diff options
Diffstat (limited to 'crypto/openssl/apps/der_chop')
| -rw-r--r-- | crypto/openssl/apps/der_chop | 305 |
1 files changed, 305 insertions, 0 deletions
diff --git a/crypto/openssl/apps/der_chop b/crypto/openssl/apps/der_chop new file mode 100644 index 0000000..fbd2889 --- /dev/null +++ b/crypto/openssl/apps/der_chop @@ -0,0 +1,305 @@ +#!/usr/local/bin/perl5 +# +# der_chop ... this is one total hack that Eric is really not proud of +# so don't look at it and don't ask for support +# +# The "documentation" for this (i.e. all the comments) are my fault --tjh +# +# This program takes the "raw" output of derparse/asn1parse and +# converts it into tokens and then runs regular expression matches +# to try to figure out what to grab to get the things that are needed +# and it is possible that this will do the wrong thing as it is a *hack* +# +# SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET) +# [I know ... promises promises :-)] +# +# To convert a Netscape Certificate: +# der_chop < ServerCert.der > cert.pem +# To convert a Netscape Key (and encrypt it again to protect it) +# rsa -inform NET -in ServerKey.der -des > key.pem +# +# 23-Apr-96 eay Added the extra ASN.1 string types, I still think this +# is an evil hack. If nothing else the parsing should +# be relative, not absolute. +# 19-Apr-96 tjh hacked (with eay) into 0.5.x format +# +# Tim Hudson +# tjh@cryptsoft.com +# + + +require 'getopts.pl'; + +$debug=0; + +# this was the 0.4.x way of doing things ... +$cmd="derparse"; +$x509_cmd="x509"; +$crl_cmd="crl"; +$rc4_cmd="rc4"; +$md2_cmd="md2"; +$md4_cmd="md4"; +$rsa_cmd="rsa -des -inform der "; + +# this was the 0.5.x way of doing things ... +$cmd="openssl asn1parse"; +$x509_cmd="openssl x509"; +$crl_cmd="openssl crl"; +$rc4_cmd="openssl rc4"; +$md2_cmd="openssl md2"; +$md4_cmd="openssl md4"; +$rsa_cmd="openssl rsa -des -inform der "; + +&Getopts('vd:') || die "usage:$0 [-v] [-d num] file"; +$depth=($opt_d =~ /^\d+$/)?$opt_d:0; + +&init_der(); + +if ($#ARGV != -1) + { + foreach $file (@ARGV) + { + print STDERR "doing $file\n"; + &dofile($file); + } + } +else + { + $file="/tmp/a$$.DER"; + open(OUT,">$file") || die "unable to open $file:$!\n"; + for (;;) + { + $i=sysread(STDIN,$b,1024*10); + last if ($i <= 0); + $i=syswrite(OUT,$b,$i); + } + &dofile($file); + unlink($file); + } + +sub dofile + { + local($file)=@_; + local(@p); + + $b=&load_file($file); + @p=&load_file_parse($file); + + foreach $_ (@p) + { + ($off,$d,$hl,$len)=&parse_line($_); + $d-=$depth; + next if ($d != 0); + next if ($len == 0); + + $o=substr($b,$off,$len+$hl); + ($str,@data)=&der_str($o); + print "$str\n" if ($opt_v); + if ($str =~ /^$crl/) + { + open(OUT,"|$crl_cmd -inform d -hash -issuer") || + die "unable to run $crl_cmd:$!\n"; + print OUT $o; + close(OUT); + } + elsif ($str =~ /^$x509/) + { + open(OUT,"|$x509_cmd -inform d -hash -subject -issuer") + || die "unable to run $x509_cmd:$!\n"; + print OUT $o; + close(OUT); + } + elsif ($str =~ /^$rsa/) + { + ($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/); + next unless ($type eq "rsaEncryption"); + ($off,$d,$hl,$len)=&parse_line($data[5]); + $os=substr($o,$off+$hl,$len); + open(OUT,"|$rsa_cmd") + || die "unable to run $rsa_cmd:$!\n"; + print OUT $os; + close(OUT); + } + elsif ($str =~ /^0G-1D-1G/) + { + ($off,$d,$hl,$len)=&parse_line($data[1]); + $os=substr($o,$off+$hl,$len); + print STDERR "<$os>\n" if $opt_v; + &do_certificate($o,@data) + if (($os eq "certificate") && + ($str =! /^0G-1D-1G-2G-3F-3E-2D/)); + &do_private_key($o,@data) + if (($os eq "private-key") && + ($str =! /^0G-1D-1G-2G-3F-3E-2D/)); + } + } + } + +sub der_str + { + local($str)=@_; + local(*OUT,*IN,@a,$t,$d,$ret); + local($file)="/tmp/b$$.DER"; + local(@ret); + + open(OUT,">$file"); + print OUT $str; + close(OUT); + open(IN,"$cmd -inform 'd' -in $file |") || + die "unable to run $cmd:$!