version 1.15, 2022/11/11 17:07:39 |
version 1.16, 2023/03/06 14:32:06 |
|
|
char *passargout; |
char *passargout; |
int pbe_nid; |
int pbe_nid; |
int topk8; |
int topk8; |
} pkcs8_config; |
} cfg; |
|
|
static int |
static int |
pkcs8_opt_v1(char *arg) |
pkcs8_opt_v1(char *arg) |
{ |
{ |
if ((pkcs8_config.pbe_nid = OBJ_txt2nid(arg)) == NID_undef) { |
if ((cfg.pbe_nid = OBJ_txt2nid(arg)) == NID_undef) { |
fprintf(stderr, "Unknown PBE algorithm '%s'\n", arg); |
fprintf(stderr, "Unknown PBE algorithm '%s'\n", arg); |
return (1); |
return (1); |
} |
} |
|
|
static int |
static int |
pkcs8_opt_v2(char *arg) |
pkcs8_opt_v2(char *arg) |
{ |
{ |
if ((pkcs8_config.cipher = EVP_get_cipherbyname(arg)) == NULL) { |
if ((cfg.cipher = EVP_get_cipherbyname(arg)) == NULL) { |
fprintf(stderr, "Unknown cipher '%s'\n", arg); |
fprintf(stderr, "Unknown cipher '%s'\n", arg); |
return (1); |
return (1); |
} |
} |
|
|
.argname = "file", |
.argname = "file", |
.desc = "Input file (default stdin)", |
.desc = "Input file (default stdin)", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &pkcs8_config.infile, |
.opt.arg = &cfg.infile, |
}, |
}, |
{ |
{ |
.name = "inform", |
.name = "inform", |
.argname = "der | pem", |
.argname = "der | pem", |
.desc = "Input format (default PEM)", |
.desc = "Input format (default PEM)", |
.type = OPTION_ARG_FORMAT, |
.type = OPTION_ARG_FORMAT, |
.opt.value = &pkcs8_config.informat, |
.opt.value = &cfg.informat, |
}, |
}, |
{ |
{ |
.name = "nocrypt", |
.name = "nocrypt", |
.desc = "Use or expect unencrypted private key", |
.desc = "Use or expect unencrypted private key", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &pkcs8_config.nocrypt, |
.opt.flag = &cfg.nocrypt, |
}, |
}, |
{ |
{ |
.name = "noiter", |
.name = "noiter", |
.desc = "Use 1 as iteration count", |
.desc = "Use 1 as iteration count", |
.type = OPTION_VALUE, |
.type = OPTION_VALUE, |
.value = 1, |
.value = 1, |
.opt.value = &pkcs8_config.iter, |
.opt.value = &cfg.iter, |
}, |
}, |
{ |
{ |
.name = "out", |
.name = "out", |
.argname = "file", |
.argname = "file", |
.desc = "Output file (default stdout)", |
.desc = "Output file (default stdout)", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &pkcs8_config.outfile, |
.opt.arg = &cfg.outfile, |
}, |
}, |
{ |
{ |
.name = "outform", |
.name = "outform", |
.argname = "der | pem", |
.argname = "der | pem", |
.desc = "Output format (default PEM)", |
.desc = "Output format (default PEM)", |
.type = OPTION_ARG_FORMAT, |
.type = OPTION_ARG_FORMAT, |
.opt.value = &pkcs8_config.outformat, |
.opt.value = &cfg.outformat, |
}, |
}, |
{ |
{ |
.name = "passin", |
.name = "passin", |
.argname = "source", |
.argname = "source", |
.desc = "Input file passphrase source", |
.desc = "Input file passphrase source", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &pkcs8_config.passargin, |
.opt.arg = &cfg.passargin, |
}, |
}, |
{ |
{ |
.name = "passout", |
.name = "passout", |
.argname = "source", |
.argname = "source", |
.desc = "Output file passphrase source", |
.desc = "Output file passphrase source", |
.type = OPTION_ARG, |
.type = OPTION_ARG, |
.opt.arg = &pkcs8_config.passargout, |
.opt.arg = &cfg.passargout, |
}, |
}, |
{ |
{ |
.name = "topk8", |
.name = "topk8", |
.desc = "Read traditional format key and write PKCS#8 format" |
.desc = "Read traditional format key and write PKCS#8 format" |
" key", |
" key", |
.type = OPTION_FLAG, |
.type = OPTION_FLAG, |
.opt.flag = &pkcs8_config.topk8, |
.opt.flag = &cfg.topk8, |
}, |
}, |
{ |
{ |
.name = "v1", |
.name = "v1", |
|
|
exit(1); |
exit(1); |
} |
} |
|
|
memset(&pkcs8_config, 0, sizeof(pkcs8_config)); |
memset(&cfg, 0, sizeof(cfg)); |
|
|
pkcs8_config.iter = PKCS12_DEFAULT_ITER; |
cfg.iter = PKCS12_DEFAULT_ITER; |
pkcs8_config.informat = FORMAT_PEM; |
cfg.informat = FORMAT_PEM; |
pkcs8_config.outformat = FORMAT_PEM; |
cfg.outformat = FORMAT_PEM; |
pkcs8_config.pbe_nid = -1; |
cfg.pbe_nid = -1; |
|
|
if (options_parse(argc, argv, pkcs8_options, NULL, NULL) != 0) { |
if (options_parse(argc, argv, pkcs8_options, NULL, NULL) != 0) { |
pkcs8_usage(); |
pkcs8_usage(); |
return (1); |
return (1); |
} |
} |
|
|
if (!app_passwd(bio_err, pkcs8_config.passargin, |
if (!app_passwd(bio_err, cfg.passargin, |
pkcs8_config.passargout, &passin, &passout)) { |
cfg.passargout, &passin, &passout)) { |
BIO_printf(bio_err, "Error getting passwords\n"); |
BIO_printf(bio_err, "Error getting passwords\n"); |
goto end; |
goto end; |
} |
} |
if ((pkcs8_config.pbe_nid == -1) && !pkcs8_config.cipher) |
if ((cfg.pbe_nid == -1) && !cfg.cipher) |
pkcs8_config.pbe_nid = NID_pbeWithMD5AndDES_CBC; |
cfg.pbe_nid = NID_pbeWithMD5AndDES_CBC; |
|
|
if (pkcs8_config.infile) { |
if (cfg.infile) { |
if (!(in = BIO_new_file(pkcs8_config.infile, "rb"))) { |
if (!(in = BIO_new_file(cfg.infile, "rb"))) { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
"Can't open input file '%s'\n", |
"Can't open input file '%s'\n", |
pkcs8_config.infile); |
cfg.infile); |
goto end; |
goto end; |
} |
} |
} else |
} else |
in = BIO_new_fp(stdin, BIO_NOCLOSE); |
in = BIO_new_fp(stdin, BIO_NOCLOSE); |
|
|
if (pkcs8_config.outfile) { |
if (cfg.outfile) { |
if (!(out = BIO_new_file(pkcs8_config.outfile, "wb"))) { |
if (!(out = BIO_new_file(cfg.outfile, "wb"))) { |
BIO_printf(bio_err, "Can't open output file '%s'\n", |
BIO_printf(bio_err, "Can't open output file '%s'\n", |
pkcs8_config.outfile); |
cfg.outfile); |
goto end; |
goto end; |
} |
} |
} else { |
} else { |
out = BIO_new_fp(stdout, BIO_NOCLOSE); |
out = BIO_new_fp(stdout, BIO_NOCLOSE); |
} |
} |
if (pkcs8_config.topk8) { |
if (cfg.topk8) { |
pkey = load_key(bio_err, pkcs8_config.infile, |
pkey = load_key(bio_err, cfg.infile, |
pkcs8_config.informat, 1, passin, "key"); |
cfg.informat, 1, passin, "key"); |
if (!pkey) |
if (!pkey) |
goto end; |
goto end; |
if (!(p8inf = EVP_PKEY2PKCS8(pkey))) { |
if (!(p8inf = EVP_PKEY2PKCS8(pkey))) { |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (pkcs8_config.nocrypt) { |
if (cfg.nocrypt) { |
if (pkcs8_config.outformat == FORMAT_PEM) |
