Annotation of src/usr.bin/openssl/rsa.c, Revision 1.4
1.4 ! deraadt 1: /* $OpenBSD: rsa.c,v 1.3 2015/01/24 05:48:39 doug Exp $ */
1.1 jsing 2: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3: * All rights reserved.
4: *
5: * This package is an SSL implementation written
6: * by Eric Young (eay@cryptsoft.com).
7: * The implementation was written so as to conform with Netscapes SSL.
8: *
9: * This library is free for commercial and non-commercial use as long as
10: * the following conditions are aheared to. The following conditions
11: * apply to all code found in this distribution, be it the RC4, RSA,
12: * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13: * included with this distribution is covered by the same copyright terms
14: * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15: *
16: * Copyright remains Eric Young's, and as such any Copyright notices in
17: * the code are not to be removed.
18: * If this package is used in a product, Eric Young should be given attribution
19: * as the author of the parts of the library used.
20: * This can be in the form of a textual message at program startup or
21: * in documentation (online or textual) provided with the package.
22: *
23: * Redistribution and use in source and binary forms, with or without
24: * modification, are permitted provided that the following conditions
25: * are met:
26: * 1. Redistributions of source code must retain the copyright
27: * notice, this list of conditions and the following disclaimer.
28: * 2. Redistributions in binary form must reproduce the above copyright
29: * notice, this list of conditions and the following disclaimer in the
30: * documentation and/or other materials provided with the distribution.
31: * 3. All advertising materials mentioning features or use of this software
32: * must display the following acknowledgement:
33: * "This product includes cryptographic software written by
34: * Eric Young (eay@cryptsoft.com)"
35: * The word 'cryptographic' can be left out if the rouines from the library
36: * being used are not cryptographic related :-).
37: * 4. If you include any Windows specific code (or a derivative thereof) from
38: * the apps directory (application code) you must include an acknowledgement:
39: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40: *
41: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51: * SUCH DAMAGE.
52: *
53: * The licence and distribution terms for any publically available version or
54: * derivative of this code cannot be changed. i.e. this code cannot simply be
55: * copied and put under another distribution licence
56: * [including the GNU Public Licence.]
57: */
58:
59: #include <openssl/opensslconf.h>
60:
61: #include <stdio.h>
62: #include <stdlib.h>
63: #include <string.h>
64: #include <time.h>
65:
66: #include "apps.h"
1.4 ! deraadt 67: #include "progs.h"
1.1 jsing 68:
69: #include <openssl/bio.h>
70: #include <openssl/bn.h>
71: #include <openssl/err.h>
72: #include <openssl/evp.h>
73: #include <openssl/pem.h>
74: #include <openssl/rsa.h>
75: #include <openssl/x509.h>
76:
1.3 doug 77: static struct {
78: int check;
79: const EVP_CIPHER *enc;
80: #ifndef OPENSSL_NO_ENGINE
81: char *engine;
82: #endif
83: char *infile;
84: int informat;
85: int modulus;
86: int noout;
87: char *outfile;
88: int outformat;
89: char *passargin;
90: char *passargout;
91: int pubin;
