[thirdparty/openssl.git] / apps / pkeyutl.c

/*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 2006.
 */
/* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include "apps.h"
#include <string.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/evp.h>

#define KEY_PRIVKEY     1
#define KEY_PUBKEY      2
#define KEY_CERT        3

static void usage(void);

#undef PROG

#define PROG pkeyutl_main

static EVP_PKEY_CTX *init_ctx(int *pkeysize,
                              char *keyfile, int keyform, int key_type,
                              char *passargin, int pkey_op, ENGINE *e);

static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
                      const char *file);

static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
                    unsigned char *out, size_t *poutlen,
                    unsigned char *in, size_t inlen);

int MAIN(int argc, char **);

int MAIN(int argc, char **argv)
{
    BIO *in = NULL, *out = NULL;
    char *infile = NULL, *outfile = NULL, *sigfile = NULL;
    ENGINE *e = NULL;
    int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
    int keyform = FORMAT_PEM, peerform = FORMAT_PEM;
    char badarg = 0, rev = 0;
    char hexdump = 0, asn1parse = 0;
    EVP_PKEY_CTX *ctx = NULL;
    char *passargin = NULL;
    int keysize = -1;

    unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
    size_t buf_outlen;
    int buf_inlen = 0, siglen = -1;

    int ret = 1, rv = -1;

    argc--;
    argv++;

    if (!bio_err)
        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);

    if (!load_config(bio_err, NULL))
        goto end;
    ERR_load_crypto_strings();
    OpenSSL_add_all_algorithms();

    while (argc >= 1) {
        if (!strcmp(*argv, "-in")) {
            if (--argc < 1)
                badarg = 1;
            else
                infile = *(++argv);
        } else if (!strcmp(*argv, "-out")) {
            if (--argc < 1)
                badarg = 1;
            else
                outfile = *(++argv);
        } else if (!strcmp(*argv, "-sigfile")) {
            if (--argc < 1)
                badarg = 1;
            else
                sigfile = *(++argv);
        } else if (!strcmp(*argv, "-inkey")) {
            if (--argc < 1)
                badarg = 1;
            else {
                ctx = init_ctx(&keysize,
                               *(++argv), keyform, key_type,
                               passargin, pkey_op, e);
                if (!ctx) {
                    BIO_puts(bio_err, "Error initializing context\n");
                    ERR_print_errors(bio_err);
                    badarg = 1;
                }
            }
        } else if (!strcmp(*argv, "-peerkey")) {
            if (--argc < 1)
                badarg = 1;
            else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
                badarg = 1;
        } else if (!strcmp(*argv, "-passin")) {
            if (--argc < 1)
                badarg = 1;
            else
                passargin = *(++argv);
        } else if (strcmp(*argv, "-peerform") == 0) {
            if (--argc < 1)
                badarg = 1;
            else
                peerform = str2fmt(*(++argv));
        } else if (strcmp(*argv, "-keyform") == 0) {
            if (--argc < 1)
                badarg = 1;
            else
                keyform = str2fmt(*(++argv));
        }
#ifndef OPENSSL_NO_ENGINE
        else if (!strcmp(*argv, "-engine")) {
            if (--argc < 1)
                badarg = 1;
            else
                e = setup_engine(bio_err, *(++argv), 0);
        }
#endif
        else if (!strcmp(*argv, "-pubin"))
            key_type = KEY_PUBKEY;
        else if (!strcmp(*argv, "-certin"))
            key_type = KEY_CERT;
        else if (!strcmp(*argv, "-asn1parse"))
            asn1parse = 1;
        else if (!strcmp(*argv, "-hexdump"))
            hexdump = 1;
        else if (!strcmp(*argv, "-sign"))
            pkey_op = EVP_PKEY_OP_SIGN;
        else if (!strcmp(*argv, "-verify"))
            pkey_op = EVP_PKEY_OP_VERIFY;
        else if (!strcmp(*argv, "-verifyrecover"))
            pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
        else if (!strcmp(*argv, "-rev"))
            rev = 1;
        else if (!strcmp(*argv, "-encrypt"))
            pkey_op = EVP_PKEY_OP_ENCRYPT;
        else if (!strcmp(*argv, "-decrypt"))
            pkey_op = EVP_PKEY_OP_DECRYPT;
        else if (!strcmp(*argv, "-derive"))
            pkey_op = EVP_PKEY_OP_DERIVE;
        else if (strcmp(*argv, "-pkeyopt") == 0) {
            if (--argc < 1)
                badarg = 1;
            else if (!ctx) {
                BIO_puts(bio_err, "-pkeyopt command before -inkey\n");
                badarg = 1;
            } else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) {
                BIO_puts(bio_err, "parameter setting error\n");
                ERR_print_errors(bio_err);
                goto end;
            }
        } else
            badarg = 1;
        if (badarg) {
            usage();
            goto end;
        }
        argc--;
        argv++;
    }

