]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
a28d06f3 | 2 | * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. |
bd08a2bd | 3 | * |
dffa7520 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
846e33c7 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
bd08a2bd | 8 | */ |
28967cf0 | 9 | |
3eeaab4b | 10 | #include <openssl/opensslconf.h> |
28967cf0 | 11 | |
1ae56f2f RS |
12 | #include "apps.h" |
13 | #include "progs.h" | |
14 | #include <string.h> | |
15 | #include <openssl/err.h> | |
16 | #include <openssl/pem.h> | |
17 | #include <openssl/rsa.h> | |
bd08a2bd | 18 | |
1ae56f2f RS |
19 | #define RSA_SIGN 1 |
20 | #define RSA_VERIFY 2 | |
21 | #define RSA_ENCRYPT 3 | |
22 | #define RSA_DECRYPT 4 | |
bd08a2bd | 23 | |
1ae56f2f RS |
24 | #define KEY_PRIVKEY 1 |
25 | #define KEY_PUBKEY 2 | |
26 | #define KEY_CERT 3 | |
bd08a2bd | 27 | |
7e1b7485 | 28 | typedef enum OPTION_choice { |
b0f96018 | 29 | OPT_COMMON, |
7e1b7485 | 30 | OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP, |
b0aae913 | 31 | OPT_RSA_RAW, OPT_OAEP, OPT_PKCS, OPT_X931, |
7e1b7485 | 32 | OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, |
3ee1eac2 | 33 | OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM, |
6bd4e3f2 | 34 | OPT_R_ENUM, OPT_PROV_ENUM |
7e1b7485 RS |
35 | } OPTION_CHOICE; |
36 | ||
44c83ebd | 37 | const OPTIONS rsautl_options[] = { |
5388f986 | 38 | OPT_SECTION("General"), |
7e1b7485 | 39 | {"help", OPT_HELP, '-', "Display this summary"}, |
5388f986 RS |
40 | {"sign", OPT_SIGN, '-', "Sign with private key"}, |
41 | {"verify", OPT_VERIFY, '-', "Verify with public key"}, | |
42 | {"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"}, | |
43 | {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"}, | |
1ae56f2f | 44 | #ifndef OPENSSL_NO_ENGINE |
5388f986 | 45 | {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, |
1ae56f2f | 46 | #endif |
5388f986 RS |
47 | |
48 | OPT_SECTION("Input"), | |
7e1b7485 | 49 | {"in", OPT_IN, '<', "Input file"}, |
dd958974 | 50 | {"inkey", OPT_INKEY, 's', "Input key"}, |
6d382c74 | 51 | {"keyform", OPT_KEYFORM, 'E', "Private key format (ENGINE, other values ignored)"}, |
7e1b7485 RS |
52 | {"pubin", OPT_PUBIN, '-', "Input is an RSA public"}, |
53 | {"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"}, | |
5388f986 RS |
54 | {"rev", OPT_REV, '-', "Reverse the order of the input buffer"}, |
55 | {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, | |
56 | ||
57 | OPT_SECTION("Output"), | |
58 | {"out", OPT_OUT, '>', "Output file"}, | |
61783db5 | 59 | {"raw", OPT_RSA_RAW, '-', "Use no padding"}, |
7e1b7485 | 60 | {"pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)"}, |
5388f986 | 61 | {"x931", OPT_X931, '-', "Use ANSI X9.31 padding"}, |
7e1b7485 | 62 | {"oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP"}, |
9a13bb38 RS |
63 | {"asn1parse", OPT_ASN1PARSE, '-', |
64 | "Run output through asn1parse; useful with -verify"}, | |
7e1b7485 | 65 | {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"}, |
5388f986 | 66 | |
3ee1eac2 | 67 | OPT_R_OPTIONS, |
6bd4e3f2 | 68 | OPT_PROV_OPTIONS, |
7e1b7485 RS |
69 | {NULL} |
70 | }; | |
bd08a2bd | 71 | |
7e1b7485 | 72 | int rsautl_main(int argc, char **argv) |
bd08a2bd | 73 | { |
0f113f3e | 74 | BIO *in = NULL, *out = NULL; |
7e1b7485 | 75 | ENGINE *e = NULL; |
0f113f3e | 76 | EVP_PKEY *pkey = NULL; |
d7e498ac | 77 | EVP_PKEY_CTX *ctx = NULL; |
7e1b7485 | 78 | X509 *x; |
333b070e | 79 | char *infile = NULL, *outfile = NULL, *keyfile = NULL; |
7e1b7485 RS |
80 | char *passinarg = NULL, *passin = NULL, *prog; |
81 | char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; | |
82 | unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING; | |
