1*0a6a1f1dSLionel Sambuc /*
2*0a6a1f1dSLionel Sambuc * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
3*0a6a1f1dSLionel Sambuc * 2006.
4ebfedea0SLionel Sambuc */
5ebfedea0SLionel Sambuc /* ====================================================================
6ebfedea0SLionel Sambuc * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7ebfedea0SLionel Sambuc *
8ebfedea0SLionel Sambuc * Redistribution and use in source and binary forms, with or without
9ebfedea0SLionel Sambuc * modification, are permitted provided that the following conditions
10ebfedea0SLionel Sambuc * are met:
11ebfedea0SLionel Sambuc *
12ebfedea0SLionel Sambuc * 1. Redistributions of source code must retain the above copyright
13ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer.
14ebfedea0SLionel Sambuc *
15ebfedea0SLionel Sambuc * 2. Redistributions in binary form must reproduce the above copyright
16ebfedea0SLionel Sambuc * notice, this list of conditions and the following disclaimer in
17ebfedea0SLionel Sambuc * the documentation and/or other materials provided with the
18ebfedea0SLionel Sambuc * distribution.
19ebfedea0SLionel Sambuc *
20ebfedea0SLionel Sambuc * 3. All advertising materials mentioning features or use of this
21ebfedea0SLionel Sambuc * software must display the following acknowledgment:
22ebfedea0SLionel Sambuc * "This product includes software developed by the OpenSSL Project
23ebfedea0SLionel Sambuc * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24ebfedea0SLionel Sambuc *
25ebfedea0SLionel Sambuc * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26ebfedea0SLionel Sambuc * endorse or promote products derived from this software without
27ebfedea0SLionel Sambuc * prior written permission. For written permission, please contact
28ebfedea0SLionel Sambuc * licensing@OpenSSL.org.
29ebfedea0SLionel Sambuc *
30ebfedea0SLionel Sambuc * 5. Products derived from this software may not be called "OpenSSL"
31ebfedea0SLionel Sambuc * nor may "OpenSSL" appear in their names without prior written
32ebfedea0SLionel Sambuc * permission of the OpenSSL Project.
33ebfedea0SLionel Sambuc *
34ebfedea0SLionel Sambuc * 6. Redistributions of any form whatsoever must retain the following
35ebfedea0SLionel Sambuc * acknowledgment:
36ebfedea0SLionel Sambuc * "This product includes software developed by the OpenSSL Project
37ebfedea0SLionel Sambuc * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38ebfedea0SLionel Sambuc *
39ebfedea0SLionel Sambuc * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40ebfedea0SLionel Sambuc * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41ebfedea0SLionel Sambuc * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42ebfedea0SLionel Sambuc * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43ebfedea0SLionel Sambuc * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44ebfedea0SLionel Sambuc * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45ebfedea0SLionel Sambuc * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46ebfedea0SLionel Sambuc * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47ebfedea0SLionel Sambuc * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48ebfedea0SLionel Sambuc * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49ebfedea0SLionel Sambuc * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50ebfedea0SLionel Sambuc * OF THE POSSIBILITY OF SUCH DAMAGE.
51ebfedea0SLionel Sambuc * ====================================================================
52ebfedea0SLionel Sambuc *
53ebfedea0SLionel Sambuc * This product includes cryptographic software written by Eric Young
54ebfedea0SLionel Sambuc * (eay@cryptsoft.com). This product includes software written by Tim
55ebfedea0SLionel Sambuc * Hudson (tjh@cryptsoft.com).
