1*8617a60dSAndroid Build Coastguard Worker /* Copyright 2010 The ChromiumOS Authors
2*8617a60dSAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be
3*8617a60dSAndroid Build Coastguard Worker * found in the LICENSE file.
4*8617a60dSAndroid Build Coastguard Worker */
5*8617a60dSAndroid Build Coastguard Worker
6*8617a60dSAndroid Build Coastguard Worker /* C port of DumpPublicKey.java from the Android Open source project with
7*8617a60dSAndroid Build Coastguard Worker * support for additional RSA key sizes. (platform/system/core,git/libmincrypt
8*8617a60dSAndroid Build Coastguard Worker * /tools/DumpPublicKey.java). Uses the OpenSSL X509 and BIGNUM library.
9*8617a60dSAndroid Build Coastguard Worker */
10*8617a60dSAndroid Build Coastguard Worker
11*8617a60dSAndroid Build Coastguard Worker #include <openssl/pem.h>
12*8617a60dSAndroid Build Coastguard Worker
13*8617a60dSAndroid Build Coastguard Worker #include <stdint.h>
14*8617a60dSAndroid Build Coastguard Worker #include <string.h>
15*8617a60dSAndroid Build Coastguard Worker #include <unistd.h>
16*8617a60dSAndroid Build Coastguard Worker
17*8617a60dSAndroid Build Coastguard Worker #include "openssl_compat.h"
18*8617a60dSAndroid Build Coastguard Worker
19*8617a60dSAndroid Build Coastguard Worker /* Command line tool to extract RSA public keys from X.509 certificates
20*8617a60dSAndroid Build Coastguard Worker * and output a pre-processed version of keys for use by RSA verification
21*8617a60dSAndroid Build Coastguard Worker * routines.
22*8617a60dSAndroid Build Coastguard Worker */
23*8617a60dSAndroid Build Coastguard Worker
check(RSA * key)24*8617a60dSAndroid Build Coastguard Worker static int check(RSA* key) {
25*8617a60dSAndroid Build Coastguard Worker const BIGNUM *n, *e;
26*8617a60dSAndroid Build Coastguard Worker int public_exponent, modulus;
27*8617a60dSAndroid Build Coastguard Worker
28*8617a60dSAndroid Build Coastguard Worker RSA_get0_key(key, &n, &e, NULL);
29*8617a60dSAndroid Build Coastguard Worker public_exponent = BN_get_word(e);
30*8617a60dSAndroid Build Coastguard Worker modulus = BN_num_bits(n);
31*8617a60dSAndroid Build Coastguard Worker
32*8617a60dSAndroid Build Coastguard Worker if (public_exponent != 3 && public_exponent != 65537) {
33*8617a60dSAndroid Build Coastguard Worker fprintf(stderr,
34*8617a60dSAndroid Build Coastguard Worker "WARNING: Public exponent should be 3 or 65537 (but is %d).\n",
35*8617a60dSAndroid Build Coastguard Worker public_exponent);
36*8617a60dSAndroid Build Coastguard Worker }
37*8617a60dSAndroid Build Coastguard Worker
38*8617a60dSAndroid Build Coastguard Worker if (modulus != 1024 && modulus != 2048 && modulus != 3072 && modulus != 4096
39*8617a60dSAndroid Build Coastguard Worker && modulus != 8192) {
40*8617a60dSAndroid Build Coastguard Worker fprintf(stderr, "ERROR: Unknown modulus length = %d.\n", modulus);
41*8617a60dSAndroid Build Coastguard Worker return 0;
42*8617a60dSAndroid Build Coastguard Worker }
43*8617a60dSAndroid Build Coastguard Worker return 1;
44*8617a60dSAndroid Build Coastguard Worker }
45*8617a60dSAndroid Build Coastguard Worker
46*8617a60dSAndroid Build Coastguard Worker /* Pre-processes and outputs RSA public key to standard out.
