]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
a28d06f3 | 2 | * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. |
bd08a2bd | 3 | * |
dffa7520 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
846e33c7 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
bd08a2bd | 8 | */ |
28967cf0 | 9 | |
3eeaab4b | 10 | #include <openssl/opensslconf.h> |
28967cf0 | 11 | |
1ae56f2f RS |
12 | #include "apps.h" |
13 | #include "progs.h" | |
14 | #include <string.h> | |
15 | #include <openssl/err.h> | |
16 | #include <openssl/pem.h> | |
17 | #include <openssl/rsa.h> | |
bd08a2bd | 18 | |
1ae56f2f RS |
19 | #define RSA_SIGN 1 |
20 | #define RSA_VERIFY 2 | |
21 | #define RSA_ENCRYPT 3 | |
22 | #define RSA_DECRYPT 4 | |
bd08a2bd | 23 | |
1ae56f2f RS |
24 | #define KEY_PRIVKEY 1 |
25 | #define KEY_PUBKEY 2 | |
26 | #define KEY_CERT 3 | |
bd08a2bd | 27 | |
7e1b7485 RS |
28 | typedef enum OPTION_choice { |
29 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, | |
30 | OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP, | |
b0aae913 | 31 | OPT_RSA_RAW, OPT_OAEP, OPT_PKCS, OPT_X931, |
7e1b7485 | 32 | OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, |
3ee1eac2 | 33 | OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM, |
6bd4e3f2 | 34 | OPT_R_ENUM, OPT_PROV_ENUM |
7e1b7485 RS |
35 | } OPTION_CHOICE; |
36 | ||
44c83ebd | 37 | const OPTIONS rsautl_options[] = { |
5388f986 | 38 | OPT_SECTION("General"), |
7e1b7485 | 39 | {"help", OPT_HELP, '-', "Display this summary"}, |
5388f986 RS |
40 | {"sign", OPT_SIGN, '-', "Sign with private key"}, |
41 | {"verify", OPT_VERIFY, '-', "Verify with public key"}, | |
42 | {"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"}, | |
43 | {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"}, | |
1ae56f2f | 44 | #ifndef OPENSSL_NO_ENGINE |
5388f986 | 45 | {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, |
1ae56f2f | 46 | #endif |
5388f986 RS |
47 | |
48 | OPT_SECTION("Input"), | |
7e1b7485 | 49 | {"in", OPT_IN, '<', "Input file"}, |
dd958974 | 50 | {"inkey", OPT_INKEY, 's', "Input key"}, |
6d382c74 | 51 | {"keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)"}, |
7e1b7485 RS |
52 | {"pubin", OPT_PUBIN, '-', "Input is an RSA public"}, |
53 | {"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"}, | |
5388f986 RS |
54 | {"rev", OPT_REV, '-', "Reverse the order of the input buffer"}, |
55 | {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, | |
56 | ||
57 | OPT_SECTION("Output"), | |
58 | {"out", OPT_OUT, '>', "Output file"}, | |
61783db5 | 59 | {"raw", OPT_RSA_RAW, '-', "Use no padding"}, |
7e1b7485 | 60 | {"pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)"}, |
5388f986 | 61 | {"x931", OPT_X931, '-', "Use ANSI X9.31 padding"}, |
7e1b7485 | 62 | {"oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP"}, |
9a13bb38 RS |
63 | {"asn1parse", OPT_ASN1PARSE, '-', |
64 | "Run output through asn1parse; useful with -verify"}, | |
7e1b7485 | 65 | {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"}, |
5388f986 | 66 | |
3ee1eac2 | 67 | OPT_R_OPTIONS, |
6bd4e3f2 | 68 | OPT_PROV_OPTIONS, |
7e1b7485 RS |
69 | {NULL} |
70 | }; | |
bd08a2bd | 71 | |
7e1b7485 | 72 | int rsautl_main(int argc, char **argv) |
bd08a2bd | 73 | { |
0f113f3e | 74 | BIO *in = NULL, *out = NULL; |
7e1b7485 | 75 | ENGINE *e = NULL; |
0f113f3e | 76 | EVP_PKEY *pkey = NULL; |
d7e498ac | 77 | EVP_PKEY_CTX *ctx = NULL; |
7e1b7485 | 78 | X509 *x; |
333b070e | 79 | char *infile = NULL, *outfile = NULL, *keyfile = NULL; |
7e1b7485 RS |
80 | char *passinarg = NULL, *passin = NULL, *prog; |
81 | char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; | |