56ebfedea0SLionel Sambuc *
57ebfedea0SLionel Sambuc */
58ebfedea0SLionel Sambuc
59ebfedea0SLionel Sambuc #include "apps.h"
60ebfedea0SLionel Sambuc #include <string.h>
61ebfedea0SLionel Sambuc #include <openssl/err.h>
62ebfedea0SLionel Sambuc #include <openssl/pem.h>
63ebfedea0SLionel Sambuc #include <openssl/evp.h>
64ebfedea0SLionel Sambuc
65ebfedea0SLionel Sambuc #define KEY_PRIVKEY 1
66ebfedea0SLionel Sambuc #define KEY_PUBKEY 2
67ebfedea0SLionel Sambuc #define KEY_CERT 3
68ebfedea0SLionel Sambuc
69ebfedea0SLionel Sambuc static void usage(void);
70ebfedea0SLionel Sambuc
71ebfedea0SLionel Sambuc #undef PROG
72ebfedea0SLionel Sambuc
73ebfedea0SLionel Sambuc #define PROG pkeyutl_main
74ebfedea0SLionel Sambuc
75ebfedea0SLionel Sambuc static EVP_PKEY_CTX *init_ctx(int *pkeysize,
76ebfedea0SLionel Sambuc char *keyfile, int keyform, int key_type,
77ebfedea0SLionel Sambuc char *passargin, int pkey_op, ENGINE *e);
78ebfedea0SLionel Sambuc
79ebfedea0SLionel Sambuc static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
80ebfedea0SLionel Sambuc const char *file);
81ebfedea0SLionel Sambuc
82ebfedea0SLionel Sambuc static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
83ebfedea0SLionel Sambuc unsigned char *out, size_t *poutlen,
84ebfedea0SLionel Sambuc unsigned char *in, size_t inlen);
85ebfedea0SLionel Sambuc
86ebfedea0SLionel Sambuc int MAIN(int argc, char **);
87ebfedea0SLionel Sambuc
MAIN(int argc,char ** argv)88ebfedea0SLionel Sambuc int MAIN(int argc, char **argv)
89ebfedea0SLionel Sambuc {
90ebfedea0SLionel Sambuc BIO *in = NULL, *out = NULL;
91ebfedea0SLionel Sambuc char *infile = NULL, *outfile = NULL, *sigfile = NULL;
92ebfedea0SLionel Sambuc ENGINE *e = NULL;
93ebfedea0SLionel Sambuc int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
94ebfedea0SLionel Sambuc int keyform = FORMAT_PEM, peerform = FORMAT_PEM;
95ebfedea0SLionel Sambuc char badarg = 0, rev = 0;
96ebfedea0SLionel Sambuc char hexdump = 0, asn1parse = 0;
97ebfedea0SLionel Sambuc EVP_PKEY_CTX *ctx = NULL;
98ebfedea0SLionel Sambuc char *passargin = NULL;
99ebfedea0SLionel Sambuc int keysize = -1;
100ebfedea0SLionel Sambuc
101ebfedea0SLionel Sambuc unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
102ebfedea0SLionel Sambuc size_t buf_outlen;
103ebfedea0SLionel Sambuc int buf_inlen = 0, siglen = -1;
104ebfedea0SLionel Sambuc
105ebfedea0SLionel Sambuc int ret = 1, rv = -1;
106ebfedea0SLionel Sambuc
107ebfedea0SLionel Sambuc argc--;
108ebfedea0SLionel Sambuc argv++;
109ebfedea0SLionel Sambuc
110*0a6a1f1dSLionel Sambuc if (!bio_err)
111*0a6a1f1dSLionel Sambuc bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
112ebfedea0SLionel Sambuc
113ebfedea0SLionel Sambuc if (!load_config(bio_err, NULL))
114ebfedea0SLionel Sambuc goto end;
115ebfedea0SLionel Sambuc ERR_load_crypto_strings();
116ebfedea0SLionel Sambuc OpenSSL_add_all_algorithms();
117ebfedea0SLionel Sambuc
118*0a6a1f1dSLionel Sambuc while (argc >= 1) {
119*0a6a1f1dSLionel Sambuc if (!strcmp(*argv, "-in")) {
120ebfedea0SLionel Sambuc if (--argc < 1)
121ebfedea0SLionel Sambuc badarg = 1;
122ebfedea0SLionel Sambuc else
123*0a6a1f1dSLionel Sambuc infile = *(++argv);
124*0a6a1f1dSLionel Sambuc } else if (!strcmp(*argv, "-out")) {
