static LUA_FUNCTION(openssl_pkey_parse)
{
EVP_PKEY *pkey = CHECK_OBJECT(1, EVP_PKEY, "openssl.evp_pkey");
if (pkey->pkey.ptr)
{
lua_newtable(L);
AUXILIAR_SET(L, -1, "bits", EVP_PKEY_bits(pkey), integer);
AUXILIAR_SET(L, -1, "size", EVP_PKEY_size(pkey), integer);
switch (EVP_PKEY_type(pkey->type))
{
case EVP_PKEY_RSA:
case EVP_PKEY_RSA2:
{
RSA* rsa = EVP_PKEY_get1_RSA(pkey);
PUSH_OBJECT(rsa, "openssl.rsa");
lua_setfield(L, -2, "rsa");
AUXILIAR_SET(L, -1, "type", "rsa", string);
}
break;
case EVP_PKEY_DSA:
case EVP_PKEY_DSA2:
case EVP_PKEY_DSA3:
case EVP_PKEY_DSA4:
{
DSA* dsa = EVP_PKEY_get1_DSA(pkey);
PUSH_OBJECT(dsa, "openssl.dsa");
lua_setfield(L, -2, "dsa");
AUXILIAR_SET(L, -1, "type", "dsa", string);
}
break;
case EVP_PKEY_DH:
{
DH* dh = EVP_PKEY_get1_DH(pkey);
PUSH_OBJECT(dh, "openssl.dh");
lua_rawseti(L, -2, 0);
AUXILIAR_SET(L, -1, "type", "dh", string);
}
break;
#ifndef OPENSSL_NO_EC
case EVP_PKEY_EC:
{
const EC_KEY* ec = EVP_PKEY_get1_EC_KEY(pkey);
PUSH_OBJECT(ec, "openssl.ec_key");
lua_setfield(L, -2, "ec");
AUXILIAR_SET(L, -1, "type", "ec", string);
}
break;
#endif
default:
break;
};
return 1;
}
else
luaL_argerror(L, 1, "not assign any keypair");
return 0;
};
extern "C" DSA* CryptoNative_EvpPkeyGetDsa(EVP_PKEY* pkey)
{
return EVP_PKEY_get1_DSA(pkey);
}
int MAIN(int argc, char **argv)
{
ENGINE *e = NULL;
int ret=1;
DSA *dsa=NULL;
int i,badops=0;
const EVP_CIPHER *enc=NULL;
BIO *in=NULL,*out=NULL;
int informat,outformat,text=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
#ifndef OPENSSL_NO_ENGINE
char *engine;
#endif
char *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL;
int modulus=0;
apps_startup();
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if (!load_config(bio_err, NULL))
goto end;
#ifndef OPENSSL_NO_ENGINE
engine=NULL;
#endif
infile=NULL;
outfile=NULL;
informat=FORMAT_PEM;
outformat=FORMAT_PEM;
prog=argv[0];
argc--;
argv++;
while (argc >= 1)
{
if (strcmp(*argv,"-inform") == 0)
{
if (--argc < 1) goto bad;
informat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-outform") == 0)
{
if (--argc < 1) goto bad;
outformat=str2fmt(*(++argv));
}
else if (strcmp(*argv,"-in") == 0)
{
if (--argc < 1) goto bad;
infile= *(++argv);
}
else if (strcmp(*argv,"-out") == 0)
{
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
passargin= *(++argv);
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
passargout= *(++argv);
}
#ifndef OPENSSL_NO_ENGINE
else if (strcmp(*argv,"-engine") == 0)
{
if (--argc < 1) goto bad;
engine= *(++argv);
}
#endif
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
text=1;
else if (strcmp(*argv,"-modulus") == 0)
modulus=1;
else if (strcmp(*argv,"-pubin") == 0)
pubin=1;
else if (strcmp(*argv,"-pubout") == 0)
pubout=1;
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
{
BIO_printf(bio_err,"unknown option %s\n",*argv);
badops=1;
break;
}
argc--;
argv++;
}
if (badops)
{