d7e498ac | 83 | size_t rsa_inlen, rsa_outlen = 0; |
d382e796 | 84 | int keyformat = FORMAT_UNDEF, keysize, ret = 1, rv; |
d7e498ac | 85 | int hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0; |
7e1b7485 RS |
86 | OPTION_CHOICE o; |
87 | ||
88 | prog = opt_init(argc, argv, rsautl_options); | |
89 | while ((o = opt_next()) != OPT_EOF) { | |
90 | switch (o) { | |
91 | case OPT_EOF: | |
92 | case OPT_ERR: | |
93 | opthelp: | |
94 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); | |
95 | goto end; | |
96 | case OPT_HELP: | |
97 | opt_help(rsautl_options); | |
98 | ret = 0; | |
99 | goto end; | |
100 | case OPT_KEYFORM: | |
6d382c74 | 101 | if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat)) |
7e1b7485 RS |
102 | goto opthelp; |
103 | break; | |
104 | case OPT_IN: | |
105 | infile = opt_arg(); | |
106 | break; | |
107 | case OPT_OUT: | |
108 | outfile = opt_arg(); | |
109 | break; | |
110 | case OPT_ENGINE: | |
333b070e | 111 | e = setup_engine(opt_arg(), 0); |
7e1b7485 RS |
112 | break; |
113 | case OPT_ASN1PARSE: | |
0f113f3e | 114 | asn1parse = 1; |
7e1b7485 RS |
115 | break; |
116 | case OPT_HEXDUMP: | |
0f113f3e | 117 | hexdump = 1; |
7e1b7485 | 118 | break; |
61783db5 | 119 | case OPT_RSA_RAW: |
0f113f3e | 120 | pad = RSA_NO_PADDING; |
7e1b7485 RS |
121 | break; |
122 | case OPT_OAEP: | |
0f113f3e | 123 | pad = RSA_PKCS1_OAEP_PADDING; |
7e1b7485 | 124 | break; |
7e1b7485 | 125 | case OPT_PKCS: |
0f113f3e | 126 | pad = RSA_PKCS1_PADDING; |
7e1b7485 RS |
127 | break; |
128 | case OPT_X931: | |
0f113f3e | 129 | pad = RSA_X931_PADDING; |
7e1b7485 RS |
130 | break; |
131 | case OPT_SIGN: | |
0f113f3e MC |
132 | rsa_mode = RSA_SIGN; |
133 | need_priv = 1; | |
7e1b7485 RS |
134 | break; |
135 | case OPT_VERIFY: | |
0f113f3e | 136 | rsa_mode = RSA_VERIFY; |
7e1b7485 RS |
137 | break; |
138 | case OPT_REV: | |
0f113f3e | 139 | rev = 1; |
7e1b7485 RS |
140 | break; |
141 | case OPT_ENCRYPT: | |
0f113f3e | 142 | rsa_mode = RSA_ENCRYPT; |
7e1b7485 RS |
143 | break; |
144 | case OPT_DECRYPT: | |
0f113f3e MC |
145 | rsa_mode = RSA_DECRYPT; |
146 | need_priv = 1; | |
7e1b7485 RS |
147 | break; |
148 | case OPT_PUBIN: | |
149 | key_type = KEY_PUBKEY; | |
150 | break; | |
151 | case OPT_CERTIN: | |
152 | key_type = KEY_CERT; | |
153 | break; | |
154 | case OPT_INKEY: | |
155 | keyfile = opt_arg(); | |
156 | break; | |
157 | case OPT_PASSIN: | |
158 | passinarg = opt_arg(); | |
159 | break; | |
3ee1eac2 RS |
160 | case OPT_R_CASES: |
161 | if (!opt_rand(o)) | |
162 | goto end; | |
163 | break; | |
6bd4e3f2 P |
164 | case OPT_PROV_CASES: |
165 | if (!opt_provider(o)) | |
166 | goto end; | |
167 | break; | |
0f113f3e | 168 | } |
0f113f3e | 169 | } |
021410ea RS |
170 | |
171 | /* No extra arguments. */ | |
d9f07357 | 172 | if (!opt_check_rest_arg(NULL)) |
03358517 | 173 | goto opthelp; |
0f113f3e | 174 | |
3ad60309 DDO |
175 | if (!app_RAND_load()) |
176 | goto end; | |
177 | ||
0f113f3e MC |
178 | if (need_priv && (key_type != KEY_PRIVKEY)) { |
179 | BIO_printf(bio_err, "A private key is needed for this operation\n"); | |
180 | goto end; | |
181 | } | |
333b070e | 182 | |
7e1b7485 | 183 | if (!app_passwd(passinarg, NULL, &passin, NULL)) { |
0f113f3e MC |
184 | BIO_printf(bio_err, "Error getting password\n"); |
185 | goto end; | |
186 | } | |
32d862ed | 187 | |
0f113f3e MC |
188 | switch (key_type) { |
189 | case KEY_PRIVKEY: | |
50eb2a50 | 190 | pkey = load_key(keyfile, keyformat, 0, passin, e, "private key"); |
0f113f3e MC |
191 | break; |
192 | ||
193 | case KEY_PUBKEY: | |
50eb2a50 | 194 | pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "public key"); |
0f113f3e MC |
