apps/der_chop.in - third_party/openssl - Git at Google

 #!/usr/local/bin/perl
 #
 # der_chop ... this is one total hack that Eric is really not proud of
 #              so don't look at it and don't ask for support
 #
 # The "documentation" for this (i.e. all the comments) are my fault --tjh
 #
 # This program takes the "raw" output of derparse/asn1parse and
 # converts it into tokens and then runs regular expression matches
 # to try to figure out what to grab to get the things that are needed
 # and it is possible that this will do the wrong thing as it is a *hack*
 #
 # SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET)
 # [I know ... promises promises :-)]
 #
 # To convert a Netscape Certificate:
 #    der_chop < ServerCert.der > cert.pem
 # To convert a Netscape Key (and encrypt it again to protect it)
 #    rsa -inform NET -in ServerKey.der -des > key.pem
 #
 # 23-Apr-96 eay    Added the extra ASN.1 string types, I still think this
 #		   is an evil hack.  If nothing else the parsing should
 #		   be relative, not absolute.
 # 19-Apr-96 tjh    hacked (with eay) into 0.5.x format
 #
 # Tim Hudson
 # tjh@cryptsoft.com
 #


 require 'getopts.pl';

 $debug=0;

 # this was the 0.4.x way of doing things ...
 $cmd="derparse";
 $x509_cmd="x509";
 $crl_cmd="crl";
 $rc4_cmd="rc4";
 $md2_cmd="md2";
 $md4_cmd="md4";
 $rsa_cmd="rsa -des -inform der ";

 # this was the 0.5.x way of doing things ...
 $cmd="openssl asn1parse";
 $x509_cmd="openssl x509";
 $crl_cmd="openssl crl";
 $rc4_cmd="openssl rc4";
 $md2_cmd="openssl md2";
 $md4_cmd="openssl md4";
 $rsa_cmd="openssl rsa -des -inform der ";

 &Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
 $depth=($opt_d =~ /^\d+$/)?$opt_d:0;

 &init_der();

 if ($#ARGV != -1)
 	{
 	foreach $file (@ARGV)
 		{
 		print STDERR "doing $file\n";
 		&dofile($file);
 		}
 	}
 else
 	{
 	$file="/tmp/a$$.DER";
 	open(OUT,">$file") || die "unable to open $file:$!\n";
 	for (;;)
 		{
 		$i=sysread(STDIN,$b,1024*10);
 		last if ($i <= 0);
 		$i=syswrite(OUT,$b,$i);
 		}
 	&dofile($file);
 	unlink($file);
 	}

 sub dofile
 	{
 	local($file)=@_;
 	local(@p);

 	$b=&load_file($file);
 	@p=&load_file_parse($file);

 	foreach $_ (@p)
 		{
 		($off,$d,$hl,$len)=&parse_line($_);
 		$d-=$depth;
 		next if ($d != 0);
 		next if ($len == 0);

 		$o=substr($b,$off,$len+$hl);
 		($str,@data)=&der_str($o);
 		print "$str\n" if ($opt_v);
 		if ($str =~ /^$crl/)
 			{
 			open(OUT,"|$crl_cmd -inform d -hash -issuer") ||
 				die "unable to run $crl_cmd:$!\n";
 			print OUT $o;
 			close(OUT);
 			}
 		elsif ($str =~ /^$x509/)
 			{
 			open(OUT,"|$x509_cmd -inform d -hash -subject -issuer")
 				|| die "unable to run $x509_cmd:$!\n";
 			print OUT $o;
 			close(OUT);
 			}
 		elsif ($str =~ /^$rsa/)
 			{
 			($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
 			next unless ($type eq "rsaEncryption");
 			($off,$d,$hl,$len)=&parse_line($data[5]);
 			$os=substr($o,$off+$hl,$len);
 			open(OUT,"|$rsa_cmd")
 				|| die "unable to run $rsa_cmd:$!\n";
 			print OUT $os;
 			close(OUT);
 			}
 		elsif ($str =~ /^0G-1D-1G/)
 			{
 			($off,$d,$hl,$len)=&parse_line($data[1]);
 			$os=substr($o,$off+$hl,$len);
 			print STDERR "<$os>\n" if $opt_v;
 			&do_certificate($o,@data)
 				if (($os eq "certificate") &&
 				    ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
 			&do_private_key($o,@data)
 				if (($os eq "private-key") &&
 				    ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
 			}
 		}
 	}

 sub der_str
 	{
 	local($str)=@_;
 	local(*OUT,*IN,@a,$t,$d,$ret);
 	local($file)="/tmp/b$$.DER";
 	local(@ret);

 	open(OUT,">$file");
 	print OUT $str;
 	close(OUT);
 	open(IN,"$cmd -inform 'd' -in $file |") ||
 		die "unable to run $cmd:$!\n";
 	$ret="";
 	while (<IN>)
 		{
 		chop;
 		push(@ret,$_);

 		print STDERR "$_\n" if ($debug);

