diff options
Diffstat (limited to 'SoftHSMv2/src/bin/keyconv/softhsm2-keyconv-ossl.cpp')
-rw-r--r-- | SoftHSMv2/src/bin/keyconv/softhsm2-keyconv-ossl.cpp | 261 |
1 files changed, 0 insertions, 261 deletions
diff --git a/SoftHSMv2/src/bin/keyconv/softhsm2-keyconv-ossl.cpp b/SoftHSMv2/src/bin/keyconv/softhsm2-keyconv-ossl.cpp deleted file mode 100644 index a5cd8eb..0000000 --- a/SoftHSMv2/src/bin/keyconv/softhsm2-keyconv-ossl.cpp +++ /dev/null @@ -1,261 +0,0 @@ -/* - * Copyright (c) 2010 .SE (The Internet Infrastructure Foundation) - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE - * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER - * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN - * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/***************************************************************************** - softhsm2-keyconv-ossl.cpp - - Code specific for OpenSSL - *****************************************************************************/ - -#include <config.h> -#define KEYCONV_OSSL -#include "softhsm2-keyconv.h" -#include "OSSLComp.h" - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <iostream> -#include <fstream> - -#include <openssl/pem.h> -#include <openssl/evp.h> -#include <openssl/err.h> -#include <openssl/pkcs12.h> -#include <openssl/dsa.h> -#include <openssl/rsa.h> - -// Init OpenSSL -void crypto_init() -{ - OpenSSL_add_all_algorithms(); -#ifdef WITH_FIPS - if (!FIPS_mode_set(1)) - { - fprintf(stderr, "ERROR: can't enter into FIPS mode.\n"); - exit(0); - } -#endif -} - -// Final OpenSSL -void crypto_final() -{ - EVP_cleanup(); - CRYPTO_cleanup_all_ex_data(); -} - -// Save the RSA key as a PKCS#8 file -int save_rsa_pkcs8(char* out_path, char* file_pin, key_material_t* pkey) -{ - RSA* rsa = NULL; - EVP_PKEY* ossl_pkey = NULL; - PKCS8_PRIV_KEY_INFO* p8inf = NULL; - BIO* out = NULL; - X509_SIG* p8 = NULL; - int result = 0; - - // See if the key material was found. - if - ( - pkey[TAG_MODULUS].size <= 0 || - pkey[TAG_PUBEXP].size <= 0 || - pkey[TAG_PRIVEXP].size <= 0 || - pkey[TAG_PRIME1].size <= 0 || - pkey[TAG_PRIME2].size <= 0 || - pkey[TAG_EXP1].size <= 0 || - pkey[TAG_EXP2].size <= 0 || - pkey[TAG_COEFF].size <= 0 - ) - { - fprintf(stderr, "ERROR: Some parts of the key material is missing in the input file.\n"); - return 1; - } - - rsa = RSA_new(); - BIGNUM* bn_p = BN_bin2bn((unsigned char*)pkey[TAG_PRIME1].big, pkey[TAG_PRIME1].size, NULL); - BIGNUM* bn_q = BN_bin2bn((unsigned char*)pkey[TAG_PRIME2].big, pkey[TAG_PRIME2].size, NULL); - BIGNUM* bn_d = BN_bin2bn((unsigned char*)pkey[TAG_PRIVEXP].big, pkey[TAG_PRIVEXP].size, NULL); - BIGNUM* bn_n = BN_bin2bn((unsigned char*)pkey[TAG_MODULUS].big, pkey[TAG_MODULUS].size, NULL); - BIGNUM* bn_e = BN_bin2bn((unsigned char*)pkey[TAG_PUBEXP].big, pkey[TAG_PUBEXP].size, NULL); - BIGNUM* bn_dmp1 = BN_bin2bn((unsigned char*)pkey[TAG_EXP1].big, pkey[TAG_EXP1].size, NULL); - BIGNUM* bn_dmq1 = BN_bin2bn((unsigned char*)pkey[TAG_EXP2].big, pkey[TAG_EXP2].size, NULL); - BIGNUM* bn_iqmp = BN_bin2bn((unsigned char*)pkey[TAG_COEFF].big, pkey[TAG_COEFF].size, NULL); - RSA_set0_factors(rsa, bn_p, bn_q); - RSA_set0_crt_params(rsa, bn_dmp1, bn_dmq1, bn_iqmp); - RSA_set0_key(rsa, bn_n, bn_e, bn_d); - - ossl_pkey = EVP_PKEY_new(); - - // Convert RSA to EVP_PKEY - if (!EVP_PKEY_set1_RSA(ossl_pkey, rsa)) - { - fprintf(stderr, "ERROR: Could not convert RSA key to EVP_PKEY.\n"); - RSA_free(rsa); - EVP_PKEY_free(ossl_pkey); - return 1; - } - RSA_free(rsa); - - // Convert EVP_PKEY to PKCS#8 - if (!