[331] | 1 | /*
|
---|
| 2 | * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
|
---|
| 3 | *
|
---|
| 4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
---|
| 6 | * in the file LICENSE in the source distribution or at
|
---|
| 7 | * https://www.openssl.org/source/license.html
|
---|
| 8 | */
|
---|
| 9 |
|
---|
| 10 | #include "apps.h"
|
---|
| 11 | #include <string.h>
|
---|
| 12 | #include <openssl/err.h>
|
---|
| 13 | #include <openssl/pem.h>
|
---|
| 14 | #include <openssl/evp.h>
|
---|
| 15 |
|
---|
| 16 | #define KEY_NONE 0
|
---|
| 17 | #define KEY_PRIVKEY 1
|
---|
| 18 | #define KEY_PUBKEY 2
|
---|
| 19 | #define KEY_CERT 3
|
---|
| 20 |
|
---|
| 21 | static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
|
---|
| 22 | const char *keyfile, int keyform, int key_type,
|
---|
| 23 | char *passinarg, int pkey_op, ENGINE *e,
|
---|
| 24 | const int impl);
|
---|
| 25 |
|
---|
| 26 | static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
|
---|
| 27 | ENGINE *e);
|
---|
| 28 |
|
---|
| 29 | static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
|
---|
| 30 | unsigned char *out, size_t *poutlen,
|
---|
| 31 | const unsigned char *in, size_t inlen);
|
---|
| 32 |
|
---|
| 33 | typedef enum OPTION_choice {
|
---|
| 34 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
|
---|
| 35 | OPT_ENGINE, OPT_ENGINE_IMPL, OPT_IN, OPT_OUT,
|
---|
| 36 | OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN,
|
---|
| 37 | OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
|
---|
| 38 | OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
|
---|
| 39 | OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN
|
---|
| 40 | } OPTION_CHOICE;
|
---|
| 41 |
|
---|
| 42 | OPTIONS pkeyutl_options[] = {
|
---|
| 43 | {"help", OPT_HELP, '-', "Display this summary"},
|
---|
| 44 | {"in", OPT_IN, '<', "Input file - default stdin"},
|
---|
| 45 | {"out", OPT_OUT, '>', "Output file - default stdout"},
|
---|
| 46 | {"pubin", OPT_PUBIN, '-', "Input is a public key"},
|
---|
| 47 | {"certin", OPT_CERTIN, '-', "Input is a cert with a public key"},
|
---|
| 48 | {"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"},
|
---|
| 49 | {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
|
---|
| 50 | {"sign", OPT_SIGN, '-', "Sign input data with private key"},
|
---|
| 51 | {"verify", OPT_VERIFY, '-', "Verify with public key"},
|
---|
| 52 | {"verifyrecover", OPT_VERIFYRECOVER, '-',
|
---|
| 53 | "Verify with public key, recover original data"},
|
---|
| 54 | {"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
|
---|
| 55 | {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"},
|
---|
| 56 | {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},
|
---|
| 57 | {"derive", OPT_DERIVE, '-', "Derive shared secret"},
|
---|
| 58 | {"kdf", OPT_KDF, 's', "Use KDF algorithm"},
|
---|
| 59 | {"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"},
|
---|
| 60 | {"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
|
---|
| 61 | {"inkey", OPT_INKEY, 's', "Input private key file"},
|
---|