 		@a=split(/\s*:\s*/);
 		($d)=($a[1] =~ /d=\s*(\d+)/);
 		$a[2] =~ s/\s+$//;
 		$t=$DER_s2i{$a[2]};
 		$ret.="$d$t-";
 		}
 	close(IN);
 	unlink($file);
 	chop $ret;
 	$ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g;
 	$ret =~ s/(-3G-4B-4L)+/-RCERT/g;
 	return($ret,@ret);
 	}

 sub init_der
 	{
 	$crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C";
 	$x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C";
 	$rsa= "0G-1B-1G-2F-2E-1D";

 	%DER_i2s=(
 		# SSLeay 0.4.x has this list
 		"A","EOC",
 		"B","INTEGER",
 		"C","BIT STRING",
 		"D","OCTET STRING",
 		"E","NULL",
 		"F","OBJECT",
 		"G","SEQUENCE",
 		"H","SET",
 		"I","PRINTABLESTRING",
 		"J","T61STRING",
 		"K","IA5STRING",
 		"L","UTCTIME",
 		"M","NUMERICSTRING",
 		"N","VIDEOTEXSTRING",
 		"O","GENERALIZEDTIME",
 		"P","GRAPHICSTRING",
 		"Q","ISO64STRING",
 		"R","GENERALSTRING",
 		"S","UNIVERSALSTRING",

 		# SSLeay 0.5.x changed some things ... and I'm
 		# leaving in the old stuff but adding in these
 		# to handle the new as well --tjh
 		# - Well I've just taken them out and added the extra new
 		# ones :-) - eay
 		);

 	foreach (keys %DER_i2s)
 		{ $DER_s2i{$DER_i2s{$_}}=$_; }
 	}

 sub parse_line
 	{
 	local($_)=@_;

 	return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/);
 	}

 #  0:d=0 hl=4 l=377 cons: univ: SEQUENCE
 #  4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING
 # 17:d=1 hl=4 l=360 cons: univ: SEQUENCE
 # 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE
 # 23:d=3 hl=2 l=  8 prim: univ: OBJECT_IDENTIFIER :rc4
 # 33:d=3 hl=2 l=  0 prim: univ: NULL
 # 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING
 sub do_private_key
 	{
 	local($data,@struct)=@_;
 	local($file)="/tmp/b$$.DER";
 	local($off,$d,$hl,$len,$_,$b,@p,$s);

 	($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
 	if ($type eq "rc4")
 		{
 		($off,$d,$hl,$len)=&parse_line($struct[6]);
 		open(OUT,"|$rc4_cmd >$file") ||
 			die "unable to run $rc4_cmd:$!\n";
 		print OUT substr($data,$off+$hl,$len);
 		close(OUT);

 		$b=&load_file($file);
 		unlink($file);

 		($s,@p)=&der_str($b);
 		die "unknown rsa key type\n$s\n"
 			if ($s ne '0G-1B-1G-2F-2E-1D');
 		local($off,$d,$hl,$len)=&parse_line($p[5]);
 		$b=substr($b,$off+$hl,$len);
 		($s,@p)=&der_str($b);
 		open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n";
 		print OUT $b;
 		close(OUT);
 		}
 	else
 		{
 		print "'$type' is unknown\n";
 		exit(1);
 		}
 	}

 sub do_certificate
 	{
 	local($data,@struct)=@_;
 	local($file)="/tmp/b$$.DER";
 	local($off,$d,$hl,$len,$_,$b,@p,$s);

 	($off,$d,$hl,$len)=&parse_line($struct[2]);
 	$b=substr($data,$off,$len+$hl);

 	open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n";
 	print OUT $b;
 	close(OUT);
 	}

 sub load_file
 	{
 	local($file)=@_;
 	local(*IN,$r,$b,$i);

