Annotation of src/usr.bin/openssl/rsa.c, Revision 1.19
1.19 ! tb 1: /* $OpenBSD: rsa.c,v 1.18 2023/03/06 14:32:06 tb Exp $ */
1.1 jsing 2: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3: * All rights reserved.
4: *
5: * This package is an SSL implementation written
6: * by Eric Young (eay@cryptsoft.com).
7: * The implementation was written so as to conform with Netscapes SSL.
8: *
9: * This library is free for commercial and non-commercial use as long as
10: * the following conditions are aheared to. The following conditions
11: * apply to all code found in this distribution, be it the RC4, RSA,
12: * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13: * included with this distribution is covered by the same copyright terms
14: * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15: *
16: * Copyright remains Eric Young's, and as such any Copyright notices in
17: * the code are not to be removed.
18: * If this package is used in a product, Eric Young should be given attribution
19: * as the author of the parts of the library used.
20: * This can be in the form of a textual message at program startup or
21: * in documentation (online or textual) provided with the package.
22: *
23: * Redistribution and use in source and binary forms, with or without
24: * modification, are permitted provided that the following conditions
25: * are met:
26: * 1. Redistributions of source code must retain the copyright
27: * notice, this list of conditions and the following disclaimer.
28: * 2. Redistributions in binary form must reproduce the above copyright
29: * notice, this list of conditions and the following disclaimer in the
30: * documentation and/or other materials provided with the distribution.
31: * 3. All advertising materials mentioning features or use of this software
32: * must display the following acknowledgement:
33: * "This product includes cryptographic software written by
34: * Eric Young (eay@cryptsoft.com)"
35: * The word 'cryptographic' can be left out if the rouines from the library
36: * being used are not cryptographic related :-).
37: * 4. If you include any Windows specific code (or a derivative thereof) from
38: * the apps directory (application code) you must include an acknowledgement:
39: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40: *
41: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51: * SUCH DAMAGE.
52: *
53: * The licence and distribution terms for any publically available version or
54: * derivative of this code cannot be changed. i.e. this code cannot simply be
55: * copied and put under another distribution licence
56: * [including the GNU Public Licence.]
57: */
58:
59: #include <openssl/opensslconf.h>
60:
61: #include <stdio.h>
62: #include <stdlib.h>
63: #include <string.h>
64: #include <time.h>
65:
66: #include "apps.h"
1.4 deraadt 67: #include "progs.h"
1.1 jsing 68:
69: #include <openssl/bio.h>
70: #include <openssl/bn.h>
71: #include <openssl/err.h>
72: #include <openssl/evp.h>
73: #include <openssl/pem.h>
74: #include <openssl/rsa.h>
75: #include <openssl/x509.h>
76:
1.3 doug 77: static struct {
78: int check;
79: const EVP_CIPHER *enc;
80: char *infile;
81: int informat;
82: int modulus;
83: int noout;
84: char *outfile;
85: int outformat;
86: char *passargin;
87: char *passargout;
88: int pubin;
89: int pubout;
90: int pvk_encr;
91: int text;
1.18 tb 92: } cfg;
1.3 doug 93:
94: static int
95: rsa_opt_cipher(int argc, char **argv, int *argsused)
96: {
97: char *name = argv[0];
98:
99: if (*name++ != '-')
100: return (1);
101:
1.18 tb 102: if ((cfg.enc = EVP_get_cipherbyname(name)) == NULL) {
1.3 doug 103: fprintf(stderr, "Invalid cipher '%s'\n", name);
104: return (1);
105: }
106:
107: *argsused = 1;
108: return (0);
109: }
110:
1.14 guenther 111: static const struct option rsa_options[] = {
1.3 doug 112: {
113: .name = "check",
114: .desc = "Check consistency of RSA private key",
115: .type = OPTION_FLAG,
1.18 tb 116: .opt.flag = &cfg.check,
1.3 doug 117: },
118: {
119: .name = "in",
120: .argname = "file",
121: .desc = "Input file (default stdin)",
