12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070 |
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #ifndef WOLFSSL_USER_SETTINGS
- #include <wolfssl/options.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #include <wolfssl/wolfcrypt/asn_public.h>
- #include <wolfssl/wolfcrypt/coding.h>
- #include <wolfssl/wolfcrypt/error-crypt.h>
- #include <wolfssl/wolfcrypt/random.h>
- #include <wolfssl/wolfcrypt/wc_encrypt.h>
- #ifdef DEBUG_WOLFSSL
- #include <wolfssl/wolfcrypt/logging.h>
- #endif
- #include <stdio.h>
- #if defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM)
- #define DATA_INC_LEN 256
- #define BLOCK_SIZE_MAX 16
- #define PEM_TYPE_MAX_LEN 32
- #define SALT_MAX_LEN 64
- #define DEFAULT_ITERATIONS 100000
- typedef struct Str2Val {
-
- const char* string;
-
- int val;
- } String2Val;
- static int StringToVal(const String2Val* map, int len, const char* str,
- int* val)
- {
- int ret = 1;
- int i;
- for (i = 0; i < len; i++) {
- if (strcmp(str, map[i].string) == 0) {
- *val = map[i].val;
- ret = 0;
- break;
- }
- }
- return ret;
- }
- static int pemApp_ReadFile(FILE* fp, unsigned char** pdata, word32* plen)
- {
- int ret = 0;
- word32 len = 0;
- size_t read_len;
-
- unsigned char* data = (unsigned char*)XMALLOC(DATA_INC_LEN + BLOCK_SIZE_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (data != NULL) {
-
- while ((read_len = fread(data + len, 1, DATA_INC_LEN, fp)) != 0) {
- unsigned char* p;
-
- len += (word32)read_len;
-
- if (feof(fp)) {
- break;
- }
-
- p = (unsigned char*)XREALLOC(data, len + DATA_INC_LEN +
- BLOCK_SIZE_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (p == NULL) {
-
- XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- data = NULL;
- break;
- }
-
- data = p;
- }
- }
- if (data != NULL) {
-
- *pdata = data;
- *plen = len;
- }
- else {
-
- ret = MEMORY_E;
- }
- return ret;
- }
- static int WriteFile(FILE* fp, const char* data, word32 len)
- {
- int ret = 0;
-
- if (fwrite(data, 1, len, fp) != len) {
-
- fprintf(stderr, "Failed to write\n");
- ret = 1;
- }
- return ret;
- }
- static const String2Val type_map[] = {
- { "CERTIFICATE" , CERT_TYPE },
- #ifdef WOLFSSL_CERT_REQ
- { "CERTIFICATE REQUEST" , CERTREQ_TYPE },
- #endif
- #ifndef NO_DH
- { "DH PARAMETERS" , DH_PARAM_TYPE },
- { "X9.42 DH PARAMETERS" , X942_PARAM_TYPE },
- #endif
- #ifndef NO_DSA
- { "DSA PARAMETERS" , DSA_PARAM_TYPE },
- #endif
- #ifdef HAVE_CRL
- { "X509 CRL" , CRL_TYPE },
- #endif
- { "RSA PRIVATE KEY" , RSA_TYPE },
- { "RSA PUBLIC KEY" , RSA_PUBLICKEY_TYPE },
- { "PRIVATE KEY" , PKCS8_PRIVATEKEY_TYPE },
- { "ENCRYPTED PRIVATE KEY", PKCS8_ENC_PRIVATEKEY_TYPE },
- #ifdef HAVE_ECC
- { "EC PRIVATE KEY" , ECC_PRIVATEKEY_TYPE },
- #ifdef OPENSSL_EXTRA
- { "EC PARAMETERS" , ECC_PARAM_TYPE },
- #endif
- #endif
- #ifndef NO_DSA
- { "DSA PRIVATE KEY" , DSA_PRIVATEKEY_TYPE },
- #endif
- { "PUBLIC KEY" , ECC_PUBLICKEY_TYPE },
- #if defined(HAVE_ED25519) || defined(HAVE_ED448)
- { "EDDSA PRIVATE KEY" , EDDSA_PRIVATEKEY_TYPE },
- #endif
- };
- #define TYPE_MAP_LEN ((int)(sizeof(type_map) / sizeof(*type_map)))
- static int StringToType(const char* str, int* type)
- {
- int ret = StringToVal(type_map, TYPE_MAP_LEN, str, type);
- if (ret == 1) {
