1 0fc65b37 2004-03-21 devnull #include <u.h>
2 0fc65b37 2004-03-21 devnull #include <libc.h>
3 0fc65b37 2004-03-21 devnull #include <mp.h>
4 0fc65b37 2004-03-21 devnull #include <libsec.h>
6 0fc65b37 2004-03-21 devnull typedef DigestState*(*DigestFun)(uchar*,ulong,uchar*,DigestState*);
8 0fc65b37 2004-03-21 devnull /* ANSI offsetof, backwards. */
9 0fc65b37 2004-03-21 devnull #define OFFSETOF(a, b) offsetof(b, a)
11 0fc65b37 2004-03-21 devnull /*=============================================================*/
12 0fc65b37 2004-03-21 devnull /* general ASN1 declarations and parsing
14 0fc65b37 2004-03-21 devnull * For now, this is used only for extracting the key from an
15 0fc65b37 2004-03-21 devnull * X509 certificate, so the entire collection is hidden. But
16 0fc65b37 2004-03-21 devnull * someday we should probably make the functions visible and
17 0fc65b37 2004-03-21 devnull * give them their own man page.
19 0fc65b37 2004-03-21 devnull typedef struct Elem Elem;
20 0fc65b37 2004-03-21 devnull typedef struct Tag Tag;
21 0fc65b37 2004-03-21 devnull typedef struct Value Value;
22 0fc65b37 2004-03-21 devnull typedef struct Bytes Bytes;
23 0fc65b37 2004-03-21 devnull typedef struct Ints Ints;
24 0fc65b37 2004-03-21 devnull typedef struct Bits Bits;
25 0fc65b37 2004-03-21 devnull typedef struct Elist Elist;
27 0fc65b37 2004-03-21 devnull /* tag classes */
28 0fc65b37 2004-03-21 devnull #define Universal 0
29 0fc65b37 2004-03-21 devnull #define Context 0x80
31 0fc65b37 2004-03-21 devnull /* universal tags */
32 0fc65b37 2004-03-21 devnull #define BOOLEAN 1
33 0fc65b37 2004-03-21 devnull #define INTEGER 2
34 0fc65b37 2004-03-21 devnull #define BIT_STRING 3
35 0fc65b37 2004-03-21 devnull #define OCTET_STRING 4
36 0fc65b37 2004-03-21 devnull #define NULLTAG 5
37 0fc65b37 2004-03-21 devnull #define OBJECT_ID 6
38 0fc65b37 2004-03-21 devnull #define ObjectDescriptor 7
39 0fc65b37 2004-03-21 devnull #define EXTERNAL 8
40 0fc65b37 2004-03-21 devnull #define REAL 9
41 0fc65b37 2004-03-21 devnull #define ENUMERATED 10
42 0fc65b37 2004-03-21 devnull #define EMBEDDED_PDV 11
43 0fc65b37 2004-03-21 devnull #define SEQUENCE 16 /* also SEQUENCE OF */
44 0fc65b37 2004-03-21 devnull #define SETOF 17 /* also SETOF OF */
45 0fc65b37 2004-03-21 devnull #define NumericString 18
46 0fc65b37 2004-03-21 devnull #define PrintableString 19
47 0fc65b37 2004-03-21 devnull #define TeletexString 20
48 0fc65b37 2004-03-21 devnull #define VideotexString 21
49 0fc65b37 2004-03-21 devnull #define IA5String 22
50 0fc65b37 2004-03-21 devnull #define UTCTime 23
51 0fc65b37 2004-03-21 devnull #define GeneralizedTime 24
52 0fc65b37 2004-03-21 devnull #define GraphicString 25
53 0fc65b37 2004-03-21 devnull #define VisibleString 26
54 0fc65b37 2004-03-21 devnull #define GeneralString 27
55 0fc65b37 2004-03-21 devnull #define UniversalString 28
56 0fc65b37 2004-03-21 devnull #define BMPString 30
58 0fc65b37 2004-03-21 devnull struct Bytes {
60 0fc65b37 2004-03-21 devnull uchar data[1];
63 0fc65b37 2004-03-21 devnull struct Ints {
65 0fc65b37 2004-03-21 devnull int data[1];
68 0fc65b37 2004-03-21 devnull struct Bits {
69 0fc65b37 2004-03-21 devnull int len; /* number of bytes */
70 0fc65b37 2004-03-21 devnull int unusedbits; /* unused bits in last byte */
71 0fc65b37 2004-03-21 devnull uchar data[1]; /* most-significant bit first */
74 0fc65b37 2004-03-21 devnull struct Tag {
75 0fc65b37 2004-03-21 devnull int class;
79 0fc65b37 2004-03-21 devnull enum { VBool, VInt, VOctets, VBigInt, VReal, VOther,
80 0fc65b37 2004-03-21 devnull VBitString, VNull, VEOC, VObjId, VString, VSeq, VSet };
81 0fc65b37 2004-03-21 devnull struct Value {
82 0fc65b37 2004-03-21 devnull int tag; /* VBool, etc. */
84 0fc65b37 2004-03-21 devnull int boolval;
85 0fc65b37 2004-03-21 devnull int intval;
86 0fc65b37 2004-03-21 devnull Bytes* octetsval;
87 0fc65b37 2004-03-21 devnull Bytes* bigintval;
88 0fc65b37 2004-03-21 devnull Bytes* realval; /* undecoded; hardly ever used */
89 0fc65b37 2004-03-21 devnull Bytes* otherval;
90 0fc65b37 2004-03-21 devnull Bits* bitstringval;
91 0fc65b37 2004-03-21 devnull Ints* objidval;
92 0fc65b37 2004-03-21 devnull char* stringval;
93 0fc65b37 2004-03-21 devnull Elist* seqval;
94 0fc65b37 2004-03-21 devnull Elist* setval;
95 0fc65b37 2004-03-21 devnull } u; /* (Don't use anonymous unions, for ease of porting) */
98 0fc65b37 2004-03-21 devnull struct Elem {
100 0fc65b37 2004-03-21 devnull Value val;
103 0fc65b37 2004-03-21 devnull struct Elist {
104 0fc65b37 2004-03-21 devnull Elist* tl;
105 0fc65b37 2004-03-21 devnull Elem hd;
108 0fc65b37 2004-03-21 devnull /* decoding errors */
109 0fc65b37 2004-03-21 devnull enum { ASN_OK, ASN_ESHORT, ASN_ETOOBIG, ASN_EVALLEN,
110 0fc65b37 2004-03-21 devnull ASN_ECONSTR, ASN_EPRIM, ASN_EINVAL, ASN_EUNIMPL };
113 0fc65b37 2004-03-21 devnull /* here are the functions to consider making extern someday */
114 0fc65b37 2004-03-21 devnull static Bytes* newbytes(int len);
115 0fc65b37 2004-03-21 devnull static Bytes* makebytes(uchar* buf, int len);
116 0fc65b37 2004-03-21 devnull static void freebytes(Bytes* b);
117 0fc65b37 2004-03-21 devnull static Bytes* catbytes(Bytes* b1, Bytes* b2);
118 0fc65b37 2004-03-21 devnull static Ints* newints(int len);
119 0fc65b37 2004-03-21 devnull static Ints* makeints(int* buf, int len);
120 0fc65b37 2004-03-21 devnull static void freeints(Ints* b);
121 0fc65b37 2004-03-21 devnull static Bits* newbits(int len);
122 0fc65b37 2004-03-21 devnull static Bits* makebits(uchar* buf, int len, int unusedbits);
123 0fc65b37 2004-03-21 devnull static void freebits(Bits* b);
124 0fc65b37 2004-03-21 devnull static Elist* mkel(Elem e, Elist* tail);
125 0fc65b37 2004-03-21 devnull static void freeelist(Elist* el);
126 0fc65b37 2004-03-21 devnull static int elistlen(Elist* el);
127 0fc65b37 2004-03-21 devnull static int is_seq(Elem* pe, Elist** pseq);
128 0fc65b37 2004-03-21 devnull static int is_set(Elem* pe, Elist** pset);
129 0fc65b37 2004-03-21 devnull static int is_int(Elem* pe, int* pint);
130 0fc65b37 2004-03-21 devnull static int is_bigint(Elem* pe, Bytes** pbigint);
131 0fc65b37 2004-03-21 devnull static int is_bitstring(Elem* pe, Bits** pbits);
132 0fc65b37 2004-03-21 devnull static int is_octetstring(Elem* pe, Bytes** poctets);
133 0fc65b37 2004-03-21 devnull static int is_oid(Elem* pe, Ints** poid);
134 0fc65b37 2004-03-21 devnull static int is_string(Elem* pe, char** pstring);
135 0fc65b37 2004-03-21 devnull static int is_time(Elem* pe, char** ptime);
136 0fc65b37 2004-03-21 devnull static int decode(uchar* a, int alen, Elem* pelem);
138 0fc65b37 2004-03-21 devnull static int decode_seq(uchar* a, int alen, Elist** pelist);
139 0fc65b37 2004-03-21 devnull static int decode_value(uchar* a, int alen, int kind, int isconstr, Value* pval);
141 0fc65b37 2004-03-21 devnull static int encode(Elem e, Bytes** pbytes);
142 0fc65b37 2004-03-21 devnull static int oid_lookup(Ints* o, Ints** tab);
143 0fc65b37 2004-03-21 devnull static void freevalfields(Value* v);
144 0fc65b37 2004-03-21 devnull static mpint *asn1mpint(Elem *e);
148 0fc65b37 2004-03-21 devnull #define TAG_MASK 0x1F
149 0fc65b37 2004-03-21 devnull #define CONSTR_MASK 0x20
150 0fc65b37 2004-03-21 devnull #define CLASS_MASK 0xC0
151 0fc65b37 2004-03-21 devnull #define MAXOBJIDLEN 20
153 0fc65b37 2004-03-21 devnull static int ber_decode(uchar** pp, uchar* pend, Elem* pelem);
154 0fc65b37 2004-03-21 devnull static int tag_decode(uchar** pp, uchar* pend, Tag* ptag, int* pisconstr);
155 0fc65b37 2004-03-21 devnull static int length_decode(uchar** pp, uchar* pend, int* plength);
156 0fc65b37 2004-03-21 devnull static int value_decode(uchar** pp, uchar* pend, int length, int kind, int isconstr, Value* pval);
157 0fc65b37 2004-03-21 devnull static int int_decode(uchar** pp, uchar* pend, int count, int unsgned, int* pint);
158 0fc65b37 2004-03-21 devnull static int uint7_decode(uchar** pp, uchar* pend, int* pint);
159 0fc65b37 2004-03-21 devnull static int octet_decode(uchar** pp, uchar* pend, int length, int isconstr, Bytes** pbytes);
160 0fc65b37 2004-03-21 devnull static int seq_decode(uchar** pp, uchar* pend, int length, int isconstr, Elist** pelist);
161 0fc65b37 2004-03-21 devnull static int enc(uchar** pp, Elem e, int lenonly);
162 0fc65b37 2004-03-21 devnull static int val_enc(uchar** pp, Elem e, int *pconstr, int lenonly);
163 0fc65b37 2004-03-21 devnull static void uint7_enc(uchar** pp, int num, int lenonly);
164 0fc65b37 2004-03-21 devnull static void int_enc(uchar** pp, int num, int unsgned, int lenonly);
166 0fc65b37 2004-03-21 devnull static void *
167 0fc65b37 2004-03-21 devnull emalloc(int n)
169 0fc65b37 2004-03-21 devnull void *p;
170 0fc65b37 2004-03-21 devnull if(n==0)
172 0fc65b37 2004-03-21 devnull p = malloc(n);
173 0fc65b37 2004-03-21 devnull if(p == nil){
174 0fc65b37 2004-03-21 devnull exits("out of memory");
176 0fc65b37 2004-03-21 devnull memset(p, 0, n);
177 0fc65b37 2004-03-21 devnull return p;
180 0fc65b37 2004-03-21 devnull static char*
181 0fc65b37 2004-03-21 devnull estrdup(char *s)
183 0fc65b37 2004-03-21 devnull char *d, *d0;
186 0fc65b37 2004-03-21 devnull return 0;
187 0fc65b37 2004-03-21 devnull d = d0 = emalloc(strlen(s)+1);
188 0fc65b37 2004-03-21 devnull while(*d++ = *s++)
190 0fc65b37 2004-03-21 devnull return d0;
195 0fc65b37 2004-03-21 devnull * Decode a[0..len] as a BER encoding of an ASN1 type.
196 0fc65b37 2004-03-21 devnull * The return value is one of ASN_OK, etc.
197 0fc65b37 2004-03-21 devnull * Depending on the error, the returned elem may or may not
198 0fc65b37 2004-03-21 devnull * be nil.
200 0fc65b37 2004-03-21 devnull static int
201 0fc65b37 2004-03-21 devnull decode(uchar* a, int alen, Elem* pelem)
203 0fc65b37 2004-03-21 devnull uchar* p = a;
205 0fc65b37 2004-03-21 devnull return ber_decode(&p, &a[alen], pelem);
209 0fc65b37 2004-03-21 devnull * Like decode, but continue decoding after first element
210 0fc65b37 2004-03-21 devnull * of array ends.
212 0fc65b37 2004-03-21 devnull static int
213 0fc65b37 2004-03-21 devnull decode_seq(uchar* a, int alen, Elist** pelist)
215 0fc65b37 2004-03-21 devnull uchar* p = a;
217 0fc65b37 2004-03-21 devnull return seq_decode(&p, &a[alen], -1, 1, pelist);
222 0fc65b37 2004-03-21 devnull * Decode the whole array as a BER encoding of an ASN1 value,
223 0fc65b37 2004-03-21 devnull * (i.e., the part after the tag and length).
224 0fc65b37 2004-03-21 devnull * Assume the value is encoded as universal tag "kind".
225 0fc65b37 2004-03-21 devnull * The constr arg is 1 if the value is constructed, 0 if primitive.
226 0fc65b37 2004-03-21 devnull * If there's an error, the return string will contain the error.
227 0fc65b37 2004-03-21 devnull * Depending on the error, the returned value may or may not
228 0fc65b37 2004-03-21 devnull * be nil.
230 0fc65b37 2004-03-21 devnull static int
231 0fc65b37 2004-03-21 devnull decode_value(uchar* a, int alen, int kind, int isconstr, Value* pval)
233 0fc65b37 2004-03-21 devnull uchar* p = a;
235 0fc65b37 2004-03-21 devnull return value_decode(&p, &a[alen], alen, kind, isconstr, pval);
240 0fc65b37 2004-03-21 devnull * All of the following decoding routines take arguments:
241 0fc65b37 2004-03-21 devnull * uchar **pp;
242 0fc65b37 2004-03-21 devnull * uchar *pend;
243 0fc65b37 2004-03-21 devnull * Where parsing is supposed to start at **pp, and when parsing
244 0fc65b37 2004-03-21 devnull * is done, *pp is updated to point at next char to be parsed.
245 0fc65b37 2004-03-21 devnull * The pend pointer is just past end of string; an error should
246 0fc65b37 2004-03-21 devnull * be returned parsing hasn't finished by then.
248 0fc65b37 2004-03-21 devnull * The returned int is ASN_OK if all went fine, else ASN_ESHORT, etc.
249 0fc65b37 2004-03-21 devnull * The remaining argument(s) are pointers to where parsed entity goes.
