]>
Commit | Line | Data |
---|---|---|
0f113f3e MC |
1 | /* |
2 | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project | |
3 | * 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org). | |
8ce97163 DSH |
4 | */ |
5 | /* ==================================================================== | |
6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
0f113f3e | 13 | * notice, this list of conditions and the following disclaimer. |
8ce97163 DSH |
14 | * |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * licensing@OpenSSL.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | * | |
53 | * This product includes cryptographic software written by Eric Young | |
54 | * (eay@cryptsoft.com). This product includes software written by Tim | |
55 | * Hudson (tjh@cryptsoft.com). | |
56 | * | |
57 | */ | |
58 | #include <stdio.h> | |
59 | #include <stdlib.h> | |
60 | #include <string.h> | |
61 | #include <time.h> | |
62 | #include "apps.h" | |
63 | #include <openssl/bio.h> | |
de83c122 | 64 | #include <openssl/conf.h> |
8ce97163 | 65 | #include <openssl/err.h> |
8ce97163 | 66 | #include <openssl/evp.h> |
37634c8b | 67 | #include <openssl/lhash.h> |
8ce97163 DSH |
68 | #include <openssl/x509.h> |
69 | #include <openssl/pem.h> | |
70 | ||
7e1b7485 RS |
71 | typedef enum OPTION_choice { |
72 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, | |
73 | OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT, | |
74 | OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC, | |
75 | OPT_SPKSECT | |
76 | } OPTION_CHOICE; | |
77 | ||
78 | OPTIONS spkac_options[] = { | |
79 | {"help", OPT_HELP, '-', "Display this summary"}, | |
80 | {"in", OPT_IN, '<', "Input file"}, | |
81 | {"out", OPT_OUT, '>', "Output file"}, | |
82 | {"key", OPT_KEY, '<', "Create SPKAC using private key"}, | |
83 | {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, | |
84 | {"challenge", OPT_CHALLENGE, 's', "Challenge string"}, | |
85 | {"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"}, | |
86 | {"noout", OPT_NOOUT, '-', "Don't print SPKAC"}, | |
87 | {"pubkey", OPT_PUBKEY, '-', "Output public key"}, | |
88 | {"verify", OPT_VERIFY, '-', "Verify SPKAC signature"}, | |
89 | {"spksect", OPT_SPKSECT, 's'}, | |
90 | #ifndef OPENSSL_NO_ENGINE | |
91 | {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, | |
92 | #endif | |
93 | {NULL} | |
94 | }; | |
667ac4ec | 95 | |
7e1b7485 | 96 | int spkac_main(int argc, char **argv) |
0f113f3e | 97 | { |
cc01d217 | 98 | BIO *out = NULL; |
0f113f3e | 99 | CONF *conf = NULL; |
7e1b7485 | 100 | ENGINE *e = NULL; |
0f113f3e | 101 | EVP_PKEY *pkey = NULL; |
7e1b7485 | 102 | NETSCAPE_SPKI *spki = NULL; |
333b070e | 103 | char *challenge = NULL, *keyfile = NULL; |
7e1b7485 RS |
104 | char *infile = NULL, *outfile = NULL, *passinarg = NULL, *passin = NULL; |
105 | char *spkstr = NULL, *prog; | |
106 | const char *spkac = "SPKAC", *spksect = "default"; | |
107 | int i, ret = 1, verify = 0, noout = 0, pubkey = 0; | |
108 | OPTION_CHOICE o; | |
109 | ||
110 | prog = opt_init(argc, argv, spkac_options); | |
111 | while ((o = opt_next()) != OPT_EOF) { | |
112 | switch (o) { | |
113 | case OPT_EOF: | |
114 | case OPT_ERR: | |
03358517 | 115 | opthelp: |
7e1b7485 RS |
116 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); |
117 | goto end; | |
118 | case OPT_HELP: | |
119 | opt_help(spkac_options); | |
120 | ret = 0; | |
121 | goto end; | |
122 | case OPT_IN: | |
123 | infile = opt_arg(); | |
124 | break; | |
125 | case OPT_OUT: | |
126 | outfile = opt_arg(); | |
127 | break; | |
128 | case OPT_NOOUT: | |
