dgst.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596
  1. /*
  2. * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <string.h>
  11. #include <stdlib.h>
  12. #include "apps.h"
  13. #include "progs.h"
  14. #include <openssl/bio.h>
  15. #include <openssl/err.h>
  16. #include <openssl/evp.h>
  17. #include <openssl/objects.h>
  18. #include <openssl/x509.h>
  19. #include <openssl/pem.h>
  20. #include <openssl/hmac.h>
  21. #include <ctype.h>
  22. #undef BUFSIZE
  23. #define BUFSIZE 1024*8
  24. int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
  25. EVP_PKEY *key, unsigned char *sigin, int siglen,
  26. const char *sig_name, const char *md_name,
  27. const char *file);
  28. static void show_digests(const OBJ_NAME *name, void *bio_);
  29. struct doall_dgst_digests {
  30. BIO *bio;
  31. int n;
  32. };
  33. typedef enum OPTION_choice {
  34. OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_LIST,
  35. OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
  36. OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
  37. OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
  38. OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
  39. OPT_DIGEST,
  40. OPT_R_ENUM
  41. } OPTION_CHOICE;
  42. const OPTIONS dgst_options[] = {
  43. {OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
  44. {OPT_HELP_STR, 1, '-',
  45. " file... files to digest (default is stdin)\n"},
  46. {"help", OPT_HELP, '-', "Display this summary"},
  47. {"list", OPT_LIST, '-', "List digests"},
  48. {"c", OPT_C, '-', "Print the digest with separating colons"},
  49. {"r", OPT_R, '-', "Print the digest in coreutils format"},
  50. {"out", OPT_OUT, '>', "Output to filename rather than stdout"},
  51. {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
  52. {"sign", OPT_SIGN, 's', "Sign digest using private key"},
  53. {"verify", OPT_VERIFY, 's',
  54. "Verify a signature using public key"},
  55. {"prverify", OPT_PRVERIFY, 's',
  56. "Verify a signature using private key"},
  57. {"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
  58. {"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"},
  59. {"hex", OPT_HEX, '-', "Print as hex dump"},
  60. {"binary", OPT_BINARY, '-', "Print in binary form"},
  61. {"d", OPT_DEBUG, '-', "Print debug info"},
  62. {"debug", OPT_DEBUG, '-', "Print debug info"},
  63. {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-',
  64. "Compute HMAC with the key used in OpenSSL-FIPS fingerprint"},
  65. {"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
  66. {"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"},
  67. {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
  68. {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
  69. {"", OPT_DIGEST, '-', "Any supported digest"},
  70. OPT_R_OPTIONS,
  71. #ifndef OPENSSL_NO_ENGINE
  72. {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
  73. {"engine_impl", OPT_ENGINE_IMPL, '-',
  74. "Also use engine given by -engine for digest operations"},
  75. #endif
  76. {NULL}
  77. };
  78. int dgst_main(int argc, char **argv)
  79. {
  80. BIO *in = NULL, *inp, *bmd = NULL, *out = NULL;
  81. ENGINE *e = NULL, *impl = NULL;
  82. EVP_PKEY *sigkey = NULL;
  83. STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
  84. char *hmac_key = NULL;
  85. char *mac_name = NULL;
  86. char *passinarg = NULL, *passin = NULL;
  87. const EVP_MD *md = NULL, *m;
  88. const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
  89. const char *sigfile = NULL;
  90. OPTION_CHOICE o;
  91. int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
  92. int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
  93. unsigned char *buf = NULL, *sigbuf = NULL;
  94. int engine_impl = 0;
  95. struct doall_dgst_digests dec;
  96. prog = opt_progname(argv[0]);
  97. buf = app_malloc(BUFSIZE, "I/O buffer");
  98. md = EVP_get_digestbyname(prog);
  99. prog = opt_init(argc, argv, dgst_options);
  100. while ((o = opt_next()) != OPT_EOF) {
  101. switch (o) {
  102. case OPT_EOF:
  103. case OPT_ERR:
  104. opthelp:
