/* pem.c * * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ #ifdef HAVE_CONFIG_H #include #endif #ifndef WOLFSSL_USER_SETTINGS #include #endif #include #include #include #include #include #include #ifdef DEBUG_WOLFSSL #include #endif #include #if defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) /* Increment allocated data by this much. */ #define DATA_INC_LEN 256 /* Maximum block size of a cipher. */ #define BLOCK_SIZE_MAX 16 /* Maximum PEM type string length. */ #define PEM_TYPE_MAX_LEN 32 /* Maximum salt length. */ #define SALT_MAX_LEN 64 /* Default PBE iterations. */ #define DEFAULT_ITERATIONS 100000 /* Maps a string to a value. */ typedef struct Str2Val { /* String to be matched. */ const char* string; /* Corresponding value. */ int val; } String2Val; /* Get the value corresponding to the string. * * @param [in] map Map of strings to values. * @param [in] len Number of entries in map. * @param [in] str String to look-up. * @param [out] val Value corresponding to string. * @return 0 on success. * @return 1 on failure. */ static int StringToVal(const String2Val* map, int len, const char* str, int* val) { int ret = 1; int i; for (i = 0; i < len; i++) { if (strcmp(str, map[i].string) == 0) { *val = map[i].val; ret = 0; break; } } return ret; } /* Read the contents of a file into a dynamically allocated buffer. * * Uses realloc as input may be stdin. * * @param [in] fp File pointer to read from. * @param [out] pdata Pointer to data. * @param [out] plen Pointer to length. * @return 0 on success. * @return 1 on failure. */ static int pemApp_ReadFile(FILE* fp, unsigned char** pdata, word32* plen) { int ret = 0; word32 len = 0; size_t read_len; /* Allocate a minimum amount. */ unsigned char* data = (unsigned char*)XMALLOC(DATA_INC_LEN + BLOCK_SIZE_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (data != NULL) { /* Read more data. */ while ((read_len = fread(data + len, 1, DATA_INC_LEN, fp)) != 0) { unsigned char* p; /* Add read data amount to length. */ len += (word32)read_len; /* Stop if we are at end-of-file. */ if (feof(fp)) { break; } /* Make space for more data to be added to buffer. */ p = (unsigned char*)XREALLOC(data, len + DATA_INC_LEN + BLOCK_SIZE_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (p == NULL) { /* Reallocation failed - free current buffer. */ XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); data = NULL; break; } /* Set data to new pointer. */ data = p; } } if (data != NULL) { /* Return data and length. */ *pdata = data; *plen = len; } else { /* Failed to allocate data. */ ret = MEMORY_E; } return ret; } /* Write the data to the file. * * @param [in] fp File pointer to write to. * @param [in] data Data to write. * @param [in] len Length of data to write in bytes. * @return 0 on success. * @return 1 on failure. */ static int WriteFile(FILE* fp, const char* data, word32 len) { int ret = 0; /* Write data to file. */ if (fwrite(data, 1, len, fp) != len) { /* Not all data was written. */ fprintf(stderr, "Failed to write\n"); ret = 1; } return ret; } /* List of known PEM types. */ static const String2Val type_map[] = { { "CERTIFICATE" , CERT_TYPE }, #ifdef WOLFSSL_CERT_REQ { "CERTIFICATE REQUEST" , CERTREQ_TYPE }, #endif #ifndef NO_DH { "DH PARAMETERS" , DH_PARAM_TYPE }, { "X9.42 DH PARAMETERS" , X942_PARAM_TYPE }, #endif #ifndef NO_DSA { "DSA PARAMETERS" , DSA_PARAM_TYPE }, #endif #ifdef HAVE_CRL { "X509 CRL" , CRL_TYPE }, #endif { "RSA PRIVATE KEY" , RSA_TYPE }, { "RSA PUBLIC KEY" , RSA_PUBLICKEY_TYPE }, { "PRIVATE KEY" , PKCS8_PRIVATEKEY_TYPE }, { "ENCRYPTED PRIVATE KEY", PKCS8_ENC_PRIVATEKEY_TYPE }, #ifdef HAVE_ECC { "EC