2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
44 print_int_text(const char *name
, const unsigned char *buf
, size_t len
)
48 printf("%s = ", name
);
49 for (u
= 0; u
< len
; u
++) {
50 printf("%02X", buf
[u
]);
56 print_int_C(const char *name
, const unsigned char *buf
, size_t len
)
60 printf("\nstatic const unsigned char %s[] = {", name
);
61 for (u
= 0; u
< len
; u
++) {
70 printf("0x%02X", buf
[u
]);
76 write_to_file(const char *name
, const void *data
, size_t len
)
80 f
= fopen(name
, "wb");
83 "ERROR: cannot open file '%s' for writing\n",
87 if (fwrite(data
, 1, len
, f
) != len
) {
90 "ERROR: cannot write to file '%s'\n",
99 write_to_pem_file(const char *name
,
100 const void *data
, size_t len
, const char *banner
)
106 pemlen
= br_pem_encode(NULL
, NULL
, len
, banner
, 0);
107 pem
= xmalloc(pemlen
+ 1);
108 br_pem_encode(pem
, data
, len
, banner
, 0);
109 r
= write_to_file(name
, pem
, pemlen
);
115 print_rsa(const br_rsa_private_key
*sk
, outspec
*os
)
118 unsigned char *n
, *d
, *buf
;
120 size_t nlen
, dlen
, len
;
121 br_rsa_compute_modulus cm
;
122 br_rsa_compute_pubexp ce
;
123 br_rsa_compute_privexp cd
;
124 br_rsa_public_key pk
;
125 unsigned char ebuf
[4];
131 if (os
->print_text
) {
132 print_int_text("p ", sk
->p
, sk
->plen
);
133 print_int_text("q ", sk
->q
, sk
->qlen
);
134 print_int_text("dp", sk
->dp
, sk
->dplen
);
135 print_int_text("dq", sk
->dq
, sk
->dqlen
);
136 print_int_text("iq", sk
->iq
, sk
->iqlen
);
139 print_int_C("RSA_P", sk
->p
, sk
->plen
);
140 print_int_C("RSA_Q", sk
->q
, sk
->qlen
);
141 print_int_C("RSA_DP", sk
->dp
, sk
->dplen
);
142 print_int_C("RSA_DQ", sk
->dq
, sk
->dqlen
);
143 print_int_C("RSA_IQ", sk
->iq
, sk
->iqlen
);
144 printf("\nstatic const br_rsa_private_key RSA = {\n");
145 printf("\t%lu,\n", (unsigned long)sk
->n_bitlen
);
146 printf("\t(unsigned char *)RSA_P, sizeof RSA_P,\n");
147 printf("\t(unsigned char *)RSA_Q, sizeof RSA_Q,\n");
148 printf("\t(unsigned char *)RSA_DP, sizeof RSA_DP,\n");
149 printf("\t(unsigned char *)RSA_DQ, sizeof RSA_DQ,\n");
150 printf("\t(unsigned char *)RSA_IQ, sizeof RSA_IQ\n");
154 if (os
->rawder
== NULL
&& os
->rawpem
== NULL
155 && os
->pk8der
== NULL
&& os
->pk8pem
== NULL
)
160 cm
= br_rsa_compute_modulus_get_default();
161 ce
= br_rsa_compute_pubexp_get_default();
162 cd
= br_rsa_compute_privexp_get_default();
165 goto print_RSA_error
;
168 if (cm(n
, sk
) != nlen
) {
169 goto print_RSA_error
;
173 goto print_RSA_error
;
175 dlen
= cd(NULL
, sk
, e
);
177 goto print_RSA_error
;
180 if (cd(d
, sk
, e
) != dlen
) {
181 goto print_RSA_error
;
190 pk
.elen
= sizeof ebuf
;
192 if (os
->rawder
!= NULL
|| os
->rawpem
!= NULL
) {
193 len
= br_encode_rsa_raw_der(NULL
, sk
, &pk
, d
, dlen
);
195 goto print_RSA_error
;
198 if (br_encode_rsa_raw_der(buf
, sk
, &pk
, d
, dlen
) != len
) {
199 goto print_RSA_error
;
201 if (os
->rawder
!= NULL
) {
202 ret
&= write_to_file(os
->rawder
, buf
, len
);
204 if (os