252 0fc65b37 2004-03-21 devnull /* Decode an ASN1 'Elem' (tag, length, value) */
253 0fc65b37 2004-03-21 devnull static int
254 0fc65b37 2004-03-21 devnull ber_decode(uchar** pp, uchar* pend, Elem* pelem)
256 0fc65b37 2004-03-21 devnull int err;
257 0fc65b37 2004-03-21 devnull int isconstr;
258 0fc65b37 2004-03-21 devnull int length;
259 0fc65b37 2004-03-21 devnull Tag tag;
260 0fc65b37 2004-03-21 devnull Value val;
262 0fc65b37 2004-03-21 devnull err = tag_decode(pp, pend, &tag, &isconstr);
263 0fc65b37 2004-03-21 devnull if(err == ASN_OK) {
264 0fc65b37 2004-03-21 devnull err = length_decode(pp, pend, &length);
265 0fc65b37 2004-03-21 devnull if(err == ASN_OK) {
266 0fc65b37 2004-03-21 devnull if(tag.class == Universal)
267 0fc65b37 2004-03-21 devnull err = value_decode(pp, pend, length, tag.num, isconstr, &val);
269 0fc65b37 2004-03-21 devnull err = value_decode(pp, pend, length, OCTET_STRING, 0, &val);
270 0fc65b37 2004-03-21 devnull if(err == ASN_OK) {
271 0fc65b37 2004-03-21 devnull pelem->tag = tag;
272 0fc65b37 2004-03-21 devnull pelem->val = val;
276 0fc65b37 2004-03-21 devnull return err;
279 0fc65b37 2004-03-21 devnull /* Decode a tag field */
280 0fc65b37 2004-03-21 devnull static int
281 0fc65b37 2004-03-21 devnull tag_decode(uchar** pp, uchar* pend, Tag* ptag, int* pisconstr)
283 0fc65b37 2004-03-21 devnull int err;
285 0fc65b37 2004-03-21 devnull uchar* p;
287 0fc65b37 2004-03-21 devnull err = ASN_OK;
288 0fc65b37 2004-03-21 devnull p = *pp;
289 0fc65b37 2004-03-21 devnull if(pend-p >= 2) {
290 0fc65b37 2004-03-21 devnull v = *p++;
291 0fc65b37 2004-03-21 devnull ptag->class = v&CLASS_MASK;
292 0fc65b37 2004-03-21 devnull if(v&CONSTR_MASK)
293 0fc65b37 2004-03-21 devnull *pisconstr = 1;
295 0fc65b37 2004-03-21 devnull *pisconstr = 0;
296 0fc65b37 2004-03-21 devnull v &= TAG_MASK;
297 0fc65b37 2004-03-21 devnull if(v == TAG_MASK)
298 0fc65b37 2004-03-21 devnull err = uint7_decode(&p, pend, &v);
299 0fc65b37 2004-03-21 devnull ptag->num = v;
302 0fc65b37 2004-03-21 devnull err = ASN_ESHORT;
303 0fc65b37 2004-03-21 devnull *pp = p;
304 0fc65b37 2004-03-21 devnull return err;
307 0fc65b37 2004-03-21 devnull /* Decode a length field */
308 0fc65b37 2004-03-21 devnull static int
309 0fc65b37 2004-03-21 devnull length_decode(uchar** pp, uchar* pend, int* plength)
311 0fc65b37 2004-03-21 devnull int err;
312 0fc65b37 2004-03-21 devnull int num;
314 0fc65b37 2004-03-21 devnull uchar* p;
316 0fc65b37 2004-03-21 devnull err = ASN_OK;
317 0fc65b37 2004-03-21 devnull num = 0;
318 0fc65b37 2004-03-21 devnull p = *pp;
319 0fc65b37 2004-03-21 devnull if(p < pend) {
320 0fc65b37 2004-03-21 devnull v = *p++;
321 0fc65b37 2004-03-21 devnull if(v&0x80)
322 0fc65b37 2004-03-21 devnull err = int_decode(&p, pend, v&0x7F, 1, &num);
324 0fc65b37 2004-03-21 devnull num = v;
327 0fc65b37 2004-03-21 devnull err = ASN_ESHORT;
328 0fc65b37 2004-03-21 devnull *pp = p;
329 0fc65b37 2004-03-21 devnull *plength = num;
330 0fc65b37 2004-03-21 devnull return err;
333 0fc65b37 2004-03-21 devnull /* Decode a value field */
334 0fc65b37 2004-03-21 devnull static int
335 0fc65b37 2004-03-21 devnull value_decode(uchar** pp, uchar* pend, int length, int kind, int isconstr, Value* pval)
337 0fc65b37 2004-03-21 devnull int err;
338 0fc65b37 2004-03-21 devnull Bytes* va;
339 0fc65b37 2004-03-21 devnull int num;
340 0fc65b37 2004-03-21 devnull int bitsunused;
341 0fc65b37 2004-03-21 devnull int subids[MAXOBJIDLEN];
342 0fc65b37 2004-03-21 devnull int isubid;
343 0fc65b37 2004-03-21 devnull Elist* vl;
344 0fc65b37 2004-03-21 devnull uchar* p;
345 0fc65b37 2004-03-21 devnull uchar* pe;
347 0fc65b37 2004-03-21 devnull err = ASN_OK;
348 0fc65b37 2004-03-21 devnull p = *pp;
349 0fc65b37 2004-03-21 devnull if(length == -1) { /* "indefinite" length spec */
350 0fc65b37 2004-03-21 devnull if(!isconstr)
351 0fc65b37 2004-03-21 devnull err = ASN_EINVAL;
353 0fc65b37 2004-03-21 devnull else if(p + length > pend)
354 0fc65b37 2004-03-21 devnull err = ASN_EVALLEN;
355 0fc65b37 2004-03-21 devnull if(err != ASN_OK)
356 0fc65b37 2004-03-21 devnull return err;
358 0fc65b37 2004-03-21 devnull switch(kind) {
360 0fc65b37 2004-03-21 devnull /* marker for end of indefinite constructions */
361 0fc65b37 2004-03-21 devnull if(length == 0)
362 0fc65b37 2004-03-21 devnull pval->tag = VNull;
364 0fc65b37 2004-03-21 devnull err = ASN_EINVAL;
367 0fc65b37 2004-03-21 devnull case BOOLEAN:
368 0fc65b37 2004-03-21 devnull if(isconstr)
369 0fc65b37 2004-03-21 devnull err = ASN_ECONSTR;
370 0fc65b37 2004-03-21 devnull else if(length != 1)
371 0fc65b37 2004-03-21 devnull err = ASN_EVALLEN;
373 0fc65b37 2004-03-21 devnull pval->tag = VBool;
374 0fc65b37 2004-03-21 devnull pval->u.boolval = (*p++ != 0);
378 0fc65b37 2004-03-21 devnull case INTEGER:
379 0fc65b37 2004-03-21 devnull case ENUMERATED:
380 0fc65b37 2004-03-21 devnull if(isconstr)
381 0fc65b37 2004-03-21 devnull err = ASN_ECONSTR;
382 0fc65b37 2004-03-21 devnull else if(length <= 4) {
383 0fc65b37 2004-03-21 devnull err = int_decode(&p, pend, length, 0, &num);
384 0fc65b37 2004-03-21 devnull if(err == ASN_OK) {
385 0fc65b37 2004-03-21 devnull pval->tag = VInt;
386 0fc65b37 2004-03-21 devnull pval->u.intval = num;
390 0fc65b37 2004-03-21 devnull pval->tag = VBigInt;
391 0fc65b37 2004-03-21 devnull pval->u.bigintval = makebytes(p, length);
392 0fc65b37 2004-03-21 devnull p += length;
396 0fc65b37 2004-03-21 devnull case BIT_STRING:
397 0fc65b37 2004-03-21 devnull pval->tag = VBitString;
398 0fc65b37 2004-03-21 devnull if(isconstr) {
399 0fc65b37 2004-03-21 devnull if(length == -1 && p + 2 <= pend && *p == 0 && *(p+1) ==0) {
400 0fc65b37 2004-03-21 devnull pval->u.bitstringval = makebits(0, 0, 0);
404 0fc65b37 2004-03-21 devnull /* TODO: recurse and concat results */
405 0fc65b37 2004-03-21 devnull err = ASN_EUNIMPL;
408 0fc65b37 2004-03-21 devnull if(length < 2) {
409 0fc65b37 2004-03-21 devnull if(length == 1 && *p == 0) {
410 0fc65b37 2004-03-21 devnull pval->u.bitstringval = makebits(0, 0, 0);
414 0fc65b37 2004-03-21 devnull err = ASN_EINVAL;
417 0fc65b37 2004-03-21 devnull bitsunused = *p;
418 0fc65b37 2004-03-21 devnull if(bitsunused > 7)
419 0fc65b37 2004-03-21 devnull err = ASN_EINVAL;
420 0fc65b37 2004-03-21 devnull else if(length > 0x0FFFFFFF)
421 0fc65b37 2004-03-21 devnull err = ASN_ETOOBIG;
423 0fc65b37 2004-03-21 devnull pval->u.bitstringval = makebits(p+1, length-1, bitsunused);
424 0fc65b37 2004-03-21 devnull p += length;
430 0fc65b37 2004-03-21 devnull case OCTET_STRING:
431 0fc65b37 2004-03-21 devnull case ObjectDescriptor:
432 0fc65b37 2004-03-21 devnull err = octet_decode(&p, pend, length, isconstr, &va);
433 0fc65b37 2004-03-21 devnull if(err == ASN_OK) {
434 0fc65b37 2004-03-21 devnull pval->tag = VOctets;
435 0fc65b37 2004-03-21 devnull pval->u.octetsval = va;
439 0fc65b37 2004-03-21 devnull case NULLTAG:
440 0fc65b37 2004-03-21 devnull if(isconstr)
441 0fc65b37 2004-03-21 devnull err = ASN_ECONSTR;
442 0fc65b37 2004-03-21 devnull else if(length != 0)
443 0fc65b37 2004-03-21 devnull err = ASN_EVALLEN;
445 0fc65b37 2004-03-21 devnull pval->tag = VNull;
448 0fc65b37 2004-03-21 devnull case OBJECT_ID:
449 0fc65b37 2004-03-21 devnull if(isconstr)
450 0fc65b37 2004-03-21 devnull err = ASN_ECONSTR;
451 0fc65b37 2004-03-21 devnull else if(length == 0)
452 0fc65b37 2004-03-21 devnull err = ASN_EVALLEN;
454 0fc65b37 2004-03-21 devnull isubid = 0;
455 0fc65b37 2004-03-21 devnull pe = p+length;
456 0fc65b37 2004-03-21 devnull while(p < pe && isubid < MAXOBJIDLEN) {
457 0fc65b37 2004-03-21 devnull err = uint7_decode(&p, pend, &num);
458 0fc65b37 2004-03-21 devnull if(err != ASN_OK)
460 0fc65b37 2004-03-21 devnull if(isubid == 0) {
461 0fc65b37 2004-03-21 devnull subids[isubid++] = num / 40;
462 0fc65b37 2004-03-21 devnull subids[isubid++] = num % 40;
465 0fc65b37 2004-03-21 devnull subids[isubid++] = num;
467 0fc65b37 2004-03-21 devnull if(err == ASN_OK) {
468 0fc65b37 2004-03-21 devnull if(p != pe)
469 0fc65b37 2004-03-21 devnull err = ASN_EVALLEN;
471 0fc65b37 2004-03-21 devnull pval->tag = VObjId;
472 0fc65b37 2004-03-21 devnull pval->u.objidval = makeints(subids, isubid);
478 0fc65b37 2004-03-21 devnull case EXTERNAL:
479 0fc65b37 2004-03-21 devnull case EMBEDDED_PDV:
480 0fc65b37 2004-03-21 devnull /* TODO: parse this internally */
481 0fc65b37 2004-03-21 devnull if(p+length > pend)
482 0fc65b37 2004-03-21 devnull err = ASN_EVALLEN;
484 0fc65b37 2004-03-21 devnull pval->tag = VOther;
485 0fc65b37 2004-03-21 devnull pval->u.otherval = makebytes(p, length);
486 0fc65b37 2004-03-21 devnull p += length;
490 0fc65b37 2004-03-21 devnull case REAL:
491 0fc65b37 2004-03-21 devnull /* Let the application decode */
492 0fc65b37 2004-03-21 devnull if(isconstr)
493 0fc65b37 2004-03-21 devnull err = ASN_ECONSTR;
494 0fc65b37 2004-03-21 devnull else if(p+length > pend)
495 0fc65b37 2004-03-21 devnull err = ASN_EVALLEN;
497 0fc65b37 2004-03-21 devnull pval->tag = VReal;
498 0fc65b37 2004-03-21 devnull pval->u.realval = makebytes(p, length);
499 0fc65b37 2004-03-21 devnull p += length;
503 0fc65b37 2004-03-21 devnull case SEQUENCE:
504 0fc65b37 2004-03-21 devnull err = seq_decode(&p, pend, length, isconstr, &vl);
505 0fc65b37 2004-03-21 devnull if(err == ASN_OK) {
506 0fc65b37 2004-03-21 devnull pval->tag = VSeq ;
507 0fc65b37 2004-03-21 devnull pval->u.seqval = vl;
511 0fc65b37 2004-03-21 devnull case SETOF:
512 0fc65b37 2004-03-21 devnull err = seq_decode(&p, pend, length, isconstr, &vl);
513 0fc65b37 2004-03-21 devnull if(err == ASN_OK) {
514 0fc65b37 2004-03-21 devnull pval->tag = VSet;
515 0fc65b37 2004-03-21 devnull pval->u.setval = vl;
519 0fc65b37 2004-03-21 devnull case NumericString:
520 0fc65b37 2004-03-21 devnull case PrintableString:
521 0fc65b37 2004-03-21 devnull case TeletexString:
522 0fc65b37 2004-03-21 devnull case VideotexString:
523 0fc65b37 2004-03-21 devnull case IA5String:
524 0fc65b37 2004-03-21 devnull case UTCTime:
525 0fc65b37 2004-03-21 devnull case GeneralizedTime:
526 0fc65b37 2004-03-21 devnull case GraphicString:
527 0fc65b37 2004-03-21 devnull case VisibleString:
528 0fc65b37 2004-03-21 devnull case GeneralString:
529 0fc65b37 2004-03-21 devnull case UniversalString:
530 0fc65b37 2004-03-21 devnull case BMPString:
531 0fc65b37 2004-03-21 devnull /* TODO: figure out when character set conversion is necessary */
532 0fc65b37 2004-03-21 devnull err = octet_decode(&p, pend, length, isconstr, &va);
533 0fc65b37 2004-03-21 devnull if(err == ASN_OK) {
534 0fc65b37 2004-03-21 devnull pval->tag = VString;
535 0fc65b37 2004-03-21 devnull pval->u.stringval = (char*)emalloc(va->len+1);
536 0fc65b37 2004-03-21 devnull memmove(pval->u.stringval, va->data, va->len);
537 0fc65b37 2004-03-21 devnull pval->u.stringval[va->len] = 0;
538 0fc65b37 2004-03-21 devnull free(va);
542 0fc65b37 2004-03-21 devnull default:
543 0fc65b37 2004-03-21 devnull if(p+length > pend)
544 0fc65b37 2004-03-21 devnull err = ASN_EVALLEN;
546 0fc65b37 2004-03-21 devnull pval->tag = VOther;
547 0fc65b37 2004-03-21 devnull pval->u.otherval = makebytes(p, length);
548 0fc65b37 2004-03-21 devnull p += length;
552 0fc65b37 2004-03-21 devnull *pp = p;
553 0fc65b37 2004-03-21 devnull return err;
557 0fc65b37 2004-03-21 devnull * Decode an int in format where count bytes are
558 0fc65b37 2004-03-21 devnull * concatenated to form value.
559 0fc65b37 2004-03-21 devnull * Although ASN1 allows any size integer, we return
560 0fc65b37 2004-03-21 devnull * an error if the result doesn't fit in a 32-bit int.
561 0fc65b37 2004-03-21 devnull * If unsgned is not set, make sure to propagate sign bit.
563 0fc65b37 2004-03-21 devnull static int
564 0fc65b37 2004-03-21 devnull int_decode(uchar** pp, uchar* pend, int count, int unsgned, int* pint)
566 0fc65b37 2004-03-21 devnull int err;
567 0fc65b37 2004-03-21 devnull int num;
568 0fc65b37 2004-03-21 devnull uchar* p;
570 0fc65b37 2004-03-21 devnull p = *pp;
571 0fc65b37 2004-03-21 devnull err = ASN_OK;
572 0fc65b37 2004-03-21 devnull num = 0;
573 0fc65b37 2004-03-21 devnull if(p+count <= pend) {
574 0fc65b37 2004-03-21 devnull if((count > 4) || (unsgned && count == 4 && (*p&0x80)))
575 0fc65b37 2004-03-21 devnull err = ASN_ETOOBIG;
577 0fc65b37 2004-03-21 devnull if(!unsgned && count > 0 && count < 4 && (*p&0x80))
578 cbeb0b26 2006-04-01 devnull num = -1; /* set all bits, initially */
579 0fc65b37 2004-03-21 devnull while(count--)
580 0fc65b37 2004-03-21 devnull num = (num << 8)|(*p++);
584 0fc65b37 2004-03-21 devnull err = ASN_ESHORT;
585 0fc65b37 2004-03-21 devnull *pint = num;
586 0fc65b37 2004-03-21 devnull *pp = p;
587 0fc65b37 2004-03-21 devnull return err;
591 0fc65b37 2004-03-21 devnull * Decode an unsigned int in format where each
592 0fc65b37 2004-03-21 devnull * byte except last has high bit set, and remaining
593 0fc65b37 2004-03-21 devnull * seven bits of each byte are concatenated to form value.
594 0fc65b37 2004-03-21 devnull * Although ASN1 allows any size integer, we return
595 0fc65b37 2004-03-21 devnull * an error if the result doesn't fit in a 32 bit int.
597 0fc65b37 2004-03-21 devnull static int
598 0fc65b37 2004-03-21 devnull uint7_decode(uchar** pp, uchar* pend, int* pint)
600 0fc65b37 2004-03-21 devnull int err;
601 0fc65b37 2004-03-21 devnull int num;
602 0fc65b37 2004-03-21 devnull int more;
604 0fc65b37 2004-03-21 devnull uchar* p;
606 0fc65b37 2004-03-21 devnull p = *pp;
607 0fc65b37 2004-03-21 devnull err = ASN_OK;
608 0fc65b37 2004-03-21 devnull num = 0;
609 0fc65b37 2004-03-21 devnull more = 1;
610 0fc65b37 2004-03-21 devnull while(more && p < pend) {
611 0fc65b37 2004-03-21 devnull v = *p++;
612 0fc65b37 2004-03-21 devnull if(num&0x7F000000) {
613 0fc65b37 2004-03-21 devnull err = ASN_ETOOBIG;
616 0fc65b37 2004-03-21 devnull num <<= 7;
617 0fc65b37 2004-03-21 devnull more = v&0x80;
618 0fc65b37 2004-03-21 devnull num |= (v&0x7F);
620 0fc65b37 2004-03-21 devnull if(p == pend)
621 0fc65b37 2004-03-21 devnull err = ASN_ESHORT;
622 0fc65b37 2004-03-21 devnull *pint = num;
623 0fc65b37 2004-03-21 devnull *pp = p;
624 0fc65b37 2004-03-21 devnull return err;
628 0fc65b37 2004-03-21 devnull * Decode an octet string, recursively if isconstr.
629 0fc65b37 2004-03-21 devnull * We've already checked that length==-1 implies isconstr==1,
630 0fc65b37 2004-03-21 devnull * and otherwise that specified length fits within (*pp..pend)
632 0fc65b37 2004-03-21 devnull static int
633 0fc65b37 2004-03-21 devnull octet_decode(uchar** pp, uchar* pend, int length, int isconstr, Bytes** pbytes)
635 0fc65b37 2004-03-21 devnull int err;
636 0fc65b37 2004-03-21 devnull uchar* p;
637 0fc65b37 2004-03-21 devnull Bytes* ans;
638 0fc65b37 2004-03-21 devnull Bytes* newans;
639 0fc65b37 2004-03-21 devnull uchar* pstart;
640 0fc65b37 2004-03-21 devnull uchar* pold;
641 0fc65b37 2004-03-21 devnull Elem elem;
643 0fc65b37 2004-03-21 devnull err = ASN_OK;
644 0fc65b37 2004-03-21 devnull p = *pp;
645 0fc65b37 2004-03-21 devnull ans = nil;
646 0fc65b37 2004-03-21 devnull if(length >= 0 && !isconstr) {
647 0fc65b37 2004-03-21 devnull ans = makebytes(p, length);
648 0fc65b37 2004-03-21 devnull p += length;
651 0fc65b37 2004-03-21 devnull /* constructed, either definite or indefinite length */
652 0fc65b37 2004-03-21 devnull pstart = p;
653 0fc65b37 2004-03-21 devnull for(;;) {
654 0fc65b37 2004-03-21 devnull if(length >= 0 && p >= pstart + length) {
655 0fc65b37 2004-03-21 devnull if(p != pstart + length)
656 0fc65b37 2004-03-21 devnull err = ASN_EVALLEN;
659 0fc65b37 2004-03-21 devnull pold = p;
660 0fc65b37 2004-03-21 devnull err = ber_decode(&p, pend, &elem);
661 0fc65b37 2004-03-21 devnull if(err != ASN_OK)
663 0fc65b37 2004-03-21 devnull switch(elem.val.tag) {
664 0fc65b37 2004-03-21 devnull case VOctets:
665 0fc65b37 2004-03-21 devnull newans = catbytes(ans, elem.val.u.octetsval);
666 0fc65b37 2004-03-21 devnull freebytes(ans);
667 0fc65b37 2004-03-21 devnull ans = newans;
670 0fc65b37 2004-03-21 devnull case VEOC:
671 0fc65b37 2004-03-21 devnull if(length != -1) {
672 0fc65b37 2004-03-21 devnull p = pold;
673 0fc65b37 2004-03-21 devnull err = ASN_EINVAL;
675 0fc65b37 2004-03-21 devnull goto cloop_done;
677 0fc65b37 2004-03-21 devnull default:
678 0fc65b37 2004-03-21 devnull p = pold;
679 0fc65b37 2004-03-21 devnull err = ASN_EINVAL;
680 0fc65b37 2004-03-21 devnull goto cloop_done;
683 0fc65b37 2004-03-21 devnull cloop_done:
686 0fc65b37 2004-03-21 devnull *pp = p;
687 0fc65b37 2004-03-21 devnull *pbytes = ans;
688 0fc65b37 2004-03-21 devnull return err;
692 0fc65b37 2004-03-21 devnull * Decode a sequence or set.