 	$r="";
 	open(IN,"<$file") || die "unable to open $file:$!\n";
 	for (;;)
 		{
 		$i=sysread(IN,$b,10240);
 		last if ($i <= 0);
 		$r.=$b;
 		}
 	close(IN);
 	return($r);
 	}

 sub load_file_parse
 	{
 	local($file)=@_;
 	local(*IN,$r,@ret,$_,$i,$n,$b);

 	open(IN,"$cmd -inform d -in $file|")
 		|| die "unable to run der_parse\n";
 	while (<IN>)
 		{
 		chop;
 		push(@ret,$_);
 		}
 	return($r,@ret);
 	}
	#!/usr/local/bin/perl
	#
	# der_chop ... this is one total hack that Eric is really not proud of
	# so don't look at it and don't ask for support
	#
	# The "documentation" for this (i.e. all the comments) are my fault --tjh
	#
	# This program takes the "raw" output of derparse/asn1parse and
	# converts it into tokens and then runs regular expression matches
	# to try to figure out what to grab to get the things that are needed
	# and it is possible that this will do the wrong thing as it is a hack
	#
	# SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET)
	# [I know ... promises promises :-)]
	#
	# To convert a Netscape Certificate:
	# der_chop < ServerCert.der > cert.pem
	# To convert a Netscape Key (and encrypt it again to protect it)
	# rsa -inform NET -in ServerKey.der -des > key.pem
	#
	# 23-Apr-96 eay Added the extra ASN.1 string types, I still think this
	# is an evil hack. If nothing else the parsing should
	# be relative, not absolute.
	# 19-Apr-96 tjh hacked (with eay) into 0.5.x format
	#
	# Tim Hudson
	# tjh@cryptsoft.com
	#


	require 'getopts.pl';

	$debug=0;

	# this was the 0.4.x way of doing things ...
	$cmd="derparse";
	$x509_cmd="x509";
	$crl_cmd="crl";
	$rc4_cmd="rc4";
	$md2_cmd="md2";
	$md4_cmd="md4";
	$rsa_cmd="rsa -des -inform der ";

	# this was the 0.5.x way of doing things ...
	$cmd="openssl asn1parse";
	$x509_cmd="openssl x509";
	$crl_cmd="openssl crl";
	$rc4_cmd="openssl rc4";
	$md2_cmd="openssl md2";
	$md4_cmd="openssl md4";
	$rsa_cmd="openssl rsa -des -inform der ";

	&Getopts('vd:') \|\| die "usage:$0 [-v] [-d num] file";
	$depth=($opt_d =~ /^\d+$/)?$opt_d:0;

	&init_der();

	if ($#ARGV != -1)
	{
	foreach $file (@ARGV)
	{
	print STDERR "doing $file\n";
	&dofile($file);
	}
	}
	else
	{
	$file="/tmp/a$$.DER";
	open(OUT,">$file") \|\| die "unable to open $file:$!\n";
	for (;;)
	{
	$i=sysread(STDIN,$b,1024*10);
	last if ($i <= 0);
	$i=syswrite(OUT,$b,$i);
	}
	&dofile($file);
	unlink($file);
	}

	sub dofile
	{
	local($file)=@_;
	local(@p);

	$b=&load_file($file);
	@p=&load_file_parse($file);

	foreach $_ (@p)
	{
	($off,$d,$hl,$len)=&parse_line($_);
	$d-=$depth;
	next if ($d != 0);
	next if ($len == 0);

	$o=substr($b,$off,$len+$hl);
	($str,@data)=&der_str($o);
	print "$str\n" if ($opt_v);
	if ($str =~ /^$crl/)
	{
	open(OUT,"\|$crl_cmd -inform d -hash -issuer") \|\|
	die "unable to run $crl_cmd:$!\n";
	print OUT $o;
	close(OUT);
	}
	elsif ($str =~ /^$x509/)
	{
	open(OUT,"\|$x509_cmd -inform d -hash -subject -issuer")
	\|\| die "unable to run $x509_cmd:$!\n";
	print OUT $o;
	close(OUT);
	}
	elsif ($str =~ /^$rsa/)
	{
	($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.)\s$/);
	next unless ($type eq "rsaEncryption");
	($off,$d,$hl,$len)=&parse_line($data[5]);
	$os=substr($o,$off+$hl,$len);
	open(OUT,"\|$rsa_cmd")
	\|\| die "unable to run $rsa_cmd:$!\n";
	print OUT $os;
	close(OUT);
	}
	elsif ($str =~ /^0G-1D-1G/)
	{
	($off,$d,$hl,$len)=&parse_line($data[1]);
	$os=substr($o,$off+$hl,$len);
	print STDERR "<$os>\n" if $opt_v;
	&do_certificate($o,@data)
	if (($os eq "certificate") &&
	($str =! /^0G-1D-1G-2G-3F-3E-2D/));
	&do_private_key($o,@data)
	if (($os eq "private-key") &&
	($str =! /^0G-1D-1G-2G-3F-3E-2D/));
	}
	}
	}

	sub der_str
	{
	local($str)=@_;
	local(OUT,IN,@a,$t,$d,$ret);
	local($file)="/tmp/b$$.DER";
	local(@ret);

	open(OUT,">$file");
	print OUT $str;
	close(OUT);
	open(IN,"$cmd -inform 'd' -in $file \|") \|\|
	die "unable to run $cmd:$!\n";
	$ret="";
	while (<IN>)
	{
	chop;
	push(@ret,$_);

	print STDERR "$_\n" if ($debug);