| 62 | {"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"},
|
---|
| 63 | {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
|
---|
| 64 | {"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"},
|
---|
| 65 | {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
|
---|
| 66 | {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
|
---|
| 67 | #ifndef OPENSSL_NO_ENGINE
|
---|
| 68 | {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
|
---|
| 69 | {"engine_impl", OPT_ENGINE_IMPL, '-',
|
---|
| 70 | "Also use engine given by -engine for crypto operations"},
|
---|
| 71 | #endif
|
---|
| 72 | {NULL}
|
---|
| 73 | };
|
---|
| 74 |
|
---|
| 75 | int pkeyutl_main(int argc, char **argv)
|
---|
| 76 | {
|
---|
| 77 | BIO *in = NULL, *out = NULL;
|
---|
| 78 | ENGINE *e = NULL;
|
---|
| 79 | EVP_PKEY_CTX *ctx = NULL;
|
---|
| 80 | char *infile = NULL, *outfile = NULL, *sigfile = NULL, *passinarg = NULL;
|
---|
| 81 | char hexdump = 0, asn1parse = 0, rev = 0, *prog;
|
---|
| 82 | unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
|
---|
| 83 | OPTION_CHOICE o;
|
---|
| 84 | int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform =
|
---|
| 85 | FORMAT_PEM;
|
---|
| 86 | int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
|
---|
| 87 | int engine_impl = 0;
|
---|
| 88 | int ret = 1, rv = -1;
|
---|
| 89 | size_t buf_outlen;
|
---|
| 90 | const char *inkey = NULL;
|
---|
| 91 | const char *peerkey = NULL;
|
---|
| 92 | const char *kdfalg = NULL;
|
---|
| 93 | int kdflen = 0;
|
---|
| 94 | STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
|
---|
| 95 |
|
---|
| 96 | prog = opt_init(argc, argv, pkeyutl_options);
|
---|
| 97 | while ((o = opt_next()) != OPT_EOF) {
|
---|
| 98 | switch (o) {
|
---|
| 99 | case OPT_EOF:
|
---|
| 100 | case OPT_ERR:
|
---|
| 101 | opthelp:
|
---|
| 102 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
|
---|
| 103 | goto end;
|
---|
| 104 | case OPT_HELP:
|
---|
| 105 | opt_help(pkeyutl_options);
|
---|
| 106 | ret = 0;
|
---|
| 107 | goto end;
|
---|
| 108 | case OPT_IN:
|
---|
| 109 | infile = opt_arg();
|
---|
| 110 | break;
|
---|
| 111 | case OPT_OUT:
|
---|
| 112 | outfile = opt_arg();
|
---|
| 113 | break;
|
---|
| 114 | case OPT_SIGFILE:
|
---|
| 115 | sigfile = opt_arg();
|
---|
| 116 | break;
|
---|
| 117 | case OPT_ENGINE_IMPL:
|
---|
| 118 | engine_impl = 1;
|
---|
| 119 | break;
|
---|
| 120 | case OPT_INKEY:
|
---|
| 121 | inkey = opt_arg();
|
---|
| 122 | break;
|
---|
| 123 | case OPT_PEERKEY:
|
---|
| 124 | peerkey = opt_arg();
|
---|
| 125 | break;
|
---|
| 126 | case OPT_PASSIN:
|
---|
| 127 | passinarg = opt_arg();
|
---|
| 128 | break;
|
---|
| 129 | case OPT_PEERFORM:
|
---|
| 130 | if (!opt_format(opt_arg(), OPT_FMT_PDE, &peerform))
|
---|
| 131 | goto opthelp;
|
---|
| 132 | break;
|
---|
| 133 | case OPT_KEYFORM:
|
---|
| 134 | if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyform))
|
---|
| 135 | goto opthelp;
|
---|
| 136 | break;
|
---|
| 137 | case OPT_ENGINE:
|
---|
| 138 | e = setup_engine(opt_arg(), 0);
|
---|
| 139 | break;
|
---|