  105. BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
  106. goto end;
  107. case OPT_HELP:
  108. opt_help(dgst_options);
  109. ret = 0;
  110. goto end;
  111. case OPT_LIST:
  112. BIO_printf(bio_out, "Supported digests:\n");
  113. dec.bio = bio_out;
  114. dec.n = 0;
  115. OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH,
  116. show_digests, &dec);
  117. BIO_printf(bio_out, "\n");
  118. ret = 0;
  119. goto end;
  120. case OPT_C:
  121. separator = 1;
  122. break;
  123. case OPT_R:
  124. separator = 2;
  125. break;
  126. case OPT_R_CASES:
  127. if (!opt_rand(o))
  128. goto end;
  129. break;
  130. case OPT_OUT:
  131. outfile = opt_arg();
  132. break;
  133. case OPT_SIGN:
  134. keyfile = opt_arg();
  135. break;
  136. case OPT_PASSIN:
  137. passinarg = opt_arg();
  138. break;
  139. case OPT_VERIFY:
  140. keyfile = opt_arg();
  141. want_pub = do_verify = 1;
  142. break;
  143. case OPT_PRVERIFY:
  144. keyfile = opt_arg();
  145. do_verify = 1;
  146. break;
  147. case OPT_SIGNATURE:
  148. sigfile = opt_arg();
  149. break;
  150. case OPT_KEYFORM:
  151. if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
  152. goto opthelp;
  153. break;
  154. case OPT_ENGINE:
  155. e = setup_engine(opt_arg(), 0);
  156. break;
  157. case OPT_ENGINE_IMPL:
  158. engine_impl = 1;
  159. break;
  160. case OPT_HEX:
  161. out_bin = 0;
  162. break;
  163. case OPT_BINARY:
  164. out_bin = 1;
  165. break;
  166. case OPT_DEBUG:
  167. debug = 1;
  168. break;
  169. case OPT_FIPS_FINGERPRINT:
  170. hmac_key = "etaonrishdlcupfm";
  171. break;
  172. case OPT_HMAC:
  173. hmac_key = opt_arg();
  174. break;
  175. case OPT_MAC:
  176. mac_name = opt_arg();
  177. break;
  178. case OPT_SIGOPT:
  179. if (!sigopts)
  180. sigopts = sk_OPENSSL_STRING_new_null();
  181. if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
  182. goto opthelp;
  183. break;
  184. case OPT_MACOPT:
  185. if (!macopts)
  186. macopts = sk_OPENSSL_STRING_new_null();
  187. if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg()))
  188. goto opthelp;
  189. break;
  190. case OPT_DIGEST:
  191. if (!opt_md(opt_unknown(), &m))
  192. goto opthelp;
  193. md = m;
  194. break;
  195. }
  196. }
  197. argc = opt_num_rest();
  198. argv = opt_rest();
  199. if (keyfile != NULL && argc > 1) {
  200. BIO_printf(bio_err, "%s: Can only sign or verify one file.\n", prog);
  201. goto end;
  202. }
  203. if (do_verify && sigfile == NULL) {
  204. BIO_printf(bio_err,
  205. "No signature to verify: use the -signature option\n");
  206. goto end;
  207. }
  208. if (engine_impl)
  209. impl = e;
  210. in = BIO_new(BIO_s_file());
  211. bmd = BIO_new(BIO_f_md());
  212. if ((in == NULL) || (bmd == NULL)) {
  213. ERR_print_errors(bio_err);
  214. goto end;
  215. }
  216. if (debug) {
  217. BIO_set_callback(in, BIO_debug_callback);
  218. /* needed for windows 3.1 */
  219. BIO_set_callback_arg(in, (char *)bio_err);
  220. }
  221. if (!app_passwd(passinarg, NULL, &passin, NULL)) {
  222. BIO_printf(bio_err, "Error getting password\n");
  223. goto end;
  224. }
  225. if (out_bin == -1) {
  226. if (keyfile != NULL)
  227. out_bin = 1;
  228. else
  229. out_bin = 0;
  230. }
  231. out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
  232. if (out == NULL)
  233. goto end;
  234. if ((!(mac_name == NULL) + !(keyfile == NULL) + !(hmac_key == NULL)) > 1) {
  235. BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
  236. goto end;
  237. }
  238. if (keyfile != NULL) {
  239. int type;
  240. if (want_pub)
  241. sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
  242. else
  243. sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
  244. if (sigkey == NULL) {
  245. /*
  246. * load_[pub]key() has already printed an appropriate message
  247. */
  248. goto end;
  249. }
  250. type = EVP_PKEY_id(sigkey);
  251. if (type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448) {
  252. /*
  253. * We implement PureEdDSA for these which doesn't have a separate
  254. * digest, and only supports one shot.