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -passin arg input file pass phrase source\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg output file pass phrase source\n");
#ifndef OPENSSL_NO_ENGINE
BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
#endif
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef OPENSSL_NO_AES
BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
#endif
#ifndef OPENSSL_NO_SEED
BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n");
#endif
BIO_printf(bio_err," -text print the key in text\n");
BIO_printf(bio_err," -noout don't print key out\n");
BIO_printf(bio_err," -modulus print the DSA public value\n");
goto end;
}
ERR_load_crypto_strings();
#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
#endif
if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
out=BIO_new(BIO_s_file());
if (out == NULL)
{
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(bio_err,"read DSA key\n");
{
EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(bio_err, infile, informat, 1,
passin, e, "Public Key");
else
pkey = load_key(bio_err, infile, informat, 1,
passin, e, "Private Key");
if (pkey != NULL)
dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_free(pkey);
}
if (dsa == NULL)
{
BIO_printf(bio_err,"unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
if (outfile == NULL)
{
BIO_set_fp(out,stdout,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
{
BIO *tmpbio = BIO_new(BIO_f_linebuffer());
out = BIO_push(tmpbio, out);
}
#endif
}
else
{
if (BIO_write_filename(out,outfile) <= 0)
{
perror(outfile);
goto end;
}
}
if (text)
if (!DSA_print(out,dsa,0))
{
perror(outfile);
ERR_print_errors(bio_err);
goto end;
}
if (modulus)
{
fprintf(stdout,"Public Key=");
BN_print(out,dsa->pub_key);
fprintf(stdout,"\n");
}
if (noout) goto end;
BIO_printf(bio_err,"writing DSA key\n");
if (outformat == FORMAT_ASN1) {
if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa);
else i=i2d_DSAPrivateKey_bio(out,dsa);
} else if (outformat == FORMAT_PEM) {
if(pubin || pubout)
i=PEM_write_bio_DSA_PUBKEY(out,dsa);
else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
NULL,0,NULL, passout);
} else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
if (!i)
{
BIO_printf(bio_err,"unable to write private key\n");
ERR_print_errors(bio_err);
}
else
ret=0;
end:
if(in != NULL) BIO_free(in);
if(out != NULL) BIO_free_all(out);
if(dsa != NULL) DSA_free(dsa);
if(passin) OPENSSL_free(passin);
if(passout) OPENSSL_free(passout);
apps_shutdown();
OPENSSL_EXIT(ret);
}
int dsa_main(int argc, char **argv)
{
BIO *out = NULL;
DSA *dsa = NULL;
ENGINE *e = NULL;
const EVP_CIPHER *enc = NULL;
char *infile = NULL, *outfile = NULL, *prog;
char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
OPTION_CHOICE o;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
int i, modulus = 0, pubin = 0, pubout = 0, pvk_encr = 2, ret = 1;
prog = opt_init(argc, argv, dsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:
case OPT_ERR:
#ifdef OPENSSL_NO_RC4
case OPT_PVK_STRONG:
case OPT_PVK_WEAK:
case OPT_PVK_NONE:
