1/* rsautl.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in
17 *    the documentation and/or other materials provided with the
18 *    distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 *    software must display the following acknowledgment:
22 *    "This product includes software developed by the OpenSSL Project
23 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 *    endorse or promote products derived from this software without
27 *    prior written permission. For written permission, please contact
28 *    licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 *    nor may "OpenSSL" appear in their names without prior written
32 *    permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 *    acknowledgment:
36 *    "This product includes software developed by the OpenSSL Project
37 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com).  This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <openssl/opensslconf.h>
60#ifndef OPENSSL_NO_RSA
61
62#include "apps.h"
63#include <string.h>
64#include <openssl/err.h>
65#include <openssl/pem.h>
66#include <openssl/rsa.h>
67
68#define RSA_SIGN 	1
69#define RSA_VERIFY 	2
70#define RSA_ENCRYPT 	3
71#define RSA_DECRYPT 	4
72
73#define KEY_PRIVKEY	1
74#define KEY_PUBKEY	2
75#define KEY_CERT	3
76
77static void usage(void);
78
79#undef PROG
80
81#define PROG rsautl_main
82
83int MAIN(int argc, char **);
84
85int MAIN(int argc, char **argv)
86{
87	ENGINE *e = NULL;
88	BIO *in = NULL, *out = NULL;
89	char *infile = NULL, *outfile = NULL;
90#ifndef OPENSSL_NO_ENGINE
91	char *engine = NULL;
92#endif
93	char *keyfile = NULL;
94	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
95	int keyform = FORMAT_PEM;
96	char need_priv = 0, badarg = 0, rev = 0;
97	char hexdump = 0, asn1parse = 0;
98	X509 *x;
99	EVP_PKEY *pkey = NULL;
100	RSA *rsa = NULL;
101	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
102	char *passargin = NULL, *passin = NULL;
103	int rsa_inlen, rsa_outlen = 0;
104	int keysize;
105
106	int ret = 1;
107
108	argc--;
109	argv++;
110
111	if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
112
113	if (!load_config(bio_err, NULL))
114		goto end;
115	ERR_load_crypto_strings();
116	OpenSSL_add_all_algorithms();
117	pad = RSA_PKCS1_PADDING;
118
119	while(argc >= 1)
120	{
121		if (!strcmp(*argv,"-in")) {
122			if (--argc < 1)
123				badarg = 1;
124			else
125				infile= *(++argv);
126		} else if (!strcmp(*argv,"-out")) {
127			if (--argc < 1)
128				badarg = 1;
129			else
130				outfile= *(++argv);
131		} else if(!strcmp(*argv, "-inkey")) {
132			if (--argc < 1)
133				badarg = 1;
134			else
135				keyfile = *(++argv);
136		} else if (!strcmp(*argv,"-passin")) {
137			if (--argc < 1)
138				badarg = 1;
139			else
140				passargin= *(++argv);
141		} else if (strcmp(*argv,"-keyform") == 0) {
142			if (--argc < 1)
143				badarg = 1;
144			else
145				keyform=str2fmt(*(++argv));
146#ifndef OPENSSL_NO_ENGINE
147		} else if(!strcmp(*argv, "-engine")) {
148			if (--argc < 1)
149				badarg = 1;
150			else
151				engine = *(++argv);
152#endif
153		} else if(!strcmp(*argv, "-pubin")) {
154			key_type = KEY_PUBKEY;
155		} else if(!strcmp(*argv, "-certin")) {
156			key_type = KEY_CERT;
157		}
158		else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1;
159		else if(!strcmp(*argv, "-hexdump")) hexdump = 1;
160		else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING;
161		else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
162		else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
163		else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
164		else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
165		else if(!strcmp(*argv, "-sign")) {
166			rsa_mode = RSA_SIGN;
167			need_priv = 1;
168		} else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY;
169		else if(!strcmp(*argv, "-rev")) rev = 1;
170		else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT;
171		else if(!strcmp(*argv, "-decrypt")) {
172			rsa_mode = RSA_DECRYPT;
173			need_priv = 1;
174		} else badarg = 1;
175		if(badarg) {
176			usage();
177			goto end;
178		}
179		argc--;
180		argv++;
181	}
182
183	if(need_priv && (key_type != KEY_PRIVKEY)) {
184		BIO_printf(bio_err, "A private key is needed for this operation\n");
185		goto end;
186	}
187
188#ifndef OPENSSL_NO_ENGINE
189        e = setup_engine(bio_err, engine, 0);
190#endif
191	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