  255. */
  256. BIO_printf(bio_err, "Key type not supported for this operation\n");
  257. goto end;
  258. }
  259. }
  260. if (mac_name != NULL) {
  261. EVP_PKEY_CTX *mac_ctx = NULL;
  262. int r = 0;
  263. if (!init_gen_str(&mac_ctx, mac_name, impl, 0))
  264. goto mac_end;
  265. if (macopts != NULL) {
  266. char *macopt;
  267. for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
  268. macopt = sk_OPENSSL_STRING_value(macopts, i);
  269. if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
  270. BIO_printf(bio_err,
  271. "MAC parameter error \"%s\"\n", macopt);
  272. ERR_print_errors(bio_err);
  273. goto mac_end;
  274. }
  275. }
  276. }
  277. if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
  278. BIO_puts(bio_err, "Error generating key\n");
  279. ERR_print_errors(bio_err);
  280. goto mac_end;
  281. }
  282. r = 1;
  283. mac_end:
  284. EVP_PKEY_CTX_free(mac_ctx);
  285. if (r == 0)
  286. goto end;
  287. }
  288. if (hmac_key != NULL) {
  289. sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
  290. (unsigned char *)hmac_key, -1);
  291. if (sigkey == NULL)
  292. goto end;
  293. }
  294. if (sigkey != NULL) {
  295. EVP_MD_CTX *mctx = NULL;
  296. EVP_PKEY_CTX *pctx = NULL;
  297. int r;
  298. if (!BIO_get_md_ctx(bmd, &mctx)) {
  299. BIO_printf(bio_err, "Error getting context\n");
  300. ERR_print_errors(bio_err);
  301. goto end;
  302. }
  303. if (do_verify)
  304. r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
  305. else
  306. r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
  307. if (!r) {
  308. BIO_printf(bio_err, "Error setting context\n");
  309. ERR_print_errors(bio_err);
  310. goto end;
  311. }
  312. if (sigopts != NULL) {
  313. char *sigopt;
  314. for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
  315. sigopt = sk_OPENSSL_STRING_value(sigopts, i);
  316. if (pkey_ctrl_string(pctx, sigopt) <= 0) {
  317. BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
  318. ERR_print_errors(bio_err);
  319. goto end;
  320. }
  321. }
  322. }
  323. }
  324. /* we use md as a filter, reading from 'in' */
  325. else {
  326. EVP_MD_CTX *mctx = NULL;
  327. if (!BIO_get_md_ctx(bmd, &mctx)) {
  328. BIO_printf(bio_err, "Error getting context\n");
  329. ERR_print_errors(bio_err);
  330. goto end;
  331. }
  332. if (md == NULL)
  333. md = EVP_sha256();
  334. if (!EVP_DigestInit_ex(mctx, md, impl)) {
  335. BIO_printf(bio_err, "Error setting digest\n");
  336. ERR_print_errors(bio_err);
  337. goto end;
  338. }
  339. }
  340. if (sigfile != NULL && sigkey != NULL) {
  341. BIO *sigbio = BIO_new_file(sigfile, "rb");
  342. if (sigbio == NULL) {
  343. BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
  344. ERR_print_errors(bio_err);
  345. goto end;
  346. }
  347. siglen = EVP_PKEY_size(sigkey);
  348. sigbuf = app_malloc(siglen, "signature buffer");
  349. siglen = BIO_read(sigbio, sigbuf, siglen);