125*0a6a1f1dSLionel Sambuc if (--argc < 1)
126*0a6a1f1dSLionel Sambuc badarg = 1;
127*0a6a1f1dSLionel Sambuc else
128*0a6a1f1dSLionel Sambuc outfile = *(++argv);
129*0a6a1f1dSLionel Sambuc } else if (!strcmp(*argv, "-sigfile")) {
130*0a6a1f1dSLionel Sambuc if (--argc < 1)
131*0a6a1f1dSLionel Sambuc badarg = 1;
132*0a6a1f1dSLionel Sambuc else
133*0a6a1f1dSLionel Sambuc sigfile = *(++argv);
134*0a6a1f1dSLionel Sambuc } else if (!strcmp(*argv, "-inkey")) {
135*0a6a1f1dSLionel Sambuc if (--argc < 1)
136*0a6a1f1dSLionel Sambuc badarg = 1;
137*0a6a1f1dSLionel Sambuc else {
138ebfedea0SLionel Sambuc ctx = init_ctx(&keysize,
139ebfedea0SLionel Sambuc *(++argv), keyform, key_type,
140ebfedea0SLionel Sambuc passargin, pkey_op, e);
141*0a6a1f1dSLionel Sambuc if (!ctx) {
142*0a6a1f1dSLionel Sambuc BIO_puts(bio_err, "Error initializing context\n");
143ebfedea0SLionel Sambuc ERR_print_errors(bio_err);
144ebfedea0SLionel Sambuc badarg = 1;
145ebfedea0SLionel Sambuc }
146ebfedea0SLionel Sambuc }
147*0a6a1f1dSLionel Sambuc } else if (!strcmp(*argv, "-peerkey")) {
148ebfedea0SLionel Sambuc if (--argc < 1)
149ebfedea0SLionel Sambuc badarg = 1;
150ebfedea0SLionel Sambuc else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
151ebfedea0SLionel Sambuc badarg = 1;
152*0a6a1f1dSLionel Sambuc } else if (!strcmp(*argv, "-passin")) {
153*0a6a1f1dSLionel Sambuc if (--argc < 1)
154*0a6a1f1dSLionel Sambuc badarg = 1;
155*0a6a1f1dSLionel Sambuc else
156*0a6a1f1dSLionel Sambuc passargin = *(++argv);
157*0a6a1f1dSLionel Sambuc } else if (strcmp(*argv, "-peerform") == 0) {
158*0a6a1f1dSLionel Sambuc if (--argc < 1)
159*0a6a1f1dSLionel Sambuc badarg = 1;
160*0a6a1f1dSLionel Sambuc else
161*0a6a1f1dSLionel Sambuc peerform = str2fmt(*(++argv));
162*0a6a1f1dSLionel Sambuc } else if (strcmp(*argv, "-keyform") == 0) {
163*0a6a1f1dSLionel Sambuc if (--argc < 1)
164*0a6a1f1dSLionel Sambuc badarg = 1;
165*0a6a1f1dSLionel Sambuc else
166*0a6a1f1dSLionel Sambuc keyform = str2fmt(*(++argv));
167ebfedea0SLionel Sambuc }
168ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_ENGINE
169*0a6a1f1dSLionel Sambuc else if (!strcmp(*argv, "-engine")) {
170ebfedea0SLionel Sambuc if (--argc < 1)
171ebfedea0SLionel Sambuc badarg = 1;
172ebfedea0SLionel Sambuc else
173ebfedea0SLionel Sambuc e = setup_engine(bio_err, *(++argv), 0);
174ebfedea0SLionel Sambuc }
175ebfedea0SLionel Sambuc #endif
176ebfedea0SLionel Sambuc else if (!strcmp(*argv, "-pubin"))
177ebfedea0SLionel Sambuc key_type = KEY_PUBKEY;
178ebfedea0SLionel Sambuc else if (!strcmp(*argv, "-certin"))
179ebfedea0SLionel Sambuc key_type = KEY_CERT;
180ebfedea0SLionel Sambuc else if (!strcmp(*argv, "-asn1parse"))
181ebfedea0SLionel Sambuc asn1parse = 1;
182ebfedea0SLionel Sambuc else if (!strcmp(*argv, "-hexdump"))
183ebfedea0SLionel Sambuc hexdump = 1;
184ebfedea0SLionel Sambuc else if (!strcmp(*argv, "-sign"))
185ebfedea0SLionel Sambuc pkey_op = EVP_PKEY_OP_SIGN;
186ebfedea0SLionel Sambuc else if (!strcmp(*argv, "-verify"))
187ebfedea0SLionel Sambuc pkey_op = EVP_PKEY_OP_VERIFY;
188ebfedea0SLionel Sambuc else if (!strcmp(*argv, "-verifyrecover"))
189ebfedea0SLionel Sambuc pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