->rawpem
!= NULL
) {
205 ret
&= write_to_pem_file(os
->rawpem
,
206 buf
, len
, "RSA PRIVATE KEY");
212 if (os
->pk8der
!= NULL
|| os
->pk8pem
!= NULL
) {
213 len
= br_encode_rsa_pkcs8_der(NULL
, sk
, &pk
, d
, dlen
);
215 goto print_RSA_error
;
218 if (br_encode_rsa_pkcs8_der(buf
, sk
, &pk
, d
, dlen
) != len
) {
219 goto print_RSA_error
;
221 if (os
->pk8der
!= NULL
) {
222 ret
&= write_to_file(os
->pk8der
, buf
, len
);
224 if (os
->pk8pem
!= NULL
) {
225 ret
&= write_to_pem_file(os
->pk8pem
,
226 buf
, len
, "PRIVATE KEY");
239 fprintf(stderr
, "ERROR: cannot encode RSA key\n");
245 print_ec(const br_ec_private_key
*sk
, outspec
*os
)
248 unsigned kbuf
[BR_EC_KBUF_PUB_MAX_SIZE
];
253 if (os
->print_text
) {
254 print_int_text("x", sk
->x
, sk
->xlen
);
257 print_int_C("EC_X", sk
->x
, sk
->xlen
);
258 printf("\nstatic const br_ec_private_key EC = {\n");
259 printf("\t%d,\n", sk
->curve
);
260 printf("\t(unsigned char *)EC_X, sizeof EC_X\n");
264 if (os
->rawder
== NULL
&& os
->rawpem
== NULL
265 && os
->pk8der
== NULL
&& os
->pk8pem
== NULL
)
269 if (br_ec_compute_pub(br_ec_get_default(), &pk
, kbuf
, sk
) == 0) {
271 "ERROR: cannot re-encode (unsupported curve)\n");
276 if (os
->rawder
!= NULL
|| os
->rawpem
!= NULL
) {
277 len
= br_encode_ec_raw_der(NULL
, sk
, &pk
);
279 fprintf(stderr
, "ERROR: cannot re-encode"
280 " (unsupported curve)\n");
284 if (br_encode_ec_raw_der(buf
, sk
, &pk
) != len
) {
285 fprintf(stderr
, "ERROR: re-encode failure\n");
289 if (os
->rawder
!= NULL
) {
290 r
&= write_to_file(os
->rawder
, buf
, len
);
292 if (os
->rawpem
!= NULL
) {
293 r
&= write_to_pem_file(os
->rawpem
,
294 buf
, len
, "EC PRIVATE KEY");
298 if (os
->pk8der
!= NULL
|| os
->pk8pem
!= NULL
) {
299 len
= br_encode_ec_pkcs8_der(NULL
, sk
, &pk
);
301 fprintf(stderr
, "ERROR: cannot re-encode"
302 " (unsupported curve)\n");
306 if (br_encode_ec_pkcs8_der(buf
, sk
, &pk
) != len
) {
307 fprintf(stderr
, "ERROR: re-encode failure\n");
311 if (os
->pk8der
!= NULL
) {
312 r
&= write_to_file(os
->pk8der
, buf
, len
);
314 if (os
->pk8pem
!= NULL
) {
315 r
&= write_to_pem_file(os
->pk8pem
,
316 buf
, len
, "PRIVATE KEY");
324 parse_rsa_spec(const char *kgen_spec
, unsigned *size
, uint32_t *pubexp
)
331 if (*p
!= 'r' && *p
!= 'R') {
335 if (*p
!= 's' && *p
!= 'S') {
339 if (*p
!= 'a' && *p
!= 'A') {
347 } else if (*p
!= ':') {
351 ul
= strtoul(p
, &end
, 10);
352 if (ul
< 512 || ul
> 32768) {
360 } else if (*p
!= ':') {
364 ul
= strtoul(p
, &end
, 10);
365 if ((ul
& 1) == 0 || ul
== 1 || ((ul
>> 30) >> 2) != 0) {
376 keygen_rsa(unsigned size
, uint32_t pubexp
, outspec
*os
)
378 br_hmac_drbg_context rng
;
379 br_prng_seeder seeder
;
381 br_rsa_private_key sk
;
382 unsigned char *kbuf_priv
;
385 seeder
= br_prng_seeder_system(NULL
);
387 fprintf(stderr
, "ERROR: no system source of randomness\n");
390 br_hmac_drbg_init(&rng
, &br_sha256_vtable
, NULL
, 0);
391 if (!seeder(&rng
.vtable
)) {
392 fprintf(stderr