  350. BIO_free(sigbio);
  351. if (siglen <= 0) {
  352. BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
  353. ERR_print_errors(bio_err);
  354. goto end;
  355. }
  356. }
  357. inp = BIO_push(bmd, in);
  358. if (md == NULL) {
  359. EVP_MD_CTX *tctx;
  360. BIO_get_md_ctx(bmd, &tctx);
  361. md = EVP_MD_CTX_md(tctx);
  362. }
  363. if (argc == 0) {
  364. BIO_set_fp(in, stdin, BIO_NOCLOSE);
  365. ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
  366. siglen, NULL, NULL, "stdin");
  367. } else {
  368. const char *md_name = NULL, *sig_name = NULL;
  369. if (!out_bin) {
  370. if (sigkey != NULL) {
  371. const EVP_PKEY_ASN1_METHOD *ameth;
  372. ameth = EVP_PKEY_get0_asn1(sigkey);
  373. if (ameth)
  374. EVP_PKEY_asn1_get0_info(NULL, NULL,
  375. NULL, NULL, &sig_name, ameth);
  376. }
  377. if (md != NULL)
  378. md_name = EVP_MD_name(md);
  379. }
  380. ret = 0;
  381. for (i = 0; i < argc; i++) {
  382. int r;
  383. if (BIO_read_filename(in, argv[i]) <= 0) {
  384. perror(argv[i]);
  385. ret++;
  386. continue;
  387. } else {
  388. r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
  389. siglen, sig_name, md_name, argv[i]);
  390. }
  391. if (r)
  392. ret = r;
  393. (void)BIO_reset(bmd);
  394. }
  395. }
  396. end:
  397. OPENSSL_clear_free(buf, BUFSIZE);
  398. BIO_free(in);
  399. OPENSSL_free(passin);
  400. BIO_free_all(out);
  401. EVP_PKEY_free(sigkey);
  402. sk_OPENSSL_STRING_free(sigopts);
  403. sk_OPENSSL_STRING_free(macopts);
  404. OPENSSL_free(sigbuf);
  405. BIO_free(bmd);
  406. release_engine(e);
  407. return ret;
  408. }
  409. static void show_digests(const OBJ_NAME *name, void *arg)
  410. {
  411. struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg;
  412. const EVP_MD *md = NULL;
  413. /* Filter out signed digests (a.k.a signature algorithms) */
  414. if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL)
  415. return;
  416. if (!islower((unsigned char)*name->name))
  417. return;
  418. /* Filter out message digests that we cannot use */
  419. md = EVP_get_digestbyname(name->name);
  420. if (md == NULL)
  421. return;
  422. BIO_printf(dec->bio, "-%-25s", name->name);
  423. if (++dec->n == 3) {
  424. BIO_printf(dec->bio, "\n");
  425. dec->n = 0;
  426. } else {
  427. BIO_printf(dec->bio, " ");
  428. }
  429. }
  430. /*
  431. * The newline_escape_filename function performs newline escaping for any
  432. * filename that contains a newline. This function also takes a pointer
  433. * to backslash. The backslash pointer is a flag to indicating whether a newline
  434. * is present in the filename. If a newline is present, the backslash flag is
  435. * set and the output format will contain a backslash at the beginning of the
  436. * digest output. This output format is to replicate the output format found
  437. * in the '*sum' checksum programs. This aims to preserve backward
  438. * compatibility.