693 0fc65b37 2004-03-21 devnull * We've already checked that length==-1 implies isconstr==1,
694 0fc65b37 2004-03-21 devnull * and otherwise that specified length fits within (*p..pend)
696 0fc65b37 2004-03-21 devnull static int
697 0fc65b37 2004-03-21 devnull seq_decode(uchar** pp, uchar* pend, int length, int isconstr, Elist** pelist)
699 0fc65b37 2004-03-21 devnull int err;
700 0fc65b37 2004-03-21 devnull uchar* p;
701 0fc65b37 2004-03-21 devnull uchar* pstart;
702 0fc65b37 2004-03-21 devnull uchar* pold;
703 0fc65b37 2004-03-21 devnull Elist* ans;
704 0fc65b37 2004-03-21 devnull Elem elem;
705 0fc65b37 2004-03-21 devnull Elist* lve;
706 0fc65b37 2004-03-21 devnull Elist* lveold;
708 0fc65b37 2004-03-21 devnull err = ASN_OK;
709 0fc65b37 2004-03-21 devnull ans = nil;
710 0fc65b37 2004-03-21 devnull p = *pp;
711 0fc65b37 2004-03-21 devnull if(!isconstr)
712 0fc65b37 2004-03-21 devnull err = ASN_EPRIM;
714 0fc65b37 2004-03-21 devnull /* constructed, either definite or indefinite length */
715 0fc65b37 2004-03-21 devnull lve = nil;
716 0fc65b37 2004-03-21 devnull pstart = p;
717 0fc65b37 2004-03-21 devnull for(;;) {
718 0fc65b37 2004-03-21 devnull if(length >= 0 && p >= pstart + length) {
719 0fc65b37 2004-03-21 devnull if(p != pstart + length)
720 0fc65b37 2004-03-21 devnull err = ASN_EVALLEN;
723 0fc65b37 2004-03-21 devnull pold = p;
724 0fc65b37 2004-03-21 devnull err = ber_decode(&p, pend, &elem);
725 0fc65b37 2004-03-21 devnull if(err != ASN_OK)
727 0fc65b37 2004-03-21 devnull if(elem.val.tag == VEOC) {
728 0fc65b37 2004-03-21 devnull if(length != -1) {
729 0fc65b37 2004-03-21 devnull p = pold;
730 0fc65b37 2004-03-21 devnull err = ASN_EINVAL;
735 0fc65b37 2004-03-21 devnull lve = mkel(elem, lve);
737 0fc65b37 2004-03-21 devnull if(err == ASN_OK) {
738 0fc65b37 2004-03-21 devnull /* reverse back to original order */
739 0fc65b37 2004-03-21 devnull while(lve != nil) {
740 0fc65b37 2004-03-21 devnull lveold = lve;
741 0fc65b37 2004-03-21 devnull lve = lve->tl;
742 0fc65b37 2004-03-21 devnull lveold->tl = ans;
743 0fc65b37 2004-03-21 devnull ans = lveold;
747 0fc65b37 2004-03-21 devnull *pp = p;
748 0fc65b37 2004-03-21 devnull *pelist = ans;
749 0fc65b37 2004-03-21 devnull return err;
753 0fc65b37 2004-03-21 devnull * Encode e by BER rules, putting answer in *pbytes.
754 0fc65b37 2004-03-21 devnull * This is done by first calling enc with lenonly==1
755 0fc65b37 2004-03-21 devnull * to get the length of the needed buffer,
756 0fc65b37 2004-03-21 devnull * then allocating the buffer and using enc again to fill it up.
758 0fc65b37 2004-03-21 devnull static int
759 0fc65b37 2004-03-21 devnull encode(Elem e, Bytes** pbytes)
761 0fc65b37 2004-03-21 devnull uchar* p;
762 0fc65b37 2004-03-21 devnull Bytes* ans;
763 0fc65b37 2004-03-21 devnull int err;
764 0fc65b37 2004-03-21 devnull uchar uc;
766 0fc65b37 2004-03-21 devnull p = &uc;
767 0fc65b37 2004-03-21 devnull err = enc(&p, e, 1);
768 0fc65b37 2004-03-21 devnull if(err == ASN_OK) {
769 0fc65b37 2004-03-21 devnull ans = newbytes(p-&uc);
770 0fc65b37 2004-03-21 devnull p = ans->data;
771 0fc65b37 2004-03-21 devnull err = enc(&p, e, 0);
772 0fc65b37 2004-03-21 devnull *pbytes = ans;
774 0fc65b37 2004-03-21 devnull return err;
778 0fc65b37 2004-03-21 devnull * The various enc functions take a pointer to a pointer
779 0fc65b37 2004-03-21 devnull * into a buffer, and encode their entity starting there,
780 0fc65b37 2004-03-21 devnull * updating the pointer afterwards.
781 0fc65b37 2004-03-21 devnull * If lenonly is 1, only the pointer update is done,
782 0fc65b37 2004-03-21 devnull * allowing enc to be called first to calculate the needed
783 0fc65b37 2004-03-21 devnull * buffer length.
784 0fc65b37 2004-03-21 devnull * If lenonly is 0, it is assumed that the answer will fit.
787 0fc65b37 2004-03-21 devnull static int
788 0fc65b37 2004-03-21 devnull enc(uchar** pp, Elem e, int lenonly)
790 0fc65b37 2004-03-21 devnull int err;
791 0fc65b37 2004-03-21 devnull int vlen;
792 0fc65b37 2004-03-21 devnull int constr;
793 0fc65b37 2004-03-21 devnull Tag tag;
795 0fc65b37 2004-03-21 devnull int ilen;
796 0fc65b37 2004-03-21 devnull uchar* p;
797 0fc65b37 2004-03-21 devnull uchar* psave;
799 0fc65b37 2004-03-21 devnull p = *pp;
800 0fc65b37 2004-03-21 devnull err = val_enc(&p, e, &constr, 1);
801 0fc65b37 2004-03-21 devnull if(err != ASN_OK)
802 0fc65b37 2004-03-21 devnull return err;
803 0fc65b37 2004-03-21 devnull vlen = p - *pp;
804 0fc65b37 2004-03-21 devnull p = *pp;
805 0fc65b37 2004-03-21 devnull tag = e.tag;
806 0fc65b37 2004-03-21 devnull v = tag.class|constr;
807 0fc65b37 2004-03-21 devnull if(tag.num < 31) {
808 0fc65b37 2004-03-21 devnull if(!lenonly)
809 0fc65b37 2004-03-21 devnull *p = (v|tag.num);
813 0fc65b37 2004-03-21 devnull if(!lenonly)
814 0fc65b37 2004-03-21 devnull *p = (v|31);
816 0fc65b37 2004-03-21 devnull if(tag.num < 0)
817 0fc65b37 2004-03-21 devnull return ASN_EINVAL;
818 0fc65b37 2004-03-21 devnull uint7_enc(&p, tag.num, lenonly);
820 0fc65b37 2004-03-21 devnull if(vlen < 0x80) {
821 0fc65b37 2004-03-21 devnull if(!lenonly)
822 0fc65b37 2004-03-21 devnull *p = vlen;
826 0fc65b37 2004-03-21 devnull psave = p;
827 0fc65b37 2004-03-21 devnull int_enc(&p, vlen, 1, 1);
828 0fc65b37 2004-03-21 devnull ilen = p-psave;
829 0fc65b37 2004-03-21 devnull p = psave;
830 0fc65b37 2004-03-21 devnull if(!lenonly) {
831 0fc65b37 2004-03-21 devnull *p++ = (0x80 | ilen);
832 0fc65b37 2004-03-21 devnull int_enc(&p, vlen, 1, 0);
835 0fc65b37 2004-03-21 devnull p += 1 + ilen;
837 0fc65b37 2004-03-21 devnull if(!lenonly)
838 0fc65b37 2004-03-21 devnull val_enc(&p, e, &constr, 0);
840 0fc65b37 2004-03-21 devnull p += vlen;
841 0fc65b37 2004-03-21 devnull *pp = p;
842 0fc65b37 2004-03-21 devnull return err;
845 0fc65b37 2004-03-21 devnull static int
846 0fc65b37 2004-03-21 devnull val_enc(uchar** pp, Elem e, int *pconstr, int lenonly)
848 0fc65b37 2004-03-21 devnull int err;
849 0fc65b37 2004-03-21 devnull uchar* p;
850 0fc65b37 2004-03-21 devnull int kind;
853 0fc65b37 2004-03-21 devnull Bytes* bb = nil;
854 0fc65b37 2004-03-21 devnull Bits* bits;
855 0fc65b37 2004-03-21 devnull Ints* oid;
857 0fc65b37 2004-03-21 devnull Elist* el;
858 0fc65b37 2004-03-21 devnull char* s;
860 0fc65b37 2004-03-21 devnull p = *pp;
861 0fc65b37 2004-03-21 devnull err = ASN_OK;
862 0fc65b37 2004-03-21 devnull kind = e.tag.num;
863 0fc65b37 2004-03-21 devnull cl = e.tag.class;
864 0fc65b37 2004-03-21 devnull *pconstr = 0;
865 0fc65b37 2004-03-21 devnull if(cl != Universal) {
866 0fc65b37 2004-03-21 devnull switch(e.val.tag) {
867 0fc65b37 2004-03-21 devnull case VBool:
868 0fc65b37 2004-03-21 devnull kind = BOOLEAN;
870 0fc65b37 2004-03-21 devnull case VInt:
871 0fc65b37 2004-03-21 devnull kind = INTEGER;
873 0fc65b37 2004-03-21 devnull case VBigInt:
874 0fc65b37 2004-03-21 devnull kind = INTEGER;
876 0fc65b37 2004-03-21 devnull case VOctets:
877 0fc65b37 2004-03-21 devnull kind = OCTET_STRING;
879 0fc65b37 2004-03-21 devnull case VReal:
880 0fc65b37 2004-03-21 devnull kind = REAL;
882 0fc65b37 2004-03-21 devnull case VOther:
883 0fc65b37 2004-03-21 devnull kind = OCTET_STRING;
885 0fc65b37 2004-03-21 devnull case VBitString:
886 0fc65b37 2004-03-21 devnull kind = BIT_STRING;
888 0fc65b37 2004-03-21 devnull case VNull:
889 0fc65b37 2004-03-21 devnull kind = NULLTAG;
891 0fc65b37 2004-03-21 devnull case VObjId:
892 0fc65b37 2004-03-21 devnull kind = OBJECT_ID;
894 0fc65b37 2004-03-21 devnull case VString:
895 0fc65b37 2004-03-21 devnull kind = UniversalString;
897 0fc65b37 2004-03-21 devnull case VSeq:
898 0fc65b37 2004-03-21 devnull kind = SEQUENCE;
900 0fc65b37 2004-03-21 devnull case VSet:
901 0fc65b37 2004-03-21 devnull kind = SETOF;
905 0fc65b37 2004-03-21 devnull switch(kind) {
906 0fc65b37 2004-03-21 devnull case BOOLEAN:
907 0fc65b37 2004-03-21 devnull if(is_int(&e, &v)) {
908 0fc65b37 2004-03-21 devnull if(v != 0)
909 0fc65b37 2004-03-21 devnull v = 255;
910 0fc65b37 2004-03-21 devnull int_enc(&p, v, 1, lenonly);
913 0fc65b37 2004-03-21 devnull err = ASN_EINVAL;
916 0fc65b37 2004-03-21 devnull case INTEGER:
917 0fc65b37 2004-03-21 devnull case ENUMERATED:
918 0fc65b37 2004-03-21 devnull if(is_int(&e, &v))
919 0fc65b37 2004-03-21 devnull int_enc(&p, v, 0, lenonly);
921 0fc65b37 2004-03-21 devnull if(is_bigint(&e, &bb)) {
922 0fc65b37 2004-03-21 devnull if(!lenonly)
923 0fc65b37 2004-03-21 devnull memmove(p, bb->data, bb->len);
924 0fc65b37 2004-03-21 devnull p += bb->len;
927 0fc65b37 2004-03-21 devnull err = ASN_EINVAL;
931 0fc65b37 2004-03-21 devnull case BIT_STRING:
932 0fc65b37 2004-03-21 devnull if(is_bitstring(&e, &bits)) {
933 0fc65b37 2004-03-21 devnull if(bits->len == 0) {
934 0fc65b37 2004-03-21 devnull if(!lenonly)
939 0fc65b37 2004-03-21 devnull v = bits->unusedbits;
940 0fc65b37 2004-03-21 devnull if(v < 0 || v > 7)
941 0fc65b37 2004-03-21 devnull err = ASN_EINVAL;
943 0fc65b37 2004-03-21 devnull if(!lenonly) {
945 0fc65b37 2004-03-21 devnull memmove(p+1, bits->data, bits->len);
947 0fc65b37 2004-03-21 devnull p += 1 + bits->len;
952 0fc65b37 2004-03-21 devnull err = ASN_EINVAL;
955 0fc65b37 2004-03-21 devnull case OCTET_STRING:
956 0fc65b37 2004-03-21 devnull case ObjectDescriptor:
957 0fc65b37 2004-03-21 devnull case EXTERNAL:
958 0fc65b37 2004-03-21 devnull case REAL:
959 0fc65b37 2004-03-21 devnull case EMBEDDED_PDV:
960 0fc65b37 2004-03-21 devnull bb = nil;
961 0fc65b37 2004-03-21 devnull switch(e.val.tag) {
962 0fc65b37 2004-03-21 devnull case VOctets:
963 0fc65b37 2004-03-21 devnull bb = e.val.u.octetsval;
965 0fc65b37 2004-03-21 devnull case VReal:
966 0fc65b37 2004-03-21 devnull bb = e.val.u.realval;
968 0fc65b37 2004-03-21 devnull case VOther:
969 0fc65b37 2004-03-21 devnull bb = e.val.u.otherval;
972 0fc65b37 2004-03-21 devnull if(bb != nil) {
973 0fc65b37 2004-03-21 devnull if(!lenonly)
974 0fc65b37 2004-03-21 devnull memmove(p, bb->data, bb->len);
975 0fc65b37 2004-03-21 devnull p += bb->len;
978 0fc65b37 2004-03-21 devnull err = ASN_EINVAL;
981 0fc65b37 2004-03-21 devnull case NULLTAG:
984 0fc65b37 2004-03-21 devnull case OBJECT_ID:
985 0fc65b37 2004-03-21 devnull if(is_oid(&e, &oid)) {
986 0fc65b37 2004-03-21 devnull for(k = 0; k < oid->len; k++) {
987 0fc65b37 2004-03-21 devnull v = oid->data[k];
988 0fc65b37 2004-03-21 devnull if(k == 0) {
989 0fc65b37 2004-03-21 devnull v *= 40;
990 0fc65b37 2004-03-21 devnull if(oid->len > 1)
991 0fc65b37 2004-03-21 devnull v += oid->data[++k];
993 0fc65b37 2004-03-21 devnull uint7_enc(&p, v, lenonly);
997 0fc65b37 2004-03-21 devnull err = ASN_EINVAL;
1000 0fc65b37 2004-03-21 devnull case SEQUENCE:
1001 0fc65b37 2004-03-21 devnull case SETOF:
1002 0fc65b37 2004-03-21 devnull el = nil;
1003 0fc65b37 2004-03-21 devnull if(e.val.tag == VSeq)
1004 0fc65b37 2004-03-21 devnull el = e.val.u.seqval;
1005 0fc65b37 2004-03-21 devnull else if(e.val.tag == VSet)
1006 0fc65b37 2004-03-21 devnull el = e.val.u.setval;
1008 0fc65b37 2004-03-21 devnull err = ASN_EINVAL;
1009 0fc65b37 2004-03-21 devnull if(el != nil) {
1010 0fc65b37 2004-03-21 devnull *pconstr = CONSTR_MASK;
1011 0fc65b37 2004-03-21 devnull for(; el != nil; el = el->tl) {
1012 0fc65b37 2004-03-21 devnull err = enc(&p, el->hd, lenonly);
1013 0fc65b37 2004-03-21 devnull if(err != ASN_OK)
1019 0fc65b37 2004-03-21 devnull case NumericString:
1020 0fc65b37 2004-03-21 devnull case PrintableString:
1021 0fc65b37 2004-03-21 devnull case TeletexString:
1022 0fc65b37 2004-03-21 devnull case VideotexString:
1023 0fc65b37 2004-03-21 devnull case IA5String:
1024 0fc65b37 2004-03-21 devnull case UTCTime:
1025 0fc65b37 2004-03-21 devnull case GeneralizedTime:
1026 0fc65b37 2004-03-21 devnull case GraphicString:
1027 0fc65b37 2004-03-21 devnull case VisibleString:
1028 0fc65b37 2004-03-21 devnull case GeneralString:
1029 0fc65b37 2004-03-21 devnull case UniversalString:
1030 0fc65b37 2004-03-21 devnull case BMPString:
1031 0fc65b37 2004-03-21 devnull if(e.val.tag == VString) {
1032 0fc65b37 2004-03-21 devnull s = e.val.u.stringval;
1033 0fc65b37 2004-03-21 devnull if(s != nil) {
1034 0fc65b37 2004-03-21 devnull v = strlen(s);
1035 0fc65b37 2004-03-21 devnull if(!lenonly)
1036 0fc65b37 2004-03-21 devnull memmove(p, s, v);
1037 0fc65b37 2004-03-21 devnull p += v;
1041 0fc65b37 2004-03-21 devnull err = ASN_EINVAL;
1044 0fc65b37 2004-03-21 devnull default:
1045 0fc65b37 2004-03-21 devnull err = ASN_EINVAL;
1047 0fc65b37 2004-03-21 devnull *pp = p;
1048 0fc65b37 2004-03-21 devnull return err;
1052 0fc65b37 2004-03-21 devnull * Encode num as unsigned 7 bit values with top bit 1 on all bytes
1053 0fc65b37 2004-03-21 devnull * except last, only putting in bytes if !lenonly.