    if (!ctx) {
        usage();
        goto end;
    }

    if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) {
        BIO_puts(bio_err, "Signature file specified for non verify\n");
        goto end;
    }

    if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) {
        BIO_puts(bio_err, "No signature file specified for verify\n");
        goto end;
    }

/* FIXME: seed PRNG only if needed */
    app_RAND_load_file(NULL, bio_err, 0);

    if (pkey_op != EVP_PKEY_OP_DERIVE) {
        if (infile) {
            if (!(in = BIO_new_file(infile, "rb"))) {
                BIO_puts(bio_err, "Error Opening Input File\n");
                ERR_print_errors(bio_err);
                goto end;
            }
        } else
            in = BIO_new_fp(stdin, BIO_NOCLOSE);
    }

    if (outfile) {
        if (!(out = BIO_new_file(outfile, "wb"))) {
            BIO_printf(bio_err, "Error Creating Output File\n");
            ERR_print_errors(bio_err);
            goto end;
        }
    } else {
        out = BIO_new_fp(stdout, BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
        {
            BIO *tmpbio = BIO_new(BIO_f_linebuffer());
            out = BIO_push(tmpbio, out);
        }
#endif
    }

    if (sigfile) {
        BIO *sigbio = BIO_new_file(sigfile, "rb");
        if (!sigbio) {
            BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
            goto end;
        }
        siglen = bio_to_mem(&sig, keysize * 10, sigbio);
        BIO_free(sigbio);
        if (siglen <= 0) {
            BIO_printf(bio_err, "Error reading signature data\n");
            goto end;
        }
    }

    if (in) {
        /* Read the input data */
        buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
        if (buf_inlen <= 0) {
            BIO_printf(bio_err, "Error reading input Data\n");
            exit(1);
        }
        if (rev) {
            size_t i;
            unsigned char ctmp;
            size_t l = (size_t)buf_inlen;
            for (i = 0; i < l / 2; i++) {
                ctmp = buf_in[i];
                buf_in[i] = buf_in[l - 1 - i];
                buf_in[l - 1 - i] = ctmp;
            }
        }
    }

    if (pkey_op == EVP_PKEY_OP_VERIFY) {
        rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
                             buf_in, (size_t)buf_inlen);
        if (rv == 0)
            BIO_puts(out, "Signature Verification Failure\n");
        else if (rv == 1)
            BIO_puts(out, "Signature Verified Successfully\n");
        if (rv >= 0)
            goto end;
    } else {
        rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
                      buf_in, (size_t)buf_inlen);
        if (rv > 0) {
            buf_out = OPENSSL_malloc(buf_outlen);
            if (!buf_out)
                rv = -1;
            else
                rv = do_keyop(ctx, pkey_op,
                              buf_out, (size_t *)&buf_outlen,
                              buf_in, (size_t)buf_inlen);
        }
    }

    if (rv <= 0) {
        BIO_printf(bio_err, "Public Key operation error\n");
        ERR_print_errors(bio_err);
        goto end;
    }
    ret = 0;
    if (asn1parse) {
        if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
            ERR_print_errors(bio_err);
    } else if (hexdump)
        BIO_dump(out, (char *)buf_out, buf_outlen);
    else
        BIO_write(out, buf_out, buf_outlen);

