spkac.c revision 296465
1/* apps/spkac.c */ 2 3/* 4 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 5 * 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org). 6 */ 7/* ==================================================================== 8 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in 19 * the documentation and/or other materials provided with the 20 * distribution. 21 * 22 * 3. All advertising materials mentioning features or use of this 23 * software must display the following acknowledgment: 24 * "This product includes software developed by the OpenSSL Project 25 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 26 * 27 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 28 * endorse or promote products derived from this software without 29 * prior written permission. For written permission, please contact 30 * licensing@OpenSSL.org. 31 * 32 * 5. Products derived from this software may not be called "OpenSSL" 33 * nor may "OpenSSL" appear in their names without prior written 34 * permission of the OpenSSL Project. 35 * 36 * 6. Redistributions of any form whatsoever must retain the following 37 * acknowledgment: 38 * "This product includes software developed by the OpenSSL Project 39 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 42 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 44 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 45 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 46 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 47 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 48 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 49 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 50 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 51 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 52 * OF THE POSSIBILITY OF SUCH DAMAGE. 53 * ==================================================================== 54 * 55 * This product includes cryptographic software written by Eric Young 56 * (eay@cryptsoft.com). This product includes software written by Tim 57 * Hudson (tjh@cryptsoft.com). 58 * 59 */ 60#include <stdio.h> 61#include <stdlib.h> 62#include <string.h> 63#include <time.h> 64#include "apps.h" 65#include <openssl/bio.h> 66#include <openssl/conf.h> 67#include <openssl/err.h> 68#include <openssl/evp.h> 69#include <openssl/lhash.h> 70#include <openssl/x509.h> 71#include <openssl/pem.h> 72 73#undef PROG 74#define PROG spkac_main 75 76/*- 77 * -in arg - input file - default stdin 78 * -out arg - output file - default stdout 79 */ 80 81int MAIN(int, char **); 82 83int MAIN(int argc, char **argv) 84{ 85 ENGINE *e = NULL; 86 int i, badops = 0, ret = 1; 87 BIO *in = NULL, *out = NULL; 88 int verify = 0, noout = 0, pubkey = 0; 89 char *infile = NULL, *outfile = NULL, *prog; 90 char *passargin = NULL, *passin = NULL; 91 const char *spkac = "SPKAC", *spksect = "default"; 92 char *spkstr = NULL; 93 char *challenge = NULL, *keyfile = NULL; 94 CONF *conf = NULL; 95 NETSCAPE_SPKI *spki = NULL; 96 EVP_PKEY *pkey = NULL; 97#ifndef OPENSSL_NO_ENGINE 98 char *engine = NULL; 99#endif 100 101 apps_startup(); 102 103 if (!bio_err) 104 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 105 106 if (!load_config(bio_err, NULL)) 107 goto end; 108 109 prog = argv[0]; 110 argc--; 111 argv++; 112 while (argc >= 1) { 113 if (strcmp(*argv, "-in") == 0) { 114 if (--argc < 1) 115 goto bad; 116 infile = *(++argv); 117 } else if (strcmp(*argv, "-out") == 0) { 118 if (--argc < 1) 119 goto bad; 120 outfile = *(++argv); 121 } else if (strcmp(*argv, "-passin") == 0) { 122 if (--argc < 1) 123 goto bad; 124 passargin = *(++argv); 125 } else if (strcmp(*argv, "-key") == 0) { 126 if (--argc < 1) 127 goto bad; 128 keyfile = *(++argv); 129 } else if (strcmp(*argv, "-challenge") == 0) { 130 if (--argc < 1) 131 goto bad; 132 challenge = *(++argv); 133 } else if (strcmp(*argv, "-spkac") == 0) { 134 if (--argc < 1) 135 goto bad; 136 spkac = *(++argv); 137 } else if (strcmp(*argv, "-spksect") == 0) { 138 if (--argc < 1) 139 goto bad; 140 spksect = *(++argv); 141 } 142#ifndef OPENSSL_NO_ENGINE 143 else if (strcmp(*argv, "-engine") == 0) { 144 