1055 0fc65b37 2004-03-21 devnull static void
1056 0fc65b37 2004-03-21 devnull uint7_enc(uchar** pp, int num, int lenonly)
1061 0fc65b37 2004-03-21 devnull uchar* p;
1063 0fc65b37 2004-03-21 devnull p = *pp;
1065 0fc65b37 2004-03-21 devnull v = num >> 7;
1066 0fc65b37 2004-03-21 devnull while(v > 0) {
1067 0fc65b37 2004-03-21 devnull v >>= 7;
1070 0fc65b37 2004-03-21 devnull if(lenonly)
1071 0fc65b37 2004-03-21 devnull p += n;
1073 0fc65b37 2004-03-21 devnull for(k = (n - 1)*7; k > 0; k -= 7)
1074 0fc65b37 2004-03-21 devnull *p++= ((num >> k)|0x80);
1075 0fc65b37 2004-03-21 devnull *p++ = (num&0x7F);
1077 0fc65b37 2004-03-21 devnull *pp = p;
1081 0fc65b37 2004-03-21 devnull * Encode num as unsigned or signed integer,
1082 0fc65b37 2004-03-21 devnull * only putting in bytes if !lenonly.
1083 0fc65b37 2004-03-21 devnull * Encoding is length followed by bytes to concatenate.
1085 0fc65b37 2004-03-21 devnull static void
1086 0fc65b37 2004-03-21 devnull int_enc(uchar** pp, int num, int unsgned, int lenonly)
1090 0fc65b37 2004-03-21 devnull int prevv;
1092 0fc65b37 2004-03-21 devnull uchar* p;
1094 0fc65b37 2004-03-21 devnull p = *pp;
1095 0fc65b37 2004-03-21 devnull v = num;
1096 0fc65b37 2004-03-21 devnull if(v < 0)
1097 0fc65b37 2004-03-21 devnull v = -(v + 1);
1099 0fc65b37 2004-03-21 devnull prevv = v;
1100 0fc65b37 2004-03-21 devnull v >>= 8;
1101 0fc65b37 2004-03-21 devnull while(v > 0) {
1102 0fc65b37 2004-03-21 devnull prevv = v;
1103 0fc65b37 2004-03-21 devnull v >>= 8;
1106 0fc65b37 2004-03-21 devnull if(!unsgned && (prevv&0x80))
1108 0fc65b37 2004-03-21 devnull if(lenonly)
1109 0fc65b37 2004-03-21 devnull p += n;
1111 0fc65b37 2004-03-21 devnull for(k = (n - 1)*8; k >= 0; k -= 8)
1112 0fc65b37 2004-03-21 devnull *p++ = (num >> k);
1114 0fc65b37 2004-03-21 devnull *pp = p;
1117 0fc65b37 2004-03-21 devnull static int
1118 0fc65b37 2004-03-21 devnull ints_eq(Ints* a, Ints* b)
1120 0fc65b37 2004-03-21 devnull int alen;
1123 0fc65b37 2004-03-21 devnull alen = a->len;
1124 0fc65b37 2004-03-21 devnull if(alen != b->len)
1125 0fc65b37 2004-03-21 devnull return 0;
1126 0fc65b37 2004-03-21 devnull for(i = 0; i < alen; i++)
1127 0fc65b37 2004-03-21 devnull if(a->data[i] != b->data[i])
1128 0fc65b37 2004-03-21 devnull return 0;
1129 0fc65b37 2004-03-21 devnull return 1;
1133 0fc65b37 2004-03-21 devnull * Look up o in tab (which must have nil entry to terminate).
1134 0fc65b37 2004-03-21 devnull * Return index of matching entry, or -1 if none.
1136 0fc65b37 2004-03-21 devnull static int
1137 0fc65b37 2004-03-21 devnull oid_lookup(Ints* o, Ints** tab)
1141 0fc65b37 2004-03-21 devnull for(i = 0; tab[i] != nil; i++)
1142 0fc65b37 2004-03-21 devnull if(ints_eq(o, tab[i]))
1143 0fc65b37 2004-03-21 devnull return i;
1144 0fc65b37 2004-03-21 devnull return -1;
1148 0fc65b37 2004-03-21 devnull * Return true if *pe is a SEQUENCE, and set *pseq to
1149 0fc65b37 2004-03-21 devnull * the value of the sequence if so.
1151 0fc65b37 2004-03-21 devnull static int
1152 0fc65b37 2004-03-21 devnull is_seq(Elem* pe, Elist** pseq)
1154 0fc65b37 2004-03-21 devnull if(pe->tag.class == Universal && pe->tag.num == SEQUENCE && pe->val.tag == VSeq) {
1155 0fc65b37 2004-03-21 devnull *pseq = pe->val.u.seqval;
1156 0fc65b37 2004-03-21 devnull return 1;
1158 0fc65b37 2004-03-21 devnull return 0;
1161 0fc65b37 2004-03-21 devnull static int
1162 0fc65b37 2004-03-21 devnull is_set(Elem* pe, Elist** pset)
1164 0fc65b37 2004-03-21 devnull if(pe->tag.class == Universal && pe->tag.num == SETOF && pe->val.tag == VSet) {
1165 0fc65b37 2004-03-21 devnull *pset = pe->val.u.setval;
1166 0fc65b37 2004-03-21 devnull return 1;
1168 0fc65b37 2004-03-21 devnull return 0;
1171 0fc65b37 2004-03-21 devnull static int
1172 0fc65b37 2004-03-21 devnull is_int(Elem* pe, int* pint)
1174 0fc65b37 2004-03-21 devnull if(pe->tag.class == Universal) {
1175 0fc65b37 2004-03-21 devnull if(pe->tag.num == INTEGER && pe->val.tag == VInt) {
1176 0fc65b37 2004-03-21 devnull *pint = pe->val.u.intval;
1177 0fc65b37 2004-03-21 devnull return 1;
1179 0fc65b37 2004-03-21 devnull else if(pe->tag.num == BOOLEAN && pe->val.tag == VBool) {
1180 0fc65b37 2004-03-21 devnull *pint = pe->val.u.boolval;
1181 0fc65b37 2004-03-21 devnull return 1;
1184 0fc65b37 2004-03-21 devnull return 0;
1188 0fc65b37 2004-03-21 devnull * for convience, all VInt's are readable via this routine,
1189 0fc65b37 2004-03-21 devnull * as well as all VBigInt's
1191 0fc65b37 2004-03-21 devnull static int
1192 0fc65b37 2004-03-21 devnull is_bigint(Elem* pe, Bytes** pbigint)
1194 0fc65b37 2004-03-21 devnull int v, n, i;
1196 0fc65b37 2004-03-21 devnull if(pe->tag.class == Universal && pe->tag.num == INTEGER) {
1197 0fc65b37 2004-03-21 devnull if(pe->val.tag == VBigInt)
1198 0fc65b37 2004-03-21 devnull *pbigint = pe->val.u.bigintval;
1199 0fc65b37 2004-03-21 devnull else if(pe->val.tag == VInt){
1200 0fc65b37 2004-03-21 devnull v = pe->val.u.intval;
1201 0fc65b37 2004-03-21 devnull for(n = 1; n < 4; n++)
1202 0fc65b37 2004-03-21 devnull if((1 << (8 * n)) > v)
1204 0fc65b37 2004-03-21 devnull *pbigint = newbytes(n);
1205 0fc65b37 2004-03-21 devnull for(i = 0; i < n; i++)
1206 0fc65b37 2004-03-21 devnull (*pbigint)->data[i] = (v >> ((n - 1 - i) * 8));
1208 0fc65b37 2004-03-21 devnull return 0;
1209 0fc65b37 2004-03-21 devnull return 1;
1211 0fc65b37 2004-03-21 devnull return 0;
1214 0fc65b37 2004-03-21 devnull static int
1215 0fc65b37 2004-03-21 devnull is_bitstring(Elem* pe, Bits** pbits)
1217 0fc65b37 2004-03-21 devnull if(pe->tag.class == Universal && pe->tag.num == BIT_STRING && pe->val.tag == VBitString) {
1218 0fc65b37 2004-03-21 devnull *pbits = pe->val.u.bitstringval;
1219 0fc65b37 2004-03-21 devnull return 1;
1221 0fc65b37 2004-03-21 devnull return 0;
1224 0fc65b37 2004-03-21 devnull static int
1225 0fc65b37 2004-03-21 devnull is_octetstring(Elem* pe, Bytes** poctets)
1227 0fc65b37 2004-03-21 devnull if(pe->tag.class == Universal && pe->tag.num == OCTET_STRING && pe->val.tag == VOctets) {
1228 0fc65b37 2004-03-21 devnull *poctets = pe->val.u.octetsval;
1229 0fc65b37 2004-03-21 devnull return 1;
1231 0fc65b37 2004-03-21 devnull return 0;
1234 0fc65b37 2004-03-21 devnull static int
1235 0fc65b37 2004-03-21 devnull is_oid(Elem* pe, Ints** poid)
1237 0fc65b37 2004-03-21 devnull if(pe->tag.class == Universal && pe->tag.num == OBJECT_ID && pe->val.tag == VObjId) {
1238 0fc65b37 2004-03-21 devnull *poid = pe->val.u.objidval;
1239 0fc65b37 2004-03-21 devnull return 1;
1241 0fc65b37 2004-03-21 devnull return 0;
1244 0fc65b37 2004-03-21 devnull static int
1245 0fc65b37 2004-03-21 devnull is_string(Elem* pe, char** pstring)
1247 0fc65b37 2004-03-21 devnull if(pe->tag.class == Universal) {
1248 0fc65b37 2004-03-21 devnull switch(pe->tag.num) {
1249 0fc65b37 2004-03-21 devnull case NumericString:
1250 0fc65b37 2004-03-21 devnull case PrintableString:
1251 0fc65b37 2004-03-21 devnull case TeletexString:
1252 0fc65b37 2004-03-21 devnull case VideotexString:
1253 0fc65b37 2004-03-21 devnull case IA5String:
1254 0fc65b37 2004-03-21 devnull case GraphicString:
1255 0fc65b37 2004-03-21 devnull case VisibleString:
1256 0fc65b37 2004-03-21 devnull case GeneralString:
1257 0fc65b37 2004-03-21 devnull case UniversalString:
1258 0fc65b37 2004-03-21 devnull case BMPString:
1259 0fc65b37 2004-03-21 devnull if(pe->val.tag == VString) {
1260 0fc65b37 2004-03-21 devnull *pstring = pe->val.u.stringval;
1261 0fc65b37 2004-03-21 devnull return 1;
1265 0fc65b37 2004-03-21 devnull return 0;
1268 0fc65b37 2004-03-21 devnull static int
1269 0fc65b37 2004-03-21 devnull is_time(Elem* pe, char** ptime)
1271 0fc65b37 2004-03-21 devnull if(pe->tag.class == Universal
1272 0fc65b37 2004-03-21 devnull && (pe->tag.num == UTCTime || pe->tag.num == GeneralizedTime)
1273 0fc65b37 2004-03-21 devnull && pe->val.tag == VString) {
1274 0fc65b37 2004-03-21 devnull *ptime = pe->val.u.stringval;
1275 0fc65b37 2004-03-21 devnull return 1;
1277 0fc65b37 2004-03-21 devnull return 0;
1282 0fc65b37 2004-03-21 devnull * malloc and return a new Bytes structure capable of
1283 0fc65b37 2004-03-21 devnull * holding len bytes. (len >= 0)
1285 0fc65b37 2004-03-21 devnull static Bytes*
1286 0fc65b37 2004-03-21 devnull newbytes(int len)
1288 0fc65b37 2004-03-21 devnull Bytes* ans;
1290 0fc65b37 2004-03-21 devnull ans = (Bytes*)emalloc(OFFSETOF(data[0], Bytes) + len);
1291 0fc65b37 2004-03-21 devnull ans->len = len;
1292 0fc65b37 2004-03-21 devnull return ans;
1296 0fc65b37 2004-03-21 devnull * newbytes(len), with data initialized from buf
1298 0fc65b37 2004-03-21 devnull static Bytes*
1299 0fc65b37 2004-03-21 devnull makebytes(uchar* buf, int len)
1301 0fc65b37 2004-03-21 devnull Bytes* ans;
1303 0fc65b37 2004-03-21 devnull ans = newbytes(len);
1304 0fc65b37 2004-03-21 devnull memmove(ans->data, buf, len);
1305 0fc65b37 2004-03-21 devnull return ans;
1308 0fc65b37 2004-03-21 devnull static void
1309 0fc65b37 2004-03-21 devnull freebytes(Bytes* b)
1311 0fc65b37 2004-03-21 devnull if(b != nil)
1312 0fc65b37 2004-03-21 devnull free(b);
1316 0fc65b37 2004-03-21 devnull * Make a new Bytes, containing bytes of b1 followed by those of b2.
1317 0fc65b37 2004-03-21 devnull * Either b1 or b2 or both can be nil.
1319 0fc65b37 2004-03-21 devnull static Bytes*
1320 0fc65b37 2004-03-21 devnull catbytes(Bytes* b1, Bytes* b2)
1322 0fc65b37 2004-03-21 devnull Bytes* ans;
1325 0fc65b37 2004-03-21 devnull if(b1 == nil) {
1326 0fc65b37 2004-03-21 devnull if(b2 == nil)
1327 0fc65b37 2004-03-21 devnull ans = newbytes(0);
1329 0fc65b37 2004-03-21 devnull ans = makebytes(b2->data, b2->len);
1331 0fc65b37 2004-03-21 devnull else if(b2 == nil) {
1332 0fc65b37 2004-03-21 devnull ans = makebytes(b1->data, b1->len);
1335 0fc65b37 2004-03-21 devnull n = b1->len + b2->len;
1336 0fc65b37 2004-03-21 devnull ans = newbytes(n);
1337 0fc65b37 2004-03-21 devnull ans->len = n;
1338 0fc65b37 2004-03-21 devnull memmove(ans->data, b1->data, b1->len);
1339 0fc65b37 2004-03-21 devnull memmove(ans->data+b1->len, b2->data, b2->len);
1341 0fc65b37 2004-03-21 devnull return ans;
1344 0fc65b37 2004-03-21 devnull /* len is number of ints */
1345 0fc65b37 2004-03-21 devnull static Ints*
1346 0fc65b37 2004-03-21 devnull newints(int len)
1348 0fc65b37 2004-03-21 devnull Ints* ans;
1350 0fc65b37 2004-03-21 devnull ans = (Ints*)emalloc(OFFSETOF(data[0], Ints) + len*sizeof(int));
1351 0fc65b37 2004-03-21 devnull ans->len = len;
1352 0fc65b37 2004-03-21 devnull return ans;
1355 0fc65b37 2004-03-21 devnull static Ints*
1356 0fc65b37 2004-03-21 devnull makeints(int* buf, int len)
1358 0fc65b37 2004-03-21 devnull Ints* ans;
1360 0fc65b37 2004-03-21 devnull ans = newints(len);
1361 0fc65b37 2004-03-21 devnull if(len > 0)
1362 0fc65b37 2004-03-21 devnull memmove(ans->data, buf, len*sizeof(int));
1363 0fc65b37 2004-03-21 devnull return ans;
1366 0fc65b37 2004-03-21 devnull static void
1367 0fc65b37 2004-03-21 devnull freeints(Ints* b)
1369 0fc65b37 2004-03-21 devnull if(b != nil)
1370 0fc65b37 2004-03-21 devnull free(b);
1373 0fc65b37 2004-03-21 devnull /* len is number of bytes */
1374 0fc65b37 2004-03-21 devnull static Bits*
1375 0fc65b37 2004-03-21 devnull newbits(int len)
1377 0fc65b37 2004-03-21 devnull Bits* ans;
1379 0fc65b37 2004-03-21 devnull ans = (Bits*)emalloc(OFFSETOF(data[0], Bits) + len);
1380 0fc65b37 2004-03-21 devnull ans->len = len;
1381 0fc65b37 2004-03-21 devnull ans->unusedbits = 0;
1382 0fc65b37 2004-03-21 devnull return ans;
1385 0fc65b37 2004-03-21 devnull static Bits*
1386 0fc65b37 2004-03-21 devnull makebits(uchar* buf, int len, int unusedbits)
1388 0fc65b37 2004-03-21 devnull Bits* ans;
1390 0fc65b37 2004-03-21 devnull ans = newbits(len);
1391 0fc65b37 2004-03-21 devnull memmove(ans->data, buf, len);
1392 0fc65b37 2004-03-21 devnull ans->unusedbits = unusedbits;
1393 0fc65b37 2004-03-21 devnull return ans;
1396 0fc65b37 2004-03-21 devnull static void
1397 0fc65b37 2004-03-21 devnull freebits(Bits* b)
1399 0fc65b37 2004-03-21 devnull if(b != nil)
1400 0fc65b37 2004-03-21 devnull free(b);
1403 0fc65b37 2004-03-21 devnull static Elist*
1404 0fc65b37 2004-03-21 devnull mkel(Elem e, Elist* tail)
1406 0fc65b37 2004-03-21 devnull Elist* el;
1408 0fc65b37 2004-03-21 devnull el = (Elist*)emalloc(sizeof(Elist));
1409 0fc65b37 2004-03-21 devnull el->hd = e;
1410 0fc65b37 2004-03-21 devnull el->tl = tail;
1411 0fc65b37 2004-03-21 devnull return el;
