159191Skris/* apps/spkac.c */ 259191Skris 3296341Sdelphij/* 4296341Sdelphij * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 5296341Sdelphij * 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org). 659191Skris */ 759191Skris/* ==================================================================== 859191Skris * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 959191Skris * 1059191Skris * Redistribution and use in source and binary forms, with or without 1159191Skris * modification, are permitted provided that the following conditions 1259191Skris * are met: 1359191Skris * 1459191Skris * 1. Redistributions of source code must retain the above copyright 15296341Sdelphij * notice, this list of conditions and the following disclaimer. 1659191Skris * 1759191Skris * 2. Redistributions in binary form must reproduce the above copyright 1859191Skris * notice, this list of conditions and the following disclaimer in 1959191Skris * the documentation and/or other materials provided with the 2059191Skris * distribution. 2159191Skris * 2259191Skris * 3. All advertising materials mentioning features or use of this 2359191Skris * software must display the following acknowledgment: 2459191Skris * "This product includes software developed by the OpenSSL Project 2559191Skris * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 2659191Skris * 2759191Skris * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 2859191Skris * endorse or promote products derived from this software without 2959191Skris * prior written permission. For written permission, please contact 3059191Skris * licensing@OpenSSL.org. 3159191Skris * 3259191Skris * 5. Products derived from this software may not be called "OpenSSL" 3359191Skris * nor may "OpenSSL" appear in their names without prior written 3459191Skris * permission of the OpenSSL Project. 3559191Skris * 3659191Skris * 6. Redistributions of any form whatsoever must retain the following 3759191Skris * acknowledgment: 3859191Skris * "This product includes software developed by the OpenSSL Project 3959191Skris * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 4059191Skris * 4159191Skris * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 4259191Skris * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4359191Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 4459191Skris * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4559191Skris * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4659191Skris * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4759191Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4859191Skris * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4959191Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 5059191Skris * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 5159191Skris * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5259191Skris * OF THE POSSIBILITY OF SUCH DAMAGE. 5359191Skris * ==================================================================== 5459191Skris * 5559191Skris * This product includes cryptographic software written by Eric Young 5659191Skris * (eay@cryptsoft.com). This product includes software written by Tim 5759191Skris * Hudson (tjh@cryptsoft.com). 5859191Skris * 5959191Skris */ 6059191Skris#include <stdio.h> 6159191Skris#include <stdlib.h> 6259191Skris#include <string.h> 6359191Skris#include <time.h> 6459191Skris#include "apps.h" 6559191Skris#include <openssl/bio.h> 6659191Skris#include <openssl/conf.h> 6759191Skris#include <openssl/err.h> 6859191Skris#include <openssl/evp.h> 6959191Skris#include <openssl/lhash.h> 7059191Skris#include <openssl/x509.h> 7159191Skris#include <openssl/pem.h> 7259191Skris 7359191Skris#undef PROG 74296341Sdelphij#define PROG spkac_main 7559191Skris 76296341Sdelphij/*- 77296341Sdelphij * -in arg - input file - default stdin 78296341Sdelphij * -out arg - output file - default stdout 7959191Skris */ 8059191Skris 8159191Skrisint MAIN(int, char **); 8259191Skris 8359191Skrisint MAIN(int argc, char **argv) 84296341Sdelphij{ 85296341Sdelphij ENGINE *e = NULL; 86296341Sdelphij int i, badops = 0, ret = 1; 87296341Sdelphij BIO *in = NULL, *out = NULL; 88296341Sdelphij int verify = 0, noout = 0, pubkey = 0; 89296341Sdelphij char *infile = NULL, *outfile = NULL, *prog; 