159191Skris/* apps/spkac.c */ 259191Skris 3280304Sjkim/* 4280304Sjkim * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 5280304Sjkim * 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org). 659191Skris */ 759191Skris/* ==================================================================== 859191Skris * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 959191Skris * 1059191Skris * Redistribution and use in source and binary forms, with or without 1159191Skris * modification, are permitted provided that the following conditions 1259191Skris * are met: 1359191Skris * 1459191Skris * 1. Redistributions of source code must retain the above copyright 15280304Sjkim * notice, this list of conditions and the following disclaimer. 1659191Skris * 1759191Skris * 2. Redistributions in binary form must reproduce the above copyright 1859191Skris * notice, this list of conditions and the following disclaimer in 1959191Skris * the documentation and/or other materials provided with the 2059191Skris * distribution. 2159191Skris * 2259191Skris * 3. All advertising materials mentioning features or use of this 2359191Skris * software must display the following acknowledgment: 2459191Skris * "This product includes software developed by the OpenSSL Project 2559191Skris * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 2659191Skris * 2759191Skris * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 2859191Skris * endorse or promote products derived from this software without 2959191Skris * prior written permission. For written permission, please contact 3059191Skris * licensing@OpenSSL.org. 3159191Skris * 3259191Skris * 5. Products derived from this software may not be called "OpenSSL" 3359191Skris * nor may "OpenSSL" appear in their names without prior written 3459191Skris * permission of the OpenSSL Project. 3559191Skris * 3659191Skris * 6. Redistributions of any form whatsoever must retain the following 3759191Skris * acknowledgment: 3859191Skris * "This product includes software developed by the OpenSSL Project 3959191Skris * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 4059191Skris * 4159191Skris * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 4259191Skris * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4359191Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 4459191Skris * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4559191Skris * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4659191Skris * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4759191Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4859191Skris * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4959191Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 5059191Skris * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 5159191Skris * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5259191Skris * OF THE POSSIBILITY OF SUCH DAMAGE. 5359191Skris * ==================================================================== 5459191Skris * 5559191Skris * This product includes cryptographic software written by Eric Young 5659191Skris * (eay@cryptsoft.com). This product includes software written by Tim 5759191Skris * Hudson (tjh@cryptsoft.com). 5859191Skris * 5959191Skris */ 6059191Skris#include <stdio.h> 6159191Skris#include <stdlib.h> 6259191Skris#include <string.h> 6359191Skris#include <time.h> 6459191Skris#include "apps.h" 6559191Skris#include <openssl/bio.h> 6659191Skris#include <openssl/conf.h> 6759191Skris#include <openssl/err.h> 6859191Skris#include <openssl/evp.h> 6959191Skris#include <openssl/lhash.h> 7059191Skris#include <openssl/x509.h> 7159191Skris#include <openssl/pem.h> 7259191Skris 7359191Skris#undef PROG 74280304Sjkim#define PROG spkac_main 7559191Skris 76280304Sjkim/*- 77280304Sjkim * -in arg - input file - default stdin 78280304Sjkim * -out arg - output file - default stdout 7959191Skris */ 8059191Skris 8159191Skrisint MAIN(int, char **); 8259191Skris 8359191Skrisint MAIN(int argc, char **argv) 84280304Sjkim{ 85280304Sjkim ENGINE *e = NULL; 86280304Sjkim int i, badops = 