Annotation of src/usr.bin/openssl/genpkey.c, Revision 1.6
1.6 ! doug 1: /* $OpenBSD: genpkey.c,v 1.5 2015/09/11 14:30:23 bcook Exp $ */
1.1 jsing 2: /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3: * project 2006
4: */
5: /* ====================================================================
6: * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: *
12: * 1. Redistributions of source code must retain the above copyright
13: * notice, this list of conditions and the following disclaimer.
14: *
15: * 2. Redistributions in binary form must reproduce the above copyright
16: * notice, this list of conditions and the following disclaimer in
17: * the documentation and/or other materials provided with the
18: * distribution.
19: *
20: * 3. All advertising materials mentioning features or use of this
21: * software must display the following acknowledgment:
22: * "This product includes software developed by the OpenSSL Project
23: * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24: *
25: * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26: * endorse or promote products derived from this software without
27: * prior written permission. For written permission, please contact
28: * licensing@OpenSSL.org.
29: *
30: * 5. Products derived from this software may not be called "OpenSSL"
31: * nor may "OpenSSL" appear in their names without prior written
32: * permission of the OpenSSL Project.
33: *
34: * 6. Redistributions of any form whatsoever must retain the following
35: * acknowledgment:
36: * "This product includes software developed by the OpenSSL Project
37: * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38: *
39: * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40: * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42: * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50: * OF THE POSSIBILITY OF SUCH DAMAGE.
51: * ====================================================================
52: *
53: * This product includes cryptographic software written by Eric Young
54: * (eay@cryptsoft.com). This product includes software written by Tim
55: * Hudson (tjh@cryptsoft.com).
56: *
57: */
58:
59: #include <stdio.h>
60: #include <string.h>
61:
62: #include "apps.h"
63:
64: #include <openssl/err.h>
65: #include <openssl/evp.h>
66: #include <openssl/pem.h>
67:
68: static int
1.5 bcook 69: init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx, const char *file);
1.1 jsing 70: static int genpkey_cb(EVP_PKEY_CTX * ctx);
71:
72: int
73: genpkey_main(int argc, char **argv)
74: {
75: char **args, *outfile = NULL;
76: char *passarg = NULL;
77: BIO *in = NULL, *out = NULL;
78: const EVP_CIPHER *cipher = NULL;
79: int outformat;
80: int text = 0;
81: EVP_PKEY *pkey = NULL;
82: EVP_PKEY_CTX *ctx = NULL;
83: char *pass = NULL;
84: int badarg = 0;
85: int ret = 1, rv;
86:
87: int do_param = 0;
1.6 ! doug 88:
! 89: if (single_execution) {
! 90: if (pledge("stdio rpath wpath cpath", NULL) == -1)
! 91: perror("pledge");
! 92: }
1.1 jsing 93:
94: outformat = FORMAT_PEM;
95:
96: args = argv + 1;
97: while (!badarg && *args && *args[0] == '-') {
98: if (!strcmp(*args, "-outform")) {
99: if (args[1]) {
100: args++;
101: outformat = str2fmt(*args);
102: } else
103: badarg = 1;
104: } else if (!strcmp(*args, "-pass")) {
105: if (!args[1])
106: goto bad;
107: passarg = *(++args);
108: }
109: else if (!strcmp(*args, "-paramfile")) {
110: if (!args[1])
111: goto bad;
112: args++;
113: if (do_param == 1)
114: goto bad;
1.5 bcook 115: if (!init_keygen_file(bio_err, &ctx, *args))
1.1 jsing 116: goto end;
117: } else if (!strcmp(*args, "-out")) {
118: if (args[1]) {
119: args++;
120: outfile = *args;
121: } else
122: badarg = 1;
123: } else if (strcmp(*args, "-algorithm") == 0) {
124: if (!args[1])
125: goto bad;
1.5 bcook 126: if (!init_gen_str(bio_err, &ctx, *(++args), do_param))
1.1 jsing 127: goto end;
128: } else if (strcmp(*args, "-pkeyopt") == 0) {
129: if (!args[1])
130: goto bad;
131: if (!ctx) {
132: BIO_puts(bio_err, "No keytype specified\n");
133: goto bad;
134: } else if (pkey_ctrl_string(ctx, *(++args)) <= 0) {
135: BIO_puts(bio_err, "parameter setting error\n");
136: ERR_print_errors(bio_err);
137: goto end;
138: }
139: } else if (strcmp(*args, "-genparam") == 0) {
140: if (ctx)
141: goto bad;
142: do_param = 1;
143: } else if (strcmp(*args, "-text") == 0)
144: text = 1;
145: else {
146: cipher = EVP_get_cipherbyname(*args + 1);
147: if (!cipher) {
148: BIO_printf(bio_err, "Unknown cipher %s\n",
149: *args + 1);
150: badarg = 1;
151: }
152: if (do_param == 1)
153: badarg = 1;
154: }
155: args++;
156: }
157:
158: if (!ctx)
159: badarg = 1;
160:
161: if (badarg) {
162: bad:
163: BIO_printf(bio_err, "Usage: genpkey [options]\n");
164: BIO_printf(bio_err, "where options may be\n");
165: BIO_printf(bio_err, "-out file output file\n");
166: BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
167: BIO_printf(bio_err, "-pass arg output file pass phrase source\n");