\n"; + $ret=""; + while (<IN>) + { + chop; + push(@ret,$_); + + print STDERR "$_\n" if ($debug); + + @a=split(/\s*:\s*/); + ($d)=($a[1] =~ /d=\s*(\d+)/); + $a[2] =~ s/\s+$//; + $t=$DER_s2i{$a[2]}; + $ret.="$d$t-"; + } + close(IN); + unlink($file); + chop $ret; + $ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g; + $ret =~ s/(-3G-4B-4L)+/-RCERT/g; + return($ret,@ret); + } + +sub init_der + { + $crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C"; + $x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C"; + $rsa= "0G-1B-1G-2F-2E-1D"; + + %DER_i2s=( + # SSLeay 0.4.x has this list + "A","EOC", + "B","INTEGER", + "C","BIT STRING", + "D","OCTET STRING", + "E","NULL", + "F","OBJECT", + "G","SEQUENCE", + "H","SET", + "I","PRINTABLESTRING", + "J","T61STRING", + "K","IA5STRING", + "L","UTCTIME", + "M","NUMERICSTRING", + "N","VIDEOTEXSTRING", + "O","GENERALIZEDTIME", + "P","GRAPHICSTRING", + "Q","ISO64STRING", + "R","GENERALSTRING", + "S","UNIVERSALSTRING", + + # SSLeay 0.5.x changed some things ... and I'm + # leaving in the old stuff but adding in these + # to handle the new as well --tjh + # - Well I've just taken them out and added the extra new + # ones :-) - eay + ); + + foreach (keys %DER_i2s) + { $DER_s2i{$DER_i2s{$_}}=$_; } + } + +sub parse_line + { + local($_)=@_; + + return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/); + } + +# 0:d=0 hl=4 l=377 cons: univ: SEQUENCE +# 4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING +# 17:d=1 hl=4 l=360 cons: univ: SEQUENCE +# 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE +# 23:d=3 hl=2 l= 8 prim: univ: OBJECT_IDENTIFIER :rc4 +# 33:d=3 hl=2 l= 0 prim: univ: NULL +# 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING +sub do_private_key + { + local($data,@struct)=@_; + local($file)="/tmp/b$$.DER"; + local($off,$d,$hl,$len,$_,$b,@p,$s); + + ($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/); + if ($type eq "rc4") + { + ($off,$d,$hl,$len)=&parse_line($struct[6]); + open(OUT,"|$rc4_cmd >$file") || + die "unable to run $rc4_cmd:$!\n"; + print OUT substr($data,$off+$hl,$len); + close(OUT); + + $b=&load_file($file); + unlink($file); + + ($s,@p)=&der_str($b); + die "unknown rsa key type\n$s\n" + if ($s ne '0G-1B-1G-2F-2E-1D'); + local($off,$d,$hl,$len)=&parse_line($p[5]); + $b=substr($b,$off+$hl,$len); + ($s,@p)=&der_str($b); + open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n"; + print OUT $b; + close(OUT); + } + else + { + print "'$type' is unknown\n"; + exit(1); + } + } + +sub do_certificate + { + local($data,@struct)=@_; + local($file)="/tmp/b$$.DER"; + local($off,$d,$hl,$len,$_,$b,@p,$s); + + ($off,$d,$hl,$len)=&parse_line($struct[2]); + $b=substr($data,$off,$len+$hl); + + open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n"; + print OUT $b; + close(OUT); + } + +sub load_file + { + local($file)=@_; + local(*IN,$r,$b,$i); + + $r=""; + open(IN,"<$file") || die "unable to open $file:$!\n"; + for (;;) + { + $i=sysread(IN,$b,10240); + last if ($i <= 0); + $r.=$b; + } + close(IN); + return($r); + } + +sub load_file_parse + { + local($file)=@_; + local(*IN,$r,@ret,$_,$i,$n,$b); + + open(IN,"$cmd -inform d -in $file|") + || die "unable to run der_parse\n"; + while (<IN>) + { + chop; + push(@ret,$_); + } + return($r,@ret); + } + |