190ebfedea0SLionel Sambuc else if (!strcmp(*argv, "-rev"))
191ebfedea0SLionel Sambuc rev = 1;
192ebfedea0SLionel Sambuc else if (!strcmp(*argv, "-encrypt"))
193ebfedea0SLionel Sambuc pkey_op = EVP_PKEY_OP_ENCRYPT;
194ebfedea0SLionel Sambuc else if (!strcmp(*argv, "-decrypt"))
195ebfedea0SLionel Sambuc pkey_op = EVP_PKEY_OP_DECRYPT;
196ebfedea0SLionel Sambuc else if (!strcmp(*argv, "-derive"))
197ebfedea0SLionel Sambuc pkey_op = EVP_PKEY_OP_DERIVE;
198*0a6a1f1dSLionel Sambuc else if (strcmp(*argv, "-pkeyopt") == 0) {
199ebfedea0SLionel Sambuc if (--argc < 1)
200ebfedea0SLionel Sambuc badarg = 1;
201*0a6a1f1dSLionel Sambuc else if (!ctx) {
202*0a6a1f1dSLionel Sambuc BIO_puts(bio_err, "-pkeyopt command before -inkey\n");
203ebfedea0SLionel Sambuc badarg = 1;
204*0a6a1f1dSLionel Sambuc } else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) {
205ebfedea0SLionel Sambuc BIO_puts(bio_err, "parameter setting error\n");
206ebfedea0SLionel Sambuc ERR_print_errors(bio_err);
207ebfedea0SLionel Sambuc goto end;
208ebfedea0SLionel Sambuc }
209*0a6a1f1dSLionel Sambuc } else
210*0a6a1f1dSLionel Sambuc badarg = 1;
211*0a6a1f1dSLionel Sambuc if (badarg) {
212ebfedea0SLionel Sambuc usage();
213ebfedea0SLionel Sambuc goto end;
214ebfedea0SLionel Sambuc }
215ebfedea0SLionel Sambuc argc--;
216ebfedea0SLionel Sambuc argv++;
217ebfedea0SLionel Sambuc }
218ebfedea0SLionel Sambuc
219*0a6a1f1dSLionel Sambuc if (!ctx) {
220ebfedea0SLionel Sambuc usage();
221ebfedea0SLionel Sambuc goto end;
222ebfedea0SLionel Sambuc }
223ebfedea0SLionel Sambuc
224*0a6a1f1dSLionel Sambuc if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) {
225ebfedea0SLionel Sambuc BIO_puts(bio_err, "Signature file specified for non verify\n");
226ebfedea0SLionel Sambuc goto end;
227ebfedea0SLionel Sambuc }
228ebfedea0SLionel Sambuc
229*0a6a1f1dSLionel Sambuc if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) {
230ebfedea0SLionel Sambuc BIO_puts(bio_err, "No signature file specified for verify\n");
231ebfedea0SLionel Sambuc goto end;
232ebfedea0SLionel Sambuc }
233ebfedea0SLionel Sambuc
234ebfedea0SLionel Sambuc /* FIXME: seed PRNG only if needed */
235ebfedea0SLionel Sambuc app_RAND_load_file(NULL, bio_err, 0);
236ebfedea0SLionel Sambuc
237*0a6a1f1dSLionel Sambuc if (pkey_op != EVP_PKEY_OP_DERIVE) {
238*0a6a1f1dSLionel Sambuc if (infile) {
239*0a6a1f1dSLionel Sambuc if (!(in = BIO_new_file(infile, "rb"))) {
240*0a6a1f1dSLionel Sambuc BIO_puts(bio_err, "Error Opening Input File\n");
241ebfedea0SLionel Sambuc ERR_print_errors(bio_err);
242ebfedea0SLionel Sambuc goto end;
243ebfedea0SLionel Sambuc }
244*0a6a1f1dSLionel Sambuc } else
245ebfedea0SLionel Sambuc in = BIO_new_fp(stdin, BIO_NOCLOSE);
246ebfedea0SLionel Sambuc }
247ebfedea0SLionel Sambuc
248*0a6a1f1dSLionel Sambuc if (outfile) {
249*0a6a1f1dSLionel Sambuc if (!(out = BIO_new_file(outfile, "wb"))) {
250ebfedea0SLionel Sambuc BIO_printf(bio_err, "Error Creating Output File\n");
251ebfedea0SLionel Sambuc ERR_print_errors(bio_err);
252ebfedea0SLionel Sambuc goto end;
253ebfedea0SLionel Sambuc }
254*0a6a1f1dSLionel Sambuc } else {
255ebfedea0SLionel Sambuc out = BIO_new_fp(stdout, BIO_NOCLOSE);
256ebfedea0SLionel Sambuc #ifdef OPENSSL_SYS_VMS