PRIVATE KEY" , ECC_PRIVATEKEY_TYPE }, #ifdef OPENSSL_EXTRA { "EC PARAMETERS" , ECC_PARAM_TYPE }, #endif /* OPENSSL_EXTRA */ #endif /* HAVE_ECC */ #ifndef NO_DSA { "DSA PRIVATE KEY" , DSA_PRIVATEKEY_TYPE }, #endif { "PUBLIC KEY" , ECC_PUBLICKEY_TYPE }, #if defined(HAVE_ED25519) || defined(HAVE_ED448) { "EDDSA PRIVATE KEY" , EDDSA_PRIVATEKEY_TYPE }, #endif }; /* Number of entries in PEM type map. */ #define TYPE_MAP_LEN ((int)(sizeof(type_map) / sizeof(*type_map))) /* Convert string to PEM type value. * * @param [in] str PEM type as a string. * @param [out] type PEM type as a value. * @return 0 on success. * @return 1 on failure. */ static int StringToType(const char* str, int* type) { int ret = StringToVal(type_map, TYPE_MAP_LEN, str, type); if (ret == 1) { fprintf(stderr, "String doesn't match known PEM types: %s\n", str); } return ret; } #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED) /* Password callback for returning the password set in the user data. * * @param [out] passwd Password buffer. * @param [in] sz Size of password buffer. * @param [in] rw Ignored. * @param [in] userdata Data associated with callback in EncryptedInfo. * @return Length of password. */ static int password_from_userdata(char* passwd, int sz, int rw, void* userdata) { (void)rw; /* Copy user data into buffer. */ strncpy(passwd, (const char*)userdata, (size_t)sz); passwd[sz - 1] = '\0'; /* Return length of password returned. */ return (int)XSTRLEN((const char*)passwd); } #endif /* Find needle in haystack. * * @param [in] haystack String to find needle in. * @param [in] offset Offset into haystack to start looking. * @param [in] len Length of haystack. * @param [in] needle String to find in haystack. * @param [in] needle_len Length of string to find. * @param [out] needle_offset Offset into haystack at which needle was found. * @return 0 on success. * @return 1 on failure. */ static int FindStr(char* haystack, word32 offset, word32 len, const char* needle, word32 needle_len, word32* needle_offset) { /* Assume failure. */ int ret = 1; word32 i; /* Ensure there is enough space for needle. */ if (len >= needle_len) { /* Look through haystack starting at offset until not enough space for * needle. */ for (i = offset; i <= len - needle_len; i++) { /* Check if needle found. */ if ((haystack[i] == needle[0]) && (strncmp(haystack + i, needle, needle_len) == 0)) { /* Return offset at which needle found. */ *needle_offset = i; /* Return success. */ ret = 0; /* Stop looking. */ break; } } } return ret; } /* Find the next PEM block. * * @param [in] data PEM data. * @param [in] offset Offset into data to start looking. * @param [in] len Length of PEM data. * @param [out] start Start of Base64 encoding. * @param [out] end End of Base64 encoding. * @param [out] type PEM type. * @return 0 on success. * @return 1 on failure. */ static int FindPem(char* data, word32 offset, word32 len, word32* start, word32* end, int* type) { int ret = 0; word32 i = 0; word32 type_off = 0; char str[PEM_TYPE_MAX_LEN]; /* Find header. */ ret = FindStr(data, offset, len, "-----BEGIN ", 11, &i); if (ret == 1) { /* Got to end without finding PEM header. */ fprintf(stderr, "No PEM header found\n"); } if (ret == 0) { /* Return start of PEM. */ *start = i; /* Get start of type. */ type_off = i + 11; /* Confirm header. */ ret = FindStr(data, i + 11, len, "-----", 5, &i); if (ret == 1) { /* Got to end without finding rest of PEM header. */ fprintf(stderr, "Invalid PEM header\n"); } } if (ret == 0) { /* Found end of header - convert type string to value. */ word32 type_len = i - type_off; if (type_len >= PEM_TYPE_MAX_LEN) { ret = 