[thirdparty/openssl.git] / apps / genrsa.c

/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <openssl/opensslconf.h>

#ifndef OPENSSL_NO_RSA
# include <stdio.h>
# include <string.h>
# include <sys/types.h>
# include <sys/stat.h>
# include "apps.h"
# include <openssl/bio.h>
# include <openssl/err.h>
# include <openssl/bn.h>
# include <openssl/rsa.h>
# include <openssl/evp.h>
# include <openssl/x509.h>
# include <openssl/pem.h>
# include <openssl/rand.h>

# define DEFBITS 2048

static int genrsa_cb(int p, int n, BN_GENCB *cb);

typedef enum OPTION_choice {
    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
    OPT_3, OPT_F4, OPT_NON_FIPS_ALLOW, OPT_ENGINE,
    OPT_OUT, OPT_RAND, OPT_PASSOUT, OPT_CIPHER
} OPTION_CHOICE;

OPTIONS genrsa_options[] = {
    {"help", OPT_HELP, '-', "Display this summary"},
    {"3", OPT_3, '-', "Use 3 for the E value"},
    {"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
    {"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
    {"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
    {"out", OPT_OUT, 's', "Output the key to specified file"},
    {"rand", OPT_RAND, 's',
     "Load the file(s) into the random number generator"},
    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
    {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
    {NULL}
};

int genrsa_main(int argc, char **argv)
{
    BN_GENCB *cb = BN_GENCB_new();
    PW_CB_DATA cb_data;
    ENGINE *e = NULL;
    BIGNUM *bn = BN_new();
    BIO *out = NULL;
    RSA *rsa = NULL;
    const EVP_CIPHER *enc = NULL;
    int ret = 1, non_fips_allow = 0, num = DEFBITS, private = 0;
    unsigned long f4 = RSA_F4;
    char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
    char *inrand = NULL, *prog, *hexe, *dece;
    OPTION_CHOICE o;

    if (!bn || !cb)
        goto end;

    BN_GENCB_set(cb, genrsa_cb, bio_err);

    prog = opt_init(argc, argv, genrsa_options);
    while ((o = opt_next()) != OPT_EOF) {
        switch (o) {
        case OPT_EOF:
        case OPT_ERR:
            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
            goto end;
        case OPT_HELP:
            ret = 0;
            opt_help(genrsa_options);
            goto end;
        case OPT_3:
            f4 = 3;
            break;
        case OPT_F4:
            f4 = RSA_F4;
            break;
        case OPT_NON_FIPS_ALLOW:
            non_fips_allow = 1;
            break;
        case OPT_OUT:
            outfile = opt_arg();
        case OPT_ENGINE:
            e = setup_engine(opt_arg(), 0);
            break;
        case OPT_RAND:
            inrand = opt_arg();
            break;
        case OPT_PASSOUT:
            passoutarg = opt_arg();
            break;
        case OPT_CIPHER:
            if (!opt_cipher(opt_unknown(), &enc))
                goto end;
            break;
        }
    }
    argc = opt_num_rest();
    argv = opt_rest();
    private = 1;

    if (argv[0] && (!opt_int(argv[0], &num) || num <= 0))
        goto end;

    if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
        BIO_printf(bio_err, "Error getting password\n");
        goto end;
    }

    if (!app_load_modules(NULL))
        goto end;

    out = bio_open_owner(outfile, "w", private);
    if (out == NULL)
        goto end;

    if (!app_RAND_load_file(NULL, 1) && inrand == NULL
        && !RAND_status()) {
        BIO_printf(bio_err,
                   "warning, not much extra random data, consider using the -rand option\n");
    }
    if (inrand != NULL)
        BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
                   app_RAND_load_files(inrand));

    BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
               num);
    rsa = e ? RSA_new_method(e) : RSA_new();
    if (!rsa)
        goto end;

    if (non_fips_allow)
        rsa->flags |= RSA_FLAG_NON_FIPS_ALLOW;

    if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, cb))
        goto end;

    app_RAND_write_file(NULL);

    hexe = BN_bn2hex(rsa->e);
    dece = BN_bn2dec(rsa->e);
    if (hexe && dece) {
        BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe);
    }
    OPENSSL_free(hexe);
    OPENSSL_free(dece);
    cb_data.password = passout;
    cb_data.prompt_info = outfile;
    assert(private);
    if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
                                     (pem_password_cb *)password_callback,
                                     &cb_data))
        goto end;

    ret = 0;
 end:
    BN_free(bn);
    BN_GENCB_free(cb);
    RSA_free(rsa);
    BIO_free_all(out);
    OPENSSL_free(passout);
    if (ret != 0)
        ERR_print_errors(bio_err);
    return (ret);
}

static int genrsa_cb(int p, int n, BN_GENCB *cb)
{
    char c = '*';

    if (p == 0)
        c = '.';
    if (p == 1)
        c = '+';
    if (p == 2)
        c = '*';
    if (p == 3)
        c = '\n';
    BIO_write(BN_GENCB_get_arg(cb), &c, 1);
    (void)BIO_flush(BN_GENCB_get_arg(cb));
    return 1;
}
#else                           /* !OPENSSL_NO_RSA */

