CoCalc -- skey.c

GitHub Repository: freebsd/freebsd-src
Path: blob/main/contrib/bearssl/tools/skey.c
³⁹⁵³⁶ views
1
/*
2
 * Copyright (c) 2016 Thomas Pornin <[email protected]>
3
 *
4
 * Permission is hereby granted, free of charge, to any person obtaining 
5
 * a copy of this software and associated documentation files (the
6
 * "Software"), to deal in the Software without restriction, including
7
 * without limitation the rights to use, copy, modify, merge, publish,
8
 * distribute, sublicense, and/or sell copies of the Software, and to
9
 * permit persons to whom the Software is furnished to do so, subject to
10
 * the following conditions:
11
 *
12
 * The above copyright notice and this permission notice shall be 
13
 * included in all copies or substantial portions of the Software.
14
 *
15
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 
16
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 
18
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19
 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20
 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22
 * SOFTWARE.
23
 */
24

25
#include <stdio.h>
26
#include <stdlib.h>
27
#include <string.h>
28
#include <stdint.h>
29
#include <errno.h>
30

31
#include "brssl.h"
32
#include "bearssl.h"
33

34
typedef struct {
35
	int print_text;
36
	int print_C;
37
	const char *rawder;
38
	const char *rawpem;
39
	const char *pk8der;
40
	const char *pk8pem;
41
} outspec;
42

43
static void
44
print_int_text(const char *name, const unsigned char *buf, size_t len)
45
{
46
	size_t u;
47

48
	printf("%s = ", name);
49
	for (u = 0; u < len; u ++) {
50
		printf("%02X", buf[u]);
51
	}
52
	printf("\n");
53
}
54

55
static void
56
print_int_C(const char *name, const unsigned char *buf, size_t len)
57
{
58
	size_t u;
59

60
	printf("\nstatic const unsigned char %s[] = {", name);
61
	for (u = 0; u < len; u ++) {
62
		if (u != 0) {
63
			printf(",");
64
		}
65
		if (u % 12 == 0) {
66
			printf("\n\t");
67
		} else {
68
			printf(" ");
69
		}
70
		printf("0x%02X", buf[u]);
71
	}
72
	printf("\n};\n");
73
}
74

75
static int
76
write_to_file(const char *name, const void *data, size_t len)
77
{
78
	FILE *f;
79

80
	f = fopen(name, "wb");
81
	if (f == NULL) {
82
		fprintf(stderr,
83
			"ERROR: cannot open file '%s' for writing\n",
84
			name);
85
		return 0;
86
	}
87
	if (fwrite(data, 1, len, f) != len) {
88
		fclose(f);
89
		fprintf(stderr,
90
			"ERROR: cannot write to file '%s'\n",
91
			name);
92
		return 0;
93
	}
94
	fclose(f);
95
	return 1;
96
}
97

98
static int
99
write_to_pem_file(const char *name,
100
	const void *data, size_t len, const char *banner)
101
{
102
	void *pem;
103
	size_t pemlen;
104
	int r;
105

106
	pemlen = br_pem_encode(NULL, NULL, len, banner, 0);
107
	pem = xmalloc(pemlen + 1);
108
	br_pem_encode(pem, data, len, banner, 0);
109
	r = write_to_file(name, pem, pemlen);
110
	xfree(pem);
111
	return r;
112
}
113

114
static int
115
print_rsa(const br_rsa_private_key *sk, outspec *os)
116
{
117
	int ret;
118
	unsigned char *n, *d, *buf;
119
	uint32_t e;
120
	size_t nlen, dlen, len;
121
	br_rsa_compute_modulus cm;
122
	br_rsa_compute_pubexp ce;
123
	br_rsa_compute_privexp cd;
124
	br_rsa_public_key pk;
125
	unsigned char ebuf[4];
126

