1/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 */
5
6/* C port of DumpPublicKey.java from the Android Open source project with
7 * support for additional RSA key sizes. (platform/system/core,git/libmincrypt
8 * /tools/DumpPublicKey.java). Uses the OpenSSL X509 and BIGNUM library.
9 */
10
11#include <openssl/pem.h>
12
13#include <stdint.h>
14#include <string.h>
15#include <unistd.h>
16
17/* Command line tool to extract RSA public keys from X.509 certificates
18 * and output a pre-processed version of keys for use by RSA verification
19 * routines.
20 */
21
22int check(RSA* key) {
23  int public_exponent = BN_get_word(key->e);
24  int modulus = BN_num_bits(key->n);
25
26  if (public_exponent != 65537) {
27    fprintf(stderr, "WARNING: Public exponent should be 65537 (but is %d).\n",
28            public_exponent);
29  }
30
31  if (modulus != 1024 && modulus != 2048 && modulus != 4096
32      && modulus != 8192) {
33    fprintf(stderr, "ERROR: Unknown modulus length = %d.\n", modulus);
34    return 0;
35  }
36  return 1;
37}
38
39/* Pre-processes and outputs RSA public key to standard out.
40 */
41void output(RSA* key) {
42  int i, nwords;
43  BIGNUM *N = key->n;
44  BIGNUM *Big1 = NULL, *Big2 = NULL, *Big32 = NULL, *BigMinus1 = NULL;
45  BIGNUM *B = NULL;
46  BIGNUM *N0inv= NULL, *R = NULL, *RR = NULL, *RRTemp = NULL, *NnumBits = NULL;
47  BIGNUM *n = NULL, *rr = NULL;
48  BN_CTX *bn_ctx = BN_CTX_new();
49  uint32_t n0invout;
50
51  N = key->n;
52  /* Output size of RSA key in 32-bit words */
53  nwords = BN_num_bits(N) / 32;
54  if (-1 == write(1, &nwords, sizeof(nwords)))
55    goto failure;
56
57
58  /* Initialize BIGNUMs */
59  Big1 = BN_new();
60  Big2 = BN_new();
61  Big32 = BN_new();
62  BigMinus1 = BN_new();
63  N0inv= BN_new();
64  R = BN_new();
65  RR = BN_new();
66  RRTemp = BN_new();
67  NnumBits = BN_new();
68  n = BN_new();
69  rr = BN_new();
70
71
72  BN_set_word(Big1, 1L);
73  BN_set_word(Big2, 2L);
74  BN_set_word(Big32, 32L);
75  BN_sub(BigMinus1, Big1, Big2);
76
77  B = BN_new();
78  BN_exp(B, Big2, Big32, bn_ctx); /* B = 2^32 */
79
80  /* Calculate and output N0inv = -1 / N[0] mod 2^32 */
81  BN_mod_inverse(N0inv, N, B, bn_ctx);
82  BN_sub(N0inv, B, N0inv);
83  n0invout = BN_get_word(N0inv);
84  if (-1 == write(1, &n0invout, sizeof(n0invout)))
85    goto failure;
86
87  /* Calculate R = 2^(# of key bits) */
88  BN_set_word(NnumBits, BN_num_bits(N));
89  BN_exp(R, Big2, NnumBits, bn_ctx);
90
91  /* Calculate RR = R^2 mod N */
92  BN_copy(RR, R);
93  BN_mul(RRTemp, RR, R, bn_ctx);
94  BN_mod(RR, RRTemp, N, bn_ctx);
95
96
97  /* Write out modulus as little endian array of integers. */
98  for (i = 0; i < nwords; ++i) {
99    uint32_t nout;
100
101    BN_mod(n, N, B, bn_ctx); /* n = N mod B */
102    nout = BN_get_word(n);
103    if (-1 == write(1, &nout, sizeof(nout)))
104      goto failure;
105
106    BN_rshift(N, N, 32); /*  N = N/B */
107  }
108
109  /* Write R^2 as little endian array of integers. */
110  for (i = 0; i < nwords; ++i) {
111    uint32_t rrout;
112
113    BN_mod(rr, RR, B, bn_ctx); /* rr = RR mod B */
114    rrout = BN_get_word(rr);
115    if (-1 == write(1, &rrout, sizeof(rrout)))
116      goto failure;
117
118    BN_rshift(RR, RR, 32); /* RR = RR/B */
119  }
120
121failure:
122  /* Free BIGNUMs. */
123  BN_free(Big1);
124  BN_free(Big2);
125  BN_free(Big32);
126  BN_free(BigMinus1);
127  BN_free(N0inv);
128  BN_free(R);
129  BN_free(RRTemp);
130  BN_free(NnumBits);
131  BN_free(n);
132  BN_free(rr);
133
134}
135
136int main(int argc, char* argv[]) {
137  int cert_mode = 0;
138  FILE* fp;
139  X509* cert = NULL;
140  RSA* pubkey = NULL;
141  EVP_PKEY* key;
142  char *progname;
143
144  if (argc != 3 || (strcmp(argv[1], "-cert") && strcmp(argv[1], "-pub"))) {
145    progname = strrchr(argv[0], '/');
146    if (progname)
147      progname++;
148    else
149      progname = argv[0];
150    fprintf(stderr, "Usage: %s <-cert | -pub> <file>\n", progname);
151    return -1;
152  }
153
154  if (!strcmp(argv[1], "-cert"))
155    cert_mode = 1;
156
157  fp = fopen(argv[2], "r");
158
159  if (!fp) {
160    fprintf(stderr, "Couldn't open file %s!\n", argv[2]);
161    return -1;
162  }
163
164  if (cert_mode) {
165    /* Read the certificate */
166    if (!PEM_read_X509(fp, &cert, NULL, NULL)) {
167      fprintf(stderr, "Couldn't read certificate.\n");
168      goto fail;
169    }
170
171    /* Get the public key from the certificate. */
172    key = X509_get_pubkey(cert);
173
174    /* Convert to a RSA_style key. */
175    if (!(pubkey = EVP_PKEY_get1_RSA(key))) {
176      fprintf(stderr, "Couldn't convert to a RSA style key.\n");
177      goto fail;
178    }
179  } else {
180    /* Read the pubkey in .PEM format. */
181    if (!(pubkey = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL))) {
182      fprintf(stderr, "Couldn't read public key file.\n");
183      goto fail;
184    }
185  }
186
187  if (check(pubkey)) {
188    output(pubkey);
189  }
190
191fail:
192  X509_free(cert);
193  RSA_free(pubkey);
194  fclose(fp);
195
196  return 0;
197}
198