90296341Sdelphij char *passargin = NULL, *passin = NULL; 91296341Sdelphij const char *spkac = "SPKAC", *spksect = "default"; 92296341Sdelphij char *spkstr = NULL; 93296341Sdelphij char *challenge = NULL, *keyfile = NULL; 94296341Sdelphij CONF *conf = NULL; 95296341Sdelphij NETSCAPE_SPKI *spki = NULL; 96296341Sdelphij EVP_PKEY *pkey = NULL; 97111147Snectar#ifndef OPENSSL_NO_ENGINE 98296341Sdelphij char *engine = NULL; 99111147Snectar#endif 10059191Skris 101296341Sdelphij apps_startup(); 10259191Skris 103296341Sdelphij if (!bio_err) 104296341Sdelphij bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 10559191Skris 106296341Sdelphij if (!load_config(bio_err, NULL)) 107296341Sdelphij goto end; 108109998Smarkm 109296341Sdelphij prog = argv[0]; 110296341Sdelphij argc--; 111296341Sdelphij argv++; 112296341Sdelphij while (argc >= 1) { 113296341Sdelphij if (strcmp(*argv, "-in") == 0) { 114296341Sdelphij if (--argc < 1) 115296341Sdelphij goto bad; 116296341Sdelphij infile = *(++argv); 117296341Sdelphij } else if (strcmp(*argv, "-out") == 0) { 118296341Sdelphij if (--argc < 1) 119296341Sdelphij goto bad; 120296341Sdelphij outfile = *(++argv); 121296341Sdelphij } else if (strcmp(*argv, "-passin") == 0) { 122296341Sdelphij if (--argc < 1) 123296341Sdelphij goto bad; 124296341Sdelphij passargin = *(++argv); 125296341Sdelphij } else if (strcmp(*argv, "-key") == 0) { 126296341Sdelphij if (--argc < 1) 127296341Sdelphij goto bad; 128296341Sdelphij keyfile = *(++argv); 129296341Sdelphij } else if (strcmp(*argv, "-challenge") == 0) { 130296341Sdelphij if (--argc < 1) 131296341Sdelphij goto bad; 132296341Sdelphij challenge = *(++argv); 133296341Sdelphij } else if (strcmp(*argv, "-spkac") == 0) { 134296341Sdelphij if (--argc < 1) 135296341Sdelphij goto bad; 136296341Sdelphij spkac = *(++argv); 137296341Sdelphij } else if (strcmp(*argv, "-spksect") == 0) { 138296341Sdelphij if (--argc < 1) 139296341Sdelphij goto bad; 140296341Sdelphij spksect = *(++argv); 141296341Sdelphij } 142111147Snectar#ifndef OPENSSL_NO_ENGINE 143296341Sdelphij else if (strcmp(*argv, "-engine") == 0) { 144296341Sdelphij if (--argc < 1) 145296341Sdelphij goto bad; 146296341Sdelphij engine = *(++argv); 147296341Sdelphij } 148111147Snectar#endif 149296341Sdelphij else if (strcmp(*argv, "-noout") == 0) 150296341Sdelphij noout = 1; 151296341Sdelphij else if (strcmp(*argv, "-pubkey") == 0) 152296341Sdelphij pubkey = 1; 153296341Sdelphij else if (strcmp(*argv, "-verify") == 0) 154296341Sdelphij verify = 1; 155296341Sdelphij else 156296341Sdelphij badops = 1; 157296341Sdelphij argc--; 158296341Sdelphij argv++; 159296341Sdelphij } 16059191Skris 161296341Sdelphij if (badops) { 162296341Sdelphij bad: 163296341Sdelphij BIO_printf(bio_err, "%s [options]\n", prog); 164296341Sdelphij BIO_printf(bio_err, "where options are\n"); 165296341Sdelphij BIO_printf(bio_err, " -in arg input file\n"); 166296341Sdelphij BIO_printf(bio_err, " -out arg output file\n"); 167296341Sdelphij BIO_printf(bio_err, 168296341Sdelphij " -key arg create SPKAC using private key\n"); 169296341Sdelphij BIO_printf(bio_err, 170296341Sdelphij " -passin arg input file pass phrase source\n"); 171296341Sdelphij BIO_printf(bio_err, " -challenge arg challenge string\n"); 172296341Sdelphij BIO_printf(bio_err, " -spkac arg alternative SPKAC name\n"); 173296341Sdelphij BIO_printf(bio_err, " -noout don't print SPKAC\n"); 174296341Sdelphij BIO_printf(bio_err, " -pubkey output public key\n"); 175296341Sdelphij BIO_printf(bio_err, " -verify verify SPKAC signature\n"); 176111147Snectar#ifndef OPENSSL_NO_ENGINE 177296341Sdelphij BIO_printf(bio_err, 178296341Sdelphij " -engine e use engine e, possibly a hardware device.