47*8617a60dSAndroid Build Coastguard Worker */
output(RSA * key)48*8617a60dSAndroid Build Coastguard Worker static void output(RSA* key) {
49*8617a60dSAndroid Build Coastguard Worker int i, nwords;
50*8617a60dSAndroid Build Coastguard Worker const BIGNUM *key_n;
51*8617a60dSAndroid Build Coastguard Worker BIGNUM *N = NULL;
52*8617a60dSAndroid Build Coastguard Worker BIGNUM *Big1 = NULL, *Big2 = NULL, *Big32 = NULL, *BigMinus1 = NULL;
53*8617a60dSAndroid Build Coastguard Worker BIGNUM *B = NULL;
54*8617a60dSAndroid Build Coastguard Worker BIGNUM *N0inv= NULL, *R = NULL, *RR = NULL, *RRTemp = NULL, *NnumBits = NULL;
55*8617a60dSAndroid Build Coastguard Worker BIGNUM *n = NULL, *rr = NULL;
56*8617a60dSAndroid Build Coastguard Worker BN_CTX *bn_ctx = BN_CTX_new();
57*8617a60dSAndroid Build Coastguard Worker uint32_t n0invout;
58*8617a60dSAndroid Build Coastguard Worker
59*8617a60dSAndroid Build Coastguard Worker /* Output size of RSA key in 32-bit words */
60*8617a60dSAndroid Build Coastguard Worker nwords = RSA_size(key) / 4;
61*8617a60dSAndroid Build Coastguard Worker if (-1 == write(1, &nwords, sizeof(nwords)))
62*8617a60dSAndroid Build Coastguard Worker goto failure;
63*8617a60dSAndroid Build Coastguard Worker
64*8617a60dSAndroid Build Coastguard Worker
65*8617a60dSAndroid Build Coastguard Worker /* Initialize BIGNUMs */
66*8617a60dSAndroid Build Coastguard Worker RSA_get0_key(key, &key_n, NULL, NULL);
67*8617a60dSAndroid Build Coastguard Worker N = BN_dup(key_n);
68*8617a60dSAndroid Build Coastguard Worker Big1 = BN_new();
69*8617a60dSAndroid Build Coastguard Worker Big2 = BN_new();
70*8617a60dSAndroid Build Coastguard Worker Big32 = BN_new();
71*8617a60dSAndroid Build Coastguard Worker BigMinus1 = BN_new();
72*8617a60dSAndroid Build Coastguard Worker N0inv= BN_new();
73*8617a60dSAndroid Build Coastguard Worker R = BN_new();
74*8617a60dSAndroid Build Coastguard Worker RR = BN_new();
75*8617a60dSAndroid Build Coastguard Worker RRTemp = BN_new();
76*8617a60dSAndroid Build Coastguard Worker NnumBits = BN_new();
77*8617a60dSAndroid Build Coastguard Worker n = BN_new();
78*8617a60dSAndroid Build Coastguard Worker rr = BN_new();
79*8617a60dSAndroid Build Coastguard Worker
80*8617a60dSAndroid Build Coastguard Worker
81*8617a60dSAndroid Build Coastguard Worker BN_set_word(Big1, 1L);
82*8617a60dSAndroid Build Coastguard Worker BN_set_word(Big2, 2L);
83*8617a60dSAndroid Build Coastguard Worker BN_set_word(Big32, 32L);
84*8617a60dSAndroid Build Coastguard Worker BN_sub(BigMinus1, Big1, Big2);
85*8617a60dSAndroid Build Coastguard Worker
86*8617a60dSAndroid Build Coastguard Worker B = BN_new();
87*8617a60dSAndroid Build Coastguard Worker BN_exp(B, Big2, Big32, bn_ctx); /* B = 2^32 */
88*8617a60dSAndroid Build Coastguard Worker
89*8617a60dSAndroid Build Coastguard Worker /* Calculate and output N0inv = -1 / N[0] mod 2^32 */
90*8617a60dSAndroid Build Coastguard Worker BN_mod_inverse(N0inv, N, B, bn_ctx);
91*8617a60dSAndroid Build Coastguard Worker BN_sub(N0inv, B, N0inv);
92*8617a60dSAndroid Build Coastguard Worker n0invout = BN_get_word(N0inv);
93*8617a60dSAndroid Build Coastguard Worker if (-1 == write(1, &n0invout, sizeof(n0invout)))
94*8617a60dSAndroid Build Coastguard Worker goto failure;
95*8617a60dSAndroid Build Coastguard Worker
96*8617a60dSAndroid Build Coastguard Worker /* Calculate R = 2^(# of key bits) */
97*8617a60dSAndroid Build Coastguard Worker BN_set_word(NnumBits, BN_num_bits(N));
98*8617a60dSAndroid Build Coastguard Worker BN_exp(R, Big2, NnumBits, bn_ctx);
