version 1.3, 2015/07/08 16:37:25 |
version 1.4, 2015/07/11 15:04:56 |
|
|
|
|
#define DEFBITS 2048 |
#define DEFBITS 2048 |
|
|
/* -inform arg - input format - default PEM (DER or PEM) |
struct { |
* -outform arg - output format - default PEM |
int C; |
* -in arg - input file - default stdin |
int check; |
* -out arg - output file - default stdout |
int dsaparam; |
* -dsaparam - read or generate DSA parameters, convert to DH |
#ifndef OPENSSL_NO_ENGINE |
* -check - check the parameters are ok |
char *engine; |
* -noout |
#endif |
* -text |
int g; |
* -C |
char *infile; |
*/ |
int informat; |
|
int noout; |
|
char *outfile; |
|
int outformat; |
|
int text; |
|
} dhparam_config; |
|
|
|
struct option dhparam_options[] = { |
|
{ |
|
.name = "2", |
|
.desc = "Generate DH parameters with a generator value of 2 " |
|
"(default)", |
|
.type = OPTION_VALUE, |
|
.opt.value = &dhparam_config.g, |
|
.value = 2, |
|
}, |
|
{ |
|
.name = "5", |
|
.desc = "Generate DH parameters with a generator value of 5", |
|
.type = OPTION_VALUE, |
|
.opt.value = &dhparam_config.g, |
|
.value = 5, |
|
}, |
|
{ |
|
.name = "C", |
|
.desc = "Convert DH parameters into C code", |
|
.type = OPTION_FLAG, |
|
.opt.flag = &dhparam_config.C, |
|
}, |
|
{ |
|
.name = "check", |
|
.desc = "Check the DH parameters", |
|
.type = OPTION_FLAG, |
|
.opt.flag = &dhparam_config.check, |
|
}, |
|
{ |
|
.name = "dsaparam", |
|
.desc = "Read or generate DSA parameters and convert to DH", |
|
.type = OPTION_FLAG, |
|
.opt.flag = &dhparam_config.dsaparam, |
|
}, |
|
#ifndef OPENSSL_NO_ENGINE |
|
{ |
|
.name = "engine", |
|
.argname = "id", |
|
.desc = "Use the engine specified by the given identifier", |
|
.type = OPTION_ARG, |
|
.opt.arg = &dhparam_config.engine, |
|
}, |
|
#endif |
|
{ |
|
.name = "in", |
|
.argname = "file", |
|
.desc = "Input file (default stdin)", |
|
.type = OPTION_ARG, |
|
.opt.arg = &dhparam_config.infile, |
|
}, |
|
{ |
|
.name = "inform", |
|
.argname = "format", |
|
.desc = "Input format (DER or PEM (default))", |
|
.type = OPTION_ARG_FORMAT, |
|
.opt.value = &dhparam_config.informat, |
|
}, |
|
{ |
|
.name = "noout", |
|
.desc = "Do not output encoded version of DH parameters", |
|
.type = OPTION_FLAG, |
|
.opt.flag = &dhparam_config.noout, |
|
}, |
|
{ |
|
.name = "out", |
|
.argname = "file", |
|
.desc = "Output file (default stdout)", |
|
.type = OPTION_ARG, |
|
.opt.arg = &dhparam_config.outfile, |
|
}, |
|
{ |
|
.name = "outform", |
|
.argname = "format", |
|
.desc = "Output format (DER or PEM (default))", |
|
.type = OPTION_ARG_FORMAT, |
|
.opt.value = &dhparam_config.outformat, |
|
}, |
|
{ |
|
.name = "text", |
|
.desc = "Print DH parameters in plain text", |
|
.type = OPTION_FLAG, |
|
.opt.flag = &dhparam_config.text, |
|
}, |
|
{ NULL }, |
|
}; |
|
|
|
static void |
|
dhparam_usage() |
|
{ |
|
fprintf(stderr, |
|
"usage: dhparam [-2 | -5] [-C] [-check] [-dsaparam] [-engine id]\n" |
|
" [-in file] [-inform DER | PEM] [-noout] [-out file]\n" |
|
" [-outform DER | PEM] [-text] [numbits]\n\n"); |
|
options_usage(dhparam_options); |
|
} |
|
|
static int dh_cb(int p, int n, BN_GENCB * cb); |
static int dh_cb(int p, int n, BN_GENCB * cb); |
|
|
int dhparam_main(int, char **); |
int dhparam_main(int, char **); |
|
|
int |
int |
dhparam_main(int argc, char **argv) |
dhparam_main(int argc, char **argv) |
{ |
{ |
DH *dh = NULL; |
|
int i, badops = 0, text = 0; |
|
int dsaparam = 0; |
|
BIO *in = NULL, *out = NULL; |
BIO *in = NULL, *out = NULL; |
int informat, outformat, check = 0, noout = 0, C = 0, ret = 1; |
char *num_bits = NULL; |
char *infile, *outfile, *prog; |
DH *dh = NULL; |
#ifndef OPENSSL_NO_ENGINE |
int num = 0; |
char *engine = NULL; |
int ret = 1; |
#endif |
int i; |
