xref: /freebsd/crypto/openssl/apps/pkcs8.c (revision daf1cffce2e07931f27c6c6998652e90df6ba87e) 
1 /* pkcs8.c */
2 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3  * project 1999.
4  */
5 /* ====================================================================
6  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This product includes cryptographic software written by Eric Young
54  * (eay@cryptsoft.com).  This product includes software written by Tim
55  * Hudson (tjh@cryptsoft.com).
56  *
57  */
58 #include <stdio.h>
59 #include <string.h>
60 #include <openssl/pem.h>
61 #include <openssl/err.h>
62 #include <openssl/evp.h>
63 #include <openssl/pkcs12.h>
64 
65 #include "apps.h"
66 #define PROG pkcs8_main
67 
68 
69 int MAIN(int argc, char **argv)
70 {
71 	char **args, *infile = NULL, *outfile = NULL;
72 	BIO *in = NULL, *out = NULL;
73 	int topk8 = 0;
74 	int pbe_nid = -1;
75 	const EVP_CIPHER *cipher = NULL;
76 	int iter = PKCS12_DEFAULT_ITER;
77 	int informat, outformat;
78 	int p8_broken = PKCS8_OK;
79 	int nocrypt = 0;
80 	X509_SIG *p8;
81 	PKCS8_PRIV_KEY_INFO *p8inf;
82 	EVP_PKEY *pkey;
83 	char pass[50];
84 	int badarg = 0;
85 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
86 	informat=FORMAT_PEM;
87 	outformat=FORMAT_PEM;
88 	ERR_load_crypto_strings();
89 	SSLeay_add_all_algorithms();
90 	args = argv + 1;
91 	while (!badarg && *args && *args[0] == '-') {
92 		if (!strcmp(*args,"-v2")) {
93 			if (args[1]) {
94 				args++;
95 				cipher=EVP_get_cipherbyname(*args);
96 				if(!cipher) {
97 					BIO_printf(bio_err,
98 						 "Unknown cipher %s\n", *args);
99 					badarg = 1;
100 				}
101 			} else badarg = 1;
102 		} else if (!strcmp(*args,"-inform")) {
103 			if (args[1]) {
104 				args++;
105 				informat=str2fmt(*args);
106 			} else badarg = 1;
107 		} else if (!strcmp(*args,"-outform")) {
108 			if (args[1]) {
109 				args++;
110 				outformat=str2fmt(*args);
111 			} else badarg = 1;
112 		} else if (!strcmp (*args, "-topk8")) topk8 = 1;
113 		else if (!strcmp (*args, "-noiter")) iter = 1;
114 		else if (!strcmp (*args, "-nocrypt")) nocrypt = 1;
115 		else if (!strcmp (*args, "-nooct")) p8_broken = PKCS8_NO_OCTET;
116 		else if (!strcmp (*args, "-in")) {
117 			if (args[1]) {
118 				args++;
119 				infile = *args;
120 			} else badarg = 1;
121 		} else if (!strcmp (*args, "-out")) {
122 			if (args[1]) {
123 				args++;
124 				outfile = *args;
125 			} else badarg = 1;
126 		} else badarg = 1;
127 		args++;
128 	}
129 
130 	if (badarg) {
131 		BIO_printf (bio_err, "Usage pkcs8 [options]\n");
132 		BIO_printf (bio_err, "where options are\n");
133 		BIO_printf (bio_err, "-in file   input file\n");
134 		BIO_printf (bio_err, "-inform X  input format (DER or PEM)\n");
135 		BIO_printf (bio_err, "-outform X output format (DER or PEM)\n");
136 		BIO_printf (bio_err, "-out file  output file\n");
137 		BIO_printf (bio_err, "-topk8     output PKCS8 file\n");
138 		BIO_printf (bio_err, "-nooct     use (broken) no octet form\n");
139 		BIO_printf (bio_err, "-noiter    use 1 as iteration count\n");
140 		BIO_printf (bio_err, "-nocrypt   use or expect unencrypted private key\n");
141 		BIO_printf (bio_err, "-v2 alg    use PKCS#5 v2.0 and cipher \"alg\"\n");
142 		return (1);
143 	}
144 
145 	if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC;
146 
147 	if (infile) {
148 		if (!(in = BIO_new_file (infile, "rb"))) {
149 			BIO_printf (bio_err,
150 				 "Can't open input file %s\n", infile);
151 			return (1);
152 		}
153 	} else in = BIO_new_fp (stdin, BIO_NOCLOSE);
