mbedtls/programs/pkey/key_app.c

329 lines
11 KiB
C
Raw Normal View History

/*
* Key reading application
*
* Copyright The Mbed TLS Contributors
2015-09-04 14:21:07 +02:00
* SPDX-License-Identifier: Apache-2.0
*
2015-09-04 14:21:07 +02:00
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
2015-09-04 14:21:07 +02:00
* http://www.apache.org/licenses/LICENSE-2.0
*
2015-09-04 14:21:07 +02:00
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "mbedtls/build_info.h"
2015-03-09 18:05:11 +01:00
#include "mbedtls/platform.h"
#if defined(MBEDTLS_BIGNUM_C) && \
defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
2015-03-09 18:05:11 +01:00
#include "mbedtls/error.h"
#include "mbedtls/rsa.h"
2018-10-26 17:55:14 +02:00
#include "mbedtls/pk.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include <string.h>
#endif
#define MODE_NONE 0
#define MODE_PRIVATE 1
#define MODE_PUBLIC 2
#define DFL_MODE MODE_NONE
#define DFL_FILENAME "keyfile.key"
#define DFL_PASSWORD ""
#define DFL_PASSWORD_FILE ""
#define DFL_DEBUG_LEVEL 0
2015-02-13 15:12:07 +01:00
#define USAGE \
"\n usage: key_app param=<>...\n" \
"\n acceptable parameters:\n" \
" mode=private|public default: none\n" \
" filename=%%s default: keyfile.key\n" \
" password=%%s default: \"\"\n" \
" password_file=%%s default: \"\"\n" \
"\n"
#if !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
int main(void)
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit(0);
}
#else
/*
* global options
*/
struct options {
int mode; /* the mode to run the application in */
const char *filename; /* filename of the key file */
const char *password; /* password for the private key */
const char *password_file; /* password_file for the private key */
} opt;
int main(int argc, char *argv[])
{
2018-04-29 21:02:18 +02:00
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
char buf[1024];
int i;
char *p, *q;
const char *pers = "pkey/key_app";
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_pk_context pk;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
/*
* Set to sane values
*/
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_pk_init(&pk);
memset(buf, 0, sizeof(buf));
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
(int) status);
goto cleanup;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto cleanup;
}
opt.mode = DFL_MODE;
opt.filename = DFL_FILENAME;
opt.password = DFL_PASSWORD;
opt.password_file = DFL_PASSWORD_FILE;
for (i = 1; i < argc; i++) {
p = argv[i];
if ((q = strchr(p, '=')) == NULL) {
goto usage;
}
*q++ = '\0';
if (strcmp(p, "mode") == 0) {
if (strcmp(q, "private") == 0) {
opt.mode = MODE_PRIVATE;
} else if (strcmp(q, "public") == 0) {
opt.mode = MODE_PUBLIC;
} else {
goto usage;
}
} else if (strcmp(p, "filename") == 0) {
opt.filename = q;
} else if (strcmp(p, "password") == 0) {
opt.password = q;
} else if (strcmp(p, "password_file") == 0) {
opt.password_file = q;
} else {
goto usage;
}
}
if (opt.mode == MODE_PRIVATE) {
if (strlen(opt.password) && strlen(opt.password_file)) {
mbedtls_printf("Error: cannot have both password and password_file\n");
goto usage;
}
if (strlen(opt.password_file)) {
FILE *f;
mbedtls_printf("\n . Loading the password file ...");
if ((f = fopen(opt.password_file, "rb")) == NULL) {
mbedtls_printf(" failed\n ! fopen returned NULL\n");
goto cleanup;
}
if (fgets(buf, sizeof(buf), f) == NULL) {
fclose(f);
mbedtls_printf("Error: fgets() failed to retrieve password\n");
goto cleanup;
}
fclose(f);
i = (int) strlen(buf);
if (buf[i - 1] == '\n') {
buf[i - 1] = '\0';
}
if (buf[i - 2] == '\r') {
buf[i - 2] = '\0';
}
opt.password = buf;
}
/*
* 1.1. Load the key
*/
mbedtls_printf("\n . Loading the private key ...");
fflush(stdout);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
(unsigned int) -ret);
goto cleanup;
}
ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password,
mbedtls_ctr_drbg_random, &ctr_drbg);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
(unsigned int) -ret);
goto cleanup;
}
mbedtls_printf(" ok\n");
/*
* 1.2 Print the key
*/
mbedtls_printf(" . Key information ...\n");
#if defined(MBEDTLS_RSA_C)
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
(ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto cleanup;
}
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D: ", &D, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("P: ", &P, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q: ", &Q, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DP: ", &DP, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("QP: ", &QP, 16, NULL));
} else
#endif
#if defined(MBEDTLS_ECP_C)
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(X): ",
&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16,
NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Y): ",
&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16,
NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Z): ",
&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16,
NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D : ", &ecp->MBEDTLS_PRIVATE(d), 16, NULL));
} else
#endif
{
mbedtls_printf("Do not know how to print key information for this type\n");
goto cleanup;
}
} else if (opt.mode == MODE_PUBLIC) {
/*
* 1.1. Load the key
*/
mbedtls_printf("\n . Loading the public key ...");
fflush(stdout);
ret = mbedtls_pk_parse_public_keyfile(&pk, opt.filename);
if (ret != 0) {
mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
(unsigned int) -ret);
goto cleanup;
}
mbedtls_printf(" ok\n");
mbedtls_printf(" . Key information ...\n");
#if defined(MBEDTLS_RSA_C)
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL,
NULL, &E)) != 0) {
mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
goto cleanup;
}
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL));
} else
#endif
#if defined(MBEDTLS_ECP_C)
if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(X): ",
&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16,
NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Y): ",
&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16,
NULL));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q(Z): ",
&ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16,
NULL));
} else
#endif
{
mbedtls_printf("Do not know how to print key information for this type\n");
goto cleanup;
}
} else {
goto usage;
}
2018-04-29 21:02:18 +02:00
exit_code = MBEDTLS_EXIT_SUCCESS;
cleanup:
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
mbedtls_strerror(ret, buf, sizeof(buf));
mbedtls_printf(" ! Last error was: %s\n", buf);
}
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_pk_free(&pk);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_psa_crypto_free();
#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
mbedtls_exit(exit_code);
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */