PageRenderTime 44ms CodeModel.GetById 14ms RepoModel.GetById 0ms app.codeStats 0ms

/apps/pkcs8.c

https://gitlab.com/generic-library/openssl
C | 392 lines | 309 code | 25 blank | 58 comment | 109 complexity | b8667c919fe9794e3132feabb45a39cc MD5 | raw file
  1. /* pkcs8.c */
  2. /*
  3. * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
  4. * 1999-2004.
  5. */
  6. /* ====================================================================
  7. * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
  8. *
  9. * Redistribution and use in source and binary forms, with or without
  10. * modification, are permitted provided that the following conditions
  11. * are met:
  12. *
  13. * 1. Redistributions of source code must retain the above copyright
  14. * notice, this list of conditions and the following disclaimer.
  15. *
  16. * 2. Redistributions in binary form must reproduce the above copyright
  17. * notice, this list of conditions and the following disclaimer in
  18. * the documentation and/or other materials provided with the
  19. * distribution.
  20. *
  21. * 3. All advertising materials mentioning features or use of this
  22. * software must display the following acknowledgment:
  23. * "This product includes software developed by the OpenSSL Project
  24. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  25. *
  26. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  27. * endorse or promote products derived from this software without
  28. * prior written permission. For written permission, please contact
  29. * licensing@OpenSSL.org.
  30. *
  31. * 5. Products derived from this software may not be called "OpenSSL"
  32. * nor may "OpenSSL" appear in their names without prior written
  33. * permission of the OpenSSL Project.
  34. *
  35. * 6. Redistributions of any form whatsoever must retain the following
  36. * acknowledgment:
  37. * "This product includes software developed by the OpenSSL Project
  38. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  39. *
  40. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  41. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  43. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  44. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  45. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  46. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  47. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  49. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  50. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  51. * OF THE POSSIBILITY OF SUCH DAMAGE.
  52. * ====================================================================
  53. *
  54. * This product includes cryptographic software written by Eric Young
  55. * (eay@cryptsoft.com). This product includes software written by Tim
  56. * Hudson (tjh@cryptsoft.com).
  57. *
  58. */
  59. #include <stdio.h>
  60. #include <string.h>
  61. #include "apps.h"
  62. #include <openssl/pem.h>
  63. #include <openssl/err.h>
  64. #include <openssl/evp.h>
  65. #include <openssl/pkcs12.h>
  66. #define PROG pkcs8_main
  67. int MAIN(int, char **);
  68. int MAIN(int argc, char **argv)
  69. {
  70. ENGINE *e = NULL;
  71. char **args, *infile = NULL, *outfile = NULL;
  72. char *passargin = NULL, *passargout = NULL;
  73. BIO *in = NULL, *out = NULL;
  74. int topk8 = 0;
  75. int pbe_nid = -1;
  76. const EVP_CIPHER *cipher = NULL;
  77. int iter = PKCS12_DEFAULT_ITER;
  78. int informat, outformat;
  79. int p8_broken = PKCS8_OK;
  80. int nocrypt = 0;
  81. X509_SIG *p8 = NULL;
  82. PKCS8_PRIV_KEY_INFO *p8inf = NULL;
  83. EVP_PKEY *pkey = NULL;
  84. char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
  85. int badarg = 0;
  86. int ret = 1;
  87. #ifndef OPENSSL_NO_ENGINE
  88. char *engine = NULL;
  89. #endif
  90. if (bio_err == NULL)
  91. bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
  92. if (!load_config(bio_err, NULL))
  93. goto end;
  94. informat = FORMAT_PEM;
  95. outformat = FORMAT_PEM;
  96. ERR_load_crypto_strings();
  97. OpenSSL_add_all_algorithms();
  98. args = argv + 1;
