Blame - tool/sign.cc - boringssl.git

blob: 74b84f187edad645325d3999aed5f772828fe155 [file] [log] [blame]

David Benjamin	4e78e30	2017-03-30 10:16:07 -0500	[diff] [blame]	1	/* Copyright (c) 2017, Google Inc.
				2	*
				3	* Permission to use, copy, modify, and/or distribute this software for any
				4	* purpose with or without fee is hereby granted, provided that the above
				5	* copyright notice and this permission notice appear in all copies.
				6	*
				7	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
				8	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
				9	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
				10	* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
				11	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
				12	* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
				13	* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
				14
				15	#include <map>
				16	#include <vector>
				17
				18	#include <openssl/bio.h>
				19	#include <openssl/evp.h>
				20	#include <openssl/pem.h>
				21
				22	#include "internal.h"
				23
				24
				25	static const struct argument kArguments[] = {
				26	{"-key", kRequiredArgument, "The private key, in PEM format, to sign with"},
				27	{"-digest", kOptionalArgument, "The digest algorithm to use"},
				28	{"", kOptionalArgument, ""},
				29	};
				30
				31	bool Sign(const std::vector<std::string> &args) {
				32	std::map<std::string, std::string> args_map;
				33	if (!ParseKeyValueArguments(&args_map, args, kArguments)) {
				34	PrintUsage(kArguments);
				35	return false;
				36	}
				37
				38	// Load the private key.
				39	bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file()));
				40	if (!bio \|\| !BIO_read_filename(bio.get(), args_map["-key"].c_str())) {
				41	return false;
				42	}
				43	bssl::UniquePtr<EVP_PKEY> key(
				44	PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
				45	if (!key) {
				46	return false;
				47	}
				48
				49	// Setup the signing operation.
				50	bssl::UniquePtr<EVP_PKEY_CTX> ctx(EVP_PKEY_CTX_new(key.get(), nullptr));
				51	if (!ctx \|\|
				52	!EVP_PKEY_sign_init(ctx.get())) {
				53	return false;
				54	}
				55
				56	if (args_map.count("-digest")) {
				57	const EVP_MD *md = EVP_get_digestbyname(args_map["-digest"].c_str());
				58	if (md == nullptr) {
				59	fprintf(stderr, "Unknown digest algorithm: %s\n",
				60	args_map["-digest"].c_str());
				61	return false;
				62	}
				63
				64	if (!EVP_PKEY_CTX_set_signature_md(ctx.get(), md)) {
				65	return false;
				66	}
				67	}
				68
				69	std::vector<uint8_t> data;
				70	if (!ReadAll(&data, stdin)) {
				71	fprintf(stderr, "Error reading input.\n");
				72	return false;
				73	}
				74
				75	size_t sig_len = EVP_PKEY_size(key.get());
				76	std::unique_ptr<uint8_t[]> sig(new uint8_t[sig_len]);
				77	if (!EVP_PKEY_sign_message(ctx.get(), sig.get(), &sig_len, data.data(),
				78	data.size())) {
				79	return false;
				80	}
				81
				82	if (fwrite(sig.get(), 1, sig_len, stdout) != sig_len) {
				83	fprintf(stderr, "Error writing signature.\n");
				84	return false;
				85	}
				86
				87	return true;
				88	}