apps/pkey.c

   1 /*
   2  * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the OpenSSL license (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdio.h>
  11 #include <string.h>
  12 #include "apps.h"
  13 #include <openssl/pem.h>
  14 #include <openssl/err.h>
  15 #include <openssl/evp.h>
  16
  17 typedef enum OPTION_choice {
  18     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
  19     OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE,
  20     OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB,
  21     OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL, OPT_CHECK
  22 } OPTION_CHOICE;
  23
  24 const OPTIONS pkey_options[] = {
  25     {"help", OPT_HELP, '-', "Display this summary"},
  26     {"inform", OPT_INFORM, 'f', "Input format (DER or PEM)"},
  27     {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
  28     {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
  29     {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
  30     {"in", OPT_IN, 's', "Input key"},
  31     {"out", OPT_OUT, '>', "Output file"},
  32     {"pubin", OPT_PUBIN, '-',
  33      "Read public key from input (default is private key)"},
  34     {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
  35     {"text_pub", OPT_TEXT_PUB, '-', "Only output public key components"},
  36     {"text", OPT_TEXT, '-', "Output in plaintext as well"},
  37     {"noout", OPT_NOOUT, '-', "Don't output the key"},
  38     {"", OPT_MD, '-', "Any supported cipher"},
  39     {"traditional", OPT_TRADITIONAL, '-',
  40      "Use traditional format for private keys"},
  41 #ifndef OPENSSL_NO_ENGINE
  42     {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
  43 #endif
  44     {"check", OPT_CHECK, '-', "Check key consistency"},
  45     {NULL}
  46 };
  47
  48 int pkey_main(int argc, char **argv)
  49 {
  50     BIO *in = NULL, *out = NULL;
  51     ENGINE *e = NULL;
  52     EVP_PKEY *pkey = NULL;
  53     const EVP_CIPHER *cipher = NULL;
  54     char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL;
  55     char *passinarg = NULL, *passoutarg = NULL, *prog;
  56     OPTION_CHOICE o;
  57     int informat = FORMAT_PEM, outformat = FORMAT_PEM;
  58     int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0, ret = 1;
  59     int private = 0, traditional = 0, check = 0;
  60
  61     prog = opt_init(argc, argv, pkey_options);
  62     while ((o = opt_next()) != OPT_EOF) {
  63         switch (o) {
  64         case OPT_EOF:
  65         case OPT_ERR:
  66  opthelp:
  67             BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
  68             goto end;
  69         case OPT_HELP:
  70             opt_help(pkey_options);
  71             ret = 0;
  72             goto end;
  73         case OPT_INFORM:
  74             if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
  75                 goto opthelp;
  76             break;
  77         case OPT_OUTFORM:
  78             if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
  79                 goto opthelp;
  80             break;
  81         case OPT_PASSIN:
  82             passinarg = opt_arg();
  83             break;
  84         case OPT_PASSOUT:
  85             passoutarg = opt_arg();
  86             break;
  87         case OPT_ENGINE:
  88             e = setup_engine(opt_arg(), 0);
  89             break;
  90         case OPT_IN:
  91             infile = opt_arg();
  92             break;
  93         case OPT_OUT:
  94             outfile = opt_arg();
  95             break;
  96         case OPT_PUBIN:
  97             pubin = pubout = pubtext = 1;
  98             break;
  99         case OPT_PUBOUT:
 100             pubout = 1;
 101             break;
 102         case OPT_TEXT_PUB:
 103             pubtext = text = 1;
 104             break;
 105         case OPT_TEXT:
 106             text = 1;
 107             break;
 108         case OPT_NOOUT:
 109             noout = 1;
 110             break;
 111         case OPT_TRADITIONAL:
 112             traditional = 1;
 113             break;
 114         case OPT_CHECK:
 115             check = 1;
 116             break;
 117         case OPT_MD:
 118             if (!opt_cipher(opt_unknown(), &cipher))
 119                 goto opthelp;
 120         }
 121     }
 122     argc = opt_num_rest();
 123     if (argc != 0)
 124         goto opthelp;
 125
 126     private = !noout && !pubout ? 1 : 0;
 127     if (text && !pubtext)
 128         private = 1;
 129
 130     if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
 131         BIO_printf(bio_err, "Error getting passwords\n");
 132         goto end;
 133     }
 134
 135     out = bio_open_owner(outfile, outformat, private);
 136     if (out == NULL)
 137         goto end;
 138
 139     if (pubin)
 140         pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
 141     else
 142         pkey = load_key(infile, informat, 1, passin, e, "key");
 143     if (pkey == NULL)
 144         goto end;
 145
 146     if (check) {
 147         int r;
 148         EVP_PKEY_CTX *ctx;
 149
 150         ctx = EVP_PKEY_CTX_new(pkey, e);
 151         if (ctx == NULL) {
 152             ERR_print_errors(bio_err);
 153             goto end;
 154         }
 155
 156         r = EVP_PKEY_check(ctx);
 157
 158         if (r == 1) {
 159             BIO_printf(out, "Key is valid\n");
 160         } else {
 161             /*
 162              * Note: at least for RSA keys if this function returns
 163              * -1, there will be no error reasons.
 164              */
 165             unsigned long err;
 166
 167             BIO_printf(out, "Key is invalid\n");
 168
 169             while ((err = ERR_peek_error()) != 0) {
 170                 BIO_printf(out, "Detailed error: %s\n",
 171                            ERR_reason_error_string(err));
 172                 ERR_get_error(); /* remove err from error stack */
 173             }
 174         }
 175         EVP_PKEY_CTX_free(ctx);
 176     }
 177
 178     if (!noout) {
 179         if (outformat == FORMAT_PEM) {
 180             if (pubout) {
 181                 PEM_write_bio_PUBKEY(out, pkey);
 182             } else {
 183                 assert(private);
 184                 if (traditional)
 185                     PEM_write_bio_PrivateKey_traditional(out, pkey, cipher,
 186                                                          NULL, 0, NULL,
 187                                                          passout);
 188                 else
 189                     PEM_write_bio_PrivateKey(out, pkey, cipher,
 190                                              NULL, 0, NULL, passout);
 191             }
 192         } else if (outformat == FORMAT_ASN1) {
 193             if (pubout) {
 194                 i2d_PUBKEY_bio(out, pkey);
 195             } else {
 196                 assert(private);
 197                 i2d_PrivateKey_bio(out, pkey);
 198             }
 199         } else {
 200             BIO_printf(bio_err, "Bad format specified for key\n");
 201             goto end;
 202         }
 203     }
 204
 205     if (text) {
 206         if (pubtext) {
 207             EVP_PKEY_print_public(out, pkey, 0, NULL);
 208         } else {
 209             assert(private);
 210             EVP_PKEY_print_private(out, pkey, 0, NULL);
 211         }
 212     }
 213
 214     ret = 0;
 215
 216  end:
 217     if (ret != 0)
 218         ERR_print_errors(bio_err);
 219     EVP_PKEY_free(pkey);
 220     release_engine(e);
 221     BIO_free_all(out);
 222     BIO_free(in);
 223     OPENSSL_free(passin);
 224     OPENSSL_free(passout);
 225
 226     return ret;
 227 }