projects / BearSSL / blob
? search:


a9ecb3209002338021a7d6db468df9803bad77f3
[BearSSL] / skey.c
1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <stdint.h>
29 #include <errno.h>
30
31 #include "brssl.h"
32 #include "bearssl.h"
33
34 static void
35 print_int_text(const char *name, const unsigned char *buf, size_t len)
36 {
37 size_t u;
38
39 printf("%s = ", name);
40 for (u = 0; u < len; u ++) {
41 printf("%02X", buf[u]);
42 }
43 printf("\n");
44 }
45
46 static void
47 print_int_C(const char *name, const unsigned char *buf, size_t len)
48 {
49 size_t u;
50
51 printf("\nstatic const unsigned char %s[] = {", name);
52 for (u = 0; u < len; u ++) {
53 if (u != 0) {
54 printf(",");
55 }
56 if (u % 12 == 0) {
57 printf("\n\t");
58 } else {
59 printf(" ");
60 }
61 printf("0x%02X", buf[u]);
62 }
63 printf("\n};\n");
64 }
65
66 static void
67 print_rsa(const br_rsa_private_key *sk, int print_text, int print_C)
68 {
69 if (print_text) {
70 print_int_text("p ", sk->p, sk->plen);
71 print_int_text("q ", sk->q, sk->qlen);
72 print_int_text("dp", sk->dp, sk->dplen);
73 print_int_text("dq", sk->dq, sk->dqlen);
74 print_int_text("iq", sk->iq, sk->iqlen);
75 }
76 if (print_C) {
77 print_int_C("RSA_P", sk->p, sk->plen);
78 print_int_C("RSA_Q", sk->q, sk->qlen);
79 print_int_C("RSA_DP", sk->dp, sk->dplen);
80 print_int_C("RSA_DQ", sk->dq, sk->dqlen);
81 print_int_C("RSA_IQ", sk->iq, sk->iqlen);
82 printf("\nstatic const br_rsa_private_key RSA = {\n");
83 printf("\t%lu,\n", (unsigned long)sk->n_bitlen);
84 printf("\t(unsigned char *)RSA_P, sizeof RSA_P,\n");
85 printf("\t(unsigned char *)RSA_Q, sizeof RSA_Q,\n");
86 printf("\t(unsigned char *)RSA_DP, sizeof RSA_DP,\n");
87 printf("\t(unsigned char *)RSA_DQ, sizeof RSA_DQ,\n");
88 printf("\t(unsigned char *)RSA_IQ, sizeof RSA_IQ\n");
89 printf("};\n");
90 }
91 }
92
93 static void
94 print_ec(const br_ec_private_key *sk, int print_text, int print_C)
95 {
96 if (print_text) {
97 print_int_text("x", sk->x, sk->xlen);
98 }
99 if (print_C) {
100 print_int_C("EC_X", sk->x, sk->xlen);
101 printf("\nstatic const br_ec_private_key EC = {\n");
102 printf("\t%d,\n", sk->curve);
103 printf("\t(unsigned char *)EC_X, sizeof EC_X\n");
104 printf("};\n");
105 }
106 }
107
108 static int
109 decode_key(const unsigned char *buf, size_t len, int print_text, int print_C)
110 {
111 br_skey_decoder_context dc;
112 int err;
113
114 br_skey_decoder_init(&dc);
115 br_skey_decoder_push(&dc, buf, len);
116 err = br_skey_decoder_last_error(&dc);
117 if (err != 0) {
118 const char *errname, *errmsg;
119
120 fprintf(stderr, "ERROR (decoding): err=%d\n", err);
121 errname = find_error_name(err, &errmsg);
122 if (errname != NULL) {
123 fprintf(stderr, " %s: %s\n", errname, errmsg);
124 } else {
125 fprintf(stderr, " (unknown)\n");
126 }
127 return -1;
128 }
129 switch (br_skey_decoder_key_type(&dc)) {
130 const br_rsa_private_key *rk;
131 const br_ec_private_key *ek;
132
133 case BR_KEYTYPE_RSA:
134 rk = br_skey_decoder_get_rsa(&dc);
135 printf("RSA key (%lu bits)\n", (unsigned long)rk->n_bitlen);
136 print_rsa(rk, print_text, print_C);
137 break;
138
139 case BR_KEYTYPE_EC:
140 ek = br_skey_decoder_get_ec(&dc);
141 printf("EC key (curve = %d: %s)\n",