int num = 0, g = 0; |
|
|
|
infile = NULL; |
memset(&dhparam_config, 0, sizeof(dhparam_config)); |
outfile = NULL; |
|
informat = FORMAT_PEM; |
|
outformat = FORMAT_PEM; |
|
|
|
prog = argv[0]; |
dhparam_config.informat = FORMAT_PEM; |
argc--; |
dhparam_config.outformat = FORMAT_PEM; |
argv++; |
|
while (argc >= 1) { |
if (options_parse(argc, argv, dhparam_options, &num_bits, NULL) != 0) { |
if (strcmp(*argv, "-inform") == 0) { |
dhparam_usage(); |
if (--argc < 1) |
return (1); |
goto bad; |
|
informat = str2fmt(*(++argv)); |
|
} else if (strcmp(*argv, "-outform") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
outformat = str2fmt(*(++argv)); |
|
} else if (strcmp(*argv, "-in") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
infile = *(++argv); |
|
} else if (strcmp(*argv, "-out") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
outfile = *(++argv); |
|
} |
|
#ifndef OPENSSL_NO_ENGINE |
|
else if (strcmp(*argv, "-engine") == 0) { |
|
if (--argc < 1) |
|
goto bad; |
|
engine = *(++argv); |
|
} |
|
#endif |
|
else if (strcmp(*argv, "-check") == 0) |
|
check = 1; |
|
else if (strcmp(*argv, "-text") == 0) |
|
text = 1; |
|
else if (strcmp(*argv, "-dsaparam") == 0) |
|
dsaparam = 1; |
|
else if (strcmp(*argv, "-C") == 0) |
|
C = 1; |
|
else if (strcmp(*argv, "-noout") == 0) |
|
noout = 1; |
|
else if (strcmp(*argv, "-2") == 0) |
|
g = 2; |
|
else if (strcmp(*argv, "-5") == 0) |
|
g = 5; |
|
else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0))) |
|
goto bad; |
|
argv++; |
|
argc--; |
|
} |
} |
|
|
if (badops) { |
if (num_bits != NULL) { |
bad: |
if(sscanf(num_bits, "%d", &num) == 0 || num <= 0) { |
BIO_printf(bio_err, "%s [options] [numbits]\n", prog); |
BIO_printf(bio_err, "invalid number of bits: %s\n", |
BIO_printf(bio_err, "where options are\n"); |
num_bits); |
BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n"); |
return (1); |
BIO_printf(bio_err, " -outform arg output format - one of DER PEM\n"); |
} |
BIO_printf(bio_err, " -in arg input file\n"); |
|
BIO_printf(bio_err, " -out arg output file\n"); |
|
BIO_printf(bio_err, " -dsaparam read or generate DSA parameters, convert to DH\n"); |
|
BIO_printf(bio_err, " -check check the DH parameters\n"); |
|
BIO_printf(bio_err, " -text print a text form of the DH parameters\n"); |
|
BIO_printf(bio_err, " -C Output C code\n"); |
|
BIO_printf(bio_err, " -2 generate parameters using 2 as the generator value\n"); |
|
BIO_printf(bio_err, " -5 generate parameters using 5 as the generator value\n"); |
|
BIO_printf(bio_err, " numbits number of bits in to generate (default 2048)\n"); |
|
#ifndef OPENSSL_NO_ENGINE |
|
BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n"); |
|
#endif |
|
BIO_printf(bio_err, " -noout no output\n"); |
|
goto end; |
|
} |
} |
|
|
#ifndef OPENSSL_NO_ENGINE |
#ifndef OPENSSL_NO_ENGINE |
setup_engine(bio_err, engine, 0); |
setup_engine(bio_err, dhparam_config.engine, 0); |
#endif |
#endif |
|
|
if (g && !num) |
if (dhparam_config.g && !num) |
num = DEFBITS; |
num = DEFBITS; |
|
|
if (dsaparam) { |
if (dhparam_config.dsaparam) { |
if (g) { |
if (dhparam_config.g) { |
BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n"); |
BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n"); |
goto end; |
goto end; |
} |
} |
} else |
} else { |
{ |
|
/* DH parameters */ |
/* DH parameters */ |
if (num && !g) |
if (num && !dhparam_config.g) |
g = 2; |
dhparam_config.g = 2; |
} |
} |
|
|
if (num) { |
if (num) { |
|
|
BN_GENCB cb; |
BN_GENCB cb; |
BN_GENCB_set(&cb, dh_cb, bio_err); |
BN_GENCB_set(&cb, dh_cb, bio_err); |
if (dsaparam) { |
if (dhparam_config.dsaparam) { |
DSA *dsa = DSA_new(); |
DSA *dsa = DSA_new(); |
|
|
BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num); |
BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n", num); |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
} else |
} else { |
{ |
|
dh = DH_new(); |
dh = DH_new(); |
BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, g); |
BIO_printf(bio_err, "Generating DH parameters, %d bit long safe prime, generator %d\n", num, dhparam_config.g); |
BIO_printf(bio_err, "This is going to take a long time\n"); |
BIO_printf(bio_err, "This is going to take a long time\n"); |
if (!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) { |
if (!dh || !DH_generate_parameters_ex(dh, num, dhparam_config.g, &cb)) { |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (infile == NULL) |
if (dhparam_config.infile == NULL) |
BIO_set_fp(in, stdin, BIO_NOCLOSE); |
BIO_set_fp(in, stdin, BIO_NOCLOSE); |
else { |
else { |
if (BIO_read_filename(in, infile) <= 0) { |
if (BIO_read_filename(in, dhparam_config.infile) <= 0) { |
perror(infile); |
perror(dhparam_config.infile); |
goto end; |
goto end; |
} |
} |
} |
} |
|
|
if (informat != FORMAT_ASN1 && informat != FORMAT_PEM) { |
if (dhparam_config.informat != FORMAT_ASN1 && |
|
dhparam_config.informat != FORMAT_PEM) { |
BIO_printf(bio_err, "bad input format specified\n"); |
BIO_printf(bio_err, "bad input format specified\n"); |
goto end; |
goto end; |
} |
} |
if (dsaparam) { |
if (dhparam_config.dsaparam) { |
DSA *dsa; |
DSA *dsa; |
|
|
if (informat == FORMAT_ASN1) |
if (dhparam_config.informat == FORMAT_ASN1) |
dsa = d2i_DSAparams_bio(in, NULL); |
dsa = d2i_DSAparams_bio(in, NULL); |
else /* informat == FORMAT_PEM */ |
else /* informat == FORMAT_PEM */ |
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); |
dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL); |
|
|
} |
} |
} else |
} else |
{ |
{ |
if (informat == FORMAT_ASN1) |
if (dhparam_config.informat == FORMAT_ASN1) |
dh = d2i_DHparams_bio(in, NULL); |
dh = d2i_DHparams_bio(in, NULL); |
else /* informat == FORMAT_PEM */ |
else /* informat == FORMAT_PEM */ |
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); |
dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL); |
|
|
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
} |
} |
if (outfile == NULL) { |
if (dhparam_config.outfile == NULL) { |
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
BIO_set_fp(out, stdout, BIO_NOCLOSE); |
} else { |
} else { |
if (BIO_write_filename(out, outfile) <= 0) { |
if (BIO_write_filename(out, dhparam_config.outfile) <= 0) { |
perror(outfile); |
perror(dhparam_config.outfile); |
goto end; |
goto end; |
} |
} |
} |
} |
|
|
|
|
if (text) { |
if (dhparam_config.text) { |
DHparams_print(out, dh); |
DHparams_print(out, dh); |
} |
} |
if (check) { |
if (dhparam_config.check) { |
if (!DH_check(dh, &i)) { |
if (!DH_check(dh, &i)) { |
ERR_print_errors(bio_err); |
ERR_print_errors(bio_err); |
goto end; |
goto end; |
|
|
if (i == 0) |
if (i == 0) |
printf("DH parameters appear to be ok.\n"); |
printf("DH parameters appear to be ok.\n"); |
} |
} |
if (C) { |
if (dhparam_config.C) { |
unsigned char *data; |
unsigned char *data; |
int len, l, bits; |
int len, l, bits; |
|
|
|
|
printf("\treturn(dh);\n\t}\n"); |
printf("\treturn(dh);\n\t}\n"); |
free(data); |
free(data); |
} |
} |
if (!noout) { |
if (!dhparam_config.noout) { |
if (outformat == FORMAT_ASN1) |
if (dhparam_config.outformat == FORMAT_ASN1) |
i = i2d_DHparams_bio(out, dh); |
i = i2d_DHparams_bio(out, dh); |
else if (outformat == FORMAT_PEM) |
else if (dhparam_config.outformat == FORMAT_PEM) |
i = PEM_write_bio_DHparams(out, dh); |
i = PEM_write_bio_DHparams(out, dh); |
else { |
else { |
BIO_printf(bio_err, "bad output format specified for outfile\n"); |
BIO_printf(bio_err, "bad output format specified for outfile\n"); |