, "ERROR: system source of randomness failed\n");
395 kbuf_priv
= xmalloc(BR_RSA_KBUF_PRIV_SIZE(size
));
396 kg
= br_rsa_keygen_get_default();
397 r
= kg(&rng
.vtable
, &sk
, kbuf_priv
, NULL
, NULL
, size
, pubexp
);
399 fprintf(stderr
, "ERROR: RSA key pair generation failed\n");
401 r
= print_rsa(&sk
, os
);
408 parse_ec_spec(const char *kgen_spec
, int *curve
)
414 if (*p
!= 'e' && *p
!= 'E') {
418 if (*p
!= 'c' && *p
!= 'C') {
423 *curve
= BR_EC_secp256r1
;
429 *curve
= get_curve_by_name(p
);
434 keygen_ec(int curve
, outspec
*os
)
436 br_hmac_drbg_context rng
;
437 br_prng_seeder seeder
;
438 const br_ec_impl
*impl
;
439 br_ec_private_key sk
;
440 unsigned char kbuf_priv
[BR_EC_KBUF_PRIV_MAX_SIZE
];
443 seeder
= br_prng_seeder_system(NULL
);
445 fprintf(stderr
, "ERROR: no system source of randomness\n");
448 br_hmac_drbg_init(&rng
, &br_sha256_vtable
, NULL
, 0);
449 if (!seeder(&rng
.vtable
)) {
450 fprintf(stderr
, "ERROR: system source of randomness failed\n");
453 impl
= br_ec_get_default();
454 len
= br_ec_keygen(&rng
.vtable
, impl
, &sk
, kbuf_priv
, curve
);
456 fprintf(stderr
, "ERROR: curve is not supported\n");
459 return print_ec(&sk
, os
);
463 decode_key(const unsigned char *buf
, size_t len
, outspec
*os
)
465 br_skey_decoder_context dc
;
468 br_skey_decoder_init(&dc
);
469 br_skey_decoder_push(&dc
, buf
, len
);
470 err
= br_skey_decoder_last_error(&dc
);
472 const char *errname
, *errmsg
;
474 fprintf(stderr
, "ERROR (decoding): err=%d\n", err
);
475 errname
= find_error_name(err
, &errmsg
);
476 if (errname
!= NULL
) {
477 fprintf(stderr
, " %s: %s\n", errname
, errmsg
);
479 fprintf(stderr
, " (unknown)\n");
484 switch (br_skey_decoder_key_type(&dc
)) {
485 const br_rsa_private_key
*rk
;
486 const br_ec_private_key
*ek
;
489 rk
= br_skey_decoder_get_rsa(&dc
);
490 printf("RSA key (%lu bits)\n", (unsigned long)rk
->n_bitlen
);
491 ret
= print_rsa(rk
, os
);
495 ek
= br_skey_decoder_get_ec(&dc
);
496 printf("EC key (curve = %d: %s)\n",
497 ek
->curve
, ec_curve_name(ek
->curve
));
498 ret
= print_ec(ek
, os
);
502 fprintf(stderr
, "Unknown key type: %d\n",
503 br_skey_decoder_key_type(&dc
));
515 "usage: brssl skey [ options ] file...\n");
519 " -q suppress verbose messages\n");
521 " -text print private key details (human-readable)\n");
523 " -C print private key details (C code)\n");
525 " -rawder file save private key in 'file' (raw format, DER)\n");
527 " -rawpem file save private key in 'file' (raw format, PEM)\n");
529 " -pk8der file save private key in 'file' (PKCS#8 format, DER)\n");
531 " -pk8pem file save private key in 'file' (PKCS#8 format, PEM)\n");
533 " -gen spec generate a new key using the provided key specification\n");
535 " -list list known elliptic curve names\n");
537 "Key specification begins with a key type, followed by optional parameters\n");
539 "that depend on the key type, separated by colon characters:\n");
541 " rsa[:size[:pubexep]] RSA key (defaults: size = 2048, pubexp = 3)\n");
