Annotation of src/usr.bin/openssl/rsa.c, Revision 1.3
1.3 ! doug 1: /* $OpenBSD: rsa.c,v 1.2 2014/08/28 14:23:52 jsing Exp $ */
1.1 jsing 2: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3: * All rights reserved.
4: *
5: * This package is an SSL implementation written
6: * by Eric Young (eay@cryptsoft.com).
7: * The implementation was written so as to conform with Netscapes SSL.
8: *
9: * This library is free for commercial and non-commercial use as long as
10: * the following conditions are aheared to. The following conditions
11: * apply to all code found in this distribution, be it the RC4, RSA,
12: * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13: * included with this distribution is covered by the same copyright terms
14: * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15: *
16: * Copyright remains Eric Young's, and as such any Copyright notices in
17: * the code are not to be removed.
18: * If this package is used in a product, Eric Young should be given attribution
19: * as the author of the parts of the library used.
20: * This can be in the form of a textual message at program startup or
21: * in documentation (online or textual) provided with the package.
22: *
23: * Redistribution and use in source and binary forms, with or without
24: * modification, are permitted provided that the following conditions
25: * are met:
26: * 1. Redistributions of source code must retain the copyright
27: * notice, this list of conditions and the following disclaimer.
28: * 2. Redistributions in binary form must reproduce the above copyright
29: * notice, this list of conditions and the following disclaimer in the
30: * documentation and/or other materials provided with the distribution.
31: * 3. All advertising materials mentioning features or use of this software
32: * must display the following acknowledgement:
33: * "This product includes cryptographic software written by
34: * Eric Young (eay@cryptsoft.com)"
35: * The word 'cryptographic' can be left out if the rouines from the library
36: * being used are not cryptographic related :-).
37: * 4. If you include any Windows specific code (or a derivative thereof) from
38: * the apps directory (application code) you must include an acknowledgement:
39: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40: *
41: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51: * SUCH DAMAGE.
52: *
53: * The licence and distribution terms for any publically available version or
54: * derivative of this code cannot be changed. i.e. this code cannot simply be
55: * copied and put under another distribution licence
56: * [including the GNU Public Licence.]
57: */
58:
59: #include <openssl/opensslconf.h>
60:
61: #include <stdio.h>
62: #include <stdlib.h>
63: #include <string.h>
64: #include <time.h>
65:
66: #include "apps.h"
67:
68: #include <openssl/bio.h>
69: #include <openssl/bn.h>
70: #include <openssl/err.h>
71: #include <openssl/evp.h>
72: #include <openssl/pem.h>
73: #include <openssl/rsa.h>
74: #include <openssl/x509.h>
75:
1.3 ! doug 76: static struct {
! 77: int check;
! 78: const EVP_CIPHER *enc;
! 79: #ifndef OPENSSL_NO_ENGINE
! 80: char *engine;
! 81: #endif
! 82: char *infile;
! 83: int informat;
! 84: int modulus;
! 85: int noout;
! 86: char *outfile;
! 87: int outformat;
! 88: char *passargin;
! 89: char *passargout;
! 90: int pubin;
! 91: int pubout;
! 92: int pvk_encr;
! 93: int sgckey;
! 94: int text;
! 95: } rsa_config;
! 96:
! 97: static int
