &pkbytes) != ASN_OK)
2433 goto errret;
2434 freevalfields(&pubkey.val);
2435 pubkey = mkseq(
2436 mkel(mkalg(ALG_rsaEncryption),
2437 mkel(mkbits(pkbytes->data, pkbytes->len),
2438 nil)));
2439 freebytes(pkbytes);
2440 certinfo = mkseq(
2441 mkel(mkint(version),
2442 mkel(subject,
2443 mkel(pubkey,
2444 nil))));
2445 if(encode(certinfo, &certinfobytes) != ASN_OK)
2446 goto errret;
2447 md5(certinfobytes->data, certinfobytes->len, digest, 0);
2448 freebytes(certinfobytes);
2449 sig = mkseq(
2450 mkel(mkalg(ALG_md5),
2451 mkel(mkoctet(digest, MD5dlen),
2452 nil)));
2453 if(encode(sig, &sigbytes) != ASN_OK)
2454 goto errret;
2455 pkcs1 = pkcs1pad(sigbytes, pk->n);
2456 freebytes(sigbytes);
2457 rsadecrypt(priv, pkcs1, pkcs1);
2458 buflen = mptobe(pkcs1, nil, 0, &buf);
2459 mpfree(pkcs1);
2460 e = mkseq(
2461 mkel(certinfo,
2462 mkel(mkalg(ALG_md5),
2463 mkel(mkbits(buf, buflen),
2464 nil))));
2465 free(buf);
2466 if(encode(e, &certbytes) != ASN_OK)
2467 goto errret;
2468 if(certlen)
2469 *certlen = certbytes->len;
2470 cert = certbytes->data;
2471 errret:
2472 freevalfields(&e.val);
2473 return cert;
2474 }
2475
2476 static char*
tagdump(Tag tag)2477 tagdump(Tag tag)
2478 {
2479 if(tag.class != Universal)
2480 return smprint("class%d,num%d", tag.class, tag.num);
2481 switch(tag.num){
2482 case BOOLEAN: return "BOOLEAN"; break;
2483 case INTEGER: return "INTEGER"; break;
2484 case BIT_STRING: return "BIT STRING"; break;
2485 case OCTET_STRING: return "OCTET STRING"; break;
2486 case NULLTAG: return "NULLTAG"; break;
2487 case OBJECT_ID: return "OID"; break;
2488 case ObjectDescriptor: return "OBJECT_DES"; break;
2489 case EXTERNAL: return "EXTERNAL"; break;
2490 case REAL: return "REAL"; break;
2491 case ENUMERATED: return "ENUMERATED"; break;
2492 case EMBEDDED_PDV: return "EMBEDDED PDV"; break;
2493 case SEQUENCE: return "SEQUENCE"; break;
2494 case SETOF: return "SETOF"; break;
2495 case NumericString: return "NumericString"; break;
2496 case PrintableString: return "PrintableString"; break;
2497 case TeletexString: return "TeletexString"; break;
2498 case VideotexString: return "VideotexString"; break;
2499 case IA5String: return "IA5String"; break;
2500 case UTCTime: return "UTCTime"; break;
2501 case GeneralizedTime: return "GeneralizedTime"; break;
2502 case GraphicString: return "GraphicString"; break;
2503 case VisibleString: return "VisibleString"; break;
2504 case GeneralString: return "GeneralString"; break;
2505 case UniversalString: return "UniversalString"; break;
2506 case BMPString: return "BMPString"; break;
2507 default:
2508 return smprint("Universal,num%d", tag.num);
2509 }
2510 }
2511
2512 static void
edump(Elem e)2513 edump(Elem e)
2514 {
2515 Value v;
2516 Elist *el;
2517 int i;
2518
2519 print("%s{", tagdump(e.tag));
2520 v = e.val;
2521 switch(v.tag){
2522 case VBool: print("Bool %d",v.u.boolval); break;
2523 case VInt: print("Int %d",v.u.intval); break;
2524 case VOctets: print("Octets[%d] %.2x%.2x...",v.u.octetsval->len,v.u.octetsval->data[0],v.u.octetsval->data[1]); break;
2525 case VBigInt: print("BigInt[%d] %.2x%.2x...",v.u.bigintval->len,v.u.bigintval->data[0],v.u.bigintval->data[1]); break;
2526 case VReal: print("Real..."); break;
2527 case VOther: print("Other..."); break;
2528 case VBitString: print("BitString..."); break;
2529 case VNull: print("Null"); break;
2530 case VEOC: print("EOC..."); break;
2531 case VObjId: print("ObjId");
2532 for(i = 0; i<v.u.objidval->len; i++)
2533 print(" %d", v.u.objidval->data[i]);
2534 break;
2535 case VString: print("String \"%s\"",v.u.stringval); break;
2536 case VSeq: print("Seq\n");
2537 for(el = v.u.seqval; el!=nil; el = el->tl)
2538 edump(el->hd);
2539 break;
2540 case VSet: print("Set\n");
2541 for(el = v.u.setval; el!=nil; el = el->tl)
2542 edump(el->hd);
2543 break;
2544 }
2545 print("}\n");
2546 }
2547
2548 void
asn1dump(uchar * der,int len)2549 asn1dump(uchar *der, int len)
2550 {
2551 Elem e;
2552
2553 if(decode(der, len, &e) != ASN_OK){
2554 print("didn't parse\n");
2555 exits("didn't parse");
2556 }
2557 edump(e);
2558 }
2559
2560 void
X509dump(uchar * cert,int ncert)2561 X509dump(uchar *cert, int ncert)
2562 {
2563 char *e;
2564 Bytes *b;
2565 CertX509 *c;
2566 RSApub *pk;
2567 uchar digest[SHA1dlen];
2568 Elem *sigalg;
2569
2570 print("begin X509dump\n");
2571 b = makebytes(cert, ncert);
2572 c = decode_cert(b);
2573 if(c != nil)
2574 digest_certinfo(b, digestalg[c->signature_alg], digest);
2575 freebytes(b);
2576 if(c == nil){
2577 print("cannot decode cert");
2578 return;
2579 }
2580
2581 print("serial %d\n", c->serial);
2582 print("issuer %s\n", c->issuer);
2583 print("validity %s %s\n", c->validity_start, c->validity_end);
2584 print("subject %s\n", c->subject);
2585 pk = decode_rsapubkey(c->publickey);
2586 print("pubkey e=%B n(%d)=%B\n", pk->ek, mpsignif(pk->n), pk->n);
2587
2588 print("sigalg=%d digest=%.*H\n", c->signature_alg, MD5dlen, digest);
2589 e = verify_signature(c->signature, pk, digest, &sigalg);
2590 if(e==nil){
2591 e = "nil (meaning ok)";
2592 print("sigalg=\n");
2593 if(sigalg)
2594 edump(*sigalg);
2595 }
2596 print("self-signed verify_signature returns: %s\n", e);
2597
2598 rsapubfree(pk);
2599 freecert(c);
2600 print("end X509dump\n");
2601 }
2602