127
	n = NULL;
128
	d = NULL;
129
	buf = NULL;
130
	ret = 1;
131
	if (os->print_text) {
132
		print_int_text("p ", sk->p, sk->plen);
133
		print_int_text("q ", sk->q, sk->qlen);
134
		print_int_text("dp", sk->dp, sk->dplen);
135
		print_int_text("dq", sk->dq, sk->dqlen);
136
		print_int_text("iq", sk->iq, sk->iqlen);
137
	}
138
	if (os->print_C) {
139
		print_int_C("RSA_P", sk->p, sk->plen);
140
		print_int_C("RSA_Q", sk->q, sk->qlen);
141
		print_int_C("RSA_DP", sk->dp, sk->dplen);
142
		print_int_C("RSA_DQ", sk->dq, sk->dqlen);
143
		print_int_C("RSA_IQ", sk->iq, sk->iqlen);
144
		printf("\nstatic const br_rsa_private_key RSA = {\n");
145
		printf("\t%lu,\n", (unsigned long)sk->n_bitlen);
146
		printf("\t(unsigned char *)RSA_P, sizeof RSA_P,\n");
147
		printf("\t(unsigned char *)RSA_Q, sizeof RSA_Q,\n");
148
		printf("\t(unsigned char *)RSA_DP, sizeof RSA_DP,\n");
149
		printf("\t(unsigned char *)RSA_DQ, sizeof RSA_DQ,\n");
150
		printf("\t(unsigned char *)RSA_IQ, sizeof RSA_IQ\n");
151
		printf("};\n");
152
	}
153

154
	if (os->rawder == NULL && os->rawpem == NULL
155
		&& os->pk8der == NULL && os->pk8pem == NULL)
156
	{
157
		return ret;
158
	}
159

160
	cm = br_rsa_compute_modulus_get_default();
161
	ce = br_rsa_compute_pubexp_get_default();
162
	cd = br_rsa_compute_privexp_get_default();
163
	nlen = cm(NULL, sk);
164
	if (nlen == 0) {
165
		goto print_RSA_error;
166
	}
167
	n = xmalloc(nlen);
168
	if (cm(n, sk) != nlen) {
169
		goto print_RSA_error;
170
	}
171
	e = ce(sk);
172
	if (e == 0) {
173
		goto print_RSA_error;
174
	}
175
	dlen = cd(NULL, sk, e);
176
	if (dlen == 0) {
177
		goto print_RSA_error;
178
	}
179
	d = xmalloc(dlen);
180
	if (cd(d, sk, e) != dlen) {
181
		goto print_RSA_error;
182
	}
183
	ebuf[0] = e >> 24;
184
	ebuf[1] = e >> 16;
185
	ebuf[2] = e >> 8;
186
	ebuf[3] = e;
187
	pk.n = n;
188
	pk.nlen = nlen;
189
	pk.e = ebuf;
190
	pk.elen = sizeof ebuf;
191

192
	if (os->rawder != NULL || os->rawpem != NULL) {
193
		len = br_encode_rsa_raw_der(NULL, sk, &pk, d, dlen);
194
		if (len == 0) {
195
			goto print_RSA_error;
196
		}
197
		buf = xmalloc(len);
198
		if (br_encode_rsa_raw_der(buf, sk, &pk, d, dlen) != len) {
199
			goto print_RSA_error;
200
		}
201
		if (os->rawder != NULL) {
202
			ret &= write_to_file(os->rawder, buf, len);
203
		}
204
		if (os->rawpem != NULL) {
205
			ret &= write_to_pem_file(os->rawpem,
206
				buf, len, "RSA PRIVATE KEY");
207
		}
208
		xfree(buf);
209
		buf = NULL;
210
	}
211

212
	if (os->pk8der != NULL || os->pk8pem != NULL) {
213
		len = br_encode_rsa_pkcs8_der(NULL, sk, &pk, d, dlen);
214
		if (len == 0) {
215
			goto print_RSA_error;
216
		}
217
		buf = xmalloc(len);
218
		if (br_encode_rsa_pkcs8_der(buf, sk, &pk, d, dlen) != len) {
219
			goto print_RSA_error;
220
		}
221
		if (os->pk8der != NULL) {
222
			ret &= write_to_file(os->pk8der, buf, len);
223
		}
224
		if (os->pk8pem != NULL) {
225
			ret &= write_to_pem_file(os->pk8pem,
226
				buf, len, "PRIVATE KEY");
227
		}
228
		xfree(buf);
229
		buf = NULL;
230
	}
231

232
print_RSA_exit:
233
	xfree(n);
234
	xfree(d);
235
	xfree(buf);
236
	return ret;
237

238
print_RSA_error:
239
	fprintf(stderr, "ERROR: cannot encode RSA key\n");
240
	ret = 0;
241
	goto print_RSA_exit;
242
}
243

244
static int
245
print_ec(const br_ec_private_key *sk, outspec *os)
246
{
247
	br_ec_public_key pk;
248
	unsigned kbuf[BR_EC_KBUF_PUB_MAX_SIZE];
249
	unsigned char *buf;
250
	size_t len;
251
	int r;
252

253
	if (os->print_text) {
254
		print_int_text("x", sk->x, sk->xlen);
255
	}
256
	if (os->print_C) {
257
		print_int_C("EC_X", sk->x, sk->xlen);
258
		printf("\nstatic const br_ec_private_key EC = {\n");
259
		printf("\t%d,\n", sk->curve);
260
		printf("\t(unsigned char *)EC_X, sizeof EC_X\n");
261
		printf("};\n");
262
	}
263

264
	if (os->rawder == NULL && os->rawpem == NULL
265
		&& os->pk8der == NULL && os->pk8pem == NULL)
266
	{
267
		return 1;
268
	}
269
	if (br_ec_compute_pub(br_ec_get_default(), &pk, kbuf, sk) == 0) {
270
		fprintf(stderr,
271
			"ERROR: cannot re-encode (unsupported curve)\n");
272
		return 0;
273
	}
274

275
	r = 1;
276
	if (os->rawder != NULL || os->rawpem != NULL) {
277
		len = br_encode_ec_raw_der(NULL, sk, &pk);
278
		if (len == 0) {
279
			fprintf(stderr, "ERROR: cannot re-encode"
280
				" (unsupported curve)\n");
281
			return 0;
282
		}
283
		buf = xmalloc(len);
284
		if (br_encode_ec_raw_der(buf, sk, &pk) != len) {
285
			fprintf(stderr, "ERROR: re-encode failure\n");
286
			xfree(buf);
287
			return 0;
288
		}
289
		if (os->rawder != NULL) {
290
			r &= write_to_file(os->rawder, buf, len);
291
		}
292
		if (os->rawpem != NULL) {
293
			r &= write_to_pem_file(os->rawpem,
294
				buf, len, "EC PRIVATE KEY");
295
		}
296
		xfree(buf);
297
	}
298
	if (os->pk8der != NULL || os->pk8pem != NULL) {
299
		len = br_encode_ec_pkcs8_der(NULL, sk, &pk);
300
		if (len == 0) {
301
			fprintf(stderr, "ERROR: cannot re-encode"
302
				" (unsupported curve)\n");
303
			return 0;
304
		}
305
		buf = xmalloc(len);
306
		if (br_encode_ec_pkcs8_der(buf, sk, &pk) != len) {
307
			fprintf(stderr, "ERROR: re-encode failure\n");
308
			xfree(buf);
309
			return 0;
310
		}
311
		if (os->pk8der != NULL) {
312
			r &= write_to_file(os->pk8der, buf, len);
313
		}
314
		if (os->pk8pem != NULL) {
315
			r &= write_to_pem_file(os->pk8pem,
316
				buf, len, "PRIVATE KEY");
317
		}
318
		xfree(buf);
319
	}
320
	return r;
321
}
322