0, ret = 1; 87280304Sjkim BIO *in = NULL, *out = NULL; 88280304Sjkim int verify = 0, noout = 0, pubkey = 0; 89280304Sjkim char *infile = NULL, *outfile = NULL, *prog; 90280304Sjkim char *passargin = NULL, *passin = NULL; 91280304Sjkim const char *spkac = "SPKAC", *spksect = "default"; 92280304Sjkim char *spkstr = NULL; 93280304Sjkim char *challenge = NULL, *keyfile = NULL; 94280304Sjkim CONF *conf = NULL; 95280304Sjkim NETSCAPE_SPKI *spki = NULL; 96280304Sjkim EVP_PKEY *pkey = NULL; 97111147Snectar#ifndef OPENSSL_NO_ENGINE 98280304Sjkim char *engine = NULL; 99111147Snectar#endif 10059191Skris 101280304Sjkim apps_startup(); 10259191Skris 103280304Sjkim if (!bio_err) 104280304Sjkim bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 10559191Skris 106280304Sjkim if (!load_config(bio_err, NULL)) 107280304Sjkim goto end; 108109998Smarkm 109280304Sjkim prog = argv[0]; 110280304Sjkim argc--; 111280304Sjkim argv++; 112280304Sjkim while (argc >= 1) { 113280304Sjkim if (strcmp(*argv, "-in") == 0) { 114280304Sjkim if (--argc < 1) 115280304Sjkim goto bad; 116280304Sjkim infile = *(++argv); 117280304Sjkim } else if (strcmp(*argv, "-out") == 0) { 118280304Sjkim if (--argc < 1) 119280304Sjkim goto bad; 120280304Sjkim outfile = *(++argv); 121280304Sjkim } else if (strcmp(*argv, "-passin") == 0) { 122280304Sjkim if (--argc < 1) 123280304Sjkim goto bad; 124280304Sjkim passargin = *(++argv); 125280304Sjkim } else if (strcmp(*argv, "-key") == 0) { 126280304Sjkim if (--argc < 1) 127280304Sjkim goto bad; 128280304Sjkim keyfile = *(++argv); 129280304Sjkim } else if (strcmp(*argv, "-challenge") == 0) { 130280304Sjkim if (--argc < 1) 131280304Sjkim goto bad; 132280304Sjkim challenge = *(++argv); 133280304Sjkim } else if (strcmp(*argv, "-spkac") == 0) { 134280304Sjkim if (--argc < 1) 135280304Sjkim goto bad; 136280304Sjkim spkac = *(++argv); 137280304Sjkim } else if (strcmp(*argv, "-spksect") == 0) { 138280304Sjkim if (--argc < 1) 139280304Sjkim goto bad; 140280304Sjkim spksect = *(++argv); 141280304Sjkim } 142111147Snectar#ifndef OPENSSL_NO_ENGINE 143280304Sjkim else if (strcmp(*argv, "-engine") == 0) { 144280304Sjkim if (--argc < 1) 145280304Sjkim goto bad; 146280304Sjkim engine = *(++argv); 147280304Sjkim } 148111147Snectar#endif 149280304Sjkim else if (strcmp(*argv, "-noout") == 0) 150280304Sjkim noout = 1; 151280304Sjkim else if (strcmp(*argv, "-pubkey") == 0) 152280304Sjkim pubkey = 1; 153280304Sjkim else if (strcmp(*argv, "-verify") == 0) 154280304Sjkim verify = 1; 155280304Sjkim else 156280304Sjkim badops = 1; 157280304Sjkim argc--; 158280304Sjkim argv++; 159280304Sjkim } 16059191Skris 161280304Sjkim if (badops) { 162280304Sjkim bad: 163280304Sjkim BIO_printf(bio_err, "%s [options]\n", prog); 164280304Sjkim BIO_printf(bio_err, "where options are\n"); 165280304Sjkim BIO_printf(bio_err, " -in arg input file\n"); 166280304Sjkim BIO_printf(bio_err, " -out arg output file\n"); 167280304Sjkim BIO_printf(bio_err, 168280304Sjkim " -key arg create SPKAC using private key\n"); 169280304Sjkim BIO_printf(bio_err, 170280304Sjkim " -passin arg input file pass phrase source\n"); 171280304Sjkim BIO_printf(bio_err, " -challenge arg challenge string\n"); 172280304Sjkim BIO_printf(bio_err, " -spkac arg alternative SPKAC name\n"); 173280304Sjkim BIO_printf(bio_err, " -noout don't print SPKAC\n"); 174280304Sjkim BIO_printf(bio_err, " -pubkey output public key\n"); 175280304Sjkim BIO_printf(bio_err, " -verify verify SPKAC signature\n"); 176111147Snectar#ifndef OPENSSL_NO_ENGINE 177280304Sjkim BIO_printf(bio_err, 178280304Sjkim " -engine e use engine e, possibly a hardware device.