257ebfedea0SLionel Sambuc {
258ebfedea0SLionel Sambuc BIO *tmpbio = BIO_new(BIO_f_linebuffer());
259ebfedea0SLionel Sambuc out = BIO_push(tmpbio, out);
260ebfedea0SLionel Sambuc }
261ebfedea0SLionel Sambuc #endif
262ebfedea0SLionel Sambuc }
263ebfedea0SLionel Sambuc
264*0a6a1f1dSLionel Sambuc if (sigfile) {
265ebfedea0SLionel Sambuc BIO *sigbio = BIO_new_file(sigfile, "rb");
266*0a6a1f1dSLionel Sambuc if (!sigbio) {
267*0a6a1f1dSLionel Sambuc BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
268ebfedea0SLionel Sambuc goto end;
269ebfedea0SLionel Sambuc }
270ebfedea0SLionel Sambuc siglen = bio_to_mem(&sig, keysize * 10, sigbio);
271ebfedea0SLionel Sambuc BIO_free(sigbio);
272*0a6a1f1dSLionel Sambuc if (siglen <= 0) {
273ebfedea0SLionel Sambuc BIO_printf(bio_err, "Error reading signature data\n");
274ebfedea0SLionel Sambuc goto end;
275ebfedea0SLionel Sambuc }
276ebfedea0SLionel Sambuc }
277ebfedea0SLionel Sambuc
278*0a6a1f1dSLionel Sambuc if (in) {
279ebfedea0SLionel Sambuc /* Read the input data */
280ebfedea0SLionel Sambuc buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
281*0a6a1f1dSLionel Sambuc if (buf_inlen <= 0) {
282ebfedea0SLionel Sambuc BIO_printf(bio_err, "Error reading input Data\n");
283ebfedea0SLionel Sambuc exit(1);
284ebfedea0SLionel Sambuc }
285*0a6a1f1dSLionel Sambuc if (rev) {
286ebfedea0SLionel Sambuc size_t i;
287ebfedea0SLionel Sambuc unsigned char ctmp;
288ebfedea0SLionel Sambuc size_t l = (size_t)buf_inlen;
289*0a6a1f1dSLionel Sambuc for (i = 0; i < l / 2; i++) {
290ebfedea0SLionel Sambuc ctmp = buf_in[i];
291ebfedea0SLionel Sambuc buf_in[i] = buf_in[l - 1 - i];
292ebfedea0SLionel Sambuc buf_in[l - 1 - i] = ctmp;
293ebfedea0SLionel Sambuc }
294ebfedea0SLionel Sambuc }
295ebfedea0SLionel Sambuc }
296ebfedea0SLionel Sambuc
297*0a6a1f1dSLionel Sambuc if (pkey_op == EVP_PKEY_OP_VERIFY) {
298ebfedea0SLionel Sambuc rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
299ebfedea0SLionel Sambuc buf_in, (size_t)buf_inlen);
300ebfedea0SLionel Sambuc if (rv == 0)
301ebfedea0SLionel Sambuc BIO_puts(out, "Signature Verification Failure\n");
302ebfedea0SLionel Sambuc else if (rv == 1)
303ebfedea0SLionel Sambuc BIO_puts(out, "Signature Verified Successfully\n");
304ebfedea0SLionel Sambuc if (rv >= 0)
305ebfedea0SLionel Sambuc goto end;
306*0a6a1f1dSLionel Sambuc } else {
307ebfedea0SLionel Sambuc rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
308ebfedea0SLionel Sambuc buf_in, (size_t)buf_inlen);
309*0a6a1f1dSLionel Sambuc if (rv > 0) {
310ebfedea0SLionel Sambuc buf_out = OPENSSL_malloc(buf_outlen);
311ebfedea0SLionel Sambuc if (!buf_out)
312ebfedea0SLionel Sambuc rv = -1;
313ebfedea0SLionel Sambuc else
314ebfedea0SLionel Sambuc rv = do_keyop(ctx, pkey_op,
315ebfedea0SLionel Sambuc buf_out, (size_t *)&buf_outlen,
316ebfedea0SLionel Sambuc buf_in, (size_t)buf_inlen);
317ebfedea0SLionel Sambuc }
318ebfedea0SLionel Sambuc }
319ebfedea0SLionel Sambuc
320*0a6a1f1dSLionel Sambuc if (rv <= 0) {
321ebfedea0SLionel Sambuc BIO_printf(bio_err, "Public Key operation error\n");
322ebfedea0SLionel Sambuc ERR_print_errors(bio_err);
323ebfedea0SLionel Sambuc goto end;
324ebfedea0SLionel Sambuc }
325ebfedea0SLionel Sambuc ret = 0;