  99. while (!badarg && *args && *args[0] == '-') {
  100. if (!strcmp(*args, "-v2")) {
  101. if (args[1]) {
  102. args++;
  103. cipher = EVP_get_cipherbyname(*args);
  104. if (!cipher) {
  105. BIO_printf(bio_err, "Unknown cipher %s\n", *args);
  106. badarg = 1;
  107. }
  108. } else
  109. badarg = 1;
  110. } else if (!strcmp(*args, "-v1")) {
  111. if (args[1]) {
  112. args++;
  113. pbe_nid = OBJ_txt2nid(*args);
  114. if (pbe_nid == NID_undef) {
  115. BIO_printf(bio_err, "Unknown PBE algorithm %s\n", *args);
  116. badarg = 1;
  117. }
  118. } else
  119. badarg = 1;
  120. } else if (!strcmp(*args, "-inform")) {
  121. if (args[1]) {
  122. args++;
  123. informat = str2fmt(*args);
  124. } else
  125. badarg = 1;
  126. } else if (!strcmp(*args, "-outform")) {
  127. if (args[1]) {
  128. args++;
  129. outformat = str2fmt(*args);
  130. } else
  131. badarg = 1;
  132. } else if (!strcmp(*args, "-topk8"))
  133. topk8 = 1;
  134. else if (!strcmp(*args, "-noiter"))
  135. iter = 1;
  136. else if (!strcmp(*args, "-nocrypt"))
  137. nocrypt = 1;
  138. else if (!strcmp(*args, "-nooct"))
  139. p8_broken = PKCS8_NO_OCTET;
  140. else if (!strcmp(*args, "-nsdb"))
  141. p8_broken = PKCS8_NS_DB;
  142. else if (!strcmp(*args, "-embed"))
  143. p8_broken = PKCS8_EMBEDDED_PARAM;
  144. else if (!strcmp(*args, "-passin")) {
  145. if (!args[1])
  146. goto bad;
  147. passargin = *(++args);
  148. } else if (!strcmp(*args, "-passout")) {
  149. if (!args[1])
  150. goto bad;
  151. passargout = *(++args);
  152. }
  153. #ifndef OPENSSL_NO_ENGINE
  154. else if (strcmp(*args, "-engine") == 0) {
  155. if (!args[1])
  156. goto bad;
  157. engine = *(++args);
  158. }
  159. #endif
  160. else if (!strcmp(*args, "-in")) {
  161. if (args[1]) {
  162. args++;
  163. infile = *args;
  164. } else
  165. badarg = 1;
  166. } else if (!strcmp(*args, "-out")) {
  167. if (args[1]) {
  168. args++;
  169. outfile = *args;
  170. } else
  171. badarg = 1;
  172. } else
  173. badarg = 1;
  174. args++;
  175. }
  176. if (badarg) {
  177. bad:
  178. BIO_printf(bio_err, "Usage pkcs8 [options]\n");
  179. BIO_printf(bio_err, "where options are\n");
  180. BIO_printf(bio_err, "-in file input file\n");
  181. BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
  182. BIO_printf(bio_err,
  183. "-passin arg input file pass phrase source\n");
  184. BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
  185. BIO_printf(bio_err, "-out file output file\n");
  186. BIO_printf(bio_err,
  187. "-passout arg output file pass phrase source\n");
  188. BIO_printf(bio_err, "-topk8 output PKCS8 file\n");
  189. BIO_printf(bio_err,
  190. "-nooct use (nonstandard) no octet format\n");
  191. BIO_printf(bio_err,
  192. "-embed use (nonstandard) embedded DSA parameters format\n");
  193. BIO_printf(bio_err,
  194. "-nsdb use (nonstandard) DSA Netscape DB format\n");
  195. BIO_printf(bio_err, "-noiter use 1 as iteration count\n");
  196. BIO_printf(bio_err,
  197. "-nocrypt use or expect unencrypted private key\n");
  198. BIO_printf(bio_err,
  199. "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
  200. BIO_printf(bio_err,
  201. "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
  202. #ifndef OPENSSL_NO_ENGINE
  203. BIO_printf(bio_err,
  204. " -engine e use engine e, possibly a hardware device.\n");
  205. #endif
  206. goto end;
  207. }
  208. #ifndef OPENSSL_NO_ENGINE
  209. e = setup_engine(bio_err, engine, 0);
  210. #endif
  211. if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
  212. BIO_printf(bio_err, "Error getting passwords\n");
  213. goto end;
  214. }
  215. if ((pbe_nid == -1) && !cipher)
  216. pbe_nid = NID_pbeWithMD5AndDES_CBC;
  217. if (infile) {
  218. if (!(in = BIO_new_file(infile, "rb"))) {
  219. BIO_printf(bio_err, "Can't open input file %s\n", infile);
  220. goto end;
  221. }
  222. } else
  223. in = BIO_new_fp(stdin, BIO_NOCLOSE);
  224. if (outfile) {
  225. if (!(out = BIO_new_file(outfile, "wb"))) {
  226. BIO_printf(bio_err, "Can't open output file %s\n", outfile);
  227. goto end;
  228. }
  229. } else {
  230. out = BIO_new_fp(stdout, BIO_NOCLOSE);