\n"); 179111147Snectar#endif 180280304Sjkim goto end; 181280304Sjkim } 18259191Skris 183280304Sjkim ERR_load_crypto_strings(); 184280304Sjkim if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 185280304Sjkim BIO_printf(bio_err, "Error getting password\n"); 186280304Sjkim goto end; 187280304Sjkim } 188111147Snectar#ifndef OPENSSL_NO_ENGINE 189280304Sjkim e = setup_engine(bio_err, engine, 0); 190111147Snectar#endif 191109998Smarkm 192280304Sjkim if (keyfile) { 193280304Sjkim pkey = load_key(bio_err, 194280304Sjkim strcmp(keyfile, "-") ? keyfile : NULL, 195280304Sjkim FORMAT_PEM, 1, passin, e, "private key"); 196280304Sjkim if (!pkey) { 197280304Sjkim goto end; 198280304Sjkim } 199280304Sjkim spki = NETSCAPE_SPKI_new(); 200280304Sjkim if (challenge) 201280304Sjkim ASN1_STRING_set(spki->spkac->challenge, 202280304Sjkim challenge, (int)strlen(challenge)); 203280304Sjkim NETSCAPE_SPKI_set_pubkey(spki, pkey); 204280304Sjkim NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); 205280304Sjkim spkstr = NETSCAPE_SPKI_b64_encode(spki); 20659191Skris 207280304Sjkim if (outfile) 208280304Sjkim out = BIO_new_file(outfile, "w"); 209280304Sjkim else { 210280304Sjkim out = BIO_new_fp(stdout, BIO_NOCLOSE); 211109998Smarkm#ifdef OPENSSL_SYS_VMS 212280304Sjkim { 213280304Sjkim BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 214280304Sjkim out = BIO_push(tmpbio, out); 215280304Sjkim } 21668651Skris#endif 217280304Sjkim } 21859191Skris 219280304Sjkim if (!out) { 220280304Sjkim BIO_printf(bio_err, "Error opening output file\n"); 221280304Sjkim ERR_print_errors(bio_err); 222280304Sjkim goto end; 223280304Sjkim } 224280304Sjkim BIO_printf(out, "SPKAC=%s\n", spkstr); 225280304Sjkim OPENSSL_free(spkstr); 226280304Sjkim ret = 0; 227280304Sjkim goto end; 228280304Sjkim } 22959191Skris 230280304Sjkim if (infile) 231280304Sjkim in = BIO_new_file(infile, "r"); 232280304Sjkim else 233280304Sjkim in = BIO_new_fp(stdin, BIO_NOCLOSE); 23459191Skris 235280304Sjkim if (!in) { 236280304Sjkim BIO_printf(bio_err, "Error opening input file\n"); 237280304Sjkim ERR_print_errors(bio_err); 238280304Sjkim goto end; 239280304Sjkim } 24059191Skris 241280304Sjkim conf = NCONF_new(NULL); 242280304Sjkim i = NCONF_load_bio(conf, in, NULL); 24359191Skris 244280304Sjkim if (!i) { 245280304Sjkim BIO_printf(bio_err, "Error parsing config file\n"); 246280304Sjkim ERR_print_errors(bio_err); 247280304Sjkim goto end; 248280304Sjkim } 24959191Skris 250280304Sjkim spkstr = NCONF_get_string(conf, spksect, spkac); 25159191Skris 252280304Sjkim if (!spkstr) { 253280304Sjkim BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); 254280304Sjkim ERR_print_errors(bio_err); 255280304Sjkim goto end; 256280304Sjkim } 25759191Skris 258280304Sjkim spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); 25959191Skris 260280304Sjkim if (!spki) { 261280304Sjkim BIO_printf(bio_err, "Error loading SPKAC\n"); 262280304Sjkim ERR_print_errors(bio_err); 263280304Sjkim goto end; 264280304Sjkim } 265280304Sjkim 266280304Sjkim if (outfile) 267280304Sjkim out = BIO_new_file(outfile, "w"); 268280304Sjkim else { 269280304Sjkim out = BIO_new_fp(stdout, BIO_NOCLOSE); 270109998Smarkm#ifdef OPENSSL_SYS_VMS 271280304Sjkim { 272280304Sjkim BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 273280304Sjkim out = BIO_push(tmpbio, out); 274280304Sjkim } 27568651Skris#endif 276280304Sjkim } 27759191Skris 278280304Sjkim if (!out) { 279280304Sjkim BIO_printf(bio_err, "Error opening output file\n"); 280280304Sjkim ERR_print_errors(bio_err); 281280304Sjkim goto end; 282280304Sjkim } 28359191Skris 284280304Sjkim if (!noout) 285280304Sjkim NETSCAPE_SPKI_print(out, spki); 286280304Sjkim pkey = NETSCAPE_SPKI_get_pubkey(spki); 287280304Sjkim if (verify) { 288280304Sjkim i = NETSCAPE_SPKI_verify(spki, pkey); 289280304Sjkim if (i > 0) 290280304Sjkim BIO_printf(bio_err, "Signature OK\n"); 291280304Sjkim else { 292280304Sjkim BIO_printf(bio_err, "Signature Failure\n"); 293280304Sjkim ERR_print_errors(bio_err); 294280304Sjkim goto end; 295280304Sjkim } 296280304Sjkim } 297280304Sjkim if (pubkey) 298280304Sjkim PEM_write_bio_PUBKEY(out, pkey); 29959191Skris 300280304Sjkim ret = 0; 30159191Skris 302280304Sjkim end: 303280304Sjkim NCONF_free(conf); 304280304Sjkim NETSCAPE_SPKI_free(spki); 305280304Sjkim BIO_free(in); 306280304Sjkim BIO_free_all(out); 307280304Sjkim EVP_PKEY_free(pkey); 308280304Sjkim if (passin) 309280304Sjkim OPENSSL_free(passin); 310280304Sjkim apps_shutdown(); 311280304Sjkim OPENSSL_EXIT(ret); 312280304Sjkim} 313