| 140 | case OPT_PUBIN:
|
---|
| 141 | key_type = KEY_PUBKEY;
|
---|
| 142 | break;
|
---|
| 143 | case OPT_CERTIN:
|
---|
| 144 | key_type = KEY_CERT;
|
---|
| 145 | break;
|
---|
| 146 | case OPT_ASN1PARSE:
|
---|
| 147 | asn1parse = 1;
|
---|
| 148 | break;
|
---|
| 149 | case OPT_HEXDUMP:
|
---|
| 150 | hexdump = 1;
|
---|
| 151 | break;
|
---|
| 152 | case OPT_SIGN:
|
---|
| 153 | pkey_op = EVP_PKEY_OP_SIGN;
|
---|
| 154 | break;
|
---|
| 155 | case OPT_VERIFY:
|
---|
| 156 | pkey_op = EVP_PKEY_OP_VERIFY;
|
---|
| 157 | break;
|
---|
| 158 | case OPT_VERIFYRECOVER:
|
---|
| 159 | pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
|
---|
| 160 | break;
|
---|
| 161 | case OPT_ENCRYPT:
|
---|
| 162 | pkey_op = EVP_PKEY_OP_ENCRYPT;
|
---|
| 163 | break;
|
---|
| 164 | case OPT_DECRYPT:
|
---|
| 165 | pkey_op = EVP_PKEY_OP_DECRYPT;
|
---|
| 166 | break;
|
---|
| 167 | case OPT_DERIVE:
|
---|
| 168 | pkey_op = EVP_PKEY_OP_DERIVE;
|
---|
| 169 | break;
|
---|
| 170 | case OPT_KDF:
|
---|
| 171 | pkey_op = EVP_PKEY_OP_DERIVE;
|
---|
| 172 | key_type = KEY_NONE;
|
---|
| 173 | kdfalg = opt_arg();
|
---|
| 174 | break;
|
---|
| 175 | case OPT_KDFLEN:
|
---|
| 176 | kdflen = atoi(opt_arg());
|
---|
| 177 | break;
|
---|
| 178 | case OPT_REV:
|
---|
| 179 | rev = 1;
|
---|
| 180 | break;
|
---|
| 181 | case OPT_PKEYOPT:
|
---|
| 182 | if ((pkeyopts == NULL &&
|
---|
| 183 | (pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) ||
|
---|
| 184 | sk_OPENSSL_STRING_push(pkeyopts, opt_arg()) == 0) {
|
---|
| 185 | BIO_puts(bio_err, "out of memory\n");
|
---|
| 186 | goto end;
|
---|
| 187 | }
|
---|
| 188 | break;
|
---|
| 189 | }
|
---|
| 190 | }
|
---|
| 191 | argc = opt_num_rest();
|
---|
| 192 | if (argc != 0)
|
---|
| 193 | goto opthelp;
|
---|
| 194 |
|
---|
| 195 | if (kdfalg != NULL) {
|
---|
| 196 | if (kdflen == 0)
|
---|
| 197 | goto opthelp;
|
---|
| 198 | } else if ((inkey == NULL)
|
---|
| 199 | || (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE)) {
|
---|
| 200 | goto opthelp;
|
---|
| 201 | }
|
---|
| 202 | ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,
|
---|
| 203 | passinarg, pkey_op, e, engine_impl);
|
---|
| 204 | if (ctx == NULL) {
|
---|
| 205 | BIO_printf(bio_err, "%s: Error initializing context\n", prog);
|
---|
| 206 | ERR_print_errors(bio_err);
|
---|
| 207 | goto end;
|
---|
| 208 | }
|
---|
| 209 | if (peerkey != NULL && !setup_peer(ctx, peerform, peerkey, e)) {
|
---|
| 210 | BIO_printf(bio_err, "%s: Error setting up peer key\n", prog);
|
---|
| 211 | ERR_print_errors(bio_err);
|
---|
| 212 | goto end;
|
---|
| 213 | }
|
---|
| 214 | if (pkeyopts != NULL) {
|
---|
| 215 | int num = sk_OPENSSL_STRING_num(pkeyopts);
|
---|
| 216 | int i;
|
---|
| 217 |
|
---|
| 218 | for (i = 0; i < num; ++i) {
|
---|
| 219 | const char *opt = sk_OPENSSL_STRING_value(pkeyopts, i);
|
---|
| 220 |
|
---|
| 221 | if (pkey_ctrl_string(ctx, opt) <= 0) {
|
---|
| 222 | BIO_printf(bio_err, "%s: Can't set parameter:\n", prog);
|
---|
| 223 | ERR_print_errors(bio_err);
|
---|
| 224 | goto end;