323
static int
324
parse_rsa_spec(const char *kgen_spec, unsigned *size, uint32_t *pubexp)
325
{
326
	const char *p;
327
	char *end;
328
	unsigned long ul;
329

330
	p = kgen_spec;
331
	if (*p != 'r' && *p != 'R') {
332
		return 0;
333
	}
334
	p ++;
335
	if (*p != 's' && *p != 'S') {
336
		return 0;
337
	}
338
	p ++;
339
	if (*p != 'a' && *p != 'A') {
340
		return 0;
341
	}
342
	p ++;
343
	if (*p == 0) {
344
		*size = 2048;
345
		*pubexp = 3;
346
		return 1;
347
	} else if (*p != ':') {
348
		return 0;
349
	}
350
	p ++;
351
	ul = strtoul(p, &end, 10);
352
	if (ul < 512 || ul > 32768) {
353
		return 0;
354
	}
355
	*size = ul;
356
	p = end;
357
	if (*p == 0) {
358
		*pubexp = 3;
359
		return 1;
360
	} else if (*p != ':') {
361
		return 0;
362
	}
363
	p ++;
364
	ul = strtoul(p, &end, 10);
365
	if ((ul & 1) == 0 || ul == 1 || ((ul >> 30) >> 2) != 0) {
366
		return 0;
367
	}
368
	*pubexp = ul;
369
	if (*end != 0) {
370
		return 0;
371
	}
372
	return 1;
373
}
374

375
static int
376
keygen_rsa(unsigned size, uint32_t pubexp, outspec *os)
377
{
378
	br_hmac_drbg_context rng;
379
	br_prng_seeder seeder;
380
	br_rsa_keygen kg;
381
	br_rsa_private_key sk;
382
	unsigned char *kbuf_priv;
383
	uint32_t r;
384

385
	seeder = br_prng_seeder_system(NULL);
386
	if (seeder == 0) {
387
		fprintf(stderr, "ERROR: no system source of randomness\n");
388
		return 0;
389
	}
390
	br_hmac_drbg_init(&rng, &br_sha256_vtable, NULL, 0);
391
	if (!seeder(&rng.vtable)) {
392
		fprintf(stderr, "ERROR: system source of randomness failed\n");
393
		return 0;
394
	}
395
	kbuf_priv = xmalloc(BR_RSA_KBUF_PRIV_SIZE(size));
396
	kg = br_rsa_keygen_get_default();
397
	r = kg(&rng.vtable, &sk, kbuf_priv, NULL, NULL, size, pubexp);
398
	if (!r) {
399
		fprintf(stderr, "ERROR: RSA key pair generation failed\n");
400
	} else {
401
		r = print_rsa(&sk, os);
402
	}
403
	xfree(kbuf_priv);
404
	return r;
405
}
406

407
static int
408
parse_ec_spec(const char *kgen_spec, int *curve)
409
{
410
	const char *p;
411

412
	*curve = 0;
413
	p = kgen_spec;
414
	if (*p != 'e' && *p != 'E') {
415
		return 0;
416
	}
417
	p ++;
418
	if (*p != 'c' && *p != 'C') {
419
		return 0;
420
	}
421
	p ++;
422
	if (*p == 0) {
423
		*curve = BR_EC_secp256r1;
424
		return 1;
425
	}
426
	if (*p != ':') {
427
		return 0;
428
	}
429
	*curve = get_curve_by_name(p);
430
	return *curve > 0;
431
}
432

433
static int
434
keygen_ec(int curve, outspec *os)
435
{
436
	br_hmac_drbg_context rng;
437
	br_prng_seeder seeder;
438
	const br_ec_impl *impl;
439
	br_ec_private_key sk;
440
	unsigned char kbuf_priv[BR_EC_KBUF_PRIV_MAX_SIZE];
441
	size_t len;
442