122: .type = OPTION_ARG,
1.18 tb 123: .opt.arg = &cfg.infile,
1.3 doug 124: },
125: {
126: .name = "inform",
127: .argname = "format",
128: .desc = "Input format (DER, NET or PEM (default))",
129: .type = OPTION_ARG_FORMAT,
1.18 tb 130: .opt.value = &cfg.informat,
1.3 doug 131: },
132: {
133: .name = "modulus",
134: .desc = "Print the RSA key modulus",
135: .type = OPTION_FLAG,
1.18 tb 136: .opt.flag = &cfg.modulus,
1.3 doug 137: },
138: {
139: .name = "noout",
140: .desc = "Do not print encoded version of the key",
141: .type = OPTION_FLAG,
1.18 tb 142: .opt.flag = &cfg.noout,
1.3 doug 143: },
144: {
145: .name = "out",
146: .argname = "file",
147: .desc = "Output file (default stdout)",
148: .type = OPTION_ARG,
1.18 tb 149: .opt.arg = &cfg.outfile,
1.3 doug 150: },
151: {
152: .name = "outform",
153: .argname = "format",
154: .desc = "Output format (DER, NET or PEM (default PEM))",
155: .type = OPTION_ARG_FORMAT,
1.18 tb 156: .opt.value = &cfg.outformat,
1.3 doug 157: },
158: {
159: .name = "passin",
160: .argname = "src",
161: .desc = "Input file passphrase source",
162: .type = OPTION_ARG,
1.18 tb 163: .opt.arg = &cfg.passargin,
1.3 doug 164: },
165: {
166: .name = "passout",
167: .argname = "src",
168: .desc = "Output file passphrase source",
169: .type = OPTION_ARG,
1.18 tb 170: .opt.arg = &cfg.passargout,
1.3 doug 171: },
172: {
173: .name = "pubin",
174: .desc = "Expect a public key (default private key)",
175: .type = OPTION_VALUE,
176: .value = 1,
1.18 tb 177: .opt.value = &cfg.pubin,
1.3 doug 178: },
179: {
180: .name = "pubout",
181: .desc = "Output a public key (default private key)",
182: .type = OPTION_VALUE,
183: .value = 1,
1.18 tb 184: .opt.value = &cfg.pubout,
1.3 doug 185: },
186: {
187: .name = "pvk-none",
188: .type = OPTION_VALUE,
189: .value = 0,
1.18 tb 190: .opt.value = &cfg.pvk_encr,
1.3 doug 191: },
192: {
193: .name = "pvk-strong",
194: .type = OPTION_VALUE,
195: .value = 2,
1.18 tb 196: .opt.value = &cfg.pvk_encr,
1.3 doug 197: },
198: {
199: .name = "pvk-weak",
200: .type = OPTION_VALUE,
201: .value = 1,
1.18 tb 202: .opt.value = &cfg.pvk_encr,
1.3 doug 203: },
204: {
205: .name = "RSAPublicKey_in",
206: .type = OPTION_VALUE,
207: .value = 2,
1.18 tb 208: .opt.value = &cfg.pubin,
1.3 doug 209: },
210: {
211: .name = "RSAPublicKey_out",
212: .type = OPTION_VALUE,
213: .value = 2,
1.18 tb 214: .opt.value = &cfg.pubout,
1.3 doug 215: },
216: {
217: .name = "text",
218: .desc = "Print in plain text in addition to encoded",
219: .type = OPTION_FLAG,
1.18 tb 220: .opt.flag = &cfg.text,
1.3 doug 221: },
222: {
223: .name = NULL,
224: .type = OPTION_ARGV_FUNC,
225: .opt.argvfunc = rsa_opt_cipher,
226: },
227: { NULL }
228: };
229:
230: static void
1.19 ! tb 231: rsa_usage(void)
1.3 doug 232: {
1.13 inoguchi 233: int n = 0;
234:
1.3 doug 235: fprintf(stderr,
1.5 bcook 236: "usage: rsa [-ciphername] [-check] [-in file] "
1.3 doug 237: "[-inform fmt]\n"
238: " [-modulus] [-noout] [-out file] [-outform fmt] "
239: "[-passin src]\n"
1.15 tb 240: " [-passout src] [-pubin] [-pubout] [-text]\n\n");
1.3 doug 241: options_usage(rsa_options);
242: fprintf(stderr, "\n");
243:
244: fprintf(stderr, "Valid ciphername values:\n\n");
1.13 inoguchi 245: OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_cipher, &n);
1.3 doug 246: fprintf(stderr, "\n");
247: }
1.1 jsing 248:
249: int
250: rsa_main(int argc, char **argv)
251: {
252: int ret = 1;
253: RSA *rsa = NULL;
1.3 doug 254: int i;
1.1 jsing 255: BIO *out = NULL;
256: char *passin = NULL, *passout = NULL;
1.6 doug 257:
1.17 joshua 258: if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
259: perror("pledge");
260: exit(1);
1.6 doug 261: }
1.1 jsing 262:
1.18 tb 263: memset(&cfg, 0, sizeof(cfg));
264: cfg.pvk_encr = 2;
265: cfg.informat = FORMAT_PEM;
266: cfg.outformat = FORMAT_PEM;
1.1 jsing 267:
1.3 doug 268: if (options_parse(argc, argv, rsa_options, NULL, NULL) != 0) {
269: rsa_usage();
1.1 jsing 270: goto end;
271: }
272:
1.18 tb 273: if (!app_passwd(bio_err, cfg.passargin, cfg.passargout,