326*0a6a1f1dSLionel Sambuc if (asn1parse) {
327ebfedea0SLionel Sambuc if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
328ebfedea0SLionel Sambuc ERR_print_errors(bio_err);
329*0a6a1f1dSLionel Sambuc } else if (hexdump)
330ebfedea0SLionel Sambuc BIO_dump(out, (char *)buf_out, buf_outlen);
331ebfedea0SLionel Sambuc else
332ebfedea0SLionel Sambuc BIO_write(out, buf_out, buf_outlen);
333ebfedea0SLionel Sambuc
334ebfedea0SLionel Sambuc end:
335ebfedea0SLionel Sambuc if (ctx)
336ebfedea0SLionel Sambuc EVP_PKEY_CTX_free(ctx);
337ebfedea0SLionel Sambuc BIO_free(in);
338ebfedea0SLionel Sambuc BIO_free_all(out);
339ebfedea0SLionel Sambuc if (buf_in)
340ebfedea0SLionel Sambuc OPENSSL_free(buf_in);
341ebfedea0SLionel Sambuc if (buf_out)
342ebfedea0SLionel Sambuc OPENSSL_free(buf_out);
343ebfedea0SLionel Sambuc if (sig)
344ebfedea0SLionel Sambuc OPENSSL_free(sig);
345ebfedea0SLionel Sambuc return ret;
346ebfedea0SLionel Sambuc }
347ebfedea0SLionel Sambuc
usage()348ebfedea0SLionel Sambuc static void usage()
349ebfedea0SLionel Sambuc {
350ebfedea0SLionel Sambuc BIO_printf(bio_err, "Usage: pkeyutl [options]\n");
351ebfedea0SLionel Sambuc BIO_printf(bio_err, "-in file input file\n");
352ebfedea0SLionel Sambuc BIO_printf(bio_err, "-out file output file\n");
353*0a6a1f1dSLionel Sambuc BIO_printf(bio_err,
354*0a6a1f1dSLionel Sambuc "-sigfile file signature file (verify operation only)\n");
355ebfedea0SLionel Sambuc BIO_printf(bio_err, "-inkey file input key\n");
356ebfedea0SLionel Sambuc BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
357ebfedea0SLionel Sambuc BIO_printf(bio_err, "-pubin input is a public key\n");
358*0a6a1f1dSLionel Sambuc BIO_printf(bio_err,
359*0a6a1f1dSLionel Sambuc "-certin input is a certificate carrying a public key\n");
360ebfedea0SLionel Sambuc BIO_printf(bio_err, "-pkeyopt X:Y public key options\n");
361ebfedea0SLionel Sambuc BIO_printf(bio_err, "-sign sign with private key\n");
362ebfedea0SLionel Sambuc BIO_printf(bio_err, "-verify verify with public key\n");
363*0a6a1f1dSLionel Sambuc BIO_printf(bio_err,
364*0a6a1f1dSLionel Sambuc "-verifyrecover verify with public key, recover original data\n");
365ebfedea0SLionel Sambuc BIO_printf(bio_err, "-encrypt encrypt with public key\n");
366ebfedea0SLionel Sambuc BIO_printf(bio_err, "-decrypt decrypt with private key\n");
367ebfedea0SLionel Sambuc BIO_printf(bio_err, "-derive derive shared secret\n");
368ebfedea0SLionel Sambuc BIO_printf(bio_err, "-hexdump hex dump output\n");
369ebfedea0SLionel Sambuc #ifndef OPENSSL_NO_ENGINE
370*0a6a1f1dSLionel Sambuc BIO_printf(bio_err,
371*0a6a1f1dSLionel Sambuc "-engine e use engine e, possibly a hardware device.\n");
372ebfedea0SLionel Sambuc #endif
373ebfedea0SLionel Sambuc BIO_printf(bio_err, "-passin arg pass phrase source\n");
374ebfedea0SLionel Sambuc
375ebfedea0SLionel Sambuc }
376ebfedea0SLionel Sambuc
init_ctx(int * pkeysize,char * keyfile,int keyform,int key_type,char * passargin,int pkey_op,ENGINE * e)377ebfedea0SLionel Sambuc static EVP_PKEY_CTX *init_ctx(int *pkeysize,
378ebfedea0SLionel Sambuc char *keyfile, int keyform, int key_type,
379ebfedea0SLionel Sambuc char *passargin, int pkey_op, ENGINE *e)
380ebfedea0SLionel Sambuc {
