xref: /aosp_15_r20/external/vboot_reference/utility/dumpRSAPublicKey.c (revision 8617a60d3594060b7ecbd21bc622a7c14f3cf2bc) 
1 /* Copyright 2010 The ChromiumOS Authors
2  * Use of this source code is governed by a BSD-style license that can be
3  * found in the LICENSE file.
4  */
5 
6 /* C port of DumpPublicKey.java from the Android Open source project with
7  * support for additional RSA key sizes. (platform/system/core,git/libmincrypt
8  * /tools/DumpPublicKey.java). Uses the OpenSSL X509 and BIGNUM library.
9  */
10 
11 #include <openssl/pem.h>
12 
13 #include <stdint.h>
14 #include <string.h>
15 #include <unistd.h>
16 
17 #include "openssl_compat.h"
18 
19 /* Command line tool to extract RSA public keys from X.509 certificates
20  * and output a pre-processed version of keys for use by RSA verification
21  * routines.
22  */
23 
check(RSA * key)24 static int check(RSA* key) {
25   const BIGNUM *n, *e;
26   int public_exponent, modulus;
27 
28   RSA_get0_key(key, &n, &e, NULL);
29   public_exponent = BN_get_word(e);
30   modulus = BN_num_bits(n);
31 
32   if (public_exponent != 3 && public_exponent != 65537) {
33     fprintf(stderr,
34             "WARNING: Public exponent should be 3 or 65537 (but is %d).\n",
35             public_exponent);
36   }
37 
38   if (modulus != 1024 && modulus != 2048 && modulus != 3072 && modulus != 4096
39       && modulus != 8192) {
40     fprintf(stderr, "ERROR: Unknown modulus length = %d.\n", modulus);
41     return 0;
42   }
43   return 1;
44 }
45 
46 /* Pre-processes and outputs RSA public key to standard out.
47  */
output(RSA * key)48 static void output(RSA* key) {
49   int i, nwords;
50   const BIGNUM *key_n;
51   BIGNUM *N = NULL;
52   BIGNUM *Big1 = NULL, *Big2 = NULL, *Big32 = NULL, *BigMinus1 = NULL;
53   BIGNUM *B = NULL;
54   BIGNUM *N0inv= NULL, *R = NULL, *RR = NULL, *RRTemp = NULL, *NnumBits = NULL;
55   BIGNUM *n = NULL, *rr = NULL;
56   BN_CTX *bn_ctx = BN_CTX_new();
57   uint32_t n0invout;
58 
59   /* Output size of RSA key in 32-bit words */
60   nwords = RSA_size(key) / 4;
61   if (-1 == write(1, &nwords, sizeof(nwords)))
62     goto failure;
63 
64 
65   /* Initialize BIGNUMs */
66   RSA_get0_key(key, &key_n, NULL, NULL);
67   N = BN_dup(key_n);
68   Big1 = BN_new();
69   Big2 = BN_new();
70   Big32 = BN_new();
71   BigMinus1 = BN_new();
72   N0inv= BN_new();
73   R = BN_new();
74   RR = BN_new();
75   RRTemp = BN_new();
76   NnumBits = BN_new();
77   n = BN_new();
78   rr = BN_new();
79 
80 
81   BN_set_word(Big1, 1L);
82   BN_set_word(Big2, 2L);
83   BN_set_word(Big32, 32L);
84   BN_sub(BigMinus1, Big1, Big2);
85 
86   B = BN_new();
87   BN_exp(B, Big2, Big32, bn_ctx); /* B = 2^32 */
88 
89   /* Calculate and output N0inv = -1 / N[0] mod 2^32 */
90   BN_mod_inverse(N0inv, N, B, bn_ctx);
91   BN_sub(N0inv, B, N0inv);
92   n0invout = BN_get_word(N0inv);
93   if (-1 == write(1, &n0invout, sizeof(n0invout)))
94     goto failure;
95 
96   /* Calculate R = 2^(# of key bits) */
97   BN_set_word(NnumBits, BN_num_bits(N));
98   BN_exp(R, Big2, NnumBits, bn_ctx);
99 
100   /* Calculate RR = R^2 mod N */
101   BN_copy(RR, R);
102   BN_mul(RRTemp, RR, R, bn_ctx);
103   BN_mod(RR, RRTemp, N, bn_ctx);
104 
105 
106   /* Write out modulus as little endian array of integers. */
107   for (i = 0; i < nwords; ++i) {
108     uint32_t nout;
109 
110     BN_mod(n, N, B, bn_ctx); /* n = N mod B */
111     nout = BN_get_word(n);
112     if (-1 == write(1, &nout, sizeof(nout)))
113       goto failure;
114 
115     BN_rshift(N, N, 32); /*  N = N/B */
116   }
117 
118   /* Write R^2 as little endian array of integers. */
119   for (i = 0; i < nwords; ++i) {
120     uint32_t rrout;
121 
122     BN_mod(rr, RR, B, bn_ctx); /* rr = RR mod B */
123     rrout = BN_get_word(rr);
124     if (-1 == write(1, &rrout, sizeof(rrout)))
125       goto failure;
126 
127     BN_rshift(RR, RR, 32); /* RR = RR/B */
128   }
129 
130 failure:
131   /* Free BIGNUMs. */
132   BN_free(N);
133   BN_free(Big1);
134   BN_free(Big2);
135   BN_free(Big32);
136   BN_free(BigMinus1);
137   BN_free(N0inv);
138   BN_free(R);
139   BN_free(RRTemp);
140   BN_free(NnumBits);
141   BN_free(n);
142   BN_free(rr);
143 
144 }
145 
main(int argc,char * argv[])146 int main(int argc, char* argv[]) {
147   int cert_mode = 0;
148   FILE* fp;
149   X509* cert = NULL;
150   RSA* pubkey = NULL;
151   EVP_PKEY* key;
152   char *progname;
153 
154   if (argc != 3 || (strcmp(argv[1], "-cert") && strcmp(argv[1], "-pub"))) {
155     progname = strrchr(argv[0], '/');
156     if (progname)
157       progname++;
158     else
159       progname = argv[0];
160     fprintf(stderr, "Usage: %s <-cert | -pub> <file>\n", progname);
161     return -1;
162   }
163 
164   if (!strcmp(argv[1], "-cert"))
165     cert_mode = 1;
166 
167   fp = fopen(argv[2], "r");
168 
169   if (!fp) {
170     fprintf(stderr, "Couldn't open file %s!\n", argv[2]);
171     return -1;
172   }
173 
174   if (cert_mode) {
175     /* Read the certificate */
176     if (!PEM_read_X509(fp, &cert, NULL, NULL)) {
177       fprintf(stderr, "Couldn't read certificate.\n");
178       goto fail;
179     }
180 
181     /* Get the public key from the certificate. */
182     key = X509_get_pubkey(cert);
183 
184     /* Convert to a RSA_style key. */
185     if (!(pubkey = EVP_PKEY_get1_RSA(key))) {
186       fprintf(stderr, "Couldn't convert to a RSA style key.\n");
187       goto fail;
188     }
189   } else {
190     /* Read the pubkey in .PEM format. */
191     if (!(pubkey = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL))) {
192       fprintf(stderr, "Couldn't read public key file.\n");
193       goto fail;
194     }
195   }
196 
197   if (check(pubkey)) {
198     output(pubkey);
199   }
200 
201 fail:
202   X509_free(cert);
203   RSA_free(pubkey);
204   fclose(fp);
205 
206   return 0;
207 }
208