  439. */
  440. static const char *newline_escape_filename(const char *file, int * backslash)
  441. {
  442. size_t i, e = 0, length = strlen(file), newline_count = 0, mem_len = 0;
  443. char *file_cpy = NULL;
  444. for (i = 0; i < length; i++)
  445. if (file[i] == '\n')
  446. newline_count++;
  447. mem_len = length + newline_count + 1;
  448. file_cpy = app_malloc(mem_len, file);
  449. i = 0;
  450. while(e < length) {
  451. const char c = file[e];
  452. if (c == '\n') {
  453. file_cpy[i++] = '\\';
  454. file_cpy[i++] = 'n';
  455. *backslash = 1;
  456. } else {
  457. file_cpy[i++] = c;
  458. }
  459. e++;
  460. }
  461. file_cpy[i] = '\0';
  462. return (const char*)file_cpy;
  463. }
  464. int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
  465. EVP_PKEY *key, unsigned char *sigin, int siglen,
  466. const char *sig_name, const char *md_name,
  467. const char *file)
  468. {
  469. size_t len = BUFSIZE;
  470. int i, backslash = 0, ret = 1;
  471. unsigned char *sigbuf = NULL;
  472. while (BIO_pending(bp) || !BIO_eof(bp)) {
  473. i = BIO_read(bp, (char *)buf, BUFSIZE);
  474. if (i < 0) {
  475. BIO_printf(bio_err, "Read Error in %s\n", file);
  476. ERR_print_errors(bio_err);
  477. goto end;
  478. }
  479. if (i == 0)
  480. break;
  481. }
  482. if (sigin != NULL) {
  483. EVP_MD_CTX *ctx;
  484. BIO_get_md_ctx(bp, &ctx);
  485. i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
  486. if (i > 0) {
  487. BIO_printf(out, "Verified OK\n");
  488. } else if (i == 0) {
  489. BIO_printf(out, "Verification Failure\n");
  490. goto end;
  491. } else {
  492. BIO_printf(bio_err, "Error Verifying Data\n");
  493. ERR_print_errors(bio_err);
  494. goto end;
  495. }
  496. ret = 0;
  497. goto end;
  498. }
  499. if (key != NULL) {
  500. EVP_MD_CTX *ctx;
  501. int pkey_len;
  502. BIO_get_md_ctx(bp, &ctx);
  503. pkey_len = EVP_PKEY_size(key);
  504. if (pkey_len > BUFSIZE) {
  505. len = pkey_len;
  506. sigbuf = app_malloc(len, "Signature buffer");
  507. buf = sigbuf;
  508. }
  509. if (!EVP_DigestSignFinal(ctx, buf, &len)) {
  510. BIO_printf(bio_err, "Error Signing Data\n");
  511. ERR_print_errors(bio_err);
  512. goto end;
  513. }
  514. } else {
  515. len = BIO_gets(bp, (char *)buf, BUFSIZE);
  516. if ((int)len < 0) {
  517. ERR_print_errors(bio_err);
  518. goto end;
  519. }
  520. }
  521. if (binout) {
  522. BIO_write(out, buf, len);
  523. } else if (sep == 2) {
  524. file = newline_escape_filename(file, &backslash);
  525. if (backslash == 1)
  526. BIO_puts(out, "\\");
  527. for (i = 0; i < (int)len; i++)
  528. BIO_printf(out, "%02x", buf[i]);
  529. BIO_printf(out, " *%s\n", file);
  530. OPENSSL_free((char *)file);
  531. } else {
  532. if (sig_name != NULL) {
  533. BIO_puts(out, sig_name);
  534. if (md_name != NULL)
  535. BIO_printf(out, "-%s", md_name);
  536. BIO_printf(out, "(%s)= ", file);
  537. } else if (md_name != NULL) {
  538. BIO_printf(out, "%s(%s)= ", md_name, file);
  539. } else {
  540. BIO_printf(out, "(%s)= ", file);
  541. }
  542. for (i = 0; i < (int)len; i++) {
  543. if (sep && (i != 0))
  544. BIO_printf(out, ":");
  545. BIO_printf(out, "%02x", buf[i]);
  546. }
  547. BIO_printf(out, "\n");
  548. }
  549. ret = 0;
  550. end:
  551. if (sigbuf != NULL)
  552. OPENSSL_clear_free(sigbuf, len);
  553. return ret;
  554. }