1414 0fc65b37 2004-03-21 devnull static int
1415 0fc65b37 2004-03-21 devnull elistlen(Elist* el)
1417 0fc65b37 2004-03-21 devnull int ans = 0;
1418 0fc65b37 2004-03-21 devnull while(el != nil) {
1420 0fc65b37 2004-03-21 devnull el = el->tl;
1422 0fc65b37 2004-03-21 devnull return ans;
1425 0fc65b37 2004-03-21 devnull /* Frees elist, but not fields inside values of constituent elems */
1426 0fc65b37 2004-03-21 devnull static void
1427 0fc65b37 2004-03-21 devnull freeelist(Elist* el)
1429 0fc65b37 2004-03-21 devnull Elist* next;
1431 0fc65b37 2004-03-21 devnull while(el != nil) {
1432 0fc65b37 2004-03-21 devnull next = el->tl;
1433 0fc65b37 2004-03-21 devnull free(el);
1434 0fc65b37 2004-03-21 devnull el = next;
1438 0fc65b37 2004-03-21 devnull /* free any allocated structures inside v (recursively freeing Elists) */
1439 0fc65b37 2004-03-21 devnull static void
1440 0fc65b37 2004-03-21 devnull freevalfields(Value* v)
1442 0fc65b37 2004-03-21 devnull Elist* el;
1443 0fc65b37 2004-03-21 devnull Elist* l;
1444 0fc65b37 2004-03-21 devnull if(v == nil)
1445 0fc65b37 2004-03-21 devnull return;
1446 0fc65b37 2004-03-21 devnull switch(v->tag) {
1447 0fc65b37 2004-03-21 devnull case VOctets:
1448 0fc65b37 2004-03-21 devnull freebytes(v->u.octetsval);
1450 0fc65b37 2004-03-21 devnull case VBigInt:
1451 0fc65b37 2004-03-21 devnull freebytes(v->u.bigintval);
1453 0fc65b37 2004-03-21 devnull case VReal:
1454 0fc65b37 2004-03-21 devnull freebytes(v->u.realval);
1456 0fc65b37 2004-03-21 devnull case VOther:
1457 0fc65b37 2004-03-21 devnull freebytes(v->u.otherval);
1459 0fc65b37 2004-03-21 devnull case VBitString:
1460 0fc65b37 2004-03-21 devnull freebits(v->u.bitstringval);
1462 0fc65b37 2004-03-21 devnull case VObjId:
1463 0fc65b37 2004-03-21 devnull freeints(v->u.objidval);
1465 0fc65b37 2004-03-21 devnull case VString:
1466 0fc65b37 2004-03-21 devnull if (v->u.stringval)
1467 0fc65b37 2004-03-21 devnull free(v->u.stringval);
1469 0fc65b37 2004-03-21 devnull case VSeq:
1470 0fc65b37 2004-03-21 devnull el = v->u.seqval;
1471 0fc65b37 2004-03-21 devnull for(l = el; l != nil; l = l->tl)
1472 0fc65b37 2004-03-21 devnull freevalfields(&l->hd.val);
1473 0fc65b37 2004-03-21 devnull if (el)
1474 0fc65b37 2004-03-21 devnull freeelist(el);
1476 0fc65b37 2004-03-21 devnull case VSet:
1477 0fc65b37 2004-03-21 devnull el = v->u.setval;
1478 0fc65b37 2004-03-21 devnull for(l = el; l != nil; l = l->tl)
1479 0fc65b37 2004-03-21 devnull freevalfields(&l->hd.val);
1480 0fc65b37 2004-03-21 devnull if (el)
1481 0fc65b37 2004-03-21 devnull freeelist(el);
1486 0fc65b37 2004-03-21 devnull /* end of general ASN1 functions */
1492 0fc65b37 2004-03-21 devnull /*=============================================================*/
1494 0fc65b37 2004-03-21 devnull * Decode and parse an X.509 Certificate, defined by this ASN1:
1495 0fc65b37 2004-03-21 devnull * Certificate ::= SEQUENCE {
1496 0fc65b37 2004-03-21 devnull * certificateInfo CertificateInfo,
1497 0fc65b37 2004-03-21 devnull * signatureAlgorithm AlgorithmIdentifier,
1498 0fc65b37 2004-03-21 devnull * signature BIT STRING }
1500 0fc65b37 2004-03-21 devnull * CertificateInfo ::= SEQUENCE {
1501 0fc65b37 2004-03-21 devnull * version [0] INTEGER DEFAULT v1 (0),
1502 0fc65b37 2004-03-21 devnull * serialNumber INTEGER,
1503 0fc65b37 2004-03-21 devnull * signature AlgorithmIdentifier,
1504 0fc65b37 2004-03-21 devnull * issuer Name,
1505 0fc65b37 2004-03-21 devnull * validity Validity,
1506 0fc65b37 2004-03-21 devnull * subject Name,
1507 0fc65b37 2004-03-21 devnull * subjectPublicKeyInfo SubjectPublicKeyInfo }
1508 0fc65b37 2004-03-21 devnull * (version v2 has two more fields, optional unique identifiers for
1509 0fc65b37 2004-03-21 devnull * issuer and subject; since we ignore these anyway, we won't parse them)
1511 0fc65b37 2004-03-21 devnull * Validity ::= SEQUENCE {
1512 0fc65b37 2004-03-21 devnull * notBefore UTCTime,
1513 0fc65b37 2004-03-21 devnull * notAfter UTCTime }
1515 0fc65b37 2004-03-21 devnull * SubjectPublicKeyInfo ::= SEQUENCE {
1516 0fc65b37 2004-03-21 devnull * algorithm AlgorithmIdentifier,
1517 0fc65b37 2004-03-21 devnull * subjectPublicKey BIT STRING }
1519 0fc65b37 2004-03-21 devnull * AlgorithmIdentifier ::= SEQUENCE {
1520 0fc65b37 2004-03-21 devnull * algorithm OBJECT IDENTIFER,
1521 0fc65b37 2004-03-21 devnull * parameters ANY DEFINED BY ALGORITHM OPTIONAL }
1523 0fc65b37 2004-03-21 devnull * Name ::= SEQUENCE OF RelativeDistinguishedName
1525 0fc65b37 2004-03-21 devnull * RelativeDistinguishedName ::= SETOF SIZE(1..MAX) OF AttributeTypeAndValue
1527 0fc65b37 2004-03-21 devnull * AttributeTypeAndValue ::= SEQUENCE {
1528 0fc65b37 2004-03-21 devnull * type OBJECT IDENTIFER,
1529 0fc65b37 2004-03-21 devnull * value DirectoryString }
1530 0fc65b37 2004-03-21 devnull * (selected attributes have these Object Ids:
1531 0fc65b37 2004-03-21 devnull * commonName {2 5 4 3}
1532 0fc65b37 2004-03-21 devnull * countryName {2 5 4 6}
1533 0fc65b37 2004-03-21 devnull * localityName {2 5 4 7}
1534 0fc65b37 2004-03-21 devnull * stateOrProvinceName {2 5 4 8}
1535 0fc65b37 2004-03-21 devnull * organizationName {2 5 4 10}
1536 0fc65b37 2004-03-21 devnull * organizationalUnitName {2 5 4 11}
1539 0fc65b37 2004-03-21 devnull * DirectoryString ::= CHOICE {
1540 0fc65b37 2004-03-21 devnull * teletexString TeletexString,
1541 0fc65b37 2004-03-21 devnull * printableString PrintableString,
1542 0fc65b37 2004-03-21 devnull * universalString UniversalString }
1544 0fc65b37 2004-03-21 devnull * See rfc1423, rfc2437 for AlgorithmIdentifier, subjectPublicKeyInfo, signature.
1546 0fc65b37 2004-03-21 devnull * Not yet implemented:
1547 0fc65b37 2004-03-21 devnull * CertificateRevocationList ::= SIGNED SEQUENCE{
1548 0fc65b37 2004-03-21 devnull * signature AlgorithmIdentifier,
1549 0fc65b37 2004-03-21 devnull * issuer Name,
1550 0fc65b37 2004-03-21 devnull * lastUpdate UTCTime,
1551 0fc65b37 2004-03-21 devnull * nextUpdate UTCTime,
1552 0fc65b37 2004-03-21 devnull * revokedCertificates
1553 0fc65b37 2004-03-21 devnull * SEQUENCE OF CRLEntry OPTIONAL}
1554 0fc65b37 2004-03-21 devnull * CRLEntry ::= SEQUENCE{
1555 0fc65b37 2004-03-21 devnull * userCertificate SerialNumber,
1556 0fc65b37 2004-03-21 devnull * revocationDate UTCTime}
1559 0fc65b37 2004-03-21 devnull typedef struct CertX509 {
1560 0fc65b37 2004-03-21 devnull int serial;
1561 0fc65b37 2004-03-21 devnull char* issuer;
1562 0fc65b37 2004-03-21 devnull char* validity_start;
1563 0fc65b37 2004-03-21 devnull char* validity_end;
1564 0fc65b37 2004-03-21 devnull char* subject;
1565 0fc65b37 2004-03-21 devnull int publickey_alg;
1566 0fc65b37 2004-03-21 devnull Bytes* publickey;
1567 0fc65b37 2004-03-21 devnull int signature_alg;
1568 0fc65b37 2004-03-21 devnull Bytes* signature;
1569 0fc65b37 2004-03-21 devnull } CertX509;
1571 0fc65b37 2004-03-21 devnull /* Algorithm object-ids */
1573 0fc65b37 2004-03-21 devnull ALG_rsaEncryption,
1574 0fc65b37 2004-03-21 devnull ALG_md2WithRSAEncryption,
1575 0fc65b37 2004-03-21 devnull ALG_md4WithRSAEncryption,
1576 0fc65b37 2004-03-21 devnull ALG_md5WithRSAEncryption,
1577 0fc65b37 2004-03-21 devnull ALG_sha1WithRSAEncryption,
1578 0fc65b37 2004-03-21 devnull ALG_md5,
1579 0fc65b37 2004-03-21 devnull NUMALGS
1581 0fc65b37 2004-03-21 devnull typedef struct Ints7 {
1582 0fc65b37 2004-03-21 devnull int len;
1583 0fc65b37 2004-03-21 devnull int data[7];
1584 0fc65b37 2004-03-21 devnull } Ints7;
1585 0fc65b37 2004-03-21 devnull static Ints7 oid_rsaEncryption = {7, 1, 2, 840, 113549, 1, 1, 1 };
1586 0fc65b37 2004-03-21 devnull static Ints7 oid_md2WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 2 };
1587 0fc65b37 2004-03-21 devnull static Ints7 oid_md4WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 3 };
1588 0fc65b37 2004-03-21 devnull static Ints7 oid_md5WithRSAEncryption = {7, 1, 2, 840, 113549, 1, 1, 4 };
1589 0fc65b37 2004-03-21 devnull static Ints7 oid_sha1WithRSAEncryption ={7, 1, 2, 840, 113549, 1, 1, 5 };
1590 0fc65b37 2004-03-21 devnull static Ints7 oid_md5 ={6, 1, 2, 840, 113549, 2, 5, 0 };
1591 0fc65b37 2004-03-21 devnull static Ints *alg_oid_tab[NUMALGS+1] = {
1592 1b1434eb 2004-12-26 devnull (Ints*)(void*)&oid_rsaEncryption,
1593 1b1434eb 2004-12-26 devnull (Ints*)(void*)&oid_md2WithRSAEncryption,
1594 1b1434eb 2004-12-26 devnull (Ints*)(void*)&oid_md4WithRSAEncryption,
1595 1b1434eb 2004-12-26 devnull (Ints*)(void*)&oid_md5WithRSAEncryption,
1596 1b1434eb 2004-12-26 devnull (Ints*)(void*)&oid_sha1WithRSAEncryption,
1597 1b1434eb 2004-12-26 devnull (Ints*)(void*)&oid_md5,
1600 be22ae2d 2004-03-26 devnull static DigestFun digestalg[NUMALGS+1] = { md5, md5, md5, md5, sha1, md5, 0 };
1602 0fc65b37 2004-03-21 devnull static void
1603 0fc65b37 2004-03-21 devnull freecert(CertX509* c)
1605 0fc65b37 2004-03-21 devnull if (!c) return;
1606 0fc65b37 2004-03-21 devnull if(c->issuer != nil)
1607 0fc65b37 2004-03-21 devnull free(c->issuer);
1608 0fc65b37 2004-03-21 devnull if(c->validity_start != nil)
1609 0fc65b37 2004-03-21 devnull free(c->validity_start);
1610 0fc65b37 2004-03-21 devnull if(c->validity_end != nil)
1611 0fc65b37 2004-03-21 devnull free(c->validity_end);
1612 0fc65b37 2004-03-21 devnull if(c->subject != nil)
1613 0fc65b37 2004-03-21 devnull free(c->subject);
1614 0fc65b37 2004-03-21 devnull freebytes(c->publickey);
1615 0fc65b37 2004-03-21 devnull freebytes(c->signature);
1619 0fc65b37 2004-03-21 devnull * Parse the Name ASN1 type.
1620 0fc65b37 2004-03-21 devnull * The sequence of RelativeDistinguishedName's gives a sort of pathname,
1621 0fc65b37 2004-03-21 devnull * from most general to most specific. Each element of the path can be
1622 0fc65b37 2004-03-21 devnull * one or more (but usually just one) attribute-value pair, such as
1623 0fc65b37 2004-03-21 devnull * countryName="US".
1624 0fc65b37 2004-03-21 devnull * We'll just form a "postal-style" address string by concatenating the elements
1625 0fc65b37 2004-03-21 devnull * from most specific to least specific, separated by commas.
1626 0fc65b37 2004-03-21 devnull * Return name-as-string (which must be freed by caller).
1628 0fc65b37 2004-03-21 devnull static char*
1629 0fc65b37 2004-03-21 devnull parse_name(Elem* e)
1631 0fc65b37 2004-03-21 devnull Elist* el;
1632 0fc65b37 2004-03-21 devnull Elem* es;
1633 0fc65b37 2004-03-21 devnull Elist* esetl;
1634 0fc65b37 2004-03-21 devnull Elem* eat;
1635 0fc65b37 2004-03-21 devnull Elist* eatl;
1636 0fc65b37 2004-03-21 devnull char* s;
1637 0fc65b37 2004-03-21 devnull enum { MAXPARTS = 100 };
1638 0fc65b37 2004-03-21 devnull char* parts[MAXPARTS];
1640 0fc65b37 2004-03-21 devnull int plen;
1641 0fc65b37 2004-03-21 devnull char* ans = nil;
1643 0fc65b37 2004-03-21 devnull if(!is_seq(e, &el))
1644 0fc65b37 2004-03-21 devnull goto errret;
1646 0fc65b37 2004-03-21 devnull plen = 0;
1647 0fc65b37 2004-03-21 devnull while(el != nil) {
1648 0fc65b37 2004-03-21 devnull es = &el->hd;
1649 0fc65b37 2004-03-21 devnull if(!is_set(es, &esetl))
1650 0fc65b37 2004-03-21 devnull goto errret;
1651 0fc65b37 2004-03-21 devnull while(esetl != nil) {
1652 0fc65b37 2004-03-21 devnull eat = &esetl->hd;
1653 0fc65b37 2004-03-21 devnull if(!is_seq(eat, &eatl) || elistlen(eatl) != 2)
1654 0fc65b37 2004-03-21 devnull goto errret;
1655 0fc65b37 2004-03-21 devnull if(!is_string(&eatl->tl->hd, &s) || i>=MAXPARTS)
1656 0fc65b37 2004-03-21 devnull goto errret;
1657 0fc65b37 2004-03-21 devnull parts[i++] = s;
1658 0fc65b37 2004-03-21 devnull plen += strlen(s) + 2; /* room for ", " after */
1659 0fc65b37 2004-03-21 devnull esetl = esetl->tl;
1661 0fc65b37 2004-03-21 devnull el = el->tl;
1663 0fc65b37 2004-03-21 devnull if(i > 0) {
1664 0fc65b37 2004-03-21 devnull ans = (char*)emalloc(plen);
1665 0fc65b37 2004-03-21 devnull *ans = '\0';
1666 0fc65b37 2004-03-21 devnull while(--i >= 0) {
1667 0fc65b37 2004-03-21 devnull s = parts[i];
1668 0fc65b37 2004-03-21 devnull strcat(ans, s);
1669 0fc65b37 2004-03-21 devnull if(i > 0)
1670 0fc65b37 2004-03-21 devnull strcat(ans, ", ");
1674 0fc65b37 2004-03-21 devnull errret:
1675 0fc65b37 2004-03-21 devnull return ans;
1679 0fc65b37 2004-03-21 devnull * Parse an AlgorithmIdentifer ASN1 type.
1680 0fc65b37 2004-03-21 devnull * Look up the oid in oid_tab and return one of OID_rsaEncryption, etc..,
1681 0fc65b37 2004-03-21 devnull * or -1 if not found.
1682 0fc65b37 2004-03-21 devnull * For now, ignore parameters, since none of our algorithms need them.