#endif
opthelp:
ret = 0;
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(dsa_options);
ret = 0;
goto end;
case OPT_INFORM:
if (!opt_format
(opt_arg(), OPT_FMT_PEMDER | OPT_FMT_PVK, &informat))
goto opthelp;
break;
case OPT_IN:
infile = opt_arg();
break;
case OPT_OUTFORM:
if (!opt_format
(opt_arg(), OPT_FMT_PEMDER | OPT_FMT_PVK, &outformat))
goto opthelp;
break;
case OPT_OUT:
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
break;
case OPT_PASSIN:
passinarg = opt_arg();
break;
case OPT_PASSOUT:
passoutarg = opt_arg();
break;
#ifndef OPENSSL_NO_RC4
case OPT_PVK_STRONG:
pvk_encr = 2;
break;
case OPT_PVK_WEAK:
pvk_encr = 1;
break;
case OPT_PVK_NONE:
pvk_encr = 0;
break;
#endif
case OPT_NOOUT:
noout = 1;
break;
case OPT_TEXT:
text = 1;
break;
case OPT_MODULUS:
modulus = 1;
break;
case OPT_PUBIN:
pubin = 1;
break;
case OPT_PUBOUT:
pubout = 1;
break;
case OPT_CIPHER:
if (!opt_cipher(opt_unknown(), &enc))
goto end;
break;
}
}
argc = opt_num_rest();
argv = opt_rest();
if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
BIO_printf(bio_err, "read DSA key\n");
{
EVP_PKEY *pkey;
if (pubin)
pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
else
pkey = load_key(infile, informat, 1, passin, e, "Private Key");
if (pkey) {
dsa = EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_free(pkey);
}
}
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
out = bio_open_default(outfile, "w");
if (out == NULL)
goto end;
if (text)
if (!DSA_print(out, dsa, 0)) {
perror(outfile);
ERR_print_errors(bio_err);
goto end;
}
if (modulus) {
BIO_printf(out, "Public Key=");
BN_print(out, dsa->pub_key);
BIO_printf(out, "\n");
}
if (noout) {
ret = 0;
goto end;
}
BIO_printf(bio_err, "writing DSA key\n");
if (outformat == FORMAT_ASN1) {
if (pubin || pubout)
i = i2d_DSA_PUBKEY_bio(out, dsa);
else
i = i2d_DSAPrivateKey_bio(out, dsa);
} else if (outformat == FORMAT_PEM) {
if (pubin || pubout)
i = PEM_write_bio_DSA_PUBKEY(out, dsa);
else
i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
NULL, 0, NULL, passout);
# if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)
} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
EVP_PKEY_set1_DSA(pk, dsa);
if (outformat == FORMAT_PVK)
i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
else if (pubin || pubout)
i = i2b_PublicKey_bio(out, pk);
else
i = i2b_PrivateKey_bio(out, pk);
EVP_PKEY_free(pk);
# endif
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (i <= 0) {
BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err);
goto end;
}
ret = 0;
end:
BIO_free_all(out);
DSA_free(dsa);
if (passin)
OPENSSL_free(passin);
if (passout)
OPENSSL_free(passout);
return (ret);
}
int
sc_pkcs15_convert_prkey(struct sc_pkcs15_prkey *pkcs15_key, void *evp_key)
{
#ifdef ENABLE_OPENSSL
EVP_PKEY *pk = (EVP_PKEY *)evp_key;
switch (pk->type) {
case EVP_PKEY_RSA: {
struct sc_pkcs15_prkey_rsa *dst = &pkcs15_key->u.rsa;
RSA *src = EVP_PKEY_get1_RSA(pk);
pkcs15_key->algorithm = SC_ALGORITHM_RSA;