0f113f3e | 129 | noout = 1; |
7e1b7485 RS |
130 | break; |
131 | case OPT_PUBKEY: | |
0f113f3e | 132 | pubkey = 1; |
7e1b7485 RS |
133 | break; |
134 | case OPT_VERIFY: | |
0f113f3e | 135 | verify = 1; |
7e1b7485 RS |
136 | break; |
137 | case OPT_PASSIN: | |
138 | passinarg = opt_arg(); | |
139 | break; | |
140 | case OPT_KEY: | |
141 | keyfile = opt_arg(); | |
142 | break; | |
143 | case OPT_CHALLENGE: | |
144 | challenge = opt_arg(); | |
145 | break; | |
146 | case OPT_SPKAC: | |
147 | spkac = opt_arg(); | |
148 | break; | |
149 | case OPT_SPKSECT: | |
150 | spksect = opt_arg(); | |
151 | break; | |
152 | case OPT_ENGINE: | |
333b070e | 153 | e = setup_engine(opt_arg(), 0); |
7e1b7485 | 154 | break; |
7e1b7485 | 155 | } |
0f113f3e | 156 | } |
7e1b7485 | 157 | argc = opt_num_rest(); |
03358517 KR |
158 | if (argc != 0) |
159 | goto opthelp; | |
8ce97163 | 160 | |
7e1b7485 | 161 | if (!app_passwd(passinarg, NULL, &passin, NULL)) { |
0f113f3e MC |
162 | BIO_printf(bio_err, "Error getting password\n"); |
163 | goto end; | |
164 | } | |
5270e702 | 165 | |
0f113f3e | 166 | if (keyfile) { |
7e1b7485 | 167 | pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL, |
0f113f3e MC |
168 | FORMAT_PEM, 1, passin, e, "private key"); |
169 | if (!pkey) { | |
170 | goto end; | |
171 | } | |
172 | spki = NETSCAPE_SPKI_new(); | |
173 | if (challenge) | |
174 | ASN1_STRING_set(spki->spkac->challenge, | |
175 | challenge, (int)strlen(challenge)); | |
176 | NETSCAPE_SPKI_set_pubkey(spki, pkey); | |
177 | NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); | |
178 | spkstr = NETSCAPE_SPKI_b64_encode(spki); | |
8ce97163 | 179 | |
bdd58d98 | 180 | out = bio_open_default(outfile, 'w', FORMAT_TEXT); |
7e1b7485 | 181 | if (out == NULL) |
0f113f3e | 182 | goto end; |
0f113f3e MC |
183 | BIO_printf(out, "SPKAC=%s\n", spkstr); |
184 | OPENSSL_free(spkstr); | |
185 | ret = 0; | |
186 | goto end; | |
187 | } | |
8ce97163 | 188 | |
cc01d217 | 189 | if ((conf = app_load_config(infile)) == NULL) |
0f113f3e | 190 | goto end; |
8ce97163 | 191 | |
0f113f3e | 192 | spkstr = NCONF_get_string(conf, spksect, spkac); |
8ce97163 | 193 | |
96487cdd | 194 | if (spkstr == NULL) { |
0f113f3e MC |
195 | BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); |
196 | ERR_print_errors(bio_err); | |
197 | goto end; | |
198 | } | |
8ce97163 | 199 | |
0f113f3e | 200 | spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); |
8ce97163 | 201 | |
0f113f3e MC |
202 | if (!spki) { |
203 | BIO_printf(bio_err, "Error loading SPKAC\n"); | |
204 | ERR_print_errors(bio_err); | |
205 | goto end; | |
206 | } | |
8ce97163 | 207 | |
bdd58d98 | 208 | out = bio_open_default(outfile, 'w', FORMAT_TEXT); |
7e1b7485 | 209 | if (out == NULL) |
0f113f3e | 210 | goto end; |
8ce97163 | 211 | |
0f113f3e MC |
212 | if (!noout) |
213 | NETSCAPE_SPKI_print(out, spki); | |
214 | pkey = NETSCAPE_SPKI_get_pubkey(spki); | |
215 | if (verify) { | |
216 | i = NETSCAPE_SPKI_verify(spki, pkey); | |
217 | if (i > 0) | |
218 | BIO_printf(bio_err, "Signature OK\n"); | |
219 | else { | |
220 | BIO_printf(bio_err, "Signature Failure\n"); | |
221 | ERR_print_errors(bio_err); | |
222 | goto end; | |
223 | } | |
224 | } | |
225 | if (pubkey) | |
226 | PEM_write_bio_PUBKEY(out, pkey); | |
8ce97163 | 227 | |
0f113f3e | 228 | ret = 0; |
8ce97163 | 229 | |
0f113f3e MC |
230 | end: |
231 | NCONF_free(conf); | |
232 | NETSCAPE_SPKI_free(spki); | |
0f113f3e MC |
233 | BIO_free_all(out); |
234 | EVP_PKEY_free(pkey); | |
b548a1f1 | 235 | OPENSSL_free(passin); |
7e1b7485 | 236 | return (ret); |
0f113f3e | 237 | } |