xref: /onnv-gate/usr/src/cmd/cmd-inet/usr.sbin/kssl/kssladm/ksslutil.c (revision 5051:cbbb7c8b40a9) 
13408Swyllys /*
23408Swyllys  * CDDL HEADER START
33408Swyllys  *
43408Swyllys  * The contents of this file are subject to the terms of the
53408Swyllys  * Common Development and Distribution License (the "License").
63408Swyllys  * You may not use this file except in compliance with the License.
73408Swyllys  *
83408Swyllys  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
93408Swyllys  * or http://www.opensolaris.org/os/licensing.
103408Swyllys  * See the License for the specific language governing permissions
113408Swyllys  * and limitations under the License.
123408Swyllys  *
133408Swyllys  * When distributing Covered Code, include this CDDL HEADER in each
143408Swyllys  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
153408Swyllys  * If applicable, add the following below this CDDL HEADER, with the
163408Swyllys  * fields enclosed by brackets "[]" replaced with your own identifying
173408Swyllys  * information: Portions Copyright [yyyy] [name of copyright owner]
183408Swyllys  *
193408Swyllys  * CDDL HEADER END
203408Swyllys  */
213408Swyllys 
223408Swyllys /*
233408Swyllys  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
243408Swyllys  * Use is subject to license terms.
253408Swyllys  */
263408Swyllys 
273408Swyllys #pragma ident	"%Z%%M%	%I%	%E% SMI"
283408Swyllys 
293408Swyllys #include <stdio.h>
303408Swyllys #include <assert.h>
313408Swyllys #include <strings.h>
323408Swyllys 
333408Swyllys #include <kmfapi.h>
343408Swyllys #include "kssladm.h"
353408Swyllys 
363408Swyllys /*
373408Swyllys  * Extract the Certificate and raw key data from a PKCS#12 file.
383408Swyllys  * The password needed for decrypting the PKCS#12 PDU is stored
393408Swyllys  * in plaintext in the given "password_file" parameter.
403408Swyllys  */
413408Swyllys int
423408Swyllys PKCS12_get_rsa_key_certs(const char *filename, const char *password_file,
433408Swyllys     KMF_RAW_KEY_DATA **rsa, KMF_DATA **certs)
443408Swyllys {
453408Swyllys 	char password_buf[1024];
463408Swyllys 	KMF_HANDLE_T kmfh;
473408Swyllys 	KMF_RETURN rv = KMF_OK;
483408Swyllys 	KMF_CREDENTIAL pk12cred;
493408Swyllys 	KMF_DATA *tcerts;
503408Swyllys 	KMF_RAW_KEY_DATA *keys;
513408Swyllys 	int ncerts, nkeys;
523408Swyllys 	char *err = NULL;
533408Swyllys 
54*5051Swyllys 	rv = kmf_initialize(&kmfh, NULL, NULL);
553408Swyllys 	if (rv != KMF_OK) {
563408Swyllys 		REPORT_KMF_ERROR(rv, "Error initializing KMF", err);
573408Swyllys 		return (0);
583408Swyllys 	}
593408Swyllys 
603408Swyllys 	tcerts = NULL;
613408Swyllys 	keys = NULL;
623408Swyllys 	ncerts = 0;
633408Swyllys 	nkeys = 0;
643408Swyllys 
653408Swyllys 	if (get_passphrase(password_file, password_buf,
66*5051Swyllys 	    sizeof (password_buf)) <= 0) {
673408Swyllys 		perror("Unable to read passphrase");
683408Swyllys 		goto done;
693408Swyllys 	}
703408Swyllys 	pk12cred.cred = password_buf;
713408Swyllys 	pk12cred.credlen = strlen(password_buf);
723408Swyllys 
73*5051Swyllys 	rv = kmf_import_objects(kmfh, (char *)filename, &pk12cred, &tcerts,
74*5051Swyllys 	    &ncerts, &keys, &nkeys);
753408Swyllys 	if (rv != KMF_OK) {
763408Swyllys 		REPORT_KMF_ERROR(rv, "Error importing PKCS12 data", err);
773408Swyllys 	}
783408Swyllys 
793408Swyllys done:
803408Swyllys 	if (rv != KMF_OK) {
813408Swyllys 		int i;
823408Swyllys 		if (tcerts != NULL) {
833408Swyllys 			for (i = 0; i < ncerts; i++)
84*5051Swyllys 				kmf_free_data(&tcerts[i]);
853408Swyllys 			free(tcerts);
863408Swyllys 		}
873408Swyllys 		tcerts = NULL;
883408Swyllys 		ncerts = 0;
893408Swyllys 		if (keys != NULL) {
903408Swyllys 			for (i = 0; i < nkeys; i++)
91*5051Swyllys 				kmf_free_raw_key(&keys[i]);
923408Swyllys 			free(keys);
933408Swyllys 		}
943408Swyllys 		keys = NULL;
953408Swyllys 	}
963408Swyllys 	*certs = tcerts;
973408Swyllys 	*rsa = keys;
983408Swyllys 
99*5051Swyllys 	(void) kmf_finalize(kmfh);
1003408Swyllys 
1013408Swyllys 	return (ncerts);
1023408Swyllys }
1033408Swyllys 
1043408Swyllys /*
1053408Swyllys  * Parse a PEM file which should contain RSA private keys and
1063408Swyllys  * their associated X.509v3 certificates.  More than 1 may
1073408Swyllys  * be present in the file.
