14e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 24e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * project 2006. 34e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom */ 44e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom/* ==================================================================== 54e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 64e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * 74e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * Redistribution and use in source and binary forms, with or without 84e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * modification, are permitted provided that the following conditions 94e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * are met: 104e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * 114e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * 1. Redistributions of source code must retain the above copyright 124e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * notice, this list of conditions and the following disclaimer. 134e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * 144e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * 2. Redistributions in binary form must reproduce the above copyright 154e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * notice, this list of conditions and the following disclaimer in 164e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * the documentation and/or other materials provided with the 174e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * distribution. 184e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * 194e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * 3. All advertising materials mentioning features or use of this 204e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * software must display the following acknowledgment: 214e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * "This product includes software developed by the OpenSSL Project 224e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 234e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * 244e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 254e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * endorse or promote products derived from this software without 264e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * prior written permission. For written permission, please contact 274e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * licensing@OpenSSL.org. 284e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * 294e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * 5. Products derived from this software may not be called "OpenSSL" 304e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * nor may "OpenSSL" appear in their names without prior written 314e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * permission of the OpenSSL Project. 324e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * 334e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * 6. Redistributions of any form whatsoever must retain the following 344e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * acknowledgment: 354e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * "This product includes software developed by the OpenSSL Project 364e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 374e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * 384e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 394e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 404e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 414e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 424e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 434e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 444e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 454e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 464e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 474e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 484e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 494e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * OF THE POSSIBILITY OF SUCH DAMAGE. 504e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * ==================================================================== 514e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * 524e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * This product includes cryptographic software written by Eric Young 534e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * (eay@cryptsoft.com). This product includes software written by Tim 544e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * Hudson (tjh@cryptsoft.com). 554e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom * 564e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom */ 574e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 584e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 594e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom#include "apps.h" 604e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom#include <string.h> 614e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom#include <openssl/err.h> 624e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom#include <openssl/pem.h> 634e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom#include <openssl/evp.h> 644e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 654e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom#define KEY_PRIVKEY 1 664e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom#define KEY_PUBKEY 2 674e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom#define KEY_CERT 3 684e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 694e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstromstatic void usage(void); 704e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 714e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom#undef PROG 724e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 734e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom#define PROG pkeyutl_main 744e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 754e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstromstatic EVP_PKEY_CTX *init_ctx(int *pkeysize, 764e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom char *keyfile, int keyform, int key_type, 774e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom char *passargin, int pkey_op, ENGINE *e); 784e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 794e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstromstatic int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, 804e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom const char *file); 814e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 824e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstromstatic int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, 834e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom unsigned char *out, size_t *poutlen, 844e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom unsigned char *in, size_t inlen); 854e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 864e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstromint MAIN(int argc, char **); 874e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 884e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstromint MAIN(int argc, char **argv) 894e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom{ 904e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO *in = NULL, *out = NULL; 914e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom char *infile = NULL, *outfile = NULL, *sigfile = NULL; 924e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom ENGINE *e = NULL; 934e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY; 944e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom int keyform = FORMAT_PEM, peerform = FORMAT_PEM; 954e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom char badarg = 0, rev = 0; 964e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom char hexdump = 0, asn1parse = 0; 974e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom EVP_PKEY_CTX *ctx = NULL; 984e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom char *passargin = NULL; 994e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom int keysize = -1; 1004e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 1014e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL; 1024e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom size_t buf_outlen; 1034e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom int buf_inlen = 0, siglen = -1; 1044e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 1054e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom int ret = 1, rv = -1; 1064e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 1074e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom argc--; 1084e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom argv++; 1094e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 1104e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 1114e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 1124e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (!load_config(bio_err, NULL)) 1134e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom goto end; 1144e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom ERR_load_crypto_strings(); 1154e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom OpenSSL_add_all_algorithms(); 1164e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 1174e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom while(argc >= 1) 1184e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 1194e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (!strcmp(*argv,"-in")) 1204e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 1214e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (--argc < 1) badarg = 1; 12243c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom else infile= *(++argv); 1234e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 1244e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if (!strcmp(*argv,"-out")) 1254e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 1264e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (--argc < 1) badarg = 1; 12743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom else outfile= *(++argv); 1284e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 1294e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if (!strcmp(*argv,"-sigfile")) 1304e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 1314e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (--argc < 1) badarg = 1; 13243c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom else sigfile= *(++argv); 1334e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 1344e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if(!strcmp(*argv, "-inkey")) 1354e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 1364e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (--argc < 1) 1374e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom badarg = 1; 1384e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else 1394e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 1404e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom ctx = init_ctx(&keysize, 1414e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom *(++argv), keyform, key_type, 1424e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom passargin, pkey_op, e); 1434e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (!ctx) 1444e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 1454e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_puts(bio_err, 1464e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom "Error initializing context\n"); 1474e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom ERR_print_errors(bio_err); 1484e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom badarg = 1; 1494e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 1504e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 1514e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 1524e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if (!strcmp(*argv,"-peerkey")) 1534e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 1544e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (--argc < 1) 1554e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom badarg = 1; 1564e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if (!setup_peer(bio_err, ctx, peerform, *(++argv))) 1574e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom badarg = 1; 1584e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 1594e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if (!strcmp(*argv,"-passin")) 1604e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 1614e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (--argc < 1) badarg = 1; 16243c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom else passargin= *(++argv); 1634e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 1644e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if (strcmp(*argv,"-peerform") == 0) 1654e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 1664e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (--argc < 1) badarg = 1; 16743c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom else peerform=str2fmt(*(++argv)); 1684e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 1694e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if (strcmp(*argv,"-keyform") == 0) 1704e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 1714e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (--argc < 1) badarg = 1; 17243c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom else keyform=str2fmt(*(++argv)); 1734e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 1744e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom#ifndef OPENSSL_NO_ENGINE 1754e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if(!strcmp(*argv, "-engine")) 1764e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 1774e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (--argc < 1) 1784e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom badarg = 1; 1794e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else 1804e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom e = setup_engine(bio_err, *(++argv), 0); 1814e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 1824e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom#endif 1834e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if(!strcmp(*argv, "-pubin")) 1844e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom key_type = KEY_PUBKEY; 1854e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if(!strcmp(*argv, "-certin")) 1864e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom key_type = KEY_CERT; 1874e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if(!strcmp(*argv, "-asn1parse")) 1884e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom asn1parse = 1; 1894e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if(!strcmp(*argv, "-hexdump")) 1904e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom hexdump = 1; 1914e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if(!strcmp(*argv, "-sign")) 1924e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom pkey_op = EVP_PKEY_OP_SIGN; 1934e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if(!strcmp(*argv, "-verify")) 1944e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom pkey_op = EVP_PKEY_OP_VERIFY; 1954e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if(!strcmp(*argv, "-verifyrecover")) 1964e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom pkey_op = EVP_PKEY_OP_VERIFYRECOVER; 1974e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if(!strcmp(*argv, "-rev")) 1984e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom rev = 1; 1994e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if(!strcmp(*argv, "-encrypt")) 2004e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom pkey_op = EVP_PKEY_OP_ENCRYPT; 2014e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if(!strcmp(*argv, "-decrypt")) 2024e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom pkey_op = EVP_PKEY_OP_DECRYPT; 2034e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if(!strcmp(*argv, "-derive")) 2044e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom pkey_op = EVP_PKEY_OP_DERIVE; 2054e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if (strcmp(*argv,"-pkeyopt") == 0) 2064e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 2074e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (--argc < 1) 2084e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom badarg = 1; 2094e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if (!ctx) 2104e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 2114e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_puts(bio_err, 2124e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom "-pkeyopt command before -inkey\n"); 2134e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom badarg = 1; 2144e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 2154e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) 2164e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 2174e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_puts(bio_err, "parameter setting error\n"); 2184e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom ERR_print_errors(bio_err); 