Google Git
Sign in
flutter / third_party / openssl / 4b694f29ea78ab8a94e67c89d4d81df18c5e3bf1 / . / apps / spkac.c
blob: b389d9afce21632082e56e1eea6be40583f5979b [file] [log] [blame]
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]1/*
Matt Caswellaff636a2021-05-06 13:03:23 +0100[diff] [blame]2 * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
Rich Salz846e33c2016-05-17 14:18:30 -0400[diff] [blame]3 *
Richard Levittedffa7522018-12-06 13:00:26 +0100[diff] [blame]4 * Licensed under the Apache License 2.0 (the "License"). You may not use
Rich Salz846e33c2016-05-17 14:18:30 -0400[diff] [blame]5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]8 */
Rich Salz846e33c2016-05-17 14:18:30 -0400[diff] [blame]9
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]10#include <stdio.h>
11#include <stdlib.h>
12#include <string.h>
13#include <time.h>
14#include "apps.h"
Richard Levittedab2cd62018-01-31 11:13:10 +0100[diff] [blame]15#include "progs.h"
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]16#include <openssl/bio.h>
Bodo Möllerde83c122000-03-05 01:11:44 +0000[diff] [blame]17#include <openssl/conf.h>
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]18#include <openssl/err.h>
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]19#include <openssl/evp.h>
20#include <openssl/x509.h>
21#include <openssl/pem.h>
22
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]23typedef enum OPTION_choice {
Dr. David von Oheimbb0f96012021-05-01 15:29:00 +0200[diff] [blame]24 OPT_COMMON,
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]25 OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT,
26 OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC,
Paulie1a77f92021-06-10 10:06:20 +1000[diff] [blame]27 OPT_SPKSECT, OPT_KEYFORM, OPT_DIGEST,
Pauli6bd4e3f2020-02-25 14:29:30 +1000[diff] [blame]28 OPT_PROV_ENUM
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]29} OPTION_CHOICE;
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]30
FdaSilvaYY44c83eb2016-03-13 14:07:50 +0100[diff] [blame]31const OPTIONS spkac_options[] = {
Rich Salz5388f982019-11-08 06:08:30 +1000[diff] [blame]32 OPT_SECTION("General"),
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]33 {"help", OPT_HELP, '-', "Display this summary"},
FdaSilvaYY12d56b22016-07-31 19:02:50 +0200[diff] [blame]34 {"spksect", OPT_SPKSECT, 's',
35 "Specify the name of an SPKAC-dedicated section of configuration"},
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]36#ifndef OPENSSL_NO_ENGINE
37 {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
38#endif
Rich Salz5388f982019-11-08 06:08:30 +1000[diff] [blame]39
40 OPT_SECTION("Input"),
41 {"in", OPT_IN, '<', "Input file"},
42 {"key", OPT_KEY, '<', "Create SPKAC using private key"},
Dr. David von Oheimb6d382c72020-05-06 13:51:50 +0200[diff] [blame]43 {"keyform", OPT_KEYFORM, 'f', "Private key file format (ENGINE, other values ignored)"},
Rich Salz5388f982019-11-08 06:08:30 +1000[diff] [blame]44 {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
45 {"challenge", OPT_CHALLENGE, 's', "Challenge string"},
46 {"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"},
47
48 OPT_SECTION("Output"),
Paulie1a77f92021-06-10 10:06:20 +1000[diff] [blame]49 {"digest", OPT_DIGEST, 's', "Sign new SPKAC with the specified digest (default: MD5)" },
Rich Salz5388f982019-11-08 06:08:30 +1000[diff] [blame]50 {"out", OPT_OUT, '>', "Output file"},
51 {"noout", OPT_NOOUT, '-', "Don't print SPKAC"},
52 {"pubkey", OPT_PUBKEY, '-', "Output public key"},
53 {"verify", OPT_VERIFY, '-', "Verify SPKAC signature"},
Pauli6bd4e3f2020-02-25 14:29:30 +1000[diff] [blame]54
55 OPT_PROV_OPTIONS,
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]56 {NULL}
57};
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]58
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]59int spkac_main(int argc, char **argv)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]60{
Rich Salzcc01d212015-05-28 13:52:55 -0400[diff] [blame]61 BIO *out = NULL;
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]62 CONF *conf = NULL;
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]63 ENGINE *e = NULL;
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]64 EVP_PKEY *pkey = NULL;
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]65 NETSCAPE_SPKI *spki = NULL;