|
---|
| 225 | }
|
---|
| 226 | }
|
---|
| 227 | }
|
---|
| 228 |
|
---|
| 229 | if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) {
|
---|
| 230 | BIO_printf(bio_err,
|
---|
| 231 | "%s: Signature file specified for non verify\n", prog);
|
---|
| 232 | goto end;
|
---|
| 233 | }
|
---|
| 234 |
|
---|
| 235 | if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) {
|
---|
| 236 | BIO_printf(bio_err,
|
---|
| 237 | "%s: No signature file specified for verify\n", prog);
|
---|
| 238 | goto end;
|
---|
| 239 | }
|
---|
| 240 |
|
---|
| 241 | /* FIXME: seed PRNG only if needed */
|
---|
| 242 | app_RAND_load_file(NULL, 0);
|
---|
| 243 |
|
---|
| 244 | if (pkey_op != EVP_PKEY_OP_DERIVE) {
|
---|
| 245 | in = bio_open_default(infile, 'r', FORMAT_BINARY);
|
---|
| 246 | if (in == NULL)
|
---|
| 247 | goto end;
|
---|
| 248 | }
|
---|
| 249 | out = bio_open_default(outfile, 'w', FORMAT_BINARY);
|
---|
| 250 | if (out == NULL)
|
---|
| 251 | goto end;
|
---|
| 252 |
|
---|
| 253 | if (sigfile) {
|
---|
| 254 | BIO *sigbio = BIO_new_file(sigfile, "rb");
|
---|
| 255 | if (!sigbio) {
|
---|
| 256 | BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
|
---|
| 257 | goto end;
|
---|
| 258 | }
|
---|
| 259 | siglen = bio_to_mem(&sig, keysize * 10, sigbio);
|
---|
| 260 | BIO_free(sigbio);
|
---|
| 261 | if (siglen < 0) {
|
---|
| 262 | BIO_printf(bio_err, "Error reading signature data\n");
|
---|
| 263 | goto end;
|
---|
| 264 | }
|
---|
| 265 | }
|
---|
| 266 |
|
---|
| 267 | if (in) {
|
---|
| 268 | /* Read the input data */
|
---|
| 269 | buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
|
---|
| 270 | if (buf_inlen < 0) {
|
---|
| 271 | BIO_printf(bio_err, "Error reading input Data\n");
|
---|
| 272 | exit(1);
|
---|
| 273 | }
|
---|
| 274 | if (rev) {
|
---|
| 275 | size_t i;
|
---|
| 276 | unsigned char ctmp;
|
---|
| 277 | size_t l = (size_t)buf_inlen;
|
---|
| 278 | for (i = 0; i < l / 2; i++) {
|
---|
| 279 | ctmp = buf_in[i];
|
---|
| 280 | buf_in[i] = buf_in[l - 1 - i];
|
---|
| 281 | buf_in[l - 1 - i] = ctmp;
|
---|
| 282 | }
|
---|
| 283 | }
|
---|
| 284 | }
|
---|
| 285 |
|
---|
| 286 | if (pkey_op == EVP_PKEY_OP_VERIFY) {
|
---|
| 287 | rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
|
---|
| 288 | buf_in, (size_t)buf_inlen);
|
---|
| 289 | if (rv == 1) {
|
---|
| 290 | BIO_puts(out, "Signature Verified Successfully\n");
|
---|
| 291 | ret = 0;
|
---|
| 292 | } else
|
---|
| 293 | BIO_puts(out, "Signature Verification Failure\n");
|
---|
| 294 | goto end;
|
---|
| 295 | }
|
---|
| 296 | if (kdflen != 0) {
|
---|
| 297 | buf_outlen = kdflen;
|
---|
| 298 | rv = 1;
|
---|
| 299 | } else {
|
---|
| 300 | rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
|
---|
| 301 | buf_in, (size_t)buf_inlen);
|
---|
| 302 | }
|
---|
| 303 | if (rv > 0 && buf_outlen != 0) {
|
---|
| 304 | buf_out = app_malloc(buf_outlen, "buffer output");
|
---|
| 305 | rv = do_keyop(ctx, pkey_op,
|
---|
| 306 | buf_out, (size_t *)&buf_outlen,
|
---|
| 307 | buf_in, (size_t)buf_inlen);
|
---|
| 308 | }
|
---|