381ebfedea0SLionel Sambuc EVP_PKEY *pkey = NULL;
382ebfedea0SLionel Sambuc EVP_PKEY_CTX *ctx = NULL;
383ebfedea0SLionel Sambuc char *passin = NULL;
384ebfedea0SLionel Sambuc int rv = -1;
385ebfedea0SLionel Sambuc X509 *x;
386ebfedea0SLionel Sambuc if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
387ebfedea0SLionel Sambuc || (pkey_op == EVP_PKEY_OP_DERIVE))
388*0a6a1f1dSLionel Sambuc && (key_type != KEY_PRIVKEY)) {
389ebfedea0SLionel Sambuc BIO_printf(bio_err, "A private key is needed for this operation\n");
390ebfedea0SLionel Sambuc goto end;
391ebfedea0SLionel Sambuc }
392*0a6a1f1dSLionel Sambuc if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
393ebfedea0SLionel Sambuc BIO_printf(bio_err, "Error getting password\n");
394ebfedea0SLionel Sambuc goto end;
395ebfedea0SLionel Sambuc }
396*0a6a1f1dSLionel Sambuc switch (key_type) {
397ebfedea0SLionel Sambuc case KEY_PRIVKEY:
398ebfedea0SLionel Sambuc pkey = load_key(bio_err, keyfile, keyform, 0,
399ebfedea0SLionel Sambuc passin, e, "Private Key");
400ebfedea0SLionel Sambuc break;
401ebfedea0SLionel Sambuc
402ebfedea0SLionel Sambuc case KEY_PUBKEY:
403ebfedea0SLionel Sambuc pkey = load_pubkey(bio_err, keyfile, keyform, 0,
404ebfedea0SLionel Sambuc NULL, e, "Public Key");
405ebfedea0SLionel Sambuc break;
406ebfedea0SLionel Sambuc
407ebfedea0SLionel Sambuc case KEY_CERT:
408*0a6a1f1dSLionel Sambuc x = load_cert(bio_err, keyfile, keyform, NULL, e, "Certificate");
409*0a6a1f1dSLionel Sambuc if (x) {
410ebfedea0SLionel Sambuc pkey = X509_get_pubkey(x);
411ebfedea0SLionel Sambuc X509_free(x);
412ebfedea0SLionel Sambuc }
413ebfedea0SLionel Sambuc break;
414ebfedea0SLionel Sambuc
415ebfedea0SLionel Sambuc }
416ebfedea0SLionel Sambuc
417ebfedea0SLionel Sambuc *pkeysize = EVP_PKEY_size(pkey);
418ebfedea0SLionel Sambuc
419ebfedea0SLionel Sambuc if (!pkey)
420ebfedea0SLionel Sambuc goto end;
421ebfedea0SLionel Sambuc
422ebfedea0SLionel Sambuc ctx = EVP_PKEY_CTX_new(pkey, e);
423ebfedea0SLionel Sambuc
424ebfedea0SLionel Sambuc EVP_PKEY_free(pkey);
425ebfedea0SLionel Sambuc
426ebfedea0SLionel Sambuc if (!ctx)
427ebfedea0SLionel Sambuc goto end;
428ebfedea0SLionel Sambuc
429*0a6a1f1dSLionel Sambuc switch (pkey_op) {
430ebfedea0SLionel Sambuc case EVP_PKEY_OP_SIGN:
431ebfedea0SLionel Sambuc rv = EVP_PKEY_sign_init(ctx);
432ebfedea0SLionel Sambuc break;
433ebfedea0SLionel Sambuc
434ebfedea0SLionel Sambuc case EVP_PKEY_OP_VERIFY:
435ebfedea0SLionel Sambuc rv = EVP_PKEY_verify_init(ctx);
436ebfedea0SLionel Sambuc break;
437ebfedea0SLionel Sambuc
438ebfedea0SLionel Sambuc case EVP_PKEY_OP_VERIFYRECOVER:
439ebfedea0SLionel Sambuc rv = EVP_PKEY_verify_recover_init(ctx);
440ebfedea0SLionel Sambuc break;
441ebfedea0SLionel Sambuc
442ebfedea0SLionel Sambuc case EVP_PKEY_OP_ENCRYPT:
443ebfedea0SLionel Sambuc rv = EVP_PKEY_encrypt_init(ctx);
444ebfedea0SLionel Sambuc break;
445ebfedea0SLionel Sambuc
446ebfedea0SLionel Sambuc case EVP_PKEY_OP_DECRYPT:
447ebfedea0SLionel Sambuc rv = EVP_PKEY_decrypt_init(ctx);
448ebfedea0SLionel Sambuc break;
449ebfedea0SLionel Sambuc
450ebfedea0SLionel Sambuc case EVP_PKEY_OP_DERIVE:
451ebfedea0SLionel Sambuc rv = EVP_PKEY_derive_init(ctx);
452ebfedea0SLionel Sambuc break;