92: int pubout;
93: int pvk_encr;
94: int sgckey;
95: int text;
96: } rsa_config;
97:
98: static int
99: rsa_opt_cipher(int argc, char **argv, int *argsused)
100: {
101: char *name = argv[0];
102:
103: if (*name++ != '-')
104: return (1);
105:
106: if ((rsa_config.enc = EVP_get_cipherbyname(name)) == NULL) {
107: fprintf(stderr, "Invalid cipher '%s'\n", name);
108: return (1);
109: }
110:
111: *argsused = 1;
112: return (0);
113: }
114:
115: static struct option rsa_options[] = {
116: {
117: .name = "check",
118: .desc = "Check consistency of RSA private key",
119: .type = OPTION_FLAG,
120: .opt.flag = &rsa_config.check,
121: },
122: #ifndef OPENSSL_NO_ENGINE
123: {
124: .name = "engine",
125: .argname = "id",
126: .desc = "Use the engine specified by the given identifier",
127: .type = OPTION_ARG,
128: .opt.arg = &rsa_config.engine,
129: },
130: #endif
131: {
132: .name = "in",
133: .argname = "file",
134: .desc = "Input file (default stdin)",
135: .type = OPTION_ARG,
136: .opt.arg = &rsa_config.infile,
137: },
138: {
139: .name = "inform",
140: .argname = "format",
141: .desc = "Input format (DER, NET or PEM (default))",
142: .type = OPTION_ARG_FORMAT,
143: .opt.value = &rsa_config.informat,
144: },
145: {
146: .name = "modulus",
147: .desc = "Print the RSA key modulus",
148: .type = OPTION_FLAG,
149: .opt.flag = &rsa_config.modulus,
150: },
151: {
152: .name = "noout",
153: .desc = "Do not print encoded version of the key",
154: .type = OPTION_FLAG,
155: .opt.flag = &rsa_config.noout,
156: },
157: {
158: .name = "out",
159: .argname = "file",
160: .desc = "Output file (default stdout)",
161: .type = OPTION_ARG,
162: .opt.arg = &rsa_config.outfile,
163: },
164: {
165: .name = "outform",
166: .argname = "format",
167: .desc = "Output format (DER, NET or PEM (default PEM))",
168: .type = OPTION_ARG_FORMAT,
169: .opt.value = &rsa_config.outformat,
170: },
171: {
172: .name = "passin",
173: .argname = "src",
174: .desc = "Input file passphrase source",
175: .type = OPTION_ARG,
176: .opt.arg = &rsa_config.passargin,
177: },
178: {
179: .name = "passout",
180: .argname = "src",
181: .desc = "Output file passphrase source",
182: .type = OPTION_ARG,
183: .opt.arg = &rsa_config.passargout,
184: },
185: {
186: .name = "pubin",
187: .desc = "Expect a public key (default private key)",
188: .type = OPTION_VALUE,
189: .value = 1,
190: .opt.value = &rsa_config.pubin,
191: },
192: {
193: .name = "pubout",
194: .desc = "Output a public key (default private key)",
195: .type = OPTION_VALUE,
196: .value = 1,
197: .opt.value = &rsa_config.pubout,
198: },
199: {
200: .name = "pvk-none",
201: .type = OPTION_VALUE,
202: .value = 0,
203: .opt.value = &rsa_config.pvk_encr,
204: },
205: {
206: .name = "pvk-strong",
207: .type = OPTION_VALUE,
208: .value = 2,
209: .opt.value = &rsa_config.pvk_encr,
210: },
211: {
212: .name = "pvk-weak",
213: .type = OPTION_VALUE,
214: .value = 1,
215: .opt.value = &rsa_config.pvk_encr,
216: },
217: {
218: .name = "RSAPublicKey_in",
219: .type = OPTION_VALUE,
220: .value = 2,
221: .opt.value = &rsa_config.pubin,
222: },
223: {
224: .name = "RSAPublicKey_out",
225: .type = OPTION_VALUE,
226: .value = 2,
227: .opt.value = &rsa_config.pubout,
228: },
229: {
230: .name = "sgckey",
231: .desc = "Use modified NET algorithm for IIS and SGC keys",
232: .type = OPTION_FLAG,
233: .opt.flag = &rsa_config.sgckey,
234: },
235: {