- fprintf(stderr, "String doesn't match known PEM types: %s\n", str);
- }
- return ret;
- }
- #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
- static int password_from_userdata(char* passwd, int sz, int rw, void* userdata)
- {
- (void)rw;
-
- strncpy(passwd, (const char*)userdata, (size_t)sz);
- passwd[sz - 1] = '\0';
-
- return (int)XSTRLEN((const char*)passwd);
- }
- #endif
- static int FindStr(char* haystack, word32 offset, word32 len,
- const char* needle, word32 needle_len, word32* needle_offset)
- {
-
- int ret = 1;
- word32 i;
-
- if (len >= needle_len) {
-
- for (i = offset; i <= len - needle_len; i++) {
-
- if ((haystack[i] == needle[0]) &&
- (strncmp(haystack + i, needle, needle_len) == 0)) {
-
- *needle_offset = i;
-
- ret = 0;
-
- break;
- }
- }
- }
- return ret;
- }
- static int FindPem(char* data, word32 offset, word32 len, word32* start,
- word32* end, int* type)
- {
- int ret = 0;
- word32 i = 0;
- word32 type_off = 0;
- char str[PEM_TYPE_MAX_LEN];
-
- ret = FindStr(data, offset, len, "-----BEGIN ", 11, &i);
- if (ret == 1) {
-
- fprintf(stderr, "No PEM header found\n");
- }
- if (ret == 0) {
-
- *start = i;
-
- type_off = i + 11;
-
- ret = FindStr(data, i + 11, len, "-----", 5, &i);
- if (ret == 1) {
-
- fprintf(stderr, "Invalid PEM header\n");
- }
- }
- if (ret == 0) {
-
- word32 type_len = i - type_off;
- if (type_len >= PEM_TYPE_MAX_LEN) {
- ret = 1;
- }
- if (ret == 0) {
- if (type_len > 0)
- memcpy(str, data + type_off, type_len);
- str[type_len] = '\0';
- ret = StringToType(str, type);
- }
- }
- if (ret == 0) {
-
- ret = FindStr(data, i + 5, len, "-----END ", 9, &i);
- if (ret == 1) {
-
- fprintf(stderr, "No PEM footer found\n");
- }
- }
- if (ret == 0) {
-
- ret = FindStr(data, i + 9, len, "-----", 5, &i);
- if (ret == 1) {
-
- fprintf(stderr, "Invalid PEM footer\n");
- }
- }
- if (ret == 0) {
-
- *end = i + 6;
- }
- return ret;
- }
- static int ConvPemToDer(char* in, word32 offset, word32 len, DerBuffer** der,
- int type, EncryptedInfo* info, int padding)
- {
- int ret = 0;
- word32 start = 0;
- word32 end = 0;
-
- char* pem = in + offset;
- word32 pem_len = len - offset;
-
- if ((ret == 0) && (type == -1)) {
-
- ret = FindPem(pem, 0, pem_len, &start, &end, &type);
- if (ret != 0) {
- fprintf(stderr, "Could not find PEM header\n");
- }
-
- pem += start;
- pem_len = end - start;
- }
- if (ret == 0) {
-
- ret = wc_PemToDer((unsigned char*)pem, pem_len, type, der, NULL, info,
- NULL);
- if (ret != 0) {
- fprintf(stderr, "Could not convert PEM to DER\n");
- }
- }
-
- if ((ret == 0) && padding) {
- unsigned char pad = (*der)->buffer[(*der)->length - 1];
- word32 i;
-
- if ((pad == 0) || (pad > (*der)->length)) {
- fprintf(stderr, "Invalid padding: %02x\n", pad);
- ret = 1;
- }
- else {
-
- for (i = 1; i < pad; i++) {
- if ((*der)->buffer[(*der)->length - 1 - i] != pad) {
- fprintf(stderr, "Invalid padding: %d\n", pad);
- ret = 1;
- break;
- }
- }
- if (ret == 0) {
-
- (*der)->length -= pad;
- }
- }
- }
- return ret;
- }
- #ifdef WOLFSSL_DER_TO_PEM
- #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
- static const String2Val pbe_map[] = {
- #ifndef NO_SHA
- #ifndef NO_RC4
- { "SHA1_RC4_128" , ENC_PKCS8_PBE_SHA1_RC4_128 },