82 | unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING; | |
d7e498ac RL |
83 | size_t rsa_inlen, rsa_outlen = 0; |
84 | int keyformat = FORMAT_PEM, keysize, ret = 1, rv; | |
85 | int hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0; | |
7e1b7485 RS |
86 | OPTION_CHOICE o; |
87 | ||
88 | prog = opt_init(argc, argv, rsautl_options); | |
89 | while ((o = opt_next()) != OPT_EOF) { | |
90 | switch (o) { | |
91 | case OPT_EOF: | |
92 | case OPT_ERR: | |
93 | opthelp: | |
94 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); | |
95 | goto end; | |
96 | case OPT_HELP: | |
97 | opt_help(rsautl_options); | |
98 | ret = 0; | |
99 | goto end; | |
100 | case OPT_KEYFORM: | |
6d382c74 | 101 | if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat)) |
7e1b7485 RS |
102 | goto opthelp; |
103 | break; | |
104 | case OPT_IN: | |
105 | infile = opt_arg(); | |
106 | break; | |
107 | case OPT_OUT: | |
108 | outfile = opt_arg(); | |
109 | break; | |
110 | case OPT_ENGINE: | |
333b070e | 111 | e = setup_engine(opt_arg(), 0); |
7e1b7485 RS |
112 | break; |
113 | case OPT_ASN1PARSE: | |
0f113f3e | 114 | asn1parse = 1; |
7e1b7485 RS |
115 | break; |
116 | case OPT_HEXDUMP: | |
0f113f3e | 117 | hexdump = 1; |
7e1b7485 | 118 | break; |
61783db5 | 119 | case OPT_RSA_RAW: |
0f113f3e | 120 | pad = RSA_NO_PADDING; |
7e1b7485 RS |
121 | break; |
122 | case OPT_OAEP: | |
0f113f3e | 123 | pad = RSA_PKCS1_OAEP_PADDING; |
7e1b7485 | 124 | break; |
7e1b7485 | 125 | case OPT_PKCS: |
0f113f3e | 126 | pad = RSA_PKCS1_PADDING; |
7e1b7485 RS |
127 | break; |
128 | case OPT_X931: | |
0f113f3e | 129 | pad = RSA_X931_PADDING; |
7e1b7485 RS |
130 | break; |
131 | case OPT_SIGN: | |
0f113f3e MC |
132 | rsa_mode = RSA_SIGN; |
133 | need_priv = 1; | |
7e1b7485 RS |
134 | break; |
135 | case OPT_VERIFY: | |
0f113f3e | 136 | rsa_mode = RSA_VERIFY; |
7e1b7485 RS |
137 | break; |
138 | case OPT_REV: | |
0f113f3e | 139 | rev = 1; |
7e1b7485 RS |
140 | break; |
141 | case OPT_ENCRYPT: | |
0f113f3e | 142 | rsa_mode = RSA_ENCRYPT; |
7e1b7485 RS |
143 | break; |
144 | case OPT_DECRYPT: | |
0f113f3e MC |
145 | rsa_mode = RSA_DECRYPT; |
146 | need_priv = 1; | |
7e1b7485 RS |
147 | break; |
148 | case OPT_PUBIN: | |
149 | key_type = KEY_PUBKEY; | |
150 | break; | |
151 | case OPT_CERTIN: | |
152 | key_type = KEY_CERT; | |
153 | break; | |
154 | case OPT_INKEY: | |
155 | keyfile = opt_arg(); | |
156 | break; | |
157 | case OPT_PASSIN: | |
158 | passinarg = opt_arg(); | |
159 | break; | |
3ee1eac2 RS |
160 | case OPT_R_CASES: |
161 | if (!opt_rand(o)) | |
162 | goto end; | |
163 | break; | |
6bd4e3f2 P |
164 | case OPT_PROV_CASES: |
165 | if (!opt_provider(o)) | |
166 | goto end; | |
167 | break; | |
0f113f3e | 168 | } |
0f113f3e | 169 | } |
021410ea RS |
170 | |
171 | /* No extra arguments. */ | |
7e1b7485 | 172 | argc = opt_num_rest(); |
03358517 KR |
173 | if (argc != 0) |
174 | goto opthelp; | |
0f113f3e | 175 | |
51e5df0e | 176 | app_RAND_load(); |
0f113f3e MC |
177 | if (need_priv && (key_type != KEY_PRIVKEY)) { |
178 | BIO_printf(bio_err, "A private key is needed for this operation\n"); | |
179 | goto end; | |
180 | } | |
333b070e | 181 | |
7e1b7485 | 182 | if (!app_passwd(passinarg, NULL, &passin, NULL)) { |
0f113f3e MC |
183 | BIO_printf(bio_err, "Error getting password\n"); |
184 | goto end; | |
185 | } | |
32d862ed | 186 | |
0f113f3e MC |
187 | switch (key_type) { |
188 | case KEY_PRIVKEY: | |
50eb2a50 | 189 | pkey = load_key(keyfile, keyformat, 0, passin, e, "private key"); |
0f113f3e MC |
190 | break; |
191 | ||
192 | case KEY_PUBKEY: | |
50eb2a50 | 193 | pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "public key"); |