1; } if (ret == 0) { if (type_len > 0) memcpy(str, data + type_off, type_len); str[type_len] = '\0'; ret = StringToType(str, type); } } if (ret == 0) { /* Find footer. */ ret = FindStr(data, i + 5, len, "-----END ", 9, &i); if (ret == 1) { /* Got to end without finding PEM footer. */ fprintf(stderr, "No PEM footer found\n"); } } if (ret == 0) { /* Confirm header. */ ret = FindStr(data, i + 9, len, "-----", 5, &i); if (ret == 1) { /* Got to end without finding rest of PEM footer. */ fprintf(stderr, "Invalid PEM footer\n"); } } if (ret == 0) { /* Return end of */ *end = i + 6; } return ret; } /* Convert PEM to DER and write to file. * * @param [in] in Array of characters that is the PEM data. * @param [in] offset Offset into array to start looking for PEM block. * @param [in] len Length of data in array in bytes. * @param [out] der Buffer holding DER encoded data. * @param [in] type PEM type. -1 indicates to determine from array. * @param [in] info Encryption information. * @return 0 on success. * @return Not 0 on failure. */ static int ConvPemToDer(char* in, word32 offset, word32 len, DerBuffer** der, int type, EncryptedInfo* info, int padding) { int ret = 0; word32 start = 0; word32 end = 0; /* Set point to start looking and length. */ char* pem = in + offset; word32 pem_len = len - offset; /* Check if we need to discover PEM type. */ if ((ret == 0) && (type == -1)) { /* Find PEM block and type. */ ret = FindPem(pem, 0, pem_len, &start, &end, &type); if (ret != 0) { fprintf(stderr, "Could not find PEM header\n"); } /* Update start pointer and length. */ pem += start; pem_len = end - start; } if (ret == 0) { /* Convert to DER. */ ret = wc_PemToDer((unsigned char*)pem, pem_len, type, der, NULL, info, NULL); if (ret != 0) { fprintf(stderr, "Could not convert PEM to DER\n"); } } /* Remove padding from encryption if requested. */ if ((ret == 0) && padding) { unsigned char pad = (*der)->buffer[(*der)->length - 1]; word32 i; /* Simple padding validation. */ if ((pad == 0) || (pad > (*der)->length)) { fprintf(stderr, "Invalid padding: %02x\n", pad); ret = 1; } else { /* Check padding is valid. */ for (i = 1; i < pad; i++) { if ((*der)->buffer[(*der)->length - 1 - i] != pad) { fprintf(stderr, "Invalid padding: %d\n", pad); ret = 1; break; } } if (ret == 0) { /* Don't write out padding. */ (*der)->length -= pad; } } } return ret; } #ifdef WOLFSSL_DER_TO_PEM #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED) /* List of known PBE algorithms. */ static const String2Val pbe_map[] = { #ifndef NO_SHA #ifndef NO_RC4 { "SHA1_RC4_128" , ENC_PKCS8_PBE_SHA1_RC4_128 }, #endif #ifndef NO_DES { "SHA1_DES3" , ENC_PKCS8_PBE_SHA1_DES3 }, { "PBES1_SHA1_DES", ENC_PKCS8_PBES1_SHA1_DES }, #endif #ifdef WC_RC2 { "SHA1_40RC2_CBC", ENC_PKCS8_PBE_SHA1_40RC2_CBC }, #endif #endif #ifndef NO_MD5 #ifndef NO_DES { "PBES1_MD5_DES" , ENC_PKCS8_PBES1_MD5_DES }, #endif #endif { "PBES2" , ENC_PKCS8_PBES2 }, }; /* Number of entries in PBE map. */ #define PBE_MAP_LEN ((int)(sizeof(pbe_map) / sizeof(*pbe_map))) /* Convert string to PBE value. * * @param [in] str PBE as a string. * @param [out] pbe PBE as a value. * @return 0 on success. * @return 1 on failure. */ static int StringToPbe(char* str, int* pbe) { int ret = StringToVal(pbe_map, PBE_MAP_LEN, str, pbe); if (ret == 1) { fprintf(stderr, "String doesn't match known PBE algorithms: %s\n", str); } return ret; } /* List of known PBE versions. */ static const String2Val pbe_ver_map[] = { { "PKCS12" , ENC_PKCS8_VER_PKCS12 }, { "PKCS12v1", ENC_PKCS8_VER_PKCS12 }, { "PKCS5" , ENC_PKCS8_VER_PKCS5 }, }; /* Number of entries in PBE versions map. */ #define