443
	seeder = br_prng_seeder_system(NULL);
444
	if (seeder == 0) {
445
		fprintf(stderr, "ERROR: no system source of randomness\n");
446
		return 0;
447
	}
448
	br_hmac_drbg_init(&rng, &br_sha256_vtable, NULL, 0);
449
	if (!seeder(&rng.vtable)) {
450
		fprintf(stderr, "ERROR: system source of randomness failed\n");
451
		return 0;
452
	}
453
	impl = br_ec_get_default();
454
	len = br_ec_keygen(&rng.vtable, impl, &sk, kbuf_priv, curve);
455
	if (len == 0) {
456
		fprintf(stderr, "ERROR: curve is not supported\n");
457
		return 0;
458
	}
459
	return print_ec(&sk, os);
460
}
461

462
static int
463
decode_key(const unsigned char *buf, size_t len, outspec *os)
464
{
465
	br_skey_decoder_context dc;
466
	int err, ret;
467

468
	br_skey_decoder_init(&dc);
469
	br_skey_decoder_push(&dc, buf, len);
470
	err = br_skey_decoder_last_error(&dc);
471
	if (err != 0) {
472
		const char *errname, *errmsg;
473

474
		fprintf(stderr, "ERROR (decoding): err=%d\n", err);
475
		errname = find_error_name(err, &errmsg);
476
		if (errname != NULL) {
477
			fprintf(stderr, "  %s: %s\n", errname, errmsg);
478
		} else {
479
			fprintf(stderr, "  (unknown)\n");
480
		}
481
		return 0;
482
	}
483
	ret = 1;
484
	switch (br_skey_decoder_key_type(&dc)) {
485
		const br_rsa_private_key *rk;
486
		const br_ec_private_key *ek;
487

488
	case BR_KEYTYPE_RSA:
489
		rk = br_skey_decoder_get_rsa(&dc);
490
		printf("RSA key (%lu bits)\n", (unsigned long)rk->n_bitlen);
491
		ret = print_rsa(rk, os);
492
		break;
493

494
	case BR_KEYTYPE_EC:
495
		ek = br_skey_decoder_get_ec(&dc);
496
		printf("EC key (curve = %d: %s)\n",
497
			ek->curve, ec_curve_name(ek->curve));
498
		ret = print_ec(ek, os);
499
		break;
500

501
	default:
502
		fprintf(stderr, "Unknown key type: %d\n",
503
			br_skey_decoder_key_type(&dc));
504
		ret = 0;
505
		break;
506
	}
507

508
	return ret;
509
}
510

511
static void
512
usage_skey(void)
513
{
514
	fprintf(stderr,
515
"usage: brssl skey [ options ] file...\n");
516
	fprintf(stderr,
517
"options:\n");
518
	fprintf(stderr,
519
"   -q             suppress verbose messages\n");
520
	fprintf(stderr,
521
"   -text          print private key details (human-readable)\n");
522
	fprintf(stderr,
523
"   -C             print private key details (C code)\n");
524
	fprintf(stderr,
525
"   -rawder file   save private key in 'file' (raw format, DER)\n");
526
	fprintf(stderr,
527
"   -rawpem file   save private key in 'file' (raw format, PEM)\n");
528
	fprintf(stderr,
529
"   -pk8der file   save private key in 'file' (PKCS#8 format, DER)\n");
530
	fprintf(stderr,
531
"   -pk8pem file   save private key in 'file' (PKCS#8 format, PEM)\n");
532
	fprintf(stderr,
533
"   -gen spec      generate a new key using the provided key specification\n");
534
	fprintf(stderr,
535
"   -list          list known elliptic curve names\n");
536
	fprintf(stderr,
537
"Key specification begins with a key type, followed by optional parameters\n");
538
	fprintf(stderr,
539
"that depend on the key type, separated by colon characters:\n");
540
	fprintf(stderr,
541
"   rsa[:size[:pubexep]]   RSA key (defaults: size = 2048, pubexp = 3)\n");
542
	fprintf(stderr,
543
"   ec[:curvename]         EC key (default curve: secp256r1)\n");
544
}
545

