genpkey.c 9.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349
  1. /*
  2. * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <string.h>
  11. #include "apps.h"
  12. #include "progs.h"
  13. #include <openssl/pem.h>
  14. #include <openssl/err.h>
  15. #include <openssl/evp.h>
  16. static int quiet;
  17. static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
  18. OSSL_LIB_CTX *libctx, const char *propq);
  19. static int genpkey_cb(EVP_PKEY_CTX *ctx);
  20. typedef enum OPTION_choice {
  21. OPT_COMMON,
  22. OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
  23. OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER,
  24. OPT_QUIET, OPT_CONFIG,
  25. OPT_PROV_ENUM
  26. } OPTION_CHOICE;
  27. const OPTIONS genpkey_options[] = {
  28. OPT_SECTION("General"),
  29. {"help", OPT_HELP, '-', "Display this summary"},
  30. #ifndef OPENSSL_NO_ENGINE
  31. {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
  32. #endif
  33. {"paramfile", OPT_PARAMFILE, '<', "Parameters file"},
  34. {"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"},
  35. {"quiet", OPT_QUIET, 's', "Do not output status while generating keys"},
  36. {"pkeyopt", OPT_PKEYOPT, 's',
  37. "Set the public key algorithm option as opt:value"},
  38. OPT_CONFIG_OPTION,
  39. OPT_SECTION("Output"),
  40. {"out", OPT_OUT, '>', "Output file"},
  41. {"outform", OPT_OUTFORM, 'F', "output format (DER or PEM)"},
  42. {"pass", OPT_PASS, 's', "Output file pass phrase source"},
  43. {"genparam", OPT_GENPARAM, '-', "Generate parameters, not key"},
  44. {"text", OPT_TEXT, '-', "Print the in text"},
  45. {"", OPT_CIPHER, '-', "Cipher to use to encrypt the key"},
  46. OPT_PROV_OPTIONS,
  47. /* This is deliberately last. */
  48. {OPT_HELP_STR, 1, 1,
  49. "Order of options may be important! See the documentation.\n"},
  50. {NULL}
  51. };
  52. int genpkey_main(int argc, char **argv)
  53. {
  54. CONF *conf = NULL;
  55. BIO *in = NULL, *out = NULL;
  56. ENGINE *e = NULL;
  57. EVP_PKEY *pkey = NULL;
  58. EVP_PKEY_CTX *ctx = NULL;
  59. char *outfile = NULL, *passarg = NULL, *pass = NULL, *prog, *p;
  60. const char *ciphername = NULL, *paramfile = NULL, *algname = NULL;
  61. EVP_CIPHER *cipher = NULL;
  62. OPTION_CHOICE o;
  63. int outformat = FORMAT_PEM, text = 0, ret = 1, rv, do_param = 0;
  64. int private = 0, i, m;
  65. OSSL_LIB_CTX *libctx = app_get0_libctx();
  66. STACK_OF(OPENSSL_STRING) *keyopt = NULL;
  67. prog = opt_init(argc, argv, genpkey_options);
  68. keyopt = sk_OPENSSL_STRING_new_null();
  69. if (keyopt == NULL)
  70. goto end;
  71. while ((o = opt_next()) != OPT_EOF) {
  72. switch (o) {
  73. case OPT_EOF:
  74. case OPT_ERR:
  75. opthelp:
  76. BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
  77. goto end;
  78. case OPT_HELP:
  79. ret = 0;
  80. opt_help(genpkey_options);
  81. goto end;
  82. case OPT_OUTFORM:
  83. if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
  84. goto opthelp;
  85. break;
  86. case OPT_OUT:
  87. outfile = opt_arg();
  88. break;
  89. case OPT_PASS:
  90. passarg = opt_arg();
  91. break;