195 | break; |
196 | ||
197 | case KEY_CERT: | |
d382e796 | 198 | x = load_cert(keyfile, FORMAT_UNDEF, "Certificate"); |
0f113f3e MC |
199 | if (x) { |
200 | pkey = X509_get_pubkey(x); | |
201 | X509_free(x); | |
202 | } | |
203 | break; | |
204 | } | |
205 | ||
2234212c | 206 | if (pkey == NULL) |
0f113f3e | 207 | return 1; |
0f113f3e | 208 | |
bdd58d98 | 209 | in = bio_open_default(infile, 'r', FORMAT_BINARY); |
7e1b7485 RS |
210 | if (in == NULL) |
211 | goto end; | |
bdd58d98 | 212 | out = bio_open_default(outfile, 'w', FORMAT_BINARY); |
7e1b7485 RS |
213 | if (out == NULL) |
214 | goto end; | |
0f113f3e | 215 | |
ed576acd | 216 | keysize = EVP_PKEY_get_size(pkey); |
0f113f3e | 217 | |
68dc6824 RS |
218 | rsa_in = app_malloc(keysize * 2, "hold rsa key"); |
219 | rsa_out = app_malloc(keysize, "output rsa key"); | |
d7e498ac | 220 | rsa_outlen = keysize; |
0f113f3e MC |
221 | |
222 | /* Read the input data */ | |
d7e498ac RL |
223 | rv = BIO_read(in, rsa_in, keysize * 2); |
224 | if (rv < 0) { | |
0f113f3e | 225 | BIO_printf(bio_err, "Error reading input Data\n"); |
7e1b7485 | 226 | goto end; |
0f113f3e | 227 | } |
d7e498ac | 228 | rsa_inlen = rv; |
0f113f3e | 229 | if (rev) { |
d7e498ac | 230 | size_t i; |
0f113f3e | 231 | unsigned char ctmp; |
d7e498ac | 232 | |
0f113f3e MC |
233 | for (i = 0; i < rsa_inlen / 2; i++) { |
234 | ctmp = rsa_in[i]; | |
235 | rsa_in[i] = rsa_in[rsa_inlen - 1 - i]; | |
236 | rsa_in[rsa_inlen - 1 - i] = ctmp; | |
237 | } | |
238 | } | |
0f113f3e | 239 | |
d7e498ac RL |
240 | if ((ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL)) == NULL) |
241 | goto end; | |
242 | ||
243 | switch (rsa_mode) { | |
0f113f3e | 244 | case RSA_VERIFY: |
d7e498ac RL |
245 | rv = EVP_PKEY_verify_recover_init(ctx) |
246 | && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) | |
247 | && EVP_PKEY_verify_recover(ctx, rsa_out, &rsa_outlen, | |
248 | rsa_in, rsa_inlen); | |
0f113f3e | 249 | break; |
0f113f3e | 250 | case RSA_SIGN: |
d7e498ac RL |
251 | rv = EVP_PKEY_sign_init(ctx) |
252 | && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) | |
253 | && EVP_PKEY_sign(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen); | |
0f113f3e | 254 | break; |
0f113f3e | 255 | case RSA_ENCRYPT: |
d7e498ac RL |
256 | rv = EVP_PKEY_encrypt_init(ctx) |
257 | && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) | |
258 | && EVP_PKEY_encrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen); | |
0f113f3e | 259 | break; |
0f113f3e | 260 | case RSA_DECRYPT: |
d7e498ac RL |
261 | rv = EVP_PKEY_decrypt_init(ctx) |
262 | && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) | |
263 | && EVP_PKEY_decrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen); | |
0f113f3e | 264 | break; |
0f113f3e MC |
265 | } |
266 | ||
d7e498ac | 267 | if (!rv) { |
0f113f3e MC |
268 | BIO_printf(bio_err, "RSA operation error\n"); |
269 | ERR_print_errors(bio_err); | |
270 | goto end; | |
271 | } | |
272 | ret = 0; | |
273 | if (asn1parse) { | |
274 | if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) { | |
275 | ERR_print_errors(bio_err); | |
276 | } | |
2234212c | 277 | } else if (hexdump) { |
0f113f3e | 278 | BIO_dump(out, (char *)rsa_out, rsa_outlen); |
2234212c | 279 | } else { |
0f113f3e | 280 | BIO_write(out, rsa_out, rsa_outlen); |
2234212c | 281 | } |
0f113f3e | 282 | end: |
d7e498ac RL |
283 | EVP_PKEY_CTX_free(ctx); |
284 | EVP_PKEY_free(pkey); | |
dd1abd44 | 285 | release_engine(e); |
0f113f3e MC |
286 | BIO_free(in); |
287 | BIO_free_all(out); | |
b548a1f1 RS |
288 | OPENSSL_free(rsa_in); |
289 | OPENSSL_free(rsa_out); | |
290 | OPENSSL_free(passin); | |
0f113f3e | 291 | return ret; |
bd08a2bd | 292 | } |