# if PEDANTIC
static void *dummy = &dummy;
# endif

#endif
Commit	Line	Data
58964a49	1	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
d02b48c6 RE	2	* All rights reserved.
	3	*
	4	* This package is an SSL implementation written
	5	* by Eric Young (eay@cryptsoft.com).
	6	* The implementation was written so as to conform with Netscapes SSL.
0f113f3e	7	*
d02b48c6 RE	8	* This library is free for commercial and non-commercial use as long as
	9	* the following conditions are aheared to. The following conditions
	10	* apply to all code found in this distribution, be it the RC4, RSA,
	11	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	12	* included with this distribution is covered by the same copyright terms
	13	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
0f113f3e	14	*
d02b48c6 RE	15	* Copyright remains Eric Young's, and as such any Copyright notices in
	16	* the code are not to be removed.
	17	* If this package is used in a product, Eric Young should be given attribution
	18	* as the author of the parts of the library used.
	19	* This can be in the form of a textual message at program startup or
	20	* in documentation (online or textual) provided with the package.
0f113f3e	21	*
d02b48c6 RE	22	* Redistribution and use in source and binary forms, with or without
	23	* modification, are permitted provided that the following conditions
	24	* are met:
	25	* 1. Redistributions of source code must retain the copyright
	26	* notice, this list of conditions and the following disclaimer.
	27	* 2. Redistributions in binary form must reproduce the above copyright
	28	* notice, this list of conditions and the following disclaimer in the
	29	* documentation and/or other materials provided with the distribution.
	30	* 3. All advertising materials mentioning features or use of this software
	31	* must display the following acknowledgement:
	32	* "This product includes cryptographic software written by
	33	* Eric Young (eay@cryptsoft.com)"
	34	* The word 'cryptographic' can be left out if the rouines from the library
	35	* being used are not cryptographic related :-).
0f113f3e	36	* 4. If you include any Windows specific code (or a derivative thereof) from
d02b48c6 RE	37	* the apps directory (application code) you must include an acknowledgement:
d02b48c6 RE	38	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
0f113f3e	39	*
d02b48c6 RE	40	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	41	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	43	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	44	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	45	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	46	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	48	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	49	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	50	* SUCH DAMAGE.
0f113f3e	51	*
d02b48c6 RE	52	* The licence and distribution terms for any publically available version or
	53	* derivative of this code cannot be changed. i.e. this code cannot simply be
	54	* copied and put under another distribution licence
	55	* [including the GNU Public Licence.]
	56	*/
	57
3eeaab4b	58	#include <openssl/opensslconf.h>
5daec7ea	59
cf1b7d96	60	#ifndef OPENSSL_NO_RSA
0f113f3e MC	61	# include <stdio.h>
	62	# include <string.h>
	63	# include <sys/types.h>
	64	# include <sys/stat.h>
	65	# include "apps.h"
	66	# include <openssl/bio.h>
	67	# include <openssl/err.h>
	68	# include <openssl/bn.h>
	69	# include <openssl/rsa.h>
	70	# include <openssl/evp.h>
	71	# include <openssl/x509.h>
	72	# include <openssl/pem.h>
	73	# include <openssl/rand.h>
d02b48c6	74
0f113f3e	75	# define DEFBITS 2048
d02b48c6	76
6d23cf97	77	static int genrsa_cb(int p, int n, BN_GENCB *cb);
667ac4ec	78
7e1b7485 RS	79	typedef enum OPTION_choice {
	80	OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
	81	OPT_3, OPT_F4, OPT_NON_FIPS_ALLOW, OPT_ENGINE,
	82	OPT_OUT, OPT_RAND, OPT_PASSOUT, OPT_CIPHER
	83	} OPTION_CHOICE;
667ac4ec	84
7e1b7485 RS	85	OPTIONS genrsa_options[] = {
	86	{"help", OPT_HELP, '-', "Display this summary"},
	87	{"3", OPT_3, '-', "Use 3 for the E value"},
	88	{"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
	89	{"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
	90	{"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
	91	{"out", OPT_OUT, 's', "Output the key to specified file"},
	92	{"rand", OPT_RAND, 's',
	93	"Load the file(s) into the random number generator"},
	94	{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
	95	{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