- #endif
- #ifndef NO_DES
- { "SHA1_DES3" , ENC_PKCS8_PBE_SHA1_DES3 },
- { "PBES1_SHA1_DES", ENC_PKCS8_PBES1_SHA1_DES },
- #endif
- #ifdef WC_RC2
- { "SHA1_40RC2_CBC", ENC_PKCS8_PBE_SHA1_40RC2_CBC },
- #endif
- #endif
- #ifndef NO_MD5
- #ifndef NO_DES
- { "PBES1_MD5_DES" , ENC_PKCS8_PBES1_MD5_DES },
- #endif
- #endif
- { "PBES2" , ENC_PKCS8_PBES2 },
- };
- #define PBE_MAP_LEN ((int)(sizeof(pbe_map) / sizeof(*pbe_map)))
- static int StringToPbe(char* str, int* pbe)
- {
- int ret = StringToVal(pbe_map, PBE_MAP_LEN, str, pbe);
- if (ret == 1) {
- fprintf(stderr, "String doesn't match known PBE algorithms: %s\n", str);
- }
- return ret;
- }
- static const String2Val pbe_ver_map[] = {
- { "PKCS12" , ENC_PKCS8_VER_PKCS12 },
- { "PKCS12v1", ENC_PKCS8_VER_PKCS12 },
- { "PKCS5" , ENC_PKCS8_VER_PKCS5 },
- };
- #define PBE_VER_MAP_LEN ((int)(sizeof(pbe_ver_map) / sizeof(*pbe_ver_map)))
- static int StringToPbeVer(char* str, int* pbe_ver)
- {
- int ret = StringToVal(pbe_ver_map, PBE_VER_MAP_LEN, str, pbe_ver);
- if (ret == 1) {
- fprintf(stderr, "String doesn't match known PBE versions: %s\n", str);
- }
- return ret;
- }
- static const String2Val pbe_alg_map[] = {
- { "AES-128-CBC", ENC_PKCS8_ALG_AES128CBC },
- { "AES-256-CBC", ENC_PKCS8_ALG_AES256CBC },
- { "DES" , ENC_PKCS8_ALG_DES },
- { "DES3" , ENC_PKCS8_ALG_DES3 },
- };
- #define PBE_ALG_MAP_LEN ((int)(sizeof(pbe_alg_map) / sizeof(*pbe_alg_map)))
- static int StringToPbeAlg(char* str, int* pbe_alg)
- {
- int ret = StringToVal(pbe_alg_map, PBE_ALG_MAP_LEN, str, pbe_alg);
- if (ret == 1) {
- fprintf(stderr, "String doesn't match known PBE algorithms: %s\n", str);
- }
- return ret;
- }
- static int EncryptDer(unsigned char* in, word32 in_len, char* password,
- unsigned int iterations, unsigned int salt_sz, int pbe, int pbe_ver,
- int enc_alg_id, unsigned char** enc, word32* enc_len)
- {
- int ret;
- WC_RNG rng;
- unsigned char salt[SALT_MAX_LEN];
- if (password == NULL)
- return 1;
- XMEMSET(&rng, 0, sizeof(rng));
-
- ret = wc_InitRng(&rng);
- if (ret == 0) {
-
- ret = wc_RNG_GenerateBlock(&rng, salt, salt_sz);
- }
- if (ret == 0) {
-
- ret = wc_CreateEncryptedPKCS8Key(in, in_len, NULL, enc_len, password,
- (int)strlen(password), pbe_ver, pbe, enc_alg_id, salt, salt_sz,
- (int)iterations, &rng, NULL);
- if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
- ret = 0;
- }
- else if (ret == 0) {
- ret = 1;
- }
- }
- if (ret == 0) {
-
- *enc = (unsigned char*)XMALLOC(*enc_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (*enc == NULL) {
- ret = 1;
- }
- }
- if (ret == 0) {
-
- ret = wc_CreateEncryptedPKCS8Key(in, in_len, *enc, enc_len, password,
- (int)strlen(password), pbe_ver, pbe, enc_alg_id, salt, salt_sz,
- (int)iterations, &rng, NULL);
- if (ret > 0) {
- ret = 0;
- }
- }
- wc_FreeRng(&rng);
- return ret;
- }
- #endif
- static int ConvDerToPem(unsigned char* in, word32 offset, word32 len,
- unsigned char** out, word32* out_len, int type, const char* cipher_str)
- {
- int ret = 0;
- unsigned char* pem = NULL;
- unsigned int pem_len = 0;
-
- unsigned char* der = in + offset;
- word32 der_len = len - offset;
-
- ret = wc_DerToPemEx(der, der_len, NULL, 0, (byte*)cipher_str, type);
- if (ret <= 0) {