546
/* see brssl.h */
547
int
548
do_skey(int argc, char *argv[])
549
{
550
	int retcode;
551
	int verbose;
552
	int i, num_files;
553
	outspec os;
554
	unsigned char *buf;
555
	size_t len;
556
	pem_object *pos;
557
	const char *kgen_spec;
558

559
	retcode = 0;
560
	verbose = 1;
561
	os.print_text = 0;
562
	os.print_C = 0;
563
	os.rawder = NULL;
564
	os.rawpem = NULL;
565
	os.pk8der = NULL;
566
	os.pk8pem = NULL;
567
	num_files = 0;
568
	buf = NULL;
569
	pos = NULL;
570
	kgen_spec = NULL;
571
	for (i = 0; i < argc; i ++) {
572
		const char *arg;
573

574
		arg = argv[i];
575
		if (arg[0] != '-') {
576
			num_files ++;
577
			continue;
578
		}
579
		argv[i] = NULL;
580
		if (eqstr(arg, "-v") || eqstr(arg, "-verbose")) {
581
			verbose = 1;
582
		} else if (eqstr(arg, "-q") || eqstr(arg, "-quiet")) {
583
			verbose = 0;
584
		} else if (eqstr(arg, "-text")) {
585
			os.print_text = 1;
586
		} else if (eqstr(arg, "-C")) {
587
			os.print_C = 1;
588
		} else if (eqstr(arg, "-rawder")) {
589
			if (++ i >= argc) {
590
				fprintf(stderr,
591
					"ERROR: no argument for '-rawder'\n");
592
				usage_skey();
593
				goto skey_exit_error;
594
			}
595
			if (os.rawder != NULL) {
596
				fprintf(stderr,
597
					"ERROR: multiple '-rawder' options\n");
598
				usage_skey();
599
				goto skey_exit_error;
600
			}
601
			os.rawder = argv[i];
602
			argv[i] = NULL;
603
		} else if (eqstr(arg, "-rawpem")) {
604
			if (++ i >= argc) {
605
				fprintf(stderr,
606
					"ERROR: no argument for '-rawpem'\n");
607
				usage_skey();
608
				goto skey_exit_error;
609
			}
610
			if (os.rawpem != NULL) {
611
				fprintf(stderr,
612
					"ERROR: multiple '-rawpem' options\n");
613
				usage_skey();
614
				goto skey_exit_error;
615
			}
616
			os.rawpem = argv[i];
617
			argv[i] = NULL;
618
		} else if (eqstr(arg, "-pk8der")) {
619
			if (++ i >= argc) {
620
				fprintf(stderr,
621
					"ERROR: no argument for '-pk8der'\n");
622
				usage_skey();
623
				goto skey_exit_error;
624
			}
625
			if (os.pk8der != NULL) {
626
				fprintf(stderr,
627
					"ERROR: multiple '-pk8der' options\n");
628
				usage_skey();
629
				goto skey_exit_error;
630
			}
631
			os.pk8der = argv[i];
632
			argv[i] = NULL;
633
		} else if (eqstr(arg, "-pk8pem")) {
634
			if (++ i >= argc) {
635
				fprintf(stderr,
636
					"ERROR: no argument for '-pk8pem'\n");
637
				usage_skey();
638
				goto skey_exit_error;
639
			}
640
			if (os.pk8pem != NULL) {
641
				fprintf(stderr,
642
					"ERROR: multiple '-pk8pem' options\n");
643
				usage_skey();
644
				goto skey_exit_error;
645
			}
646
			os.pk8pem = argv[i];
647
			argv[i] = NULL;
648
		} else if (eqstr(arg, "-gen")) {
649
			if (++ i >= argc) {
650
				fprintf(stderr,
651
					"ERROR: no argument for '-gen'\n");
652
				usage_skey();
653
				goto skey_exit_error;
654
			}
655
			if (kgen_spec != NULL) {
656
				fprintf(stderr,
657
					"ERROR: multiple '-gen' options\n");
658
				usage_skey();
659
				goto skey_exit_error;
660
			}
661
			kgen_spec = argv[i];
662
			argv[i] = NULL;
663
		} else if (eqstr(arg, "-list")) {
664
			list_curves();
665
			goto skey_exit;
666
		} else {
667
			fprintf(stderr, "ERROR: unknown option: '%s'\n", arg);
668
			usage_skey();
669
			goto skey_exit_error;
670
		}
671
	}
672
	if (kgen_spec != NULL) {
673
		unsigned rsa_size;
674
		uint32_t rsa_pubexp;
675
		int curve;
676