 end:
    EVP_PKEY_CTX_free(ctx);
    BIO_free(in);
    BIO_free_all(out);
    if (buf_in)
        OPENSSL_free(buf_in);
    if (buf_out)
        OPENSSL_free(buf_out);
    if (sig)
        OPENSSL_free(sig);
    return ret;
}

static void usage()
{
    BIO_printf(bio_err, "Usage: pkeyutl [options]\n");
    BIO_printf(bio_err, "-in file        input file\n");
    BIO_printf(bio_err, "-out file       output file\n");
    BIO_printf(bio_err,
               "-sigfile file signature file (verify operation only)\n");
    BIO_printf(bio_err, "-inkey file     input key\n");
    BIO_printf(bio_err, "-keyform arg    private key format - default PEM\n");
    BIO_printf(bio_err, "-pubin          input is a public key\n");
    BIO_printf(bio_err,
               "-certin         input is a certificate carrying a public key\n");
    BIO_printf(bio_err, "-pkeyopt X:Y    public key options\n");
    BIO_printf(bio_err, "-sign           sign with private key\n");
    BIO_printf(bio_err, "-verify         verify with public key\n");
    BIO_printf(bio_err,
               "-verifyrecover  verify with public key, recover original data\n");
    BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
    BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
    BIO_printf(bio_err, "-derive         derive shared secret\n");
    BIO_printf(bio_err, "-hexdump        hex dump output\n");
#ifndef OPENSSL_NO_ENGINE
    BIO_printf(bio_err,
               "-engine e       use engine e, possibly a hardware device.\n");
#endif
    BIO_printf(bio_err, "-passin arg     pass phrase source\n");

}

static EVP_PKEY_CTX *init_ctx(int *pkeysize,
                              char *keyfile, int keyform, int key_type,
                              char *passargin, int pkey_op, ENGINE *e)
{
    EVP_PKEY *pkey = NULL;
    EVP_PKEY_CTX *ctx = NULL;
    char *passin = NULL;
    int rv = -1;
    X509 *x;
    if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
         || (pkey_op == EVP_PKEY_OP_DERIVE))
        && (key_type != KEY_PRIVKEY)) {
        BIO_printf(bio_err, "A private key is needed for this operation\n");
        goto end;
    }
    if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
        BIO_printf(bio_err, "Error getting password\n");
        goto end;
    }
    switch (key_type) {
    case KEY_PRIVKEY:
        pkey = load_key(bio_err, keyfile, keyform, 0,
                        passin, e, "Private Key");
        break;

    case KEY_PUBKEY:
        pkey = load_pubkey(bio_err, keyfile, keyform, 0,
                           NULL, e, "Public Key");
        break;

    case KEY_CERT:
        x = load_cert(bio_err, keyfile, keyform, NULL, e, "Certificate");
        if (x) {
            pkey = X509_get_pubkey(x);
            X509_free(x);
        }
        break;

    }

    *pkeysize = EVP_PKEY_size(pkey);

    if (!pkey)
        goto end;

    ctx = EVP_PKEY_CTX_new(pkey, e);

    EVP_PKEY_free(pkey);

    if (!ctx)
        goto end;

    switch (pkey_op) {
    case EVP_PKEY_OP_SIGN:
        rv = EVP_PKEY_sign_init(ctx);
        break;

    case EVP_PKEY_OP_VERIFY:
        rv = EVP_PKEY_verify_init(ctx);
        break;

    case EVP_PKEY_OP_VERIFYRECOVER:
        rv = EVP_PKEY_verify_recover_init(ctx);
        break;

    case EVP_PKEY_OP_ENCRYPT:
        rv = EVP_PKEY_encrypt_init(ctx);
        break;

    case EVP_PKEY_OP_DECRYPT:
        rv = EVP_PKEY_decrypt_init(ctx);
        break;

    case EVP_PKEY_OP_DERIVE:
        rv = EVP_PKEY_derive_init(ctx);
        break;
    }

    if (rv <= 0) {
        EVP_PKEY_CTX_free(ctx);
        ctx = NULL;
    }

 end:

    if (passin)
        OPENSSL_free(passin);

    return ctx;