! 98: rsa_opt_cipher(int argc, char **argv, int *argsused)
! 99: {
! 100: char *name = argv[0];
! 101:
! 102: if (*name++ != '-')
! 103: return (1);
! 104:
! 105: if ((rsa_config.enc = EVP_get_cipherbyname(name)) == NULL) {
! 106: fprintf(stderr, "Invalid cipher '%s'\n", name);
! 107: return (1);
! 108: }
! 109:
! 110: *argsused = 1;
! 111: return (0);
! 112: }
! 113:
! 114: static struct option rsa_options[] = {
! 115: {
! 116: .name = "check",
! 117: .desc = "Check consistency of RSA private key",
! 118: .type = OPTION_FLAG,
! 119: .opt.flag = &rsa_config.check,
! 120: },
! 121: #ifndef OPENSSL_NO_ENGINE
! 122: {
! 123: .name = "engine",
! 124: .argname = "id",
! 125: .desc = "Use the engine specified by the given identifier",
! 126: .type = OPTION_ARG,
! 127: .opt.arg = &rsa_config.engine,
! 128: },
! 129: #endif
! 130: {
! 131: .name = "in",
! 132: .argname = "file",
! 133: .desc = "Input file (default stdin)",
! 134: .type = OPTION_ARG,
! 135: .opt.arg = &rsa_config.infile,
! 136: },
! 137: {
! 138: .name = "inform",
! 139: .argname = "format",
! 140: .desc = "Input format (DER, NET or PEM (default))",
! 141: .type = OPTION_ARG_FORMAT,
! 142: .opt.value = &rsa_config.informat,
! 143: },
! 144: {
! 145: .name = "modulus",
! 146: .desc = "Print the RSA key modulus",
! 147: .type = OPTION_FLAG,
! 148: .opt.flag = &rsa_config.modulus,
! 149: },
! 150: {
! 151: .name = "noout",
! 152: .desc = "Do not print encoded version of the key",
! 153: .type = OPTION_FLAG,
! 154: .opt.flag = &rsa_config.noout,
! 155: },
! 156: {
! 157: .name = "out",
! 158: .argname = "file",
! 159: .desc = "Output file (default stdout)",
! 160: .type = OPTION_ARG,
! 161: .opt.arg = &rsa_config.outfile,
! 162: },
! 163: {
! 164: .name = "outform",
! 165: .argname = "format",
! 166: .desc = "Output format (DER, NET or PEM (default PEM))",
! 167: .type = OPTION_ARG_FORMAT,
! 168: .opt.value = &rsa_config.outformat,
! 169: },
! 170: {
! 171: .name = "passin",
! 172: .argname = "src",
! 173: .desc = "Input file passphrase source",
! 174: .type = OPTION_ARG,
! 175: .opt.arg = &rsa_config.passargin,
! 176: },
! 177: {
! 178: .name = "passout",
! 179: .argname = "src",
! 180: .desc = "Output file passphrase source",
! 181: .type = OPTION_ARG,
! 182: .opt.arg = &rsa_config.passargout,
! 183: },
! 184: {
! 185: .name = "pubin",
! 186: .desc = "Expect a public key (default private key)",
! 187: .type = OPTION_VALUE,
! 188: .value = 1,
! 189: .opt.value = &rsa_config.pubin,
! 190: },
! 191: {
! 192: .name = "pubout",
! 193: .desc = "Output a public key (default private key)",
! 194: .type = OPTION_VALUE,
! 195: .value = 1,
! 196: .opt.value = &rsa_config.pubout,
! 197: },
! 198: {
! 199: .name = "pvk-none",
! 200: .type = OPTION_VALUE,
! 201: .value = 0,
! 202: .opt.value = &rsa_config.pvk_encr,
! 203: },
! 204: {
! 205: .name = "pvk-strong",
! 206: .type = OPTION_VALUE,
! 207: .value = 2,
! 208: .opt.value = &rsa_config.pvk_encr,
! 209: },
! 210: {
! 211: .name = "pvk-weak",
! 212: .type = OPTION_VALUE,
! 213: .value = 1,
! 214: .opt.value = &rsa_config.pvk_encr,
! 215: },
! 216: {
! 217: .name = "RSAPublicKey_in",
! 218: .type = OPTION_VALUE,
! 219: .value = 2,
! 220: .opt.value = &rsa_config.pubin,
! 221: },
! 222: {
! 223: .name = "RSAPublicKey_out",
! 224: .type = OPTION_VALUE,
! 225: .value = 2,
! 226: .opt.value = &rsa_config.pubout,
! 227: },
! 228: {
! 229: .name = "sgckey",
! 230: .desc = "Use modified NET algorithm for IIS and SGC keys",
! 231: .type = OPTION_FLAG,