Rich Salz333b0702015-04-25 15:41:29 -0400[diff] [blame]66 char *challenge = NULL, *keyfile = NULL;
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]67 char *infile = NULL, *outfile = NULL, *passinarg = NULL, *passin = NULL;
68 char *spkstr = NULL, *prog;
69 const char *spkac = "SPKAC", *spksect = "default";
Paulie1a77f92021-06-10 10:06:20 +1000[diff] [blame]70 const char *digest = "MD5";
71 EVP_MD *md = NULL;
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]72 int i, ret = 1, verify = 0, noout = 0, pubkey = 0;
Tomas Mrazd382e792021-04-30 16:57:53 +0200[diff] [blame]73 int keyformat = FORMAT_UNDEF;
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]74 OPTION_CHOICE o;
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]75
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]76 prog = opt_init(argc, argv, spkac_options);
77 while ((o = opt_next()) != OPT_EOF) {
78 switch (o) {
79 case OPT_EOF:
80 case OPT_ERR:
Kurt Roeckx03358512016-02-14 20:45:02 +0100[diff] [blame]81 opthelp:
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]82 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
83 goto end;
84 case OPT_HELP:
85 opt_help(spkac_options);
86 ret = 0;
87 goto end;
88 case OPT_IN:
89 infile = opt_arg();
90 break;
91 case OPT_OUT:
92 outfile = opt_arg();
93 break;
94 case OPT_NOOUT:
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]95 noout = 1;
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]96 break;
97 case OPT_PUBKEY:
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]98 pubkey = 1;
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]99 break;
100 case OPT_VERIFY:
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]101 verify = 1;
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]102 break;
103 case OPT_PASSIN:
104 passinarg = opt_arg();
105 break;
106 case OPT_KEY:
107 keyfile = opt_arg();
108 break;
Luke Faraone66e59702017-05-15 18:23:17 -0700[diff] [blame]109 case OPT_KEYFORM:
110 if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat))
111 goto opthelp;
Dr. Matthias St. Pierre32c69852018-04-26 13:57:14 +0200[diff] [blame]112 break;
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]113 case OPT_CHALLENGE:
114 challenge = opt_arg();
115 break;
116 case OPT_SPKAC:
117 spkac = opt_arg();
118 break;
119 case OPT_SPKSECT:
120 spksect = opt_arg();
121 break;
Paulie1a77f92021-06-10 10:06:20 +1000[diff] [blame]122 case OPT_DIGEST:
123 digest = opt_arg();
124 break;
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]125 case OPT_ENGINE:
Rich Salz333b0702015-04-25 15:41:29 -0400[diff] [blame]126 e = setup_engine(opt_arg(), 0);
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]127 break;
Pauli6bd4e3f2020-02-25 14:29:30 +1000[diff] [blame]128 case OPT_PROV_CASES:
129 if (!opt_provider(o))
130 goto end;
131 break;
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]132 }
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]133 }
Rich Salz021410e2020-11-28 16:12:58 -0500[diff] [blame]134
135 /* No extra arguments. */
Dr. David von Oheimbd9f07352021-08-27 15:33:18 +0200[diff] [blame]136 if (!opt_check_rest_arg(NULL))
Kurt Roeckx03358512016-02-14 20:45:02 +0100[diff] [blame]137 goto opthelp;
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]138
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]139 if (!app_passwd(passinarg, NULL, &passin, NULL)) {
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]140 BIO_printf(bio_err, "Error getting password\n");
141 goto end;
142 }
Richard Levitte5270e702000-10-26 21:07:28 +0000[diff] [blame]143
Paul Yangf2582f02017-06-10 02:22:22 +0800[diff] [blame]144 if (keyfile != NULL) {
Paulie1a77f92021-06-10 10:06:20 +1000[diff] [blame]145 if (!opt_md(digest, &md))
146 goto end;
147
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]148 pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL,
Luke Faraone66e59702017-05-15 18:23:17 -0700[diff] [blame]149 keyformat, 1, passin, e, "private key");
Paul Yangf2582f02017-06-10 02:22:22 +0800[diff] [blame]150 if (pkey == NULL)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]151 goto end;
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]152 spki = NETSCAPE_SPKI_new();
Paul Yangf2582f02017-06-10 02:22:22 +0800[diff] [blame]153 if (spki == NULL)