}

static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
                      const char *file)
{
    EVP_PKEY *peer = NULL;
    int ret;
    if (!ctx) {
        BIO_puts(err, "-peerkey command before -inkey\n");
        return 0;
    }

    peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");

    if (!peer) {
        BIO_printf(bio_err, "Error reading peer key %s\n", file);
        ERR_print_errors(err);
        return 0;
    }

    ret = EVP_PKEY_derive_set_peer(ctx, peer);

    EVP_PKEY_free(peer);
    if (ret <= 0)
        ERR_print_errors(err);
    return ret;
}

static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
                    unsigned char *out, size_t *poutlen,
                    unsigned char *in, size_t inlen)
{
    int rv = 0;
    switch (pkey_op) {
    case EVP_PKEY_OP_VERIFYRECOVER:
        rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
        break;

    case EVP_PKEY_OP_SIGN:
        rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
        break;

    case EVP_PKEY_OP_ENCRYPT:
        rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
        break;

    case EVP_PKEY_OP_DECRYPT:
        rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
        break;

    case EVP_PKEY_OP_DERIVE:
        rv = EVP_PKEY_derive(ctx, out, poutlen);
        break;

    }
    return rv;
}
Commit	Line	Data
0f113f3e MC	1	/*
	2	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
	3	* 2006.
9e4d0f0b DSH	4	*/
	5	/* ====================================================================
	6	* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
	7	*
	8	* Redistribution and use in source and binary forms, with or without
	9	* modification, are permitted provided that the following conditions
	10	* are met:
	11	*
	12	* 1. Redistributions of source code must retain the above copyright
0f113f3e	13	* notice, this list of conditions and the following disclaimer.
9e4d0f0b DSH	14	*
	15	* 2. Redistributions in binary form must reproduce the above copyright
	16	* notice, this list of conditions and the following disclaimer in
	17	* the documentation and/or other materials provided with the
	18	* distribution.
	19	*
	20	* 3. All advertising materials mentioning features or use of this
	21	* software must display the following acknowledgment:
	22	* "This product includes software developed by the OpenSSL Project
	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	24	*
	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	26	* endorse or promote products derived from this software without
	27	* prior written permission. For written permission, please contact
	28	* licensing@OpenSSL.org.
	29	*
	30	* 5. Products derived from this software may not be called "OpenSSL"
	31	* nor may "OpenSSL" appear in their names without prior written
	32	* permission of the OpenSSL Project.
	33	*
	34	* 6. Redistributions of any form whatsoever must retain the following
	35	* acknowledgment:
	36	* "This product includes software developed by the OpenSSL Project
	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	38	*
	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
	51	* ====================================================================
