Merge pull request #145 from aidangarske/pubinout_rsa

`clu_rsa.c` -pubout and -pubin support for RSA

src/pkey/clu_rsa.c

@@ -36,7 +36,9 @@ static const struct option rsa_options[] = {
     {"-passin",    required_argument, 0, WOLFCLU_PASSWORD  },
     {"-noout",     no_argument,       0, WOLFCLU_NOOUT     },
     {"-modulus",   no_argument,       0, WOLFCLU_MODULUS   },
-    {"-RSAPublicKey_in", no_argument, 0, WOLFCLU_RSAPUBIN  },
+    {"-RSAPublicKey_in", no_argument, 0, WOLFCLU_PUBIN     },
+    {"-pubin",     no_argument,       0, WOLFCLU_PUBIN     },
+    {"-pubout",    no_argument,       0, WOLFCLU_PUBOUT    },
     {"-help",      no_argument,       0, WOLFCLU_HELP      },
     {"-h",         no_argument,       0, WOLFCLU_HELP      },
 
@@ -55,6 +57,8 @@ static void wolfCLU_RSAHelp(void)
     WOLFCLU_LOG(WOLFCLU_L0, "\t-noout do not print the key out when set");
     WOLFCLU_LOG(WOLFCLU_L0, "\t-modulus print out the RSA modulus (n value)");
     WOLFCLU_LOG(WOLFCLU_L0, "\t-RSAPublicKey_in expecting a public key input");
+    WOLFCLU_LOG(WOLFCLU_L0, "\t-pubin expecting a public key input");
+    WOLFCLU_LOG(WOLFCLU_L0, "\t-pubout expecting a public key output");
 }
 #endif /* WOLFCLU_NO_FILESYSTEM */
 
@@ -68,7 +72,8 @@ int wolfCLU_RSA(int argc, char** argv)
     int inForm  = PEM_FORM;
     int outForm = PEM_FORM;
     int printModulus = 0;
-    int pubOnly = 0;
+    int pubIn = 0;
+    int pubOut = 0;
     int noOut = 0;
     int option;
     int longIndex = 1;
@@ -117,8 +122,13 @@ int wolfCLU_RSA(int argc, char** argv)
                 printModulus = 1;
                 break;
 
-            case WOLFCLU_RSAPUBIN:
-                pubOnly = 1;
+            case WOLFCLU_PUBIN:
+                pubIn = 1;
+                pubOut = 1;
+                break;
+
+            case WOLFCLU_PUBOUT:
+                pubOut = 1;
                 break;
 
             case WOLFCLU_NOOUT:
@@ -142,15 +152,15 @@ int wolfCLU_RSA(int argc, char** argv)
     /* read in the RSA key */
     if (ret == WOLFCLU_SUCCESS && bioIn != NULL) {
         if (inForm == PEM_FORM) {
-            if (pubOnly) {
+            if (pubIn) {
                 rsa = wolfSSL_PEM_read_bio_RSA_PUBKEY(bioIn, NULL, NULL, pass);
             }
             else {
                 rsa = wolfSSL_PEM_read_bio_RSAPrivateKey(bioIn, NULL, NULL, pass);
             }
         }
         else {
-            if (pubOnly) {
+            if (pubIn) {
                 unsigned char *der;
                 const unsigned char **pp;
                 long derSz;
@@ -207,7 +217,7 @@ int wolfCLU_RSA(int argc, char** argv)
         int pemType;
         int heapType;
 
-        if (pubOnly) {
+        if (pubOut) {
             heapType = DYNAMIC_TYPE_PUBLIC_KEY;
             pemType  = PUBLICKEY_TYPE;
 

tests/pkey/rsa-test.sh

@@ -36,6 +36,7 @@ run_fail() {
     fi
 }
 
+# Test PEM to PEM conversion
 run "rsa -in ./certs/server-key.pem -outform PEM -out test-rsa.pem"
 diff "./certs/server-key.pem" "test-rsa.pem" &> /dev/null
 if [ $? == 1 ]; then
@@ -44,6 +45,7 @@ if [ $? == 1 ]; then
 fi
 rm -f test-rsa.pem
 
+# Test PEM to DER conversion
 run "rsa -in ./certs/server-key.pem -outform DER -out test-rsa.der"
 diff "./certs/server-key.der" "test-rsa.der" &> /dev/null
 if [ $? == 1 ]; then
@@ -52,29 +54,46 @@ if [ $? == 1 ]; then
 fi
 rm -f test-rsa.der
 
+# Test failures
 run_fail "rsa -in ./certs/server-cert.pem"
+
+# Test failures for -RSAPublicKey_in
+run_fail "rsa -in ./certs/server-cert.pem -RSAPublicKey_in"
 run_fail "rsa -in ./certs/server-key.pem -RSAPublicKey_in"
 
+# Test failures for -pubin
+run_fail "rsa -in ./certs/server-cert.pem -pubin"
+run_fail "rsa -in ./certs/server-key.pem -pubin"
+
+# Test success cases for -RSAPublicKey_in
 run "rsa -in ./certs/server-keyPub.pem -RSAPublicKey_in"
 run "rsa -in ./certs/server-keyEnc.pem -passin pass:yassl123"
 run_fail "rsa -in ./certs/server-keyEnc.pem -passin pass:yassl12"
 
 run "rsa -in ./certs/server-keyEnc.pem -passin pass:yassl123 -noout -modulus"
 
-#check that modulus was printed
+# Test success cases for -pubin
+run "rsa -in ./certs/server-keyPub.pem -pubin"
+run "rsa -in ./certs/server-keyEnc.pem -passin pass:yassl123"
+run_fail "rsa -in ./certs/server-keyEnc.pem -passin pass:yassl12"
+
+run "rsa -in ./certs/server-keyEnc.pem -passin pass:yassl123 -noout -modulus"
+
+# Check that modulus was printed
 echo $RESULT | grep "Modulus"
 if [ $? != 0 ]; then
     echo "ERROR with -modulus option"
     exit 99
 fi
 
-#check that key was not printed
+# Check that key was not printed
 echo $RESULT | grep "BEGIN"
 if [ $? == 0 ]; then
     echo "ERROR found a key with -modulus option"
     exit 99
 fi
 
+# Expexted result -RSAPublicKey_in
 run "rsa -in ./certs/server-keyPub.pem -RSAPublicKey_in"
 EXPECTED="-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScB
@@ -86,7 +105,24 @@ oXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t
 1wIDAQAB
 -----END PUBLIC KEY-----"
 if [ "$RESULT" != "$EXPECTED" ]; then
-    echo "unexpected text output found"
+    echo "unexpected text output found for -RSAPublicKey_in"
+    echo "$RESULT"
+    exit 99
+fi
+
+# Expexted result -pubin
+run "rsa -in ./certs/server-keyPub.pem -pubin"
+EXPECTED1="-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScB
+ZcZFrvK8JDC4lc4vTtb2HIi8fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8
+yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF
+9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1m
+UQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOV
+oXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t
+1wIDAQAB
+-----END PUBLIC KEY-----"
+if [ "$RESULT" != "$EXPECTED1" ]; then
+    echo "unexpected text output found for -pubin"
     echo "$RESULT"
     exit 99
 fi

wolfclu/clu_optargs.h

@@ -59,7 +59,6 @@ enum {
     WOLFCLU_PASSWORD,
     WOLFCLU_PASSWORD_OUT,
     WOLFCLU_PASSWORD_SOURCE,
-    WOLFCLU_RSAPUBIN,
     WOLFCLU_MODULUS,
     WOLFCLU_KEY,
     WOLFCLU_IV,