static int get_key(uint8_t key[KEYSIZE]) { EVP_PKEY *privkey, *pubkey; X509 *cert; uint8_t cryptedkey[KEYSIZE], plainkey[KEYSIZE]; SSL_library_init(); ERR_load_crypto_strings(); privkey = load_privkey("keys/server.key"); if (privkey==NULL) { perror("load_privkey()"); exit(1); } cert = load_x509("keys/server.crt"); if (cert==NULL) { perror("load_x509()"); exit(1); } pubkey = EVP_PKEY_IN_X509(cert); if (pubkey == NULL) { ERR_print_errors_fp(stderr); exit(1); } rand_sharedkey(key); if (RSA_public_encrypt(KEYSIZE, key, cryptedkey, RSA_IN_EVP_PKEY(pubkey), RSA_NO_PADDING)<0) { ERR_print_errors_fp(stderr); exit(1); } if (RSA_private_decrypt(KEYSIZE, cryptedkey, plainkey, RSA_IN_EVP_PKEY(privkey), RSA_NO_PADDING)<0) { ERR_print_errors_fp(stderr); exit(1); } if (memcmp(key, plainkey, SHAREDKEY_BYTESIZE)==0) { puts("RSA_public_encrypt/RSA_private_decrypt OK."); } else { puts("RSA_public_encrypt/RSA_private_decrypt FAILed."); } return 0; }
int main(int argc, char **argv) { char *opt_input = NULL, *opt_output = NULL, *opt_key = NULL, *opt_engine = NULL, *opt_password = NULL; int long_optind = 0, ret = 1; int encrypt = 0, decrypt = 0, verbose = 0, quiet = 0; STACK_OF(X509) *crts = sk_X509_new_null(); X509 *x509 = NULL; EVP_PKEY *key = NULL; BIO *in = NULL, *out = NULL, *err = NULL; ENGINE *engine = NULL; init_crypto(); while (1) { char c = getopt_long(argc, argv, "deE:hi:k:o:p:qr:v", options, &long_optind); if (c == -1) break; switch (c) { case 'd': decrypt = 1; break; case 'E': opt_engine = optarg; break; case 'e': encrypt = 1; break; case 'i': opt_input = optarg; break; case 'k': opt_key = optarg; break; case 'o': opt_output = optarg; break; case 'p': opt_password = optarg; break; case 'q': quiet = 1; break; case 'r': x509 = load_x509(NULL, optarg); if(x509) { sk_X509_push(crts, x509); } else { fprintf(stderr, "Error loading certificate '%s'\n", optarg); goto end; } break; case 'v': verbose += 1; break; case 'h': default: print_usage_and_die(app_name, options, option_help); } } if(encrypt == 0 && decrypt == 0) { fprintf(stderr, "You must specify either --encrypt/-e or --decrypt/-d\n"); goto end; } err = BIO_new_fp(stderr, BIO_NOCLOSE); if(err == NULL) { fprintf(stderr, "Error allocating error stream\n"); } if(opt_engine) { engine = load_engine(err, opt_engine, verbose); } if(opt_key) { if((key = load_key(NULL, opt_key, engine)) == NULL) { fprintf(stderr, "Error loading key '%s'\n", opt_key); goto end; } } if(opt_input) { in = BIO_new_file(opt_input, "rb"); } else { in = BIO_new_fp(stdin, BIO_NOCLOSE); } if(opt_output) { out = BIO_new_file(opt_output, "wb"); } else { out = BIO_new_fp(stdout, BIO_NOCLOSE); } if(encrypt) { if(opt_password == NULL && sk_X509_num(crts) == 0) { fprintf(stderr, "You must specify at least one of --password/-p or --recipient/-r\n"); goto end; } ret = encrypt_cms(in, out, err, opt_password, crts); } else if(decrypt) { if(opt_password == NULL && (opt_key == NULL || sk_X509_num(crts) == 0)) { fprintf(stderr, "You must specify either --password/-p or --recipient/-r and --key/-k\n"); goto end; } ret = decrypt_cms(in, out, err, opt_password, x509, key); } end: return ret; }