]>
Commit | Line | Data |
---|---|---|
0f113f3e MC |
1 | /* |
2 | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project | |
3 | * 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org). | |
8ce97163 DSH |
4 | */ |
5 | /* ==================================================================== | |
6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
0f113f3e | 13 | * notice, this list of conditions and the following disclaimer. |
8ce97163 DSH |
14 | * |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * licensing@OpenSSL.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | * | |
53 | * This product includes cryptographic software written by Eric Young | |
54 | * (eay@cryptsoft.com). This product includes software written by Tim | |
55 | * Hudson (tjh@cryptsoft.com). | |
56 | * | |
57 | */ | |
58 | #include <stdio.h> | |
59 | #include <stdlib.h> | |
60 | #include <string.h> | |
61 | #include <time.h> | |
62 | #include "apps.h" | |
63 | #include <openssl/bio.h> | |
de83c122 | 64 | #include <openssl/conf.h> |
8ce97163 | 65 | #include <openssl/err.h> |
8ce97163 | 66 | #include <openssl/evp.h> |
37634c8b | 67 | #include <openssl/lhash.h> |
8ce97163 DSH |
68 | #include <openssl/x509.h> |
69 | #include <openssl/pem.h> | |
70 | ||
7e1b7485 RS |
71 | typedef enum OPTION_choice { |
72 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, | |
73 | OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT, | |
74 | OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC, | |
75 | OPT_SPKSECT | |
76 | } OPTION_CHOICE; | |
77 | ||
78 | OPTIONS spkac_options[] = { | |
79 | {"help", OPT_HELP, '-', "Display this summary"}, | |
80 | {"in", OPT_IN, '<', "Input file"}, | |
81 | {"out", OPT_OUT, '>', "Output file"}, | |
82 | {"key", OPT_KEY, '<', "Create SPKAC using private key"}, | |
83 | {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, | |
84 | {"challenge", OPT_CHALLENGE, 's', "Challenge string"}, | |
85 | {"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"}, | |
86 | {"noout", OPT_NOOUT, '-', "Don't print SPKAC"}, | |
87 | {"pubkey", OPT_PUBKEY, '-', "Output public key"}, | |
88 | {"verify", OPT_VERIFY, '-', "Verify SPKAC signature"}, | |
89 | {"spksect", OPT_SPKSECT, 's'}, | |
90 | #ifndef OPENSSL_NO_ENGINE | |
91 | {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, | |
92 | #endif | |
93 | {NULL} | |
94 | }; | |
667ac4ec | 95 | |
7e1b7485 | 96 | int spkac_main(int argc, char **argv) |
0f113f3e | 97 | { |
0f113f3e | 98 | BIO *in = NULL, *out = NULL; |
0f113f3e | 99 | CONF *conf = NULL; |
7e1b7485 | 100 | ENGINE *e = NULL; |
0f113f3e | 101 | EVP_PKEY *pkey = NULL; |
7e1b7485 | 102 | NETSCAPE_SPKI *spki = NULL; |
333b070e | 103 | char *challenge = NULL, *keyfile = NULL; |
7e1b7485 RS |
104 | char *infile = NULL, *outfile = NULL, *passinarg = NULL, *passin = NULL; |
105 | char *spkstr = NULL, *prog; | |
106 | const char *spkac = "SPKAC", *spksect = "default"; | |
107 | int i, ret = 1, verify = 0, noout = 0, pubkey = 0; | |
108 | OPTION_CHOICE o; | |
109 | ||
110 | prog = opt_init(argc, argv, spkac_options); | |
111 | while ((o = opt_next()) != OPT_EOF) { | |
112 | switch (o) { | |
113 | case OPT_EOF: | |
114 | case OPT_ERR: | |
115 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); | |
116 | goto end; | |
117 | case OPT_HELP: | |
118 | opt_help(spkac_options); | |
119 | ret = 0; | |
120 | goto end; | |
121 | case OPT_IN: | |
122 | infile = opt_arg(); | |
123 | break; | |
124 | case OPT_OUT: | |
125 | outfile = opt_arg(); | |
126 | break; | |
127 | case OPT_NOOUT: | |
0f113f3e | 128 | noout = 1; |
7e1b7485 RS |
129 | break; |
130 | case OPT_PUBKEY: | |
0f113f3e | 131 | pubkey = 1; |
7e1b7485 RS |