PBE_VER_MAP_LEN ((int)(sizeof(pbe_ver_map) / sizeof(*pbe_ver_map))) /* Convert string to PBE version value. * * @param [in] str PBE version as a string. * @param [out] pbe_ver PBE version as a value. * @return 0 on success. * @return 1 on failure. */ static int StringToPbeVer(char* str, int* pbe_ver) { int ret = StringToVal(pbe_ver_map, PBE_VER_MAP_LEN, str, pbe_ver); if (ret == 1) { fprintf(stderr, "String doesn't match known PBE versions: %s\n", str); } return ret; } /* List of known PKCS#5v2 PBE encryption algorithms. */ static const String2Val pbe_alg_map[] = { { "AES-128-CBC", ENC_PKCS8_ALG_AES128CBC }, { "AES-256-CBC", ENC_PKCS8_ALG_AES256CBC }, { "DES" , ENC_PKCS8_ALG_DES }, { "DES3" , ENC_PKCS8_ALG_DES3 }, }; /* Number of entries in PBE algorithm map. */ #define PBE_ALG_MAP_LEN ((int)(sizeof(pbe_alg_map) / sizeof(*pbe_alg_map))) /* Convert string to PBE algorithm value. * * @param [in] str PBE algorithm as a string. * @param [out] pbe_alg PBE algorithm as a value. * @return 0 on success. * @return 1 on failure. */ static int StringToPbeAlg(char* str, int* pbe_alg) { int ret = StringToVal(pbe_alg_map, PBE_ALG_MAP_LEN, str, pbe_alg); if (ret == 1) { fprintf(stderr, "String doesn't match known PBE algorithms: %s\n", str); } return ret; } /* Encrypt the DER data. * * @param [in] in DER data to encrypt. * @param [in] in_len Length of DER data. * @param [in] password Password to use to derive key for encryption. * @param [in] iterations Number of iterations in PBE. * @param [in] salt_sz Size of salt to use in bytes. * @param [in] pbe PBE algorithm to use. * @param [in] pbe_ver Version of PBE algorithm to use. * @param [in] enc_alg_id Encryption algorithm id for when using PBES2. * @param [out] enc DER encrypted data. * @param [out] enc_len Length of DER encrypted data. * @return 0 on success. * @return 1 on failure. */ static int EncryptDer(unsigned char* in, word32 in_len, char* password, unsigned int iterations, unsigned int salt_sz, int pbe, int pbe_ver, int enc_alg_id, unsigned char** enc, word32* enc_len) { int ret; WC_RNG rng; unsigned char salt[SALT_MAX_LEN]; if (password == NULL) return 1; XMEMSET(&rng, 0, sizeof(rng)); /* Create a random number generator. */ ret = wc_InitRng(&rng); if (ret == 0) { /* Get salt from random number generator. */ ret = wc_RNG_GenerateBlock(&rng, salt, salt_sz); } if (ret == 0) { /* Get length of encrypted DER data. */ ret = wc_CreateEncryptedPKCS8Key(in, in_len, NULL, enc_len, password, (int)strlen(password), pbe_ver, pbe, enc_alg_id, salt, salt_sz, (int)iterations, &rng, NULL); if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { ret = 0; } else if (ret == 0) { ret = 1; } } if (ret == 0) { /* Allocate memory for encrypted DER data. */ *enc = (unsigned char*)XMALLOC(*enc_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (*enc == NULL) { ret = 1; } } if (ret == 0) { /* Encrypt DER data. */ ret = wc_CreateEncryptedPKCS8Key(in, in_len, *enc, enc_len, password, (int)strlen(password), pbe_ver, pbe, enc_alg_id, salt, salt_sz, (int)iterations, &rng, NULL); if (ret > 0) { ret = 0; } } wc_FreeRng(&rng); return ret; } #endif /* Convert DER to PEM and write to file. * * @param [in] in Array of bytes holding the DER encoding. * @param [in] offset Offset into array of data to convert to PEM. * @param [in] len Length of data in array in bytes. * @param [out] out Allocated buffer holding PEM encoding. * @param [out] out_len Length of PEM encoding in bytes. * @param [in] type PEM type. * @param [in] cipher_str String to write into encrypted key. * @return 0 on success. * @return Not 0 on failure. */ static int ConvDerToPem(unsigned char* in, word32 