! 232: .opt.flag = &rsa_config.sgckey,
! 233: },
! 234: {
! 235: .name = "text",
! 236: .desc = "Print in plain text in addition to encoded",
! 237: .type = OPTION_FLAG,
! 238: .opt.flag = &rsa_config.text,
! 239: },
! 240: {
! 241: .name = NULL,
! 242: .type = OPTION_ARGV_FUNC,
! 243: .opt.argvfunc = rsa_opt_cipher,
! 244: },
! 245: { NULL }
! 246: };
! 247:
! 248: static void
! 249: show_ciphers(const OBJ_NAME *name, void *arg)
! 250: {
! 251: static int n;
! 252:
! 253: fprintf(stderr, " -%-24s%s", name->name, (++n % 3 ? "" : "\n"));
! 254: }
1.1 jsing 255:
1.3 ! doug 256: static void
! 257: rsa_usage()
! 258: {
! 259: fprintf(stderr,
! 260: "usage: rsa [-ciphername] [-check] [-engine id] [-in file] "
! 261: "[-inform fmt]\n"
! 262: " [-modulus] [-noout] [-out file] [-outform fmt] "
! 263: "[-passin src]\n"
! 264: " [-passout src] [-pubin] [-pubout] [-sgckey] [-text]\n\n");
! 265: options_usage(rsa_options);
! 266: fprintf(stderr, "\n");
! 267:
! 268: fprintf(stderr, "Valid ciphername values:\n\n");
! 269: OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_ciphers, NULL);
! 270: fprintf(stderr, "\n");
! 271: }
1.1 jsing 272:
273: int
274: rsa_main(int argc, char **argv)
275: {
276: ENGINE *e = NULL;
277: int ret = 1;
278: RSA *rsa = NULL;
1.3 ! doug 279: int i;
1.1 jsing 280: BIO *out = NULL;
281: char *passin = NULL, *passout = NULL;
282:
1.3 ! doug 283: memset(&rsa_config, 0, sizeof(rsa_config));
! 284: rsa_config.pvk_encr = 2;
! 285: rsa_config.informat = FORMAT_PEM;
! 286: rsa_config.outformat = FORMAT_PEM;
1.1 jsing 287:
1.3 ! doug 288: if (options_parse(argc, argv, rsa_options, NULL, NULL) != 0) {
! 289: rsa_usage();
1.1 jsing 290: goto end;
291: }
292:
293: #ifndef OPENSSL_NO_ENGINE
1.3 ! doug 294: e = setup_engine(bio_err, rsa_config.engine, 0);
1.1 jsing 295: #endif
296:
1.3 ! doug 297: if (!app_passwd(bio_err, rsa_config.passargin, rsa_config.passargout,
! 298: &passin, &passout)) {
1.1 jsing 299: BIO_printf(bio_err, "Error getting passwords\n");
300: goto end;
301: }
1.3 ! doug 302: if (rsa_config.check && rsa_config.pubin) {
1.1 jsing 303: BIO_printf(bio_err, "Only private keys can be checked\n");
304: goto end;
305: }
306: out = BIO_new(BIO_s_file());
307:
308: {
309: EVP_PKEY *pkey;
310:
1.3 ! doug 311: if (rsa_config.pubin) {
1.1 jsing 312: int tmpformat = -1;
1.3 ! doug 313: if (rsa_config.pubin == 2) {
! 314: if (rsa_config.informat == FORMAT_PEM)
1.1 jsing 315: tmpformat = FORMAT_PEMRSA;
1.3 ! doug 316: else if (rsa_config.informat == FORMAT_ASN1)
1.1 jsing 317: tmpformat = FORMAT_ASN1RSA;
1.3 ! doug 318: } else if (rsa_config.informat == FORMAT_NETSCAPE &&
! 319: rsa_config.sgckey)
1.1 jsing 320: tmpformat = FORMAT_IISSGC;
321: else
1.3 ! doug 322: tmpformat = rsa_config.informat;
1.1 jsing 323:
1.3 ! doug 324: pkey = load_pubkey(bio_err, rsa_config.infile,
! 325: tmpformat, 1, passin, e, "Public Key");
1.1 jsing 326: } else
1.3 ! doug 327: pkey = load_key(bio_err, rsa_config.infile,
! 328: (rsa_config.informat == FORMAT_NETSCAPE &&
! 329: rsa_config.sgckey ? FORMAT_IISSGC :
! 330: rsa_config.informat), 1, passin, e, "Private Key");
1.1 jsing 331:
332: if (pkey != NULL)
333: rsa = EVP_PKEY_get1_RSA(pkey);
334: EVP_PKEY_free(pkey);
335: }
336:
337: if (rsa == NULL) {
338: ERR_print_errors(bio_err);
339: goto end;
340: }
1.3 ! doug 341: if (rsa_config.outfile == NULL) {
1.1 jsing 342: BIO_set_fp(out, stdout, BIO_NOCLOSE);
343: } else {
1.3 ! doug 344: if (BIO_write_filename(out, rsa_config.outfile) <= 0) {
