123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361 |
- /*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006
- */
- /* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
- #include <stdio.h>
- #include <string.h>
- #include "apps.h"
- #include <openssl/pem.h>
- #include <openssl/err.h>
- #include <openssl/evp.h>
- #ifndef OPENSSL_NO_ENGINE
- # include <openssl/engine.h>
- #endif
- static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e);
- static int genpkey_cb(EVP_PKEY_CTX *ctx);
- typedef enum OPTION_choice {
- OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
- OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
- OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER
- } OPTION_CHOICE;
- OPTIONS genpkey_options[] = {
- {"help", OPT_HELP, '-', "Display this summary"},
- {"out", OPT_OUT, '>', "Output file"},
- {"outform", OPT_OUTFORM, 'F', "output format (DER or PEM)"},
- {"pass", OPT_PASS, 's', "Output file pass phrase source"},
- {"paramfile", OPT_PARAMFILE, '<', "Parameters file"},
- {"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"},
- {"pkeyopt", OPT_PKEYOPT, 's',
- "Set the public key algorithm option as opt:value"},
- {"genparam", OPT_GENPARAM, '-', "Generate parameters, not key"},
- {"text", OPT_TEXT, '-', "Print the in text"},
- {"", OPT_CIPHER, '-', "Cipher to use to encrypt the key"},
- #ifndef OPENSSL_NO_ENGINE
- {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
- #endif
- /* This is deliberately last. */
- {OPT_HELP_STR, 1, 1,
- "Order of options may be important! See the documentation.\n"},
- {NULL}
- };
- int genpkey_main(int argc, char **argv)
- {
- BIO *in = NULL, *out = NULL;
- ENGINE *e = NULL;
- EVP_PKEY *pkey = NULL;
- EVP_PKEY_CTX *ctx = NULL;
- char *outfile = NULL, *passarg = NULL, *pass = NULL, *prog;
- const EVP_CIPHER *cipher = NULL;
- OPTION_CHOICE o;
- int outformat = FORMAT_PEM, text = 0, ret = 1, rv, do_param = 0;
- int private = 0;
- prog = opt_init(argc, argv, genpkey_options);
- while ((o = opt_next()) != OPT_EOF) {
- switch (o) {
- case OPT_EOF:
- case OPT_ERR:
- opthelp:
- BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
- goto end;
- case OPT_HELP:
- ret = 0;
- opt_help(genpkey_options);
- goto end;
- case OPT_OUTFORM:
- if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
- goto opthelp;
- break;
- case OPT_OUT:
- outfile = opt_arg();
- break;
- case OPT_PASS:
- passarg = opt_arg();
- break;
- case OPT_ENGINE:
- e = setup_engine(opt_arg(), 0);
- break;
- case OPT_PARAMFILE:
- if (do_param == 1)
- goto opthelp;
- if (!init_keygen_file(&ctx, opt_arg(), e))
- goto end;
- break;
- case OPT_ALGORITHM:
- if (!init_gen_str(&ctx, opt_arg(), e, do_param))
- goto end;
- break;
- case OPT_PKEYOPT:
- if (ctx == NULL) {
- BIO_printf(bio_err, "%s: No keytype specified.\n", prog);
- goto opthelp;
- }
- if (pkey_ctrl_string(ctx, opt_arg()) <= 0) {
- BIO_printf(bio_err,
- "%s: Error setting %s parameter:\n",
- prog, opt_arg());
- ERR_print_errors(bio_err);
- goto end;
- }
- break;
- case OPT_GENPARAM:
- if (ctx != NULL)
- goto opthelp;
- do_param = 1;
- break;
- case OPT_TEXT:
- text = 1;
- break;
- case OPT_CIPHER:
- if (!opt_cipher(opt_unknown(), &cipher)
- || do_param == 1)
- goto opthelp;
- }
- }
- argc = opt_num_rest();
- argv = opt_rest();
- private = do_param ? 0 : 1;
- if (ctx == NULL)
- goto opthelp;
- if (!app_passwd(passarg, NULL, &pass, NULL)) {
- BIO_puts(bio_err, "Error getting password\n");
- goto end;
- }
- out = bio_open_owner(outfile, outformat, private);
- if (out == NULL)
- goto end;
- EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
- EVP_PKEY_CTX_set_app_data(ctx, bio_err);
- if (do_param) {
- if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) {
- BIO_puts(bio_err, "Error generating parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- } else {
- if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
- BIO_puts(bio_err, "Error generating key\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- if (do_param)
- rv = PEM_write_bio_Parameters(out, pkey);
- else if (outformat == FORMAT_PEM) {
- assert(private);
- rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass);
- } else if (outformat == FORMAT_ASN1) {
- assert(private);
- rv = i2d_PrivateKey_bio(out, pkey);
- } else {
- BIO_printf(bio_err, "Bad format specified for key\n");
- goto end;
- }
- if (rv <= 0) {
- BIO_puts(bio_err, "Error writing key\n");
- ERR_print_errors(bio_err);
- }
- if (text) {
- if (do_param)
- rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
- else
- rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
- if (rv <= 0) {
- BIO_puts(bio_err, "Error printing key\n");
- ERR_print_errors(bio_err);
- }
- }
- ret = 0;
- end:
- EVP_PKEY_free(pkey);
- EVP_PKEY_CTX_free(ctx);
- BIO_free_all(out);
- BIO_free(in);
- OPENSSL_free(pass);
- return ret;
- }
- static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e)
- {
- BIO *pbio;
- EVP_PKEY *pkey = NULL;
- EVP_PKEY_CTX *ctx = NULL;
- if (*pctx) {
- BIO_puts(bio_err, "Parameters already set!\n");
- return 0;
- }
- pbio = BIO_new_file(file, "r");
- if (!pbio) {
- BIO_printf(bio_err, "Can't open parameter file %s\n", file);
- return 0;
- }
- pkey = PEM_read_bio_Parameters(pbio, NULL);
- BIO_free(pbio);
- if (!pkey) {
- BIO_printf(bio_err, "Error reading parameter file %s\n", file);
- return 0;
- }
- ctx = EVP_PKEY_CTX_new(pkey, e);
- if (ctx == NULL)
- goto err;
- if (EVP_PKEY_keygen_init(ctx) <= 0)
- goto err;
- EVP_PKEY_free(pkey);
- *pctx = ctx;
- return 1;
- err:
- BIO_puts(bio_err, "Error initializing context\n");
- ERR_print_errors(bio_err);
- EVP_PKEY_CTX_free(ctx);
- EVP_PKEY_free(pkey);
- return 0;
- }
- int init_gen_str(EVP_PKEY_CTX **pctx,
- const char *algname, ENGINE *e, int do_param)
- {
- EVP_PKEY_CTX *ctx = NULL;
- const EVP_PKEY_ASN1_METHOD *ameth;
- ENGINE *tmpeng = NULL;
- int pkey_id;
- if (*pctx) {
- BIO_puts(bio_err, "Algorithm already set!\n");
- return 0;
- }
- ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
- #ifndef OPENSSL_NO_ENGINE
- if (!ameth && e)
- ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
- #endif
- if (!ameth) {
- BIO_printf(bio_err, "Algorithm %s not found\n", algname);
- return 0;
- }
- ERR_clear_error();
- EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
- #ifndef OPENSSL_NO_ENGINE
- if (tmpeng)
- ENGINE_finish(tmpeng);
- #endif
- ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
- if (!ctx)
- goto err;
- if (do_param) {
- if (EVP_PKEY_paramgen_init(ctx) <= 0)
- goto err;
- } else {
- if (EVP_PKEY_keygen_init(ctx) <= 0)
- goto err;
- }
- *pctx = ctx;
- return 1;
- err:
- BIO_printf(bio_err, "Error initializing %s context\n", algname);
- ERR_print_errors(bio_err);
- EVP_PKEY_CTX_free(ctx);
- return 0;
- }
- static int genpkey_cb(EVP_PKEY_CTX *ctx)
- {
- char c = '*';
- BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
- int p;
- p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
- if (p == 0)
- c = '.';
- if (p == 1)
- c = '+';
- if (p == 2)
- c = '*';
- if (p == 3)
- c = '\n';
- BIO_write(b, &c, 1);
- (void)BIO_flush(b);
- return 1;
- }
|