Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 1 | /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 | * Use of this source code is governed by a BSD-style license that can be |
| 3 | * found in the LICENSE file. |
| 4 | */ |
| 5 | |
| 6 | /* C port of DumpPublicKey.java from the Android Open source project with |
| 7 | * support for additional RSA key sizes. (platform/system/core,git/libmincrypt |
| 8 | * /tools/DumpPublicKey.java). Uses the OpenSSL X509 and BIGNUM library. |
| 9 | */ |
| 10 | |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 11 | #include <openssl/pem.h> |
Bill Richardson | 4e4c196 | 2015-02-03 17:07:15 -0800 | [diff] [blame] | 12 | |
| 13 | #include <stdint.h> |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 14 | #include <string.h> |
| 15 | #include <unistd.h> |
| 16 | |
| 17 | /* Command line tool to extract RSA public keys from X.509 certificates |
| 18 | * and output a pre-processed version of keys for use by RSA verification |
| 19 | * routines. |
| 20 | */ |
| 21 | |
| 22 | int check(RSA* key) { |
| 23 | int public_exponent = BN_get_word(key->e); |
| 24 | int modulus = BN_num_bits(key->n); |
| 25 | |
| 26 | if (public_exponent != 65537) { |
| 27 | fprintf(stderr, "WARNING: Public exponent should be 65537 (but is %d).\n", |
| 28 | public_exponent); |
| 29 | } |
| 30 | |
| 31 | if (modulus != 1024 && modulus != 2048 && modulus != 4096 |
| 32 | && modulus != 8192) { |
| 33 | fprintf(stderr, "ERROR: Unknown modulus length = %d.\n", modulus); |
| 34 | return 0; |
| 35 | } |
| 36 | return 1; |
| 37 | } |
| 38 | |
| 39 | /* Pre-processes and outputs RSA public key to standard out. |
| 40 | */ |
| 41 | void output(RSA* key) { |
| 42 | int i, nwords; |
| 43 | BIGNUM *N = key->n; |
Gaurav Shah | 48ed9b8 | 2010-03-11 16:31:35 -0800 | [diff] [blame] | 44 | BIGNUM *Big1 = NULL, *Big2 = NULL, *Big32 = NULL, *BigMinus1 = NULL; |
| 45 | BIGNUM *B = NULL; |
| 46 | BIGNUM *N0inv= NULL, *R = NULL, *RR = NULL, *RRTemp = NULL, *NnumBits = NULL; |
| 47 | BIGNUM *n = NULL, *rr = NULL; |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 48 | BN_CTX *bn_ctx = BN_CTX_new(); |
| 49 | uint32_t n0invout; |
| 50 | |
| 51 | N = key->n; |
| 52 | /* Output size of RSA key in 32-bit words */ |
| 53 | nwords = BN_num_bits(N) / 32; |
Gaurav Shah | 16ca324 | 2010-03-11 13:41:25 -0800 | [diff] [blame] | 54 | if (-1 == write(1, &nwords, sizeof(nwords))) |
| 55 | goto failure; |
| 56 | |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 57 | |
| 58 | /* Initialize BIGNUMs */ |
| 59 | Big1 = BN_new(); |
| 60 | Big2 = BN_new(); |
| 61 | Big32 = BN_new(); |
| 62 | BigMinus1 = BN_new(); |
| 63 | N0inv= BN_new(); |
| 64 | R = BN_new(); |
| 65 | RR = BN_new(); |
| 66 | RRTemp = BN_new(); |
| 67 | NnumBits = BN_new(); |
| 68 | n = BN_new(); |
| 69 | rr = BN_new(); |
| 70 | |
| 71 | |
| 72 | BN_set_word(Big1, 1L); |
| 73 | BN_set_word(Big2, 2L); |
| 74 | BN_set_word(Big32, 32L); |
| 75 | BN_sub(BigMinus1, Big1, Big2); |
| 76 | |
| 77 | B = BN_new(); |
| 78 | BN_exp(B, Big2, Big32, bn_ctx); /* B = 2^32 */ |
| 79 | |
| 80 | /* Calculate and output N0inv = -1 / N[0] mod 2^32 */ |
| 81 | BN_mod_inverse(N0inv, N, B, bn_ctx); |
| 82 | BN_sub(N0inv, B, N0inv); |
| 83 | n0invout = BN_get_word(N0inv); |
Gaurav Shah | 16ca324 | 2010-03-11 13:41:25 -0800 | [diff] [blame] | 84 | if (-1 == write(1, &n0invout, sizeof(n0invout))) |
| 85 | goto failure; |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 86 | |
| 87 | /* Calculate R = 2^(# of key bits) */ |
| 88 | BN_set_word(NnumBits, BN_num_bits(N)); |
| 89 | BN_exp(R, Big2, NnumBits, bn_ctx); |
| 90 | |
| 91 | /* Calculate RR = R^2 mod N */ |
| 92 | BN_copy(RR, R); |
| 93 | BN_mul(RRTemp, RR, R, bn_ctx); |
| 94 | BN_mod(RR, RRTemp, N, bn_ctx); |
| 95 | |
| 96 | |
| 97 | /* Write out modulus as little endian array of integers. */ |
| 98 | for (i = 0; i < nwords; ++i) { |
| 99 | uint32_t nout; |
| 100 | |
| 101 | BN_mod(n, N, B, bn_ctx); /* n = N mod B */ |
| 102 | nout = BN_get_word(n); |
Gaurav Shah | 16ca324 | 2010-03-11 13:41:25 -0800 | [diff] [blame] | 103 | if (-1 == write(1, &nout, sizeof(nout))) |