142 ek->curve, ec_curve_name(ek->curve));
143 print_ec(ek, print_text, print_C);
144 break;
145
146 default:
147 fprintf(stderr, "Unknown key type: %d\n",
148 br_skey_decoder_key_type(&dc));
149 return -1;
150 }
151
152 return 0;
153 }
154
155 static void
156 usage_skey(void)
157 {
158 fprintf(stderr,
159 "usage: brssl skey [ options ] file...\n");
160 fprintf(stderr,
161 "options:\n");
162 fprintf(stderr,
163 " -q suppress verbose messages\n");
164 fprintf(stderr,
165 " -text print public key details (human-readable)\n");
166 fprintf(stderr,
167 " -C print public key details (C code)\n");
168 }
169
170 /* see brssl.h */
171 int
172 do_skey(int argc, char *argv[])
173 {
174 int retcode;
175 int verbose;
176 int i, num_files;
177 int print_text, print_C;
178 unsigned char *buf;
179 size_t len;
180 pem_object *pos;
181
182 retcode = 0;
183 verbose = 1;
184 print_text = 0;
185 print_C = 0;
186 num_files = 0;
187 buf = NULL;
188 pos = NULL;
189 for (i = 0; i < argc; i ++) {
190 const char *arg;
191
192 arg = argv[i];
193 if (arg[0] != '-') {
194 num_files ++;
195 continue;
196 }
197 argv[i] = NULL;
198 if (eqstr(arg, "-v") || eqstr(arg, "-verbose")) {
199 verbose = 1;
200 } else if (eqstr(arg, "-q") || eqstr(arg, "-quiet")) {
201 verbose = 0;
202 } else if (eqstr(arg, "-text")) {
203 print_text = 1;
204 } else if (eqstr(arg, "-C")) {
205 print_C = 1;
206 } else {
207 fprintf(stderr, "ERROR: unknown option: '%s'\n", arg);
208 usage_skey();
209 goto skey_exit_error;
210 }
211 }
212 if (num_files == 0) {
213 fprintf(stderr, "ERROR: no private key provided\n");
214 usage_skey();
215 goto skey_exit_error;
216 }
217
218 for (i = 0; i < argc; i ++) {
219 const char *fname;
220
221 fname = argv[i];
222 if (fname == NULL) {
223 continue;
224 }
225 buf = read_file(fname, &len);
226 if (buf == NULL) {
227 goto skey_exit_error;
228 }
229 if (looks_like_DER(buf, len)) {
230 if (verbose) {
231 fprintf(stderr, "File '%s': ASN.1/DER object\n",
232 fname);
233 }
234 if (decode_key(buf, len, print_text, print_C) < 0) {
235 goto skey_exit_error;
236 }
237 } else {
238 size_t u, num;
239
240 if (verbose) {
241 fprintf(stderr, "File '%s': decoding as PEM\n",
242 fname);
243 }
244 pos = decode_pem(buf, len, &num);
245 if (pos == NULL) {
246 goto skey_exit_error;
247 }
248 for (u = 0; pos[u].name; u ++) {
249 const char *name;
250
251 name = pos[u].name;
252 if (eqstr(name, "RSA PRIVATE KEY")
253 || eqstr(name, "EC PRIVATE KEY")
254 || eqstr(name, "PRIVATE KEY"))
255 {
256 if (decode_key(pos[u].data,
257 pos[u].data_len,
258 print_text, print_C) < 0)
259 {
260 goto skey_exit_error;
261 }
262 } else {
263 if (verbose) {
264 fprintf(stderr,
265 "(skipping '%s')\n",
266 name);
267 }
268 }
269 }
270 for (u = 0; pos[u].name; u ++) {
271 free_pem_object_contents(&pos[u]);
272 }
273 xfree(pos);
274 pos = NULL;
275 }
276 xfree(buf);
277 buf = NULL;
278 }
279
280 /*
281 * Release allocated structures.
282 */
283 skey_exit:
284 xfree(buf);
285 if (pos != NULL) {
286 size_t u;
287
288 for (u = 0; pos[u].name; u ++) {
289 free_pem_object_contents(&pos[u]);
290 }
291 xfree(pos);
292 }
293 return retcode;
294
295 skey_exit_error:
296 retcode = -1;
297 goto skey_exit;
298 }
The BearSSL library and tools.