offset, word32 len, unsigned char** out, word32* out_len, int type, const char* cipher_str) { int ret = 0; unsigned char* pem = NULL; unsigned int pem_len = 0; /* Set point to start looking and length. */ unsigned char* der = in + offset; word32 der_len = len - offset; /* Get length of PEM based on DER. */ ret = wc_DerToPemEx(der, der_len, NULL, 0, (byte*)cipher_str, type); if (ret <= 0) { fprintf(stderr, "Could not determine length of PEM\n"); } pem_len = (unsigned int)ret; if (ret > 0) { ret = 0; } if ((ret == 0) && (pem_len > 0)) { /* Allocate memory to hold PEM encoding. */ pem = (unsigned char*)XMALLOC(pem_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (pem == NULL) { ret = 1; } } if (ret == 0) { /* Convert DER to PEM. */ ret = wc_DerToPemEx(der, der_len, pem, pem_len, (byte*)cipher_str, type); if (ret <= 0) { fprintf(stderr, "Could not convert DER to PEM\n"); XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); } if (ret > 0) { *out = pem; *out_len = (word32)ret; ret = 0; } } return ret; } #endif /* Usage lines to show. */ const char* usage[] = { "pem [OPTION]...", "Convert to/from PEM and DER.", "", "Options:", " -?, --help display this help and exit", " -t --type string representing type of data", " -in name of file to read (uses stdin otherwise)", " -out name of file to write to (uses stdout otherwise)", " -o --offset offset into file where data to convert starts", #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED) " -p --pass password to use with encrypted keys", #endif #ifdef WOLFSSL_DER_TO_PEM " -d --der input is DER and output is PEM", #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED) " --padding Remove padding on decrypted data", " -e --encrypt DER key is to be encrypted", " -v --pbe-ver PBE version to use when encrypting key (see below)", " -p --pbe PBE to use when encrypting key (see below)", " -a --pbe-alg PBES2 algorithm to use when encrypting key (see below)", " -i --iter number of iterations of PBE - default: 100000", " -s --salt-sz length, in bytes, of salt to generate - 0-64", #endif #endif #ifdef DEBUG_WOLFSSL " -l --log turn on wolfSSL logging", #endif "", }; /* Number of usage lines. */ #define USAGE_SZ ((int)(sizeof(usage) / sizeof(*usage))) const struct string_usage_st { const char* str; const String2Val* map; int len; } known_strings[] = { { "Known PEM header/trailer strings:", type_map , TYPE_MAP_LEN }, #if defined(WOLFSSL_DER_TO_PEM) && defined(WOLFSSL_ENCRYPTED_KEYS) && \ !defined(NO_PWDBASED) { "Known PBE version strings:" , pbe_ver_map, PBE_VER_MAP_LEN }, { "Known PBE strings:" , pbe_map , PBE_MAP_LEN }, { "Known PBES2 algorithm strings:" , pbe_alg_map, PBE_ALG_MAP_LEN }, #endif }; /* Number of usage lines. */ #define KNOWN_STRINGS_SZ \ ((int)(sizeof(known_strings) / sizeof(*known_strings))) /* Print out usage lines. */ static void Usage(void) { int i; int j; /* Usage lines. */ for (i = 0; i < USAGE_SZ; i++) { printf("%s\n", usage[i]); } /* Known strings for options. */ for (j = 0; j < KNOWN_STRINGS_SZ; j++) { printf("%s\n", known_strings[j].str); for (i = 0; i < known_strings[j].len; i++) { printf(" %s\n", known_strings[j].map[i].string); } } } /* Main entry of ASN.1 printing program. * * @param [in] argc Count of command line arguments. * @param [in] argv Command line arguments. * @return 0 on success. * @return 1 on failure. */ int main(int argc, char* argv[]) { int ret = 0; /* Default to reading STDIN. */ FILE* in_file = stdin; /* Default to writing to STDOUT. */ FILE* out_file = stdout; const char* out_name = NULL; unsigned char* in = NULL; word32 in_len = 0; word32 offset = 0; unsigned char* out = NULL; word32 out_len = 0; int pem = 1; const char* type_str = NULL; int type = -1; DerBuffer* der = NULL; EncryptedInfo info; int padding = 0; #if defined(WOLFSSL_DER_TO_PEM) && defined(WOLFSSL_ENCRYPTED_KEYS) && \ !defined(NO_PWDBASED) int enc_der = 0; unsigned char* enc = NULL; word32 enc_len = 0; unsigned int iterations = DEFAULT_ITERATIONS; unsigned int salt_sz = 8; int pbe_ver = ENC_PKCS8_VER_PKCS5; int pbe = ENC_PKCS8_PBES2; int pbe_alg = ENC_PKCS8_ALG_AES256CBC; #endif #ifdef DEBUG_WOLFSSL int log = 0; #endif memset(&info, 0, sizeof(info)); /* Skip over program name. */ argc--; argv++; while (argc > 0) { /* PEM header type. */ if ((strcmp(argv[0], "-t") == 0) || (strcmp(argv[0], "--type") == 0)) { argc--; argv++; if (argc == 0) { fprintf(stderr, "No type string provided\n"); ret = 1; goto out; } type_str = argv[0]; } /* Name of input file. */ else if (strcmp(argv[0], "-in") == 0) { argc--; argv++; if (argc == 0) { fprintf(stderr, "No filename provided\n"); ret = 1; goto out; } if (in_file != stdin) { fprintf(stderr, "At most one input file can be supplied.\n"); ret = 1; goto out; } in_file = fopen(argv[0], "r"); if (in_file == NULL) { fprintf(stderr, "File not able to be read: %s\n", argv[0]); ret = 1; goto out; } } /* Name of output file. */ else if (strcmp(argv[0], "-out") == 0) { argc--; argv++; if (argc == 0) { fprintf(stderr, "No filename provided\n"); ret = 1; goto out; } out_name = argv[0]; } /* Offset into input data to start from. */ else if ((strcmp(argv[0], "-o") == 0) || (strcmp(argv[0], "--offset") == 0)) { argc--; argv++; if (argc == 0) { fprintf(stderr, "No filename provided\n"); ret = 1; goto out; } offset = (word32)strtoul(argv[0], NULL, 10); } #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED) /* Password to use when encrypting or decrypting keys with PEM. */ else if ((strcmp(argv[0], "-p") == 0) || (strcmp(argv[0], "--pass") == 0)) { argc--; argv++; if (argc == 0) { fprintf(stderr, "No password provided\n"); ret = 1; goto out; } info.passwd_cb = password_from_userdata; info.passwd_userdata = argv[0]; } #endif #ifdef WOLFSSL_DER_TO_PEM /* Input is DER and we are converting to PEM. */ else if ((strcmp(argv[0], "-d") == 0) || (strcmp(argv[0], "--der") == 0)) { pem = 0; } #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED) /* Remove padding leftover from decryption. */ else if (strcmp(argv[0], "--padding") == 0) { padding = 1; } /* Encrypting the DER data. */ else if ((strcmp(argv[0], "-e") == 0) || (strcmp(argv[0], "--encrypt") == 0)) { enc_der = 1; } /* PBE version. */ else if ((strcmp(argv[0], "-v") == 0) || (strcmp(argv[0], "--pbe-ver") == 0)) { argc--; argv++; if (argc == 0) { fprintf(stderr, "No PBE version provided\n"); ret = 1; goto out; } if (StringToPbeVer(argv[0], &pbe_ver) != 0) { ret = 1; goto out; } } /* PBE algorithm. */ else if ((strcmp(argv[0], "-p") == 0) || (strcmp(argv[0], "--pbe") == 0)) { argc--; argv++; if (argc == 0) { fprintf(stderr, "No PBE provided\n"); ret = 1; goto out; } if (StringToPbe(argv[0], &pbe) != 0) { ret = 1; goto out; } } /* PBES2 algorithm. */ else if ((strcmp(argv[0], "-a") == 0) || (strcmp(argv[0], "--pbe-alg") == 0)) { argc--; argv++; if (argc == 0) { fprintf(stderr, "No PBE algorithm provided\n"); ret = 1; goto out; } if (StringToPbeAlg(argv[0], &pbe_alg) != 0) { ret = 1; goto out; } } /* Number of PBE iterations. */ else if ((strcmp(argv[0], "-i") == 0) || (strcmp(argv[0], "--iter") == 0)) { argc--; argv++; if (argc == 0) { fprintf(stderr, "No filename provided\n"); ret = 1; goto out; } iterations = (unsigned int)strtoul(argv[0], NULL, 10); } /* Size of salt to be generated. */ else if ((strcmp(argv[0], "-s") == 0) || (strcmp(argv[0], "--salt-sz") == 0)) { argc--; argv++; if (argc == 0) { fprintf(stderr, "No salt size provided\n"); ret = 1; goto out; } salt_sz = (unsigned int)strtoul(argv[0], NULL, 10); if (salt_sz > SALT_MAX_LEN) { fprintf(stderr, "Salt size must be no bigger than %d: %d\n", SALT_MAX_LEN, salt_sz); ret = 1; goto out; } } #endif /* WOLFSSL_ENCRYPTED_KEYS !NO_PWDBASED */ #endif /* WOLFSSL_DER_TO_PEM */ #ifdef DEBUG_WOLFSSL /* Turn on logging. */ else if ((strcmp(argv[0], "-l") == 0) || (strcmp(argv[0], "--log") == 0)) { log = 1; } #endif /* Display help/usage. */ else if ((strcmp(argv[0], "-?") == 0) || (strcmp(argv[0], "--help") == 0)) { Usage(); ret = 0; goto out; } else { fprintf(stderr, "Bad option: %s\n", argv[0]); Usage(); ret = 1; goto out; } /* Move on to next command line argument. */ argc--; argv++; } #ifdef DEBUG_WOLFSSL if (log) { wolfSSL_Debugging_ON(); } #endif /* Convert PEM type string to value. */ if (type_str != NULL) { ret = StringToType(type_str, &type); } #if defined(WOLFSSL_DER_TO_PEM) && defined(WOLFSSL_ENCRYPTED_KEYS) && \ !defined(NO_PWDBASED) /* Check whether we are encrypting DER. */ if ((!pem) && (type == PKCS8_ENC_PRIVATEKEY_TYPE)) { enc_der = 1; } #endif /* Read all of PEM file. */ if ((ret == 0) && (pemApp_ReadFile(in_file, &in, &in_len) != 0)) { fprintf(stderr, "Reading file failed\n"); ret = 1; } if ((ret == 0) && pem) { /* Convert PEM to DER. */ ret = ConvPemToDer((char*)in, offset, in_len, &der, type, &info, padding); if (ret == 0) { out = der->buffer; out_len = der->length; } } else { #ifdef WOLFSSL_DER_TO_PEM #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED) if (enc_der) { /* Encrypt DER first. */ ret = EncryptDer(in + offset, in_len - offset, (char*)info.passwd_userdata, iterations, salt_sz, pbe, pbe_ver, pbe_alg, &enc, &enc_len); if (ret == 0) { /* Convert encrypted DER data to PEM. */ ret = ConvDerToPem(enc, 0, enc_len, &out, &out_len, type, NULL); } } else #endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */ { /* Convert DER data to PEM. */ ret = ConvDerToPem(in, offset, in_len, &out, &out_len, type, NULL); } #else fprintf(stderr, "DER to PEM not supported by wolfSSL\n"); ret = 1; #endif } if ((ret == 0) && (out_name != NULL)) { /*Open write named file to write to. */ out_file = fopen(out_name, "w"); if (out_file == NULL) { fprintf(stderr, "File not able to be written: %s\n", out_name); ret = 1; } } if (ret == 0) { /* Write out PEM. */ ret = WriteFile(out_file, out ? (const char *)out : "", out_len); if (ret != 0) { fprintf(stderr, "Could not write file\n"); } } out: /* Dispose of allocated data. */ if (der != NULL) { wc_FreeDer(&der); } else if (out != NULL) { XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); } #if defined(WOLFSSL_DER_TO_PEM) && defined(WOLFSSL_ENCRYPTED_KEYS) && \ !defined(NO_PWDBASED) if (enc != NULL) { XFREE(enc, NULL, DYNAMIC_TYPE_TMP_BUFFER); } #endif if (in != NULL) { XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER); } if (ret < 0) { fprintf(stderr, "%s\n", wc_GetErrorString(ret)); } if ((in_file != stdin) && (in_file != NULL)) (void)fclose(in_file); if ((out_file != stdout) && (out_file != NULL)) (void)fclose(out_file); return (ret == 0) ? 0 : 1; } #else /* Main entry of ASN.1 printing program. * * @param [in] argc Count of command line arguments. * @param [in] argv Command line arguments. * @return 0 on success. * @return 1 on failure. */ int main(int argc, char* argv[]) { (void)argc; (void)argv; fprintf(stderr, "PEM to DER conversion of file system support not compiled" " in.\n"); return 0; } #endif /* WOLFSSL_PEM_TO_DER && !NO_FILESYSTEM */