1.3 doug 274: &passin, &passout)) {
1.1 jsing 275: BIO_printf(bio_err, "Error getting passwords\n");
276: goto end;
277: }
1.18 tb 278: if (cfg.check && cfg.pubin) {
1.1 jsing 279: BIO_printf(bio_err, "Only private keys can be checked\n");
280: goto end;
281: }
282: out = BIO_new(BIO_s_file());
283:
284: {
285: EVP_PKEY *pkey;
286:
1.18 tb 287: if (cfg.pubin) {
1.1 jsing 288: int tmpformat = -1;
1.18 tb 289: if (cfg.pubin == 2) {
290: if (cfg.informat == FORMAT_PEM)
1.1 jsing 291: tmpformat = FORMAT_PEMRSA;
1.18 tb 292: else if (cfg.informat == FORMAT_ASN1)
1.1 jsing 293: tmpformat = FORMAT_ASN1RSA;
1.15 tb 294: } else
1.18 tb 295: tmpformat = cfg.informat;
1.1 jsing 296:
1.18 tb 297: pkey = load_pubkey(bio_err, cfg.infile,
1.5 bcook 298: tmpformat, 1, passin, "Public Key");
1.1 jsing 299: } else
1.18 tb 300: pkey = load_key(bio_err, cfg.infile,
301: cfg.informat, 1, passin, "Private Key");
1.1 jsing 302:
303: if (pkey != NULL)
304: rsa = EVP_PKEY_get1_RSA(pkey);
305: EVP_PKEY_free(pkey);
306: }
307:
308: if (rsa == NULL) {
309: ERR_print_errors(bio_err);
310: goto end;
311: }
1.18 tb 312: if (cfg.outfile == NULL) {
1.1 jsing 313: BIO_set_fp(out, stdout, BIO_NOCLOSE);
314: } else {
1.18 tb 315: if (BIO_write_filename(out, cfg.outfile) <= 0) {
316: perror(cfg.outfile);
1.1 jsing 317: goto end;
318: }
319: }
320:
1.18 tb 321: if (cfg.text)
1.1 jsing 322: if (!RSA_print(out, rsa, 0)) {
1.18 tb 323: perror(cfg.outfile);
1.1 jsing 324: ERR_print_errors(bio_err);
325: goto end;
326: }
1.18 tb 327: if (cfg.modulus) {
1.1 jsing 328: BIO_printf(out, "Modulus=");
1.16 tb 329: BN_print(out, RSA_get0_n(rsa));
1.1 jsing 330: BIO_printf(out, "\n");
331: }
1.18 tb 332: if (cfg.check) {
1.1 jsing 333: int r = RSA_check_key(rsa);
334:
335: if (r == 1)
336: BIO_printf(out, "RSA key ok\n");
337: else if (r == 0) {
338: unsigned long err;
339:
340: while ((err = ERR_peek_error()) != 0 &&
341: ERR_GET_LIB(err) == ERR_LIB_RSA &&
342: ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
343: ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
1.3 doug 344: BIO_printf(out, "RSA key error: %s\n",
345: ERR_reason_error_string(err));
1.1 jsing 346: ERR_get_error(); /* remove e from error
347: * stack */
348: }
349: }
350: if (r == -1 || ERR_peek_error() != 0) { /* should happen only if
351: * r == -1 */
352: ERR_print_errors(bio_err);
353: goto end;
354: }
355: }
1.18 tb 356: if (cfg.noout) {
1.1 jsing 357: ret = 0;
358: goto end;
359: }
360: BIO_printf(bio_err, "writing RSA key\n");
1.18 tb 361: if (cfg.outformat == FORMAT_ASN1) {
362: if (cfg.pubout || cfg.pubin) {
363: if (cfg.pubout == 2)
1.1 jsing 364: i = i2d_RSAPublicKey_bio(out, rsa);
365: else
366: i = i2d_RSA_PUBKEY_bio(out, rsa);
367: } else
368: i = i2d_RSAPrivateKey_bio(out, rsa);
1.18 tb 369: } else if (cfg.outformat == FORMAT_PEM) {
370: if (cfg.pubout || cfg.pubin) {
371: if (cfg.pubout == 2)
1.1 jsing 372: i = PEM_write_bio_RSAPublicKey(out, rsa);
373: else
374: i = PEM_write_bio_RSA_PUBKEY(out, rsa);
375: } else
376: i = PEM_write_bio_RSAPrivateKey(out, rsa,
1.18 tb 377: cfg.enc, NULL, 0, NULL, passout);
1.1 jsing 378: #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
1.18 tb 379: } else if (cfg.outformat == FORMAT_MSBLOB ||
380: cfg.outformat == FORMAT_PVK) {
1.1 jsing 381: EVP_PKEY *pk;
382: pk = EVP_PKEY_new();
383: EVP_PKEY_set1_RSA(pk, rsa);
1.18 tb 384: if (cfg.outformat == FORMAT_PVK)
385: i = i2b_PVK_bio(out, pk, cfg.pvk_encr, 0,
1.3 doug 386: passout);
1.18 tb 387: else if (cfg.pubin || cfg.pubout)
1.1 jsing 388: i = i2b_PublicKey_bio(out, pk);
389: else
390: i = i2b_PrivateKey_bio(out, pk);
391: EVP_PKEY_free(pk);
392: #endif
393: } else {
1.3 doug 394: BIO_printf(bio_err,
395: "bad output format specified for outfile\n");
1.1 jsing 396: goto end;
397: }
398: if (i <= 0) {
399: BIO_printf(bio_err, "unable to write key\n");
400: ERR_print_errors(bio_err);
401: } else
402: ret = 0;
1.3 doug 403:
1.10 jsing 404: end:
1.3 doug 405: BIO_free_all(out);
406: RSA_free(rsa);
1.1 jsing 407: free(passin);
408: free(passout);
409:
410: return (ret);
411: }