| 104 | goto failure; |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 105 | |
| 106 | BN_rshift(N, N, 32); /* N = N/B */ |
| 107 | } |
| 108 | |
| 109 | /* Write R^2 as little endian array of integers. */ |
| 110 | for (i = 0; i < nwords; ++i) { |
| 111 | uint32_t rrout; |
| 112 | |
| 113 | BN_mod(rr, RR, B, bn_ctx); /* rr = RR mod B */ |
| 114 | rrout = BN_get_word(rr); |
Gaurav Shah | 16ca324 | 2010-03-11 13:41:25 -0800 | [diff] [blame] | 115 | if (-1 == write(1, &rrout, sizeof(rrout))) |
| 116 | goto failure; |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 117 | |
| 118 | BN_rshift(RR, RR, 32); /* RR = RR/B */ |
| 119 | } |
| 120 | |
Gaurav Shah | 16ca324 | 2010-03-11 13:41:25 -0800 | [diff] [blame] | 121 | failure: |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 122 | /* Free BIGNUMs. */ |
| 123 | BN_free(Big1); |
| 124 | BN_free(Big2); |
| 125 | BN_free(Big32); |
| 126 | BN_free(BigMinus1); |
| 127 | BN_free(N0inv); |
| 128 | BN_free(R); |
| 129 | BN_free(RRTemp); |
| 130 | BN_free(NnumBits); |
| 131 | BN_free(n); |
| 132 | BN_free(rr); |
| 133 | |
| 134 | } |
| 135 | |
| 136 | int main(int argc, char* argv[]) { |
Gaurav Shah | 551037b | 2010-11-01 13:33:32 -0700 | [diff] [blame] | 137 | int cert_mode = 0; |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 138 | FILE* fp; |
| 139 | X509* cert = NULL; |
| 140 | RSA* pubkey = NULL; |
| 141 | EVP_PKEY* key; |
Bill Richardson | feb2518 | 2013-03-07 12:54:29 -0800 | [diff] [blame] | 142 | char *progname; |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 143 | |
Gaurav Shah | 551037b | 2010-11-01 13:33:32 -0700 | [diff] [blame] | 144 | if (argc != 3 || (strcmp(argv[1], "-cert") && strcmp(argv[1], "-pub"))) { |
Bill Richardson | feb2518 | 2013-03-07 12:54:29 -0800 | [diff] [blame] | 145 | progname = strrchr(argv[0], '/'); |
| 146 | if (progname) |
| 147 | progname++; |
| 148 | else |
| 149 | progname = argv[0]; |
| 150 | fprintf(stderr, "Usage: %s <-cert | -pub> <file>\n", progname); |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 151 | return -1; |
| 152 | } |
| 153 | |
Gaurav Shah | 551037b | 2010-11-01 13:33:32 -0700 | [diff] [blame] | 154 | if (!strcmp(argv[1], "-cert")) |
| 155 | cert_mode = 1; |
| 156 | |
| 157 | fp = fopen(argv[2], "r"); |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 158 | |
| 159 | if (!fp) { |
Gaurav Shah | 551037b | 2010-11-01 13:33:32 -0700 | [diff] [blame] | 160 | fprintf(stderr, "Couldn't open file %s!\n", argv[2]); |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 161 | return -1; |
| 162 | } |
| 163 | |
Gaurav Shah | 551037b | 2010-11-01 13:33:32 -0700 | [diff] [blame] | 164 | if (cert_mode) { |
| 165 | /* Read the certificate */ |
| 166 | if (!PEM_read_X509(fp, &cert, NULL, NULL)) { |
| 167 | fprintf(stderr, "Couldn't read certificate.\n"); |
| 168 | goto fail; |
| 169 | } |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 170 | |
Gaurav Shah | 551037b | 2010-11-01 13:33:32 -0700 | [diff] [blame] | 171 | /* Get the public key from the certificate. */ |
| 172 | key = X509_get_pubkey(cert); |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 173 | |
Gaurav Shah | 551037b | 2010-11-01 13:33:32 -0700 | [diff] [blame] | 174 | /* Convert to a RSA_style key. */ |
| 175 | if (!(pubkey = EVP_PKEY_get1_RSA(key))) { |
| 176 | fprintf(stderr, "Couldn't convert to a RSA style key.\n"); |
| 177 | goto fail; |
| 178 | } |
| 179 | } else { |
| 180 | /* Read the pubkey in .PEM format. */ |
| 181 | if (!(pubkey = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL))) { |
| 182 | fprintf(stderr, "Couldn't read public key file.\n"); |
| 183 | goto fail; |
| 184 | } |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 185 | } |
| 186 | |
| 187 | if (check(pubkey)) { |
Gaurav Shah | 551037b | 2010-11-01 13:33:32 -0700 | [diff] [blame] | 188 | output(pubkey); |
Gaurav Shah | 322536d | 2010-01-28 15:01:23 -0800 | [diff] [blame] | 189 | } |
| 190 | |
| 191 | fail: |
| 192 | X509_free(cert); |
| 193 | RSA_free(pubkey); |
| 194 | fclose(fp); |
| 195 | |
| 196 | return 0; |
| 197 | } |