(p8inf = EVP_PKEY2PKCS8(ossl_pkey))) - { - fprintf(stderr, "ERROR: Could not convert EVP_PKEY to PKCS#8.\n"); - EVP_PKEY_free(ossl_pkey); - return 1; - } - EVP_PKEY_free(ossl_pkey); - - // Open output file - if (!(out = BIO_new_file (out_path, "wb"))) - { - fprintf(stderr, "ERROR: Could not open the output file.\n"); - PKCS8_PRIV_KEY_INFO_free(p8inf); - return 1; - } - - // Write to disk - if (file_pin == NULL) - { - PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); - printf("The key has been written to %s\n", out_path); - } - else - { - // Encrypt p8 - if (!(p8 = PKCS8_encrypt(NID_pbeWithMD5AndDES_CBC, NULL, - file_pin, strlen(file_pin), NULL, - 0, PKCS12_DEFAULT_ITER, p8inf))) - { - fprintf(stderr, "ERROR: Could not encrypt the PKCS#8 file\n"); - result = 1; - } - else - { - PEM_write_bio_PKCS8(out, p8); - X509_SIG_free(p8); - printf("The key has been written to %s\n", out_path); - } - } - - PKCS8_PRIV_KEY_INFO_free(p8inf); - BIO_free_all(out); - - return result; -} - -// Save the DSA key as a PKCS#8 file -int save_dsa_pkcs8(char* out_path, char* file_pin, key_material_t* pkey) -{ - DSA* dsa = NULL; - EVP_PKEY* ossl_pkey = NULL; - PKCS8_PRIV_KEY_INFO* p8inf = NULL; - BIO* out = NULL; - X509_SIG* p8 = NULL; - int result = 0; - - // See if the key material was found. - if - ( - pkey[TAG_PRIME].size <= 0 || - pkey[TAG_SUBPRIME].size <= 0 || - pkey[TAG_BASE].size <= 0 || - pkey[TAG_PRIVVAL].size <= 0 || - pkey[TAG_PUBVAL].size <= 0 - ) - { - fprintf(stderr, "ERROR: Some parts of the key material is missing in the input file.\n"); - return 1; - } - - dsa = DSA_new(); - BIGNUM* bn_p = BN_bin2bn((unsigned char*)pkey[TAG_PRIME].big, pkey[TAG_PRIME].size, NULL); - BIGNUM* bn_q = BN_bin2bn((unsigned char*)pkey[TAG_SUBPRIME].big, pkey[TAG_SUBPRIME].size, NULL); - BIGNUM* bn_g = BN_bin2bn((unsigned char*)pkey[TAG_BASE].big, pkey[TAG_BASE].size, NULL); - BIGNUM* bn_priv_key = BN_bin2bn((unsigned char*)pkey[TAG_PRIVVAL].big, pkey[TAG_PRIVVAL].size, NULL); - BIGNUM* bn_pub_key = BN_bin2bn((unsigned char*)pkey[TAG_PUBVAL].big, pkey[TAG_PUBVAL].size, NULL); - - DSA_set0_pqg(dsa, bn_p, bn_q, bn_g); - DSA_set0_key(dsa, bn_pub_key, bn_priv_key); - - ossl_pkey = EVP_PKEY_new(); - - // Convert DSA to EVP_PKEY - if (!EVP_PKEY_set1_DSA(ossl_pkey, dsa)) - { - fprintf(stderr, "ERROR: Could not convert DSA key to EVP_PKEY.\n"); - DSA_free(dsa); - EVP_PKEY_free(ossl_pkey); - return 1; - } - DSA_free(dsa); - - // Convert EVP_PKEY to PKCS#8 - if (!(p8inf = EVP_PKEY2PKCS8(ossl_pkey))) - { - fprintf(stderr, "ERROR: Could not convert EVP_PKEY to PKCS#8.\n"); - EVP_PKEY_free(ossl_pkey); - return 1; - } - EVP_PKEY_free(ossl_pkey); - - // Open output file - if (!(out = BIO_new_file (out_path, "wb"))) - { - fprintf(stderr, "ERROR: Could not open the output file.\n"); - PKCS8_PRIV_KEY_INFO_free(p8inf); - return 1; - } - - // Write to disk - if (file_pin == NULL) - { - PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf); - printf("The key has been written to %s\n", out_path); - } - else - { - // Encrypt p8 - if (!(p8 = PKCS8_encrypt(NID_pbeWithMD5AndDES_CBC, NULL, - file_pin, strlen(file_pin), NULL, - 0, PKCS12_DEFAULT_ITER, p8inf))) - { - fprintf(stderr, "ERROR: Could not encrypt the PKCS#8 file\n"); - result = 1; - } - else - { - PEM_write_bio_PKCS8(out, p8); - X509_SIG_free(p8); - printf("The key has been written to %s\n", out_path); - } - } - - PKCS8_PRIV_KEY_INFO_free(p8inf); - BIO_free_all(out); - - return result; -} |