2194e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom goto end; 2204e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 2214e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 2224e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else badarg = 1; 2234e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if(badarg) 2244e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 2254e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom usage(); 2264e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom goto end; 2274e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 2284e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom argc--; 2294e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom argv++; 2304e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 2314e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 2324e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (!ctx) 2334e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 2344e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom usage(); 2354e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom goto end; 2364e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 2374e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 2384e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) 2394e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 2404e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_puts(bio_err, "Signature file specified for non verify\n"); 2414e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom goto end; 2424e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 2434e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 2444e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) 2454e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 2464e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_puts(bio_err, "No signature file specified for verify\n"); 2474e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom goto end; 2484e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 2494e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 2504e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom/* FIXME: seed PRNG only if needed */ 2514e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom app_RAND_load_file(NULL, bio_err, 0); 2524e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 2534e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (pkey_op != EVP_PKEY_OP_DERIVE) 2544e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 2554e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if(infile) 2564e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 2574e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if(!(in = BIO_new_file(infile, "rb"))) 2584e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 2594e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_puts(bio_err, 2604e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom "Error Opening Input File\n"); 2614e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom ERR_print_errors(bio_err); 2624e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom goto end; 2634e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 2644e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 2654e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else 2664e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom in = BIO_new_fp(stdin, BIO_NOCLOSE); 2674e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 2684e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 2694e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if(outfile) 2704e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 2714e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if(!(out = BIO_new_file(outfile, "wb"))) 2724e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 2734e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "Error Creating Output File\n"); 2744e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom ERR_print_errors(bio_err); 2754e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom goto end; 2764e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 2774e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 2784e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else 2794e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 2804e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom out = BIO_new_fp(stdout, BIO_NOCLOSE); 2814e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom#ifdef OPENSSL_SYS_VMS 2824e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 2834e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 2844e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom out = BIO_push(tmpbio, out); 2854e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 2864e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom#endif 2874e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 2884e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 2894e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (sigfile) 2904e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 2914e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO *sigbio = BIO_new_file(sigfile, "rb"); 2924e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (!sigbio) 2934e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 2944e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "Can't open signature file %s\n", 2954e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom sigfile); 2964e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom goto end; 2974e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 2984e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom siglen = bio_to_mem(&sig, keysize * 10, sigbio); 2994e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_free(sigbio); 3004e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (siglen <= 0) 3014e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 3024e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "Error reading signature data\n"); 3034e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom goto end; 3044e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 3054e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 3064e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 3074e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (in) 3084e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 3094e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom /* Read the input data */ 3104e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom buf_inlen = bio_to_mem(&buf_in, keysize * 10, in); 3114e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if(buf_inlen <= 0) 3124e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 3134e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "Error reading input Data\n"); 3144e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom exit(1); 3154e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 3164e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if(rev) 3174e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 3184e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom size_t i; 3194e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom unsigned char ctmp; 3204e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom size_t l = (size_t)buf_inlen; 3214e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom for(i = 0; i < l/2; i++) 3224e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 3234e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom ctmp = buf_in[i]; 3244e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom buf_in[i] = buf_in[l - 1 - i]; 3254e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom buf_in[l - 1 - i] = ctmp; 3264e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 3274e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 3284e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 3294e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 3304e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if(pkey_op == EVP_PKEY_OP_VERIFY) 3314e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 3324e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen, 3334e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom buf_in, (size_t)buf_inlen); 3344e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (rv == 0) 3354e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_puts(out, "Signature Verification Failure\n"); 3364e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if (rv == 1) 3374e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_puts(out, "Signature Verified Successfully\n"); 3384e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (rv >= 0) 3394e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom goto end; 