- fprintf(stderr, "Could not determine length of PEM\n");
- }
- pem_len = (unsigned int)ret;
- if (ret > 0) {
- ret = 0;
- }
- if ((ret == 0) && (pem_len > 0)) {
-
- pem = (unsigned char*)XMALLOC(pem_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (pem == NULL) {
- ret = 1;
- }
- }
- if (ret == 0) {
-
- ret = wc_DerToPemEx(der, der_len, pem, pem_len, (byte*)cipher_str,
- type);
- if (ret <= 0) {
- fprintf(stderr, "Could not convert DER to PEM\n");
- XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (ret > 0) {
- *out = pem;
- *out_len = (word32)ret;
- ret = 0;
- }
- }
- return ret;
- }
- #endif
- const char* usage[] = {
- "pem [OPTION]...",
- "Convert to/from PEM and DER.",
- "",
- "Options:",
- " -?, --help display this help and exit",
- " -t --type string representing type of data",
- " -in name of file to read (uses stdin otherwise)",
- " -out name of file to write to (uses stdout otherwise)",
- " -o --offset offset into file where data to convert starts",
- #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
- " -p --pass password to use with encrypted keys",
- #endif
- #ifdef WOLFSSL_DER_TO_PEM
- " -d --der input is DER and output is PEM",
- #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
- " --padding Remove padding on decrypted data",
- " -e --encrypt DER key is to be encrypted",
- " -v --pbe-ver PBE version to use when encrypting key (see below)",
- " -p --pbe PBE to use when encrypting key (see below)",
- " -a --pbe-alg PBES2 algorithm to use when encrypting key (see below)",
- " -i --iter number of iterations of PBE - default: 100000",
- " -s --salt-sz length, in bytes, of salt to generate - 0-64",
- #endif
- #endif
- #ifdef DEBUG_WOLFSSL
- " -l --log turn on wolfSSL logging",
- #endif
- "",
- };
- #define USAGE_SZ ((int)(sizeof(usage) / sizeof(*usage)))
- const struct string_usage_st {
- const char* str;
- const String2Val* map;
- int len;
- } known_strings[] = {
- { "Known PEM header/trailer strings:", type_map , TYPE_MAP_LEN },
- #if defined(WOLFSSL_DER_TO_PEM) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
- !defined(NO_PWDBASED)
- { "Known PBE version strings:" , pbe_ver_map, PBE_VER_MAP_LEN },
- { "Known PBE strings:" , pbe_map , PBE_MAP_LEN },
- { "Known PBES2 algorithm strings:" , pbe_alg_map, PBE_ALG_MAP_LEN },
- #endif
- };
- #define KNOWN_STRINGS_SZ \
- ((int)(sizeof(known_strings) / sizeof(*known_strings)))
- static void Usage(void)
- {
- int i;
- int j;
-
- for (i = 0; i < USAGE_SZ; i++) {
- printf("%s\n", usage[i]);
- }
-
- for (j = 0; j < KNOWN_STRINGS_SZ; j++) {
- printf("%s\n", known_strings[j].str);
- for (i = 0; i < known_strings[j].len; i++) {
- printf(" %s\n", known_strings[j].map[i].string);
- }
- }
- }
- int main(int argc, char* argv[])
- {
- int ret = 0;
-
- FILE* in_file = stdin;
-
- FILE* out_file = stdout;
- const char* out_name = NULL;
- unsigned char* in = NULL;
- word32 in_len = 0;
- word32 offset = 0;
- unsigned char* out = NULL;
- word32 out_len = 0;
- int pem = 1;
- const char* type_str = NULL;
- int type = -1;
- DerBuffer* der = NULL;
- EncryptedInfo info;
- int padding = 0;
- #if defined(WOLFSSL_DER_TO_PEM) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
- !defined(NO_PWDBASED)