	52	*
	53	* This product includes cryptographic software written by Eric Young
	54	* (eay@cryptsoft.com). This product includes software written by Tim
	55	* Hudson (tjh@cryptsoft.com).
	56	*
	57	*/
	58
9e4d0f0b DSH	59	#include "apps.h"
	60	#include <string.h>
	61	#include <openssl/err.h>
	62	#include <openssl/pem.h>
	63	#include <openssl/evp.h>
	64
0f113f3e MC	65	#define KEY_PRIVKEY 1
	66	#define KEY_PUBKEY 2
	67	#define KEY_CERT 3
9e4d0f0b DSH	68
	69	static void usage(void);
	70
	71	#undef PROG
	72
	73	#define PROG pkeyutl_main
	74
	75	static EVP_PKEY_CTX init_ctx(int pkeysize,
0f113f3e MC	76	char *keyfile, int keyform, int key_type,
0f113f3e MC	77	char passargin, int pkey_op, ENGINE e);
ffb1ac67 DSH	78
ffb1ac67 DSH	79	static int setup_peer(BIO err, EVP_PKEY_CTX ctx, int peerform,
0f113f3e	80	const char *file);
9e4d0f0b	81
b010b7c4	82	static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
0f113f3e MC	83	unsigned char out, size_t poutlen,
0f113f3e MC	84	unsigned char *in, size_t inlen);
b010b7c4	85
9e4d0f0b DSH	86	int MAIN(int argc, char **);
	87
	88	int MAIN(int argc, char **argv)
	89	{
0f113f3e MC	90	BIO in = NULL, out = NULL;
	91	char infile = NULL, outfile = NULL, *sigfile = NULL;
	92	ENGINE *e = NULL;
	93	int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
	94	int keyform = FORMAT_PEM, peerform = FORMAT_PEM;
	95	char badarg = 0, rev = 0;
	96	char hexdump = 0, asn1parse = 0;
	97	EVP_PKEY_CTX *ctx = NULL;
	98	char *passargin = NULL;
	99	int keysize = -1;
	100
	101	unsigned char buf_in = NULL, buf_out = NULL, *sig = NULL;
	102	size_t buf_outlen;
	103	int buf_inlen = 0, siglen = -1;
	104
	105	int ret = 1, rv = -1;
	106
	107	argc--;
	108	argv++;
	109
	110	if (!bio_err)
	111	bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
	112
	113	if (!load_config(bio_err, NULL))
	114	goto end;
	115	ERR_load_crypto_strings();
	116	OpenSSL_add_all_algorithms();
	117
	118	while (argc >= 1) {
	119	if (!strcmp(*argv, "-in")) {
	120	if (--argc < 1)
	121	badarg = 1;
	122	else
	123	infile = *(++argv);
	124	} else if (!strcmp(*argv, "-out")) {
	125	if (--argc < 1)
	126	badarg = 1;
	127	else
	128	outfile = *(++argv);
	129	} else if (!strcmp(*argv, "-sigfile")) {
	130	if (--argc < 1)
	131	badarg = 1;
	132	else
	133	sigfile = *(++argv);
	134	} else if (!strcmp(*argv, "-inkey")) {
	135	if (--argc < 1)
	136	badarg = 1;
	137	else {
	138	ctx = init_ctx(&keysize,
	139	*(++argv), keyform, key_type,
	140	passargin, pkey_op, e);
	141	if (!ctx) {
	142	BIO_puts(bio_err, "Error initializing context\n");
	143	ERR_print_errors(bio_err);
	144	badarg = 1;
	145	}
	146	}
	147	} else if (!strcmp(*argv, "-peerkey")) {
	148	if (--argc < 1)
	149	badarg = 1;
	150	else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
	151	badarg = 1;
	152	} else if (!strcmp(*argv, "-passin")) {
	153	if (--argc < 1)
154	badarg = 1;
155	else
156	passargin = *(++argv);
157	} else if (strcmp(*argv, "-peerform") == 0) {
158	if (--argc < 1)
159	badarg = 1;
160	else
161	peerform = str2fmt(*(++argv));
162	} else if (strcmp(*argv, "-keyform") == 0) {
163	if (--argc < 1)
164	badarg = 1;
165	else
166	keyform = str2fmt(*(++argv));
167	}
9e4d0f0b	168	#ifndef OPENSSL_NO_ENGINE