if (!sc_pkcs15_convert_bignum(&dst->modulus, src->n)
|| !sc_pkcs15_convert_bignum(&dst->exponent, src->e)
|| !sc_pkcs15_convert_bignum(&dst->d, src->d)
|| !sc_pkcs15_convert_bignum(&dst->p, src->p)
|| !sc_pkcs15_convert_bignum(&dst->q, src->q))
return SC_ERROR_NOT_SUPPORTED;
if (src->iqmp && src->dmp1 && src->dmq1) {
sc_pkcs15_convert_bignum(&dst->iqmp, src->iqmp);
sc_pkcs15_convert_bignum(&dst->dmp1, src->dmp1);
sc_pkcs15_convert_bignum(&dst->dmq1, src->dmq1);
}
RSA_free(src);
break;
}
case EVP_PKEY_DSA: {
struct sc_pkcs15_prkey_dsa *dst = &pkcs15_key->u.dsa;
DSA *src = EVP_PKEY_get1_DSA(pk);
pkcs15_key->algorithm = SC_ALGORITHM_DSA;
sc_pkcs15_convert_bignum(&dst->pub, src->pub_key);
sc_pkcs15_convert_bignum(&dst->p, src->p);
sc_pkcs15_convert_bignum(&dst->q, src->q);
sc_pkcs15_convert_bignum(&dst->g, src->g);
sc_pkcs15_convert_bignum(&dst->priv, src->priv_key);
DSA_free(src);
break;
}
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_EC)
case NID_id_GostR3410_2001: {
struct sc_pkcs15_prkey_gostr3410 *dst = &pkcs15_key->u.gostr3410;
EC_KEY *src = EVP_PKEY_get0(pk);
assert(src);
pkcs15_key->algorithm = SC_ALGORITHM_GOSTR3410;
assert(EC_KEY_get0_private_key(src));
sc_pkcs15_convert_bignum(&dst->d, EC_KEY_get0_private_key(src));
break;
}
case EVP_PKEY_EC: {
struct sc_pkcs15_prkey_ec *dst = &pkcs15_key->u.ec;
EC_KEY *src = NULL;
const EC_GROUP *grp = NULL;
unsigned char buf[255];
size_t buflen = 255;
int nid;
src = EVP_PKEY_get0(pk);
assert(src);
assert(EC_KEY_get0_private_key(src));
assert(EC_KEY_get0_public_key(src));
pkcs15_key->algorithm = SC_ALGORITHM_EC;
if (!sc_pkcs15_convert_bignum(&dst->privateD, EC_KEY_get0_private_key(src)))
return SC_ERROR_INCOMPATIBLE_KEY;
grp = EC_KEY_get0_group(src);
if(grp == 0)
return SC_ERROR_INCOMPATIBLE_KEY;
/* get curve name */
nid = EC_GROUP_get_curve_name(grp);
if(nid != 0)
dst->params.named_curve = strdup(OBJ_nid2sn(nid));
/* Decode EC_POINT from a octet string */
buflen = EC_POINT_point2oct(grp, (const EC_POINT *) EC_KEY_get0_public_key(src),
POINT_CONVERSION_UNCOMPRESSED, buf, buflen, NULL);
if (!buflen)
return SC_ERROR_INCOMPATIBLE_KEY;
/* copy the public key */
dst->ecpointQ.value = malloc(buflen);
memcpy(dst->ecpointQ.value, buf, buflen);
dst->ecpointQ.len = buflen;
/* calculate the field length */
dst->params.field_length = (buflen - 1) / 2 * 8;
/* Octetstring may need leading zeros if BN is to short */
if (dst->privateD.len < dst->params.field_length/8) {
size_t d = dst->params.field_length/8 - dst->privateD.len;
dst->privateD.data = realloc(dst->privateD.data, dst->privateD.len + d);
if (!dst->privateD.data)
return SC_ERROR_OUT_OF_MEMORY;
memmove(dst->privateD.data + d, dst->privateD.data, dst->privateD.len);
memset(dst->privateD.data, 0, d);
dst->privateD.len += d;
}
break;
}
#endif /* OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_EC) */
default:
return SC_ERROR_NOT_SUPPORTED;
}
return SC_SUCCESS;
#else
return SC_ERROR_NOT_IMPLEMENTED;
#endif
}
int
dsa_main(int argc, char **argv)