677
		if (num_files != 0) {
678
			fprintf(stderr,
679
				"ERROR: key files provided while generating\n");
680
			usage_skey();
681
			goto skey_exit_error;
682
		}
683

684
		if (parse_rsa_spec(kgen_spec, &rsa_size, &rsa_pubexp)) {
685
			if (!keygen_rsa(rsa_size, rsa_pubexp, &os)) {
686
				goto skey_exit_error;
687
			}
688
		} else if (parse_ec_spec(kgen_spec, &curve)) {
689
			if (!keygen_ec(curve, &os)) {
690
				goto skey_exit_error;
691
			}
692
		} else {
693
			fprintf(stderr,
694
				"ERROR: unknown key specification: '%s'\n",
695
				kgen_spec);
696
			usage_skey();
697
			goto skey_exit_error;
698
		}
699
	} else if (num_files == 0) {
700
		fprintf(stderr, "ERROR: no private key provided\n");
701
		usage_skey();
702
		goto skey_exit_error;
703
	}
704

705
	for (i = 0; i < argc; i ++) {
706
		const char *fname;
707

708
		fname = argv[i];
709
		if (fname == NULL) {
710
			continue;
711
		}
712
		buf = read_file(fname, &len);
713
		if (buf == NULL) {
714
			goto skey_exit_error;
715
		}
716
		if (looks_like_DER(buf, len)) {
717
			if (verbose) {
718
				fprintf(stderr, "File '%s': ASN.1/DER object\n",
719
					fname);
720
			}
721
			if (!decode_key(buf, len, &os)) {
722
				goto skey_exit_error;
723
			}
724
		} else {
725
			size_t u, num;
726

727
			if (verbose) {
728
				fprintf(stderr, "File '%s': decoding as PEM\n",
729
					fname);
730
			}
731
			pos = decode_pem(buf, len, &num);
732
			if (pos == NULL) {
733
				goto skey_exit_error;
734
			}
735
			for (u = 0; pos[u].name; u ++) {
736
				const char *name;
737

738
				name = pos[u].name;
739
				if (eqstr(name, "RSA PRIVATE KEY")
740
					|| eqstr(name, "EC PRIVATE KEY")
741
					|| eqstr(name, "PRIVATE KEY"))
742
				{
743
					if (!decode_key(pos[u].data,
744
						pos[u].data_len, &os))
745
					{
746
						goto skey_exit_error;
747
					}
748
				} else {
749
					if (verbose) {
750
						fprintf(stderr,
751
							"(skipping '%s')\n",
752
							name);
753
					}
754
				}
755
			}
756
			for (u = 0; pos[u].name; u ++) {
757
				free_pem_object_contents(&pos[u]);
758
			}
759
			xfree(pos);
760
			pos = NULL;
761
		}
762
		xfree(buf);
763
		buf = NULL;
764
	}
765

766
	/*
767
	 * Release allocated structures.
768
	 */
769
skey_exit:
770
	xfree(buf);
771
	if (pos != NULL) {
772
		size_t u;
773

774
		for (u = 0; pos[u].name; u ++) {
775
			free_pem_object_contents(&pos[u]);
776
		}
777
		xfree(pos);
778
	}
779
	return retcode;
780

781
skey_exit_error:
782
	retcode = -1;
783
	goto skey_exit;
784
}
785

786
Product

Resources

Company