if (--argc < 1) 145 goto bad; 146 engine = *(++argv); 147 } 148#endif 149 else if (strcmp(*argv, "-noout") == 0) 150 noout = 1; 151 else if (strcmp(*argv, "-pubkey") == 0) 152 pubkey = 1; 153 else if (strcmp(*argv, "-verify") == 0) 154 verify = 1; 155 else 156 badops = 1; 157 argc--; 158 argv++; 159 } 160 161 if (badops) { 162 bad: 163 BIO_printf(bio_err, "%s [options]\n", prog); 164 BIO_printf(bio_err, "where options are\n"); 165 BIO_printf(bio_err, " -in arg input file\n"); 166 BIO_printf(bio_err, " -out arg output file\n"); 167 BIO_printf(bio_err, 168 " -key arg create SPKAC using private key\n"); 169 BIO_printf(bio_err, 170 " -passin arg input file pass phrase source\n"); 171 BIO_printf(bio_err, " -challenge arg challenge string\n"); 172 BIO_printf(bio_err, " -spkac arg alternative SPKAC name\n"); 173 BIO_printf(bio_err, " -noout don't print SPKAC\n"); 174 BIO_printf(bio_err, " -pubkey output public key\n"); 175 BIO_printf(bio_err, " -verify verify SPKAC signature\n"); 176#ifndef OPENSSL_NO_ENGINE 177 BIO_printf(bio_err, 178 " -engine e use engine e, possibly a hardware device.\n"); 179#endif 180 goto end; 181 } 182 183 ERR_load_crypto_strings(); 184 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 185 BIO_printf(bio_err, "Error getting password\n"); 186 goto end; 187 } 188#ifndef OPENSSL_NO_ENGINE 189 e = setup_engine(bio_err, engine, 0); 190#endif 191 192 if (keyfile) { 193 pkey = load_key(bio_err, 194 strcmp(keyfile, "-") ? keyfile : NULL, 195 FORMAT_PEM, 1, passin, e, "private key"); 196 if (!pkey) { 197 goto end; 198 } 199 spki = NETSCAPE_SPKI_new(); 200 if (challenge) 201 ASN1_STRING_set(spki->spkac->challenge, 202 challenge, (int)strlen(challenge)); 203 NETSCAPE_SPKI_set_pubkey(spki, pkey); 204 NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); 205 spkstr = NETSCAPE_SPKI_b64_encode(spki); 206 207 if (outfile) 208 out = BIO_new_file(outfile, "w"); 209 else { 210 out = BIO_new_fp(stdout, BIO_NOCLOSE); 211#ifdef OPENSSL_SYS_VMS 212 { 213 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 214 out = BIO_push(tmpbio, out); 215 } 216#endif 217 } 218 219 if (!out) { 220 BIO_printf(bio_err, "Error opening output file\n"); 221 ERR_print_errors(bio_err); 222 goto end; 223 } 224 BIO_printf(out, "SPKAC=%s\n", spkstr); 225 OPENSSL_free(spkstr); 226 ret = 0; 227 goto end; 228 } 229 230 if (infile) 231 in = BIO_new_file(infile, "r"); 232 else 233 in = BIO_new_fp(stdin, BIO_NOCLOSE); 234 235 if (!in) { 236 BIO_printf(bio_err, "Error opening input file\n"); 237 ERR_print_errors(bio_err); 238 goto end; 239 } 240 241 conf = NCONF_new(NULL); 242 i = NCONF_load_bio(conf, in, NULL); 243 244 if (!i) { 245 BIO_printf(bio_err, "Error parsing config file\n"); 246 ERR_print_errors(bio_err); 247 goto end; 248 } 249 250 spkstr = NCONF_get_string(conf, spksect, spkac); 251 252 if (!spkstr) { 253 BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); 254 ERR_print_errors(bio_err); 255 goto end; 256 } 257 258 spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); 259 260 if (!spki) { 261 BIO_printf(bio_err, "Error loading SPKAC\n"); 262 ERR_print_errors(bio_err); 263 goto end; 264 } 265 266 if (outfile) 267 out = BIO_new_file(outfile, "w"); 268 else { 269 out = BIO_new_fp(stdout, BIO_NOCLOSE); 270#ifdef OPENSSL_SYS_VMS 271 { 272 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 273 out = BIO_push(tmpbio, out); 274 } 275#endif 276 } 277 278 if (!out) { 279 BIO_printf(bio_err, "Error opening output file\n"); 280 ERR_print_errors(bio_err); 281 goto end; 282 } 283 284 if (!noout) 285 NETSCAPE_SPKI_print(out, spki); 286 pkey = NETSCAPE_SPKI_get_pubkey(spki); 287 if (verify) { 288 i = NETSCAPE_SPKI_verify(spki, pkey); 289 if (i > 0) 290 BIO_printf(bio_err, "Signature OK\n"); 291 else { 292 BIO_printf(bio_err, "Signature Failure\n"); 293 ERR_print_errors(bio_err); 294 goto end; 295 } 296 } 297 if (pubkey) 298 PEM_write_bio_PUBKEY(out, pkey); 299 300 ret = 0; 301 302 end: 303 NCONF_free(conf); 304 NETSCAPE_SPKI_free(spki); 305 BIO_free(in); 306 BIO_free_all(out); 307 EVP_PKEY_free(pkey); 308 if (passin) 309 OPENSSL_free(passin); 310 apps_shutdown(); 311 OPENSSL_EXIT(ret); 312} 313