0f113f3e MC	169	else if (!strcmp(*argv, "-engine")) {
	170	if (--argc < 1)
	171	badarg = 1;
	172	else
	173	e = setup_engine(bio_err, *(++argv), 0);
	174	}
9e4d0f0b	175	#endif
0f113f3e MC	176	else if (!strcmp(*argv, "-pubin"))
	177	key_type = KEY_PUBKEY;
	178	else if (!strcmp(*argv, "-certin"))
	179	key_type = KEY_CERT;
	180	else if (!strcmp(*argv, "-asn1parse"))
	181	asn1parse = 1;
	182	else if (!strcmp(*argv, "-hexdump"))
	183	hexdump = 1;
	184	else if (!strcmp(*argv, "-sign"))
	185	pkey_op = EVP_PKEY_OP_SIGN;
	186	else if (!strcmp(*argv, "-verify"))
	187	pkey_op = EVP_PKEY_OP_VERIFY;
	188	else if (!strcmp(*argv, "-verifyrecover"))
	189	pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
	190	else if (!strcmp(*argv, "-rev"))
	191	rev = 1;
	192	else if (!strcmp(*argv, "-encrypt"))
	193	pkey_op = EVP_PKEY_OP_ENCRYPT;
	194	else if (!strcmp(*argv, "-decrypt"))
	195	pkey_op = EVP_PKEY_OP_DECRYPT;
	196	else if (!strcmp(*argv, "-derive"))
	197	pkey_op = EVP_PKEY_OP_DERIVE;
	198	else if (strcmp(*argv, "-pkeyopt") == 0) {
	199	if (--argc < 1)
	200	badarg = 1;
	201	else if (!ctx) {
	202	BIO_puts(bio_err, "-pkeyopt command before -inkey\n");
	203	badarg = 1;
	204	} else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) {
	205	BIO_puts(bio_err, "parameter setting error\n");
	206	ERR_print_errors(bio_err);
	207	goto end;
	208	}
	209	} else
	210	badarg = 1;
	211	if (badarg) {
	212	usage();
	213	goto end;
	214	}
	215	argc--;
	216	argv++;
	217	}
	218
	219	if (!ctx) {
	220	usage();
	221	goto end;
	222	}
	223
	224	if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) {
	225	BIO_puts(bio_err, "Signature file specified for non verify\n");
	226	goto end;
	227	}
	228
	229	if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) {
	230	BIO_puts(bio_err, "No signature file specified for verify\n");
	231	goto end;
	232	}
a9164153	233
9e4d0f0b	234	/* FIXME: seed PRNG only if needed */
0f113f3e MC	235	app_RAND_load_file(NULL, bio_err, 0);
	236
	237	if (pkey_op != EVP_PKEY_OP_DERIVE) {
	238	if (infile) {
	239	if (!(in = BIO_new_file(infile, "rb"))) {
	240	BIO_puts(bio_err, "Error Opening Input File\n");
	241	ERR_print_errors(bio_err);
	242	goto end;
	243	}
	244	} else
	245	in = BIO_new_fp(stdin, BIO_NOCLOSE);
	246	}
	247
	248	if (outfile) {
	249	if (!(out = BIO_new_file(outfile, "wb"))) {
	250	BIO_printf(bio_err, "Error Creating Output File\n");
	251	ERR_print_errors(bio_err);
	252	goto end;
	253	}
	254	} else {
	255	out = BIO_new_fp(stdout, BIO_NOCLOSE);
9e4d0f0b	256	#ifdef OPENSSL_SYS_VMS
0f113f3e MC	257	{
	258	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
	259	out = BIO_push(tmpbio, out);
	260	}
9e4d0f0b	261	#endif
0f113f3e MC	262	}
	263
	264	if (sigfile) {
	265	BIO *sigbio = BIO_new_file(sigfile, "rb");
	266	if (!sigbio) {
	267	BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
	268	goto end;
	269	}
	270	siglen = bio_to_mem(&sig, keysize * 10, sigbio);
	271	BIO_free(sigbio);
	272	if (siglen <= 0) {
	273	BIO_printf(bio_err, "Error reading signature data\n");
	274	goto end;
	275	}
	276	}
	277
	278	if (in) {
	279	/* Read the input data */
	280	buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
	281	if (buf_inlen <= 0) {