453ebfedea0SLionel Sambuc }
454ebfedea0SLionel Sambuc
455*0a6a1f1dSLionel Sambuc if (rv <= 0) {
456ebfedea0SLionel Sambuc EVP_PKEY_CTX_free(ctx);
457ebfedea0SLionel Sambuc ctx = NULL;
458ebfedea0SLionel Sambuc }
459ebfedea0SLionel Sambuc
460ebfedea0SLionel Sambuc end:
461ebfedea0SLionel Sambuc
462ebfedea0SLionel Sambuc if (passin)
463ebfedea0SLionel Sambuc OPENSSL_free(passin);
464ebfedea0SLionel Sambuc
465ebfedea0SLionel Sambuc return ctx;
466ebfedea0SLionel Sambuc
467ebfedea0SLionel Sambuc }
468ebfedea0SLionel Sambuc
setup_peer(BIO * err,EVP_PKEY_CTX * ctx,int peerform,const char * file)469ebfedea0SLionel Sambuc static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
470ebfedea0SLionel Sambuc const char *file)
471ebfedea0SLionel Sambuc {
472ebfedea0SLionel Sambuc EVP_PKEY *peer = NULL;
473ebfedea0SLionel Sambuc int ret;
474*0a6a1f1dSLionel Sambuc if (!ctx) {
475ebfedea0SLionel Sambuc BIO_puts(err, "-peerkey command before -inkey\n");
476ebfedea0SLionel Sambuc return 0;
477ebfedea0SLionel Sambuc }
478ebfedea0SLionel Sambuc
479ebfedea0SLionel Sambuc peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
480ebfedea0SLionel Sambuc
481*0a6a1f1dSLionel Sambuc if (!peer) {
482ebfedea0SLionel Sambuc BIO_printf(bio_err, "Error reading peer key %s\n", file);
483ebfedea0SLionel Sambuc ERR_print_errors(err);
484ebfedea0SLionel Sambuc return 0;
485ebfedea0SLionel Sambuc }
486ebfedea0SLionel Sambuc
487ebfedea0SLionel Sambuc ret = EVP_PKEY_derive_set_peer(ctx, peer);
488ebfedea0SLionel Sambuc
489ebfedea0SLionel Sambuc EVP_PKEY_free(peer);
490ebfedea0SLionel Sambuc if (ret <= 0)
491ebfedea0SLionel Sambuc ERR_print_errors(err);
492ebfedea0SLionel Sambuc return ret;
493ebfedea0SLionel Sambuc }
494ebfedea0SLionel Sambuc
do_keyop(EVP_PKEY_CTX * ctx,int pkey_op,unsigned char * out,size_t * poutlen,unsigned char * in,size_t inlen)495ebfedea0SLionel Sambuc static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
496ebfedea0SLionel Sambuc unsigned char *out, size_t *poutlen,
497ebfedea0SLionel Sambuc unsigned char *in, size_t inlen)
498ebfedea0SLionel Sambuc {
499ebfedea0SLionel Sambuc int rv = 0;
500*0a6a1f1dSLionel Sambuc switch (pkey_op) {
501ebfedea0SLionel Sambuc case EVP_PKEY_OP_VERIFYRECOVER:
502ebfedea0SLionel Sambuc rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
503ebfedea0SLionel Sambuc break;
504ebfedea0SLionel Sambuc
505ebfedea0SLionel Sambuc case EVP_PKEY_OP_SIGN:
506ebfedea0SLionel Sambuc rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
507ebfedea0SLionel Sambuc break;
508ebfedea0SLionel Sambuc
509ebfedea0SLionel Sambuc case EVP_PKEY_OP_ENCRYPT:
510ebfedea0SLionel Sambuc rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
511ebfedea0SLionel Sambuc break;
512ebfedea0SLionel Sambuc
513ebfedea0SLionel Sambuc case EVP_PKEY_OP_DECRYPT:
514ebfedea0SLionel Sambuc rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
515ebfedea0SLionel Sambuc break;
516ebfedea0SLionel Sambuc
517ebfedea0SLionel Sambuc case EVP_PKEY_OP_DERIVE:
518ebfedea0SLionel Sambuc rv = EVP_PKEY_derive(ctx, out, poutlen);
519ebfedea0SLionel Sambuc break;
520ebfedea0SLionel Sambuc
521ebfedea0SLionel Sambuc }
522ebfedea0SLionel Sambuc return rv;
523ebfedea0SLionel Sambuc }
524