EVP_PKEY_RSA_keygen.c 9.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289
  1. /*-
  2. * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * Example showing how to generate an RSA key pair.
  11. *
  12. * When generating an RSA key, you must specify the number of bits in the key. A
  13. * reasonable value would be 4096. Avoid using values below 2048. These values
  14. * are reasonable as of 2022.
  15. */
  16. #include <string.h>
  17. #include <stdio.h>
  18. #include <openssl/err.h>
  19. #include <openssl/evp.h>
  20. #include <openssl/rsa.h>
  21. #include <openssl/core_names.h>
  22. #include <openssl/pem.h>
  23. /* A property query used for selecting algorithm implementations. */
  24. static const char *propq = NULL;
  25. /*
  26. * Generates an RSA public-private key pair and returns it.
  27. * The number of bits is specified by the bits argument.
  28. *
  29. * This uses the long way of generating an RSA key.
  30. */
  31. static EVP_PKEY *generate_rsa_key_long(OSSL_LIB_CTX *libctx, unsigned int bits)
  32. {
  33. EVP_PKEY_CTX *genctx = NULL;
  34. EVP_PKEY *pkey = NULL;
  35. unsigned int primes = 2;
  36. /* Create context using RSA algorithm. "RSA-PSS" could also be used here. */
  37. genctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", propq);
  38. if (genctx == NULL) {
  39. fprintf(stderr, "EVP_PKEY_CTX_new_from_name() failed\n");
  40. goto cleanup;
  41. }
  42. /* Initialize context for key generation purposes. */
  43. if (EVP_PKEY_keygen_init(genctx) <= 0) {
  44. fprintf(stderr, "EVP_PKEY_keygen_init() failed\n");
  45. goto cleanup;
  46. }
  47. /*
  48. * Here we set the number of bits to use in the RSA key.
  49. * See comment at top of file for information on appropriate values.
  50. */
  51. if (EVP_PKEY_CTX_set_rsa_keygen_bits(genctx, bits) <= 0) {
  52. fprintf(stderr, "EVP_PKEY_CTX_set_rsa_keygen_bits() failed\n");
  53. goto cleanup;
  54. }
  55. /*
  56. * It is possible to create an RSA key using more than two primes.
  57. * Do not do this unless you know why you need this.
  58. * You ordinarily do not need to specify this, as the default is two.
  59. *
  60. * Both of these parameters can also be set via EVP_PKEY_CTX_set_params, but
  61. * these functions provide a more concise way to do so.
  62. */
  63. if (EVP_PKEY_CTX_set_rsa_keygen_primes(genctx, primes) <= 0) {
  64. fprintf(stderr, "EVP_PKEY_CTX_set_rsa_keygen_primes() failed\n");
  65. goto cleanup;
  66. }
  67. /*
  68. * Generating an RSA key with a number of bits large enough to be secure for
  69. * modern applications can take a fairly substantial amount of time (e.g.
  70. * one second). If you require fast key generation, consider using an EC key
  71. * instead.
  72. *
  73. * If you require progress information during the key generation process,
  74. * you can set a progress callback using EVP_PKEY_set_cb; see the example in
  75. * EVP_PKEY_generate(3).
  76. */
  77. fprintf(stderr, "Generating RSA key, this may take some time...\n");
  78. if (EVP_PKEY_generate(genctx, &pkey) <= 0) {
  79. fprintf(stderr, "EVP_PKEY_generate() failed\n");
  80. goto cleanup;
  81. }
  82. /* pkey is now set to an object representing the generated key pair. */
  83. cleanup:
  84. EVP_PKEY_CTX_free(genctx);
  85. return pkey;
  86. }
  87. /*
  88. * Generates an RSA public-private key pair and returns it.
  89. * The number of bits is specified by the bits argument.
  90. *
  91. * This uses a more concise way of generating an RSA key, which is suitable for
  92. * simple cases. It is used if -s is passed on the command line, otherwise the
  93. * long method above is used. The ability to choose between these two methods is
  94. * shown here only for demonstration; the results are equivalent.
  95. */
  96. static EVP_PKEY *generate_rsa_key_short(OSSL_LIB_CTX *libctx, unsigned int bits)
  97. {
  98. EVP_PKEY *pkey = NULL;
  99. fprintf(stderr, "Generating RSA key, this may take some time...\n");
  100. pkey = EVP_PKEY_Q_keygen(libctx, propq, "RSA", (size_t)bits);
  101. if (pkey == NULL)
  102. fprintf(stderr, "EVP_PKEY_Q_keygen() failed\n");
  103. return pkey;
  104. }
  105. /*
  106. * Prints information on an EVP_PKEY object representing an RSA key pair.
  107. */
  108. static int dump_key(const EVP_PKEY *pkey)
  109. {
  110. int ret = 0;
  111. int bits = 0;
  112. BIGNUM *n = NULL, *e = NULL, *d = NULL, *p = NULL, *q = NULL;
  113. /*
  114. * Retrieve value of n. This value is not secret and forms part of the
  115. * public key.
  116. *
  117. * Calling EVP_PKEY_get_bn_param with a NULL BIGNUM pointer causes
  118. * a new BIGNUM to be allocated, so these must be freed subsequently.