236: .name = "text",
237: .desc = "Print in plain text in addition to encoded",
238: .type = OPTION_FLAG,
239: .opt.flag = &rsa_config.text,
240: },
241: {
242: .name = NULL,
243: .type = OPTION_ARGV_FUNC,
244: .opt.argvfunc = rsa_opt_cipher,
245: },
246: { NULL }
247: };
248:
249: static void
250: show_ciphers(const OBJ_NAME *name, void *arg)
251: {
252: static int n;
253:
254: fprintf(stderr, " -%-24s%s", name->name, (++n % 3 ? "" : "\n"));
255: }
1.1 jsing 256:
1.3 doug 257: static void
258: rsa_usage()
259: {
260: fprintf(stderr,
261: "usage: rsa [-ciphername] [-check] [-engine id] [-in file] "
262: "[-inform fmt]\n"
263: " [-modulus] [-noout] [-out file] [-outform fmt] "
264: "[-passin src]\n"
265: " [-passout src] [-pubin] [-pubout] [-sgckey] [-text]\n\n");
266: options_usage(rsa_options);
267: fprintf(stderr, "\n");
268:
269: fprintf(stderr, "Valid ciphername values:\n\n");
270: OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_ciphers, NULL);
271: fprintf(stderr, "\n");
272: }
1.1 jsing 273:
274: int
275: rsa_main(int argc, char **argv)
276: {
277: ENGINE *e = NULL;
278: int ret = 1;
279: RSA *rsa = NULL;
1.3 doug 280: int i;
1.1 jsing 281: BIO *out = NULL;
282: char *passin = NULL, *passout = NULL;
283:
1.3 doug 284: memset(&rsa_config, 0, sizeof(rsa_config));
285: rsa_config.pvk_encr = 2;
286: rsa_config.informat = FORMAT_PEM;
287: rsa_config.outformat = FORMAT_PEM;
1.1 jsing 288:
1.3 doug 289: if (options_parse(argc, argv, rsa_options, NULL, NULL) != 0) {
290: rsa_usage();
1.1 jsing 291: goto end;
292: }
293:
294: #ifndef OPENSSL_NO_ENGINE
1.3 doug 295: e = setup_engine(bio_err, rsa_config.engine, 0);
1.1 jsing 296: #endif
297:
1.3 doug 298: if (!app_passwd(bio_err, rsa_config.passargin, rsa_config.passargout,
299: &passin, &passout)) {
1.1 jsing 300: BIO_printf(bio_err, "Error getting passwords\n");
301: goto end;
302: }
1.3 doug 303: if (rsa_config.check && rsa_config.pubin) {
1.1 jsing 304: BIO_printf(bio_err, "Only private keys can be checked\n");
305: goto end;
306: }
307: out = BIO_new(BIO_s_file());
308:
309: {
310: EVP_PKEY *pkey;
311:
1.3 doug 312: if (rsa_config.pubin) {
1.1 jsing 313: int tmpformat = -1;
1.3 doug 314: if (rsa_config.pubin == 2) {
315: if (rsa_config.informat == FORMAT_PEM)
1.1 jsing 316: tmpformat = FORMAT_PEMRSA;
1.3 doug 317: else if (rsa_config.informat == FORMAT_ASN1)
1.1 jsing 318: tmpformat = FORMAT_ASN1RSA;
1.3 doug 319: } else if (rsa_config.informat == FORMAT_NETSCAPE &&
320: rsa_config.sgckey)
1.1 jsing 321: tmpformat = FORMAT_IISSGC;
322: else
1.3 doug 323: tmpformat = rsa_config.informat;
1.1 jsing 324:
1.3 doug 325: pkey = load_pubkey(bio_err, rsa_config.infile,
326: tmpformat, 1, passin, e, "Public Key");
1.1 jsing 327: } else
1.3 doug 328: pkey = load_key(bio_err, rsa_config.infile,
329: (rsa_config.informat == FORMAT_NETSCAPE &&
330: rsa_config.sgckey ? FORMAT_IISSGC :
331: rsa_config.informat), 1, passin, e, "Private Key");
1.1 jsing 332:
333: if (pkey != NULL)
334: rsa = EVP_PKEY_get1_RSA(pkey);
335: EVP_PKEY_free(pkey);
336: }
337:
338: if (rsa == NULL) {
339: ERR_print_errors(bio_err);
340: goto end;
341: }
1.3 doug 342: if (rsa_config.outfile == NULL) {
1.1 jsing 343: BIO_set_fp(out, stdout, BIO_NOCLOSE);
344: } else {
1.3 doug 345: if (BIO_write_filename(out, rsa_config.outfile) <= 0) {
346: perror(rsa_config.outfile);
1.1 jsing 347: goto end;
348: }
349: }