0f113f3e	96	# ifndef OPENSSL_NO_ENGINE
7e1b7485	97	{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
0f113f3e	98	# endif
7e1b7485 RS	99	{NULL}
	100	};
	101
	102	int genrsa_main(int argc, char **argv)
	103	{
	104	BN_GENCB *cb = BN_GENCB_new();
3b061a00	105	PW_CB_DATA cb_data;
7e1b7485 RS	106	ENGINE *e = NULL;
	107	BIGNUM *bn = BN_new();
	108	BIO *out = NULL;
	109	RSA *rsa = NULL;
0f113f3e	110	const EVP_CIPHER *enc = NULL;
3b061a00	111	int ret = 1, non_fips_allow = 0, num = DEFBITS, private = 0;
0f113f3e	112	unsigned long f4 = RSA_F4;
7e1b7485	113	char outfile = NULL, passoutarg = NULL, *passout = NULL;
333b070e	114	char inrand = NULL, prog, hexe, dece;
7e1b7485	115	OPTION_CHOICE o;
348d0d14	116
7e1b7485 RS	117	if (!bn \|\| !cb)
7e1b7485 RS	118	goto end;
348d0d14	119
0f113f3e	120	BN_GENCB_set(cb, genrsa_cb, bio_err);
d02b48c6	121
7e1b7485 RS	122	prog = opt_init(argc, argv, genrsa_options);
	123	while ((o = opt_next()) != OPT_EOF) {
	124	switch (o) {
	125	case OPT_EOF:
	126	case OPT_ERR:
	127	BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
	128	goto end;
	129	case OPT_HELP:
	130	ret = 0;
	131	opt_help(genrsa_options);
	132	goto end;
	133	case OPT_3:
0f113f3e	134	f4 = 3;
7e1b7485 RS	135	break;
7e1b7485 RS	136	case OPT_F4:
0f113f3e	137	f4 = RSA_F4;
7e1b7485 RS	138	break;
7e1b7485 RS	139	case OPT_NON_FIPS_ALLOW:
0f113f3e	140	non_fips_allow = 1;
0f113f3e	141	break;
7e1b7485 RS	142	case OPT_OUT:
	143	outfile = opt_arg();
	144	case OPT_ENGINE:
333b070e	145	e = setup_engine(opt_arg(), 0);
7e1b7485 RS	146	break;
	147	case OPT_RAND:
	148	inrand = opt_arg();
	149	break;
	150	case OPT_PASSOUT:
	151	passoutarg = opt_arg();
	152	break;
	153	case OPT_CIPHER:
	154	if (!opt_cipher(opt_unknown(), &enc))
	155	goto end;
	156	break;
	157	}
0f113f3e	158	}
7e1b7485 RS	159	argc = opt_num_rest();
7e1b7485 RS	160	argv = opt_rest();
3b061a00	161	private = 1;
a3fe382e	162
7e1b7485 RS	163	if (argv[0] && (!opt_int(argv[0], &num) \|\| num <= 0))
7e1b7485 RS	164	goto end;
a3fe382e	165
7e1b7485	166	if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
0f113f3e	167	BIO_printf(bio_err, "Error getting password\n");
7e1b7485	168	goto end;
0f113f3e	169	}
5270e702	170
296f54ee RL	171	if (!app_load_modules(NULL))
	172	goto end;
	173
3b061a00	174	out = bio_open_owner(outfile, "w", private);
7e1b7485 RS	175	if (out == NULL)
7e1b7485 RS	176	goto end;
d02b48c6	177
7e1b7485	178	if (!app_RAND_load_file(NULL, 1) && inrand == NULL
0f113f3e MC	179	&& !RAND_status()) {
	180	BIO_printf(bio_err,
	181	"warning, not much extra random data, consider using the -rand option\n");
	182	}
	183	if (inrand != NULL)
	184	BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
	185	app_RAND_load_files(inrand));
d02b48c6	186
0f113f3e MC	187	BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
0f113f3e MC	188	num);
333b070e	189	rsa = e ? RSA_new_method(e) : RSA_new();
0f113f3e	190	if (!rsa)
7e1b7485	191	goto end;
0f113f3e MC	192
	193	if (non_fips_allow)
	194	rsa->flags \|= RSA_FLAG_NON_FIPS_ALLOW;
645532b9	195
0f113f3e	196	if (!BN_set_word(bn, f4) \|\| !RSA_generate_key_ex(rsa, num, bn, cb))
7e1b7485	197	goto end;
dc03504d	198
7e1b7485	199	app_RAND_write_file(NULL);
d02b48c6	200
0f113f3e MC	201	hexe = BN_bn2hex(rsa->e);
	202	dece = BN_bn2dec(rsa->e);
	203	if (hexe && dece) {
	204	BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe);
	205	}
25aaa98a RS	206	OPENSSL_free(hexe);
25aaa98a RS	207	OPENSSL_free(dece);
3b061a00 RS	208	cb_data.password = passout;
	209	cb_data.prompt_info = outfile;
	210	assert(private);
	211	if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
	212	(pem_password_cb *)password_callback,
	213	&cb_data))
	214	goto end;
d02b48c6	215
0f113f3e	216	ret = 0;
7e1b7485	217	end:
23a1d5e9 RS	218	BN_free(bn);
23a1d5e9 RS	219	BN_GENCB_free(cb);
d6407083	220	RSA_free(rsa);
ca3a82c3	221	BIO_free_all(out);
b548a1f1	222	OPENSSL_free(passout);
0f113f3e MC	223	if (ret != 0)
0f113f3e MC	224	ERR_print_errors(bio_err);
7e1b7485	225	return (ret);
0f113f3e	226	}
d02b48c6	227
6d23cf97	228	static int genrsa_cb(int p, int n, BN_GENCB *cb)
0f113f3e MC	229	{
0f113f3e MC	230	char c = '*';
d02b48c6	231
0f113f3e MC	232	if (p == 0)
	233	c = '.';
	234	if (p == 1)
	235	c = '+';
	236	if (p == 2)
	237	c = '*';
	238	if (p == 3)
	239	c = '\n';
	240	BIO_write(BN_GENCB_get_arg(cb), &c, 1);
	241	(void)BIO_flush(BN_GENCB_get_arg(cb));
	242	return 1;
	243	}
	244	#else /* !OPENSSL_NO_RSA */
752d706a BL	245
752d706a BL	246	# if PEDANTIC
0f113f3e	247	static void *dummy = &dummy;
752d706a BL	248	# endif
752d706a BL	249
f5d7a031	250	#endif