1083408Swyllys  */
1093408Swyllys int
1103408Swyllys PEM_get_rsa_key_certs(const char *filename, char *password_file,
1113408Swyllys     KMF_RAW_KEY_DATA **rsa, KMF_DATA **certs)
1123408Swyllys {
1133408Swyllys 	KMF_HANDLE_T kmfh;
1143408Swyllys 	KMF_RETURN rv = KMF_OK;
1153408Swyllys 	KMF_CREDENTIAL creds;
1163408Swyllys 	KMF_DATA *tcerts;
1173408Swyllys 	KMF_RAW_KEY_DATA *keys;
1183408Swyllys 	int ncerts, nkeys;
1193408Swyllys 	char *err = NULL;
1203408Swyllys 	char password_buf[1024];
1213408Swyllys 
122*5051Swyllys 	rv = kmf_initialize(&kmfh, NULL, NULL);
1233408Swyllys 	if (rv != KMF_OK) {
1243408Swyllys 		REPORT_KMF_ERROR(rv, "Error initializing KMF", err);
1253408Swyllys 		return (0);
1263408Swyllys 	}
1273408Swyllys 
1283408Swyllys 	tcerts = NULL;
1293408Swyllys 	keys = NULL;
1303408Swyllys 	ncerts = 0;
1313408Swyllys 	nkeys = 0;
1323408Swyllys 
1333408Swyllys 	if (get_passphrase(password_file, password_buf,
134*5051Swyllys 	    sizeof (password_buf)) <= 0) {
1353408Swyllys 		perror("Unable to read passphrase");
1363408Swyllys 		goto done;
1373408Swyllys 	}
1383408Swyllys 	creds.cred = password_buf;
1393408Swyllys 	creds.credlen = strlen(password_buf);
1403408Swyllys 
141*5051Swyllys 	rv = kmf_import_objects(kmfh, (char *)filename, &creds, &tcerts,
142*5051Swyllys 	    &ncerts, &keys, &nkeys);
1433408Swyllys 	if (rv != KMF_OK) {
1443408Swyllys 		REPORT_KMF_ERROR(rv, "Error importing key data", err);
1453408Swyllys 	}
1463408Swyllys 
1473408Swyllys done:
1483408Swyllys 	if (rv != KMF_OK) {
1493408Swyllys 		int i;
1503408Swyllys 		if (tcerts != NULL) {
1513408Swyllys 			for (i = 0; i < ncerts; i++)
152*5051Swyllys 				kmf_free_data(&tcerts[i]);
1533408Swyllys 			free(tcerts);
1543408Swyllys 		}
1553408Swyllys 		tcerts = NULL;
1563408Swyllys 		ncerts = 0;
1573408Swyllys 		if (keys != NULL) {
1583408Swyllys 			for (i = 0; i < nkeys; i++)
159*5051Swyllys 				kmf_free_raw_key(&keys[i]);
1603408Swyllys 			free(keys);
1613408Swyllys 		}
1623408Swyllys 		keys = NULL;
1633408Swyllys 	}
1643408Swyllys 	if (certs != NULL)
1653408Swyllys 		*certs = tcerts;
1663408Swyllys 	if (rsa != NULL)
1673408Swyllys 		*rsa = keys;
1683408Swyllys 
169*5051Swyllys 	(void) kmf_finalize(kmfh);
1703408Swyllys 
1713408Swyllys 	return (ncerts);
1723408Swyllys }
173