  231. #ifdef OPENSSL_SYS_VMS
  232. {
  233. BIO *tmpbio = BIO_new(BIO_f_linebuffer());
  234. out = BIO_push(tmpbio, out);
  235. }
  236. #endif
  237. }
  238. if (topk8) {
  239. pkey = load_key(bio_err, infile, informat, 1, passin, e, "key");
  240. if (!pkey)
  241. goto end;
  242. if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
  243. BIO_printf(bio_err, "Error converting key\n");
  244. ERR_print_errors(bio_err);
  245. goto end;
  246. }
  247. if (nocrypt) {
  248. if (outformat == FORMAT_PEM)
  249. PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
  250. else if (outformat == FORMAT_ASN1)
  251. i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
  252. else {
  253. BIO_printf(bio_err, "Bad format specified for key\n");
  254. goto end;
  255. }
  256. } else {
  257. if (passout)
  258. p8pass = passout;
  259. else {
  260. p8pass = pass;
  261. if (EVP_read_pw_string
  262. (pass, sizeof pass, "Enter Encryption Password:", 1))
  263. goto end;
  264. }
  265. app_RAND_load_file(NULL, bio_err, 0);
  266. if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
  267. p8pass, strlen(p8pass),
  268. NULL, 0, iter, p8inf))) {
  269. BIO_printf(bio_err, "Error encrypting key\n");
  270. ERR_print_errors(bio_err);
  271. goto end;
  272. }
  273. app_RAND_write_file(NULL, bio_err);
  274. if (outformat == FORMAT_PEM)
  275. PEM_write_bio_PKCS8(out, p8);
  276. else if (outformat == FORMAT_ASN1)
  277. i2d_PKCS8_bio(out, p8);
  278. else {
  279. BIO_printf(bio_err, "Bad format specified for key\n");
  280. goto end;
  281. }
  282. }
  283. ret = 0;
  284. goto end;
  285. }
  286. if (nocrypt) {
  287. if (informat == FORMAT_PEM)
  288. p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
  289. else if (informat == FORMAT_ASN1)
  290. p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
  291. else {
  292. BIO_printf(bio_err, "Bad format specified for key\n");
  293. goto end;
  294. }
  295. } else {
  296. if (informat == FORMAT_PEM)
  297. p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
  298. else if (informat == FORMAT_ASN1)
  299. p8 = d2i_PKCS8_bio(in, NULL);
  300. else {
  301. BIO_printf(bio_err, "Bad format specified for key\n");
  302. goto end;
  303. }
  304. if (!p8) {
  305. BIO_printf(bio_err, "Error reading key\n");
  306. ERR_print_errors(bio_err);
  307. goto end;
  308. }
  309. if (passin)
  310. p8pass = passin;
  311. else {
  312. p8pass = pass;
  313. EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
  314. }
  315. p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
  316. }
  317. if (!p8inf) {
  318. BIO_printf(bio_err, "Error decrypting key\n");
  319. ERR_print_errors(bio_err);
  320. goto end;
  321. }
  322. if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
  323. BIO_printf(bio_err, "Error converting key\n");
  324. ERR_print_errors(bio_err);
  325. goto end;
  326. }
  327. if (p8inf->broken) {
  328. BIO_printf(bio_err, "Warning: broken key encoding: ");
  329. switch (p8inf->broken) {
  330. case PKCS8_NO_OCTET:
  331. BIO_printf(bio_err, "No Octet String in PrivateKey\n");
  332. break;
  333. case PKCS8_EMBEDDED_PARAM:
  334. BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");
  335. break;
  336. case PKCS8_NS_DB:
  337. BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
  338. break;
  339. case PKCS8_NEG_PRIVKEY:
  340. BIO_printf(bio_err, "DSA private key value is negative\n");
  341. break;
  342. default:
  343. BIO_printf(bio_err, "Unknown broken type\n");
  344. break;
  345. }
  346. }
  347. if (outformat == FORMAT_PEM)
  348. PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
  349. else if (outformat == FORMAT_ASN1)
  350. i2d_PrivateKey_bio(out, pkey);
  351. else {
  352. BIO_printf(bio_err, "Bad format specified for key\n");
  353. goto end;
  354. }
  355. ret = 0;
  356. end:
  357. X509_SIG_free(p8);
  358. PKCS8_PRIV_KEY_INFO_free(p8inf);
  359. EVP_PKEY_free(pkey);
  360. BIO_free_all(out);
  361. BIO_free(in);
  362. if (passin)
  363. OPENSSL_free(passin);
  364. if (passout)
  365. OPENSSL_free(passout);
  366. return ret;
  367. }