3404e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 3414e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else 3424e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 3434e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen, 3444e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom buf_in, (size_t)buf_inlen); 3454e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (rv > 0) 3464e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 3474e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom buf_out = OPENSSL_malloc(buf_outlen); 3484e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (!buf_out) 3494e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom rv = -1; 3504e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else 3514e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom rv = do_keyop(ctx, pkey_op, 3524e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom buf_out, (size_t *)&buf_outlen, 3534e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom buf_in, (size_t)buf_inlen); 3544e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 3554e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 3564e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 3574e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if(rv <= 0) 3584e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 3594e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "Public Key operation error\n"); 3604e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom ERR_print_errors(bio_err); 3614e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom goto end; 3624e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 3634e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom ret = 0; 3644e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if(asn1parse) 3654e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 3664e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1)) 3674e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom ERR_print_errors(bio_err); 3684e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 3694e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else if(hexdump) 3704e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_dump(out, (char *)buf_out, buf_outlen); 3714e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom else 3724e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_write(out, buf_out, buf_outlen); 3734e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 3744e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom end: 3754e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (ctx) 3764e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom EVP_PKEY_CTX_free(ctx); 3774e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_free(in); 3784e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_free_all(out); 3794e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (buf_in) 3804e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom OPENSSL_free(buf_in); 3814e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (buf_out) 3824e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom OPENSSL_free(buf_out); 3834e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (sig) 3844e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom OPENSSL_free(sig); 3854e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom return ret; 3864e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom} 3874e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 3884e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstromstatic void usage() 3894e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom{ 3904e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "Usage: pkeyutl [options]\n"); 3914e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-in file input file\n"); 3924e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-out file output file\n"); 3934e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-sigfile file signature file (verify operation only)\n"); 3944e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-inkey file input key\n"); 3954e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-keyform arg private key format - default PEM\n"); 3964e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-pubin input is a public key\n"); 3974e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-certin input is a certificate carrying a public key\n"); 3984e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-pkeyopt X:Y public key options\n"); 3994e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-sign sign with private key\n"); 4004e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-verify verify with public key\n"); 4014e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-verifyrecover verify with public key, recover original data\n"); 4024e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-encrypt encrypt with public key\n"); 4034e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-decrypt decrypt with private key\n"); 4044e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-derive derive shared secret\n"); 4054e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-hexdump hex dump output\n"); 4064e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom#ifndef OPENSSL_NO_ENGINE 4074e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n"); 4084e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom#endif 4094e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "-passin arg pass phrase source\n"); 4104e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4114e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom} 4124e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4134e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstromstatic EVP_PKEY_CTX *init_ctx(int *pkeysize, 4144e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom char *keyfile, int keyform, int key_type, 4154e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom char *passargin, int pkey_op, ENGINE *e) 4164e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 4174e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom EVP_PKEY *pkey = NULL; 4184e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom EVP_PKEY_CTX *ctx = NULL; 4194e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom char *passin = NULL; 4204e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom int rv = -1; 4214e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom X509 *x; 4224e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if(((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) 4234e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom || (pkey_op == EVP_PKEY_OP_DERIVE)) 4244e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom && (key_type != KEY_PRIVKEY)) 4254e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 4264e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "A private key is needed for this operation\n"); 4274e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom goto end; 4284e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 4294e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) 4304e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 4314e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "Error getting password\n"); 4324e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom goto end; 4334e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 4344e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom switch(key_type) 4354e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 4364e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom case KEY_PRIVKEY: 4374e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom pkey = load_key(bio_err, keyfile, keyform, 0, 4384e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom passin, e, "Private Key"); 4394e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom break; 4404e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4414e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom case KEY_PUBKEY: 4424e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom pkey = load_pubkey(bio_err, keyfile, keyform, 0, 4434e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom NULL, e, "Public Key"); 4444e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom break; 4454e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4464e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom case KEY_CERT: 4474e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom x = load_cert(bio_err, keyfile, keyform, 4484e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom NULL, e, "Certificate"); 4494e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if(x) 4504e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 