From 5fb66a7a5402e48337bff755fff16c423196a13d Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 15 Jul 2017 17:52:03 +0100
Subject: [PATCH] @@@ ktype.openssl

Missing profile, Makefile hacking.  probably float.
---
 keyfunc.sh.in |  13 ++++++
 ktype.openssl | 134 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 147 insertions(+)
 create mode 100644 ktype.openssl

diff --git a/keyfunc.sh.in b/keyfunc.sh.in
index dca8dee..c68fec1 100644
--- a/keyfunc.sh.in
+++ b/keyfunc.sh.in
@@ -187,6 +187,19 @@ checkident () { check "$1" "$R_IDENT" "$2"; }
 checkword () { check "$1" "$R_WORD" "$2"; }
 checklabel () { check "$1 label" "$R_LABEL" "$2"; }
 
+## Boolean canonification.
+boolify () {
+  var=$1 what=$2
+
+  eval v=\$$var
+  case $v in
+    1 | y | yes | on | t | true) v=t ;;
+    0 | n | no | off | f | false | nil) v=nil ;;
+    *) echo >&2 "$quis: bad boolean $what \`$v'"; exit 1 ;;
+  esac
+  eval $var=\$v
+}
+
 ###--------------------------------------------------------------------------
 ### Key storage and properties.
 
diff --git a/ktype.openssl b/ktype.openssl
new file mode 100644
index 0000000..b058dbd
--- /dev/null
+++ b/ktype.openssl
@@ -0,0 +1,134 @@
+### -*-sh-*-
+###
+### Key type for OpenSSL
+###
+### (c) 2015 Mark Wooding
+###
+
+###----- Licensing notice ---------------------------------------------------
+###
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
+### it under the terms of the GNU General Public License as published by
+### the Free Software Foundation; either version 2 of the License, or
+### (at your option) any later version.
+###
+### distorted-keys is distributed in the hope that it will be useful,
+### but WITHOUT ANY WARRANTY; without even the implied warranty of
+### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+### GNU General Public License for more details.
+###
+### You should have received a copy of the GNU General Public License
+### along with distorted-keys; if not, write to the Free Software Foundation,
+### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+R_OPT="$R_IDENT:$R_IDENT"
+R_OPTSEQ="$R_OPT\([[:space:]][[:space:]]*$R_OPT\)*"
+
+R_TYPE="[$R_IDENTCHARS[:space:]][$R_IDENTCHARS[:space:]]*"
+R_BASE64="[a-zA-Z0-9+/]*=*"
+R_PARAMS="$R_TYPE:$R_BASE64"
+
+defprops k_props <<EOF
+algorithm		t	$R_WORD
+opts			t	$R_OPTSEQ
+params			t	$R_PARAMS
+fresh_params_p		t	$R_IDENT
+cipher			t	$R_WORD
+sig_opts		t	$R_OPTSEQ
+enc_opts		t	$R_OPTSEQ
+EOF
+
+: ${kprop_cipher=aes-256-cbc}
+: ${kprop_fresh_params_p=nil}; boolify kprop_fresh_params_p
+have_opts_p=${kprop_opts+t}${kprop_opts-nil}
+have_params_p=${kprop_params+t}${kprop_params-nil}
+have_alg_p=${kprop_algorithm+t}${kprop_algorithm-nil}
+
+pem_to_line () {
+  ## Read an OpenSSL PEM file from stdin and write a condensed one-line
+  ## version to stdout.
+  sed '/^-----BEGIN \(.*\)-----$/s//\1:/; /^-----END .*-----$/d' |
+  tr -d '\n'
+}
+
+line_to_pem () {
+  line=$1
+  ## Write to stdout an OpenSSL PEM file corresponding to LINE.
+
+  ty=${line%%:*}
+  echo "-----BEGIN $ty-----"
+  echo "${line#*:}" | fold -w64
+  echo "-----END $ty-----";
+}
+
+intersperse_opts () {
+  flag=$1 opts=$2
+
+  args= sep=
+  for i in $opts; do args="$args$sep$flag $i" sep=" "; done
+  echo "$args"
+}
+
+k_generate() {
+  base=$1 nub=$2
+
+  ## Convert the options into OpenSSL command-line options.
+  opts=$(intersperse_opts -pkeyopt "$kprop_opts")
+
+  ## Prepare our ducks, ensuring that they're collinear.
+  case $have_params_p,$have_alg_p,$kprop_fresh_params_p,$have_opts_p in
+    t,nil,nil,nil)
+      line_to_pem "$kprop_params" >$TMP/param
+      args="-paramfile $TMP/param"
+      ;;
+    nil,t,t,*)
+      openssl genpkey -genparam -algorithm $kprop_algorithm $opts >$TMP/param
+      args="-paramfile $TMP/param"
+      ;;
+    nil,t,nil,*)
+      args="-algorithm $kprop_algorithm $opts"
+      ;;
+    *)
+      echo >&2 "$quis: invalid combination of properties"
+      exit 1
+      ;;
+  esac
+
+  ## Generate the private key.
+  openssl -cipher $kprop_cipher -pass file:"$nub" -out "$base/priv"
+
+  ## Extract the public key.
+  openssl -passin file:"$nub" -in "$base/priv" -pubout "$base/pub"
+}
+
+k_encrypt () {
+  base=$1
+
+  openssl pkeyutl -encrypt -pubin -inkey "$base/pub" \
+    $(intersperse_opts -pkeyopt "$kprop_enc_opts")
+}
+
+k_decrypt () {
+  base=$1 nub=$2
+
+  openssl pkeyutl -decrypt -passin file:"$nub" -inkey "$base/priv"
+}
+
+k_sign () {
+  base=$1 nub=$2
+
+  openssl pkeyutl -sign -passin file:"$nub" -inkey "$base/priv" \
+    $(intersperse_opts -pkeyopt "$kprop_sig_opts") >$TMP/sig
+  pem_to_line <$TMP/sig
+}
+
+k_verify () {
+  base=$1 sig=$3
+
+  line_to_pem "$3" >$TMP/sig
+  openssl pkeyutl -verify -pubin -inkey "$base/pub" -sigfile $TMP/sig
+}
+
+###----- That's all, folks --------------------------------------------------
-- 
2.11.0