154 
155 	if (outfile) {
156 		if (!(out = BIO_new_file (outfile, "wb"))) {
157 			BIO_printf (bio_err,
158 				 "Can't open output file %s\n", outfile);
159 			return (1);
160 		}
161 	} else out = BIO_new_fp (stdout, BIO_NOCLOSE);
162 
163 	if (topk8) {
164 		if (!(pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL))) {
165 			BIO_printf (bio_err, "Error reading key\n", outfile);
166 			ERR_print_errors(bio_err);
167 			return (1);
168 		}
169 		BIO_free(in);
170 		if (!(p8inf = EVP_PKEY2PKCS8(pkey))) {
171 			BIO_printf (bio_err, "Error converting key\n", outfile);
172 			ERR_print_errors(bio_err);
173 			return (1);
174 		}
175 		PKCS8_set_broken(p8inf, p8_broken);
176 		if(nocrypt) {
177 			if(outformat == FORMAT_PEM)
178 				PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
179 			else if(outformat == FORMAT_ASN1)
180 				i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
181 			else {
182 				BIO_printf(bio_err, "Bad format specified for key\n");
183 				return (1);
184 			}
185 		} else {
186 			EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
187 			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
188 					pass, strlen(pass),
189 					NULL, 0, iter, p8inf))) {
190 				BIO_printf (bio_err, "Error encrypting key\n",
191 								 outfile);
192 				ERR_print_errors(bio_err);
193 				return (1);
194 			}
195 			if(outformat == FORMAT_PEM)
196 				PEM_write_bio_PKCS8 (out, p8);
197 			else if(outformat == FORMAT_ASN1)
198 				i2d_PKCS8_bio(out, p8);
199 			else {
200 				BIO_printf(bio_err, "Bad format specified for key\n");
201 				return (1);
202 			}
203 			X509_SIG_free(p8);
204 		}
205 		PKCS8_PRIV_KEY_INFO_free (p8inf);
206 		EVP_PKEY_free(pkey);
207 		BIO_free(out);
208 		return (0);
209 	}
210 
211 	if(nocrypt) {
212 		if(informat == FORMAT_PEM)
213 			p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
214 		else if(informat == FORMAT_ASN1)
215 			p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
216 		else {
217 			BIO_printf(bio_err, "Bad format specified for key\n");
218 			return (1);
219 		}
220 	} else {
221 		if(informat == FORMAT_PEM)
222 			p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
223 		else if(informat == FORMAT_ASN1)
224 			p8 = d2i_PKCS8_bio(in, NULL);
225 		else {
226 			BIO_printf(bio_err, "Bad format specified for key\n");
227 			return (1);
228 		}
229 
230 		if (!p8) {
231 			BIO_printf (bio_err, "Error reading key\n", outfile);
232 			ERR_print_errors(bio_err);
233 			return (1);
234 		}
235 		EVP_read_pw_string(pass, 50, "Enter Password:", 0);
236 		p8inf = M_PKCS8_decrypt(p8, pass, strlen(pass));
237 		X509_SIG_free(p8);
238 	}
239 
240 	if (!p8inf) {
241 		BIO_printf(bio_err, "Error decrypting key\n", outfile);
242 		ERR_print_errors(bio_err);
243 		return (1);
244 	}
245 
246 	if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
247 		BIO_printf(bio_err, "Error converting key\n", outfile);
248 		ERR_print_errors(bio_err);
249 		return (1);
250 	}
251 
252 	if (p8inf->broken) {
253 		BIO_printf(bio_err, "Warning: broken key encoding: ");
254 		switch (p8inf->broken) {
255 			case PKCS8_NO_OCTET:
256 			BIO_printf(bio_err, "No Octet String\n");
257 			break;
258 
259 			default:
260 			BIO_printf(bio_err, "Unknown broken type\n");
261 			break;
262 		}
263 	}
264 
265 	PKCS8_PRIV_KEY_INFO_free(p8inf);
266 
267 	PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, NULL);
268 
269 	EVP_PKEY_free(pkey);
270 	BIO_free(out);
271 	BIO_free(in);
272 
273 	return (0);
274 }
275