  119. */
  120. if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &n) == 0) {
  121. fprintf(stderr, "Failed to retrieve n\n");
  122. goto cleanup;
  123. }
  124. /*
  125. * Retrieve value of e. This value is not secret and forms part of the
  126. * public key. It is typically 65537 and need not be changed.
  127. */
  128. if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &e) == 0) {
  129. fprintf(stderr, "Failed to retrieve e\n");
  130. goto cleanup;
  131. }
  132. /*
  133. * Retrieve value of d. This value is secret and forms part of the private
  134. * key. It must not be published.
  135. */
  136. if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &d) == 0) {
  137. fprintf(stderr, "Failed to retrieve d\n");
  138. goto cleanup;
  139. }
  140. /*
  141. * Retrieve value of the first prime factor, commonly known as p. This value
  142. * is secret and forms part of the private key. It must not be published.
  143. */
  144. if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &p) == 0) {
  145. fprintf(stderr, "Failed to retrieve p\n");
  146. goto cleanup;
  147. }
  148. /*
  149. * Retrieve value of the second prime factor, commonly known as q. This value
  150. * is secret and forms part of the private key. It must not be published.
  151. *
  152. * If you are creating an RSA key with more than two primes for special
  153. * applications, you can retrieve these primes with
  154. * OSSL_PKEY_PARAM_RSA_FACTOR3, etc.
  155. */
  156. if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &q) == 0) {
  157. fprintf(stderr, "Failed to retrieve q\n");
  158. goto cleanup;
  159. }
  160. /*
  161. * We can also retrieve the key size in bits for informational purposes.
  162. */
  163. if (EVP_PKEY_get_int_param(pkey, OSSL_PKEY_PARAM_BITS, &bits) == 0) {
  164. fprintf(stderr, "Failed to retrieve bits\n");
  165. goto cleanup;
  166. }
  167. /* Output hexadecimal representations of the BIGNUM objects. */
  168. fprintf(stdout, "\nNumber of bits: %d\n\n", bits);
  169. fprintf(stderr, "Public values:\n");
  170. fprintf(stdout, " n = 0x");
  171. BN_print_fp(stdout, n);
  172. fprintf(stdout, "\n");
  173. fprintf(stdout, " e = 0x");
  174. BN_print_fp(stdout, e);
  175. fprintf(stdout, "\n\n");
  176. fprintf(stdout, "Private values:\n");
  177. fprintf(stdout, " d = 0x");
  178. BN_print_fp(stdout, d);
  179. fprintf(stdout, "\n");
  180. fprintf(stdout, " p = 0x");
  181. BN_print_fp(stdout, p);
  182. fprintf(stdout, "\n");
  183. fprintf(stdout, " q = 0x");
  184. BN_print_fp(stdout, q);
  185. fprintf(stdout, "\n\n");
  186. /* Output a PEM encoding of the public key. */
  187. if (PEM_write_PUBKEY(stdout, pkey) == 0) {
  188. fprintf(stderr, "Failed to output PEM-encoded public key\n");
  189. goto cleanup;
  190. }
  191. /*
  192. * Output a PEM encoding of the private key. Please note that this output is
  193. * not encrypted. You may wish to use the arguments to specify encryption of
  194. * the key if you are storing it on disk. See PEM_write_PrivateKey(3).
  195. */
  196. if (PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL) == 0) {
  197. fprintf(stderr, "Failed to output PEM-encoded private key\n");
  198. goto cleanup;
  199. }
  200. ret = 1;
  201. cleanup:
  202. BN_free(n); /* not secret */
  203. BN_free(e); /* not secret */
  204. BN_clear_free(d); /* secret - scrub before freeing */
  205. BN_clear_free(p); /* secret - scrub before freeing */
  206. BN_clear_free(q); /* secret - scrub before freeing */
  207. return ret;
  208. }
  209. int main(int argc, char **argv)
  210. {
  211. int ret = EXIT_FAILURE;
  212. OSSL_LIB_CTX *libctx = NULL;
  213. EVP_PKEY *pkey = NULL;
  214. unsigned int bits = 4096;
  215. int bits_i, use_short = 0;
  216. /* usage: [-s] [<bits>] */
  217. if (argc > 1 && strcmp(argv[1], "-s") == 0) {
  218. --argc;
  219. ++argv;
  220. use_short = 1;
  221. }
  222. if (argc > 1) {
  223. bits_i = atoi(argv[1]);
  224. if (bits < 512) {
  225. fprintf(stderr, "Invalid RSA key size\n");
  226. return EXIT_FAILURE;
  227. }
  228. bits = (unsigned int)bits_i;
  229. }
  230. /* Avoid using key sizes less than 2048 bits; see comment at top of file. */
  231. if (bits < 2048)
  232. fprintf(stderr, "Warning: very weak key size\n\n");
  233. /* Generate RSA key. */
  234. if (use_short)
  235. pkey = generate_rsa_key_short(libctx, bits);
  236. else
  237. pkey = generate_rsa_key_long(libctx, bits);
  238. if (pkey == NULL)
  239. goto cleanup;
  240. /* Dump the integers comprising the key. */
  241. if (dump_key(pkey) == 0) {
  242. fprintf(stderr, "Failed to dump key\n");
  243. goto cleanup;
  244. }
  245. ret = EXIT_SUCCESS;
  246. cleanup:
  247. EVP_PKEY_free(pkey);
  248. OSSL_LIB_CTX_free(libctx);
  249. return ret;
  250. }