1684 0fc65b37 2004-03-21 devnull static int
1685 0fc65b37 2004-03-21 devnull parse_alg(Elem* e)
1687 0fc65b37 2004-03-21 devnull Elist* el;
1688 0fc65b37 2004-03-21 devnull Ints* oid;
1690 0fc65b37 2004-03-21 devnull if(!is_seq(e, &el) || el == nil || !is_oid(&el->hd, &oid))
1691 0fc65b37 2004-03-21 devnull return -1;
1692 0fc65b37 2004-03-21 devnull return oid_lookup(oid, alg_oid_tab);
1695 0fc65b37 2004-03-21 devnull static CertX509*
1696 0fc65b37 2004-03-21 devnull decode_cert(Bytes* a)
1698 0fc65b37 2004-03-21 devnull int ok = 0;
1700 0fc65b37 2004-03-21 devnull CertX509* c = nil;
1701 0fc65b37 2004-03-21 devnull Elem ecert;
1702 0fc65b37 2004-03-21 devnull Elem* ecertinfo;
1703 0fc65b37 2004-03-21 devnull Elem* esigalg;
1704 0fc65b37 2004-03-21 devnull Elem* esig;
1705 0fc65b37 2004-03-21 devnull Elem* eserial;
1706 0fc65b37 2004-03-21 devnull Elem* eissuer;
1707 0fc65b37 2004-03-21 devnull Elem* evalidity;
1708 0fc65b37 2004-03-21 devnull Elem* esubj;
1709 0fc65b37 2004-03-21 devnull Elem* epubkey;
1710 0fc65b37 2004-03-21 devnull Elist* el;
1711 0fc65b37 2004-03-21 devnull Elist* elcert = nil;
1712 0fc65b37 2004-03-21 devnull Elist* elcertinfo = nil;
1713 0fc65b37 2004-03-21 devnull Elist* elvalidity = nil;
1714 0fc65b37 2004-03-21 devnull Elist* elpubkey = nil;
1715 0fc65b37 2004-03-21 devnull Bits* bits = nil;
1716 0fc65b37 2004-03-21 devnull Bytes* b;
1717 0fc65b37 2004-03-21 devnull Elem* e;
1719 0fc65b37 2004-03-21 devnull if(decode(a->data, a->len, &ecert) != ASN_OK)
1720 0fc65b37 2004-03-21 devnull goto errret;
1722 0fc65b37 2004-03-21 devnull c = (CertX509*)emalloc(sizeof(CertX509));
1723 0fc65b37 2004-03-21 devnull c->serial = -1;
1724 0fc65b37 2004-03-21 devnull c->issuer = nil;
1725 0fc65b37 2004-03-21 devnull c->validity_start = nil;
1726 0fc65b37 2004-03-21 devnull c->validity_end = nil;
1727 0fc65b37 2004-03-21 devnull c->subject = nil;
1728 0fc65b37 2004-03-21 devnull c->publickey_alg = -1;
1729 0fc65b37 2004-03-21 devnull c->publickey = nil;
1730 0fc65b37 2004-03-21 devnull c->signature_alg = -1;
1731 0fc65b37 2004-03-21 devnull c->signature = nil;
1733 0fc65b37 2004-03-21 devnull /* Certificate */
1734 0fc65b37 2004-03-21 devnull if(!is_seq(&ecert, &elcert) || elistlen(elcert) !=3)
1735 0fc65b37 2004-03-21 devnull goto errret;
1736 0fc65b37 2004-03-21 devnull ecertinfo = &elcert->hd;
1737 0fc65b37 2004-03-21 devnull el = elcert->tl;
1738 0fc65b37 2004-03-21 devnull esigalg = &el->hd;
1739 0fc65b37 2004-03-21 devnull c->signature_alg = parse_alg(esigalg);
1740 0fc65b37 2004-03-21 devnull el = el->tl;
1741 0fc65b37 2004-03-21 devnull esig = &el->hd;
1743 0fc65b37 2004-03-21 devnull /* Certificate Info */
1744 0fc65b37 2004-03-21 devnull if(!is_seq(ecertinfo, &elcertinfo))
1745 0fc65b37 2004-03-21 devnull goto errret;
1746 0fc65b37 2004-03-21 devnull n = elistlen(elcertinfo);
1747 0fc65b37 2004-03-21 devnull if(n < 6)
1748 0fc65b37 2004-03-21 devnull goto errret;
1749 0fc65b37 2004-03-21 devnull eserial =&elcertinfo->hd;
1750 0fc65b37 2004-03-21 devnull el = elcertinfo->tl;
1751 0fc65b37 2004-03-21 devnull /* check for optional version, marked by explicit context tag 0 */
1752 0fc65b37 2004-03-21 devnull if(eserial->tag.class == Context && eserial->tag.num == 0) {
1753 0fc65b37 2004-03-21 devnull eserial = &el->hd;
1754 0fc65b37 2004-03-21 devnull if(n < 7)
1755 0fc65b37 2004-03-21 devnull goto errret;
1756 0fc65b37 2004-03-21 devnull el = el->tl;
1759 0fc65b37 2004-03-21 devnull if(parse_alg(&el->hd) != c->signature_alg)
1760 0fc65b37 2004-03-21 devnull goto errret;
1761 0fc65b37 2004-03-21 devnull el = el->tl;
1762 0fc65b37 2004-03-21 devnull eissuer = &el->hd;
1763 0fc65b37 2004-03-21 devnull el = el->tl;
1764 0fc65b37 2004-03-21 devnull evalidity = &el->hd;
1765 0fc65b37 2004-03-21 devnull el = el->tl;
1766 0fc65b37 2004-03-21 devnull esubj = &el->hd;
1767 0fc65b37 2004-03-21 devnull el = el->tl;
1768 0fc65b37 2004-03-21 devnull epubkey = &el->hd;
1769 0fc65b37 2004-03-21 devnull if(!is_int(eserial, &c->serial)) {
1770 0fc65b37 2004-03-21 devnull if(!is_bigint(eserial, &b))
1771 0fc65b37 2004-03-21 devnull goto errret;
1772 0fc65b37 2004-03-21 devnull c->serial = -1; /* else we have to change cert struct */
1774 0fc65b37 2004-03-21 devnull c->issuer = parse_name(eissuer);
1775 0fc65b37 2004-03-21 devnull if(c->issuer == nil)
1776 0fc65b37 2004-03-21 devnull goto errret;
1777 0fc65b37 2004-03-21 devnull /* Validity */
1778 0fc65b37 2004-03-21 devnull if(!is_seq(evalidity, &elvalidity))
1779 0fc65b37 2004-03-21 devnull goto errret;
1780 0fc65b37 2004-03-21 devnull if(elistlen(elvalidity) != 2)
1781 0fc65b37 2004-03-21 devnull goto errret;
1782 0fc65b37 2004-03-21 devnull e = &elvalidity->hd;
1783 0fc65b37 2004-03-21 devnull if(!is_time(e, &c->validity_start))
1784 0fc65b37 2004-03-21 devnull goto errret;
1785 0fc65b37 2004-03-21 devnull e->val.u.stringval = nil; /* string ownership transfer */
1786 0fc65b37 2004-03-21 devnull e = &elvalidity->tl->hd;
1787 0fc65b37 2004-03-21 devnull if(!is_time(e, &c->validity_end))
1788 0fc65b37 2004-03-21 devnull goto errret;
1789 0fc65b37 2004-03-21 devnull e->val.u.stringval = nil; /* string ownership transfer */
1791 0fc65b37 2004-03-21 devnull /* resume CertificateInfo */
1792 0fc65b37 2004-03-21 devnull c->subject = parse_name(esubj);
1793 0fc65b37 2004-03-21 devnull if(c->subject == nil)
1794 0fc65b37 2004-03-21 devnull goto errret;
1796 0fc65b37 2004-03-21 devnull /* SubjectPublicKeyInfo */
1797 0fc65b37 2004-03-21 devnull if(!is_seq(epubkey, &elpubkey))
1798 0fc65b37 2004-03-21 devnull goto errret;
1799 0fc65b37 2004-03-21 devnull if(elistlen(elpubkey) != 2)
1800 0fc65b37 2004-03-21 devnull goto errret;
1802 0fc65b37 2004-03-21 devnull c->publickey_alg = parse_alg(&elpubkey->hd);
1803 0fc65b37 2004-03-21 devnull if(c->publickey_alg < 0)
1804 0fc65b37 2004-03-21 devnull goto errret;
1805 0fc65b37 2004-03-21 devnull if(!is_bitstring(&elpubkey->tl->hd, &bits))
1806 0fc65b37 2004-03-21 devnull goto errret;
1807 0fc65b37 2004-03-21 devnull if(bits->unusedbits != 0)
1808 0fc65b37 2004-03-21 devnull goto errret;
1809 0fc65b37 2004-03-21 devnull c->publickey = makebytes(bits->data, bits->len);
1811 0fc65b37 2004-03-21 devnull /*resume Certificate */
1812 0fc65b37 2004-03-21 devnull if(c->signature_alg < 0)
1813 0fc65b37 2004-03-21 devnull goto errret;
1814 0fc65b37 2004-03-21 devnull if(!is_bitstring(esig, &bits))
1815 0fc65b37 2004-03-21 devnull goto errret;
1816 0fc65b37 2004-03-21 devnull c->signature = makebytes(bits->data, bits->len);
1817 0fc65b37 2004-03-21 devnull ok = 1;
1819 0fc65b37 2004-03-21 devnull errret:
1820 0fc65b37 2004-03-21 devnull freevalfields(&ecert.val); /* recurses through lists, too */
1821 0fc65b37 2004-03-21 devnull if(!ok){
1822 0fc65b37 2004-03-21 devnull freecert(c);
1823 0fc65b37 2004-03-21 devnull c = nil;
1825 0fc65b37 2004-03-21 devnull return c;
1829 0fc65b37 2004-03-21 devnull * RSAPublickKey :: SEQUENCE {
1830 0fc65b37 2004-03-21 devnull * modulus INTEGER,
1831 0fc65b37 2004-03-21 devnull * publicExponent INTEGER
1834 0fc65b37 2004-03-21 devnull static RSApub*
1835 0fc65b37 2004-03-21 devnull decode_rsapubkey(Bytes* a)
1837 0fc65b37 2004-03-21 devnull Elem e;
1838 0fc65b37 2004-03-21 devnull Elist *el;
1839 0fc65b37 2004-03-21 devnull mpint *mp;
1840 0fc65b37 2004-03-21 devnull RSApub* key;
1842 0fc65b37 2004-03-21 devnull key = rsapuballoc();
1843 0fc65b37 2004-03-21 devnull if(decode(a->data, a->len, &e) != ASN_OK)
1844 0fc65b37 2004-03-21 devnull goto errret;
1845 0fc65b37 2004-03-21 devnull if(!is_seq(&e, &el) || elistlen(el) != 2)
1846 0fc65b37 2004-03-21 devnull goto errret;
1848 0fc65b37 2004-03-21 devnull key->n = mp = asn1mpint(&el->hd);
1849 0fc65b37 2004-03-21 devnull if(mp == nil)
1850 0fc65b37 2004-03-21 devnull goto errret;
1852 0fc65b37 2004-03-21 devnull el = el->tl;
1853 0fc65b37 2004-03-21 devnull key->ek = mp = asn1mpint(&el->hd);
1854 0fc65b37 2004-03-21 devnull if(mp == nil)
1855 0fc65b37 2004-03-21 devnull goto errret;
1856 0fc65b37 2004-03-21 devnull return key;
1857 0fc65b37 2004-03-21 devnull errret:
1858 0fc65b37 2004-03-21 devnull rsapubfree(key);
1859 0fc65b37 2004-03-21 devnull return nil;
1863 0fc65b37 2004-03-21 devnull * RSAPrivateKey ::= SEQUENCE {
1864 0fc65b37 2004-03-21 devnull * version Version,
1865 0fc65b37 2004-03-21 devnull * modulus INTEGER, -- n
1866 0fc65b37 2004-03-21 devnull * publicExponent INTEGER, -- e
1867 0fc65b37 2004-03-21 devnull * privateExponent INTEGER, -- d
1868 0fc65b37 2004-03-21 devnull * prime1 INTEGER, -- p
1869 0fc65b37 2004-03-21 devnull * prime2 INTEGER, -- q
1870 0fc65b37 2004-03-21 devnull * exponent1 INTEGER, -- d mod (p-1)
1871 0fc65b37 2004-03-21 devnull * exponent2 INTEGER, -- d mod (q-1)
1872 0fc65b37 2004-03-21 devnull * coefficient INTEGER -- (inverse of q) mod p }
1874 0fc65b37 2004-03-21 devnull static RSApriv*
1875 0fc65b37 2004-03-21 devnull decode_rsaprivkey(Bytes* a)
1877 0fc65b37 2004-03-21 devnull int version;
1878 0fc65b37 2004-03-21 devnull Elem e;
1879 0fc65b37 2004-03-21 devnull Elist *el;
1880 0fc65b37 2004-03-21 devnull mpint *mp;
1881 0fc65b37 2004-03-21 devnull RSApriv* key;
1883 0fc65b37 2004-03-21 devnull key = rsaprivalloc();
1884 0fc65b37 2004-03-21 devnull if(decode(a->data, a->len, &e) != ASN_OK)
1885 0fc65b37 2004-03-21 devnull goto errret;
1886 0fc65b37 2004-03-21 devnull if(!is_seq(&e, &el) || elistlen(el) != 9)
1887 0fc65b37 2004-03-21 devnull goto errret;
1888 0fc65b37 2004-03-21 devnull if(!is_int(&el->hd, &version) || version != 0)
1889 0fc65b37 2004-03-21 devnull goto errret;
1891 0fc65b37 2004-03-21 devnull el = el->tl;
1892 0fc65b37 2004-03-21 devnull key->pub.n = mp = asn1mpint(&el->hd);
1893 0fc65b37 2004-03-21 devnull if(mp == nil)
1894 0fc65b37 2004-03-21 devnull goto errret;
1896 0fc65b37 2004-03-21 devnull el = el->tl;
1897 0fc65b37 2004-03-21 devnull key->pub.ek = mp = asn1mpint(&el->hd);
1898 0fc65b37 2004-03-21 devnull if(mp == nil)
1899 0fc65b37 2004-03-21 devnull goto errret;
1901 0fc65b37 2004-03-21 devnull el = el->tl;
1902 0fc65b37 2004-03-21 devnull key->dk = mp = asn1mpint(&el->hd);
1903 0fc65b37 2004-03-21 devnull if(mp == nil)
1904 0fc65b37 2004-03-21 devnull goto errret;
1906 0fc65b37 2004-03-21 devnull el = el->tl;
1907 0fc65b37 2004-03-21 devnull key->q = mp = asn1mpint(&el->hd);
1908 0fc65b37 2004-03-21 devnull if(mp == nil)
1909 0fc65b37 2004-03-21 devnull goto errret;
1911 0fc65b37 2004-03-21 devnull el = el->tl;
1912 0fc65b37 2004-03-21 devnull key->p = mp = asn1mpint(&el->hd);
1913 0fc65b37 2004-03-21 devnull if(mp == nil)
1914 0fc65b37 2004-03-21 devnull goto errret;
1916 0fc65b37 2004-03-21 devnull el = el->tl;
1917 0fc65b37 2004-03-21 devnull key->kq = mp = asn1mpint(&el->hd);
1918 0fc65b37 2004-03-21 devnull if(mp == nil)
1919 0fc65b37 2004-03-21 devnull goto errret;
1921 0fc65b37 2004-03-21 devnull el = el->tl;
1922 0fc65b37 2004-03-21 devnull key->kp = mp = asn1mpint(&el->hd);
1923 0fc65b37 2004-03-21 devnull if(mp == nil)
1924 0fc65b37 2004-03-21 devnull goto errret;
1926 0fc65b37 2004-03-21 devnull el = el->tl;
1927 0fc65b37 2004-03-21 devnull key->c2 = mp = asn1mpint(&el->hd);
1928 0fc65b37 2004-03-21 devnull if(mp == nil)
1929 0fc65b37 2004-03-21 devnull goto errret;
1931 0fc65b37 2004-03-21 devnull return key;
1932 0fc65b37 2004-03-21 devnull errret:
1933 0fc65b37 2004-03-21 devnull rsaprivfree(key);
1934 74fc94d4 2005-02-13 devnull return nil;
1938 74fc94d4 2005-02-13 devnull * DSAPrivateKey ::= SEQUENCE{
1939 74fc94d4 2005-02-13 devnull * version Version,
1940 74fc94d4 2005-02-13 devnull * p INTEGER,
1941 74fc94d4 2005-02-13 devnull * q INTEGER,
1942 74fc94d4 2005-02-13 devnull * g INTEGER, -- alpha
1943 74fc94d4 2005-02-13 devnull * pub_key INTEGER, -- key
1944 74fc94d4 2005-02-13 devnull * priv_key INTEGER, -- secret
1947 74fc94d4 2005-02-13 devnull static DSApriv*
1948 74fc94d4 2005-02-13 devnull decode_dsaprivkey(Bytes* a)
1950 74fc94d4 2005-02-13 devnull int version;
1951 74fc94d4 2005-02-13 devnull Elem e;
1952 74fc94d4 2005-02-13 devnull Elist *el;
1953 74fc94d4 2005-02-13 devnull mpint *mp;
1954 74fc94d4 2005-02-13 devnull DSApriv* key;
1956 74fc94d4 2005-02-13 devnull key = dsaprivalloc();
1957 74fc94d4 2005-02-13 devnull if(decode(a->data, a->len, &e) != ASN_OK)
1958 74fc94d4 2005-02-13 devnull goto errret;
1959 74fc94d4 2005-02-13 devnull if(!is_seq(&e, &el) || elistlen(el) != 6)
1960 74fc94d4 2005-02-13 devnull goto errret;
1961 74fc94d4 2005-02-13 devnull version=-1;
1962 74fc94d4 2005-02-13 devnull if(!is_int(&el->hd, &version) || version != 0)
1964 74fc94d4 2005-02-13 devnull fprint(2, "version %d\n", version);
1965 74fc94d4 2005-02-13 devnull goto errret;
1968 74fc94d4 2005-02-13 devnull el = el->tl;
1969 74fc94d4 2005-02-13 devnull key->pub.p = mp = asn1mpint(&el->hd);
1970 74fc94d4 2005-02-13 devnull if(mp == nil)
1971 74fc94d4 2005-02-13 devnull goto errret;
1973 74fc94d4 2005-02-13 devnull el = el->tl;
1974 74fc94d4 2005-02-13 devnull key->pub.q = mp = asn1mpint(&el->hd);
1975 74fc94d4 2005-02-13 devnull if(mp == nil)
1976 74fc94d4 2005-02-13 devnull goto errret;
1978 74fc94d4 2005-02-13 devnull el = el->tl;
1979 74fc94d4 2005-02-13 devnull key->pub.alpha = mp = asn1mpint(&el->hd);
1980 74fc94d4 2005-02-13 devnull if(mp == nil)
1981 74fc94d4 2005-02-13 devnull goto errret;
1983 74fc94d4 2005-02-13 devnull el = el->tl;
1984 74fc94d4 2005-02-13 devnull key->pub.key = mp = asn1mpint(&el->hd);
1985 74fc94d4 2005-02-13 devnull if(mp == nil)
1986 74fc94d4 2005-02-13 devnull goto errret;
1988 74fc94d4 2005-02-13 devnull el = el->tl;
1989 74fc94d4 2005-02-13 devnull key->secret = mp = asn1mpint(&el->hd);
1990 74fc94d4 2005-02-13 devnull if(mp == nil)
1991 74fc94d4 2005-02-13 devnull goto errret;
1993 74fc94d4 2005-02-13 devnull return key;
1994 74fc94d4 2005-02-13 devnull errret:
1995 74fc94d4 2005-02-13 devnull dsaprivfree(key);
1996 0fc65b37 2004-03-21 devnull return nil;
1999 0fc65b37 2004-03-21 devnull static mpint*
2000 0fc65b37 2004-03-21 devnull asn1mpint(Elem *e)
2002 0fc65b37 2004-03-21 devnull Bytes *b;
2003 0fc65b37 2004-03-21 devnull mpint *mp;
2006 0fc65b37 2004-03-21 devnull if(is_int(e, &v))
2007 0fc65b37 2004-03-21 devnull return itomp(v, nil);
2008 0fc65b37 2004-03-21 devnull if(is_bigint(e, &b)) {
2009 0fc65b37 2004-03-21 devnull mp = betomp(b->data, b->len, nil);
2010 0fc65b37 2004-03-21 devnull freebytes(b);
2011 0fc65b37 2004-03-21 devnull return mp;
2013 0fc65b37 2004-03-21 devnull return nil;
2016 0fc65b37 2004-03-21 devnull static mpint*
2017 0fc65b37 2004-03-21 devnull pkcs1pad(Bytes *b, mpint *modulus)
2019 0fc65b37 2004-03-21 devnull int n = (mpsignif(modulus)+7)/8;
2020 0fc65b37 2004-03-21 devnull int pm1, i;
2021 0fc65b37 2004-03-21 devnull uchar *p;
2022 0fc65b37 2004-03-21 devnull mpint *mp;
2024 0fc65b37 2004-03-21 devnull pm1 = n - 1 - b->len;
2025 0fc65b37 2004-03-21 devnull p = (uchar*)emalloc(n);
2026 0fc65b37 2004-03-21 devnull p[0] = 0;
2027 0fc65b37 2004-03-21 devnull p[1] = 1;
2028 0fc65b37 2004-03-21 devnull for(i = 2; i < pm1; i++)
2029 0fc65b37 2004-03-21 devnull p[i] = 0xFF;
2030 0fc65b37 2004-03-21 devnull p[pm1] = 0;
2031 0fc65b37 2004-03-21 devnull memcpy(&p[pm1+1], b->data, b->len);
2032 0fc65b37 2004-03-21 devnull mp = betomp(p, n, nil);
2033 0fc65b37 2004-03-21 devnull free(p);
2034 0fc65b37 2004-03-21 devnull return mp;
2037 0fc65b37 2004-03-21 devnull RSApriv*
2038 0fc65b37 2004-03-21 devnull asn1toRSApriv(uchar *kd, int kn)
2040 0fc65b37 2004-03-21 devnull Bytes *b;
2041 0fc65b37 2004-03-21 devnull RSApriv *key;
2043 0fc65b37 2004-03-21 devnull b = makebytes(kd, kn);
2044 0fc65b37 2004-03-21 devnull key = decode_rsaprivkey(b);
2045 0fc65b37 2004-03-21 devnull freebytes(b);
2046 0fc65b37 2004-03-21 devnull return key;
2049 74fc94d4 2005-02-13 devnull DSApriv*
2050 74fc94d4 2005-02-13 devnull asn1toDSApriv(uchar *kd, int kn)
2052 74fc94d4 2005-02-13 devnull Bytes *b;
2053 74fc94d4 2005-02-13 devnull DSApriv *key;
2055 74fc94d4 2005-02-13 devnull b = makebytes(kd, kn);
2056 74fc94d4 2005-02-13 devnull key = decode_dsaprivkey(b);
2057 74fc94d4 2005-02-13 devnull freebytes(b);
2058 74fc94d4 2005-02-13 devnull return key;
2062 0fc65b37 2004-03-21 devnull * digest(CertificateInfo)
2063 0fc65b37 2004-03-21 devnull * Our ASN.1 library doesn't return pointers into the original
2064 0fc65b37 2004-03-21 devnull * data array, so we need to do a little hand decoding.