99*8617a60dSAndroid Build Coastguard Worker
100*8617a60dSAndroid Build Coastguard Worker /* Calculate RR = R^2 mod N */
101*8617a60dSAndroid Build Coastguard Worker BN_copy(RR, R);
102*8617a60dSAndroid Build Coastguard Worker BN_mul(RRTemp, RR, R, bn_ctx);
103*8617a60dSAndroid Build Coastguard Worker BN_mod(RR, RRTemp, N, bn_ctx);
104*8617a60dSAndroid Build Coastguard Worker
105*8617a60dSAndroid Build Coastguard Worker
106*8617a60dSAndroid Build Coastguard Worker /* Write out modulus as little endian array of integers. */
107*8617a60dSAndroid Build Coastguard Worker for (i = 0; i < nwords; ++i) {
108*8617a60dSAndroid Build Coastguard Worker uint32_t nout;
109*8617a60dSAndroid Build Coastguard Worker
110*8617a60dSAndroid Build Coastguard Worker BN_mod(n, N, B, bn_ctx); /* n = N mod B */
111*8617a60dSAndroid Build Coastguard Worker nout = BN_get_word(n);
112*8617a60dSAndroid Build Coastguard Worker if (-1 == write(1, &nout, sizeof(nout)))
113*8617a60dSAndroid Build Coastguard Worker goto failure;
114*8617a60dSAndroid Build Coastguard Worker
115*8617a60dSAndroid Build Coastguard Worker BN_rshift(N, N, 32); /* N = N/B */
116*8617a60dSAndroid Build Coastguard Worker }
117*8617a60dSAndroid Build Coastguard Worker
118*8617a60dSAndroid Build Coastguard Worker /* Write R^2 as little endian array of integers. */
119*8617a60dSAndroid Build Coastguard Worker for (i = 0; i < nwords; ++i) {
120*8617a60dSAndroid Build Coastguard Worker uint32_t rrout;
121*8617a60dSAndroid Build Coastguard Worker
122*8617a60dSAndroid Build Coastguard Worker BN_mod(rr, RR, B, bn_ctx); /* rr = RR mod B */
123*8617a60dSAndroid Build Coastguard Worker rrout = BN_get_word(rr);
124*8617a60dSAndroid Build Coastguard Worker if (-1 == write(1, &rrout, sizeof(rrout)))
125*8617a60dSAndroid Build Coastguard Worker goto failure;
126*8617a60dSAndroid Build Coastguard Worker
127*8617a60dSAndroid Build Coastguard Worker BN_rshift(RR, RR, 32); /* RR = RR/B */
128*8617a60dSAndroid Build Coastguard Worker }
129*8617a60dSAndroid Build Coastguard Worker
130*8617a60dSAndroid Build Coastguard Worker failure:
131*8617a60dSAndroid Build Coastguard Worker /* Free BIGNUMs. */
132*8617a60dSAndroid Build Coastguard Worker BN_free(N);
133*8617a60dSAndroid Build Coastguard Worker BN_free(Big1);
134*8617a60dSAndroid Build Coastguard Worker BN_free(Big2);
135*8617a60dSAndroid Build Coastguard Worker BN_free(Big32);
136*8617a60dSAndroid Build Coastguard Worker BN_free(BigMinus1);
137*8617a60dSAndroid Build Coastguard Worker BN_free(N0inv);
138*8617a60dSAndroid Build Coastguard Worker BN_free(R);
139*8617a60dSAndroid Build Coastguard Worker BN_free(RRTemp);
140*8617a60dSAndroid Build Coastguard Worker BN_free(NnumBits);
141*8617a60dSAndroid Build Coastguard Worker BN_free(n);
142*8617a60dSAndroid Build Coastguard Worker BN_free(rr);
143*8617a60dSAndroid Build Coastguard Worker
144*8617a60dSAndroid Build Coastguard Worker }
145*8617a60dSAndroid Build Coastguard Worker
main(int argc,char * argv[])146*8617a60dSAndroid Build Coastguard Worker int main(int argc, char* argv[]) {
147*8617a60dSAndroid Build Coastguard Worker int cert_mode = 0;
148*8617a60dSAndroid Build Coastguard Worker FILE* fp;
149*8617a60dSAndroid Build Coastguard Worker X509* cert = NULL;
150*8617a60dSAndroid Build Coastguard Worker RSA* pubkey = NULL;
151*8617a60dSAndroid Build Coastguard Worker EVP_PKEY* key;
152*8617a60dSAndroid Build Coastguard Worker char *progname;
153*8617a60dSAndroid Build Coastguard Worker