  92. case OPT_ENGINE:
  93. e = setup_engine(opt_arg(), 0);
  94. break;
  95. case OPT_PARAMFILE:
  96. if (do_param == 1)
  97. goto opthelp;
  98. paramfile = opt_arg();
  99. break;
  100. case OPT_ALGORITHM:
  101. algname = opt_arg();
  102. break;
  103. case OPT_PKEYOPT:
  104. if (!sk_OPENSSL_STRING_push(keyopt, opt_arg()))
  105. goto end;
  106. break;
  107. case OPT_QUIET:
  108. quiet = 1;
  109. break;
  110. case OPT_GENPARAM:
  111. do_param = 1;
  112. break;
  113. case OPT_TEXT:
  114. text = 1;
  115. break;
  116. case OPT_CIPHER:
  117. ciphername = opt_unknown();
  118. break;
  119. case OPT_CONFIG:
  120. conf = app_load_config_modules(opt_arg());
  121. if (conf == NULL)
  122. goto end;
  123. break;
  124. case OPT_PROV_CASES:
  125. if (!opt_provider(o))
  126. goto end;
  127. break;
  128. }
  129. }
  130. /* No extra arguments. */
  131. argc = opt_num_rest();
  132. if (argc != 0)
  133. goto opthelp;
  134. /* Fetch cipher, etc. */
  135. if (paramfile != NULL) {
  136. if (!init_keygen_file(&ctx, paramfile, e, libctx, app_get0_propq()))
  137. goto end;
  138. }
  139. if (algname != NULL) {
  140. if (!init_gen_str(&ctx, algname, e, do_param, libctx, app_get0_propq()))
  141. goto end;
  142. }
  143. if (ctx == NULL)
  144. goto opthelp;
  145. for (i = 0; i < sk_OPENSSL_STRING_num(keyopt); i++) {
  146. p = sk_OPENSSL_STRING_value(keyopt, i);
  147. if (pkey_ctrl_string(ctx, p) <= 0) {
  148. BIO_printf(bio_err, "%s: Error setting %s parameter:\n", prog, p);
  149. ERR_print_errors(bio_err);
  150. goto end;
  151. }
  152. }
  153. if (ciphername != NULL) {
  154. if (!opt_cipher(ciphername, &cipher) || do_param == 1)
  155. goto opthelp;
  156. m = EVP_CIPHER_get_mode(cipher);
  157. if (m == EVP_CIPH_GCM_MODE || m == EVP_CIPH_CCM_MODE
  158. || m == EVP_CIPH_XTS_MODE || m == EVP_CIPH_OCB_MODE) {
  159. BIO_printf(bio_err, "%s: cipher mode not supported\n", prog);
  160. goto end;
  161. }
  162. }
  163. private = do_param ? 0 : 1;
  164. if (!app_passwd(passarg, NULL, &pass, NULL)) {
  165. BIO_puts(bio_err, "Error getting password\n");
  166. goto end;
  167. }
  168. out = bio_open_owner(outfile, outformat, private);
  169. if (out == NULL)
  170. goto end;
  171. EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
  172. EVP_PKEY_CTX_set_app_data(ctx, bio_err);
  173. pkey = do_param ? app_paramgen(ctx, algname)
  174. : app_keygen(ctx, algname, 0, 0 /* not verbose */);
  175. if (do_param) {
  176. rv = PEM_write_bio_Parameters(out, pkey);
  177. } else if (outformat == FORMAT_PEM) {
  178. assert(private);
  179. rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass);
  180. } else if (outformat == FORMAT_ASN1) {
  181. assert(private);
  182. rv = i2d_PrivateKey_bio(out, pkey);
  183. } else {
  184. BIO_printf(bio_err, "Bad format specified for key\n");
  185. goto end;
  186. }
  187. ret = 0;
  188. if (rv <= 0) {
  189. BIO_puts(bio_err, "Error writing key\n");
  190. ret = 1;
  191. }
  192. if (text) {
  193. if (do_param)
  194. rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
  195. else
