diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2017-10-06 20:52:18 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2017-10-06 20:52:18 +0200 |
| commit | 8a67560183b3b726c827bcac02632b2b8e3ba59d (patch) | |
| tree | 81bd4e0c83cea7760680491c412648f0d692c143 /sys/src/libsec | |
| parent | 5f42da15355e3548634b778271251e7d078f01e6 (diff) | |
libsec: export asn1encodedigest(), asn1encodeRSApub(), asn1toRSApub(), pkcs1padbuf() and pkcs1unpadbuf()
Diffstat (limited to 'sys/src/libsec')
| -rw-r--r-- | sys/src/libsec/port/tlshand.c | 5 | ||||
| -rw-r--r-- | sys/src/libsec/port/x509.c | 63 |
2 files changed, 47 insertions, 21 deletions
diff --git a/sys/src/libsec/port/tlshand.c b/sys/src/libsec/port/tlshand.c index 23d61af22..a6c2d214f 100644 --- a/sys/src/libsec/port/tlshand.c +++ b/sys/src/libsec/port/tlshand.c @@ -445,11 +445,6 @@ static Ints* newints(int len); static void freeints(Ints* b); static int lookupid(Ints* b, int id); -/* x509.c */ -extern mpint* pkcs1padbuf(uchar *buf, int len, mpint *modulus, int blocktype); -extern int pkcs1unpadbuf(uchar *buf, int len, mpint *modulus, int blocktype); -extern int asn1encodedigest(DigestState* (*fun)(uchar*, ulong, uchar*, DigestState*), uchar *digest, uchar *buf, int len); - //================= client/server ======================== // push TLS onto fd, returning new (application) file descriptor diff --git a/sys/src/libsec/port/x509.c b/sys/src/libsec/port/x509.c index 5b99116cc..8fb64773f 100644 --- a/sys/src/libsec/port/x509.c +++ b/sys/src/libsec/port/x509.c @@ -1971,15 +1971,15 @@ errret: * publicExponent INTEGER * } */ -static RSApub* -decode_rsapubkey(Bytes* a) +RSApub* +asn1toRSApub(uchar *buf, int len) { Elem e; Elist *el; RSApub* key; key = nil; - if(decode(a->data, a->len, &e) != ASN_OK) + if(decode(buf, len, &e) != ASN_OK) goto errret; if(!is_seq(&e, &el) || elistlen(el) != 2) goto errret; @@ -1997,6 +1997,13 @@ errret: freevalfields(&e.val); rsapubfree(key); return nil; + +} + +static RSApub* +decode_rsapubkey(Bytes* a) +{ + return asn1toRSApub(a->data, a->len); } /* @@ -2777,12 +2784,40 @@ splitalts(char *s) return nil; } +static Bytes* +encode_rsapubkey(RSApub *pk) +{ + Bytes *b = nil; + Elem e = mkseq( + mkel(mkbigint(pk->n), + mkel(mpsignif(pk->ek)<32 ? mkint(mptoi(pk->ek)) : mkbigint(pk->ek), + nil))); + encode(e, &b); + freevalfields(&e.val); + return b; +} + +int +asn1encodeRSApub(RSApub *pk, uchar *buf, int len) +{ + Bytes *b = encode_rsapubkey(pk); + if(b == nil) + return -1; + if(b->len > len){ + freebytes(b); + werrstr("buffer too small"); + return -1; + } + memmove(buf, b->data, len = b->len); + freebytes(b); + return len; +} + uchar* X509rsagen(RSApriv *priv, char *subj, ulong valid[2], int *certlen) { int serial = 0, sigalg = ALG_sha256WithRSAEncryption; uchar *cert = nil; - RSApub *pk = rsaprivtopub(priv); Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes; Elem e, certinfo; DigestAlg *da; @@ -2791,14 +2826,12 @@ X509rsagen(RSApriv *priv, char *subj, ulong valid[2], int *certlen) mpint *pkcs1; char *alts; + if((pkbytes = encode_rsapubkey(&priv->pub)) == nil) + return nil; + subj = estrdup(subj); alts = splitalts(subj); - e = mkseq(mkel(mkbigint(pk->n),mkel(mkint(mptoi(pk->ek)),nil))); - if(encode(e, &pkbytes) != ASN_OK) - goto errret; - freevalfields(&e.val); - e = mkseq( mkel(mkcont(mkint(2), 0), mkel(mkint(serial), @@ -2826,7 +2859,7 @@ X509rsagen(RSApriv *priv, char *subj, ulong valid[2], int *certlen) sigbytes = encode_digest(da, digest); if(sigbytes == nil) goto errret; - pkcs1 = pkcs1padbuf(sigbytes->data, sigbytes->len, pk->n, 1); + pkcs1 = pkcs1padbuf(sigbytes->data, sigbytes->len, priv->pub.n, 1); freebytes(sigbytes); if(pkcs1 == nil) goto errret; @@ -2860,7 +2893,6 @@ X509rsareq(RSApriv *priv, char *subj, int *certlen) /* RFC 2314, PKCS #10 Certification Request Syntax */ int version = 0, sigalg = ALG_sha256WithRSAEncryption; uchar *cert = nil; - RSApub *pk = rsaprivtopub(priv); Bytes *certbytes, *pkbytes, *certinfobytes, *sigbytes; Elem e, certinfo; DigestAlg *da; @@ -2869,13 +2901,12 @@ X509rsareq(RSApriv *priv, char *subj, int *certlen) mpint *pkcs1; char *alts; + if((pkbytes = encode_rsapubkey(&priv->pub)) == nil) + return nil; + subj = estrdup(subj); alts = splitalts(subj); - e = mkseq(mkel(mkbigint(pk->n),mkel(mkint(mptoi(pk->ek)),nil))); - if(encode(e, &pkbytes) != ASN_OK) - goto errret; - freevalfields(&e.val); e = mkseq( mkel(mkint(version), mkel(mkDN(subj), @@ -2895,7 +2926,7 @@ X509rsareq(RSApriv *priv, char *subj, int *certlen) sigbytes = encode_digest(da, digest); if(sigbytes == nil) goto errret; - pkcs1 = pkcs1padbuf(sigbytes->data, sigbytes->len, pk->n, 1); + pkcs1 = pkcs1padbuf(sigbytes->data, sigbytes->len, priv->pub.n, 1); freebytes(sigbytes); if(pkcs1 == nil) goto errret; |