168: BIO_printf(bio_err, "-<cipher> use cipher <cipher> to encrypt the key\n");
169: BIO_printf(bio_err, "-paramfile file parameters file\n");
170: BIO_printf(bio_err, "-algorithm alg the public key algorithm\n");
171: BIO_printf(bio_err, "-pkeyopt opt:value set the public key algorithm option <opt>\n"
172: " to value <value>\n");
173: BIO_printf(bio_err, "-genparam generate parameters, not key\n");
174: BIO_printf(bio_err, "-text print the in text\n");
175: BIO_printf(bio_err, "NB: options order may be important! See the manual page.\n");
176: goto end;
177: }
178: if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
179: BIO_puts(bio_err, "Error getting password\n");
180: goto end;
181: }
182: if (outfile) {
183: if (!(out = BIO_new_file(outfile, "wb"))) {
184: BIO_printf(bio_err,
185: "Can't open output file %s\n", outfile);
186: goto end;
187: }
188: } else {
189: out = BIO_new_fp(stdout, BIO_NOCLOSE);
190: }
191:
192: EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
193: EVP_PKEY_CTX_set_app_data(ctx, bio_err);
194:
195: if (do_param) {
196: if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) {
197: BIO_puts(bio_err, "Error generating parameters\n");
198: ERR_print_errors(bio_err);
199: goto end;
200: }
201: } else {
202: if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
203: BIO_puts(bio_err, "Error generating key\n");
204: ERR_print_errors(bio_err);
205: goto end;
206: }
207: }
208:
209: if (do_param)
210: rv = PEM_write_bio_Parameters(out, pkey);
211: else if (outformat == FORMAT_PEM)
212: rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0,
213: NULL, pass);
214: else if (outformat == FORMAT_ASN1)
215: rv = i2d_PrivateKey_bio(out, pkey);
216: else {
217: BIO_printf(bio_err, "Bad format specified for key\n");
218: goto end;
219: }
220:
221: if (rv <= 0) {
222: BIO_puts(bio_err, "Error writing key\n");
223: ERR_print_errors(bio_err);
224: }
225: if (text) {
226: if (do_param)
227: rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
228: else
229: rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
230:
231: if (rv <= 0) {
232: BIO_puts(bio_err, "Error printing key\n");
233: ERR_print_errors(bio_err);
234: }
235: }
236: ret = 0;
237:
238: end:
239: if (pkey)
240: EVP_PKEY_free(pkey);
241: if (ctx)
242: EVP_PKEY_CTX_free(ctx);
243: if (out)
244: BIO_free_all(out);
245: BIO_free(in);
246: free(pass);
247:
248: return ret;
249: }
250:
251: static int
252: init_keygen_file(BIO * err, EVP_PKEY_CTX ** pctx,
1.5 bcook 253: const char *file)
1.1 jsing 254: {
255: BIO *pbio;
256: EVP_PKEY *pkey = NULL;
257: EVP_PKEY_CTX *ctx = NULL;
258: if (*pctx) {
259: BIO_puts(err, "Parameters already set!\n");
260: return 0;
261: }
262: pbio = BIO_new_file(file, "r");
263: if (!pbio) {
264: BIO_printf(err, "Can't open parameter file %s\n", file);
265: return 0;
266: }
267: pkey = PEM_read_bio_Parameters(pbio, NULL);
268: BIO_free(pbio);
269:
270: if (!pkey) {
271: BIO_printf(bio_err, "Error reading parameter file %s\n", file);
272: return 0;
273: }
1.5 bcook 274: ctx = EVP_PKEY_CTX_new(pkey, NULL);
1.1 jsing 275: if (!ctx)
276: goto err;
277: if (EVP_PKEY_keygen_init(ctx) <= 0)
278: goto err;
279: EVP_PKEY_free(pkey);
280: *pctx = ctx;
281: return 1;
282:
283: err:
284: BIO_puts(err, "Error initializing context\n");
285: ERR_print_errors(err);
286: if (ctx)
287: EVP_PKEY_CTX_free(ctx);
288: if (pkey)
289: EVP_PKEY_free(pkey);
290: return 0;
291:
292: }
293:
294: int
295: init_gen_str(BIO * err, EVP_PKEY_CTX ** pctx,
1.5 bcook 296: const char *algname, int do_param)
1.1 jsing 297: {
298: EVP_PKEY_CTX *ctx = NULL;
299: const EVP_PKEY_ASN1_METHOD *ameth;
300: int pkey_id;
301:
302: if (*pctx) {
303: BIO_puts(err, "Algorithm already set!\n");
304: return 0;
305: }
1.5 bcook 306: ameth = EVP_PKEY_asn1_find_str(NULL, algname, -1);
1.1 jsing 307:
308: if (!ameth) {
309: BIO_printf(bio_err, "Algorithm %s not found\n", algname);
310: return 0;
311: }
312: ERR_clear_error();
313:
314: EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
1.5 bcook 315: ctx = EVP_PKEY_CTX_new_id(pkey_id, NULL);
1.1 jsing 316:
317: if (!ctx)
318: goto err;
319: if (do_param) {
320: if (EVP_PKEY_paramgen_init(ctx) <= 0)
321: goto err;
322: } else {
323: if (EVP_PKEY_keygen_init(ctx) <= 0)
324: goto err;
325: }
326:
327: *pctx = ctx;
328: return 1;
329:
330: err:
331: BIO_printf(err, "Error initializing %s context\n", algname);
332: ERR_print_errors(err);
333: if (ctx)
334: EVP_PKEY_CTX_free(ctx);
335: return 0;
336:
337: }
338:
339: static int
340: genpkey_cb(EVP_PKEY_CTX * ctx)
341: {
342: char c = '*';
343: BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
344: int p;
345: p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
346: if (p == 0)
347: c = '.';
348: if (p == 1)
349: c = '+';
350: if (p == 2)
351: c = '*';
352: if (p == 3)
353: c = '\n';
354: BIO_write(b, &c, 1);
355: (void) BIO_flush(b);
356: return 1;
357: }