- int enc_der = 0;
- unsigned char* enc = NULL;
- word32 enc_len = 0;
- unsigned int iterations = DEFAULT_ITERATIONS;
- unsigned int salt_sz = 8;
- int pbe_ver = ENC_PKCS8_VER_PKCS5;
- int pbe = ENC_PKCS8_PBES2;
- int pbe_alg = ENC_PKCS8_ALG_AES256CBC;
- #endif
- #ifdef DEBUG_WOLFSSL
- int log = 0;
- #endif
- memset(&info, 0, sizeof(info));
-
- argc--;
- argv++;
- while (argc > 0) {
-
- if ((strcmp(argv[0], "-t") == 0) ||
- (strcmp(argv[0], "--type") == 0)) {
- argc--;
- argv++;
- if (argc == 0) {
- fprintf(stderr, "No type string provided\n");
- ret = 1;
- goto out;
- }
- type_str = argv[0];
- }
-
- else if (strcmp(argv[0], "-in") == 0) {
- argc--;
- argv++;
- if (argc == 0) {
- fprintf(stderr, "No filename provided\n");
- ret = 1;
- goto out;
- }
- if (in_file != stdin) {
- fprintf(stderr, "At most one input file can be supplied.\n");
- ret = 1;
- goto out;
- }
- in_file = fopen(argv[0], "r");
- if (in_file == NULL) {
- fprintf(stderr, "File not able to be read: %s\n", argv[0]);
- ret = 1;
- goto out;
- }
- }
-
- else if (strcmp(argv[0], "-out") == 0) {
- argc--;
- argv++;
- if (argc == 0) {
- fprintf(stderr, "No filename provided\n");
- ret = 1;
- goto out;
- }
- out_name = argv[0];
- }
-
- else if ((strcmp(argv[0], "-o") == 0) ||
- (strcmp(argv[0], "--offset") == 0)) {
- argc--;
- argv++;
- if (argc == 0) {
- fprintf(stderr, "No filename provided\n");
- ret = 1;
- goto out;
- }
- offset = (word32)strtoul(argv[0], NULL, 10);
- }
- #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
-
- else if ((strcmp(argv[0], "-p") == 0) ||
- (strcmp(argv[0], "--pass") == 0)) {
- argc--;
- argv++;
- if (argc == 0) {
- fprintf(stderr, "No password provided\n");
- ret = 1;
- goto out;
- }
- info.passwd_cb = password_from_userdata;
- info.passwd_userdata = argv[0];
- }
- #endif
- #ifdef WOLFSSL_DER_TO_PEM
-
- else if ((strcmp(argv[0], "-d") == 0) ||
- (strcmp(argv[0], "--der") == 0)) {
- pem = 0;
- }
- #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
-
- else if (strcmp(argv[0], "--padding") == 0) {
- padding = 1;
- }
-
- else if ((strcmp(argv[0], "-e") == 0) ||
- (strcmp(argv[0], "--encrypt") == 0)) {
- enc_der = 1;
- }
-
- else if ((strcmp(argv[0], "-v") == 0) ||
- (strcmp(argv[0], "--pbe-ver") == 0)) {
- argc--;
- argv++;
- if (argc == 0) {
- fprintf(stderr, "No PBE version provided\n");
- ret = 1;
- goto out;
- }
- if (StringToPbeVer(argv[0], &pbe_ver) != 0) {
- ret = 1;
- goto out;
- }
- }
-
- else if ((strcmp(argv[0], "-p") == 0) ||
- (strcmp(argv[0], "--pbe") == 0)) {
- argc--;
- argv++;
- if (argc == 0) {
- fprintf(stderr, "No PBE provided\n");
- ret = 1;
- goto out;
- }
- if (StringToPbe(argv[0], &pbe) != 0) {
- ret = 1;
- goto out;
- }
- }
-
- else if ((strcmp(argv[0], "-a") == 0) ||
- (strcmp(argv[0], "--pbe-alg") == 0)) {
- argc--;
- argv++;
- if (argc == 0) {
- fprintf(stderr, "No PBE algorithm provided\n");
- ret = 1;
- goto out;
- }
- if (StringToPbeAlg(argv[0], &pbe_alg) != 0) {
- ret = 1;
- goto out;
- }
- }
-
- else if ((strcmp(argv[0], "-i") == 0) ||
- (strcmp(argv[0], "--iter") == 0)) {
- argc--;
- argv++;
- if (argc == 0) {
- fprintf(stderr, "No filename provided\n");
- ret = 1;
- goto out;
- }
- iterations = (unsigned int)strtoul(argv[0], NULL, 10);