132 | break; |
133 | case OPT_VERIFY: | |
0f113f3e | 134 | verify = 1; |
7e1b7485 RS |
135 | break; |
136 | case OPT_PASSIN: | |
137 | passinarg = opt_arg(); | |
138 | break; | |
139 | case OPT_KEY: | |
140 | keyfile = opt_arg(); | |
141 | break; | |
142 | case OPT_CHALLENGE: | |
143 | challenge = opt_arg(); | |
144 | break; | |
145 | case OPT_SPKAC: | |
146 | spkac = opt_arg(); | |
147 | break; | |
148 | case OPT_SPKSECT: | |
149 | spksect = opt_arg(); | |
150 | break; | |
151 | case OPT_ENGINE: | |
333b070e | 152 | e = setup_engine(opt_arg(), 0); |
7e1b7485 | 153 | break; |
7e1b7485 | 154 | } |
0f113f3e | 155 | } |
7e1b7485 RS |
156 | argc = opt_num_rest(); |
157 | argv = opt_rest(); | |
8ce97163 | 158 | |
7e1b7485 | 159 | if (!app_passwd(passinarg, NULL, &passin, NULL)) { |
0f113f3e MC |
160 | BIO_printf(bio_err, "Error getting password\n"); |
161 | goto end; | |
162 | } | |
5270e702 | 163 | |
0f113f3e | 164 | if (keyfile) { |
7e1b7485 | 165 | pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL, |
0f113f3e MC |
166 | FORMAT_PEM, 1, passin, e, "private key"); |
167 | if (!pkey) { | |
168 | goto end; | |
169 | } | |
170 | spki = NETSCAPE_SPKI_new(); | |
171 | if (challenge) | |
172 | ASN1_STRING_set(spki->spkac->challenge, | |
173 | challenge, (int)strlen(challenge)); | |
174 | NETSCAPE_SPKI_set_pubkey(spki, pkey); | |
175 | NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); | |
176 | spkstr = NETSCAPE_SPKI_b64_encode(spki); | |
8ce97163 | 177 | |
7e1b7485 RS |
178 | out = bio_open_default(outfile, "w"); |
179 | if (out == NULL) | |
0f113f3e | 180 | goto end; |
0f113f3e MC |
181 | BIO_printf(out, "SPKAC=%s\n", spkstr); |
182 | OPENSSL_free(spkstr); | |
183 | ret = 0; | |
184 | goto end; | |
185 | } | |
8ce97163 | 186 | |
7e1b7485 RS |
187 | in = bio_open_default(infile, "r"); |
188 | if (in == NULL) | |
0f113f3e | 189 | goto end; |
8ce97163 | 190 | |
0f113f3e MC |
191 | conf = NCONF_new(NULL); |
192 | i = NCONF_load_bio(conf, in, NULL); | |
0f113f3e MC |
193 | if (!i) { |
194 | BIO_printf(bio_err, "Error parsing config file\n"); | |
195 | ERR_print_errors(bio_err); | |
196 | goto end; | |
197 | } | |
8ce97163 | 198 | |
0f113f3e | 199 | spkstr = NCONF_get_string(conf, spksect, spkac); |
8ce97163 | 200 | |
0f113f3e MC |
201 | if (!spkstr) { |
202 | BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); | |
203 | ERR_print_errors(bio_err); | |
204 | goto end; | |
205 | } | |
8ce97163 | 206 | |
0f113f3e | 207 | spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); |
8ce97163 | 208 | |
0f113f3e MC |
209 | if (!spki) { |
210 | BIO_printf(bio_err, "Error loading SPKAC\n"); | |
211 | ERR_print_errors(bio_err); | |
212 | goto end; | |
213 | } | |
8ce97163 | 214 | |
7e1b7485 RS |
215 | out = bio_open_default(outfile, "w"); |
216 | if (out == NULL) | |
0f113f3e | 217 | goto end; |
8ce97163 | 218 | |
0f113f3e MC |
219 | if (!noout) |
220 | NETSCAPE_SPKI_print(out, spki); | |
221 | pkey = NETSCAPE_SPKI_get_pubkey(spki); | |
222 | if (verify) { | |
223 | i = NETSCAPE_SPKI_verify(spki, pkey); | |
224 | if (i > 0) | |
225 | BIO_printf(bio_err, "Signature OK\n"); | |
226 | else { | |
227 | BIO_printf(bio_err, "Signature Failure\n"); | |
228 | ERR_print_errors(bio_err); | |
229 | goto end; | |
230 | } | |
231 | } | |
232 | if (pubkey) | |
233 | PEM_write_bio_PUBKEY(out, pkey); | |
8ce97163 | 234 | |
0f113f3e | 235 | ret = 0; |
8ce97163 | 236 | |
0f113f3e MC |
237 | end: |
238 | NCONF_free(conf); | |
239 | NETSCAPE_SPKI_free(spki); | |
240 | BIO_free(in); | |
241 | BIO_free_all(out); | |
242 | EVP_PKEY_free(pkey); | |
243 | if (passin) | |
244 | OPENSSL_free(passin); | |
7e1b7485 | 245 | return (ret); |
0f113f3e | 246 | } |