static int get_key(uint8_t key[KEYSIZE])
{
EVP_PKEY *privkey, *pubkey;
X509 *cert;
uint8_t cryptedkey[KEYSIZE], plainkey[KEYSIZE];
SSL_library_init();
ERR_load_crypto_strings();
privkey = load_privkey("keys/server.key");
if (privkey==NULL) {
perror("load_privkey()");
exit(1);
}
cert = load_x509("keys/server.crt");
if (cert==NULL) {
perror("load_x509()");
exit(1);
}
pubkey = EVP_PKEY_IN_X509(cert);
if (pubkey == NULL) {
ERR_print_errors_fp(stderr);
exit(1);
}
rand_sharedkey(key);
if (RSA_public_encrypt(KEYSIZE, key, cryptedkey, RSA_IN_EVP_PKEY(pubkey), RSA_NO_PADDING)<0) {
ERR_print_errors_fp(stderr);
exit(1);
}
if (RSA_private_decrypt(KEYSIZE, cryptedkey, plainkey, RSA_IN_EVP_PKEY(privkey), RSA_NO_PADDING)<0) {
ERR_print_errors_fp(stderr);
exit(1);
}
if (memcmp(key, plainkey, SHAREDKEY_BYTESIZE)==0) {
puts("RSA_public_encrypt/RSA_private_decrypt OK.");
} else {
puts("RSA_public_encrypt/RSA_private_decrypt FAILed.");
}
return 0;
}
int main(int argc, char **argv)
{
char *opt_input = NULL,
*opt_output = NULL,
*opt_key = NULL,
*opt_engine = NULL,
*opt_password = NULL;
int long_optind = 0, ret = 1;
int encrypt = 0, decrypt = 0, verbose = 0, quiet = 0;
STACK_OF(X509) *crts = sk_X509_new_null();
X509 *x509 = NULL;
EVP_PKEY *key = NULL;
BIO *in = NULL, *out = NULL, *err = NULL;
ENGINE *engine = NULL;
init_crypto();
while (1) {
char c = getopt_long(argc, argv, "deE:hi:k:o:p:qr:v",
options, &long_optind);
if (c == -1)
break;
switch (c) {
case 'd':
decrypt = 1;
break;
case 'E':
opt_engine = optarg;
break;
case 'e':
encrypt = 1;
break;
case 'i':
opt_input = optarg;
break;
case 'k':
opt_key = optarg;
break;
case 'o':
opt_output = optarg;
break;
case 'p':
opt_password = optarg;
break;
case 'q':
quiet = 1;
break;
case 'r':
x509 = load_x509(NULL, optarg);
if(x509) {
sk_X509_push(crts, x509);
} else {
fprintf(stderr, "Error loading certificate '%s'\n", optarg);
goto end;
}
break;
case 'v':
verbose += 1;
break;
case 'h':
default:
print_usage_and_die(app_name, options, option_help);
}
}
if(encrypt == 0 && decrypt == 0) {
fprintf(stderr, "You must specify either --encrypt/-e or --decrypt/-d\n");
goto end;
}
err = BIO_new_fp(stderr, BIO_NOCLOSE);
if(err == NULL) {
fprintf(stderr, "Error allocating error stream\n");
}
if(opt_engine) {
engine = load_engine(err, opt_engine, verbose);
}
if(opt_key) {
if((key = load_key(NULL, opt_key, engine)) == NULL) {
fprintf(stderr, "Error loading key '%s'\n", opt_key);
goto end;
}
}
if(opt_input) {
in = BIO_new_file(opt_input, "rb");
} else {
in = BIO_new_fp(stdin, BIO_NOCLOSE);
}
if(opt_output) {
out = BIO_new_file(opt_output, "wb");
} else {
out = BIO_new_fp(stdout, BIO_NOCLOSE);
}
if(encrypt) {
if(opt_password == NULL && sk_X509_num(crts) == 0) {
fprintf(stderr, "You must specify at least one of --password/-p or --recipient/-r\n");
goto end;
}
ret = encrypt_cms(in, out, err, opt_password, crts);
} else if(decrypt) {
if(opt_password == NULL && (opt_key == NULL || sk_X509_num(crts) == 0)) {
fprintf(stderr, "You must specify either --password/-p or --recipient/-r and --key/-k\n");
goto end;
}
ret = decrypt_cms(in, out, err, opt_password, x509, key);
}
end:
return ret;
}