	@a=split(/\s:\s/);
	($d)=($a[1] =~ /d=\s*(\d+)/);
	$a[2] =~ s/\s+$//;
	$t=$DER_s2i{$a[2]};
	$ret.="$d$t-";
	}
	close(IN);
	unlink($file);
	chop $ret;
	$ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g;
	$ret =~ s/(-3G-4B-4L)+/-RCERT/g;
	return($ret,@ret);
	}

	sub init_der
	{
	$crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C";
	$x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C";
	$rsa= "0G-1B-1G-2F-2E-1D";

	%DER_i2s=(
	# SSLeay 0.4.x has this list
	"A","EOC",
	"B","INTEGER",
	"C","BIT STRING",
	"D","OCTET STRING",
	"E","NULL",
	"F","OBJECT",
	"G","SEQUENCE",
	"H","SET",
	"I","PRINTABLESTRING",
	"J","T61STRING",
	"K","IA5STRING",
	"L","UTCTIME",
	"M","NUMERICSTRING",
	"N","VIDEOTEXSTRING",
	"O","GENERALIZEDTIME",
	"P","GRAPHICSTRING",
	"Q","ISO64STRING",
	"R","GENERALSTRING",
	"S","UNIVERSALSTRING",

	# SSLeay 0.5.x changed some things ... and I'm
	# leaving in the old stuff but adding in these
	# to handle the new as well --tjh
	# - Well I've just taken them out and added the extra new
	# ones :-) - eay
	);

	foreach (keys %DER_i2s)
	{ $DER_s2i{$DER_i2s{$_}}=$_; }
	}

	sub parse_line
	{
	local($_)=@_;

	return(/\s(\d+):d=\s(\d+)\s+hl=\s(\d+)\s+l=\s(\d+\|inf)\s/);
	}

	# 0:d=0 hl=4 l=377 cons: univ: SEQUENCE
	# 4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING
	# 17:d=1 hl=4 l=360 cons: univ: SEQUENCE
	# 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE
	# 23:d=3 hl=2 l= 8 prim: univ: OBJECT_IDENTIFIER :rc4
	# 33:d=3 hl=2 l= 0 prim: univ: NULL
	# 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING
	sub do_private_key
	{
	local($data,@struct)=@_;
	local($file)="/tmp/b$$.DER";
	local($off,$d,$hl,$len,$_,$b,@p,$s);

	($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.)\s$/);
	if ($type eq "rc4")
	{
	($off,$d,$hl,$len)=&parse_line($struct[6]);
	open(OUT,"\|$rc4_cmd >$file") \|\|
	die "unable to run $rc4_cmd:$!\n";
	print OUT substr($data,$off+$hl,$len);
	close(OUT);

	$b=&load_file($file);
	unlink($file);

	($s,@p)=&der_str($b);
	die "unknown rsa key type\n$s\n"
	if ($s ne '0G-1B-1G-2F-2E-1D');
	local($off,$d,$hl,$len)=&parse_line($p[5]);
	$b=substr($b,$off+$hl,$len);
	($s,@p)=&der_str($b);
	open(OUT,"\|$rsa_cmd") \|\| die "unable to run $rsa_cmd:$!\n";
	print OUT $b;
	close(OUT);
	}
	else
	{
	print "'$type' is unknown\n";
	exit(1);
	}
	}

	sub do_certificate
	{
	local($data,@struct)=@_;
	local($file)="/tmp/b$$.DER";
	local($off,$d,$hl,$len,$_,$b,@p,$s);

	($off,$d,$hl,$len)=&parse_line($struct[2]);
	$b=substr($data,$off,$len+$hl);

	open(OUT,"\|$x509_cmd -inform d") \|\| die "unable to run $x509_cmd:$!\n";
	print OUT $b;
	close(OUT);
	}

	sub load_file
	{
	local($file)=@_;
	local(*IN,$r,$b,$i);

	$r="";
	open(IN,"<$file") \|\| die "unable to open $file:$!\n";
	for (;;)
	{
	$i=sysread(IN,$b,10240);
	last if ($i <= 0);
	$r.=$b;
	}
	close(IN);
	return($r);
	}

	sub load_file_parse
	{
	local($file)=@_;
	local(*IN,$r,@ret,$_,$i,$n,$b);

	open(IN,"$cmd -inform d -in $file\|")
	\|\| die "unable to run der_parse\n";
	while (<IN>)
	{
	chop;
	push(@ret,$_);
	}
	return($r,@ret);
	}