| 309 | if (rv <= 0) {
|
---|
| 310 | BIO_puts(bio_err, "Public Key operation error\n");
|
---|
| 311 | ERR_print_errors(bio_err);
|
---|
| 312 | goto end;
|
---|
| 313 | }
|
---|
| 314 | ret = 0;
|
---|
| 315 |
|
---|
| 316 | if (asn1parse) {
|
---|
| 317 | if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
|
---|
| 318 | ERR_print_errors(bio_err);
|
---|
| 319 | } else if (hexdump)
|
---|
| 320 | BIO_dump(out, (char *)buf_out, buf_outlen);
|
---|
| 321 | else
|
---|
| 322 | BIO_write(out, buf_out, buf_outlen);
|
---|
| 323 |
|
---|
| 324 | end:
|
---|
| 325 | EVP_PKEY_CTX_free(ctx);
|
---|
| 326 | release_engine(e);
|
---|
| 327 | BIO_free(in);
|
---|
| 328 | BIO_free_all(out);
|
---|
| 329 | OPENSSL_free(buf_in);
|
---|
| 330 | OPENSSL_free(buf_out);
|
---|
| 331 | OPENSSL_free(sig);
|
---|
| 332 | sk_OPENSSL_STRING_free(pkeyopts);
|
---|
| 333 | return ret;
|
---|
| 334 | }
|
---|
| 335 |
|
---|
| 336 | static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
|
---|
| 337 | const char *keyfile, int keyform, int key_type,
|
---|
| 338 | char *passinarg, int pkey_op, ENGINE *e,
|
---|
| 339 | const int engine_impl)
|
---|
| 340 | {
|
---|
| 341 | EVP_PKEY *pkey = NULL;
|
---|
| 342 | EVP_PKEY_CTX *ctx = NULL;
|
---|
| 343 | ENGINE *impl = NULL;
|
---|
| 344 | char *passin = NULL;
|
---|
| 345 | int rv = -1;
|
---|
| 346 | X509 *x;
|
---|
| 347 | if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
|
---|
| 348 | || (pkey_op == EVP_PKEY_OP_DERIVE))
|
---|
| 349 | && (key_type != KEY_PRIVKEY && kdfalg == NULL)) {
|
---|
| 350 | BIO_printf(bio_err, "A private key is needed for this operation\n");
|
---|
| 351 | goto end;
|
---|
| 352 | }
|
---|
| 353 | if (!app_passwd(passinarg, NULL, &passin, NULL)) {
|
---|
| 354 | BIO_printf(bio_err, "Error getting password\n");
|
---|
| 355 | goto end;
|
---|
| 356 | }
|
---|
| 357 | switch (key_type) {
|
---|
| 358 | case KEY_PRIVKEY:
|
---|
| 359 | pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
|
---|
| 360 | break;
|
---|
| 361 |
|
---|
| 362 | case KEY_PUBKEY:
|
---|
| 363 | pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "Public Key");
|
---|
| 364 | break;
|
---|
| 365 |
|
---|
| 366 | case KEY_CERT:
|
---|
| 367 | x = load_cert(keyfile, keyform, "Certificate");
|
---|
| 368 | if (x) {
|
---|
| 369 | pkey = X509_get_pubkey(x);
|
---|
| 370 | X509_free(x);
|
---|
| 371 | }
|
---|
| 372 | break;
|
---|
| 373 |
|
---|
| 374 | case KEY_NONE:
|
---|
| 375 | break;
|
---|
| 376 |
|
---|
| 377 | }
|
---|
| 378 |
|
---|
| 379 | #ifndef OPENSSL_NO_ENGINE
|
---|
| 380 | if (engine_impl)
|
---|
| 381 | impl = e;
|
---|
| 382 | #endif
|
---|
| 383 |
|
---|
| 384 | if (kdfalg) {
|
---|
| 385 | int kdfnid = OBJ_sn2nid(kdfalg);
|
---|
| 386 | if (kdfnid == NID_undef)
|
---|
| 387 | goto end;
|
---|
| 388 | ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
|
---|
| 389 | } else {
|
---|
| 390 | if (pkey == NULL)
|
---|
| 391 | goto end;
|
---|
| 392 | *pkeysize = EVP_PKEY_size(pkey);
|
---|
| 393 | ctx = EVP_PKEY_CTX_new(pkey, impl);
|
---|
| 394 | EVP_PKEY_free(pkey);