154 goto end;
155 if (challenge != NULL)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]156 ASN1_STRING_set(spki->spkac->challenge,
157 challenge, (int)strlen(challenge));
Vladimir Panteleev8293fb62020-03-03 18:04:00 +0000[diff] [blame]158 if (!NETSCAPE_SPKI_set_pubkey(spki, pkey)) {
159 BIO_printf(bio_err, "Error setting public key\n");
160 goto end;
161 }
Paulie1a77f92021-06-10 10:06:20 +1000[diff] [blame]162 i = NETSCAPE_SPKI_sign(spki, pkey, md);
Vladimir Panteleev8293fb62020-03-03 18:04:00 +0000[diff] [blame]163 if (i <= 0) {
164 BIO_printf(bio_err, "Error signing SPKAC\n");
165 goto end;
166 }
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]167 spkstr = NETSCAPE_SPKI_b64_encode(spki);
Paul Yangf2582f02017-06-10 02:22:22 +0800[diff] [blame]168 if (spkstr == NULL)
169 goto end;
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]170
Richard Levittebdd58d92015-09-04 12:49:06 +0200[diff] [blame]171 out = bio_open_default(outfile, 'w', FORMAT_TEXT);
Matt Caswell08f6ae52016-08-24 11:22:47 +0100[diff] [blame]172 if (out == NULL) {
173 OPENSSL_free(spkstr);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]174 goto end;
Matt Caswell08f6ae52016-08-24 11:22:47 +0100[diff] [blame]175 }
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]176 BIO_printf(out, "SPKAC=%s\n", spkstr);
177 OPENSSL_free(spkstr);
178 ret = 0;
179 goto end;
180 }
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]181
Rich Salzcc01d212015-05-28 13:52:55 -0400[diff] [blame]182 if ((conf = app_load_config(infile)) == NULL)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]183 goto end;
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]184
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]185 spkstr = NCONF_get_string(conf, spksect, spkac);
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]186
Matt Caswell96487cd2015-10-30 11:18:04 +0000[diff] [blame]187 if (spkstr == NULL) {
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]188 BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
189 ERR_print_errors(bio_err);
190 goto end;
191 }
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]192
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]193 spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]194
Paul Yangf2582f02017-06-10 02:22:22 +0800[diff] [blame]195 if (spki == NULL) {
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]196 BIO_printf(bio_err, "Error loading SPKAC\n");
197 ERR_print_errors(bio_err);
198 goto end;
199 }
200
Richard Levittebdd58d92015-09-04 12:49:06 +0200[diff] [blame]201 out = bio_open_default(outfile, 'w', FORMAT_TEXT);
Rich Salz7e1b7482015-04-24 15:26:15 -0400[diff] [blame]202 if (out == NULL)
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]203 goto end;
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]204
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]205 if (!noout)
206 NETSCAPE_SPKI_print(out, spki);
207 pkey = NETSCAPE_SPKI_get_pubkey(spki);
208 if (verify) {
209 i = NETSCAPE_SPKI_verify(spki, pkey);
Paul Yangf2582f02017-06-10 02:22:22 +0800[diff] [blame]210 if (i > 0) {
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]211 BIO_printf(bio_err, "Signature OK\n");
Paul Yangf2582f02017-06-10 02:22:22 +0800[diff] [blame]212 } else {
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]213 BIO_printf(bio_err, "Signature Failure\n");
214 ERR_print_errors(bio_err);
215 goto end;
216 }
217 }
218 if (pubkey)
219 PEM_write_bio_PUBKEY(out, pkey);
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]220
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]221 ret = 0;
Dr. Stephen Henson8ce97161999-09-03 01:08:34 +0000[diff] [blame]222
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]223 end:
Paulie1a77f92021-06-10 10:06:20 +1000[diff] [blame]224 EVP_MD_free(md);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]225 NCONF_free(conf);
226 NETSCAPE_SPKI_free(spki);
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]227 BIO_free_all(out);
228 EVP_PKEY_free(pkey);
Richard Levittedd1abd42016-09-28 23:39:18 +0200[diff] [blame]229 release_engine(e);
Rich Salzb548a1f2015-05-01 10:02:07 -0400[diff] [blame]230 OPENSSL_free(passin);
KaoruToda26a7d932017-10-17 23:04:09 +0900[diff] [blame]231 return ret;
Matt Caswell0f113f32015-01-22 03:40:55 +0000[diff] [blame]232}