1 /* apps/spkac.c */ 2 3 /* 4 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 5 * 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org). 6 */ 7 /* ==================================================================== 8 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in 19 * the documentation and/or other materials provided with the 20 * distribution. 21 * 22 * 3. All advertising materials mentioning features or use of this 23 * software must display the following acknowledgment: 24 * "This product includes software developed by the OpenSSL Project 25 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 26 * 27 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 28 * endorse or promote products derived from this software without 29 * prior written permission. For written permission, please contact 30 * licensing@OpenSSL.org. 31 * 32 * 5. Products derived from this software may not be called "OpenSSL" 33 * nor may "OpenSSL" appear in their names without prior written 34 * permission of the OpenSSL Project. 35 * 36 * 6. Redistributions of any form whatsoever must retain the following 37 * acknowledgment: 38 * "This product includes software developed by the OpenSSL Project 39 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 42 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 44 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 45 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 46 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 47 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 48 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 49 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 50 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 51 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 52 * OF THE POSSIBILITY OF SUCH DAMAGE. 53 * ==================================================================== 54 * 55 * This product includes cryptographic software written by Eric Young 56 * (eay@cryptsoft.com). This product includes software written by Tim 57 * Hudson (tjh@cryptsoft.com). 58 * 59 */ 60 #include <stdio.h> 61 #include <stdlib.h> 62 #include <string.h> 63 #include <time.h> 64 #include "apps.h" 65 #include <openssl/bio.h> 66 #include <openssl/conf.h> 67 #include <openssl/err.h> 68 #include <openssl/evp.h> 69 #include <openssl/lhash.h> 70 #include <openssl/x509.h> 71 #include <openssl/pem.h> 72 73 #undef PROG 74 #define PROG spkac_main 75 76 /*- 77 * -in arg - input file - default stdin 78 * -out arg - output file - default stdout 79 */ 80 81 int MAIN(int, char **); 82 83 int MAIN(int argc, char **argv) 84 { 85 ENGINE *e = NULL; 86 int i, badops = 0, ret = 1; 87 BIO *in = NULL, *out = NULL; 88 int verify = 0, noout = 0, pubkey = 0; 89 char *infile = NULL, *outfile = NULL, *prog; 90 char *passargin = NULL, *passin = NULL; 91 const char *spkac = "SPKAC", *spksect = "default"; 92 char *spkstr = NULL; 93 char *challenge = NULL, *keyfile = NULL; 94 CONF *conf = NULL; 95 NETSCAPE_SPKI *spki = NULL; 96 EVP_PKEY *pkey = NULL; 97 char *engine = NULL; 98 99 apps_startup(); 100 101 if (!bio_err) 102 bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); 103 104 if (!load_config(bio_err, NULL)) 105 goto end; 106 107 prog = argv[0]; 108 argc--; 109 argv++; 110 while (argc >= 1) { 111 if (strcmp(*argv, "-in") == 0) { 112 if (--argc < 1) 113 goto bad; 114 infile = *(++argv); 115 } else if (strcmp(*argv, "-out") == 0) { 116 if (--argc < 1) 117 goto bad; 118 outfile = *(++argv); 119 } else if (strcmp(*argv, "-passin") == 0) { 120 if (--argc < 1) 121 goto bad; 122 passargin = *(++argv); 123 } else if (strcmp(*argv, "-key") == 0) { 124 if (--argc < 1) 125 goto bad; 126 keyfile = *(++argv); 127 } else if (strcmp(*argv, "-challenge") == 0) { 128 if (--argc < 1) 129 goto bad; 130 challenge = *(++argv); 131 } else if (strcmp(*argv, "-spkac") == 0) { 132 if (--argc < 1) 133 goto bad; 134 spkac = *(++argv); 135 } else if (strcmp(*argv, "-spksect") == 0) { 136 if (--argc < 1) 137 goto bad; 138 spksect = *(++argv); 139 } 140 #ifndef OPENSSL_NO_ENGINE 141 else if (strcmp(*argv, "-engine") == 0) { 142 if (--argc < 1) 143 goto bad; 144 engine = *(++argv); 145 } 146 #endif 147 else if (strcmp(*argv, "-noout") == 0) 148 noout = 1; 149 else if (strcmp(*argv, "-pubkey") == 0) 150 pubkey = 1; 151 else if (strcmp(*argv, "-verify") == 0) 152 verify = 1; 153 else 154 badops = 1; 155 argc--; 156 argv++; 157 } 158 159 if (badops) { 160 bad: 161 BIO_printf(bio_err, "%s [options]\n", prog); 162 BIO_printf(bio_err, "where options are\n"); 163 BIO_printf(bio_err, " -in arg input file\n"); 164 BIO_printf(bio_err, " -out arg output file\n"); 165 BIO_printf(bio_err, 166 " -key arg create SPKAC using private key\n"); 167 BIO_printf(bio_err, 168 " -passin arg input file pass phrase source\n"); 169 BIO_printf(bio_err, " -challenge arg challenge string\n"); 170 BIO_printf(bio_err, " -spkac arg alternative SPKAC name\n"); 171 BIO_printf(bio_err, " -noout don't print SPKAC\n"); 172 BIO_printf(bio_err, " -pubkey output public key\n"); 173 BIO_printf(bio_err, " -verify verify SPKAC signature\n"); 174 #ifndef OPENSSL_NO_ENGINE 175 BIO_printf(bio_err, 176 " -engine e use engine e, possibly a hardware device.\n"); 177 #endif 178 goto end; 179 } 180 181 ERR_load_crypto_strings(); 182 if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) { 183 BIO_printf(bio_err, "Error getting password\n"); 184 goto end; 185 } 186 e = setup_engine(bio_err, engine, 0); 187 188 if (keyfile) { 189 pkey = load_key(bio_err, 190 strcmp(keyfile, "-") ? keyfile : NULL, 191 FORMAT_PEM, 1, passin, e, "private key"); 192 if (!pkey) { 193 goto end; 194 } 195 spki = NETSCAPE_SPKI_new(); 196 if (challenge) 197 ASN1_STRING_set(spki->spkac->challenge, 198 challenge, (int)strlen(challenge)); 199 NETSCAPE_SPKI_set_pubkey(spki, pkey); 200 NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()); 201 spkstr = NETSCAPE_SPKI_b64_encode(spki); 202 203 if (outfile) 204 out = BIO_new_file(outfile, "w"); 205 else { 206 out = BIO_new_fp(stdout, BIO_NOCLOSE); 207 #ifdef OPENSSL_SYS_VMS 208 { 209 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 210 out = BIO_push(tmpbio, out); 211 } 212 #endif 213 } 214 215 if (!out) { 216 BIO_printf(bio_err, "Error opening output file\n"); 217 ERR_print_errors(bio_err); 218 goto end; 219 } 220 BIO_printf(out, "SPKAC=%s\n", spkstr); 221 OPENSSL_free(spkstr); 222 ret = 0; 223 goto end; 224 } 225 226 if (infile) 227 in = BIO_new_file(infile, "r"); 228 else 229 in = BIO_new_fp(stdin, BIO_NOCLOSE); 230 231 if (!in) { 232 BIO_printf(bio_err, "Error opening input file\n"); 233 ERR_print_errors(bio_err); 234 goto end; 235 } 236 237 conf = NCONF_new(NULL); 238 i = NCONF_load_bio(conf, in, NULL); 239 240 if (!i) { 241 BIO_printf(bio_err, "Error parsing config file\n"); 242 ERR_print_errors(bio_err); 243 goto end; 244 } 245 246 spkstr = NCONF_get_string(conf, spksect, spkac); 247 248 if (!spkstr) { 249 BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac); 250 ERR_print_errors(bio_err); 251 goto end; 252 } 253 254 spki = NETSCAPE_SPKI_b64_decode(spkstr, -1); 255 256 if (!spki) { 257 BIO_printf(bio_err, "Error loading SPKAC\n"); 258 ERR_print_errors(bio_err); 259 goto end; 260 } 261 262 if (outfile) 263 out = BIO_new_file(outfile, "w"); 264 else { 265 out = BIO_new_fp(stdout, BIO_NOCLOSE); 266 #ifdef OPENSSL_SYS_VMS 267 { 268 BIO *tmpbio = BIO_new(BIO_f_linebuffer()); 269 out = BIO_push(tmpbio, out); 270 } 271 #endif 272 } 273 274 if (!out) { 275 BIO_printf(bio_err, "Error opening output file\n"); 276 ERR_print_errors(bio_err); 277 goto end; 278 } 279 280 if (!noout) 281 NETSCAPE_SPKI_print(out, spki); 282 pkey = NETSCAPE_SPKI_get_pubkey(spki); 283 if (verify) { 284 i = NETSCAPE_SPKI_verify(spki, pkey); 285 if (i > 0) 286 BIO_printf(bio_err, "Signature OK\n"); 287 else { 288 BIO_printf(bio_err, "Signature Failure\n"); 289 ERR_print_errors(bio_err); 290 goto end; 291 } 292 } 293 if (pubkey) 294 PEM_write_bio_PUBKEY(out, pkey); 295 296 ret = 0; 297 298 end: 299 NCONF_free(conf); 300 NETSCAPE_SPKI_free(spki); 301 BIO_free(in); 302 BIO_free_all(out); 303 EVP_PKEY_free(pkey); 304 release_engine(e); 305 if (passin) 306 OPENSSL_free(passin); 307 apps_shutdown(); 308 OPENSSL_EXIT(ret); 309 } 310