\n"); 179111147Snectar#endif 180296341Sdelphij goto end; 181296341Sdelphij } 18259191Skris 183296341Sdelphij ERR_load_crypto_strings(); 184296341Sdelphij if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 185296341Sdelphij BIO_printf(bio_err, "Error getting password\n"); 186296341Sdelphij goto end; 187296341Sdelphij } 188111147Snectar#ifndef OPENSSL_NO_ENGINE 189296341Sdelphij e = setup_engine(bio_err, engine, 0); 190111147Snectar#endif 191109998Smarkm 192296341Sdelphij if (keyfile) { 193296341Sdelphij pkey = load_key(bio_err, 194296341Sdelphij strcmp(keyfile, "-") ? keyfile : NULL, 195296341Sdelphij FORMAT_PEM, 1, passin, e, "private key"); 196296341Sdelphij if (!pkey) { 197296341Sdelphij goto end; 198296341Sdelphij } 199296341Sdelphij spki = NETSCAPE_SPKI_new(); 200296341Sdelphij if (challenge) 201296341Sdelphij ASN1_STRING_set(spki->spkac->challenge, 202296341Sdelphij challenge, (int)strlen(challenge)); 203296341Sdelphij NETSCAPE_SPKI_set_pubkey(spki, pkey); 204296341Sdelphij NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); 205296341Sdelphij spkstr = NETSCAPE_SPKI_b64_encode(spki); 20659191Skris 207296341Sdelphij if (outfile) 208296341Sdelphij out = BIO_new_file(outfile, "w"); 209296341Sdelphij else { 210296341Sdelphij out = BIO_new_fp(stdout, BIO_NOCLOSE); 211109998Smarkm#ifdef OPENSSL_SYS_VMS 212296341Sdelphij { 213296341Sdelphij BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 214296341Sdelphij out = BIO_push(tmpbio, out); 215296341Sdelphij } 21668651Skris#endif 217296341Sdelphij } 21859191Skris 219296341Sdelphij if (!out) { 220296341Sdelphij BIO_printf(bio_err, "Error opening output file\n"); 221296341Sdelphij ERR_print_errors(bio_err); 222296341Sdelphij goto end; 223296341Sdelphij } 224296341Sdelphij BIO_printf(out, "SPKAC=%s\n", spkstr); 225296341Sdelphij OPENSSL_free(spkstr); 226296341Sdelphij ret = 0; 227296341Sdelphij goto end; 228296341Sdelphij } 22959191Skris 230296341Sdelphij if (infile) 231296341Sdelphij in = BIO_new_file(infile, "r"); 232296341Sdelphij else 233296341Sdelphij in = BIO_new_fp(stdin, BIO_NOCLOSE); 23459191Skris 235296341Sdelphij if (!in) { 236296341Sdelphij BIO_printf(bio_err, "Error opening input file\n"); 237296341Sdelphij ERR_print_errors(bio_err); 238296341Sdelphij goto end; 239296341Sdelphij } 24059191Skris 241296341Sdelphij conf = NCONF_new(NULL); 242296341Sdelphij i = NCONF_load_bio(conf, in, NULL); 24359191Skris 244296341Sdelphij if (!i) { 245296341Sdelphij BIO_printf(bio_err, "Error parsing config file\n"); 246296341Sdelphij ERR_print_errors(bio_err); 247296341Sdelphij goto end; 248296341Sdelphij } 24959191Skris 250296341Sdelphij spkstr = NCONF_get_string(conf, spksect, spkac); 25159191Skris 252296341Sdelphij if (!spkstr) { 253296341Sdelphij BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); 254296341Sdelphij ERR_print_errors(bio_err); 255296341Sdelphij goto end; 256296341Sdelphij } 25759191Skris 258296341Sdelphij spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); 25959191Skris 260296341Sdelphij if (!spki) { 261296341Sdelphij BIO_printf(bio_err, "Error loading SPKAC\n"); 262296341Sdelphij ERR_print_errors(bio_err); 263296341Sdelphij goto end; 264296341Sdelphij } 265296341Sdelphij 266296341Sdelphij if (outfile) 267296341Sdelphij out = BIO_new_file(outfile, "w"); 268296341Sdelphij else { 269296341Sdelphij out = BIO_new_fp(stdout, BIO_NOCLOSE); 270109998Smarkm#ifdef OPENSSL_SYS_VMS 271296341Sdelphij { 272296341Sdelphij BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 273296341Sdelphij out = BIO_push(tmpbio, out); 274296341Sdelphij } 27568651Skris#endif 276296341Sdelphij } 27759191Skris 278296341Sdelphij if (!out) { 279296341Sdelphij BIO_printf(bio_err, "Error opening output file\n"); 280296341Sdelphij ERR_print_errors(bio_err); 281296341Sdelphij goto end; 282296341Sdelphij } 28359191Skris 284296341Sdelphij if (!noout) 285296341Sdelphij NETSCAPE_SPKI_print(out, spki); 286296341Sdelphij pkey = NETSCAPE_SPKI_get_pubkey(spki); 287296341Sdelphij if (verify) { 288296341Sdelphij i = NETSCAPE_SPKI_verify(spki, pkey); 289296341Sdelphij if (i > 0) 290296341Sdelphij BIO_printf(bio_err, "Signature OK\n"); 291296341Sdelphij else { 292296341Sdelphij BIO_printf(bio_err, "Signature Failure\n"); 293296341Sdelphij ERR_print_errors(bio_err); 294296341Sdelphij goto end; 295296341Sdelphij } 296296341Sdelphij } 297296341Sdelphij if (pubkey) 298296341Sdelphij PEM_write_bio_PUBKEY(out, pkey); 29959191Skris 300296341Sdelphij ret = 0; 30159191Skris 302296341Sdelphij end: 303296341Sdelphij NCONF_free(conf); 304296341Sdelphij NETSCAPE_SPKI_free(spki); 305296341Sdelphij BIO_free(in); 306296341Sdelphij BIO_free_all(out); 307296341Sdelphij EVP_PKEY_free(pkey); 308296341Sdelphij if (passin) 309296341Sdelphij OPENSSL_free(passin); 310296341Sdelphij apps_shutdown(); 311296341Sdelphij OPENSSL_EXIT(ret); 312296341Sdelphij} 313