4514e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom pkey = X509_get_pubkey(x); 4524e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom X509_free(x); 4534e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 4544e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom break; 4554e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4564e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 4574e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4584e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom *pkeysize = EVP_PKEY_size(pkey); 4594e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4604e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (!pkey) 4614e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom goto end; 4624e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4634e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom ctx = EVP_PKEY_CTX_new(pkey, e); 4644e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4654e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom EVP_PKEY_free(pkey); 4664e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4674e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (!ctx) 4684e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom goto end; 4694e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4704e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom switch(pkey_op) 4714e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 4724e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom case EVP_PKEY_OP_SIGN: 4734e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom rv = EVP_PKEY_sign_init(ctx); 4744e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom break; 4754e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4764e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom case EVP_PKEY_OP_VERIFY: 4774e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom rv = EVP_PKEY_verify_init(ctx); 4784e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom break; 4794e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4804e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom case EVP_PKEY_OP_VERIFYRECOVER: 4814e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom rv = EVP_PKEY_verify_recover_init(ctx); 4824e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom break; 4834e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4844e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom case EVP_PKEY_OP_ENCRYPT: 4854e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom rv = EVP_PKEY_encrypt_init(ctx); 4864e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom break; 4874e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4884e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom case EVP_PKEY_OP_DECRYPT: 4894e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom rv = EVP_PKEY_decrypt_init(ctx); 4904e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom break; 4914e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4924e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom case EVP_PKEY_OP_DERIVE: 4934e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom rv = EVP_PKEY_derive_init(ctx); 4944e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom break; 4954e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 4964e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 4974e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (rv <= 0) 4984e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 4994e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom EVP_PKEY_CTX_free(ctx); 5004e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom ctx = NULL; 5014e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 5024e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 5034e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom end: 5044e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 5054e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (passin) 5064e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom OPENSSL_free(passin); 5074e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 5084e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom return ctx; 5094e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 5104e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 5114e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 5124e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 5134e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstromstatic int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, 5144e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom const char *file) 5154e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 5164e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom EVP_PKEY *peer = NULL; 5174e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom int ret; 5184e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (!ctx) 5194e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 5204e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_puts(err, "-peerkey command before -inkey\n"); 5214e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom return 0; 5224e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 5234e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 5244e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key"); 5254e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 5264e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (!peer) 5274e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 5284e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom BIO_printf(bio_err, "Error reading peer key %s\n", file); 5294e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom ERR_print_errors(err); 5304e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom return 0; 5314e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 5324e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 5334e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom ret = EVP_PKEY_derive_set_peer(ctx, peer); 5344e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 5354e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom EVP_PKEY_free(peer); 5364e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom if (ret <= 0) 5374e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom ERR_print_errors(err); 5384e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom return ret; 5394e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 5404e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 5414e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstromstatic int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, 5424e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom unsigned char *out, size_t *poutlen, 5434e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom unsigned char *in, size_t inlen) 5444e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 5454e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom int rv = 0; 5464e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom switch(pkey_op) 5474e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom { 5484e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom case EVP_PKEY_OP_VERIFYRECOVER: 5494e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen); 5504e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom break; 5514e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 5524e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom case EVP_PKEY_OP_SIGN: 5534e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen); 5544e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom break; 5554e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 5564e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom case EVP_PKEY_OP_ENCRYPT: 5574e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen); 5584e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom break; 5594e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 5604e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom case EVP_PKEY_OP_DECRYPT: 5614e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen); 5624e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom break; 5634e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 5644e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom case EVP_PKEY_OP_DERIVE: 5654e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom rv = EVP_PKEY_derive(ctx, out, poutlen); 5664e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom break; 5674e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom 5684e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 5694e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom return rv; 5704e0e02a98b7d235f19972c6a214fda924d6b958bBrian Carlstrom } 571