192		BIO_printf(bio_err, "Error getting password\n");
193		goto end;
194	}
195
196/* FIXME: seed PRNG only if needed */
197	app_RAND_load_file(NULL, bio_err, 0);
198
199	switch(key_type) {
200		case KEY_PRIVKEY:
201		pkey = load_key(bio_err, keyfile, keyform, 0,
202			passin, e, "Private Key");
203		break;
204
205		case KEY_PUBKEY:
206		pkey = load_pubkey(bio_err, keyfile, keyform, 0,
207			NULL, e, "Public Key");
208		break;
209
210		case KEY_CERT:
211		x = load_cert(bio_err, keyfile, keyform,
212			NULL, e, "Certificate");
213		if(x) {
214			pkey = X509_get_pubkey(x);
215			X509_free(x);
216		}
217		break;
218	}
219
220	if(!pkey) {
221		return 1;
222	}
223
224	rsa = EVP_PKEY_get1_RSA(pkey);
225	EVP_PKEY_free(pkey);
226
227	if(!rsa) {
228		BIO_printf(bio_err, "Error getting RSA key\n");
229		ERR_print_errors(bio_err);
230		goto end;
231	}
232
233
234	if(infile) {
235		if(!(in = BIO_new_file(infile, "rb"))) {
236			BIO_printf(bio_err, "Error Reading Input File\n");
237			ERR_print_errors(bio_err);
238			goto end;
239		}
240	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
241
242	if(outfile) {
243		if(!(out = BIO_new_file(outfile, "wb"))) {
244			BIO_printf(bio_err, "Error Reading Output File\n");
245			ERR_print_errors(bio_err);
246			goto end;
247		}
248	} else {
249		out = BIO_new_fp(stdout, BIO_NOCLOSE);
250#ifdef OPENSSL_SYS_VMS
251		{
252		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
253		    out = BIO_push(tmpbio, out);
254		}
255#endif
256	}
257
258	keysize = RSA_size(rsa);
259
260	rsa_in = OPENSSL_malloc(keysize * 2);
261	rsa_out = OPENSSL_malloc(keysize);
262
263	/* Read the input data */
264	rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
265	if(rsa_inlen <= 0) {
266		BIO_printf(bio_err, "Error reading input Data\n");
267		exit(1);
268	}
269	if(rev) {
270		int i;
271		unsigned char ctmp;
272		for(i = 0; i < rsa_inlen/2; i++) {
273			ctmp = rsa_in[i];
274			rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
275			rsa_in[rsa_inlen - 1 - i] = ctmp;
276		}
277	}
278	switch(rsa_mode) {
279
280		case RSA_VERIFY:
281			rsa_outlen  = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
282		break;
283
284		case RSA_SIGN:
285			rsa_outlen  = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
286		break;
287
288		case RSA_ENCRYPT:
289			rsa_outlen  = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
290		break;
291
292		case RSA_DECRYPT:
293			rsa_outlen  = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
294		break;
295
296	}
297
298	if(rsa_outlen <= 0) {
299		BIO_printf(bio_err, "RSA operation error\n");
300		ERR_print_errors(bio_err);
301		goto end;
302	}
303	ret = 0;
304	if(asn1parse) {
305		if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
306			ERR_print_errors(bio_err);
307		}
308	} else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);
309	else BIO_write(out, rsa_out, rsa_outlen);
310	end:
311	RSA_free(rsa);
312	BIO_free(in);
313	BIO_free_all(out);
314	if(rsa_in) OPENSSL_free(rsa_in);
315	if(rsa_out) OPENSSL_free(rsa_out);
316	if(passin) OPENSSL_free(passin);
317	return ret;
318}
319
320static void usage()
321{
322	BIO_printf(bio_err, "Usage: rsautl [options]\n");
323	BIO_printf(bio_err, "-in file        input file\n");
324	BIO_printf(bio_err, "-out file       output file\n");
325	BIO_printf(bio_err, "-inkey file     input key\n");
326	BIO_printf(bio_err, "-keyform arg    private key format - default PEM\n");
327	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
328	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
329	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
330	BIO_printf(bio_err, "-raw            use no padding\n");
331	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
332	BIO_printf(bio_err, "-oaep           use PKCS#1 OAEP\n");
333	BIO_printf(bio_err, "-sign           sign with private key\n");
334	BIO_printf(bio_err, "-verify         verify with public key\n");
335	BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
336	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
337	BIO_printf(bio_err, "-hexdump        hex dump output\n");
338#ifndef OPENSSL_NO_ENGINE
339	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
340	BIO_printf (bio_err, "-passin arg    pass phrase source\n");
341#endif
342
343}
344
345#else /* !OPENSSL_NO_RSA */
346
347# if PEDANTIC
348static void *dummy=&dummy;
349# endif
350
351#endif
352