- }
-
- else if ((strcmp(argv[0], "-s") == 0) ||
- (strcmp(argv[0], "--salt-sz") == 0)) {
- argc--;
- argv++;
- if (argc == 0) {
- fprintf(stderr, "No salt size provided\n");
- ret = 1;
- goto out;
- }
- salt_sz = (unsigned int)strtoul(argv[0], NULL, 10);
- if (salt_sz > SALT_MAX_LEN) {
- fprintf(stderr, "Salt size must be no bigger than %d: %d\n",
- SALT_MAX_LEN, salt_sz);
- ret = 1;
- goto out;
- }
- }
- #endif
- #endif
- #ifdef DEBUG_WOLFSSL
-
- else if ((strcmp(argv[0], "-l") == 0) ||
- (strcmp(argv[0], "--log") == 0)) {
- log = 1;
- }
- #endif
-
- else if ((strcmp(argv[0], "-?") == 0) ||
- (strcmp(argv[0], "--help") == 0)) {
- Usage();
- ret = 0;
- goto out;
- }
- else {
- fprintf(stderr, "Bad option: %s\n", argv[0]);
- Usage();
- ret = 1;
- goto out;
- }
-
- argc--;
- argv++;
- }
- #ifdef DEBUG_WOLFSSL
- if (log) {
- wolfSSL_Debugging_ON();
- }
- #endif
-
- if (type_str != NULL) {
- ret = StringToType(type_str, &type);
- }
- #if defined(WOLFSSL_DER_TO_PEM) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
- !defined(NO_PWDBASED)
-
- if ((!pem) && (type == PKCS8_ENC_PRIVATEKEY_TYPE)) {
- enc_der = 1;
- }
- #endif
-
- if ((ret == 0) && (pemApp_ReadFile(in_file, &in, &in_len) != 0)) {
- fprintf(stderr, "Reading file failed\n");
- ret = 1;
- }
- if ((ret == 0) && pem) {
-
- ret = ConvPemToDer((char*)in, offset, in_len, &der, type, &info,
- padding);
- if (ret == 0) {
- out = der->buffer;
- out_len = der->length;
- }
- }
- else {
- #ifdef WOLFSSL_DER_TO_PEM
- #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
- if (enc_der) {
-
- ret = EncryptDer(in + offset, in_len - offset,
- (char*)info.passwd_userdata, iterations, salt_sz, pbe, pbe_ver,
- pbe_alg, &enc, &enc_len);
- if (ret == 0) {
-
- ret = ConvDerToPem(enc, 0, enc_len, &out, &out_len, type,
- NULL);
- }
- }
- else
- #endif
- {
-
- ret = ConvDerToPem(in, offset, in_len, &out, &out_len, type, NULL);
- }
- #else
- fprintf(stderr, "DER to PEM not supported by wolfSSL\n");
- ret = 1;
- #endif
- }
- if ((ret == 0) && (out_name != NULL)) {
-
- out_file = fopen(out_name, "w");
- if (out_file == NULL) {
- fprintf(stderr, "File not able to be written: %s\n", out_name);
- ret = 1;
- }
- }
- if (ret == 0) {
-
- ret = WriteFile(out_file, out ? (const char *)out : "", out_len);
- if (ret != 0) {
- fprintf(stderr, "Could not write file\n");
- }
- }
- out:
-
- if (der != NULL) {
- wc_FreeDer(&der);
- }
- else if (out != NULL) {
- XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #if defined(WOLFSSL_DER_TO_PEM) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
- !defined(NO_PWDBASED)
- if (enc != NULL) {
- XFREE(enc, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- if (in != NULL) {
- XFREE(in, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (ret < 0) {
- fprintf(stderr, "%s\n", wc_GetErrorString(ret));
- }
- if ((in_file != stdin) && (in_file != NULL))
- (void)fclose(in_file);
- if ((out_file != stdout) && (out_file != NULL))
- (void)fclose(out_file);
- return (ret == 0) ? 0 : 1;
- }
- #else
- int main(int argc, char* argv[])
- {
- (void)argc;
- (void)argv;
- fprintf(stderr, "PEM to DER conversion of file system support not compiled"
- " in.\n");
- return 0;
- }
- #endif
|