154*8617a60dSAndroid Build Coastguard Worker if (argc != 3 || (strcmp(argv[1], "-cert") && strcmp(argv[1], "-pub"))) {
155*8617a60dSAndroid Build Coastguard Worker progname = strrchr(argv[0], '/');
156*8617a60dSAndroid Build Coastguard Worker if (progname)
157*8617a60dSAndroid Build Coastguard Worker progname++;
158*8617a60dSAndroid Build Coastguard Worker else
159*8617a60dSAndroid Build Coastguard Worker progname = argv[0];
160*8617a60dSAndroid Build Coastguard Worker fprintf(stderr, "Usage: %s <-cert | -pub> <file>\n", progname);
161*8617a60dSAndroid Build Coastguard Worker return -1;
162*8617a60dSAndroid Build Coastguard Worker }
163*8617a60dSAndroid Build Coastguard Worker
164*8617a60dSAndroid Build Coastguard Worker if (!strcmp(argv[1], "-cert"))
165*8617a60dSAndroid Build Coastguard Worker cert_mode = 1;
166*8617a60dSAndroid Build Coastguard Worker
167*8617a60dSAndroid Build Coastguard Worker fp = fopen(argv[2], "r");
168*8617a60dSAndroid Build Coastguard Worker
169*8617a60dSAndroid Build Coastguard Worker if (!fp) {
170*8617a60dSAndroid Build Coastguard Worker fprintf(stderr, "Couldn't open file %s!\n", argv[2]);
171*8617a60dSAndroid Build Coastguard Worker return -1;
172*8617a60dSAndroid Build Coastguard Worker }
173*8617a60dSAndroid Build Coastguard Worker
174*8617a60dSAndroid Build Coastguard Worker if (cert_mode) {
175*8617a60dSAndroid Build Coastguard Worker /* Read the certificate */
176*8617a60dSAndroid Build Coastguard Worker if (!PEM_read_X509(fp, &cert, NULL, NULL)) {
177*8617a60dSAndroid Build Coastguard Worker fprintf(stderr, "Couldn't read certificate.\n");
178*8617a60dSAndroid Build Coastguard Worker goto fail;
179*8617a60dSAndroid Build Coastguard Worker }
180*8617a60dSAndroid Build Coastguard Worker
181*8617a60dSAndroid Build Coastguard Worker /* Get the public key from the certificate. */
182*8617a60dSAndroid Build Coastguard Worker key = X509_get_pubkey(cert);
183*8617a60dSAndroid Build Coastguard Worker
184*8617a60dSAndroid Build Coastguard Worker /* Convert to a RSA_style key. */
185*8617a60dSAndroid Build Coastguard Worker if (!(pubkey = EVP_PKEY_get1_RSA(key))) {
186*8617a60dSAndroid Build Coastguard Worker fprintf(stderr, "Couldn't convert to a RSA style key.\n");
187*8617a60dSAndroid Build Coastguard Worker goto fail;
188*8617a60dSAndroid Build Coastguard Worker }
189*8617a60dSAndroid Build Coastguard Worker } else {
190*8617a60dSAndroid Build Coastguard Worker /* Read the pubkey in .PEM format. */
191*8617a60dSAndroid Build Coastguard Worker if (!(pubkey = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL))) {
192*8617a60dSAndroid Build Coastguard Worker fprintf(stderr, "Couldn't read public key file.\n");
193*8617a60dSAndroid Build Coastguard Worker goto fail;
194*8617a60dSAndroid Build Coastguard Worker }
195*8617a60dSAndroid Build Coastguard Worker }
196*8617a60dSAndroid Build Coastguard Worker
197*8617a60dSAndroid Build Coastguard Worker if (check(pubkey)) {
198*8617a60dSAndroid Build Coastguard Worker output(pubkey);
199*8617a60dSAndroid Build Coastguard Worker }
200*8617a60dSAndroid Build Coastguard Worker
201*8617a60dSAndroid Build Coastguard Worker fail:
202*8617a60dSAndroid Build Coastguard Worker X509_free(cert);
203*8617a60dSAndroid Build Coastguard Worker RSA_free(pubkey);
204*8617a60dSAndroid Build Coastguard Worker fclose(fp);
205*8617a60dSAndroid Build Coastguard Worker
206*8617a60dSAndroid Build Coastguard Worker return 0;
207*8617a60dSAndroid Build Coastguard Worker }
208