Home | History | Annotate | Download | only in tool 
      1 /* Copyright (c) 2017, Google Inc.
      2  *
      3  * Permission to use, copy, modify, and/or distribute this software for any
      4  * purpose with or without fee is hereby granted, provided that the above
      5  * copyright notice and this permission notice appear in all copies.
      6  *
      7  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
      8  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
      9  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
     10  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
     11  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
     12  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
     13  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
     14 
     15 #include <map>
     16 #include <vector>
     17 
     18 #include <openssl/bio.h>
     19 #include <openssl/evp.h>
     20 #include <openssl/pem.h>
     21 
     22 #include "internal.h"
     23 
     24 
     25 static const struct argument kArguments[] = {
     26     {"-key", kRequiredArgument, "The private key, in PEM format, to sign with"},
     27     {"-digest", kOptionalArgument, "The digest algorithm to use"},
     28     {"", kOptionalArgument, ""},
     29 };
     30 
     31 bool Sign(const std::vector<std::string> &args) {
     32   std::map<std::string, std::string> args_map;
     33   if (!ParseKeyValueArguments(&args_map, args, kArguments)) {
     34     PrintUsage(kArguments);
     35     return false;
     36   }
     37 
     38   // Load the private key.
     39   bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_file()));
     40   if (!bio || !BIO_read_filename(bio.get(), args_map["-key"].c_str())) {
     41     return false;
     42   }
     43   bssl::UniquePtr<EVP_PKEY> key(
     44       PEM_read_bio_PrivateKey(bio.get(), nullptr, nullptr, nullptr));
     45   if (!key) {
     46     return false;
     47   }
     48 
     49   const EVP_MD *md = nullptr;
     50   if (args_map.count("-digest")) {
     51     md = EVP_get_digestbyname(args_map["-digest"].c_str());
     52     if (md == nullptr) {
     53       fprintf(stderr, "Unknown digest algorithm: %s\n",
     54               args_map["-digest"].c_str());
     55       return false;
     56     }
     57   }
     58 
     59   bssl::ScopedEVP_MD_CTX ctx;
     60   if (!EVP_DigestSignInit(ctx.get(), nullptr, md, nullptr, key.get())) {
     61     return false;
     62   }
     63 
     64   std::vector<uint8_t> data;
     65   if (!ReadAll(&data, stdin)) {
     66     fprintf(stderr, "Error reading input.\n");
     67     return false;
     68   }
     69 
     70   size_t sig_len = EVP_PKEY_size(key.get());
     71   std::unique_ptr<uint8_t[]> sig(new uint8_t[sig_len]);
     72   if (!EVP_DigestSign(ctx.get(), sig.get(), &sig_len, data.data(),
     73                       data.size())) {
     74     return false;
     75   }
     76 
     77   if (fwrite(sig.get(), 1, sig_len, stdout) != sig_len) {
     78     fprintf(stderr, "Error writing signature.\n");
     79     return false;
     80   }
     81 
     82   return true;
     83 }
     84