{
int ret = 1;
DSA *dsa = NULL;
int i;
BIO *in = NULL, *out = NULL;
char *passin = NULL, *passout = NULL;
if (single_execution) {
if (pledge("stdio cpath wpath rpath tty", NULL) == -1) {
perror("pledge");
exit(1);
}
}
memset(&dsa_config, 0, sizeof(dsa_config));
dsa_config.pvk_encr = 2;
dsa_config.informat = FORMAT_PEM;
dsa_config.outformat = FORMAT_PEM;
if (options_parse(argc, argv, dsa_options, NULL, NULL) != 0) {
dsa_usage();
goto end;
}
if (!app_passwd(bio_err, dsa_config.passargin, dsa_config.passargout,
&passin, &passout)) {
BIO_printf(bio_err, "Error getting passwords\n");
goto end;
}
in = BIO_new(BIO_s_file());
out = BIO_new(BIO_s_file());
if (in == NULL || out == NULL) {
ERR_print_errors(bio_err);
goto end;
}
if (dsa_config.infile == NULL)
BIO_set_fp(in, stdin, BIO_NOCLOSE);
else {
if (BIO_read_filename(in, dsa_config.infile) <= 0) {
perror(dsa_config.infile);
goto end;
}
}
BIO_printf(bio_err, "read DSA key\n");
{
EVP_PKEY *pkey;
if (dsa_config.pubin)
pkey = load_pubkey(bio_err, dsa_config.infile,
dsa_config.informat, 1, passin, "Public Key");
else
pkey = load_key(bio_err, dsa_config.infile,
dsa_config.informat, 1, passin, "Private Key");
if (pkey) {
dsa = EVP_PKEY_get1_DSA(pkey);
EVP_PKEY_free(pkey);
}
}
if (dsa == NULL) {
BIO_printf(bio_err, "unable to load Key\n");
ERR_print_errors(bio_err);
goto end;
}
if (dsa_config.outfile == NULL) {
BIO_set_fp(out, stdout, BIO_NOCLOSE);
} else {
if (BIO_write_filename(out, dsa_config.outfile) <= 0) {
perror(dsa_config.outfile);
goto end;
}
}
if (dsa_config.text) {
if (!DSA_print(out, dsa, 0)) {
perror(dsa_config.outfile);
ERR_print_errors(bio_err);
goto end;
}
}
if (dsa_config.modulus) {
fprintf(stdout, "Public Key=");
BN_print(out, dsa->pub_key);
fprintf(stdout, "\n");
}
if (dsa_config.noout)
goto end;
BIO_printf(bio_err, "writing DSA key\n");
if (dsa_config.outformat == FORMAT_ASN1) {
if (dsa_config.pubin || dsa_config.pubout)
i = i2d_DSA_PUBKEY_bio(out, dsa);
else
i = i2d_DSAPrivateKey_bio(out, dsa);
} else if (dsa_config.outformat == FORMAT_PEM) {
if (dsa_config.pubin || dsa_config.pubout)
i = PEM_write_bio_DSA_PUBKEY(out, dsa);
else
i = PEM_write_bio_DSAPrivateKey(out, dsa, dsa_config.enc,
NULL, 0, NULL, passout);
#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)
} else if (dsa_config.outformat == FORMAT_MSBLOB ||
dsa_config.outformat == FORMAT_PVK) {
EVP_PKEY *pk;
pk = EVP_PKEY_new();
EVP_PKEY_set1_DSA(pk, dsa);
if (dsa_config.outformat == FORMAT_PVK)
i = i2b_PVK_bio(out, pk, dsa_config.pvk_encr, 0,
passout);
else if (dsa_config.pubin || dsa_config.pubout)
i = i2b_PublicKey_bio(out, pk);
else
i = i2b_PrivateKey_bio(out, pk);
EVP_PKEY_free(pk);
#endif
} else {
BIO_printf(bio_err, "bad output format specified for outfile\n");
goto end;
}
if (i <= 0) {
BIO_printf(bio_err, "unable to write private key\n");
ERR_print_errors(bio_err);
} else
ret = 0;
end:
BIO_free(in);
BIO_free_all(out);
DSA_free(dsa);
free(passin);
free(passout);
return (ret);
}