  196. rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
  197. if (rv <= 0) {
  198. BIO_puts(bio_err, "Error printing key\n");
  199. ret = 1;
  200. }
  201. }
  202. end:
  203. sk_OPENSSL_STRING_free(keyopt);
  204. if (ret != 0)
  205. ERR_print_errors(bio_err);
  206. EVP_PKEY_free(pkey);
  207. EVP_PKEY_CTX_free(ctx);
  208. EVP_CIPHER_free(cipher);
  209. BIO_free_all(out);
  210. BIO_free(in);
  211. release_engine(e);
  212. OPENSSL_free(pass);
  213. NCONF_free(conf);
  214. return ret;
  215. }
  216. static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e,
  217. OSSL_LIB_CTX *libctx, const char *propq)
  218. {
  219. BIO *pbio;
  220. EVP_PKEY *pkey = NULL;
  221. EVP_PKEY_CTX *ctx = NULL;
  222. if (*pctx) {
  223. BIO_puts(bio_err, "Parameters already set!\n");
  224. return 0;
  225. }
  226. pbio = BIO_new_file(file, "r");
  227. if (pbio == NULL) {
  228. BIO_printf(bio_err, "Can't open parameter file %s\n", file);
  229. return 0;
  230. }
  231. pkey = PEM_read_bio_Parameters_ex(pbio, NULL, libctx, propq);
  232. BIO_free(pbio);
  233. if (pkey == NULL) {
  234. BIO_printf(bio_err, "Error reading parameter file %s\n", file);
  235. return 0;
  236. }
  237. if (e != NULL)
  238. ctx = EVP_PKEY_CTX_new(pkey, e);
  239. else
  240. ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq);
  241. if (ctx == NULL)
  242. goto err;
  243. if (EVP_PKEY_keygen_init(ctx) <= 0)
  244. goto err;
  245. EVP_PKEY_free(pkey);
  246. *pctx = ctx;
  247. return 1;
  248. err:
  249. BIO_puts(bio_err, "Error initializing context\n");
  250. ERR_print_errors(bio_err);
  251. EVP_PKEY_CTX_free(ctx);
  252. EVP_PKEY_free(pkey);
  253. return 0;
  254. }
  255. int init_gen_str(EVP_PKEY_CTX **pctx,
  256. const char *algname, ENGINE *e, int do_param,
  257. OSSL_LIB_CTX *libctx, const char *propq)
  258. {
  259. EVP_PKEY_CTX *ctx = NULL;
  260. int pkey_id;
  261. if (*pctx) {
  262. BIO_puts(bio_err, "Algorithm already set!\n");
  263. return 0;
  264. }
  265. pkey_id = get_legacy_pkey_id(libctx, algname, e);
  266. if (pkey_id != NID_undef)
  267. ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
  268. else
  269. ctx = EVP_PKEY_CTX_new_from_name(libctx, algname, propq);
  270. if (ctx == NULL)
  271. goto err;
  272. if (do_param) {
  273. if (EVP_PKEY_paramgen_init(ctx) <= 0)
  274. goto err;
  275. } else {
  276. if (EVP_PKEY_keygen_init(ctx) <= 0)
  277. goto err;
  278. }
  279. *pctx = ctx;
  280. return 1;
  281. err:
  282. BIO_printf(bio_err, "Error initializing %s context\n", algname);
  283. ERR_print_errors(bio_err);
  284. EVP_PKEY_CTX_free(ctx);
  285. return 0;
  286. }
  287. static int genpkey_cb(EVP_PKEY_CTX *ctx)
  288. {
  289. char c = '*';
  290. BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
  291. if (quiet)
  292. return 1;
  293. switch (EVP_PKEY_CTX_get_keygen_info(ctx, 0)) {
  294. case 0:
  295. c = '.';
  296. break;
  297. case 1:
  298. c = '+';
  299. break;
  300. case 3:
  301. c = '\n';
  302. break;
  303. }
  304. BIO_write(b, &c, 1);
  305. (void)BIO_flush(b);
  306. return 1;
  307. }