|
---|
| 395 | }
|
---|
| 396 |
|
---|
| 397 | if (ctx == NULL)
|
---|
| 398 | goto end;
|
---|
| 399 |
|
---|
| 400 | switch (pkey_op) {
|
---|
| 401 | case EVP_PKEY_OP_SIGN:
|
---|
| 402 | rv = EVP_PKEY_sign_init(ctx);
|
---|
| 403 | break;
|
---|
| 404 |
|
---|
| 405 | case EVP_PKEY_OP_VERIFY:
|
---|
| 406 | rv = EVP_PKEY_verify_init(ctx);
|
---|
| 407 | break;
|
---|
| 408 |
|
---|
| 409 | case EVP_PKEY_OP_VERIFYRECOVER:
|
---|
| 410 | rv = EVP_PKEY_verify_recover_init(ctx);
|
---|
| 411 | break;
|
---|
| 412 |
|
---|
| 413 | case EVP_PKEY_OP_ENCRYPT:
|
---|
| 414 | rv = EVP_PKEY_encrypt_init(ctx);
|
---|
| 415 | break;
|
---|
| 416 |
|
---|
| 417 | case EVP_PKEY_OP_DECRYPT:
|
---|
| 418 | rv = EVP_PKEY_decrypt_init(ctx);
|
---|
| 419 | break;
|
---|
| 420 |
|
---|
| 421 | case EVP_PKEY_OP_DERIVE:
|
---|
| 422 | rv = EVP_PKEY_derive_init(ctx);
|
---|
| 423 | break;
|
---|
| 424 | }
|
---|
| 425 |
|
---|
| 426 | if (rv <= 0) {
|
---|
| 427 | EVP_PKEY_CTX_free(ctx);
|
---|
| 428 | ctx = NULL;
|
---|
| 429 | }
|
---|
| 430 |
|
---|
| 431 | end:
|
---|
| 432 | OPENSSL_free(passin);
|
---|
| 433 | return ctx;
|
---|
| 434 |
|
---|
| 435 | }
|
---|
| 436 |
|
---|
| 437 | static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
|
---|
| 438 | ENGINE* e)
|
---|
| 439 | {
|
---|
| 440 | EVP_PKEY *peer = NULL;
|
---|
| 441 | ENGINE* engine = NULL;
|
---|
| 442 | int ret;
|
---|
| 443 |
|
---|
| 444 | if (peerform == FORMAT_ENGINE)
|
---|
| 445 | engine = e;
|
---|
| 446 | peer = load_pubkey(file, peerform, 0, NULL, engine, "Peer Key");
|
---|
| 447 | if (!peer) {
|
---|
| 448 | BIO_printf(bio_err, "Error reading peer key %s\n", file);
|
---|
| 449 | ERR_print_errors(bio_err);
|
---|
| 450 | return 0;
|
---|
| 451 | }
|
---|
| 452 |
|
---|
| 453 | ret = EVP_PKEY_derive_set_peer(ctx, peer);
|
---|
| 454 |
|
---|
| 455 | EVP_PKEY_free(peer);
|
---|
| 456 | if (ret <= 0)
|
---|
| 457 | ERR_print_errors(bio_err);
|
---|
| 458 | return ret;
|
---|
| 459 | }
|
---|
| 460 |
|
---|
| 461 | static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
|
---|
| 462 | unsigned char *out, size_t *poutlen,
|
---|
| 463 | const unsigned char *in, size_t inlen)
|
---|
| 464 | {
|
---|
| 465 | int rv = 0;
|
---|
| 466 | switch (pkey_op) {
|
---|
| 467 | case EVP_PKEY_OP_VERIFYRECOVER:
|
---|
| 468 | rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
|
---|
| 469 | break;
|
---|
| 470 |
|
---|
| 471 | case EVP_PKEY_OP_SIGN:
|
---|
| 472 | rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
|
---|
| 473 | break;
|
---|
| 474 |
|
---|
| 475 | case EVP_PKEY_OP_ENCRYPT:
|
---|
| 476 | rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
|
---|
| 477 | break;
|
---|
| 478 |
|
---|
| 479 | case EVP_PKEY_OP_DECRYPT:
|
---|
| 480 | rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
|
---|
| 481 | break;
|
---|
| 482 |
|
---|
| 483 | case EVP_PKEY_OP_DERIVE:
|
---|
| 484 | rv = EVP_PKEY_derive(ctx, out, poutlen);
|
---|
| 485 | break;
|
---|
| 486 |
|
---|
| 487 | }
|
---|
| 488 | return rv;
|
---|
| 489 | }
|
---|