2066 0fc65b37 2004-03-21 devnull static void
2067 0fc65b37 2004-03-21 devnull digest_certinfo(Bytes *cert, DigestFun digestfun, uchar *digest)
2069 0fc65b37 2004-03-21 devnull uchar *info, *p, *pend;
2070 0fc65b37 2004-03-21 devnull ulong infolen;
2071 0fc65b37 2004-03-21 devnull int isconstr, length;
2072 0fc65b37 2004-03-21 devnull Tag tag;
2073 0fc65b37 2004-03-21 devnull Elem elem;
2075 0fc65b37 2004-03-21 devnull p = cert->data;
2076 0fc65b37 2004-03-21 devnull pend = cert->data + cert->len;
2077 0fc65b37 2004-03-21 devnull if(tag_decode(&p, pend, &tag, &isconstr) != ASN_OK ||
2078 0fc65b37 2004-03-21 devnull tag.class != Universal || tag.num != SEQUENCE ||
2079 0fc65b37 2004-03-21 devnull length_decode(&p, pend, &length) != ASN_OK ||
2080 8a2a5b8f 2013-03-19 rsc length > pend - p)
2081 0fc65b37 2004-03-21 devnull return;
2082 0fc65b37 2004-03-21 devnull info = p;
2083 0fc65b37 2004-03-21 devnull if(ber_decode(&p, pend, &elem) != ASN_OK || elem.tag.num != SEQUENCE)
2084 0fc65b37 2004-03-21 devnull return;
2085 0fc65b37 2004-03-21 devnull infolen = p - info;
2086 0fc65b37 2004-03-21 devnull (*digestfun)(info, infolen, digest, nil);
2089 0fc65b37 2004-03-21 devnull static char*
2090 0fc65b37 2004-03-21 devnull verify_signature(Bytes* signature, RSApub *pk, uchar *edigest, Elem **psigalg)
2092 0fc65b37 2004-03-21 devnull Elem e;
2093 0fc65b37 2004-03-21 devnull Elist *el;
2094 0fc65b37 2004-03-21 devnull Bytes *digest;
2095 0fc65b37 2004-03-21 devnull uchar *pkcs1buf, *buf;
2096 0fc65b37 2004-03-21 devnull int buflen;
2097 0fc65b37 2004-03-21 devnull mpint *pkcs1;
2098 0fc65b37 2004-03-21 devnull int nlen;
2100 0fc65b37 2004-03-21 devnull /* one less than the byte length of the modulus */
2101 0fc65b37 2004-03-21 devnull nlen = (mpsignif(pk->n)-1)/8;
2103 0fc65b37 2004-03-21 devnull /* see 9.2.1 of rfc2437 */
2104 0fc65b37 2004-03-21 devnull pkcs1 = betomp(signature->data, signature->len, nil);
2105 0fc65b37 2004-03-21 devnull mpexp(pkcs1, pk->ek, pk->n, pkcs1);
2106 0fc65b37 2004-03-21 devnull pkcs1buf = nil;
2107 0fc65b37 2004-03-21 devnull buflen = mptobe(pkcs1, nil, 0, &pkcs1buf);
2108 0fc65b37 2004-03-21 devnull buf = pkcs1buf;
2109 0fc65b37 2004-03-21 devnull if(buflen != nlen || buf[0] != 1)
2110 0fc65b37 2004-03-21 devnull return "expected 1";
2112 0fc65b37 2004-03-21 devnull while(buf[0] == 0xff)
2114 0fc65b37 2004-03-21 devnull if(buf[0] != 0)
2115 0fc65b37 2004-03-21 devnull return "expected 0";
2117 0fc65b37 2004-03-21 devnull buflen -= buf-pkcs1buf;
2118 0fc65b37 2004-03-21 devnull if(decode(buf, buflen, &e) != ASN_OK || !is_seq(&e, &el) || elistlen(el) != 2 ||
2119 0fc65b37 2004-03-21 devnull !is_octetstring(&el->tl->hd, &digest))
2120 0fc65b37 2004-03-21 devnull return "signature parse error";
2121 0fc65b37 2004-03-21 devnull *psigalg = &el->hd;
2122 0fc65b37 2004-03-21 devnull if(memcmp(digest->data, edigest, digest->len) == 0)
2123 0fc65b37 2004-03-21 devnull return nil;
2124 0fc65b37 2004-03-21 devnull return "digests did not match";
2127 0fc65b37 2004-03-21 devnull RSApub*
2128 0fc65b37 2004-03-21 devnull X509toRSApub(uchar *cert, int ncert, char *name, int nname)
2130 0fc65b37 2004-03-21 devnull char *e;
2131 0fc65b37 2004-03-21 devnull Bytes *b;
2132 0fc65b37 2004-03-21 devnull CertX509 *c;
2133 0fc65b37 2004-03-21 devnull RSApub *pk;
2135 0fc65b37 2004-03-21 devnull b = makebytes(cert, ncert);
2136 0fc65b37 2004-03-21 devnull c = decode_cert(b);
2137 0fc65b37 2004-03-21 devnull freebytes(b);
2138 0fc65b37 2004-03-21 devnull if(c == nil)
2139 0fc65b37 2004-03-21 devnull return nil;
2140 0fc65b37 2004-03-21 devnull if(name != nil && c->subject != nil){
2141 0fc65b37 2004-03-21 devnull e = strchr(c->subject, ',');
2142 0fc65b37 2004-03-21 devnull if(e != nil)
2143 cbeb0b26 2006-04-01 devnull *e = 0; /* take just CN part of Distinguished Name */
2144 0fc65b37 2004-03-21 devnull strncpy(name, c->subject, nname);
2146 0fc65b37 2004-03-21 devnull pk = decode_rsapubkey(c->publickey);
2147 0fc65b37 2004-03-21 devnull freecert(c);
2148 0fc65b37 2004-03-21 devnull return pk;
2152 0fc65b37 2004-03-21 devnull X509verify(uchar *cert, int ncert, RSApub *pk)
2154 0fc65b37 2004-03-21 devnull char *e;
2155 0fc65b37 2004-03-21 devnull Bytes *b;
2156 0fc65b37 2004-03-21 devnull CertX509 *c;
2157 0fc65b37 2004-03-21 devnull uchar digest[SHA1dlen];
2158 0fc65b37 2004-03-21 devnull Elem *sigalg;
2160 0fc65b37 2004-03-21 devnull b = makebytes(cert, ncert);
2161 0fc65b37 2004-03-21 devnull c = decode_cert(b);
2162 0fc65b37 2004-03-21 devnull if(c != nil)
2163 0fc65b37 2004-03-21 devnull digest_certinfo(b, digestalg[c->signature_alg], digest);
2164 0fc65b37 2004-03-21 devnull freebytes(b);
2165 0fc65b37 2004-03-21 devnull if(c == nil)
2166 0fc65b37 2004-03-21 devnull return "cannot decode cert";
2167 0fc65b37 2004-03-21 devnull e = verify_signature(c->signature, pk, digest, &sigalg);
2168 0fc65b37 2004-03-21 devnull freecert(c);
2169 0fc65b37 2004-03-21 devnull return e;
2172 0fc65b37 2004-03-21 devnull /* ------- Elem constructors ---------- */
2173 0fc65b37 2004-03-21 devnull static Elem
2174 0fc65b37 2004-03-21 devnull Null(void)
2176 0fc65b37 2004-03-21 devnull Elem e;
2178 0fc65b37 2004-03-21 devnull e.tag.class = Universal;
2179 0fc65b37 2004-03-21 devnull e.tag.num = NULLTAG;
2180 0fc65b37 2004-03-21 devnull e.val.tag = VNull;
2181 0fc65b37 2004-03-21 devnull return e;
2184 0fc65b37 2004-03-21 devnull static Elem
2185 0fc65b37 2004-03-21 devnull mkint(int j)
2187 0fc65b37 2004-03-21 devnull Elem e;
2189 0fc65b37 2004-03-21 devnull e.tag.class = Universal;
2190 0fc65b37 2004-03-21 devnull e.tag.num = INTEGER;
2191 0fc65b37 2004-03-21 devnull e.val.tag = VInt;
2192 0fc65b37 2004-03-21 devnull e.val.u.intval = j;
2193 0fc65b37 2004-03-21 devnull return e;
2196 0fc65b37 2004-03-21 devnull static Elem
2197 0fc65b37 2004-03-21 devnull mkbigint(mpint *p)
2199 0fc65b37 2004-03-21 devnull Elem e;
2200 0fc65b37 2004-03-21 devnull uchar *buf;
2201 0fc65b37 2004-03-21 devnull int buflen;
2203 0fc65b37 2004-03-21 devnull e.tag.class = Universal;
2204 0fc65b37 2004-03-21 devnull e.tag.num = INTEGER;
2205 0fc65b37 2004-03-21 devnull e.val.tag = VBigInt;
2206 0fc65b37 2004-03-21 devnull buflen = mptobe(p, nil, 0, &buf);
2207 0fc65b37 2004-03-21 devnull e.val.u.bigintval = makebytes(buf, buflen);
2208 0fc65b37 2004-03-21 devnull free(buf);
2209 0fc65b37 2004-03-21 devnull return e;
2212 0fc65b37 2004-03-21 devnull static Elem
2213 0fc65b37 2004-03-21 devnull mkstring(char *s)
2215 0fc65b37 2004-03-21 devnull Elem e;
2217 0fc65b37 2004-03-21 devnull e.tag.class = Universal;
2218 0fc65b37 2004-03-21 devnull e.tag.num = IA5String;
2219 0fc65b37 2004-03-21 devnull e.val.tag = VString;
2220 0fc65b37 2004-03-21 devnull e.val.u.stringval = estrdup(s);
2221 0fc65b37 2004-03-21 devnull return e;
2224 0fc65b37 2004-03-21 devnull static Elem
2225 0fc65b37 2004-03-21 devnull mkoctet(uchar *buf, int buflen)
2227 0fc65b37 2004-03-21 devnull Elem e;
2229 0fc65b37 2004-03-21 devnull e.tag.class = Universal;
2230 0fc65b37 2004-03-21 devnull e.tag.num = OCTET_STRING;
2231 0fc65b37 2004-03-21 devnull e.val.tag = VOctets;
2232 0fc65b37 2004-03-21 devnull e.val.u.octetsval = makebytes(buf, buflen);
2233 0fc65b37 2004-03-21 devnull return e;
2236 0fc65b37 2004-03-21 devnull static Elem
2237 0fc65b37 2004-03-21 devnull mkbits(uchar *buf, int buflen)
2239 0fc65b37 2004-03-21 devnull Elem e;
2241 0fc65b37 2004-03-21 devnull e.tag.class = Universal;
2242 0fc65b37 2004-03-21 devnull e.tag.num = BIT_STRING;
2243 0fc65b37 2004-03-21 devnull e.val.tag = VBitString;
2244 0fc65b37 2004-03-21 devnull e.val.u.bitstringval = makebits(buf, buflen, 0);
2245 0fc65b37 2004-03-21 devnull return e;
2248 0fc65b37 2004-03-21 devnull static Elem
2249 0fc65b37 2004-03-21 devnull mkutc(long t)
2251 0fc65b37 2004-03-21 devnull Elem e;
2252 0fc65b37 2004-03-21 devnull char utc[50];
2253 0fc65b37 2004-03-21 devnull Tm *tm = gmtime(t);
2255 0fc65b37 2004-03-21 devnull e.tag.class = Universal;
2256 0fc65b37 2004-03-21 devnull e.tag.num = UTCTime;
2257 0fc65b37 2004-03-21 devnull e.val.tag = VString;
2258 0fc65b37 2004-03-21 devnull snprint(utc, 50, "%.2d%.2d%.2d%.2d%.2d%.2dZ",
2259 0fc65b37 2004-03-21 devnull tm->year % 100, tm->mon+1, tm->mday, tm->hour, tm->min, tm->sec);
2260 0fc65b37 2004-03-21 devnull e.val.u.stringval = estrdup(utc);
2261 0fc65b37 2004-03-21 devnull return e;
2264 0fc65b37 2004-03-21 devnull static Elem
2265 0fc65b37 2004-03-21 devnull mkoid(Ints *oid)
2267 0fc65b37 2004-03-21 devnull Elem e;
2269 0fc65b37 2004-03-21 devnull e.tag.class = Universal;
2270 0fc65b37 2004-03-21 devnull e.tag.num = OBJECT_ID;
2271 0fc65b37 2004-03-21 devnull e.val.tag = VObjId;
2272 0fc65b37 2004-03-21 devnull e.val.u.objidval = makeints(oid->data, oid->len);
2273 0fc65b37 2004-03-21 devnull return e;
2276 0fc65b37 2004-03-21 devnull static Elem
2277 0fc65b37 2004-03-21 devnull mkseq(Elist *el)
2279 0fc65b37 2004-03-21 devnull Elem e;
2281 0fc65b37 2004-03-21 devnull e.tag.class = Universal;
2282 0fc65b37 2004-03-21 devnull e.tag.num = SEQUENCE;
2283 0fc65b37 2004-03-21 devnull e.val.tag = VSeq;
2284 0fc65b37 2004-03-21 devnull e.val.u.seqval = el;
2285 0fc65b37 2004-03-21 devnull return e;
2288 0fc65b37 2004-03-21 devnull static Elem
2289 0fc65b37 2004-03-21 devnull mkset(Elist *el)
2291 0fc65b37 2004-03-21 devnull Elem e;
2293 0fc65b37 2004-03-21 devnull e.tag.class = Universal;
2294 0fc65b37 2004-03-21 devnull e.tag.num = SETOF;
2295 0fc65b37 2004-03-21 devnull e.val.tag = VSet;
2296 0fc65b37 2004-03-21 devnull e.val.u.setval = el;
2297 0fc65b37 2004-03-21 devnull return e;
2300 0fc65b37 2004-03-21 devnull static Elem
2301 0fc65b37 2004-03-21 devnull mkalg(int alg)
2303 0fc65b37 2004-03-21 devnull return mkseq(mkel(mkoid(alg_oid_tab[alg]), mkel(Null(), nil)));
2306 0fc65b37 2004-03-21 devnull typedef struct Ints7pref {
2307 0fc65b37 2004-03-21 devnull int len;
2308 0fc65b37 2004-03-21 devnull int data[7];
2309 0fc65b37 2004-03-21 devnull char prefix[4];
2310 0fc65b37 2004-03-21 devnull } Ints7pref;
2311 0fc65b37 2004-03-21 devnull Ints7pref DN_oid[] = {
2312 0fc65b37 2004-03-21 devnull {4, 2, 5, 4, 6, 0, 0, 0, "C="},
2313 0fc65b37 2004-03-21 devnull {4, 2, 5, 4, 8, 0, 0, 0, "ST="},
2314 0fc65b37 2004-03-21 devnull {4, 2, 5, 4, 7, 0, 0, 0, "L="},
2315 0fc65b37 2004-03-21 devnull {4, 2, 5, 4, 10, 0, 0, 0, "O="},
2316 0fc65b37 2004-03-21 devnull {4, 2, 5, 4, 11, 0, 0, 0, "OU="},
2317 0fc65b37 2004-03-21 devnull {4, 2, 5, 4, 3, 0, 0, 0, "CN="},
2318 0fc65b37 2004-03-21 devnull {7, 1,2,840,113549,1,9,1, "E="},
2321 0fc65b37 2004-03-21 devnull static Elem
2322 0fc65b37 2004-03-21 devnull mkname(Ints7pref *oid, char *subj)
2324 0fc65b37 2004-03-21 devnull return mkset(mkel(mkseq(mkel(mkoid((Ints*)oid), mkel(mkstring(subj), nil))), nil));
2327 0fc65b37 2004-03-21 devnull static Elem
2328 0fc65b37 2004-03-21 devnull mkDN(char *dn)
2330 0fc65b37 2004-03-21 devnull int i, j, nf;
2331 0fc65b37 2004-03-21 devnull char *f[20], *prefix, *d2 = estrdup(dn);
2332 0fc65b37 2004-03-21 devnull Elist* el = nil;
2334 0fc65b37 2004-03-21 devnull nf = tokenize(d2, f, nelem(f));
2335 0fc65b37 2004-03-21 devnull for(i=nf-1; i>=0; i--){
2336 0fc65b37 2004-03-21 devnull for(j=0; j<nelem(DN_oid); j++){
2337 0fc65b37 2004-03-21 devnull prefix = DN_oid[j].prefix;
2338 0fc65b37 2004-03-21 devnull if(strncmp(f[i],prefix,strlen(prefix))==0){
2339 0fc65b37 2004-03-21 devnull el = mkel(mkname(&DN_oid[j],f[i]+strlen(prefix)), el);
2344 0fc65b37 2004-03-21 devnull free(d2);
2345 0fc65b37 2004-03-21 devnull return mkseq(el);
2350 0fc65b37 2004-03-21 devnull X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen)
2352 0fc65b37 2004-03-21 devnull int serial = 0;
2353 0fc65b37 2004-03-21 devnull uchar *cert = nil;
2354 0fc65b37 2004-03-21 devnull RSApub *pk = rsaprivtopub(priv);
2355 0fc65b37 2004-03-21 devnull Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
2356 0fc65b37 2004-03-21 devnull Elem e, certinfo, issuer, subject, pubkey, validity, sig;
2357 0fc65b37 2004-03-21 devnull uchar digest[MD5dlen], *buf;
2358 0fc65b37 2004-03-21 devnull int buflen;
2359 0fc65b37 2004-03-21 devnull mpint *pkcs1;
2361 0fc65b37 2004-03-21 devnull e.val.tag = VInt; /* so freevalfields at errret is no-op */
2362 0fc65b37 2004-03-21 devnull issuer = mkDN(subj);
2363 0fc65b37 2004-03-21 devnull subject = mkDN(subj);
2364 0fc65b37 2004-03-21 devnull pubkey = mkseq(mkel(mkbigint(pk->n),mkel(mkint(mptoi(pk->ek)),nil)));