	282	BIO_printf(bio_err, "Error reading input Data\n");
	283	exit(1);
	284	}
	285	if (rev) {
	286	size_t i;
	287	unsigned char ctmp;
	288	size_t l = (size_t)buf_inlen;
	289	for (i = 0; i < l / 2; i++) {
	290	ctmp = buf_in[i];
	291	buf_in[i] = buf_in[l - 1 - i];
	292	buf_in[l - 1 - i] = ctmp;
	293	}
	294	}
	295	}
	296
	297	if (pkey_op == EVP_PKEY_OP_VERIFY) {
	298	rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
	299	buf_in, (size_t)buf_inlen);
	300	if (rv == 0)
	301	BIO_puts(out, "Signature Verification Failure\n");
	302	else if (rv == 1)
	303	BIO_puts(out, "Signature Verified Successfully\n");
	304	if (rv >= 0)
	305	goto end;
	306	} else {
	307	rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
	308	buf_in, (size_t)buf_inlen);
	309	if (rv > 0) {
	310	buf_out = OPENSSL_malloc(buf_outlen);
	311	if (!buf_out)
	312	rv = -1;
	313	else
	314	rv = do_keyop(ctx, pkey_op,
	315	buf_out, (size_t *)&buf_outlen,
	316	buf_in, (size_t)buf_inlen);
	317	}
	318	}
	319
	320	if (rv <= 0) {
	321	BIO_printf(bio_err, "Public Key operation error\n");
	322	ERR_print_errors(bio_err);
	323	goto end;
	324	}
	325	ret = 0;
326	if (asn1parse) {
327	if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
328	ERR_print_errors(bio_err);
329	} else if (hexdump)
330	BIO_dump(out, (char *)buf_out, buf_outlen);
331	else
332	BIO_write(out, buf_out, buf_outlen);
333
334	end:
c5ba2d99	335	EVP_PKEY_CTX_free(ctx);
0f113f3e MC	336	BIO_free(in);
	337	BIO_free_all(out);
	338	if (buf_in)
	339	OPENSSL_free(buf_in);
	340	if (buf_out)
	341	OPENSSL_free(buf_out);
	342	if (sig)
	343	OPENSSL_free(sig);
	344	return ret;
9e4d0f0b DSH	345	}
	346
	347	static void usage()
	348	{
0f113f3e MC	349	BIO_printf(bio_err, "Usage: pkeyutl [options]\n");
	350	BIO_printf(bio_err, "-in file input file\n");
	351	BIO_printf(bio_err, "-out file output file\n");
	352	BIO_printf(bio_err,
	353	"-sigfile file signature file (verify operation only)\n");
	354	BIO_printf(bio_err, "-inkey file input key\n");
	355	BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
	356	BIO_printf(bio_err, "-pubin input is a public key\n");
	357	BIO_printf(bio_err,
	358	"-certin input is a certificate carrying a public key\n");
	359	BIO_printf(bio_err, "-pkeyopt X:Y public key options\n");
	360	BIO_printf(bio_err, "-sign sign with private key\n");
	361	BIO_printf(bio_err, "-verify verify with public key\n");
	362	BIO_printf(bio_err,
	363	"-verifyrecover verify with public key, recover original data\n");
	364	BIO_printf(bio_err, "-encrypt encrypt with public key\n");
	365	BIO_printf(bio_err, "-decrypt decrypt with private key\n");
	366	BIO_printf(bio_err, "-derive derive shared secret\n");
	367	BIO_printf(bio_err, "-hexdump hex dump output\n");
9e4d0f0b	368	#ifndef OPENSSL_NO_ENGINE
0f113f3e MC	369	BIO_printf(bio_err,
0f113f3e MC	370	"-engine e use engine e, possibly a hardware device.\n");
9e4d0f0b	371	#endif
0f113f3e	372	BIO_printf(bio_err, "-passin arg pass phrase source\n");
9e4d0f0b DSH	373
	374	}
	375
	376	static EVP_PKEY_CTX init_ctx(int pkeysize,
0f113f3e MC	377	char *keyfile, int keyform, int key_type,
	378	char passargin, int pkey_op, ENGINE e)
	379	{
	380	EVP_PKEY *pkey = NULL;
	381	EVP_PKEY_CTX *ctx = NULL;
	382	char *passin = NULL;