! 345: perror(rsa_config.outfile);
1.1 jsing 346: goto end;
347: }
348: }
349:
1.3 ! doug 350: if (rsa_config.text)
1.1 jsing 351: if (!RSA_print(out, rsa, 0)) {
1.3 ! doug 352: perror(rsa_config.outfile);
1.1 jsing 353: ERR_print_errors(bio_err);
354: goto end;
355: }
1.3 ! doug 356: if (rsa_config.modulus) {
1.1 jsing 357: BIO_printf(out, "Modulus=");
358: BN_print(out, rsa->n);
359: BIO_printf(out, "\n");
360: }
1.3 ! doug 361: if (rsa_config.check) {
1.1 jsing 362: int r = RSA_check_key(rsa);
363:
364: if (r == 1)
365: BIO_printf(out, "RSA key ok\n");
366: else if (r == 0) {
367: unsigned long err;
368:
369: while ((err = ERR_peek_error()) != 0 &&
370: ERR_GET_LIB(err) == ERR_LIB_RSA &&
371: ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
372: ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
1.3 ! doug 373: BIO_printf(out, "RSA key error: %s\n",
! 374: ERR_reason_error_string(err));
1.1 jsing 375: ERR_get_error(); /* remove e from error
376: * stack */
377: }
378: }
379: if (r == -1 || ERR_peek_error() != 0) { /* should happen only if
380: * r == -1 */
381: ERR_print_errors(bio_err);
382: goto end;
383: }
384: }
1.3 ! doug 385: if (rsa_config.noout) {
1.1 jsing 386: ret = 0;
387: goto end;
388: }
389: BIO_printf(bio_err, "writing RSA key\n");
1.3 ! doug 390: if (rsa_config.outformat == FORMAT_ASN1) {
! 391: if (rsa_config.pubout || rsa_config.pubin) {
! 392: if (rsa_config.pubout == 2)
1.1 jsing 393: i = i2d_RSAPublicKey_bio(out, rsa);
394: else
395: i = i2d_RSA_PUBKEY_bio(out, rsa);
396: } else
397: i = i2d_RSAPrivateKey_bio(out, rsa);
398: }
399: #ifndef OPENSSL_NO_RC4
1.3 ! doug 400: else if (rsa_config.outformat == FORMAT_NETSCAPE) {
1.1 jsing 401: unsigned char *p, *pp;
402: int size;
403:
404: i = 1;
1.3 ! doug 405: size = i2d_RSA_NET(rsa, NULL, NULL, rsa_config.sgckey);
1.1 jsing 406: if ((p = malloc(size)) == NULL) {
407: BIO_printf(bio_err, "Memory allocation failure\n");
408: goto end;
409: }
410: pp = p;
1.3 ! doug 411: i2d_RSA_NET(rsa, &p, NULL, rsa_config.sgckey);
1.1 jsing 412: BIO_write(out, (char *) pp, size);
413: free(pp);
414: }
415: #endif
1.3 ! doug 416: else if (rsa_config.outformat == FORMAT_PEM) {
! 417: if (rsa_config.pubout || rsa_config.pubin) {
! 418: if (rsa_config.pubout == 2)
1.1 jsing 419: i = PEM_write_bio_RSAPublicKey(out, rsa);
420: else
421: i = PEM_write_bio_RSA_PUBKEY(out, rsa);
422: } else
423: i = PEM_write_bio_RSAPrivateKey(out, rsa,
1.3 ! doug 424: rsa_config.enc, NULL, 0, NULL, passout);
1.1 jsing 425: #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
1.3 ! doug 426: } else if (rsa_config.outformat == FORMAT_MSBLOB ||
! 427: rsa_config.outformat == FORMAT_PVK) {
1.1 jsing 428: EVP_PKEY *pk;
429: pk = EVP_PKEY_new();
430: EVP_PKEY_set1_RSA(pk, rsa);
1.3 ! doug 431: if (rsa_config.outformat == FORMAT_PVK)
! 432: i = i2b_PVK_bio(out, pk, rsa_config.pvk_encr, 0,
! 433: passout);
! 434: else if (rsa_config.pubin || rsa_config.pubout)
1.1 jsing 435: i = i2b_PublicKey_bio(out, pk);
436: else
437: i = i2b_PrivateKey_bio(out, pk);
438: EVP_PKEY_free(pk);
439: #endif
440: } else {
1.3 ! doug 441: BIO_printf(bio_err,
! 442: "bad output format specified for outfile\n");
1.1 jsing 443: goto end;
444: }
445: if (i <= 0) {
446: BIO_printf(bio_err, "unable to write key\n");
447: ERR_print_errors(bio_err);
448: } else
449: ret = 0;
1.3 ! doug 450:
1.1 jsing 451: end:
1.3 ! doug 452: BIO_free_all(out);
! 453: RSA_free(rsa);
1.1 jsing 454: free(passin);
455: free(passout);
456:
457: return (ret);
458: }