0f113f3e MC |
194 | break; |
195 | ||
196 | case KEY_CERT: | |
22dddfb9 | 197 | x = load_cert(keyfile, "Certificate"); |
0f113f3e MC |
198 | if (x) { |
199 | pkey = X509_get_pubkey(x); | |
200 | X509_free(x); | |
201 | } | |
202 | break; | |
203 | } | |
204 | ||
2234212c | 205 | if (pkey == NULL) |
0f113f3e | 206 | return 1; |
0f113f3e | 207 | |
bdd58d98 | 208 | in = bio_open_default(infile, 'r', FORMAT_BINARY); |
7e1b7485 RS |
209 | if (in == NULL) |
210 | goto end; | |
bdd58d98 | 211 | out = bio_open_default(outfile, 'w', FORMAT_BINARY); |
7e1b7485 RS |
212 | if (out == NULL) |
213 | goto end; | |
0f113f3e | 214 | |
d7e498ac | 215 | keysize = EVP_PKEY_size(pkey); |
0f113f3e | 216 | |
68dc6824 RS |
217 | rsa_in = app_malloc(keysize * 2, "hold rsa key"); |
218 | rsa_out = app_malloc(keysize, "output rsa key"); | |
d7e498ac | 219 | rsa_outlen = keysize; |
0f113f3e MC |
220 | |
221 | /* Read the input data */ | |
d7e498ac RL |
222 | rv = BIO_read(in, rsa_in, keysize * 2); |
223 | if (rv < 0) { | |
0f113f3e | 224 | BIO_printf(bio_err, "Error reading input Data\n"); |
7e1b7485 | 225 | goto end; |
0f113f3e | 226 | } |
d7e498ac | 227 | rsa_inlen = rv; |
0f113f3e | 228 | if (rev) { |
d7e498ac | 229 | size_t i; |
0f113f3e | 230 | unsigned char ctmp; |
d7e498ac | 231 | |
0f113f3e MC |
232 | for (i = 0; i < rsa_inlen / 2; i++) { |
233 | ctmp = rsa_in[i]; | |
234 | rsa_in[i] = rsa_in[rsa_inlen - 1 - i]; | |
235 | rsa_in[rsa_inlen - 1 - i] = ctmp; | |
236 | } | |
237 | } | |
0f113f3e | 238 | |
d7e498ac RL |
239 | if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL) |
240 | goto end; | |
241 | ||
242 | switch (rsa_mode) { | |
0f113f3e | 243 | case RSA_VERIFY: |
d7e498ac RL |
244 | rv = EVP_PKEY_verify_recover_init(ctx) |
245 | && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) | |
246 | && EVP_PKEY_verify_recover(ctx, rsa_out, &rsa_outlen, | |
247 | rsa_in, rsa_inlen); | |
0f113f3e | 248 | break; |
0f113f3e | 249 | case RSA_SIGN: |
d7e498ac RL |
250 | rv = EVP_PKEY_sign_init(ctx) |
251 | && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) | |
252 | && EVP_PKEY_sign(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen); | |
0f113f3e | 253 | break; |
0f113f3e | 254 | case RSA_ENCRYPT: |
d7e498ac RL |
255 | rv = EVP_PKEY_encrypt_init(ctx) |
256 | && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) | |
257 | && EVP_PKEY_encrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen); | |
0f113f3e | 258 | break; |
0f113f3e | 259 | case RSA_DECRYPT: |
d7e498ac RL |
260 | rv = EVP_PKEY_decrypt_init(ctx) |
261 | && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) | |
262 | && EVP_PKEY_decrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen); | |
0f113f3e | 263 | break; |
0f113f3e MC |
264 | } |
265 | ||
d7e498ac | 266 | if (!rv) { |
0f113f3e MC |
267 | BIO_printf(bio_err, "RSA operation error\n"); |
268 | ERR_print_errors(bio_err); | |
269 | goto end; | |
270 | } | |
271 | ret = 0; | |
272 | if (asn1parse) { | |
273 | if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) { | |
274 | ERR_print_errors(bio_err); | |
275 | } | |
2234212c | 276 | } else if (hexdump) { |
0f113f3e | 277 | BIO_dump(out, (char *)rsa_out, rsa_outlen); |
2234212c | 278 | } else { |
0f113f3e | 279 | BIO_write(out, rsa_out, rsa_outlen); |
2234212c | 280 | } |
0f113f3e | 281 | end: |
d7e498ac RL |
282 | EVP_PKEY_CTX_free(ctx); |
283 | EVP_PKEY_free(pkey); | |
dd1abd44 | 284 | release_engine(e); |
0f113f3e MC |
285 | BIO_free(in); |
286 | BIO_free_all(out); | |
b548a1f1 RS |
287 | OPENSSL_free(rsa_in); |
288 | OPENSSL_free(rsa_out); | |
289 | OPENSSL_free(passin); | |
0f113f3e | 290 | return ret; |
bd08a2bd | 291 | } |