	383	int rv = -1;
	384	X509 *x;
	385	if (((pkey_op == EVP_PKEY_OP_SIGN) \|\| (pkey_op == EVP_PKEY_OP_DECRYPT)
	386	\|\| (pkey_op == EVP_PKEY_OP_DERIVE))
	387	&& (key_type != KEY_PRIVKEY)) {
	388	BIO_printf(bio_err, "A private key is needed for this operation\n");
	389	goto end;
	390	}
	391	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
	392	BIO_printf(bio_err, "Error getting password\n");
	393	goto end;
	394	}
	395	switch (key_type) {
	396	case KEY_PRIVKEY:
	397	pkey = load_key(bio_err, keyfile, keyform, 0,
	398	passin, e, "Private Key");
	399	break;
	400
	401	case KEY_PUBKEY:
	402	pkey = load_pubkey(bio_err, keyfile, keyform, 0,
	403	NULL, e, "Public Key");
	404	break;
	405
	406	case KEY_CERT:
	407	x = load_cert(bio_err, keyfile, keyform, NULL, e, "Certificate");
	408	if (x) {
	409	pkey = X509_get_pubkey(x);
	410	X509_free(x);
	411	}
	412	break;
	413
	414	}
	415
	416	*pkeysize = EVP_PKEY_size(pkey);
	417
	418	if (!pkey)
	419	goto end;
	420
	421	ctx = EVP_PKEY_CTX_new(pkey, e);
	422
	423	EVP_PKEY_free(pkey);
	424
	425	if (!ctx)
	426	goto end;
	427
	428	switch (pkey_op) {
	429	case EVP_PKEY_OP_SIGN:
	430	rv = EVP_PKEY_sign_init(ctx);
	431	break;
	432
	433	case EVP_PKEY_OP_VERIFY:
	434	rv = EVP_PKEY_verify_init(ctx);
	435	break;
	436
	437	case EVP_PKEY_OP_VERIFYRECOVER:
	438	rv = EVP_PKEY_verify_recover_init(ctx);
	439	break;
	440
441	case EVP_PKEY_OP_ENCRYPT:
442	rv = EVP_PKEY_encrypt_init(ctx);
443	break;
444
445	case EVP_PKEY_OP_DECRYPT:
446	rv = EVP_PKEY_decrypt_init(ctx);
447	break;
448
449	case EVP_PKEY_OP_DERIVE:
450	rv = EVP_PKEY_derive_init(ctx);
451	break;
452	}
453
454	if (rv <= 0) {
455	EVP_PKEY_CTX_free(ctx);
456	ctx = NULL;
457	}
458
459	end:
460
461	if (passin)
462	OPENSSL_free(passin);
463
464	return ctx;
465
466	}
9e4d0f0b	467
ffb1ac67	468	static int setup_peer(BIO err, EVP_PKEY_CTX ctx, int peerform,
0f113f3e MC	469	const char *file)
	470	{
	471	EVP_PKEY *peer = NULL;
	472	int ret;
	473	if (!ctx) {
	474	BIO_puts(err, "-peerkey command before -inkey\n");
	475	return 0;
	476	}
	477
	478	peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");
	479
	480	if (!peer) {
	481	BIO_printf(bio_err, "Error reading peer key %s\n", file);
	482	ERR_print_errors(err);
	483	return 0;
	484	}
	485
	486	ret = EVP_PKEY_derive_set_peer(ctx, peer);
	487
	488	EVP_PKEY_free(peer);
	489	if (ret <= 0)
	490	ERR_print_errors(err);
	491	return ret;
	492	}
b010b7c4 DSH	493
b010b7c4 DSH	494	static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
0f113f3e MC	495	unsigned char out, size_t poutlen,
	496	unsigned char *in, size_t inlen)
	497	{
	498	int rv = 0;
	499	switch (pkey_op) {
	500	case EVP_PKEY_OP_VERIFYRECOVER:
	501	rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
	502	break;
	503
	504	case EVP_PKEY_OP_SIGN:
	505	rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
	506	break;
	507
	508	case EVP_PKEY_OP_ENCRYPT:
	509	rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
	510	break;
	511
	512	case EVP_PKEY_OP_DECRYPT:
	513	rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
	514	break;
	515
	516	case EVP_PKEY_OP_DERIVE:
	517	rv = EVP_PKEY_derive(ctx, out, poutlen);
	518	break;
	519
	520	}
	521	return rv;
	522	}