2365 0fc65b37 2004-03-21 devnull if(encode(pubkey, &pkbytes) != ASN_OK)
2366 0fc65b37 2004-03-21 devnull goto errret;
2367 0fc65b37 2004-03-21 devnull freevalfields(&pubkey.val);
2368 0fc65b37 2004-03-21 devnull pubkey = mkseq(
2369 0fc65b37 2004-03-21 devnull mkel(mkalg(ALG_rsaEncryption),
2370 0fc65b37 2004-03-21 devnull mkel(mkbits(pkbytes->data, pkbytes->len),
2371 0fc65b37 2004-03-21 devnull nil)));
2372 0fc65b37 2004-03-21 devnull freebytes(pkbytes);
2373 0fc65b37 2004-03-21 devnull validity = mkseq(
2374 0fc65b37 2004-03-21 devnull mkel(mkutc(valid[0]),
2375 0fc65b37 2004-03-21 devnull mkel(mkutc(valid[1]),
2376 0fc65b37 2004-03-21 devnull nil)));
2377 0fc65b37 2004-03-21 devnull certinfo = mkseq(
2378 0fc65b37 2004-03-21 devnull mkel(mkint(serial),
2379 0fc65b37 2004-03-21 devnull mkel(mkalg(ALG_md5WithRSAEncryption),
2380 0fc65b37 2004-03-21 devnull mkel(issuer,
2381 0fc65b37 2004-03-21 devnull mkel(validity,
2382 0fc65b37 2004-03-21 devnull mkel(subject,
2383 0fc65b37 2004-03-21 devnull mkel(pubkey,
2384 0fc65b37 2004-03-21 devnull nil)))))));
2385 0fc65b37 2004-03-21 devnull if(encode(certinfo, &certinfobytes) != ASN_OK)
2386 0fc65b37 2004-03-21 devnull goto errret;
2387 0fc65b37 2004-03-21 devnull md5(certinfobytes->data, certinfobytes->len, digest, 0);
2388 0fc65b37 2004-03-21 devnull freebytes(certinfobytes);
2389 0fc65b37 2004-03-21 devnull sig = mkseq(
2390 0fc65b37 2004-03-21 devnull mkel(mkalg(ALG_md5),
2391 0fc65b37 2004-03-21 devnull mkel(mkoctet(digest, MD5dlen),
2392 0fc65b37 2004-03-21 devnull nil)));
2393 0fc65b37 2004-03-21 devnull if(encode(sig, &sigbytes) != ASN_OK)
2394 0fc65b37 2004-03-21 devnull goto errret;
2395 0fc65b37 2004-03-21 devnull pkcs1 = pkcs1pad(sigbytes, pk->n);
2396 0fc65b37 2004-03-21 devnull freebytes(sigbytes);
2397 0fc65b37 2004-03-21 devnull rsadecrypt(priv, pkcs1, pkcs1);
2398 0fc65b37 2004-03-21 devnull buflen = mptobe(pkcs1, nil, 0, &buf);
2399 0fc65b37 2004-03-21 devnull mpfree(pkcs1);
2400 0fc65b37 2004-03-21 devnull e = mkseq(
2401 0fc65b37 2004-03-21 devnull mkel(certinfo,
2402 0fc65b37 2004-03-21 devnull mkel(mkalg(ALG_md5WithRSAEncryption),
2403 0fc65b37 2004-03-21 devnull mkel(mkbits(buf, buflen),
2404 0fc65b37 2004-03-21 devnull nil))));
2405 0fc65b37 2004-03-21 devnull free(buf);
2406 0fc65b37 2004-03-21 devnull if(encode(e, &certbytes) != ASN_OK)
2407 0fc65b37 2004-03-21 devnull goto errret;
2408 0fc65b37 2004-03-21 devnull if(certlen)
2409 0fc65b37 2004-03-21 devnull *certlen = certbytes->len;
2410 0fc65b37 2004-03-21 devnull cert = certbytes->data;
2411 0fc65b37 2004-03-21 devnull errret:
2412 0fc65b37 2004-03-21 devnull freevalfields(&e.val);
2413 0fc65b37 2004-03-21 devnull return cert;
2417 0fc65b37 2004-03-21 devnull X509req(RSApriv *priv, char *subj, int *certlen)
2419 0fc65b37 2004-03-21 devnull /* RFC 2314, PKCS #10 Certification Request Syntax */
2420 0fc65b37 2004-03-21 devnull int version = 0;
2421 0fc65b37 2004-03-21 devnull uchar *cert = nil;
2422 0fc65b37 2004-03-21 devnull RSApub *pk = rsaprivtopub(priv);
2423 0fc65b37 2004-03-21 devnull Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes;
2424 0fc65b37 2004-03-21 devnull Elem e, certinfo, subject, pubkey, sig;
2425 0fc65b37 2004-03-21 devnull uchar digest[MD5dlen], *buf;
2426 0fc65b37 2004-03-21 devnull int buflen;
2427 0fc65b37 2004-03-21 devnull mpint *pkcs1;
2429 0fc65b37 2004-03-21 devnull e.val.tag = VInt; /* so freevalfields at errret is no-op */
2430 0fc65b37 2004-03-21 devnull subject = mkDN(subj);
2431 0fc65b37 2004-03-21 devnull pubkey = mkseq(mkel(mkbigint(pk->n),mkel(mkint(mptoi(pk->ek)),nil)));
2432 0fc65b37 2004-03-21 devnull if(encode(pubkey, &pkbytes) != ASN_OK)
2433 0fc65b37 2004-03-21 devnull goto errret;
2434 0fc65b37 2004-03-21 devnull freevalfields(&pubkey.val);
2435 0fc65b37 2004-03-21 devnull pubkey = mkseq(
2436 0fc65b37 2004-03-21 devnull mkel(mkalg(ALG_rsaEncryption),
2437 0fc65b37 2004-03-21 devnull mkel(mkbits(pkbytes->data, pkbytes->len),
2438 0fc65b37 2004-03-21 devnull nil)));
2439 0fc65b37 2004-03-21 devnull freebytes(pkbytes);
2440 0fc65b37 2004-03-21 devnull certinfo = mkseq(
2441 0fc65b37 2004-03-21 devnull mkel(mkint(version),
2442 0fc65b37 2004-03-21 devnull mkel(subject,
2443 0fc65b37 2004-03-21 devnull mkel(pubkey,
2444 0fc65b37 2004-03-21 devnull nil))));
2445 0fc65b37 2004-03-21 devnull if(encode(certinfo, &certinfobytes) != ASN_OK)
2446 0fc65b37 2004-03-21 devnull goto errret;
2447 0fc65b37 2004-03-21 devnull md5(certinfobytes->data, certinfobytes->len, digest, 0);
2448 0fc65b37 2004-03-21 devnull freebytes(certinfobytes);
2449 0fc65b37 2004-03-21 devnull sig = mkseq(
2450 0fc65b37 2004-03-21 devnull mkel(mkalg(ALG_md5),
2451 0fc65b37 2004-03-21 devnull mkel(mkoctet(digest, MD5dlen),
2452 0fc65b37 2004-03-21 devnull nil)));
2453 0fc65b37 2004-03-21 devnull if(encode(sig, &sigbytes) != ASN_OK)
2454 0fc65b37 2004-03-21 devnull goto errret;
2455 0fc65b37 2004-03-21 devnull pkcs1 = pkcs1pad(sigbytes, pk->n);
2456 0fc65b37 2004-03-21 devnull freebytes(sigbytes);
2457 0fc65b37 2004-03-21 devnull rsadecrypt(priv, pkcs1, pkcs1);
2458 0fc65b37 2004-03-21 devnull buflen = mptobe(pkcs1, nil, 0, &buf);
2459 0fc65b37 2004-03-21 devnull mpfree(pkcs1);
2460 0fc65b37 2004-03-21 devnull e = mkseq(
2461 0fc65b37 2004-03-21 devnull mkel(certinfo,
2462 0fc65b37 2004-03-21 devnull mkel(mkalg(ALG_md5),
2463 0fc65b37 2004-03-21 devnull mkel(mkbits(buf, buflen),
2464 0fc65b37 2004-03-21 devnull nil))));
2465 0fc65b37 2004-03-21 devnull free(buf);
2466 0fc65b37 2004-03-21 devnull if(encode(e, &certbytes) != ASN_OK)
2467 0fc65b37 2004-03-21 devnull goto errret;
2468 0fc65b37 2004-03-21 devnull if(certlen)
2469 0fc65b37 2004-03-21 devnull *certlen = certbytes->len;
2470 0fc65b37 2004-03-21 devnull cert = certbytes->data;
2471 0fc65b37 2004-03-21 devnull errret:
2472 0fc65b37 2004-03-21 devnull freevalfields(&e.val);
2473 0fc65b37 2004-03-21 devnull return cert;
2476 0fc65b37 2004-03-21 devnull static char*
2477 0fc65b37 2004-03-21 devnull tagdump(Tag tag)
2479 0fc65b37 2004-03-21 devnull if(tag.class != Universal)
2480 0fc65b37 2004-03-21 devnull return smprint("class%d,num%d", tag.class, tag.num);
2481 0fc65b37 2004-03-21 devnull switch(tag.num){
2482 0fc65b37 2004-03-21 devnull case BOOLEAN: return "BOOLEAN"; break;
2483 0fc65b37 2004-03-21 devnull case INTEGER: return "INTEGER"; break;
2484 0fc65b37 2004-03-21 devnull case BIT_STRING: return "BIT STRING"; break;
2485 0fc65b37 2004-03-21 devnull case OCTET_STRING: return "OCTET STRING"; break;
2486 0fc65b37 2004-03-21 devnull case NULLTAG: return "NULLTAG"; break;
2487 0fc65b37 2004-03-21 devnull case OBJECT_ID: return "OID"; break;
2488 0fc65b37 2004-03-21 devnull case ObjectDescriptor: return "OBJECT_DES"; break;
2489 0fc65b37 2004-03-21 devnull case EXTERNAL: return "EXTERNAL"; break;
2490 0fc65b37 2004-03-21 devnull case REAL: return "REAL"; break;
2491 0fc65b37 2004-03-21 devnull case ENUMERATED: return "ENUMERATED"; break;
2492 0fc65b37 2004-03-21 devnull case EMBEDDED_PDV: return "EMBEDDED PDV"; break;
2493 0fc65b37 2004-03-21 devnull case SEQUENCE: return "SEQUENCE"; break;
2494 0fc65b37 2004-03-21 devnull case SETOF: return "SETOF"; break;
2495 0fc65b37 2004-03-21 devnull case NumericString: return "NumericString"; break;
2496 0fc65b37 2004-03-21 devnull case PrintableString: return "PrintableString"; break;
2497 0fc65b37 2004-03-21 devnull case TeletexString: return "TeletexString"; break;
2498 0fc65b37 2004-03-21 devnull case VideotexString: return "VideotexString"; break;
2499 0fc65b37 2004-03-21 devnull case IA5String: return "IA5String"; break;
2500 0fc65b37 2004-03-21 devnull case UTCTime: return "UTCTime"; break;
2501 0fc65b37 2004-03-21 devnull case GeneralizedTime: return "GeneralizedTime"; break;
2502 0fc65b37 2004-03-21 devnull case GraphicString: return "GraphicString"; break;
2503 0fc65b37 2004-03-21 devnull case VisibleString: return "VisibleString"; break;
2504 0fc65b37 2004-03-21 devnull case GeneralString: return "GeneralString"; break;
2505 0fc65b37 2004-03-21 devnull case UniversalString: return "UniversalString"; break;
2506 0fc65b37 2004-03-21 devnull case BMPString: return "BMPString"; break;
2507 0fc65b37 2004-03-21 devnull default:
2508 0fc65b37 2004-03-21 devnull return smprint("Universal,num%d", tag.num);
2512 0fc65b37 2004-03-21 devnull static void
2513 0fc65b37 2004-03-21 devnull edump(Elem e)
2515 0fc65b37 2004-03-21 devnull Value v;
2516 0fc65b37 2004-03-21 devnull Elist *el;
2519 0fc65b37 2004-03-21 devnull print("%s{", tagdump(e.tag));
2520 0fc65b37 2004-03-21 devnull v = e.val;
2521 0fc65b37 2004-03-21 devnull switch(v.tag){
2522 0fc65b37 2004-03-21 devnull case VBool: print("Bool %d",v.u.boolval); break;
2523 0fc65b37 2004-03-21 devnull case VInt: print("Int %d",v.u.intval); break;
2524 0fc65b37 2004-03-21 devnull case VOctets: print("Octets[%d] %.2x%.2x...",v.u.octetsval->len,v.u.octetsval->data[0],v.u.octetsval->data[1]); break;
2525 0fc65b37 2004-03-21 devnull case VBigInt: print("BigInt[%d] %.2x%.2x...",v.u.bigintval->len,v.u.bigintval->data[0],v.u.bigintval->data[1]); break;
2526 0fc65b37 2004-03-21 devnull case VReal: print("Real..."); break;
2527 0fc65b37 2004-03-21 devnull case VOther: print("Other..."); break;
2528 0fc65b37 2004-03-21 devnull case VBitString: print("BitString..."); break;
2529 0fc65b37 2004-03-21 devnull case VNull: print("Null"); break;
2530 0fc65b37 2004-03-21 devnull case VEOC: print("EOC..."); break;
2531 0fc65b37 2004-03-21 devnull case VObjId: print("ObjId");
2532 0fc65b37 2004-03-21 devnull for(i = 0; i<v.u.objidval->len; i++)
2533 0fc65b37 2004-03-21 devnull print(" %d", v.u.objidval->data[i]);
2535 0fc65b37 2004-03-21 devnull case VString: print("String \"%s\"",v.u.stringval); break;
2536 0fc65b37 2004-03-21 devnull case VSeq: print("Seq\n");
2537 0fc65b37 2004-03-21 devnull for(el = v.u.seqval; el!=nil; el = el->tl)
2538 0fc65b37 2004-03-21 devnull edump(el->hd);
2540 0fc65b37 2004-03-21 devnull case VSet: print("Set\n");
2541 0fc65b37 2004-03-21 devnull for(el = v.u.setval; el!=nil; el = el->tl)
2542 0fc65b37 2004-03-21 devnull edump(el->hd);
2545 0fc65b37 2004-03-21 devnull print("}\n");
2549 0fc65b37 2004-03-21 devnull asn1dump(uchar *der, int len)
2551 0fc65b37 2004-03-21 devnull Elem e;
2553 0fc65b37 2004-03-21 devnull if(decode(der, len, &e) != ASN_OK){
2554 0fc65b37 2004-03-21 devnull print("didn't parse\n");
2555 0fc65b37 2004-03-21 devnull exits("didn't parse");
2557 0fc65b37 2004-03-21 devnull edump(e);
2561 0fc65b37 2004-03-21 devnull X509dump(uchar *cert, int ncert)
2563 0fc65b37 2004-03-21 devnull char *e;
2564 0fc65b37 2004-03-21 devnull Bytes *b;
2565 0fc65b37 2004-03-21 devnull CertX509 *c;
2566 0fc65b37 2004-03-21 devnull RSApub *pk;
2567 0fc65b37 2004-03-21 devnull uchar digest[SHA1dlen];
2568 0fc65b37 2004-03-21 devnull Elem *sigalg;
2570 0fc65b37 2004-03-21 devnull print("begin X509dump\n");
2571 0fc65b37 2004-03-21 devnull b = makebytes(cert, ncert);
2572 0fc65b37 2004-03-21 devnull c = decode_cert(b);
2573 0fc65b37 2004-03-21 devnull if(c != nil)
2574 0fc65b37 2004-03-21 devnull digest_certinfo(b, digestalg[c->signature_alg], digest);
2575 0fc65b37 2004-03-21 devnull freebytes(b);
2576 0fc65b37 2004-03-21 devnull if(c == nil){
2577 0fc65b37 2004-03-21 devnull print("cannot decode cert");
2578 0fc65b37 2004-03-21 devnull return;
2581 0fc65b37 2004-03-21 devnull print("serial %d\n", c->serial);
2582 0fc65b37 2004-03-21 devnull print("issuer %s\n", c->issuer);
2583 0fc65b37 2004-03-21 devnull print("validity %s %s\n", c->validity_start, c->validity_end);
2584 0fc65b37 2004-03-21 devnull print("subject %s\n", c->subject);
2585 0fc65b37 2004-03-21 devnull pk = decode_rsapubkey(c->publickey);
2586 0fc65b37 2004-03-21 devnull print("pubkey e=%B n(%d)=%B\n", pk->ek, mpsignif(pk->n), pk->n);
2588 0fc65b37 2004-03-21 devnull print("sigalg=%d digest=%.*H\n", c->signature_alg, MD5dlen, digest);
2589 0fc65b37 2004-03-21 devnull e = verify_signature(c->signature, pk, digest, &sigalg);
2590 0fc65b37 2004-03-21 devnull if(e==nil){
2591 0fc65b37 2004-03-21 devnull e = "nil (meaning ok)";
2592 0fc65b37 2004-03-21 devnull print("sigalg=\n");
2593 0fc65b37 2004-03-21 devnull if(sigalg)
2594 0fc65b37 2004-03-21 devnull edump(*sigalg);
2596 0fc65b37 2004-03-21 devnull print("self-signed verify_signature returns: %s\n", e);
2598 0fc65b37 2004-03-21 devnull rsapubfree(pk);
2599 0fc65b37 2004-03-21 devnull freecert(c);
2600 0fc65b37 2004-03-21 devnull print("end X509dump\n");