if (cfg.outformat == FORMAT_PEM) |
PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); |
PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); |
else if (pkcs8_config.outformat == FORMAT_ASN1) |
else if (cfg.outformat == FORMAT_ASN1) |
i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); |
i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf); |
else { |
else { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
|
|
"Enter Encryption Password:", 1)) |
"Enter Encryption Password:", 1)) |
goto end; |
goto end; |
} |
} |
if (!(p8 = PKCS8_encrypt(pkcs8_config.pbe_nid, |
if (!(p8 = PKCS8_encrypt(cfg.pbe_nid, |
pkcs8_config.cipher, p8pass, strlen(p8pass), |
cfg.cipher, p8pass, strlen(p8pass), |
NULL, 0, pkcs8_config.iter, p8inf))) { |
NULL, 0, cfg.iter, p8inf))) { |
BIO_printf(bio_err, "Error encrypting key\n"); |
BIO_printf(bio_err, "Error encrypting key\n"); |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (pkcs8_config.outformat == FORMAT_PEM) |
if (cfg.outformat == FORMAT_PEM) |
PEM_write_bio_PKCS8(out, p8); |
PEM_write_bio_PKCS8(out, p8); |
else if (pkcs8_config.outformat == FORMAT_ASN1) |
else if (cfg.outformat == FORMAT_ASN1) |
i2d_PKCS8_bio(out, p8); |
i2d_PKCS8_bio(out, p8); |
else { |
else { |
BIO_printf(bio_err, |
BIO_printf(bio_err, |
|
|
ret = 0; |
ret = 0; |
goto end; |
goto end; |
} |
} |
if (pkcs8_config.nocrypt) { |
if (cfg.nocrypt) { |
if (pkcs8_config.informat == FORMAT_PEM) |
if (cfg.informat == FORMAT_PEM) |
p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, |
p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, |
NULL, NULL); |
NULL, NULL); |
else if (pkcs8_config.informat == FORMAT_ASN1) |
else if (cfg.informat == FORMAT_ASN1) |
p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL); |
p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL); |
else { |
else { |
BIO_printf(bio_err, "Bad format specified for key\n"); |
BIO_printf(bio_err, "Bad format specified for key\n"); |
goto end; |
goto end; |
} |
} |
} else { |
} else { |
if (pkcs8_config.informat == FORMAT_PEM) |
if (cfg.informat == FORMAT_PEM) |
p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL); |
p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL); |
else if (pkcs8_config.informat == FORMAT_ASN1) |
else if (cfg.informat == FORMAT_ASN1) |
p8 = d2i_PKCS8_bio(in, NULL); |
p8 = d2i_PKCS8_bio(in, NULL); |
else { |
else { |
BIO_printf(bio_err, "Bad format specified for key\n"); |
BIO_printf(bio_err, "Bad format specified for key\n"); |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (pkcs8_config.outformat == FORMAT_PEM) |
if (cfg.outformat == FORMAT_PEM) |
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, |
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, |
passout); |
passout); |
else if (pkcs8_config.outformat == FORMAT_ASN1) |
else if (cfg.outformat == FORMAT_ASN1) |
i2d_PrivateKey_bio(out, pkey); |
i2d_PrivateKey_bio(out, pkey); |
else { |
else { |
BIO_printf(bio_err, "Bad format specified for key\n"); |
BIO_printf(bio_err, "Bad format specified for key\n"); |