350:
1.3 doug 351: if (rsa_config.text)
1.1 jsing 352: if (!RSA_print(out, rsa, 0)) {
1.3 doug 353: perror(rsa_config.outfile);
1.1 jsing 354: ERR_print_errors(bio_err);
355: goto end;
356: }
1.3 doug 357: if (rsa_config.modulus) {
1.1 jsing 358: BIO_printf(out, "Modulus=");
359: BN_print(out, rsa->n);
360: BIO_printf(out, "\n");
361: }
1.3 doug 362: if (rsa_config.check) {
1.1 jsing 363: int r = RSA_check_key(rsa);
364:
365: if (r == 1)
366: BIO_printf(out, "RSA key ok\n");
367: else if (r == 0) {
368: unsigned long err;
369:
370: while ((err = ERR_peek_error()) != 0 &&
371: ERR_GET_LIB(err) == ERR_LIB_RSA &&
372: ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
373: ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
1.3 doug 374: BIO_printf(out, "RSA key error: %s\n",
375: ERR_reason_error_string(err));
1.1 jsing 376: ERR_get_error(); /* remove e from error
377: * stack */
378: }
379: }
380: if (r == -1 || ERR_peek_error() != 0) { /* should happen only if
381: * r == -1 */
382: ERR_print_errors(bio_err);
383: goto end;
384: }
385: }
1.3 doug 386: if (rsa_config.noout) {
1.1 jsing 387: ret = 0;
388: goto end;
389: }
390: BIO_printf(bio_err, "writing RSA key\n");
1.3 doug 391: if (rsa_config.outformat == FORMAT_ASN1) {
392: if (rsa_config.pubout || rsa_config.pubin) {
393: if (rsa_config.pubout == 2)
1.1 jsing 394: i = i2d_RSAPublicKey_bio(out, rsa);
395: else
396: i = i2d_RSA_PUBKEY_bio(out, rsa);
397: } else
398: i = i2d_RSAPrivateKey_bio(out, rsa);
399: }
400: #ifndef OPENSSL_NO_RC4
1.3 doug 401: else if (rsa_config.outformat == FORMAT_NETSCAPE) {
1.1 jsing 402: unsigned char *p, *pp;
403: int size;
404:
405: i = 1;
1.3 doug 406: size = i2d_RSA_NET(rsa, NULL, NULL, rsa_config.sgckey);
1.1 jsing 407: if ((p = malloc(size)) == NULL) {
408: BIO_printf(bio_err, "Memory allocation failure\n");
409: goto end;
410: }
411: pp = p;
1.3 doug 412: i2d_RSA_NET(rsa, &p, NULL, rsa_config.sgckey);
1.1 jsing 413: BIO_write(out, (char *) pp, size);
414: free(pp);
415: }
416: #endif
1.3 doug 417: else if (rsa_config.outformat == FORMAT_PEM) {
418: if (rsa_config.pubout || rsa_config.pubin) {
419: if (rsa_config.pubout == 2)
1.1 jsing 420: i = PEM_write_bio_RSAPublicKey(out, rsa);
421: else
422: i = PEM_write_bio_RSA_PUBKEY(out, rsa);
423: } else
424: i = PEM_write_bio_RSAPrivateKey(out, rsa,
1.3 doug 425: rsa_config.enc, NULL, 0, NULL, passout);
1.1 jsing 426: #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
1.3 doug 427: } else if (rsa_config.outformat == FORMAT_MSBLOB ||
428: rsa_config.outformat == FORMAT_PVK) {
1.1 jsing 429: EVP_PKEY *pk;
430: pk = EVP_PKEY_new();
431: EVP_PKEY_set1_RSA(pk, rsa);
1.3 doug 432: if (rsa_config.outformat == FORMAT_PVK)
433: i = i2b_PVK_bio(out, pk, rsa_config.pvk_encr, 0,
434: passout);
435: else if (rsa_config.pubin || rsa_config.pubout)
1.1 jsing 436: i = i2b_PublicKey_bio(out, pk);
437: else
438: i = i2b_PrivateKey_bio(out, pk);
439: EVP_PKEY_free(pk);
440: #endif
441: } else {
1.3 doug 442: BIO_printf(bio_err,
443: "bad output format specified for outfile\n");
1.1 jsing 444: goto end;
445: }
446: if (i <= 0) {
447: BIO_printf(bio_err, "unable to write key\n");
448: ERR_print_errors(bio_err);
449: } else
450: ret = 0;
1.3 doug 451:
1.1 jsing 452: end:
1.3 doug 453: BIO_free_all(out);
454: RSA_free(rsa);
1.1 jsing 455: free(passin);
456: free(passout);
457:
458: return (ret);
459: }