543 " ec[:curvename] EC key (default curve: secp256r1)\n");
548 do_skey(int argc
, char *argv
[])
557 const char *kgen_spec
;
571 for (i
= 0; i
< argc
; i
++) {
580 if (eqstr(arg
, "-v") || eqstr(arg
, "-verbose")) {
582 } else if (eqstr(arg
, "-q") || eqstr(arg
, "-quiet")) {
584 } else if (eqstr(arg
, "-text")) {
586 } else if (eqstr(arg
, "-C")) {
588 } else if (eqstr(arg
, "-rawder")) {
591 "ERROR: no argument for '-rawder'\n");
593 goto skey_exit_error
;
595 if (os
.rawder
!= NULL
) {
597 "ERROR: multiple '-rawder' options\n");
599 goto skey_exit_error
;
603 } else if (eqstr(arg
, "-rawpem")) {
606 "ERROR: no argument for '-rawpem'\n");
608 goto skey_exit_error
;
610 if (os
.rawpem
!= NULL
) {
612 "ERROR: multiple '-rawpem' options\n");
614 goto skey_exit_error
;
618 } else if (eqstr(arg
, "-pk8der")) {
621 "ERROR: no argument for '-pk8der'\n");
623 goto skey_exit_error
;
625 if (os
.pk8der
!= NULL
) {
627 "ERROR: multiple '-pk8der' options\n");
629 goto skey_exit_error
;
633 } else if (eqstr(arg
, "-pk8pem")) {
636 "ERROR: no argument for '-pk8pem'\n");
638 goto skey_exit_error
;
640 if (os
.pk8pem
!= NULL
) {
642 "ERROR: multiple '-pk8pem' options\n");
644 goto skey_exit_error
;
648 } else if (eqstr(arg
, "-gen")) {
651 "ERROR: no argument for '-gen'\n");
653 goto skey_exit_error
;
655 if (kgen_spec
!= NULL
) {
657 "ERROR: multiple '-gen' options\n");
659 goto skey_exit_error
;
663 } else if (eqstr(arg
, "-list")) {
667 fprintf(stderr
, "ERROR: unknown option: '%s'\n", arg
);
669 goto skey_exit_error
;
672 if (kgen_spec
!= NULL
) {
677 if (num_files
!= 0) {
679 "ERROR: key files provided while generating\n");
681 goto skey_exit_error
;
684 if (parse_rsa_spec(kgen_spec
, &rsa_size
, &rsa_pubexp
)) {
685 if (!keygen_rsa(rsa_size
, rsa_pubexp
, &os
)) {
686 goto skey_exit_error
;
688 } else if (parse_ec_spec(kgen_spec
, &curve
)) {
689 if (!keygen_ec(curve
, &os
)) {
690 goto skey_exit_error
;
694 "ERROR: unknown key specification: '%s'\n",
697 goto skey_exit_error
;
699 } else if (num_files
== 0) {
700 fprintf(stderr
, "ERROR: no private key provided\n");
702 goto skey_exit_error
;
705 for (i
= 0; i
< argc
; i
++) {
712 buf
= read_file(fname
, &len
);
714 goto skey_exit_error
;
716 if (looks_like_DER(buf
, len
)) {
718 fprintf(stderr
, "File '%s': ASN.1/DER object\n",
721 if (!decode_key(buf
, len
, &os
)) {
722 goto skey_exit_error
;
728 fprintf(stderr
, "File '%s': decoding as PEM\n",
731 pos
= decode_pem(buf
, len
, &num
);
733 goto skey_exit_error
;
735 for (u
= 0; pos
[u
].name
; u
++) {
739 if (eqstr(name
, "RSA PRIVATE KEY")
740 || eqstr(name
, "EC PRIVATE KEY")
741 || eqstr(name
, "PRIVATE KEY"))
743 if (!decode_key(pos
[u
].data
,
744 pos
[u
].data_len
, &os
))
746 goto skey_exit_error
;
756 for (u
= 0; pos
[u
].name
; u
++) {
757 free_pem_object_contents(&pos
[u
]);
767 * Release allocated structures.
774 for (u
= 0; pos
[u
].name
; u
++) {
775 free_pem_object_contents(&pos
[u
]);