Add a 'pkcs8' application for initial PKCS#8 support. Still needs lots more

options to handle encrypted and unencrypted forms and DER format input and
output.
This commit is contained in:
Dr. Stephen Henson 1999-06-05 00:32:16 +00:00
parent b0c6fb8064
commit 600dec1586
6 changed files with 205 additions and 4 deletions

View file

@ -6,7 +6,8 @@
Changes between 0.9.3a and 0.9.4
*) Support for PKCS#5 v1.5 compatible password based encryption algorithms
and partial PKCS#8 functionality.
and partial PKCS#8 functionality. New 'pkcs8' application linked to
openssl.
[Steve Henson]
*) Introduce some semblance of const correctness to BN. Shame C doesn't

View file

@ -36,7 +36,8 @@ EXE= $(PROGRAM)
E_EXE= verify asn1pars req dgst dh enc gendh errstr ca crl \
rsa dsa dsaparam \
x509 genrsa gendsa s_server s_client speed \
s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12
s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
pkcs8
PROGS= $(PROGRAM).c
@ -50,7 +51,7 @@ E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
rsa.o dsa.o dsaparam.o \
x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
ciphers.o nseq.o pkcs12.o
ciphers.o nseq.o pkcs12.o pkcs8.o
# pem_mail.o
@ -59,7 +60,7 @@ E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
rsa.c dsa.c dsaparam.c \
x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \
ciphers.c nseq.c pkcs12.c
ciphers.c nseq.c pkcs12.c pkcs8.c
# pem_mail.c

194
apps/pkcs8.c Normal file
View file

@ -0,0 +1,194 @@
/* pkcs8.c */
/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
* project 1999.
*/
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* licensing@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pkcs12.h>
#include "apps.h"
#define PROG pkcs8_main
int MAIN(int argc, char **argv)
{
char **args, *infile = NULL, *outfile = NULL;
BIO *in = NULL, *out = NULL;
int topk8 = 0;
int pbe_nid = -1;
int iter = PKCS12_DEFAULT_ITER;
int p8_broken = PKCS8_OK;
X509_SIG *p8;
PKCS8_PRIV_KEY_INFO *p8inf;
EVP_PKEY *pkey;
char pass[50];
int badarg = 0;
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
ERR_load_crypto_strings();
SSLeay_add_all_algorithms();
args = argv + 1;
while (!badarg && *args && *args[0] == '-') {
if (!strcmp (*args, "-topk8")) topk8 = 1;
else if (!strcmp (*args, "-noiter")) iter = 1;
else if (!strcmp (*args, "-nooct")) p8_broken = PKCS8_NO_OCTET;
else if (!strcmp (*args, "-in")) {
if (args[1]) {
args++;
infile = *args;
} else badarg = 1;
} else if (!strcmp (*args, "-out")) {
if (args[1]) {
args++;
outfile = *args;
} else badarg = 1;
} else badarg = 1;
args++;
}
if (badarg) {
BIO_printf (bio_err, "Usage pkcs8 [options]\n");
BIO_printf (bio_err, "where options are\n");
BIO_printf (bio_err, "-in file input file\n");
BIO_printf (bio_err, "-out file output file\n");
BIO_printf (bio_err, "-topk8 output PKCS8 file\n");
BIO_printf (bio_err, "-nooct use (broken) no octet form\n");
BIO_printf (bio_err, "-noiter use 1 as iteration cound\n");
return (1);
}
if (pbe_nid == -1) pbe_nid = NID_pbeWithMD5AndDES_CBC;
if (infile) {
if (!(in = BIO_new_file (infile, "r"))) {
BIO_printf (bio_err,
"Can't open input file %s\n", infile);
return (1);
}
} else in = BIO_new_fp (stdin, BIO_NOCLOSE);
if (outfile) {
if (!(out = BIO_new_file (outfile, "w"))) {
BIO_printf (bio_err,
"Can't open output file %s\n", outfile);
return (1);
}
} else out = BIO_new_fp (stdout, BIO_NOCLOSE);
if (topk8) {
if (!(pkey = PEM_read_bio_PrivateKey(in, NULL, NULL))) {
BIO_printf (bio_err, "Error reading key\n", outfile);
ERR_print_errors(bio_err);
return (1);
}
if (!(p8inf = EVP_PKEY2PKCS8(pkey))) {
BIO_printf (bio_err, "Error converting key\n", outfile);
ERR_print_errors(bio_err);
return (1);
}
PKCS8_set_broken(p8inf, p8_broken);
EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
if (!(p8 = PKCS8_encrypt(pbe_nid, pass, strlen(pass),
NULL, 0, iter, p8inf))) {
BIO_printf (bio_err, "Error encrypting key\n", outfile);
ERR_print_errors(bio_err);
return (1);
}
PKCS8_PRIV_KEY_INFO_free (p8inf);
PEM_write_bio_PKCS8 (out, p8);
X509_SIG_free(p8);
return (0);
}
if (!(p8 = PEM_read_bio_PKCS8 (in, NULL, NULL))) {
BIO_printf (bio_err, "Error reading key\n", outfile);
ERR_print_errors(bio_err);
return (1);
}
EVP_read_pw_string(pass, 50, "Enter Password:", 0);
p8inf = M_PKCS8_decrypt(p8, pass, strlen(pass));
if (!p8inf) {
BIO_printf(bio_err, "Error decrypting key\n", outfile);
ERR_print_errors(bio_err);
return (1);
}
if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
BIO_printf(bio_err, "Error converting key\n", outfile);
ERR_print_errors(bio_err);
return (1);
}
if (p8inf->broken) {
BIO_printf(bio_err, "Warning: broken key encoding: ");
switch (p8inf->broken) {
case PKCS8_NO_OCTET:
BIO_printf(bio_err, "No Octet String\n");
break;
default:
BIO_printf(bio_err, "Unknown broken type\n");
break;
}
}
PKCS8_PRIV_KEY_INFO_free(p8inf);
PEM_write_bio_PrivateKey (out, pkey, NULL, NULL, 0, NULL);
return (0);
}

View file

@ -27,6 +27,7 @@ extern int sess_id_main(int argc,char *argv[]);
extern int ciphers_main(int argc,char *argv[]);
extern int nseq_main(int argc,char *argv[]);
extern int pkcs12_main(int argc,char *argv[]);
extern int pkcs8_main(int argc,char *argv[]);
#ifdef SSLEAY_SRC /* Defined only in openssl.c. */
@ -90,6 +91,7 @@ FUNCTION functions[] = {
#endif
{FUNC_TYPE_GENERAL,"nseq",nseq_main},
{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
{FUNC_TYPE_MD,"md2",dgst_main},
{FUNC_TYPE_MD,"md5",dgst_main},
{FUNC_TYPE_MD,"sha",dgst_main},

View file

@ -189,4 +189,5 @@ void SSLeay_add_all_digests(void)
EVP_add_digest_alias(SN_ripemd160,"rmd160");
#endif
PKCS12_PBE_add();
PKCS5_PBE_add();
}

View file

@ -639,6 +639,8 @@ int PKCS5_PBE_keyivgen(const char *pass, int passlen, unsigned char *salt,
int saltlen, int iter, EVP_CIPHER *cipher, EVP_MD *md,
unsigned char *key, unsigned char *iv);
void PKCS5_PBE_add(void);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.